[SECURITY] CAN-2004-0177 (was: Re: [SECURITY] CAN-2004-0075)

From: Marc-Christian Petersen
Date: Wed Apr 14 2004 - 18:51:26 EST

Next message: Paul Wagland: "Re: reiser4 and megaraid problems with debian 2.6.5"
Previous message: Martin J. Bligh: "Re: linux-2.6.5-mjb1 Comment."
In reply to: Michal Schmidt: "Re: [SECURITY] CAN-2004-0075"
Next in thread: Stephen C. Tweedie: "Re: [SECURITY] CAN-2004-0177 (was: Re: [SECURITY] CAN-2004-0075)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wednesday 14 April 2004 22:30, you wrote:

Hi again,

> Okay, now while we are at fixing security holes, is there any chance we
> can get the attached patch in?

Okay, we are at it, so what's about the attached one too? ;)

In WOLK for some time too. I am not 100% sure if this is correct, but I think
it is. Andrew? Stephen?

----------------------------------------------------------------------
CAN-2004-0177
Solar Designer discovered an information leak in the ext3 code of
Linux. In a worst case an attacker could read sensitive data such
as cryptographic keys which would otherwise never hit disk media.
Theodore Ts'o developed a correction for this.
----------------------------------------------------------------------

ciao, Marc
--- a/fs/jbd/journal.c Mon Nov 10 00:12:14 2003
+++ b/fs/jbd/journal.c Fri Feb 27 20:36:04 2004
@@ -599,6 +599,7 @@
return NULL;

bh = __getblk(journal->j_dev, blocknr, journal->j_blocksize);
+ memset(bh->b_data, 0, journal->j_blocksize);
bh->b_state |= (1 << BH_Dirty);
BUFFER_TRACE(bh, "return this buffer");
return journal_add_journal_head(bh);

Next message: Paul Wagland: "Re: reiser4 and megaraid problems with debian 2.6.5"
Previous message: Martin J. Bligh: "Re: linux-2.6.5-mjb1 Comment."
In reply to: Michal Schmidt: "Re: [SECURITY] CAN-2004-0075"
Next in thread: Stephen C. Tweedie: "Re: [SECURITY] CAN-2004-0177 (was: Re: [SECURITY] CAN-2004-0075)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]