|
Docbook to man Insecure temp file creation
LPRng Script Insecure temp file creation Red Hat update for acroread KDE Buffer Overflow Vlunerability RPM Finder "web()" Buffer Overflow and Insecure File creation Debian debmake insecure temp dir creation Sybase ASE Three Unspecified Vulnerabilities Fedora update for libtiff Mandrake update for kdelibs Mandrake update for logcheck Mandrake update for krb5 SUSE update for samba Mandrake update for mplayer SurgeMail unspecified webmail security issue 2bgal "id album" SQL injection Vulnerability 6 are rated "Highly Critical", all are vulnerabilities or repairs for vulnerabilities in LINUX software or OS (except surgemail which is multiplatform). |
<span style="color: lightblue">Which of those applies to the Linux OS? I count... none.
Of these 6 are distro-specific updates - meaning, the fix has already been made in the software before this, and that the fixed version has been landed in that distro's official package repositories. Given the nature of open source, it is highly likely that these were available in non-official repositories in the appropriate format before now. Also, for them to be called 'updates' on Secunia would seem to mean that this has been fixed before it has been made public. The unspecified vulnerabilities have fixes: this is their very nature. Secunia has been told that holes have been plugged, but not been given the exact details. So, that leaves 6 vulnerbilities, across multiple unrelated programs. And let's see how serious they are... LPRng Script.. : Less Critical, requires local system access (meaning it has to be done sitting right there at that machine, rather than - like most of the Windows flaws - somewhere on the internet). RPM Finder: Moderately Critical, from remote. But, oh look, this is patched. 5 vulnerabilities, in unrelated programs. debmake: Less Critical, local system, patched. 4 unpatched, still in unrelated programs. kpdf buffer overflow: ok, highly critical. But this is also patched. Note that it would be extremely critical if there were exploits in the wild, but.. there aren't. Docbook-to-Man: less critical SQL injection: Less critical Meaning, of all these, there are 3 unpatched. All of these are marked 'less critical', and require local access. Of the remaining 12, 6 were seemingly patched very quickly after they became known (Secunia publishes vulnerbilities a certain time after telling the vendor - a few weeks, I think). That leaves... 6 vulnerabilities in 6 different applications that are patched, but possibly took a while to come out. Which means that you seem to be exagerating the seriousness of this a bit. Can you try to tell the whole story next time? ;) |
Can we stop the 'my OS is better than yer OS' please? cannot 2 different OS'es exist? Let's stop this petty stuff. [img]smile.gif[/img]
|
Quote:
I think we should have a ban on "Vulnerability to OS's" threads [img]tongue.gif[/img] |
Quote:
Quote:
|
Ok, but we dont need to be told when we are suseptable to attacks through Notepad.
I just think that only serious vulnerabilities should be diiscussed. Mainly becuase there seem to be so many threads about them here lately. And I know that I am not the only one who is getting sick of them. |
[img]smile.gif[/img] ... just pointing out that a running ticker of vulnerabilities biased to provide the illusion that M$ alternatives are somehow better is a bit ludicrous... we are all living in glass houses.
I also think it's downright dangerous to mislead people into believing that linux is not subject to as many flaws and vulnerabilities as Windows. People should choose an OS knowing that NONE of them are perfect, and only seeing Windows problems highlighted day after day is misleading at best... deceptive at worst. A ban would probably be a good idea, point people to sites like Secunia and tell them to do their own research. Today's Secunia list, like yesterdays, was dominated by UNIX/LINUX sofware. ;) |
<span style="color: lightblue">Saying Linux is more secure isn't a myth. It's true and proven. Yes, proven - this has been researched.
Jarrad, any vulnerability is potentially serious. That one in Wordpad (not notepad [img]tongue.gif[/img] ) was especially serious, since it was a buffer overflow (meaning it can allow basically anything to happen that the OS lets that program do (which is, in all OS's, probably not what you think). But, I do try to limit it to only the serious flaws, in programs people are likely to have installed... if I didn't do that, my post count would either be alot higher, or reset for spamming. [img]tongue.gif[/img] |
Lennon, did I not just say chill it!?
NO software is EVER 100% safe. And never will be. ALL code has mistakes, ALL code has vulnerabilities. As long as there are people that seek them. MMMkay? [img]smile.gif[/img] Now drop it, and Merry Christmas! :D :D |
Quote:
Quote:
EDIT: Fixed quotes. [ 12-25-2004, 05:33 PM: Message edited by: LennonCook ] |
| All times are GMT -4. The time now is 07:39 AM. |
Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
©2024 Ironworks Gaming & ©2024 The Great Escape Studios TM - All Rights Reserved