oss-sec mailing list archives

incomplete fix for CVE-2014-4611: kernel: integer overflow in lz4_uncompress

From: Marcus Meissner <meissner () suse de>
Date: Tue, 19 Aug 2014 15:08:32 +0200

Hi,

Jan Beulich writes in our bug for CVE-2014-4611:

https://bugzilla.novell.com/show_bug.cgi?id=883949#c12

Jan Beulich <jbeulich () suse com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jbeulich () suse com

--- Comment #12 from Jan Beulich <jbeulich () suse com> 2014-08-15 21:42:33 UTC ---
Except that it has been determined quite some time ago that all three fixes
having gone in upstream so far don't really fix anything. I posted a patch that
I think actually addresses the issue (https://lkml.org/lkml/2014/7/4/288), but
till now no-one cared to comment on it, apply it, or point out what's still
wrong, despite the ping 3 weeks later (https://lkml.org/lkml/2014/7/25/23). It
was - instead of the insufficient Linux ones - in fact meanwhile applied to the
Xen clone of that code.


Perhaps the kernel folks want to look at it again if they missed it so far.

Ciao, Marcus

Current thread:

incomplete fix for CVE-2014-4611: kernel: integer overflow in lz4_uncompress Marcus Meissner (Aug 19)
- Re: incomplete fix for CVE-2014-4611: kernel: integer overflow in lz4_uncompress P J P (Aug 21)