According to the commit "this is CVE-2006-0554 and SGI bug 942658. With certain types of ftruncate() activity on 2.6 kernels, XFS can end up exposing stale data off disk to a user, putting extents where holes should be." The following kernels and patchsets are unaffected: * >=vanilla-sources-2.6.15.5 * >=gentoo-sources-2.6.15-r6 * >=genpatches-2.6.15-9 Patch here: http://tinyurl.com/fyql9
Created attachment 81665 [details, diff] xfs-ftruncate-stale-data.patch Patch. Also applies to 2.6.14.
CCing maintainers: ck-sources: marineam hardened-sources: hardened herd hppa-sources: gmsoft mips-sources: `Kumba rsbac-sources: kang suspend2-sources: brix xbox-sources: gimli
ck fixed since ck-sources-2.6.15_p5
Now fixed in: * genpatches-2.6.14-11 * hardened-sources-2.6.14-r6
All resolved, closing...