Release date: 2010-09-22
Updated on:
Affected Systems:
Linux kernel 2.6.0-2.6.18 rc7
Unaffected system:
Linux kernel 2.6.19-rc1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 45064
Cve id: CVE-2010-4161
Linux Kernel is the Kernel used by open source Linux.
Linux Kernel has the information leakage vulnerability. Local attackers can exploit this vulnerability to obtain sensitive information.
This problem occurs when the socket fails to be locked when the function sk_filter () is called from the tcp_v {} _ rcv () function of arg needlock = 0.
<* Source: Dmitry Mishin
Link: http://git.kernel.org /? P = linux/kernel/git/eugeneteo/linux-2.6-cve-tagged.git; a = commitdiff; h = fda9ef5d679b07c9d9097aaf6ef7f069d794a8f9
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.kernel.org/