Linux kernel is vulnerable to an information leakage flaw. This occurs when a process calls routine - sigaction() - to access - sa_restorer - parameter. This parameter points to an address that belongs to its parent process' address space. A user could use this flaw to infer address layout of a process. Reference: ---------- -> https://lkml.org/lkml/2013/3/11/498 -> http://www.openwall.com/lists/oss-security/2013/03/11/8
Upstream fix ------------ -> http://www.spinics.net/lists/mm-commits/msg95304.html
Statement: This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 may address this issue.
Created kernel tracking bugs for this issue Affects: fedora-all [bug 920510]
(In reply to comment #1) > Upstream fix > ------------ > -> http://www.spinics.net/lists/mm-commits/msg95304.html That's the fix for 3.9. It's worth pointing out that __ARCH_HAS_SA_RESTORER was added in 3.9, so using that patch as-is on older kernels without that change will build but won't do anything. Using SA_RESTORER works for kernels older than 3.9-rcX. https://lkml.org/lkml/2013/3/11/545
kernel-3.8.3-201.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
kernel-3.8.3-103.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2013:0829 https://rhn.redhat.com/errata/RHSA-2013-0829.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:1034 https://rhn.redhat.com/errata/RHSA-2013-1034.html
This issue has been addressed in following products: OpenStack 3 for RHEL 6 Via RHSA-2013:1080 https://rhn.redhat.com/errata/RHSA-2013-1080.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1051 https://rhn.redhat.com/errata/RHSA-2013-1051.html