Hardy CVE-2010-3873, memory corruption in X.25 facilities parsing (V2)
Kees Cook
kees.cook at canonical.com
Tue Feb 1 18:00:28 UTC 2011
Hi Andy,
On Tue, Feb 01, 2011 at 09:06:43AM -0800, Kees Cook wrote:
> On Tue, Feb 01, 2011 at 02:41:26PM +0000, Andy Whitcroft wrote:
> > Kees, I note that in v2.6.37 and later there is also this commit below,
> > you might want to review for relevance here. It seems to prevent bad
> > packets triggering panics.
> >
> > commit 5ef41308f94dcbb3b7afc56cdef1c2ba53fa5d2f
> > Author: Dan Rosenberg <drosenberg at vsecurity.com>
> > Date: Fri Nov 12 12:44:42 2010 -0800
> >
> > x25: Prevent crashing when parsing bad X.25 facilities
>
> Yes, please. :)
Actually, the above patch is for CVE-2010-4164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4164
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the kernel-team
mailing list