Ack: Re: [CVE-2011-4077] xfs_readlink memory corruption

Herton Ronaldo Krzesinski herton.krzesinski at canonical.com
Mon Nov 21 19:05:30 UTC 2011


On Mon, Nov 21, 2011 at 04:50:52PM +0000, Andy Whitcroft wrote:
> CVE-2011-4077
> 	A flaw was found in the way Linux kernel's XFS filesystem
> 	implementation handled links with pathname larger than
> 	MAXPATHLEN. When CONFIG_XFS_DEBUG configuration option was not
> 	enabled when compiling Linux kernel, an attacker able to mount
> 	malicious XFS image could use this flaw to crash the system,
> 	or potentially, elevate his privileges on that system.
> 
> The fix for this issue has hit precise via upstream.  Following this email
> are 4 patches.  The first for hardy; the second for lucid, lucid/fsl-imx51,
> maverick, and maverick/ti-omap4; the third for natty and natty/ti-omap3;
> and the last for oneiric.  All of these are trivial backports from
> the upstream commit differing only in how the errors are reported and
> in context.
> 
> Proposing for hardy, lucid, lucid/fsl-imx51, maverick, maverick/ti-omap4,
> natty, natty/ti-omap3, and oneiric.
> 
> -apw
> 

Acked-by: Herton Ronaldo Krzesinski <herton.krzesinski at canonical.com>



More information about the kernel-team mailing list