oss-sec mailing list archives
Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 03 Jul 2012 12:58:39 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/03/2012 07:22 AM, Marcus Meissner wrote:
Hi, People (do not know who) reported to the kernel security team and Jan Kara some UDF filesystem crashes. Jan Kara did some fixes in the UDF fs and they were committed to mainline already, both actual bugfixes and some more sanity checking for hardening. Buffer overreads or overwrites would have been possible. I think a single CVE is sufficient.
Were they discovered by the same person or different people?
The two mainline commits: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=1df2ae31c724e57be9d7ac00d78db8a5dabdd050
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=adee11b2085bee90bd8f4f52123ffb07882d6256
commit 1df2ae31c724e57be9d7ac00d78db8a5dabdd050 Author: Jan Kara <jack () suse cz> Date: Wed Jun 27 21:23:07 2012 +0200 udf: Fortify loading of sparing table Add sanity checks when loading sparing table from disk to avoid accessing unallocated memory or writing to it. Signed-off-by: Jan Kara <jack () suse cz> commit adee11b2085bee90bd8f4f52123ffb07882d6256 Author: Jan Kara <jack () suse cz> Date: Wed Jun 27 20:20:22 2012 +0200 udf: Avoid run away loop when partition table length is corrupted Check provided length of partition table so that (possibly maliciously) corrupted partition table cannot cause accessing data beyond current buffer. Signed-off-by: Jan Kara <jack () suse cz> Ciao, Marcus
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP80DfAAoJEBYNRVNeJnmTyl0QAKI/qmZuqI7wuo625eyIYAGD GSgVG5a2VTbD6m4XcRFUkQACSCcyTH1RWEEr8eM8m2htZSiS12wvUGkYntGUmwRh o/Hf+Kyrn2Nmvf9EaDgMTLerOZf/xSh8Bm2jOGRkUzgDOrSAOVHMaLk1uYNfRsVy E6R2SJXLldMtmV4/L2xuqLU9tpdcFrK4EHTSEDDFb4B46eXvi1qhh5xLxmPIdvEC i8/19fWlw96TygoJvZxGaIlIuzj0noN70pJqc5XCmDeM0zCGfPSHBi4ZZOjfWEvs mVd4Xqm56USmovY1aO0EJRRI/EFgUuEA43x5uvR32oC+4qtMpJCeQRAeQyUPTeVv 8VxaORs8SK8433lDzEf6NzIBKbl2Rd4ombGEr7/v9rnzLfWXlO+3CDdXCJ252bLQ Ao09tSoAFaAs08H3cVSvXKieE4osllfk78eJq+GMmhNPO/LNQRIoTpoBVNE9mJqt Sx9TmviPSBrbmMc4y7XmUvS4QWlM9rXzsaYwDSK0C4zi8FmqJq4yWehTKU6qNh2m e3DPm6glJVBlTc9m260xTUz4AZBJKDDc8LUJUPGljRj9kCOYnKIqrnHLD31CkWLB rDRMSy4RlbDKD7YnSe4B7sr+x05FGM7OipF+zU8faCujYAMuToqDZCeDDcDQDm8Y wr6NsvukqZ3nbgfh56mT =1CD+ -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Marcus Meissner (Jul 03)
- Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Kurt Seifried (Jul 03)
- Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Timo Warns (Jul 03)
- Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Kurt Seifried (Jul 04)
- Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Marcus Meissner (Jul 06)
- Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Kurt Seifried (Jul 09)
- Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Timo Warns (Jul 03)
- Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Kurt Seifried (Jul 03)