pending stable kernel security updates
Tim Gardner
tcanonical at tpi.com
Tue Jun 24 14:45:38 UTC 2008
Kees Cook wrote:
> Hello! I've got more pending kernel updates waiting in the
> ubuntu-security git trees now:
>
> dapper feisty gutsy hardy
> CVE-2007-6282: pending pending pending pending
> CVE-2008-1615: needed needed needed needed
> CVE-2008-1673: pending pending pending pending
> CVE-2008-2136: pending pending pending pending
> CVE-2008-2137: pending pending pending pending
> CVE-2008-2148: N/A N/A pending pending
> CVE-2008-2358: N/A pending pending pending
> CVE-2008-2750: N/A N/A N/A pending
>
> I need help with CVE-2008-1615: the code has changed a lot between
> revisions, has been touched by the virt bits, and is pretty non-obvious
> to me.
>
> I'd like to publish as soon as possible after 8.04.1 is released. To
> that end, can someone start build and boot testing? None of the patches
> looked like ABI bumpers.
>
> Thanks,
>
> -Kees
>
Kees - As far as I can tell CVE-2008-1615 does not apply to
Dapper/Feisty/Gutsy/Hardy. See
https://bugzilla.redhat.com/show_bug.cgi?id=431430
The issue was introduced with commit
72fe4858544292ad64600765cb78bc02298c6b1c which was during the 2.6.25
merge window. The key is that the definition of 'iret_label' was
changed, i.e., it lost its alignment statement:
- .quad iret_label,bad_iret
+ .quad native_iret, bad_iret
Yet the interrupt return code later on continued to use 'iret_label'
which is now unaligned (a bad thing):
leaq iret_label(%rip),%rbp
You can also read Roland McGrath's somewhat caustic commit log entry in
a57dae3aa4d00a000b5bac4238025438204c78b2 if you are in need of some humor.
rtg
--
Tim Gardner tim.gardner at ubuntu.com
More information about the kernel-team
mailing list