subject:"The ares_create_query security vulnerability"

Re: The ares_create_query security vulnerability

2016-10-16 Thread Daniel Stenberg


On Sun, 16 Oct 2016, bch wrote:

I read it, and it's incredibly interesting. I sure hope there's follow up 
material for this...


The (little) public info from Google on this issue was posted here: 
https://googlechromereleases.blogspot.se/2016/09/stable-channel-updates-for-chrome-os.html


Possibly two of those still closed-for-the-public bugs will reveal the details 
at a later point in time. I don't have any insights into their process.


--

 / daniel.haxx.se

Re: The ares_create_query security vulnerability

2016-10-16 Thread bch

I read it, and it's incredibly interesting. I sure hope there's follow up
material for this...

-bch

On Oct 16, 2016 8:12 AM, "Daniel Stenberg"  wrote:

> Hi friends,
>
> Just wanted to mention that the CVE-2016-5180 problem we fixed back on
> September 29th in c-ares 1.12.0 played an important part in root code
> execution exploit, and yesterday I blogged some details for those
> interested:
>
> https://daniel.haxx.se/blog/2016/10/14/a-single-byte-write-
> opened-a-root-execution-exploit/
>
> --
>
>  / daniel.haxx.se
>

Re: The ares_create_query security vulnerability

Re: The ares_create_query security vulnerability

2 matches

Site Navigation

Mail list logo

Footer information