Red Hat Bugzilla – Bug 177136
CVE-2006-0095 dm-crypt key leak
Last modified: 2007-11-30 17:07:22 EST
dm-crypt in Linux kernel 2.6.15 and earlier does not clear a
structure before it is freed, which leads to a memory
disclosure that could allow local users to obtain sensitive
information about a cryptographic key.
More details and the straightforward patch are here:
Created attachment 123055 [details]
Upstream patch, applies cleanly to RHEL4 tree, straightforward.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.