Main menu:

Sponsoring

Please consider a small donation:

 

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

My Favourites

Slackware

Calendar

October 2014
M T W T F S S
« Sep    
 12345
6789101112
13141516171819
20212223242526
2728293031  

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

Meta

Archive for the tag "exploit"

Update for OpenJDK 7 with IcedTea 2.3.4 plugs 0-day exploit.

The past week was buzzing with the 0-day exploit for Oracle’s Java browser plugin, but according to CERT, the OpenJDK was affected as well by the underlying bug. Oracle “hastily” patched this critical vulnerability (CVE-2012-3174) although now it seems that only this particular “attack vector” was patched but the underlying vulnerability remains, leaving the way […]

OpenJDK 7u6_b30 with IcedTea 2.3.1 fixes 0day exploit

¬†There is a 0-day (zero-day) exploit out for Java7 (both Oracle Java7 and OpenJDK 7).The attack is mounted through your web browser’s Java plugin. People using Java6 are not affected by the exploit. This includes everybody who is running a stable version of Slackware. There is no more Java in slackware-current, except for a SlackBuild […]

Another glibc multilib update

Barely a week has passed, and we have yet another local root hole in glibc that needed patching. The Slackware ChangeLog said it like this: a/glibc-solibs-2.12.1-x86_64-3.txz: Rebuilt. Patched “The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.” This security issue allows a local attacker to gain root by specifying an unsafe […]

New multilib glibc packages fix local root hole

New glibc packages for Slackware arrived on the mirrors last night. They close a serious local root hole. From the ChangeLog: Patched “dynamic linker expands $ORIGIN in setuid library search path”. This security issue allows a local attacker to gain root if they can create a hard link to a setuid root binary.¬† Thanks to […]