Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 18 May 2012 11:41:48 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request -- kernel: incomplete fix for CVE-2011-4131

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/18/2012 05:30 AM, Petr Matousek wrote:
> The fix for CVE-2011-4131 was not complete. Malicious NFS server
> could still crash the clients when more than 2 GETATTR bitmap words
> are returned in response to the FATTR4_ACL attribute request.
> 
> Upstream fixes: 20e0fa98b751facf9a1101edaefbc19c82616a68 
> 5794d21ef4639f0e33440927bb903f9598c21e92 
> 5a00689930ab975fdd1b37b034475017e460cf2a
> 
> Reference: https://bugzilla.redhat.com/show_bug.cgi?id=822869
> 
> Thanks,

Please use CVE-2012-2375 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPtoncAAoJEBYNRVNeJnmTEn4P/ivawBkc6pRsnsqOot1eIm0h
J4CP3vC5yEu4qUZloUt/hOqw6XUiKOsfbEozClJ4txn8YJc62Wl6xee9BjQl+dOB
BIAKfkhEns3MIgoc+L4ODE76Vyamn1jtABX6DhLShREEY2HCXArO1IHMhfW8u9FQ
AFowP05JPBasVb4w6Xzb+MMvbREgyO40q0Zs10Uk5IxHbeDX0jqqRJsgXOmIk6KZ
UIZN4s9e2dGWQ0N1j/l8WQa+08Cg6DEaHIj8zybU86b2mzblPRx3Jh98YNruam0f
JFgU9/dIBWMrZXg1iX1xMzLGkY3p4fW+k33RR6dzuL0gu7QvP0yj3MGFr2CFmvHI
r+yz8bVXMpWd5Evn2B8SCgc7SqpfwK1GHbGqg5k6v0SZbxIlaut8znEFoqpCEkAj
My/4S2AfDNRcSbzlRjyvNQroyBXt51P4lCsRZ86OYgEmB+FsCTJzj/F2U3cnIz41
KP2nA4+tJZOoUKjLanwrBxLlCgZGX5TEl1Rj/1PO2tWNqiLXQjO1Owa9wsfLAFwJ
b3MSjcaDJQmeXp2Ya6l18Zsh21pmsDrPQavR98YrsO4BOhajsno2Bj8mdytjCmZd
MShMw2ItAbF004DF+xnmc+e+PZuc2iqTy+X7VZNWaj3hIncCGMWiF/L/F6UghtTS
H0LIgJP8nwsp/4cmYHsZ
=wG27
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ