On Sun 28 Sep 2014 07:33:09 NZDT +1300, Eliezer Croitoru wrote:
Basically it's true that this is a vulnerability and a big one for a change but.. The specific cases are pretty important to do something about it when needed.
The point is that it is impossible to list up all specific cases, now or in the future.
Basically a function should not be defined inside a variable as a thumb rule.
It is a real shame that attackers don't seem to adhere to this rule...
solve a thing or two but will not help many running systems(that maybe cannot be updated on the fly).
Tough, your problem. Ditto with firmware for stuff from vendors which don't know you any more. Please keep on searching the Internet for more cases and explanations[1] for why it was a good idea to patch yesterday. Or trust people like Scott. What does a CVE rating of 10/10 mean? Btw CVE-2014-6271 was just round one. See CVE-2014-7169 for round two! HTH, Volker [1] There was some elaboration here: http://lists.canterbury.ac.nz/pipermail/linux-users/ -- Volker Kuhlmann is list0570 with the domain in header. http://volker.top.geek.nz/ Please do not CC list postings to me.