A flaw when freeing a pointer in load_elf_library was discovered. A local user could potentially use this flaw to cause a denial of service (crash). See discussion at: http://www.uwsg.iu.edu/hypermail/linux/kernel/0503.2/0603.html Fixed upstream (note important 2nd fix for 2.4) fixed=2.6 (20050325 http://linux.bkbits.net:8080/linux-2.6/cset@4244bffczprEXYXBhd4oTqo8WoMTGQ fixed=2.4 (20050325 http://linux.bkbits.net:8080/linux-2.4/cset@4244930dPN44h62CZtM0P-qXoOI-7A fixed=2.4 (20050326 http://linux.bkbits.net:8080/linux-2.4/cset@424581efkFnFr5llhjjaiNnTmuS88Q
Created attachment 112695 [details] proposed fix for load_elf_library() The patch above was posted for review on 4-Apr-2005.
A fix for this problem has just been committed to the RHEL3 E5 patch pool this evening (in kernel version 2.4.21-27.0.3.EL).
A fix for this problem has also been committed to the RHEL3 U5 patch pool this evening (in kernel version 2.4.21-32.EL).
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-293.html
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-294.html