Ref: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.6 Ref: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5025 (under review) This is apparently a different issue than bug 245650 (CVE-2008-4933). Description: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error in the "hfs_cat_find_brec()" function and can be exploited to cause a buffer overflow via an overly large catalog name length. Successful exploitation requires that a user is tricked into mounting a specially crafted hfs image. The vulnerability is reported in versions prior to 2.6.27.6. Reproducible: Always
*** Bug 247574 has been marked as a duplicate of this bug. ***