Bug 112893
Summary: | CAN-2003-0984 rtc leaks | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Robert Scheck <redhat-bugzilla> | ||||
Component: | kernel | Assignee: | Arjan van de Ven <arjanv> | ||||
Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 1 | CC: | mitr, yeti | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2004-01-07 21:48:35 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Robert Scheck
2004-01-05 15:51:59 UTC
Fixed in 2.4.22-1.2138 You only fixed CAN-2003-0985 but I still can't find CAN-2003-0984 - either in changelog nor via grep through the patches. Isn't that patch important? > <trini:mvista.com>: > o /dev/rtc can leak parts of kernel memory to unpriviledged users CAN-2003-0984 is fixed in the Red Hat Kernels...why not in that one of Fedora Core? Created attachment 96776 [details]
The backported rtc patch for kernel-2.4.22-1.2138.nptl
Why is the rtc patch ported to the old Red Hat kernels but not to the Fedora
kernel? Forgotten? I only appendet my patch in the file
linux-2.4.24pre-selected-patches.patch
CAN-2003-0984 is a fairly minor issue (a few bytes of kernel memory can get leaked - although an attacker doesn't really have the ability to control which bytes). Leaving bug open until it gets fixed in some future update. Strange - I thought after the response from mjc, it isn't such important, but today there was 2.4.22-1.2140 released... Its fairly low impact, but a security issue nonetheless. |