* Request for stable 3.{4,10,14} inclusion: Fix for CVE-2015-4167
@ 2015-08-17 10:04 Thomas D.
2015-09-29 13:37 ` Greg KH
0 siblings, 1 reply; 2+ messages in thread
From: Thomas D. @ 2015-08-17 10:04 UTC (permalink / raw)
To: stable
Hi,
seems like the following stable kernels are still missing the following
fix for CVE-2015-4167:
- 3.14
- 3.10
- 3.4
> Commit: 23b133bdc452aa441fcb9b82cbf6dd05cfd342d0
> From: Jan Kara
> Date: Wed, 7 Jan 2015 13:49:08 +0100
> Subject: udf: Check length of extended attributes and allocation
> descriptors
>
> Check length of extended attributes and allocation descriptors when
> loading inodes from disk. Otherwise corrupted filesystems could confuse
> the code and make the kernel oops.
-Thomas
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Request for stable 3.{4,10,14} inclusion: Fix for CVE-2015-4167
2015-08-17 10:04 Request for stable 3.{4,10,14} inclusion: Fix for CVE-2015-4167 Thomas D.
@ 2015-09-29 13:37 ` Greg KH
0 siblings, 0 replies; 2+ messages in thread
From: Greg KH @ 2015-09-29 13:37 UTC (permalink / raw)
To: Thomas D.; +Cc: stable
On Mon, Aug 17, 2015 at 12:04:10PM +0200, Thomas D. wrote:
> Hi,
>
> seems like the following stable kernels are still missing the following
> fix for CVE-2015-4167:
>
> - 3.14
> - 3.10
> - 3.4
>
> > Commit: 23b133bdc452aa441fcb9b82cbf6dd05cfd342d0
> > From: Jan Kara
> > Date: Wed, 7 Jan 2015 13:49:08 +0100
> > Subject: udf: Check length of extended attributes and allocation
> > descriptors
> >
> > Check length of extended attributes and allocation descriptors when
> > loading inodes from disk. Otherwise corrupted filesystems could confuse
> > the code and make the kernel oops.
It doesn't apply to the 3.14 or 3.10-stable kernels, care to provide a
tested backport?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-09-29 13:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-08-17 10:04 Request for stable 3.{4,10,14} inclusion: Fix for CVE-2015-4167 Thomas D.
2015-09-29 13:37 ` Greg KH
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.