Bug 127918 - CAN-2004-0685 usb sparse fixes in 2.4
CAN-2004-0685 usb sparse fixes in 2.4
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Pete Zaitcev
Brian Brock
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-15 07:57 EDT by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:07 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-12-02 06:37:19 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
updated USB driver data leak patch (1.15 KB, patch)
2004-08-31 19:00 EDT, Ernie Petrides
no flags Details | Diff

  None (edit)
Description Mark J. Cox (Product Security) 2004-07-15 07:57:03 EDT
Back in October 2003 Arnaldo commited some fixes prior to 2.6 for some
leaking info to userspace in the usb drivers:
http://linux.bkbits.net:8080/linux-2.6/cset@3f986b35LyBKc-OxB8G6k22oOjgYTQ

The corresponding changes have not been commited to 2.4, or included in
the previous sparse fixes.  So I've assigned them CAN-2004-0685 (for 2.4
only, as they were fixed before 2.6.0).   Treat as public.
Comment 1 Mark J. Cox (Product Security) 2004-07-28 06:40:55 EDT
Now fixed upstream, see
http://linux.bkbits.net:8080/linux-2.4/cset@410582380U3H9KOx8J2YZmMT0bhXQw
Comment 2 Ernie Petrides 2004-08-31 19:00:30 EDT
Created attachment 103320 [details]
updated USB driver data leak patch

Pete, I'll take care of this in the next U4 build, since Mark
was kind enough to post a patch to rhkernel-list (15-Jul-2004).
Mark, I'm dropping 2 of the original patch hunks because they
are unnecessary (in view of the strncpy() fixes made in U2),
and I've tweaked the remaining 3 hunks to zero only the
unassigned data fields.
Comment 3 Ernie Petrides 2004-09-01 22:46:07 EDT
The changes in comment #2 have just been committed to the RHEL3 U4
patch pool this evening (in kernel version 2.4.21-20.2.EL).
Comment 4 Ernie Petrides 2004-11-24 20:22:18 EST
The fix for this problem has also been committed to the RHEL3 E4
patch pool this evening (in kernel version 2.4.21-20.0.1.EL).
Comment 5 Mark J. Cox (Product Security) 2004-12-02 06:37:19 EST
http://rhn.redhat.com/errata/RHSA-2004-549.html

Note You need to log in before you can comment on or make changes to this bug.