Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 119562 - Kernel: dm-crypt module does not clear memory (CVE-2006-0095)
Summary: Kernel: dm-crypt module does not clear memory (CVE-2006-0095)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: [linux < 2.6.15.2]
Keywords:
Depends on:
Blocks:
 
Reported: 2006-01-19 08:43 UTC by Thierry Carrez (RETIRED)
Modified: 2009-05-03 16:02 UTC (History)
7 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thierry Carrez (RETIRED) gentoo-dev 2006-01-19 08:43:57 UTC 
Stefan Rompf discovered that the dm-crypt module did not clear memory
structures before releasing the memory allocation of it. This could
lead to the disclosure of encryption keys. (CVE-2006-0095)
Comment 1 Tim Yamin (RETIRED) gentoo-dev 2006-01-22 16:13:11 UTC 
Patch: http://marc.theaimsgroup.com/?l=linux-kernel&m=113641114812886&w=2
Comment 2 Tim Yamin (RETIRED) gentoo-dev 2006-01-22 16:20:23 UTC 
Adding maintainers:

ck-sources: marineam
gentoo-sources: dsd
hardened-sources: hardened, johnm, kerframil
hppa-sources: GMSoft
mips-sources: Kumba
rsbac-sources: kang
suspend2-sources: brix
usermode-sources: dsd
xbox-sources: gimli
Comment 3 Daniel Drake (RETIRED) gentoo-dev 2006-01-31 15:49:22 UTC 
Fixed in gentoo-sources-2.6.15-r2 (genpatches-2.6.15-5) and Linux 2.6.15.2
Comment 4 kfm 2006-02-01 10:24:48 UTC 
Fixed in hardened-sources-2.6.14-r5 and genpatches-2.6.14-10.
Comment 5 Henrik Brix Andersen 2006-02-02 04:34:46 UTC 
Fixed in suspend2-sources-2.6.15-r5.
Comment 6 Guy Martin (RETIRED) gentoo-dev 2006-02-16 00:14:51 UTC 
hppa-source-2.6.15.4_p4 stable on hppa. Enjoy.
Comment 7 Daniel Drake (RETIRED) gentoo-dev 2006-03-02 05:14:10 UTC 
Fixed in usermode-sources-2.6.15-r1
Comment 8 Tim Yamin (RETIRED) gentoo-dev 2006-04-20 10:56:18 UTC 
All fixed now, thanks!