Bug 155361 - 20041216 ROSE ndigis verification (regression)
20041216 ROSE ndigis verification (regression)
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Kernel Maintainer List
Brian Brock
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-04-19 11:34 EDT by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-19 22:32:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2005-04-19 11:34:00 EDT
An error exists in ROSE due to missing verification of the ndigis argument of
new routes.  This was found by Coverity 20041216, rose_rt_ioctl.

http://linux.bkbits.net:8080/linux-2.6/cset@423114bcdthRtmtdS6MsZiBVvteGCg
http://linux.bkbits.net:8080/linux-2.4/cset@41e2cf515TpixcVQ8q8HvQvCv9E6zA

A fix for this issue was included in patch-2.6.10-ac8 and therefore our FC3
update on 20050110 fixes this issue.  However the FC3 update on 20050411 dropped
the patch, and the patch was not in upstream 2.6.11, therefore FC3 is currently
vulnerable to this issue again.
Comment 1 Dave Jones 2005-04-19 22:32:00 EDT
We don't build the hamradio stuff in FC3.


Note You need to log in before you can comment on or make changes to this bug.