FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 07-26-2011, 08:30 PM
Tim Gardner
 
Default APPLIED: bridge: netfilter: fix information leak

On 07/26/2011 12:51 PM, Andy Whitcroft wrote:

CVE-2011-1080
Struct tmp is copied from userspace. It is not checked whether
the "name" field is NULL terminated. This may lead to buffer
overflow and passing contents of kernel stack as a module name
to try_then_request_module() and, consequently, to modprobe
commandline. It would be seen by all userspace processes.

The fix for this CVE has hit lucid and later via mainline and stable.
Following this email are two patches one for hardy and lucid/fsl-imx51,
and one for maverick/ti-omap4. The former is a minor backport due to a
large change in line numbers, the latter a simple cherrypick.

Proposing for hardy, lucid/fsl-imx51, and maverick/ti-omap4.

-apw




--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 10:19 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org