Hi, * dann frazier <firstname.lastname@example.org> [2009-05-18 23:19]: > On Mon, May 18, 2009 at 02:20:20PM -0400, Michael S. Gilbert wrote: > > On Mon, 18 May 2009 11:52:04 -0600, dann frazier wrote: > > > On Mon, May 18, 2009 at 01:28:56PM -0400, Michael S. Gilbert wrote: [...] > > > This issue supposedly only affected 2.6.28 - do you have information > > > to the contrary? > > > > yes, i have studied the code/patches for this issue. the 2.6.26 > > ecryptfs kernel code is identical to that of the affected 2.6.28 code. > > hence, it is my assessment that 2.6.26 is vulnerable. > > > > i anticipate that this also affects etch-and-a-half (2.6.24) as well, > > but i have not checked yet. > > My understanding is that this issue was introduced by 87b811c (in > 2.6.28), which resulted in only a single page getting allocated for > the headers even though the size of the headers maybe > the page size. Yes and you are correct with this, no other version included the vulnerable code. Cheers Nico -- Nico Golde - http://www.ngolde.de - email@example.com - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Description: PGP signature