From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail.linuxfoundation.org ([140.211.169.12]:37015 "EHLO
	mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S964989AbbI2NlS (ORCPT
	<rfc822;stable@vger.kernel.org>); Tue, 29 Sep 2015 09:41:18 -0400
Date: Tue, 29 Sep 2015 15:37:23 +0200
From: Greg KH <gregkh@linuxfoundation.org>
To: "Thomas D." <whissi@whissi.de>
Cc: stable@vger.kernel.org
Subject: Re: Request for stable 3.{4,10,14} inclusion: Fix for CVE-2015-4167
Message-ID: <20150929133723.GA24418@kroah.com>
References: <55D1B19A.4060100@whissi.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <55D1B19A.4060100@whissi.de>
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On Mon, Aug 17, 2015 at 12:04:10PM +0200, Thomas D. wrote:
> Hi,
> 
> seems like the following stable kernels are still missing the following
> fix for CVE-2015-4167:
> 
>  - 3.14
>  - 3.10
>  - 3.4
> 
> > Commit: 23b133bdc452aa441fcb9b82cbf6dd05cfd342d0
> > From: Jan Kara
> > Date: Wed, 7 Jan 2015 13:49:08 +0100
> > Subject: udf: Check length of extended attributes and allocation
> >  descriptors
> > 
> > Check length of extended attributes and allocation descriptors when
> > loading inodes from disk. Otherwise corrupted filesystems could confuse
> > the code and make the kernel oops.

It doesn't apply to the 3.14 or 3.10-stable kernels, care to provide a
tested backport?

thanks,

greg k-h