Date: Fri, 18 May 2012 13:30:06 +0200 From: Petr Matousek <pmatouse@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE Request -- kernel: incomplete fix for CVE-2011-4131 The fix for CVE-2011-4131 was not complete. Malicious NFS server could still crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute request. Upstream fixes: 20e0fa98b751facf9a1101edaefbc19c82616a68 5794d21ef4639f0e33440927bb903f9598c21e92 5a00689930ab975fdd1b37b034475017e460cf2a Reference: https://bugzilla.redhat.com/show_bug.cgi?id=822869 Thanks, -- Petr Matousek / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ