Bug 176813 - CVE-2005-4605 Kernel memory disclosure
CVE-2005-4605 Kernel memory disclosure
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
4
All Linux
medium Severity high
: ---
: ---
Assigned To: Dave Jones
Brian Brock
reported=20051230,source=fulldisclosu...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-01-03 04:13 EST by Mark J. Cox (Product Security)
Modified: 2015-01-04 17:24 EST (History)
2 users (show)

See Also:
Fixed In Version: FEDORA-2006-013
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-03 03:43:32 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2006-01-03 04:13:27 EST
+++ This bug was initially created as a clone of Bug #176812 +++

Reported to full-disclosure was a flaw said to allow kernel memory to be
disclosed to untrusted local users.  This was verified by Solar Designer and a
patch for the issue committed by Linus.

Original report:
http://marc.theaimsgroup.com/?l=full-disclosure&m=113535380422339

Fix:
http://linux.bkbits.net:8080/linux-2.6/cset@43b562ae6hJGLWZA4TNf2k-RzXnVlQ

(See cloned bug for non-public reproducer)
Comment 1 Dave Jones 2006-01-04 00:29:10 EST
fixed in cvs, will go out in the next fc4 update.
Comment 2 Dave Jones 2006-02-03 00:36:42 EST
This is a mass-update to all currently open kernel bugs.

A new kernel update has been released (Version: 2.6.15-1.1830_FC4)
based upon a new upstream kernel release.

Please retest against this new kernel, as a large number of patches
go into each upstream release, possibly including changes that
may address this problem.

This bug has been placed in NEEDINFO_REPORTER state.
Due to the large volume of inactive bugs in bugzilla, if this bug is
still in this state in two weeks time, it will be closed.

Should this bug still be relevant after this period, the reporter
can reopen the bug at any time. Any other users on the Cc: list
of this bug can request that the bug be reopened by adding a
comment to the bug.

If this bug is a problem preventing you from installing the
release this version is filed against, please see bug 169613.

Thank you.

Note You need to log in before you can comment on or make changes to this bug.