Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Small data analysis based on August/September GLSAs :
55 GLSAs
21 of which are buffer overflows (38%)
5 are buffer overflows affecting daemons (9%)
14 are buffer overflows affecting client software (25%)
2 can potentially affect both servers and clients (4%)
So almost one third of our current vulnerabilities are buffer overflows
affecting client software. These require the attacker to make you
load/read/open a malicious document/image/playlist. It's not because we
haven't seen much viruses for Linux that we shouldn't worry about this
attack vector. Restricting ssp to daemons and +s programs is not very
useful. A client-based vulnerability can be used together with a recent
root escalation kernel vuln to compromise a machine completely. Weakest
link.
- --
Koon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBUonOvcL1obalX08RArGJAKCShMubWvGlGqHLW/CFMZfHCz6q8ACgifMc
LCX6C/NkPGumUILK4idOG6E=
=yJgM
-----END PGP SIGNATURE-----
--
gentoo-security@g.o mailing list
|
|
