Bug 868285 (CVE-2012-4530)
Summary: | CVE-2012-4530 kernel: stack disclosure in binfmt_script load_script() | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Prasad Pandit <ppandit> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | agordeev, anton, bhu, davej, dhoward, fhrbata, gansalmon, iboverma, itamar, jforbes, jkacur, jneedle, jonathan, jpoimboe, jrusnack, jwboyer, kernel-maint, kernel-mgr, lgoncalv, lwang, madhu.chinakonda, mcressma, plougher, pmatouse, rt-maint, sforsber, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-03-29 07:13:37 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 880145, 880146, 880147, 880153, 880154 | ||
Bug Blocks: | 866868 |
Description
Prasad Pandit
2012-10-19 12:15:55 UTC
Statement: This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5. This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6. This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2. This has been assigned the name CVE-2012-4530. Upstream patches [1] and [2] together fix this flaw of memory disclosure. [1] http://www.spinics.net/lists/mm-commits/msg92245.html [2] http://www.spinics.net/lists/mm-commits/msg92433.html References: - https://lkml.org/lkml/2012/11/18/142 Created kernel tracking bugs for this issue Affects: fedora-all [bug 880147] kernel-3.6.8-2.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. kernel-3.6.9-4.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. kernel-3.6.10-2.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. In a surprising development, the patch returning -ELOOP to end the inadvertent recursions was removed from the -mm tree. -> http://www.spinics.net/lists/mm-commits/msg93063.html Which means the issue still persists. (In reply to comment #10) > In a surprising development, the patch returning -ELOOP to end the > inadvertent recursions was removed from the -mm tree. > > -> http://www.spinics.net/lists/mm-commits/msg93063.html > > Which means the issue still persists. Huh? "This patch was dropped because it was merged into mainline or a subsystem tree" am I missing something here? (In reply to comment #11) > (In reply to comment #10) > > In a surprising development, the patch returning -ELOOP to end the > > inadvertent recursions was removed from the -mm tree. > > > > -> http://www.spinics.net/lists/mm-commits/msg93063.html > > > > Which means the issue still persists. > > Huh? "This patch was dropped because it was merged into mainline or a > subsystem tree" > > am I missing something here? No. Prasad and I discussed this already in the Fedora bug. It's fixed in Fedora and upstream. https://bugzilla.redhat.com/show_bug.cgi?id=880147#c14 (In reply to comment #12) > (In reply to comment #11) > > (In reply to comment #10) > > > In a surprising development, the patch returning -ELOOP to end the > > > inadvertent recursions was removed from the -mm tree. > > > > > > -> http://www.spinics.net/lists/mm-commits/msg93063.html > > > > > > Which means the issue still persists. > > > > Huh? "This patch was dropped because it was merged into mainline or a > > subsystem tree" > > > > am I missing something here? > > No. Prasad and I discussed this already in the Fedora bug. It's fixed in > Fedora and upstream. > > https://bugzilla.redhat.com/show_bug.cgi?id=880147#c14 Ok, I see that now. However, two commits are referred to, one is upstream, and the other is still -mm as far as I can tell, is the upstream one enough to fix the problem, or do we need both? We need both. The second commit is on its way to upstream, will be there very soon. Actually, both patches have been committed upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b66c5984017533316fd1951770302649baf1aa33 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d740269867021faf4ce38a449353d2b986c34a67 (In reply to comment #15) > Actually, both patches have been committed upstream: > > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit; > h=b66c5984017533316fd1951770302649baf1aa33 > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit; > h=d740269867021faf4ce38a449353d2b986c34a67 thanks! This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0223 https://rhn.redhat.com/errata/RHSA-2013-0223.html This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2013:0566 https://rhn.redhat.com/errata/RHSA-2013-0566.html |