blob: 590fc656ba100d6a3d11400acbb60d7c01c807aa (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
Description: ext4: crafted image causes heap OOB write in ext4_xattr_set_entry
References:
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19319
Notes:
carnil> Introduced in dec214d00e0d ("ext4: xattr inode deduplication")
carnil> in 4.13-rc1? Cf.
carnil> https://bugzilla.suse.com/show_bug.cgi?id=1158021#c2
bwh> SUSE has backported the fix as far as 3.12. It turns out that
bwh> they backported *part* of commit dec214d00e0d to fix CVE-2018-1094
bwh> which I thought didn't affect older branches. See
bwh> <https://github.com/openSUSE/kernel-source/blob/SLE12-SP4/patches.suse/ext4-make-metadata-csum-checks-safer.patch>
bwh> and
bwh> <https://github.com/openSUSE/kernel-source/blob/SLE12-SP4/patches.suse/ext4-protect-journal-inode-s-blocks-using-block_vali.patch>.
bwh> So we should probably apply both of these to 3.16 and 4.9.
bwh> Note the follow-up fixes: commits fbbbbd2f28aec, 170417c8c7bb,
bwh> 0a944e8a6c66, af133ade9a40.
Bugs:
upstream: released (5.2-rc1) [345c0dbf3a30872d9b204db96b5857cd00808cae]
4.19-upstream-stable: released (4.19.73) [2fd4629de51974002f4e9cf1a35a1926dd6c9d99]
4.9-upstream-stable: released (4.9.221) [a9855260fe8d8680bf8c4f0d8303b696c861e99b]
3.16-upstream-stable: pending (3.16.85) [ext4-protect-journal-inode-s-blocks-using-block_validity.patch]
sid: released (5.2.6-1)
4.19-buster-security: released (4.19.87-1)
4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/ext4-protect-journal-inode-s-blocks-using-block_vali.patch]
3.16-jessie-security: released (3.16.84-1) [bugfix/all/ext4-protect-journal-inode-s-blocks-using-block_vali.patch]
|
