[CVE-2011-1493] rose networking validation issues

Andy Whitcroft apw at canonical.com
Thu Jul 28 10:05:22 UTC 2011

	Bugs in both facilities parsing and in request validation can
	lead to heap corruption.

The fixes for this are in oneiric via mainline and one of the two fixes has
hit lucid and later via stable updates.  Following this email are patch
sets for all of the remaining affected branches.  All of the patches
except for hardy 3/3 are cherry-picks from mainline, hardy 3/3 is a
trivial backport.  There is a small preparitory cleanup patch included
in some sets to simplify the port.  I am including all of the sets as
they nearly all differ in patch combinations.

Note that from a review point of view, except for hardy 3/3, where a patch
appears in more than one set the patch is an identicle change in all sets.

Proposing for hardy, lucid, lucid/fsl-imx51, maverick/ti-omap4, natty,
and natty/ti-omap4.


More information about the kernel-team mailing list