Re: Backport of the integer overflow in the brk system call
Frederik Dannemare <firstname.lastname@example.org> wrote:
> just curious: any particular reason why we didn't see a backport any sooner of
> the integer overflow in the brk system call (see recent announcement by
> Wichert Akkerman:
> like we did with the ptrace issue some time back?
> Wasn't it (the brk vuln) considered to be threatening enough to justify a
> quick fix, or was it because the fix by Andrew Morton didn't say (kerne
> changelog) enough about the potential seriousness of the vuln, or?
Apparently nobody knew it was comparable to ptrace, it looked like a
simple bugfix and not like a local root exploit.
| Robert van der Meulen managed to decrypt the binary which revealed
| a kernel exploit.