|Bugzilla:||554578: CVE-2010-0003 kernel: infoleak if print-fatal-signals=1|
The MITRE CVE dictionary describes this issue as:
The print_fatal_signal function in kernel/signal.c in the Linux kernel before 220.127.116.11 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address.
Red Hat is aware of this issue and is tracking it via the following bug:
This issue has been rated as having moderate security impact.
A future update in Red Hat Enterprise MRG may address this flaw. This issue was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0146.html and https://rhn.redhat.com/errata/RHSA-2010-0147.html respectively.
This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed.
For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|MRG Grid for RHEL 5 Server (kernel-rt)||RHSA-2010:0161||March 23, 2010|
|Red Hat Enterprise Linux version 4 (kernel)||RHSA-2010:0146||March 17, 2010|
|Red Hat Enterprise Linux version 5 (kernel)||RHSA-2010:0147||March 17, 2010|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.