[Bug 779391] Re: CVE-2011-1764: format string vulnerability
Kees Cook
kees at ubuntu.com
Mon May 9 23:43:48 UTC 2011
AAaargh. Who reimplements sprintf!? I am working on hardy and dapper
now. Will have this uploaded shortly. Thanks for double-checking and
getting the Lucid and Oneiric patches ready!
At least full ASLR (PIE[1]) is in place in Lucid and later, so
exploiting this is difficult, but not impossible.
[1] https://wiki.ubuntu.com/Security/Features#pie
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to exim4 in Ubuntu.
https://bugs.launchpad.net/bugs/779391
Title:
CVE-2011-1764: format string vulnerability
More information about the Ubuntu-server-bugs
mailing list