Bug 629241 - CVE-2010-3448 kernel: thinkpad-acpi: lock down video output state access [rhel-5.5.z]
Summary: CVE-2010-3448 kernel: thinkpad-acpi: lock down video output state access [rhe...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.6
Hardware: All
OS: Linux
high
medium
Target Milestone: rc
: ---
Assignee: Jiri Pirko
QA Contact: Red Hat Kernel QE team
URL:
Whiteboard:
: 652123 (view as bug list)
Depends On: 607037
Blocks: CVE-2010-3448
TreeView+ depends on / blocked
 
Reported: 2010-09-01 12:05 UTC by RHEL Program Management
Modified: 2015-05-05 01:20 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-11-09 18:08:43 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0839 0 normal SHIPPED_LIVE Moderate: kernel security and bug fix update 2010-11-09 18:06:20 UTC

Description RHEL Program Management 2010-09-01 12:05:06 UTC
This bug has been copied from bug #607037 and has been proposed
to be backported to 5.5 z-stream (EUS).

Comment 3 Jiri Pirko 2010-09-30 13:20:39 UTC
in kernel 2.6.18-194.19.1.el5

linux-2.6-acpi-thinkpad-acpi-lock-down-video-output-state-access.patch

Comment 7 errata-xmlrpc 2010-11-09 18:08:43 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2010-0839.html

Comment 8 Martin Prpič 2010-11-11 14:06:56 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
On certain ThinkPad models, reading video output controls could lead to a hard-crash of X.org. This update restricts access permissions to /proc/acpi/ibm/video in order to prevent the aforementioned crash.

Comment 9 Eugene Teo (Security Response) 2010-11-12 00:53:53 UTC
*** Bug 652123 has been marked as a duplicate of this bug. ***

Comment 10 Eugene Teo (Security Response) 2010-11-12 00:54:48 UTC
Deleted Technical Notes Contents.

Old Contents:
On certain ThinkPad models, reading video output controls could lead to a hard-crash of X.org. This update restricts access permissions to /proc/acpi/ibm/video in order to prevent the aforementioned crash.


Note You need to log in before you can comment on or make changes to this bug.