blob: 8ef0a95407d89dbedbeba89cf0108f2badcdbaf3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
Candidate: CVE-2003-0465
References:
CONFIRM:http://marc.theaimsgroup.com/?l=linux-kernel&m=105796021120436&w=2
CONFIRM:http://marc.theaimsgroup.com/?l=linux-kernel&m=105796415223490&w=2
REDHAT:RHSA-2004:188
URL:http://www.redhat.com/support/errata/RHSA-2004-188.html
Description:
The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad
the buffer on architectures other than x86, as opposed to the expected
behavior of strncpy as implemented in libc, which could lead to
information leaks.
Notes:
2.4.27-8 fixes s390x, ppc64 and s390 but leaves mips & alpha unfixed.
.
horms> N.B. This bug appears to be minor at best
horms> http://marc.theaimsgroup.com/?l=linux-kernel&m=105796021120436&w=2
.
dannf> Since this is minor, I'm gonna consider the existing patch "good enough"
dannf> and mark the 2.4 issues as complete.
jmm> Alan Cox wrote in above URL that these will be addressed during the 2.5
jmm> cycle, so I guess it's pretty safe to make all the 2.6 kernels as fixed
jmm> The ramifications are minor anyway
Bugs:
upstream:
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: released (2.4.27-8)
2.4.19-woody-security: released (2.4.19-4.woody3)
2.4.18-woody-security: needed
2.4.17-woody-security: released (2.4.17-1woody4)
2.4.16-woody-security: released (2.4.16-1woody3)
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: N/A
2.4.18-woody-security-hppa: N/A
|