Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 119562 - Kernel: dm-crypt module does not clear memory (CVE-2006-0095)
Summary: Kernel: dm-crypt module does not clear memory (CVE-2006-0095)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: [linux <]
Depends on:
Reported: 2006-01-19 08:43 UTC by Thierry Carrez (RETIRED)
Modified: 2009-05-03 16:02 UTC (History)
7 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Thierry Carrez (RETIRED) gentoo-dev 2006-01-19 08:43:57 UTC
Stefan Rompf discovered that the dm-crypt module did not clear memory
structures before releasing the memory allocation of it. This could
lead to the disclosure of encryption keys. (CVE-2006-0095)
Comment 1 Tim Yamin (RETIRED) gentoo-dev 2006-01-22 16:13:11 UTC
Comment 2 Tim Yamin (RETIRED) gentoo-dev 2006-01-22 16:20:23 UTC
Adding maintainers:

ck-sources: marineam
gentoo-sources: dsd
hardened-sources: hardened, johnm, kerframil
hppa-sources: GMSoft
mips-sources: Kumba
rsbac-sources: kang
suspend2-sources: brix
usermode-sources: dsd
xbox-sources: gimli
Comment 3 Daniel Drake (RETIRED) gentoo-dev 2006-01-31 15:49:22 UTC
Fixed in gentoo-sources-2.6.15-r2 (genpatches-2.6.15-5) and Linux
Comment 4 Kerin Millar 2006-02-01 10:24:48 UTC
Fixed in hardened-sources-2.6.14-r5 and genpatches-2.6.14-10.
Comment 5 Henrik Brix Andersen 2006-02-02 04:34:46 UTC
Fixed in suspend2-sources-2.6.15-r5.
Comment 6 Guy Martin (RETIRED) gentoo-dev 2006-02-16 00:14:51 UTC
hppa-source- stable on hppa. Enjoy.
Comment 7 Daniel Drake (RETIRED) gentoo-dev 2006-03-02 05:14:10 UTC
Fixed in usermode-sources-2.6.15-r1
Comment 8 Tim Yamin (RETIRED) gentoo-dev 2006-04-20 10:56:18 UTC
All fixed now, thanks!