Description of problem: struct sco_conninfo has one padding byte in the end. Local variable cinfo of type sco_conninfo is copied to userspace with this uninizialized one byte, leading to old stack contents leak. Reference: http://seclists.org/oss-sec/2011/q1/309 https://lkml.org/lkml/2011/2/14/49 Acknowledgements: Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Upstream commit: http://git.kernel.org/linus/c4c896e1471aec3b004a693c689f60be3b17ac86
This issue has been addressed in following products: MRG for RHEL-5 Via RHSA-2011:0500 https://rhn.redhat.com/errata/RHSA-2011-0500.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:0833 https://rhn.redhat.com/errata/RHSA-2011-0833.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1156 https://rhn.redhat.com/errata/RHSA-2012-1156.html