Bug 586006 (CVE-2010-1436)
Summary: | CVE-2010-1436 kernel: gfs2 buffer overflow | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Eugene Teo (Security Response) <eteo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | adas, antillon.maurizio, arozansk, bhu, davej, dhoward, jpirko, kmcmartin, lgoncalv, lwang, mario.mikocevic, michael.s.gilbert, pmatouse, rcvalle, rpeterso, sbradley, sebastian.pena, swhiteho, tcallawa, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-03-28 08:57:50 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 555754, 586007, 586008, 586009 | ||
Bug Blocks: |
Description
Eugene Teo (Security Response)
2010-04-26 16:03:46 UTC
Statement: This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include support for the GFS2 file system. A future kernel update in Red Hat Enterprise Linux 5 will address this issue. is there any actionable info on this issue yet? (In reply to comment #5) > is there any actionable info on this issue yet? This issue will be addressed in Red Hat Enterprise Linux 5 soon. If you are unable to wait for an update to be released, please contact Red Hat Support and request for a hotfix. Thanks. i'm not really concerned about where this issue stands with respect to rhel. i'm looking for patches that we can apply to the debian kernels. thanks. The upstream patch is here: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7e619bc3e6252dc746f64ac3b486e784822e9533 Acknowledgements: Red Hat would like to thank Mario Mikocevic for responsibly reporting this issue. Deleted Technical Notes Contents. Old Contents: A buffer overflow flaw was found in the Global File System 2 (GFS2) implementation in the Linux kernel. A quota could be written past the end of a memory page, causing memory corruption and leaving the quota stored on disk in an invalid state. A user with write access to a GFS2 filesystem could trigger this flaw to cause a kernel crash (denial of service). Whether or not this occurs depends on the uid/gid of the quota being written and only when quotas are set to on or account. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0504 https://rhn.redhat.com/errata/RHSA-2010-0504.html |