Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [month] [year] [list] 
Date: Mon, 04 May 2009 10:45:54 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2009-1184 selinux: skipped node/port send checks in the compat_net=1
 case

Not upstream in 2.6.30, as the function was removed there.

Node and port send checks can skip in the compat_net=1 case. This bug
was introduced in commit effad8d.

This is fixed in 2.6.27.21[1] and 2.6.28.10[2]. I believe it will be
fixed in 2.6.29.y soon.

[1] http://lwn.net/Articles/331434/
[2] http://lwn.net/Articles/331435/

Thanks, Eugene

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux