First published: Wed Jul 21 2010(Updated: )
Description of problem: 1. <a href="https://access.redhat.com/security/cve/CVE-2010-2537">CVE-2010-2537</a> - The BTRFS_IOC_CLONE and BTRFS_IOC_CLONE_RANGE ioctls should check whether the donor file is append-only before writing to it. 2. <a href="https://access.redhat.com/security/cve/CVE-2010-2538">CVE-2010-2538</a> - The BTRFS_IOC_CLONE_RANGE ioctl appears to have an integer overflow that allows a user to specify an out-of-bounds range to copy from the source file (if off + len wraps around). Upstream commit: <a href="http://git.kernel.org/linus/2ebc3464781ad24474abcbd2274e6254689853b5">http://git.kernel.org/linus/2ebc3464781ad24474abcbd2274e6254689853b5</a> Reference: <a href="https://btrfs.wiki.kernel.org/index.php/Main_Page">https://btrfs.wiki.kernel.org/index.php/Main_Page</a> The kernel in Red Hat Enterprise Linux 6 has support for Btrfs by default.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/linux-2.6 | ||
Linux Linux kernel | <2.6.35 | |
Canonical Ubuntu Linux | =10.10 | |
Canonical Ubuntu Linux | =9.10 | |
Canonical Ubuntu Linux | =10.04 | |
SUSE SUSE Linux Enterprise Server | =11-sp1 | |
SUSE SUSE Linux Enterprise Desktop | =11-sp1 | |
Suse Linux Enterprise High Availability Extension | =11-sp1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.