summaryrefslogtreecommitdiffstats
path: root/retired/CVE-2006-0095
blob: 44fc3af17482d2a577726112599414103b7a6721 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Candidate: CVE-2006-0095
References: 
 http://article.gmane.org/gmane.linux.kernel/363528/match=dm+crypt
Description: 
 dm-crypt does not clear struct crypt_config before freeing it. Thus,
 information on the key could leak f.e. to a swsusp image even after the
 encrypted device has been removed. The attached patch against 2.6.14 /
 2.6.15 fixes it.
Notes: 
 jhorms> 2.4 not affected as dm-crypt doesn't seem to exist
 jmm> Discovered by Stefan Rompf
Bugs: 
upstream: released (2.6.16-rc1)
linux-2.6: released (2.6.16-1)
2.6.8-sarge-security: released (2.6.8-16sarge2) [dm-crypt-zero-key.dpatch]
2.4.27-sarge-security: N/A
2.4.19-woody-security: N/A
2.4.18-woody-security: N/A
2.4.17-woody-security: N/A
2.4.16-woody-security: N/A
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: N/A

© 2014-2024 Faster IT GmbH | imprint | privacy policy