Bug 601006 (CVE-2010-2066)
Summary: | CVE-2010-2066 kernel: ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Eugene Teo (Security Response) <eteo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | arozansk, dhoward, esandeen, peterm, plyons, rkhan |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-19 09:12:13 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 601007, 601008, 601009 | ||
Bug Blocks: |
Description
Eugene Teo (Security Response)
2010-06-07 00:43:39 UTC
Acknowledgements: Red Hat would like to thank Dan Rosenberg for reporting this issue. Statement: This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include support for the Ext4 filesystem. A future kernel update in Red Hat Enterprise Linux 5 will address this issue. Also see, http://www.gossamer-threads.com/lists/linux/kernel/1235423, but the regression don't look related. (In reply to comment #4) > Also see, http://www.gossamer-threads.com/lists/linux/kernel/1235423, but the > regression don't look related. Right, that ended up being a mis-reported issue. The patch at hand is not implicated in the user's problems. See http://www.gossamer-threads.com/lists/linux/kernel/1235623#1235623 Fixed in 2.6.33.6 and 2.6.34.1 by: ext4-make-sure-the-move_ext-ioctl-can-t-overwrite-append-only-files.patch Not yet fixed in 2.6.32-stable. kernel-2.6.32.16-150.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0610 https://rhn.redhat.com/errata/RHSA-2010-0610.html |