Red Hat Bugzilla – Bug 476003
CVE-2008-5134 kernel: libertas: fix buffer overrun
Last modified: 2009-01-07 02:18:40 EST
+++ This bug was initially created as a clone of Bug #470761 +++
Description of problem:
From: Johannes Berg <email@example.com>
If somebody sends an invalid beacon/probe response, that can trash the whole BSS descriptor. The descriptor is, luckily, large enough so that it cannot scribble past the end of it; it's well above 400 bytes long.
--- Additional comment from firstname.lastname@example.org on 2008-11-09 22:53:04 EDT ---
--- Additional comment from email@example.com on 2008-11-09 22:53:20 EDT ---
Proposed upstream patch:
--- Additional comment from firstname.lastname@example.org on 2008-12-05 00:32:04 EDT ---
The driver was included in the upstream kernel since 2.6.22. We did not backport it to our RHEL kernels.
--- Additional comment from email@example.com on 2008-12-10 19:03:29 EDT ---
Our official statement can be found at:
The latest F8 kernel is kernel-220.127.116.11-49.fc8 which appears to be affected.
the latest Koji F8 kernel is kernel-18.104.22.168-56.fc8 (as of 10:00 EST 12Nov2008)
and its description http://koji.fedoraproject.org/koji/buildinfo?buildID=69152
does not explicitly mention fixing CVE-2008-5134.
The NVD is wrong: this was fixed in 22.214.171.124.