Ack: Re: [CVE-2011-4077] xfs_readlink memory corruption
Herton Ronaldo Krzesinski
herton.krzesinski at canonical.com
Mon Nov 21 19:05:30 UTC 2011
On Mon, Nov 21, 2011 at 04:50:52PM +0000, Andy Whitcroft wrote:
> A flaw was found in the way Linux kernel's XFS filesystem
> implementation handled links with pathname larger than
> MAXPATHLEN. When CONFIG_XFS_DEBUG configuration option was not
> enabled when compiling Linux kernel, an attacker able to mount
> malicious XFS image could use this flaw to crash the system,
> or potentially, elevate his privileges on that system.
> The fix for this issue has hit precise via upstream. Following this email
> are 4 patches. The first for hardy; the second for lucid, lucid/fsl-imx51,
> maverick, and maverick/ti-omap4; the third for natty and natty/ti-omap3;
> and the last for oneiric. All of these are trivial backports from
> the upstream commit differing only in how the errors are reported and
> in context.
> Proposing for hardy, lucid, lucid/fsl-imx51, maverick, maverick/ti-omap4,
> natty, natty/ti-omap3, and oneiric.
Acked-by: Herton Ronaldo Krzesinski <herton.krzesinski at canonical.com>
More information about the kernel-team