On Mon, Aug 17, 2015 at 12:04:10PM +0200, Thomas D. wrote: > Hi, > > seems like the following stable kernels are still missing the following > fix for CVE-2015-4167: > > - 3.14 > - 3.10 > - 3.4 > > > Commit: 23b133bdc452aa441fcb9b82cbf6dd05cfd342d0 > > From: Jan Kara > > Date: Wed, 7 Jan 2015 13:49:08 +0100 > > Subject: udf: Check length of extended attributes and allocation > > descriptors > > > > Check length of extended attributes and allocation descriptors when > > loading inodes from disk. Otherwise corrupted filesystems could confuse > > the code and make the kernel oops. It doesn't apply to the 3.14 or 3.10-stable kernels, care to provide a tested backport? thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html