[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 3/3] lzo: properly check for overruns
On Wed, 2014-07-02 at 15:27 +0100, Jan Beulich wrote: > From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > > The lzo decompressor can, if given some really crazy data, possibly > overrun some variable types. Modify the checking logic to properly > detect overruns before they happen. > > Reported-by: "Don A. Bailey" <donb@xxxxxxxxxxxxxxxxx> > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > > Original Linux commit: 206a81c18401c0cde6e579164f752c4b147324ce. > > This is CVE-2014-4607 (but not a security issue in Xen, since the code > is only used for loading the Dom0 kernel and _inside_ an eventual DomU > for loading its kernel). > > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> I've not reviewed it closely since it already went into Linux, but: Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |