-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 02 July 2004 07:14, Dominic Hargreaves wrote: > It shouldn't be allowed to delay the release of 35.x. What is the fsync > problem, anyway? I can't find any reference to it with a quick google. No, but the newly announced CVE should delay the release: During an audit of the Linux kernel, SUSE discovered a flaw that allowed a user to make unauthorized changes to the group ID of files in certain circumstances. In the 2.4 kernel, as shipped with Fedora Core 1, the only way this could happen is through the kernel nfs server. A user on a system that mounted a remote file system from a vulnerable machine may be able to make unauthorized changes to the group ID of exported files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0497 to this issue. Only Fedora Core 1 systems that are configured to share file systems via NFS are affected by this issue. - -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFA5XM54v2HLvE71NURAvJHAKCZovEFYj815VVyGMsT8MogZB2eTACdFshy F+nd5R3ydiO0wovtOw+OqVs= =hBwS -----END PGP SIGNATURE----- -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
