Re: Backport of the integer overflow in the brk system call

To: debian-devel@lists.debian.org
Subject: Re: Backport of the integer overflow in the brk system call
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Wed, 3 Dec 2003 02:57:11 +0100
Message-id: <[🔎] 20031203015711.GB20026@lina.inka.de>
In-reply-to: <[🔎] 20031203005423.GA1132@daedalus.andrew.net.au>
References: <[🔎] 3FCBCF99.3000907@sentinel.dk> <[🔎] E1AR6Vn-0001YY-Vx@mid.downhill.at.eu.org> <[🔎] 20031202232021.GA32333@daedalus.andrew.net.au> <[🔎] 200312031117.19034.russell@coker.com.au> <[🔎] 20031203005423.GA1132@daedalus.andrew.net.au>

On Wed, Dec 03, 2003 at 10:54:24AM +1000, Andrew Pollock wrote:
> The only way to have avoided this kernel vulnerability from day-0 of
> discovery/fix release would have been to be constantly upgrading to
> pre-release kernels.

Yes but also the debian servers would not have been vulnerable if they had
used 2.4.23. At least not at that point in time.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to:

Follow-Ups:
- Re: Backport of the integer overflow in the brk system call
  - From: Steve Langasek <vorlon@netexpress.net>
- Re: Backport of the integer overflow in the brk system call
  - From: Graham Wilson <graham@debian.org>
- Re: Backport of the integer overflow in the brk system call
  - From: Brian May <bam@debian.org>

References:
- Backport of the integer overflow in the brk system call
  - From: Frederik Dannemare <tux@sentinel.dk>
- Re: Backport of the integer overflow in the brk system call
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>
- Re: Backport of the integer overflow in the brk system call
  - From: Andrew Pollock <debian-lists@andrew.net.au>
- Re: Backport of the integer overflow in the brk system call
  - From: Russell Coker <russell@coker.com.au>
- Re: Backport of the integer overflow in the brk system call
  - From: Andrew Pollock <debian-devel@andrew.net.au>

Prev by Date: Re: UserLinux white paper
Next by Date: Re: Backport of the integer overflow in the brk system call
Previous by thread: Re: Backport of the integer overflow in the brk system call
Next by thread: Re: Backport of the integer overflow in the brk system call
Index(es):
- Date
- Thread