SB2009101904 - Information exposure in Linux kernel

Description

This security bulletin contains information about 1 security vulnerability.

1) Information exposure (CVE-ID: CVE-2005-4881)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information exposure error. A local user can gain access to sensitive information.

Remediation

Install update from vendor's website.

References

• http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=0f3f2328f63c521fe4b435f148687452f98b2349
• http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=30e744716c4a6cc4e8ecaaddf68f20057c03dc8d
• http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=3408cce0c2f380884070896420ca566704452fb5
• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a47077a0b5aa2649751c46e7a27884e6686ccbf
• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8
• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b3563c4fbff906991a1b4ef4609f99cca2a0de6a
• http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
• http://marc.info/?l=git-commits-head&m=112002138324380
• http://secunia.com/advisories/37084
• http://secunia.com/advisories/37909
• http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6
• http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.13/ChangeLog-2.6.13-rc1
• http://www.openwall.com/lists/oss-security/2009/09/05/2
• http://www.openwall.com/lists/oss-security/2009/09/06/2
• http://www.openwall.com/lists/oss-security/2009/09/07/2
• http://www.openwall.com/lists/oss-security/2009/09/17/1
• http://www.openwall.com/lists/oss-security/2009/09/17/9
• http://www.redhat.com/support/errata/RHSA-2009-1522.html
• https://bugzilla.redhat.com/show_bug.cgi?id=521601
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11744