Description of problem: [SCSI] gdth: Prevent negative offsets in ioctl CVE-2009-3080 A negative offset could be used to index before the event buffer and lead to a security breach. This issue affects the Linux kernel as shipped in Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG. Upstream commit: http://git.kernel.org/linus/690e744869f3262855b83b4fb59199cf142765b0
Fixed in upstream kernels 2.6.27.40 and 2.6.31.7
kernel-2.6.27.41-170.2.117.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/kernel-2.6.27.41-170.2.117.fc10
kernel-2.6.27.41-170.2.117.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
Added myself to the cc'd list
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0046 https://rhn.redhat.com/errata/RHSA-2010-0046.html
This issue has been addressed in following products: MRG for RHEL-5 Via RHSA-2010:0041 https://rhn.redhat.com/errata/RHSA-2010-0041.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0076 https://rhn.redhat.com/errata/RHSA-2010-0076.html
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Extended Lifecycle Support Via RHSA-2010:0882 https://rhn.redhat.com/errata/RHSA-2010-0882.html