blob: dd6420aad161ced485991837b56ee04d4f900863 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Candidate: CVE-2004-0133
References:
http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html
http://security.gentoo.org/glsa/glsa-200407-02.xml
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:029
ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc
http://marc.theaimsgroup.com/?l=bugtraq&m=108213675028441&w=2
http://www.securityfocus.com/bid/10151
http://secunia.com/advisories/11362
http://xforce.iss.net/xforce/xfdb/15901
Description:
The XFS file system code in Linux 2.4.x has an information leak in which
in-memory data is written to the device for the XFS file system, which
allows local users to obtain sensitive information by reading the raw device.
Notes:
jmm> Woody is not affected, as XFS was only added to the kernel in 2.4.25
dannf> I never did find the actual patch - upstream fixed versions are
dannf> based on the securityfocus page above.
Bugs:
upstream: released (2.4.26-rc2, 2.6.5)
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.19-woody-security: N/A
2.4.18-woody-security: N/A
2.4.17-woody-security: N/A
2.4.16-woody-security: N/A
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: N/A
|