Re: CVE-2006-3468: which patch to use?
From: Neil Brown
Date: Sun Aug 20 2006 - 18:55:36 EST
On Sunday August 20, bunk@xxxxxxxxx wrote:
> While going through patches for 2.6.16.x, I stumbled over the following
> regarding the "NFS export of ext2/ext3" security vulnerabilities (the
> ext3 one is CVE-2006-3468, I don't whether there's a number for the
> ext2 one):
> There are three patches available:
> The first two patches are except for a s/ext2/ext3/ identical.
> The two ext3 patches fix the same issue in slightly different ways.
> It seems there was already some agreement that the first of the two ext3
> patches should be preferred due to being more the same as the ext2 patch
> (see  and followups).
> But the only patch that is applied in 2.6.18-rc4 (and in 220.127.116.11) is
> the ext3 patch that is _not_ identical to the ext2 one.
> Is it the correct solution to revert this ext3 patch in both 2.6.18-rc
> and 2.6.17 and to apply the other two patches?
There is no point in reverting the ext3 patch. It is a good and
proper patch to have.
Apply the ext2 patch is definitely a good idea.
Applying the other ext3 patch is also a good idea.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/