oss-sec mailing list archives
Re: CVE Request -- kernel: incomplete fix for CVE-2011-4131
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 18 May 2012 11:41:48 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/18/2012 05:30 AM, Petr Matousek wrote:
The fix for CVE-2011-4131 was not complete. Malicious NFS server could still crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute request. Upstream fixes: 20e0fa98b751facf9a1101edaefbc19c82616a68 5794d21ef4639f0e33440927bb903f9598c21e92 5a00689930ab975fdd1b37b034475017e460cf2a Reference: https://bugzilla.redhat.com/show_bug.cgi?id=822869 Thanks,
Please use CVE-2012-2375 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPtoncAAoJEBYNRVNeJnmTEn4P/ivawBkc6pRsnsqOot1eIm0h J4CP3vC5yEu4qUZloUt/hOqw6XUiKOsfbEozClJ4txn8YJc62Wl6xee9BjQl+dOB BIAKfkhEns3MIgoc+L4ODE76Vyamn1jtABX6DhLShREEY2HCXArO1IHMhfW8u9FQ AFowP05JPBasVb4w6Xzb+MMvbREgyO40q0Zs10Uk5IxHbeDX0jqqRJsgXOmIk6KZ UIZN4s9e2dGWQ0N1j/l8WQa+08Cg6DEaHIj8zybU86b2mzblPRx3Jh98YNruam0f JFgU9/dIBWMrZXg1iX1xMzLGkY3p4fW+k33RR6dzuL0gu7QvP0yj3MGFr2CFmvHI r+yz8bVXMpWd5Evn2B8SCgc7SqpfwK1GHbGqg5k6v0SZbxIlaut8znEFoqpCEkAj My/4S2AfDNRcSbzlRjyvNQroyBXt51P4lCsRZ86OYgEmB+FsCTJzj/F2U3cnIz41 KP2nA4+tJZOoUKjLanwrBxLlCgZGX5TEl1Rj/1PO2tWNqiLXQjO1Owa9wsfLAFwJ b3MSjcaDJQmeXp2Ya6l18Zsh21pmsDrPQavR98YrsO4BOhajsno2Bj8mdytjCmZd MShMw2ItAbF004DF+xnmc+e+PZuc2iqTy+X7VZNWaj3hIncCGMWiF/L/F6UghtTS H0LIgJP8nwsp/4cmYHsZ =wG27 -----END PGP SIGNATURE-----
Current thread:
- CVE Request -- kernel: incomplete fix for CVE-2011-4131 Petr Matousek (May 18)
- Re: CVE Request -- kernel: incomplete fix for CVE-2011-4131 Kurt Seifried (May 18)