|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2004-0181: kernel: jfs info leak | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Thomas Biege <thomas> |
| Component: | Incidents | Assignee: | Thomas Biege <thomas> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | ihno, meissner, mfrueh, security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | CVE-2004-0181: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N) | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 50256 | ||
| Attachments: | jfs_leak.patch | ||
|
Description
Thomas Biege
2004-03-16 17:13:08 UTC
<!-- SBZ_reproduce --> - Created attachment 16692 [details]
jfs_leak.patch
Date: Tue, 16 Mar 2004 14:00:57 -0600 From: Dave Kleikamp <shaggy@austin.ibm.com> To: Marcelo Tosatti <marcelo.tosatti@cyclades.com> Cc: Nathan Scott <nathans@sgi.com>, Martin Schulze <joey@infodrom.org>, vendor-sec@lst.de, Chris Wright <chrisw@osdl.org> Subject: Re: [vendor-sec] Outstanding kernel security issues On Tue, 2004-03-16 at 12:38, Marcelo Tosatti wrote: > On Tue, 16 Mar 2004, Nathan Scott wrote: > > > On Tue, Mar 16, 2004 at 05:00:39AM -0300, Marcelo Tosatti wrote: > > > > > > Heads up: I just applied tytso's patch to JBD, and will release > > > 2.4.26-pre4 with it in a few minutes. > > > > > > Chris, any news on JFS ? > > > > > > Nathan, from what I read XFS also has a similar problem. I dont recall > > > getting a fix for that one. > > > > Hi Marcelo, > > > > The XFS fix went into your bk tree last weekend (at the same time > > as the fix for the compiler warning that Dave Miller noticed). > > The 2.6 fix went into Linus' tree at around the same time. > > Fine, thanks. > > Dave, Chris, what about JFS ? The 2.4 patch actually was nearly identical to the 2.6 patch. You can pull it from http://jfs.bkbits.net/linux-2.4 Here's the patch: # This is a BitKeeper generated diff -Nru style patch. # # ChangeSet # 2004/03/16 13:50:54-06:00 shaggy@austin.ibm.com # JFS: zero new log pages, etc. # diff -Nru a/fs/jfs/jfs_logmgr.c b/fs/jfs/jfs_logmgr.c --- a/fs/jfs/jfs_logmgr.c Tue Mar 16 13:53:18 2004 +++ b/fs/jfs/jfs_logmgr.c Tue Mar 16 13:53:18 2004 @@ -1697,7 +1697,7 @@ if (lbuf == 0) goto error; lbuf->l_bh.b_data = lbuf->l_ldata = - (char *) __get_free_page(GFP_KERNEL); + (char *) get_zeroed_page(GFP_KERNEL); if (lbuf->l_ldata == 0) { kfree(lbuf); goto error; diff -Nru a/fs/jfs/jfs_metapage.c b/fs/jfs/jfs_metapage.c --- a/fs/jfs/jfs_metapage.c Tue Mar 16 13:53:18 2004 +++ b/fs/jfs/jfs_metapage.c Tue Mar 16 13:53:18 2004 @@ -385,6 +385,10 @@ } mp->data = kmap(mp->page) + page_offset; } + + if (new) + memset(mp->data, 0, PSIZE); + jfs_info("__get_metapage: returning = 0x%p", mp); return mp; diff -Nru a/fs/jfs/super.c b/fs/jfs/super.c --- a/fs/jfs/super.c Tue Mar 16 13:53:18 2004 +++ b/fs/jfs/super.c Tue Mar 16 13:53:18 2004 @@ -481,10 +481,10 @@ if ((flags & (SLAB_CTOR_VERIFY | SLAB_CTOR_CONSTRUCTOR)) == SLAB_CTOR_CONSTRUCTOR) { + memset(jfs_ip, 0, sizeof(struct jfs_inode_info)); INIT_LIST_HEAD(&jfs_ip->anon_inode_list); init_rwsem(&jfs_ip->rdwrlock); init_MUTEX(&jfs_ip->commit_sem); - jfs_ip->atlhead = 0; jfs_ip->active_ag = -1; } } _______________________________________________ Vendor Security mailing list Vendor Security@lst.de https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec CAN-2004-0181 Test - please ignore! test Kernels are waiting for check in now. Your turn ;) Thanks a lot Hubert! packages approved CVE-2004-0181: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N) |