|Main Archive Page > Month Archives > ubuntu-hardened archives|
On Thu, Mar 14, 2013 at 02:56:45PM +0100, Daniel Curtis wrote:
> I would like to know if CVE-2013-1773 vulnerability is fixed
> in e.g. 3.2.0-38 kernel (Ubuntu 12.04)? I'm asking because this issue
> (buffer overflow) was found in Linux kernels before 3.3.
> This problem allows "*local users to gain privileges or cause
> a denial of service (system crash) via a VFAT write operation
> on a filesystem with the utf8 mount option, which is not properly
> handled during UTF-8 to UTF-16 conversion*."
> On a system where disk/images can be auto-mounted or a FAT
> filesystem is mounted, then unprivileged user can gain root
> privileges. So, is it fixed?
We support many kernels over many series, so the answer can sometimes
be complicated. In this case, it's fair to say "mostly fixed":
There are some specific linux kernel packages that aren't yet updated,
but the majority of users should have the fix installed by now.
-- ubuntu-hardened mailing list firstname.lastname@example.org https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened