CVE-2011-4132: Input Validation
First published: Fri Nov 11 2011(Updated: )
A flaw was found in the way Linux kernel's Journaling Block Device (JBD) handled invalid log first block value. An attacker able to mount malicious ext3 or ext4 image could use this flaw to crash the system. Upstream commit: 8762202dd0d6e46854f786bdb6fb3780a1625efe
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux-2.6 | ||
| Linux Linux kernel | =2.6 | |
| SUSE Linux Enterprise Server | =10-sp4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://xorl.wordpress.com/2011/12/08/cve-2011-4132-linux-kernel-jbdjbd2-local-dos/
- http://securitytracker.com/id?1026325
- http://secunia.com/advisories/48898
- http://www.securityfocus.com/bid/50663
- https://bugzilla.redhat.com/show_bug.cgi?id=753341
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
- http://www.openwall.com/lists/oss-security/2011/11/11/6
- http://www.openwall.com/lists/oss-security/2011/11/13/4
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=8762202dd0d6e46854f786bdb6fb3780a1625efe
- https://launchpad.net/bugs/cve/CVE-2011-4132
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=753346
- https://rhn.redhat.com/errata/RHSA-2012-0007.html
- https://rhn.redhat.com/errata/RHSA-2012-0350.html
- https://rhn.redhat.com/errata/RHSA-2012-0010.html
- https://access.redhat.com/support/policy/updates/errata/
- https://rhn.redhat.com/errata/RHSA-2012-0333.html
- https://security-tracker.debian.org/tracker/CVE-2011-4132
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4132
- https://nvd.nist.gov/vuln/detail/CVE-2011-4132
- https://ubuntu.com/security/CVE-2011-4132
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-4132
- agent/author
- agent/softwarecombine
- agent/description
- agent/weakness
- agent/severity
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/references
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-historical
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/usn-cve
- source/Ubuntu
- package-manager/debian
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/2.6
- vendor/suse
- canonical/suse linux enterprise server
- version/suse linux enterprise server/10-sp4