Description of problem: The old shm interface allows unprivileged users to read uninitialized stack memory, because shmid_ds structure declared on the stack is not altered or zeroed before being copied back to the user. Reference: http://www.openwall.com/lists/oss-security/2010/10/07/1 http://lkml.org/lkml/2010/10/6/454 Acknowledgements: Red Hat would like to thank Vasiliy Kulikov of Openwall and Kees Cook for reporting this issue.
Statement: This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Extended Life Cycle Phase of its maintenance life-cycle, where only qualified security errata of critical impact are addressed. For further information about the Errata Support Policy, visit: http://www.redhat.com/security/updates/errata
Upstream commit: http://git.kernel.org/linus/3af54c9bd9e6f14f896aac1bb0e8405ae0bc7a44
Thanks, picked this up for Fedora (since it also seems missing from the latest stable.)
This issue has been addressed in following products: MRG for RHEL-5 Via RHSA-2010:0958 https://rhn.redhat.com/errata/RHSA-2010-0958.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0007 https://rhn.redhat.com/errata/RHSA-2011-0007.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:0017 https://rhn.redhat.com/errata/RHSA-2011-0017.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2011:0162 https://rhn.redhat.com/errata/RHSA-2011-0162.html