Bug 466707 (CVE-2008-4554)
| Summary: | CVE-2008-4554 kernel: don't allow splice() to files opened with O_APPEND | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Eugene Teo (Security Response) <eteo> | ||||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | |||||||
| Severity: | high | Docs Contact: | |||||||
| Priority: | high | ||||||||
| Version: | unspecified | CC: | bhu, dhoward, jpirko, lgoncalv, lwang, pstyles, williams | ||||||
| Target Milestone: | --- | Keywords: | Security | ||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2010-12-21 17:47:56 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | 466708, 466709, 466710 | ||||||||
| Bug Blocks: | |||||||||
| Attachments: |
|
||||||||
|
Description
Eugene Teo (Security Response)
2008-10-13 06:02:22 UTC
Proposed upstream patch: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=efc968d450e013049a662d22727cf132618dcb2f Created attachment 320167 [details]
Upstream patch for this issue
Created attachment 320170 [details]
Proposed backport patch for realtime kernel
MRG: patch added to kernel -85 kernel-2.6.26.6-49.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. This was addressed via: Red Hat Enterprise Linux version 5 (RHSA-2008:1017) MRG Realtime for RHEL 5 Server (RHSA-2009:0009) |