Some vulnerabilities have been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).

1) A vulnerability is caused due to an error within the "make_indexed_dir()" function in fs/ext4/namei.c, which can be exploited to e.g. crash a system via specially crafted Ext4 file systems.

2) A vulnerability is caused due to an error within the "ext4_fill_super()" function in fs/ext4/super.c, which can be exploited to e.g. crash a system via Ext4 file systems containing specially crafted superblock configurations.

3) A vulnerability is caused due to an error within the "ext4_group_add()" function in fs/ext4/resize.c, which can be exploited to crash a system by resizing a malformed Ext4 file system.

Solution
Update to version 2.6.27.19 or 2.6.28.7.

Provided and/or discovered by
1) Sami Liedes
2) Independently discovered by David Maciejak (Fortinet's FortiGuard Global Security Research Team) and Thiemo Nagel
3) Peter Kerwien

Changelog
Further details available in Customer Area

Original Advisory
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7

1) http://bugzilla.kernel.org/show_bug.cgi?id=12430
2) http://bugzilla.kernel.org/show_bug.cgi?id=12371
3) http://bugzilla.kernel.org/show_bug.cgi?id=12433

Deep Links
Links available in Customer Area