oss-sec mailing list archives
CVE Request -- kernel: incomplete fix for CVE-2011-4131
From: Petr Matousek <pmatouse () redhat com>
Date: Fri, 18 May 2012 13:30:06 +0200
The fix for CVE-2011-4131 was not complete. Malicious NFS server could still crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute request. Upstream fixes: 20e0fa98b751facf9a1101edaefbc19c82616a68 5794d21ef4639f0e33440927bb903f9598c21e92 5a00689930ab975fdd1b37b034475017e460cf2a Reference: https://bugzilla.redhat.com/show_bug.cgi?id=822869 Thanks, -- Petr Matousek / Red Hat Security Response Team
Current thread:
- CVE Request -- kernel: incomplete fix for CVE-2011-4131 Petr Matousek (May 18)
- Re: CVE Request -- kernel: incomplete fix for CVE-2011-4131 Kurt Seifried (May 18)