LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2011-4131 CVE-2011-4132
Created:November 21, 2011 Updated:July 10, 2012
Description: From the Red Hat bugzilla:

nfs4_getfacl decoding causes a kernel Oops when a server returns more than 2 GETATTR bitmap words in response to the FATTR4_ACL attribute request.

While the NFS client only asks for one attribute (FATTR4_ACL) in the first bitmap word, the NFSv4 protocol allows for the server to return unbounded bitmaps.

From the Red Hat bugzilla:

A flaw was found in the way Linux kernel's Journaling Block Device (JBD) handled invalid log first block value. An attacker able to mount malicious ext3 or ext4 image could use this flaw to crash the system.

Alerts:
Ubuntu USN-1312-1 2011-12-19
Ubuntu USN-1311-1 2011-12-19
Ubuntu USN-1304-1 2011-12-13
Ubuntu USN-1303-1 2011-12-13
Ubuntu USN-1302-1 2011-12-13
Ubuntu USN-1301-1 2011-12-13
Ubuntu USN-1300-1 2011-12-13
Ubuntu USN-1299-1 2011-12-13
Fedora FEDORA-2011-16621 2011-11-30
Ubuntu USN-1293-1 2011-12-08
Ubuntu USN-1292-1 2011-12-08
Ubuntu USN-1291-1 2011-12-08
Ubuntu USN-1286-1 2011-12-03
Fedora FEDORA-2011-16346 2011-11-23
Fedora FEDORA-2011-15959 2011-11-15
Ubuntu USN-1322-1 2012-01-09
Red Hat RHSA-2012:0007-01 2012-01-10
Red Hat RHSA-2012:0010-01 2012-01-10
CentOS CESA-2012:0007 2012-01-11
Scientific Linux SL-kern-20120112 2012-01-12
Oracle ELSA-2012-0007 2012-01-12
Ubuntu USN-1330-1 2012-01-13
Ubuntu USN-1340-1 2012-01-23
SUSE SUSE-SU-2012:0153-1 2012-02-06
SUSE SUSE-SU-2012:0153-2 2012-02-06
Red Hat RHSA-2012:0333-01 2012-02-23
Red Hat RHSA-2012:0350-01 2012-03-06
CentOS CESA-2012:0350 2012-03-07
Scientific Linux SL-kern-20120308 2012-03-08
Oracle ELSA-2012-2003 2012-03-12
Oracle ELSA-2012-2003 2012-03-12
Oracle ELSA-2012-0350 2012-03-12
SUSE SUSE-SU-2012:0554-1 2012-04-23
Oracle ELSA-2012-0481 2012-04-23
SUSE SUSE-SU-2012:0554-2 2012-04-26
Ubuntu USN-1457-1 2012-05-31
Fedora FEDORA-2012-8824 2012-06-07
Ubuntu USN-1470-1 2012-06-12
Ubuntu USN-1471-1 2012-06-12
Ubuntu USN-1472-1 2012-06-12
Ubuntu USN-1476-1 2012-06-15
Red Hat RHSA-2012:0862-04 2012-06-20
SUSE SUSE-SU-2012:0789-1 2012-06-26
Oracle ELSA-2012-2022 2012-07-02
Oracle ELSA-2012-2022 2012-07-02
Oracle ELSA-2012-0862 2012-07-02
CentOS CESA-2012:0862 2012-07-10
Ubuntu USN-1530-1 2012-08-10
Red Hat RHSA-2012:1541-01 2012-12-04
Red Hat RHSA-2013:0566-01 2013-03-06
SUSE SUSE-SU-2013:0786-1 2013-05-14
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds