On Thu, Jul 17, 2003 at 11:03:48AM -0700, Bob Miller wrote: > Don't feel too superior. LWN reports eight new vulnerabilities in > Linux software this week.* ** We'd like to think that Linux > distributions release patches faster and make updating easier than > Windows does, and that's certainly true for Debian, Redhat and Gentoo > (the distros I'm most familiar with), but there are still going to be > a lot of machines on the 'Net that will never get these fixed. Those > machines will eventually be 0wnzed. > * The new vulnerabilities are: > > apache, multiple vulnerabilities Runs as a user > mozilla, heap based buffer overflow Runs as a user > mpg123, buffer overflow Runs as a user > nfs-utils, xlog() off by one bug Nfs daemons can be in kernel space or user space > phpgroupware, cross site scripting Runs as a user > traceroute-nanog, integer overflow Not a daemon > ucd-snmp, heap overflow Was the heap overflow in the daemon or in a tool?
Most of these applications run on other systems, including windows, so these aren't necessarily linux vulnerabilities. Also since most are in user space, they aren't nearly as critical as most M$ vulnerabilities. A vulnerability in IE can trojan a system. No vulnerability in Mozilla can do that unless it is run as root. It is sad how insecure IE is. Yet, how does one update a windows system? Through windowsupdate.microsoft.com and IE. Cory -- Cory Petkovsek Adapting Information Adaptable IT Consulting Technology to your (541) 914-8417 business [EMAIL PROTECTED] www.AdaptableIT.com _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
