[Linux-cluster] gfs2 security issue
Steven Whitehouse
swhiteho at redhat.com
Fri Apr 30 16:17:26 UTC 2010
Hi,
Yes, we know and the fix is pretty much ready to go. It isn't a priv
escalation anyway, its memory corruption most likely leading to an oops.
Steve.
On Fri, 2010-04-30 at 15:59 +0000, yvette hirth wrote:
> i just saw this on a SANS security vulnerability alert. is everyone
> aware of this?
>
> 10.18.18 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel "gfs2_quota" Structure Write Local Privilege
> Escalation
> Description: The Linux kernel is exposed to a local
> privilege escalation issue affecting the "gfs2" file system.
> Specifically, when a "gfs2_quota" structure straddles a page boundary,
> updates to the structure are not correctly written to disk. This can
> result in a buffer overflow condition which may lead to memory
> corruption.
> Ref: http://www.securityfocus.com/bid/39715
>
> fyi
> yvette hirth
>
> --
> Linux-cluster mailing list
> Linux-cluster at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-cluster
More information about the Linux-cluster
mailing list