Quote from http://patchwork.ozlabs.org/patch/35412/: Commit 9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8 introduced a typo in initialization.
Incomplete fix for CVE-2005-4881.
Official upstream patch, now in 2.6.32-rc5: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=ad61df918c44316940404891d5082c63e79c256a
kernel-2.6.30.9-90.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/kernel-2.6.30.9-90.fc11
MITRE's CVE-2009-3612 record: ----------------------------- The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881. References: ----------- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad61df918c44316940404891d5082c63e79c256a http://patchwork.ozlabs.org/patch/35412/ http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc5
This was fixed in 89.0.15 as a typo fix for bz521602 (CVE-2005-4881). Changelog will be actualized in next 4.8.z build.
Sorry, comment was intened for 4.8.z bz :(
kernel-2.6.30.9-90.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: MRG for RHEL-5 Via RHSA-2009:1540 https://rhn.redhat.com/errata/RHSA-2009-1540.html
kernel-2.6.27.38-170.2.113.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/kernel-2.6.27.38-170.2.113.fc10
kernel-2.6.27.38-170.2.113.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1670 https://rhn.redhat.com/errata/RHSA-2009-1670.html