Description of problem: Sometimes ax25_getname() doesn't initialize all members of fsa_digipeater field of fsa struct. This structure is then copied to userland. It leads to leaking of contents of kernel stack memory. We have to initialize them to zero. Reference: http://marc.info/?l=linux-netdev&m=128854507120898&w=2 http://seclists.org/oss-sec/2010/q4/94 Acknowledgements: Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Statement: This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not include support for Amateur Radio AX.25 protocol. This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Extended Life Cycle Phase of its maintenance life-cycle, where only qualified security errata of critical impact are addressed. For further information about the Errata Support Policy, visit: http://www.redhat.com/security/updates/errata
Upstream commit: http://git.kernel.org/linus/fe10ae53384e48c51996941b7720ee16995cbcb7