Navigation
Recherche
|
[$] The long road to a fix for CVE-2021-20316
jeudi 10 février 2022, 16:20 , par LWN.net
Well-maintained free-software projects usually make a point of quickly
fixing known security problems, and the Samba project, which provides interoperability between Windows and Unix systems, is no exception. So it is natural to wonder why the fix for CVE-2021-20316, a symbolic-link vulnerability, was well over two years in coming. Sometimes, a security bug can be fixed with a simple tweak to the code. Other times, the fix requires a massive rewrite of much of a projects's internal code. This particular vulnerability fell firmly into the latter category, necessitating a public rewrite of Samba's virtual filesystem (VFS) layer to address a non-disclosed vulnerability.
https://lwn.net/Articles/884052/rss
|
56 sources (32 en français)
Date Actuelle
jeu. 2 mai - 22:51 CEST
|