Bug 806722 (CVE-2012-2123)
Summary: | CVE-2012-2123 kernel: fcaps: clear the same personality flags as suid when fcaps are used | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Eugene Teo (Security Response) <eteo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | anton, arozansk, bhu, dhoward, eparis, esandeen, fhrbata, jkacur, jkastner, lgoncalv, lwang, pmatouse, rt-maint, security-response-team, sforsber, sgrubb, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-04-05 08:03:05 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 806725, 806726, 806727, 814522, 814523 | ||
Bug Blocks: | 806718 |
Comment 13
Eugene Teo (Security Response)
2012-04-20 04:41:48 UTC
Upstream commit: http://git.kernel.org/linus/d52fc5dde171f030170a6cb78034d166b13c9445 Statement: This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4, and 5. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0670.html. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0743.html. Also from Steve, AFAIK, there are no packages we ship on RHEL6 that use file system based capabilities because rpm lacked the support at the time. But rpm might get upgraded and some package from Fedora becomes a RHEL6 rebase and then we have the problem. Or maybe the software stacks pulls one in. But we still want to fix it. Fedora 15 is where we started shipping packages that take advantage of the file system based capabilities. And since RHEL7-alpha is an import of F16/17, it certainly has the issue. Created kernel tracking bugs for this issue Affects: fedora-all [bug 814523] Added CVE as per http://www.openwall.com/lists/oss-security/2012/04/20/6 (In reply to comment #14) > Upstream commit: > http://git.kernel.org/linus/d52fc5dde171f030170a6cb78034d166b13c9445 You probably also want: http://git.kernel.org/linus/51b79bee627d526199b2f6a6bef8ee0c0739b6d1 to fix a non-x86 build error. kernel-3.3.2-8.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. kernel-3.3.2-6.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. kernel-2.6.43.2-6.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2012:0670 https://rhn.redhat.com/errata/RHSA-2012-0670.html This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0743 https://rhn.redhat.com/errata/RHSA-2012-0743.html |