Linux kernel built with the IPSec key_socket support(CONFIG_NET_KEY=m) is vulnerable to an information leakage flaw. It occurs while using key_socket's notify_policy interface. A user/program able to access the PF_KEY key_sockets could use this flaw to leak kernel memory bytes. Upstream fix: ------------- -> https://git.kernel.org/linus/85dfb745ee40232876663ae206cba35f24ab2a40 Reference: ---------- -> http://www.openwall.com/lists/oss-security/2013/07/03/1
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:1166 https://rhn.redhat.com/errata/RHSA-2013-1166.html
Statement: This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue. This issue has been addressed for Red Hat Enterprise Linux 5 via the advisory RHSA-2013:1166 and Red Hat Enterprise Linux 6 via the advisory RHSA-2013:1173.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1173 https://rhn.redhat.com/errata/RHSA-2013-1173.html
This issue has been addressed in following products: OpenStack 3 for RHEL 6 Via RHSA-2013:1195 https://rhn.redhat.com/errata/RHSA-2013-1195.html
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2013:1264 https://rhn.redhat.com/errata/RHSA-2013-1264.html