** Description changed: - A UDF filesystem image with malicious lengths specified in multiple - datastructures could cause crashes or other undesired behaviours. + The UDF filesystem implementation in the Linux kernel before 3.18.2 does + not validate certain lengths, which allows local users to cause a denial + of service (buffer over-read and system crash) via a crafted filesystem + image, related to fs/udf/inode.c and fs/udf/symlink.c. Break-Fix: - e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 Break-Fix: - e237ec37ec154564f8690c5bd1795339955eeef9 Break-Fix: - a1d47b262952a45aae62bd49cfaf33dd76c11a2c
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1462164 Title: CVE-2014-9728 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1462164/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
