126415 – CAN-2004-0415 file offset pointer signedness issues

Bug 126415 - CAN-2004-0415 file offset pointer signedness issues

Summary: CAN-2004-0415 file offset pointer signedness issues

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 2.1
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	2.1
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jason Baron
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-06-21 11:22 UTC by Mark J. Cox
Modified:	2013-03-06 05:57 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-08-03 21:48:15 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2004:418	0	high	SHIPPED_LIVE	Important: kernel security update	2004-08-03 04:00:00 UTC

Description Mark J. Cox 2004-06-21 11:22:08 UTC

Embargoed until Jun29 1600 MEST

isec.pl reported on May24 file offset pointer vulnerabilities allowing
read of kernel memory.  They noted "dozens of places" with vulnerable
code and gave poc based on MTRR race.

Comment 2 Mark J. Cox 2004-07-23 07:48:14 UTC

Due to the complexity of the issue and fixes the embargo has been
moved, currently set at Aug 3rd at 1700 UTC

Comment 3 Mark J. Cox 2004-08-03 18:01:00 UTC

Removing embargo; errata in progress

Comment 4 Mark J. Cox 2004-08-03 21:48:15 UTC

An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-418.html

Note You need to log in before you can comment on or make changes to this bug.