1) A vulnerability is caused due to the "hfsplus_find_cat()" function
in fs/hfsplus/catalog.c not properly checking the catalog name length.
This can be exploited to crash a system by e.g. mounting a specially
crafted hfsplus file system.
2) A vulnerability is caused due to the "hfsplus_block_allocate()"
function in fs/hfsplus/bitmap.c not properly checking the return
values of "read_mapping_page()" function before using them. This can
be exploited to crash a system by e.g. mounting a specially crafted
hfsplus file system.
Info copied from secunia advisory SA32510.
Patches are in stable-review for 2.6.27. Not yet been added to 2.6.25/2.6.26 stable-queue.
These vulns are fixed in 126.96.36.199. Beware however, neither of these were fixed in 188.8.131.52, nor 184.108.40.206.
hardened-kernel unaffected at present time. Removing alias.
PS: genpatches-2.6.27-5 added 220.127.116.11. Also, the relevant patches were added to genpatches-2.6.26-4. =genpatches-2.6.25* remains vulnerable. However, hardened-sources-2.6.25-r13 does not because we independently folded in the necessary patches.