blob: 44fc3af17482d2a577726112599414103b7a6721 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
Candidate: CVE-2006-0095
References:
http://article.gmane.org/gmane.linux.kernel/363528/match=dm+crypt
Description:
dm-crypt does not clear struct crypt_config before freeing it. Thus,
information on the key could leak f.e. to a swsusp image even after the
encrypted device has been removed. The attached patch against 2.6.14 /
2.6.15 fixes it.
Notes:
jhorms> 2.4 not affected as dm-crypt doesn't seem to exist
jmm> Discovered by Stefan Rompf
Bugs:
upstream: released (2.6.16-rc1)
linux-2.6: released (2.6.16-1)
2.6.8-sarge-security: released (2.6.8-16sarge2) [dm-crypt-zero-key.dpatch]
2.4.27-sarge-security: N/A
2.4.19-woody-security: N/A
2.4.18-woody-security: N/A
2.4.17-woody-security: N/A
2.4.16-woody-security: N/A
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: N/A
|