Bug 188935
Summary: | CVE-2006-0741 kernel DoS issue | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | James Kosin <jkosin> | ||||||
Component: | kernel | Assignee: | Fedora Legacy Bugs <bugs> | ||||||
Status: | CLOSED DUPLICATE | QA Contact: | |||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | unspecified | CC: | deisenst | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | ia64 | ||||||||
OS: | Linux | ||||||||
URL: | http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=e5a190da220758a739a31189440669c37fcd9773 | ||||||||
Whiteboard: | LEGACY | ||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2006-07-24 22:21:36 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
James Kosin
2006-04-13 19:07:24 UTC
Created attachment 127720 [details] Patch for CVE-2006-0741 Thanks for posting this here, James, and for the patch. The CVE says, "Linux kernel before 2.6.15.5, when running on Intel processors, allows local users to cause a denial of service ('endless recursive fault') via unknown attack vectors related to a 'bad elf entry address.'" Is this an x86_64-only condition?? Am noticing that the patch is for the x86_64 architecture kernel directory... Potentially affects legacy kernels: Distro i386? x86_64? Package --------- ----- ------- ------------------------------ RHL7.3 X kernel-2.4.20-46.7.legacy RHL9 X kernel-2.4.20-46.9.legacy FC1 X kernel-2.4.22-1.2199.8.legacy.nptl FC2 X kernel-2.6.10-2.3.legacy_FC2 FC3 X X kernel-2.6.12-2.3.legacy_FC3 If this is i386 and x86_64, then it affects all distros we support. If it's x86_64 only, then it affects only FC3, as Legacy doesn't support x86_64 packages for any other distros... Hmmm.... It may be a security issue if anyone builds their own kernel for x86_64 on the platforms that legacy only ships i386 packages for. From the sources provided by such packages. It is just for x86_64 though. The file patched is in that directory. --James The author is still working on the issue. I've attached another ammended patch to help fix the issue. Created attachment 128037 [details] Ammended patch for CVE-2006-0741 This patch goes with the last patch. We can build a single patch when complete. |