From: Hanjun Guo <guohanjun@huawei.com>
To: 刘长鸣 <charley.ashbringer@gmail.com>, 506012274@qq.com
Cc: <stable@vger.kernel.org>
Subject: Re: Vulnerability [CVE-2014-4608] recurs in Linux 3.17.2-4.5
Date: Tue, 31 May 2016 15:44:54 +0800 [thread overview]
Message-ID: <574D40F6.3080609@huawei.com> (raw)
In-Reply-To: <CA+gjpd2_dJqeTPEJb0PT9qpuuwAvFd-wKyW32Z_wo0xtOPOaKA@mail.gmail.com>
Hi Zhijun,
On 2016/5/31 14:45, 刘长鸣 wrote:
> Dear Sir/Madam:
> I'm a postgraduate student majoring in information security and
> I'm very interested in software vulnerabilities, I think it's really
> fascinating and I'm doing some research about how to find
> vulnerabilities automatically. I have done some tests with Linux bug
> commits. And I found that the patch codes ( fixing CVE-2014-4608 )
> didn't appear in the version 3.17.2 to 4.5. I'm just wondering if this
Yes, it should not in those stable versions, as the commit 206a81c
(lzo: properly check for overruns) is not the right fix, it was reverted
in commit af958a38a:
commit af958a38a60c7ca3d8a39c918c1baa2ff7b6b233
Author: Willy Tarreau <w@1wt.eu>
Date: Sat Sep 27 12:31:36 2014 +0200
Revert "lzo: properly check for overruns"
This reverts commit 206a81c ("lzo: properly check for overruns").
As analysed by Willem Pinckaers, this fix is still incomplete on
certain rare corner cases, and it is easier to restart from the
original code.
Reported-by: Willem Pinckaers <willem@lekkertech.net>
Cc: "Don A. Bailey" <donb@securitymouse.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This revert is merged in v3.18-rc1, and I think there is a updated fix for this bug:
72cf901 lzo: check for length overrun in variable length encoding.
> means the vulnerability ( CVE-2014-4608 ) recurs in Linux 3.17.2-4.5.
> If not, is it fixed in another way?
> Thanks for your time, I'll appreciate it very much if you can give
> an answer.
Just as I mentioned above, commit 72cf901 should be the right fix.
Thanks
Hanjun
next prev parent reply other threads:[~2016-05-31 7:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-31 6:45 Vulnerability [CVE-2014-4608] recurs in Linux 3.17.2-4.5 刘长鸣
2016-05-31 7:44 ` Hanjun Guo [this message]
-- strict thread matches above, loose matches on Subject: below --
2016-05-31 6:48 刘长鸣
[not found] <005101d1bb12$a184dea0$e48e9be0$@alibaba-inc.com>
2016-05-31 8:16 ` Hillf Danton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=574D40F6.3080609@huawei.com \
--to=guohanjun@huawei.com \
--cc=506012274@qq.com \
--cc=charley.ashbringer@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.