[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Backport of the integer overflow in the brk system call

On Wed, Dec 03, 2003 at 01:54:22PM +1100, Matthew Palmer wrote:
> >    Nov 28  22:39  Linux 2.4.23 released
> >                   ^^^^^^^^^^^^^^^^^^^^^
> Bernd is correct, though - if the machines had been running 2.4.23, they
> wouldn't have been vulnerable.  The fact that it was impossible to do so
> doesn't enter into the equation when you're working from blind assertions. 
> <g>

Hehe, well I am sorry. I had the impression 2.4.23 was older. Should have checked my facts.

BTW: I do have checked the kernel version of the major distros, all ship
newer kernels than debian (if you look at the upstream version). However I do not know
how reliable dostrowatch is, for comparision.

  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to: