** Changed in: linux-ti-omap4 (Ubuntu Oneiric)
Status: New => Fix Committed
** Description changed:
- Placeholder
+ The proc filesystem implementation in the Linux kernel 2.6.37 and earlier
+ does not restrict access to the /proc directory tree of a process after
+ this process performs an exec of a setuid program, which allows local users
+ to obtain sensitive information or cause a denial of service via open,
+ lseek, read, and write system calls.
+
+ Fixed-by: ca6b0bf0e086513b9ee5efc0aa5770ecb57778af
+ Fixed-by: ec6fd8a4355cda81cd9f06bebc048e83eb514ac7
+ Fixed-by: d6f64b89d7ff22ce05896ab4a93a653e8d0b123d
+ Fixed-by: 2fadaef41283aad7100fa73f01998cddaca25833
+ Fixed-by: a9712bc12c40c172e393f85a9b2ba8db4bf59509
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/813026
Title:
CVE-2011-1020
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/813026/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
