Re: The ares_create_query security vulnerability
On Sun, 16 Oct 2016, bch wrote: I read it, and it's incredibly interesting. I sure hope there's follow up material for this... The (little) public info from Google on this issue was posted here: https://googlechromereleases.blogspot.se/2016/09/stable-channel-updates-for-chrome-os.html Possibly two of those still closed-for-the-public bugs will reveal the details at a later point in time. I don't have any insights into their process. -- / daniel.haxx.se
Re: The ares_create_query security vulnerability
I read it, and it's incredibly interesting. I sure hope there's follow up material for this... -bch On Oct 16, 2016 8:12 AM, "Daniel Stenberg" wrote: > Hi friends, > > Just wanted to mention that the CVE-2016-5180 problem we fixed back on > September 29th in c-ares 1.12.0 played an important part in root code > execution exploit, and yesterday I blogged some details for those > interested: > > https://daniel.haxx.se/blog/2016/10/14/a-single-byte-write- > opened-a-root-execution-exploit/ > > -- > > / daniel.haxx.se >