Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Thu, 19 Mar 2009 11:03:03 -0400
From: "Michael K. Johnson" <johnsonm@...th.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: inotify local DoS

On Thu, Mar 19, 2009 at 02:27:36PM +0800, Eugene Teo wrote:
> On Thu, Mar 19, 2009 at 1:41 AM, Michael K. Johnson <johnsonm@...th.com> wrote:
> > On Tue, Mar 17, 2009 at 08:39:33PM -0400, Steven M. Christey wrote:
> [...]
> > In the 2.6.27.y stable releases, this affects 2.6.27.13 and earlier.
> > In the 2.6.28.y stable releases, this affects 2.6.28.2 and earlier.
> 
> The problem occurs between upstream commits 16dbc6c96163 and 3632dee2f8b8.

Thanks, Eugene!  More interpretation for those looking at various
kernel versions for those changes:

16dbc6c96163 was introduced between 2.6.27-rc8 and 2.6.27-rc9, so
2.6.26 and earlier are not affected.   The change represented by
16dbc6c96163 was also not imported into the 2.6.26.y stable release
tree during its lifetime, so no 2.6.26.y releases are affected either.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux