Gentoo Bug 119562 - Kernel: dm-crypt module does not clear memory (CVE-2006-0095)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	119562
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 119562 depends on:			Show dependency tree
Bug 119562 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2006-01-19 08:43 0000

Stefan Rompf discovered that the dm-crypt module did not clear memory
structures before releasing the memory allocation of it. This could
lead to the disclosure of encryption keys. (CVE-2006-0095)

------- Comment #1 From Tim Yamin (RETIRED) 2006-01-22 16:13:11 0000 -------

Patch: http://marc.theaimsgroup.com/?l=linux-kernel&m=113641114812886&w=2

------- Comment #2 From Tim Yamin (RETIRED) 2006-01-22 16:20:23 0000 -------

Adding maintainers:

ck-sources: marineam
gentoo-sources: dsd
hardened-sources: hardened, johnm, kerframil
hppa-sources: GMSoft
mips-sources: Kumba
rsbac-sources: kang
suspend2-sources: brix
usermode-sources: dsd
xbox-sources: gimli

------- Comment #3 From Daniel Drake 2006-01-31 15:49:22 0000 -------

Fixed in gentoo-sources-2.6.15-r2 (genpatches-2.6.15-5) and Linux 2.6.15.2

------- Comment #4 From Kerin Millar 2006-02-01 10:24:48 0000 -------

Fixed in hardened-sources-2.6.14-r5 and genpatches-2.6.14-10.

------- Comment #5 From Henrik Brix Andersen 2006-02-02 04:34:46 0000 -------

Fixed in suspend2-sources-2.6.15-r5.

------- Comment #6 From Guy Martin 2006-02-16 00:14:51 0000 -------

hppa-source-2.6.15.4_p4 stable on hppa. Enjoy.

------- Comment #7 From Daniel Drake 2006-03-02 05:14:10 0000 -------

Fixed in usermode-sources-2.6.15-r1

------- Comment #8 From Tim Yamin (RETIRED) 2006-04-20 10:56:18 0000 -------

All fixed now, thanks!

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 119562

Kernel: dm-crypt module does not clear memory (CVE-2006-0095)

Last modified: 2009-05-03 16:02:01 0000