[CVE-2011-2534] netfilter: ipt_CLUSTERIP: fix buffer overflow
Andy Whitcroft
apw at canonical.com
Thu Jul 7 09:28:04 UTC 2011
CVE-2011-2534
Buffer overflow in the clusterip_proc_write function in
net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before
2.6.39 might allow local users to cause a denial of service or
have unspecified other impact via a crafted write operation,
related to string data that lacks a terminating '\0' character.
This bug has already been fixed via mainline and stable for the latest
releases, or by Paolo for the ARM branches. Hardy is the only release
still affected. Following this email is a patch for Hardy which is a
clean cherry-pick from upstream.
Proposing for SRU to hardy.
-apw
More information about the kernel-team
mailing list