Date: Thu, 9 Aug 2018 16:27:38 +0100 From: Simon McVittie <smcv@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: Re: Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem On Thu, 09 Aug 2018 at 16:21:03 +0200, Andrey Konovalov wrote: > See the comment in the exploit source code for a > usage example that shows how to read /etc/shadow on Ubuntu xenial > 4.13.0-38-generic Note that because of the way Debian and Ubuntu kernels are packaged, this is an "ABI version" describing a class of kernels with compatible module ABIs, not a specific version number. The version number for Ubuntu kernels looks like 4.13.0-38.43~16.04.1 or similar. If you are illustrating how to reproduce an exploit against a specific binary kernel, you'll probably want to quote both the package name and the version number: for example https://packages.ubuntu.com/xenial/linux-image-4.13.0-38-generic currently lists "linux-image-4.13.0-38-generic (4.13.0-38.43~16.04.1)". smcv
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.