|
Message-ID: <4FF340DF.5050807@redhat.com> Date: Tue, 03 Jul 2012 12:58:39 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Marcus Meissner <meissner@...e.de>, jack@...e.cz Subject: Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/03/2012 07:22 AM, Marcus Meissner wrote: > Hi, > > People (do not know who) reported to the kernel security team and > Jan Kara some UDF filesystem crashes. > > Jan Kara did some fixes in the UDF fs and they were committed to > mainline already, both actual bugfixes and some more sanity > checking for hardening. > > Buffer overreads or overwrites would have been possible. > > > I think a single CVE is sufficient. Were they discovered by the same person or different people? > > > The two mainline commits: > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=1df2ae31c724e57be9d7ac00d78db8a5dabdd050 > > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=adee11b2085bee90bd8f4f52123ffb07882d6256 > > > commit 1df2ae31c724e57be9d7ac00d78db8a5dabdd050 Author: Jan Kara > <jack@...e.cz> Date: Wed Jun 27 21:23:07 2012 +0200 > > udf: Fortify loading of sparing table > > Add sanity checks when loading sparing table from disk to avoid > accessing unallocated memory or writing to it. > > Signed-off-by: Jan Kara <jack@...e.cz> > > commit adee11b2085bee90bd8f4f52123ffb07882d6256 Author: Jan Kara > <jack@...e.cz> Date: Wed Jun 27 20:20:22 2012 +0200 > > udf: Avoid run away loop when partition table length is corrupted > > Check provided length of partition table so that (possibly > maliciously) corrupted partition table cannot cause accessing data > beyond current buffer. > > Signed-off-by: Jan Kara <jack@...e.cz> > > Ciao, Marcus > - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP80DfAAoJEBYNRVNeJnmTyl0QAKI/qmZuqI7wuo625eyIYAGD GSgVG5a2VTbD6m4XcRFUkQACSCcyTH1RWEEr8eM8m2htZSiS12wvUGkYntGUmwRh o/Hf+Kyrn2Nmvf9EaDgMTLerOZf/xSh8Bm2jOGRkUzgDOrSAOVHMaLk1uYNfRsVy E6R2SJXLldMtmV4/L2xuqLU9tpdcFrK4EHTSEDDFb4B46eXvi1qhh5xLxmPIdvEC i8/19fWlw96TygoJvZxGaIlIuzj0noN70pJqc5XCmDeM0zCGfPSHBi4ZZOjfWEvs mVd4Xqm56USmovY1aO0EJRRI/EFgUuEA43x5uvR32oC+4qtMpJCeQRAeQyUPTeVv 8VxaORs8SK8433lDzEf6NzIBKbl2Rd4ombGEr7/v9rnzLfWXlO+3CDdXCJ252bLQ Ao09tSoAFaAs08H3cVSvXKieE4osllfk78eJq+GMmhNPO/LNQRIoTpoBVNE9mJqt Sx9TmviPSBrbmMc4y7XmUvS4QWlM9rXzsaYwDSK0C4zi8FmqJq4yWehTKU6qNh2m e3DPm6glJVBlTc9m260xTUz4AZBJKDDc8LUJUPGljRj9kCOYnKIqrnHLD31CkWLB rDRMSy4RlbDKD7YnSe4B7sr+x05FGM7OipF+zU8faCujYAMuToqDZCeDDcDQDm8Y wr6NsvukqZ3nbgfh56mT =1CD+ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.