Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 23 Dec 2009 14:40:04 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: Greg KH <gregkh@...e.de>
Subject: CVE request - kernel: fuse_ioctl_copy_user() dos

Reported by David Shaw. There is a problem in the ioctl handler in the 
fuse kernel code that causes a panic under some circumstances.

fuse_ioctl_copy_user() was introduced in 59efec7b (v2.6.29-rc1, 
2008-11-26). This was fixed upstream but was missed in 2.6.30.y. The 
most recent 2.6.31/32.y kernels already have this fix. So this only 
affects distros that are still using 2.6.30.y.

http://git.kernel.org/linus/0bd87182d3ab18a32a8e9175d3f68754c58e3432
https://bugzilla.redhat.com/show_bug.cgi?id=549400

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ