Date: Mon, 07 Sep 2009 11:32:29 +0800 From: Eugene Teo <eugeneteo@...nel.sg> To: oss-security@...ts.openwall.com CC: Willy Tarreau <w@....eu>, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE request: kernel: tc: uninitialised kernel memory leak Solar Designer wrote: > On Thu, Sep 03, 2009 at 11:45:03AM +0800, Eugene Teo wrote: >> Three bytes of uninitialised kernel memory are currently leaked to user. >> >> http://patchwork.ozlabs.org/patch/32830/ >> https://bugzilla.redhat.com/show_bug.cgi?id=520990 > > 2.4 kernels appear to be affected as well, and moreover they appear to > require at least some of these older fixes as well: > > http://marc.info/?l=git-commits-head&m=112002138324380 This is commit 9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8. And linux-2.4.37.y needs the following two patches too: [NETLINK]: Clear padding in netlink messages b3563c4fbff906991a1b4ef4609f99cca2a0de6a [NETLINK]: Missing padding fields in dumped structures 8a47077a0b5aa2649751c46e7a27884e6686ccbf Thanks, Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.