Bug 698057 (CVE-2011-1598, CVE-2011-1748)
Summary: | CVE-2011-1598 CVE-2011-1748 kernel: missing check in can/bcm and can/raw socket releases | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Eugene Teo (Security Response) <eteo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | arozansk, bhu, dhoward, jkacur, kernel-mgr, kmcmartin, lgoncalv, lwang, rt-maint, sforsber, tcallawa, vdanen, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-29 12:40:17 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 698482, 698483, 698484 | ||
Bug Blocks: |
Description
Eugene Teo (Security Response)
2011-04-20 04:26:45 UTC
Reported by Oliver Hartkopp; can/raw release: http://permalink.gmane.org/gmane.linux.network/192974 Acknowledgements CVE-2011-1748: Red Hat would like to thank Oliver Hartkopp for reporting this issue. Statement: The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5 did not include support for the CAN protocol, and therefore are not affected by this issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0836.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. note that the two patches in comment 1 and comment 2 address two separate issues in the same protocol. Same bug, different code paths. Upstream commits: CVE-2011-1598 http://git.kernel.org/linus/c6914a6f261aca0c9f715f883a353ae7ff51fe83 CVE-2011-1748 http://git.kernel.org/linus/10022a6c66e199d8f61d9044543f38785713cbbd This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0836 https://rhn.redhat.com/errata/RHSA-2011-0836.html Acknowledgements CVE-2011-1598: (none) This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2011:1253 https://rhn.redhat.com/errata/RHSA-2011-1253.html |