[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 11 Nov 2008 13:32:29 -0800
From: Greg KH <greg@...ah.com>
To: Eugene Teo <eteo@...hat.com>
Cc: oss-security@...ts.openwall.com,
"Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE requests: kernel: hfsplus-related bugs
On Mon, Nov 10, 2008 at 01:27:42PM +0800, Eugene Teo wrote:
> Eugene Teo wrote:
> > These were committed in upstream kernel. Reported by Eric Sesterhenn.
> >
> > 1) hfsplus: fix Buffer overflow with a corrupted image
> > Upstream commit: efc7ffcb4237f8cb9938909041c4ed38f6e1bf40
> >
> > When an hfsplus image gets corrupted it might happen that the catalog
> > namelength field gets b0rked. If we mount such an image the memcpy() in
> > hfsplus_cat_build_key_uni() writes more than the 255 that fit in the
> > name field. Depending on the size of the overwritten data, we either
> > only get memory corruption or also trigger an oops.
>
> There's an equivalent bug for hfs. The upstream commit is d38b7aa. We
> will need a CVE name for this too.
>
> Greg, I don't recall seeing this in -stable kernel. FYI.
Thanks, I've now added it.
greg k-h
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
