Ironworks Gaming Forum - View Single Post - 12-23-04

LennonCook · 12-24-2004, 03:33 AM

Which of those applies to the Linux OS? I count... none.
Of these 6 are distro-specific updates - meaning, the fix has already been made in the software before this, and that the fixed version has been landed in that distro's official package repositories. Given the nature of open source, it is highly likely that these were available in non-official repositories in the appropriate format before now. Also, for them to be called 'updates' on Secunia would seem to mean that this has been fixed before it has been made public.
The unspecified vulnerabilities have fixes: this is their very nature. Secunia has been told that holes have been plugged, but not been given the exact details.
So, that leaves 6 vulnerbilities, across multiple unrelated programs.
And let's see how serious they are...
LPRng Script.. : Less Critical, requires local system access (meaning it has to be done sitting right there at that machine, rather than - like most of the Windows flaws - somewhere on the internet).
RPM Finder: Moderately Critical, from remote. But, oh look, this is patched. 5 vulnerabilities, in unrelated programs.
debmake: Less Critical, local system, patched. 4 unpatched, still in unrelated programs.
kpdf buffer overflow: ok, highly critical. But this is also patched. Note that it would be extremely critical if there were exploits in the wild, but.. there aren't.
Docbook-to-Man: less critical
SQL injection: Less critical

Meaning, of all these, there are 3 unpatched. All of these are marked 'less critical', and require local access. Of the remaining 12, 6 were seemingly patched very quickly after they became known (Secunia publishes vulnerbilities a certain time after telling the vendor - a few weeks, I think). That leaves... 6 vulnerabilities in 6 different applications that are patched, but possibly took a while to come out.

Which means that you seem to be exagerating the seriousness of this a bit. Can you try to tell the whole story next time?

12-24-2004, 03:33 AM	#2
LennonCook Jack Burton Join Date: November 10, 2001 Location: Bathurst & Orange, in constant flux Age: 38 Posts: 5,452	Which of those applies to the Linux OS? I count... none. Of these 6 are distro-specific updates - meaning, the fix has already been made in the software before this, and that the fixed version has been landed in that distro's official package repositories. Given the nature of open source, it is highly likely that these were available in non-official repositories in the appropriate format before now. Also, for them to be called 'updates' on Secunia would seem to mean that this has been fixed before it has been made public. The unspecified vulnerabilities have fixes: this is their very nature. Secunia has been told that holes have been plugged, but not been given the exact details. So, that leaves 6 vulnerbilities, across multiple unrelated programs. And let's see how serious they are... LPRng Script.. : Less Critical, requires local system access (meaning it has to be done sitting right there at that machine, rather than - like most of the Windows flaws - somewhere on the internet). RPM Finder: Moderately Critical, from remote. But, oh look, this is patched. 5 vulnerabilities, in unrelated programs. debmake: Less Critical, local system, patched. 4 unpatched, still in unrelated programs. kpdf buffer overflow: ok, highly critical. But this is also patched. Note that it would be extremely critical if there were exploits in the wild, but.. there aren't. Docbook-to-Man: less critical SQL injection: Less critical Meaning, of all these, there are 3 unpatched. All of these are marked 'less critical', and require local access. Of the remaining 12, 6 were seemingly patched very quickly after they became known (Secunia publishes vulnerbilities a certain time after telling the vendor - a few weeks, I think). That leaves... 6 vulnerabilities in 6 different applications that are patched, but possibly took a while to come out. Which means that you seem to be exagerating the seriousness of this a bit. Can you try to tell the whole story next time?