[CVE-2011-2534] netfilter: ipt_CLUSTERIP: fix buffer overflow

Andy Whitcroft apw at canonical.com
Thu Jul 7 09:28:04 UTC 2011

	Buffer overflow in the clusterip_proc_write function in
	net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before
	2.6.39 might allow local users to cause a denial of service or
	have unspecified other impact via a crafted write operation,
	related to string data that lacks a terminating '\0' character.

This bug has already been fixed via mainline and stable for the latest
releases, or by Paolo for the ARM branches.  Hardy is the only release
still affected.  Following this email is a patch for Hardy which is a
clean cherry-pick from upstream.

Proposing for SRU to hardy.


More information about the kernel-team mailing list