- This topic has 4 odgovora, 5 glasova, and was last updated 17 years ranije by
.
-
Članci
-
Ubuntu korisnici su 27.11.08 otkrilii još jednu rupu u Ubuntu sistemu što ih za sada čini ukupno 9. Koliko je to bitno prosudite sami a “rupe” su:
1. The Xen hypervisor block driver couldn’t accurately validate incoming requests. Therefore, a user with root privileges could crash a system and cause a DoS (Denial of Service) attack by executing malicious I/O requests. This issue affects only Ubuntu 7.10.
2. The i915 video driver couldn’t accurately validate memory addresses. Therefore, an attacker could remap memory and cause a system crash, leading to a DoS (Denial of Service) attack. Ubuntu 6.06 LTS, 7.10 and 8.04 LTS users are not affected by this issue. Ubuntu 8.10 users should update their systems to correct this vulnerability!
3. When files were created in the setgid directories, the Linux kernel package couldn’t accurately strip permissions. Because of this, a local user could gain extra group privileges. This issue was discovered by David Watson and it affects only Ubuntu 6.06 LTS users!
4. When file splice requests were handled, the Linux kernel package couldn’t accurately reject the “append” flag. Therefore, a local attacker could create changes to random locations in a file by bypassing the append mode. This issue was discovered by Olaf Kirch and Miklos Szeredi, and affects only Ubuntu 7.10 and 8.04 LTS users!
5. The SCTP stack couldn’t accurately handle INIT-ACK. Because of this, a remote user could send specially crafted SCTP traffic and crash the system, leading to a DoS (Denial of Service) attack. This issue affects only Ubuntu 8.10 users!
6. The SCTP stack couldn’t accurately handle the length of bad packets. Because of this, a remote user could send specially crafted SCTP traffic and crash the system, leading to a DoS (Denial of Service) attack. This issue affects only Ubuntu 8.10 users!
7. The HFS+ filesystem had several flaws. Because of this, a user could be tricked to mount a malicious HFS+ filesystem, which could lead to a DoS (Denial of Service) attack and crash the system. This issue was discovered by Eric Sesterhenn, and affects all Ubuntu users!
8. The Unix Socket handler couldn’t accurately process the SCM_RIGHTS message. Therefore, a local attacker could create a malicious socket request and crash the system, leading to a DoS (Denial of Service) attack. This issue affects all Ubuntu users!
9. The i2c audio driver couldn’t accurately validate several function pointers. Therefore, a local users could obtain root privileges and crash the system, leading to a DoS (Denial of Service) attack. This issue affects all Ubuntu users!
Sto vise lici na “onaj sistem koji ne pominjemo” 😀 , to mu i problemi lice na probleme koje ta “komercijala” ima.
..a mozda ga samo koristi dovoljno veliki broj ljudi da se zbog toga greske nalaze mnogo lakse.. ko ce ga znati.Ili mozda ljudi odgovorni za Ubuntu prebrzo dodaju nove aplikacije i mogucnosti i zbog toga nemaju dovoljno vremena za testiranje. Ovo nije bilo pravdanje, vec kritika.
Tjah, ne vidim da je neko dao kvalifikovanu ocenu ovih propusta…
Koliko vidim u pola tačaka se, ako ne i u većini se pominje “kernel” i druge odrednice koje nisu vezane samo za ubuntu. Verujem da se više ovih slabosti pojavljuje i u drugim distribucijama, tj ne verujem da su “ubuntui specific”.
ima još gore 😀
ispravite me ako grešim…može da se dounloaduje sigurnosni update za adobe v9.0.151
https://www.redhat.com/apps/download/
ali samo za 80 dolara inače da se ide bez tog sekuriti
https://rhn.redhat.com/errata/RHSA-2008-0980.htmle de im je stalman 😡
EDIT:
evo ga ovde>
http://www.adobe.com/go/kb406791
Moraš biti prijavljen da bi postavio komentar u ovoj temi.