LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

In defense of Ubuntu

Why the JMRI decision matters

LWN.net Weekly Edition for August 14, 2008

Details of the DNS flaw revealed

Udev rules and the management of the plumbing layer

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

kernel: information leak, denial of service

Package(s):linux-2.6 CVE #(s):CVE-2007-6206 CVE-2007-6417
Created:December 21, 2007 Updated:July 8, 2008
Description: Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. (CVE-2007-6206)

Hugh Dickins discovered an issue in the tmpfs filesystem where, under a rare circumstance, a kernel page maybe improperly cleared, leaking sensitive kernel memory to userspace or resulting in a DoS (crash). (CVE-2007-6417)

Alerts:
Debian DSA-1436-1 2007-12-20
Red Hat RHSA-2008:0089-01 2008-01-23
Red Hat RHSA-2008:0055-01 2008-01-31
Ubuntu USN-574-1 2008-02-04
SuSE SUSE-SA:2008:006 2008-02-07
rPath rPSA-2008-0048-1 2008-02-08
Mandriva MDVSA-2008:044 2008-02-12
SuSE SUSE-SA:2008:007 2008-02-12
Ubuntu USN-578-1 2008-02-14
Debian DSA-1503 2008-02-22
Debian DSA-1504 2008-02-22
Debian DSA-1503-2 2008-03-06
Mandriva MDVSA-2008:086 2008-04-15
Red Hat RHSA-2008:0211-01 2008-05-07
CentOS CESA-2008:0211 2008-05-07
Mandriva MDVSA-2008:112 2007-06-12
SuSE SUSE-SA:2008:030 2008-06-20
SuSE SUSE-SA:2008:032 2008-07-07
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.