kernel: information disclosure [LWN.net]

Package(s):

kernel

CVE #(s):

CVE-2012-3430

Created:

August 6, 2012

Updated:

October 3, 2012

Description:

From the Red Hat bugzilla:

Two similar issues:

1) Reported by Jay Fenlason and Doug Ledford: recvfrom() on an RDS socket can disclose sizeof(struct sockaddr_storage)-sizeof(struct sockaddr_in) bytes of kernel stack to userspace when receiving a datagram.

2) Reported by Jay Fenlason: recv{from,msg}() on an RDS socket can disclose sizeof(struct sockaddr_storage) bytes of kernel stack to userspace when other code paths are taken.

Alerts:

Fedora	FEDORA-2012-11348	2012-08-05
Mageia	MGASA-2012-0237	2012-08-23
Ubuntu	USN-1567-1	2012-09-14
Ubuntu	USN-1568-1	2012-09-14
Ubuntu	USN-1572-1	2012-09-18
Ubuntu	USN-1573-1	2012-09-18
Ubuntu	USN-1574-1	2012-09-19
Ubuntu	USN-1575-1	2012-09-19
Ubuntu	USN-1577-1	2012-09-21
Ubuntu	USN-1578-1	2012-09-21
Ubuntu	USN-1580-1	2012-09-21
Ubuntu	USN-1579-1	2012-09-21
Red Hat	RHSA-2012:1304-01	2012-09-25
CentOS	CESA-2012:1304	2012-09-26
Scientific Linux	SL-kern-20120926	2012-09-26
Oracle	ELSA-2012-1304	2012-09-26
Oracle	ELSA-2012-2034	2012-09-28
Oracle	ELSA-2012-2034	2012-09-27
Oracle	ELSA-2012-2035	2012-09-28
Oracle	ELSA-2012-2035	2012-09-28
Red Hat	RHSA-2012:1323-01	2012-10-02
CentOS	CESA-2012:1323	2012-10-03
Scientific Linux	SL-kern-20121003	2012-10-03
Oracle	ELSA-2012-1323	2012-10-03
Oracle	ELSA-2012-1323	2012-10-04
Oracle	ELSA-2012-2038	2012-10-19
Oracle	ELSA-2012-2038	2012-10-20
Red Hat	RHSA-2012:1491-01	2012-12-04
Oracle	ELSA-2013-2507	2013-02-28

(Log in to post comments)