[CVE-2011-4077] xfs_readlink memory corruption

Andy Whitcroft apw at canonical.com
Mon Nov 21 16:50:52 UTC 2011

	A flaw was found in the way Linux kernel's XFS filesystem
	implementation handled links with pathname larger than
	MAXPATHLEN. When CONFIG_XFS_DEBUG configuration option was not
	enabled when compiling Linux kernel, an attacker able to mount
	malicious XFS image could use this flaw to crash the system,
	or potentially, elevate his privileges on that system.

The fix for this issue has hit precise via upstream.  Following this email
are 4 patches.  The first for hardy; the second for lucid, lucid/fsl-imx51,
maverick, and maverick/ti-omap4; the third for natty and natty/ti-omap3;
and the last for oneiric.  All of these are trivial backports from
the upstream commit differing only in how the errors are reported and
in context.

Proposing for hardy, lucid, lucid/fsl-imx51, maverick, maverick/ti-omap4,
natty, natty/ti-omap3, and oneiric.


More information about the kernel-team mailing list