Re: Status of brk vulnerability in kernel-source-2.4.20-11, 2.4.21-5, 2.4.22-3?

To: debian-devel@lists.debian.org
Subject: Re: Status of brk vulnerability in kernel-source-2.4.20-11, 2.4.21-5, 2.4.22-3?
From: Marc Wilson <msw@cox.net>
Date: Wed, 3 Dec 2003 22:55:57 -0800
Message-id: <[🔎] 20031204065557.GC5112@rei.moonkingdom.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20031203223811.GA30378@twcny.rr.com>
References: <[🔎] 20031203223811.GA30378@twcny.rr.com>

On Wed, Dec 03, 2003 at 05:38:11PM -0500, Nathanael Nerode wrote:
> The security advisory does not mention these (the current 2.4.x kernels
> available in sarge), and the upstream fix is apparently not until 2.4.23.

No offense... but (a) why would the DSA mention Sarge, and (b) isn't it
obvious that the kernels in Sarge are affected, as (1) there has been no
opportunity to move a patched kernel to Sarge, and (2) Sarge doesn't have
security updates in the first place?

It seems to me that all Sarge kernels have the vulnerability, and that you
should proceed on that assumption.

-- 
 Marc Wilson |     If there is no God, who pops up the next Kleenex?
 msw@cox.net |     -- Art Hoppe

Reply to:

References:
- Status of brk vulnerability in kernel-source-2.4.20-11, 2.4.21-5, 2.4.22-3?
  - From: neroden@twcny.rr.com (Nathanael Nerode)

Prev by Date: Re: Debian packages and freedesktop.org (Gnome, KDE, etc) menu entries
Next by Date: Assurance measures: AGD (that fabulous manual we like to have but hate to write)
Previous by thread: Status of brk vulnerability in kernel-source-2.4.20-11, 2.4.21-5, 2.4.22-3?
Next by thread: Assurance measures: AGD (that fabulous manual we like to have but hate to write)
Index(es):
- Date
- Thread