On Ma, 25 ian 22, 16:13:23, Nate Bargmann wrote: > I am subscribed to that list and get them too. > > I just see that three more messages popped in since this morning from > the security list. > > The complaints seem to be only about browsers. The inference seems to > be that the latest release always fixes security bugs. While this is > true to an extent, what is seldom acknowledged is that new releases also > bring new and as yet undisclosed bugs that will be fixed next time or > the time after or the time after that or... I figure it's a gamble > either way and stick with the Debian packages.
I'll use the opportunity to draw attention to DSA-5059-1, see e.g. this article for details: https://arstechnica.com/information-technology/2022/01/a-bug-lurking-for-12-years-gives-attackers-root-on-every-major-linux-distro/ And please don't bother to reply with "there are no other users on this system I should worry about", the bad guys could still find ways to get in, e.g. via a compromised browser, regardless if you are behind a firewall or not[1]. Any system connecting to the internet should be kept up-to-date. Even if you don't care about your data, privacy, etc., your system will probably become part of some botnet and be used to spread malware and spam to others. [1] Of course, the risk level is significantly lower for the typical home user, but still not negligible in my opinion - we just can't know what unknown browser vulnerabilities there might be lurking, which the bad guys could actively exploit via malicious websites (vs. targeted attacks for high value targets). In today's world once your browser is compromised https://xkcd.com/1200/ applies. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser
signature.asc
Description: PGP signature