Bug#490910: linux-2.6: CVE-2008-0598 information disclosure

To: submit@bugs.debian.org
Subject: Bug#490910: linux-2.6: CVE-2008-0598 information disclosure
From: Nico Golde <nion@debian.org>
Date: Tue, 15 Jul 2008 10:52:18 +0200
Message-id: <[🔎] 20080715085218.GA11550@ngolde.de>
Reply-to: Nico Golde <nion@debian.org>, 490910@bugs.debian.org

Package: linux-2.6
Version: 2.6.25-6
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for linux-2.6.

CVE-2008-0598[0]:
| Unspecified vulnerability in the 32-bit and 64-bit emulation in the
| Linux kernel 2.6.9, 2.6.18, and probably other versions allows local
| users to read uninitialized memory via unknown vectors involving a
| crafted binary.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

A patch can be found in the redhat report:
https://bugzilla.redhat.com/attachment.cgi?id=311794

The path to this file changed, it's x86/lib/copy_user_64.S 
in our source packages.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0598
    http://security-tracker.debian.net/tracker/CVE-2008-0598

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgp9lmSPxVutc.pgp
Description: PGP signature

Reply to:

Prev by Date: Processed: Re: linux-modules-nonfree-2.6: fglrx-module is outdated
Next by Date: Bug#490959: linux-image-2.6.25-2-amd64: upgrade from 2.6.24 to 2.6.25 changes drive identities
Previous by thread: Processed: Re: linux-modules-nonfree-2.6: fglrx-module is outdated
Next by thread: Bug#490959: linux-image-2.6.25-2-amd64: upgrade from 2.6.24 to 2.6.25 changes drive identities
Index(es):
- Date
- Thread