All of lore.kernel.org
 help / color / mirror / Atom feed
* Request for stable 3.{4,10,14} inclusion: Fix for CVE-2015-4167
@ 2015-08-17 10:04 Thomas D.
  2015-09-29 13:37 ` Greg KH
  0 siblings, 1 reply; 2+ messages in thread
From: Thomas D. @ 2015-08-17 10:04 UTC (permalink / raw)
  To: stable

Hi,

seems like the following stable kernels are still missing the following
fix for CVE-2015-4167:

 - 3.14
 - 3.10
 - 3.4

> Commit: 23b133bdc452aa441fcb9b82cbf6dd05cfd342d0
> From: Jan Kara
> Date: Wed, 7 Jan 2015 13:49:08 +0100
> Subject: udf: Check length of extended attributes and allocation
>  descriptors
> 
> Check length of extended attributes and allocation descriptors when
> loading inodes from disk. Otherwise corrupted filesystems could confuse
> the code and make the kernel oops.


-Thomas

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: Request for stable 3.{4,10,14} inclusion: Fix for CVE-2015-4167
  2015-08-17 10:04 Request for stable 3.{4,10,14} inclusion: Fix for CVE-2015-4167 Thomas D.
@ 2015-09-29 13:37 ` Greg KH
  0 siblings, 0 replies; 2+ messages in thread
From: Greg KH @ 2015-09-29 13:37 UTC (permalink / raw)
  To: Thomas D.; +Cc: stable

On Mon, Aug 17, 2015 at 12:04:10PM +0200, Thomas D. wrote:
> Hi,
> 
> seems like the following stable kernels are still missing the following
> fix for CVE-2015-4167:
> 
>  - 3.14
>  - 3.10
>  - 3.4
> 
> > Commit: 23b133bdc452aa441fcb9b82cbf6dd05cfd342d0
> > From: Jan Kara
> > Date: Wed, 7 Jan 2015 13:49:08 +0100
> > Subject: udf: Check length of extended attributes and allocation
> >  descriptors
> > 
> > Check length of extended attributes and allocation descriptors when
> > loading inodes from disk. Otherwise corrupted filesystems could confuse
> > the code and make the kernel oops.

It doesn't apply to the 3.14 or 3.10-stable kernels, care to provide a
tested backport?

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-09-29 13:41 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-08-17 10:04 Request for stable 3.{4,10,14} inclusion: Fix for CVE-2015-4167 Thomas D.
2015-09-29 13:37 ` Greg KH

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.