pending stable kernel security updates

Tim Gardner tcanonical at
Wed Jul 2 13:21:53 UTC 2008

Tim Gardner wrote:
> Kees Cook wrote:
>> On Mon, Jun 23, 2008 at 10:49:39PM -0700, Kees Cook wrote:
>>> Hello!  I've got more pending kernel updates waiting in the
>>> ubuntu-security git trees now:
>> Here's an update, given the 4 recently-public CVEs.  Current state of
>> the CVEs, where "pending" means the fix is in the corresponding
>> ubuntu-security git repo:
>>                        dapper         feisty          gutsy          hardy
>> CVE-2007-6282         pending        pending        pending        pending
>> CVE-2007-6712    not-affected        pending        pending   not-affected
>> CVE-2008-0598    needs-triage   needs-triage   needs-triage   not-affected
>> CVE-2008-1615         pending        pending        pending        pending
>> CVE-2008-1673         pending        pending        pending        pending
>> CVE-2008-2136         pending        pending        pending        pending
>> CVE-2008-2137         pending        pending        pending        pending
>> CVE-2008-2148    not-affected   not-affected        pending        pending
>> CVE-2008-2358    not-affected        pending        pending        pending
>> CVE-2008-2372    not-affected   not-affected   not-affected         needed
>> CVE-2008-2729         pending   not-affected   not-affected   not-affected
>> CVE-2008-2750    not-affected   not-affected   not-affected        pending
>> CVE-2008-2826         pending        pending        pending        pending
>> I will likely ignore CVE-2008-2372, as I don't think it's actually a
>> vulnerability.  What I now need help with is CVE-2008-0598 and
>> CVE-2008-2729.  The changes are pretty different from release to
>> release.  Looking at other vendor's patches just make me feel even less
>> secure about doing the merges myself.  I think I have CVE-2008-2729
>> sorted out, but I'd to have the commit I used double-checked.
>> CVE-2008-0598
>>     and maybe 64649a58919e66ec21792dbb6c48cb3da22cbd7f
>> Thanks guys,
>> -Kees
> Kees - please pull CVE-2008-0598 for dapper/feisty/gutsy from:
> git:// master
> git:// master
> git:// master
> CVE-2008-2729 is kind of related, but different. Some of the symptoms
> appear similar. Backporting the copy_user assembler is going to be quite
> difficult. However, it has yet to land upstream.
> rtg

Kees - Please pull from

git:// master
git:// master
git:// master
git:// master

These are the fully packaged versions with correct changelog and ABI
files. The corresponding i386 and amd64 binary packages can be found at

If your boot and regression tests prove successful, then I think these
security updates are ready to be uploaded.

Tim Gardner tim.gardner at

More information about the kernel-team mailing list