oss-sec mailing list archives
Re: CVE requests: kernel: hfsplus-related bugs
From: Greg KH <greg () kroah com>
Date: Tue, 11 Nov 2008 13:32:29 -0800
On Mon, Nov 10, 2008 at 01:27:42PM +0800, Eugene Teo wrote:
Eugene Teo wrote:These were committed in upstream kernel. Reported by Eric Sesterhenn. 1) hfsplus: fix Buffer overflow with a corrupted image Upstream commit: efc7ffcb4237f8cb9938909041c4ed38f6e1bf40 When an hfsplus image gets corrupted it might happen that the catalog namelength field gets b0rked. If we mount such an image the memcpy() in hfsplus_cat_build_key_uni() writes more than the 255 that fit in the name field. Depending on the size of the overwritten data, we either only get memory corruption or also trigger an oops.There's an equivalent bug for hfs. The upstream commit is d38b7aa. We will need a CVE name for this too. Greg, I don't recall seeing this in -stable kernel. FYI.
Thanks, I've now added it. greg k-h
Current thread:
- CVE requests: kernel: hfsplus-related bugs Eugene Teo (Nov 03)
- Re: CVE requests: kernel: hfsplus-related bugs Eugene Teo (Nov 09)
- Re: CVE requests: kernel: hfsplus-related bugs Steven M. Christey (Nov 10)
- Re: CVE requests: kernel: hfsplus-related bugs Eugene Teo (Nov 10)
- Re: CVE requests: kernel: hfsplus-related bugs Steven M. Christey (Nov 10)
- Re: CVE requests: kernel: hfsplus-related bugs Eugene Teo (Nov 10)
- Re: CVE requests: kernel: hfsplus-related bugs Steven M. Christey (Nov 10)
- Re: CVE requests: kernel: hfsplus-related bugs Eugene Teo (Nov 09)
- Re: CVE requests: kernel: hfsplus-related bugs Greg KH (Nov 11)
- Re: CVE requests: kernel: hfsplus-related bugs Greg KH (Nov 11)