Candidate: CVE-2007-4573 References: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=176df2457ef6207156ca1a40991c54ca01fef567 Description: Ubuntu-Description: Wojciech Purczynski discovered that the Linux kernel ia32 syscall emulation in x86_64 kernels did not correctly clear the high bits of registers. Local attackers could exploit this to gain root privileges. Notes: jmm> Fix in etch3 didn't fix the problem for Xen guests Bugs: upstream: released (2.6.22.7) linux-2.6: released (2.6.22-5) 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch4) [bugfix/amd64-zero-extend-32bit-ptrace.patch, bugfix/amd64-zero-extend-32bit-ptrace-xen.patch] 2.6.8-sarge-security: released (2.6.8-17sarge1) [amd64-zero-extend-32bit-ptrace.dpatch] 2.4.27-sarge-security: N/A 2.6.15-dapper-security: released (2.6.15-29.59) 2.6.17-edgy-security: released (2.6.17.1-12.41 bac7adb35e5a3630511249b4f1bbdaff3b574455) 2.6.20-feisty-security: released (2.6.20-16.32 1145a8797aa4994275922e9fde299e7bb115edf0)