[Precise][P/lts-backport-quantal][P/lts-backport-raring][CVE-2014-4608][PATCH 0/3] lzo: properly check for overruns
Luis Henriques
luis.henriques at canonical.com
Fri Jun 27 16:39:53 UTC 2014
WARNING:
The buglink is missing in these patches! Whoever is applying
the patches, please wait for the buglink to be provided!
Following this email I'm sending 3 patches that include the Precise,
lts-backport-quantal and lts-backport-raring fix for this CVE. I've
used the same approach used by GregKH for the 3.4 stable kernel
backport, i.e., picked the following 3 commits:
b6bec26cea94 "lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c"
8b975bd3f908 "lib/lzo: Update LZO compression to current upstream version"
206a81c18401 "lzo: properly check for overruns"
These are all clean cherry-picks for these 3 kernels.
Greg Kroah-Hartman (1):
lzo: properly check for overruns
Markus F.X.J. Oberhumer (2):
lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c
lib/lzo: Update LZO compression to current upstream version
include/linux/lzo.h | 15 +-
lib/decompress_unlzo.c | 2 +-
lib/lzo/Makefile | 2 +-
lib/lzo/lzo1x_compress.c | 335 +++++++++++++++++++++++-----------------
lib/lzo/lzo1x_decompress.c | 255 ------------------------------
lib/lzo/lzo1x_decompress_safe.c | 257 ++++++++++++++++++++++++++++++
lib/lzo/lzodefs.h | 38 +++--
7 files changed, 488 insertions(+), 416 deletions(-)
delete mode 100644 lib/lzo/lzo1x_decompress.c
create mode 100644 lib/lzo/lzo1x_decompress_safe.c
--
1.9.1
More information about the kernel-team
mailing list