Re: Vulnerability [CVE-2014-4608] recurs in Linux 3.17.2-4.5
From: Hanjun Guo <guohanjun@huawei.com>
Date: 2016-05-31 07:45:27
Hi Zhijun, On 2016/5/31 14:45, 刘长鸣 wrote:
Dear Sir/Madam:
I'm a postgraduate student majoring in information security and
I'm very interested in software vulnerabilities, I think it's really
fascinating and I'm doing some research about how to find
vulnerabilities automatically. I have done some tests with Linux bug
commits. And I found that the patch codes ( fixing CVE-2014-4608 )
didn't appear in the version 3.17.2 to 4.5. I'm just wondering if this
Yes, it should not in those stable versions, as the commit 206a81c
(lzo: properly check for overruns) is not the right fix, it was reverted
in commit af958a38a:
commit af958a38a60c7ca3d8a39c918c1baa2ff7b6b233
Author: Willy Tarreau [off-list ref]
Date: Sat Sep 27 12:31:36 2014 +0200
Revert "lzo: properly check for overruns"
This reverts commit 206a81c ("lzo: properly check for overruns").
As analysed by Willem Pinckaers, this fix is still incomplete on
certain rare corner cases, and it is easier to restart from the
original code.
Reported-by: Willem Pinckaers [off-list ref]
Cc: "Don A. Bailey" [off-list ref]
Cc: stable [off-list ref]
Signed-off-by: Willy Tarreau [off-list ref]
Signed-off-by: Greg Kroah-Hartman [off-list ref]
This revert is merged in v3.18-rc1, and I think there is a updated fix for this bug:
72cf901 lzo: check for length overrun in variable length encoding.
means the vulnerability ( CVE-2014-4608 ) recurs in Linux 3.17.2-4.5.
If not, is it fixed in another way?
Thanks for your time, I'll appreciate it very much if you can give
an answer.Just as I mentioned above, commit 72cf901 should be the right fix. Thanks Hanjun