Date: Wed, 23 Dec 2009 14:40:04 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com CC: Greg KH <gregkh@...e.de> Subject: CVE request - kernel: fuse_ioctl_copy_user() dos Reported by David Shaw. There is a problem in the ioctl handler in the fuse kernel code that causes a panic under some circumstances. fuse_ioctl_copy_user() was introduced in 59efec7b (v2.6.29-rc1, 2008-11-26). This was fixed upstream but was missed in 2.6.30.y. The most recent 2.6.31/32.y kernels already have this fix. So this only affects distros that are still using 2.6.30.y. http://git.kernel.org/linus/0bd87182d3ab18a32a8e9175d3f68754c58e3432 https://bugzilla.redhat.com/show_bug.cgi?id=549400 Thanks, Eugene -- Eugene Teo / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ