APPLIED: [CVE-2011-2534] netfilter: ipt_CLUSTERIP: fix buffer overflow

Tim Gardner tim.gardner at
Thu Jul 7 13:23:36 UTC 2011

On 07/07/2011 03:28 AM, Andy Whitcroft wrote:
> CVE-2011-2534
> 	Buffer overflow in the clusterip_proc_write function in
> 	net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel before
> 	2.6.39 might allow local users to cause a denial of service or
> 	have unspecified other impact via a crafted write operation,
> 	related to string data that lacks a terminating '\0' character.
> This bug has already been fixed via mainline and stable for the latest
> releases, or by Paolo for the ARM branches.  Hardy is the only release
> still affected.  Following this email is a patch for Hardy which is a
> clean cherry-pick from upstream.
> Proposing for SRU to hardy.
> -apw

Tim Gardner tim.gardner at

More information about the kernel-team mailing list