** Description changed: - A flaw was found in the way Linux kernel's XFS filesystem implementation - handled links with pathname larger than MAXPATHLEN. When - CONFIG_XFS_DEBUG configuration option was not enabled when compiling - Linux kernel, an attacker able to mount malicious XFS image could use - this flaw to crash the system, or potentially, elevate his privileges on - that system. + Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in + XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows + local users to cause a denial of service (memory corruption and crash) + and possibly execute arbitrary code via an XFS image containing a + symbolic link with a long pathname. Break-Fix: - b52a360b2aa1c59ba9970fb0f52bbb093fcc7a24
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/887298 Title: CVE-2011-4077 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/887298/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
