> Though CIFS has its roots in smbfs, nobody was paying enough attention to
> realize that smbfs might suffer from the same vulnerability.
This is not true. The original person who found this bug, found it
for smbfs. However, due to travel issues, misunderstanding about the
severity of the bug, and a general bungling of a proper disclosure time,
the cifs patch became public first, which forced the -stable developers
to immediately do a security release for it.
The smbfs patch was created later, as it was still known that it had a
problem, and due to travel issues, the fix was not confirmed for a
Hope this helps clear this up, it wasn't a lack of understanding about
the vulnerability and what systems it affected.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds