Date: Wed, 26 Oct 2011 13:05:37 +0200 From: Petr Matousek <pmatouse@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE Request -- kernel: xfs: potential buffer overflow in xfs_readlink() A flaw was found in the way Linux kernel's XFS filesystem implementation handled links with pathname larger than MAXPATHLEN. When CONFIG_XFS_DEBUG configuration option was not enabled when compiling Linux kernel, an attacker able to mount malicious XFS image could use this flaw to crash the system, or potentially, elevate his privileges on that system. Proposed upstream patch: http://oss.sgi.com/archives/xfs/2011-10/msg00345.html References: https://bugzilla.redhat.com/show_bug.cgi?id=749156 http://oss.sgi.com/archives/xfs/2011-10/msg00345.html Thanks, -- Petr Matousek / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.