Advisories:rPSA-2006-0049

From rPath Wiki

rPath Security Advisory 2006-0049-1

Published: 2006-04-19

Products

• rPath Linux 1

Rating

Major

Exposure Level Classification

Local User Non-deterministic Information Exposure

Updated Versions

• kernel=conary.rpath.com@rpl:1/2.6.15.7-0.2-1

rPath Issue Tracking System

• RPL-340

References

• CVE-2006-1056
• http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9

Description

On all "AuthenticAMD" processors, both 32-bit and 64-bit, 7th and

8th generation, the behavior of the FXSAVE instruction was not

correctly accounted for in previous versions of the Linux kernel.

This created a potential information leak that can disclose some

numeric coprocessor state between unrelated processes when tasks

are scheduled. This bug may be exploited by local users to discover

cryptographically sensitive information.

This update requires a reboot to implement the fix for affected systems.

Copyright 2006 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html