{"id":809781,"url":"http://patchwork.ozlabs.org/api/1.0/covers/809781/?format=json","project":{"id":15,"url":"http://patchwork.ozlabs.org/api/1.0/projects/15/?format=json","name":"Ubuntu Kernel","link_name":"ubuntu-kernel","list_id":"kernel-team.lists.ubuntu.com","list_email":"kernel-team@lists.ubuntu.com","web_url":null,"scm_url":null,"webscm_url":null},"msgid":"<20170904175434.7071-1-kleber.souza@canonical.com>","date":"2017-09-04T17:54:32","name":"[Trusty,SRU,0/2] Fix for CVE-2016-10044","submitter":{"id":71419,"url":"http://patchwork.ozlabs.org/api/1.0/people/71419/?format=json","name":"Kleber Sacilotto de Souza","email":"kleber.souza@canonical.com"},"series":[{"id":1436,"url":"http://patchwork.ozlabs.org/api/1.0/series/1436/?format=json","date":"2017-09-04T17:54:32","name":"Fix for CVE-2016-10044","version":1,"mbox":"http://patchwork.ozlabs.org/series/1436/mbox/"}],"headers":{"Return-Path":"<kernel-team-bounces@lists.ubuntu.com>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com\n\t(client-ip=91.189.94.19; helo=huckleberry.canonical.com;\n\tenvelope-from=kernel-team-bounces@lists.ubuntu.com;\n\treceiver=<UNKNOWN>)","Received":["from huckleberry.canonical.com (huckleberry.canonical.com\n\t[91.189.94.19])\n\tby ozlabs.org (Postfix) with ESMTP id 3xmHYK5nCDz9t3p;\n\tTue,  5 Sep 2017 03:54:45 +1000 (AEST)","from localhost ([127.0.0.1] helo=huckleberry.canonical.com)\n\tby huckleberry.canonical.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1dova2-0006RO-JF; Mon, 04 Sep 2017 17:54:38 +0000","from youngberry.canonical.com ([91.189.89.112])\n\tby huckleberry.canonical.com with esmtps\n\t(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)\n\t(Exim 4.86_2) (envelope-from <kleber.souza@canonical.com>)\n\tid 1dova1-0006R2-5D\n\tfor kernel-team@lists.ubuntu.com; Mon, 04 Sep 2017 17:54:37 +0000","from mail-wr0-f199.google.com ([209.85.128.199])\n\tby youngberry.canonical.com with esmtps\n\t(TLS1.0:RSA_AES_128_CBC_SHA1:16)\n\t(Exim 4.76) (envelope-from <kleber.souza@canonical.com>)\n\tid 1dova0-0005OP-UM\n\tfor kernel-team@lists.ubuntu.com; Mon, 04 Sep 2017 17:54:36 +0000","by mail-wr0-f199.google.com with SMTP id 40so1315741wrv.4\n\tfor <kernel-team@lists.ubuntu.com>;\n\tMon, 04 Sep 2017 10:54:36 -0700 (PDT)","from localhost ([2a02:8109:a540:7e8:b446:acfd:5411:b887])\n\tby smtp.gmail.com with ESMTPSA id\n\ty1sm2311987edl.12.2017.09.04.10.54.35\n\tfor <kernel-team@lists.ubuntu.com>\n\t(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);\n\tMon, 04 Sep 2017 10:54:35 -0700 (PDT)"],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:subject:date:message-id;\n\tbh=VpSxSxTmJMZKtXZkFzGAp58f8yIrVbOrCU1W4dPmJUg=;\n\tb=U6+f4L8Is7GEoLrmkRJvQQAMMDJmiWz5y6HyNIKRbbSiWYqzWRgmXXFNgh9Js4olr4\n\t9h98Uz+yO2AHG1VRI63ldfoPYjPWHzseN5wP9GgVrxP5nC7kGmic4RdWWlupjBxO9CMy\n\tAHouiTWZggMRtNKWhDdpqy6f2+wxr2zVoq8QblW2UlKMjATBTaapriyoxQEYNxSgLj4U\n\t5klkxuPmEbwlPM4Z9cHwXQRDV12VPOSqmfElGTsUMC9TN5l2PtDQBDeInMsdriNb/9pV\n\tg/K3M8avprVMLrnoyVPjMx0uoFG3/PhqV1ON71fVj0WrcFlpFAHwaxqX2UdzgTLrtxRs\n\t4OYA==","X-Gm-Message-State":"AHPjjUhj+e2kqvJBL/sO797o3KoozUt/zVrPXHumaQGcgljW/hNBCsEa\n\tAsYP1mQoKMSvnD5sFPIUpsmOPDihD0kfzMDQOu4JfBKlxsD5pr7+cQPhXg575d/MfAlTcQyp0hq\n\txJsyS/EOyMnl3KPZjduaMECy8gzOYNM4E","X-Received":["by 10.80.134.181 with SMTP id r50mr1148086eda.21.1504547676380; \n\tMon, 04 Sep 2017 10:54:36 -0700 (PDT)","by 10.80.134.181 with SMTP id r50mr1148080eda.21.1504547676224; \n\tMon, 04 Sep 2017 10:54:36 -0700 (PDT)"],"X-Google-Smtp-Source":"ADKCNb5krMJpUGGaZTaH6BDF+ASKh61c9filWDZnsVpqaovpYVCe2PCTPsgPFDZdmt3eQ9ppnOvhjw==","From":"Kleber Sacilotto de Souza <kleber.souza@canonical.com>","To":"kernel-team@lists.ubuntu.com","Subject":"[Trusty SRU][PATCH 0/2] Fix for CVE-2016-10044","Date":"Mon,  4 Sep 2017 19:54:32 +0200","Message-Id":"<20170904175434.7071-1-kleber.souza@canonical.com>","X-Mailer":"git-send-email 2.14.1","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions <kernel-team.lists.ubuntu.com>","List-Unsubscribe":"<https://lists.ubuntu.com/mailman/options/kernel-team>,\n\t<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>","List-Archive":"<https://lists.ubuntu.com/archives/kernel-team>","List-Post":"<mailto:kernel-team@lists.ubuntu.com>","List-Help":"<mailto:kernel-team-request@lists.ubuntu.com?subject=help>","List-Subscribe":"<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n\t<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"base64","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"},"content":"Fixes for CVE-2016-10044 for Trusty, the only currently supported\nseries that still needs the fix.\n\nThe first patch needed to be backported as well as prerequisite,\nsince it's where the SB_I_NOEXEC flag and the enforcement for\nnon-executable files on proc and sysfs was introduced.\n\nThe second patch is the one that actually fixes the CVE. It\nneeded a small change since 8dc4379 (aio: use the macro rather\nthan the inline magic number) is missing on Trusty, so I just\nreplaced the inline by the macro on the backport.\n\nThe fix was tested with the testcase from the commit message of\nthe second patch.\n\nJann Horn (1):\n  aio: mark AIO pseudo-fs noexec\n\n fs/aio.c | 7 ++++++-\n 1 file changed, 6 insertions(+), 1 deletion(-)"}