Main menu:

Sponsoring

Please consider a small donation:

 

Also appreciated: support me by clicking the ads (costs nothing) :-)

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

My Favourites

Slackware

Calendar

August 2014
M T W T F S S
« Jul    
 123
45678910
11121314151617
18192021222324
25262728293031

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

Meta

Archive for the tag "exploit"

Update for OpenJDK 7 with IcedTea 2.3.4 plugs 0-day exploit.

The past week was buzzing with the 0-day exploit for Oracle’s Java browser plugin, but according to CERT, the OpenJDK was affected as well by the underlying bug. Oracle “hastily” patched this critical vulnerability (CVE-2012-3174) although now it seems that only this particular “attack vector” was patched but the underlying vulnerability remains, leaving the way […]

OpenJDK 7u6_b30 with IcedTea 2.3.1 fixes 0day exploit

 There is a 0-day (zero-day) exploit out for Java7 (both Oracle Java7 and OpenJDK 7).The attack is mounted through your web browser’s Java plugin. People using Java6 are not affected by the exploit. This includes everybody who is running a stable version of Slackware. There is no more Java in slackware-current, except for a SlackBuild […]

Another glibc multilib update

Barely a week has passed, and we have yet another local root hole in glibc that needed patching. The Slackware ChangeLog said it like this: a/glibc-solibs-2.12.1-x86_64-3.txz: Rebuilt. Patched “The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.” This security issue allows a local attacker to gain root by specifying an unsafe […]

New multilib glibc packages fix local root hole

New glibc packages for Slackware arrived on the mirrors last night. They close a serious local root hole. From the ChangeLog: Patched “dynamic linker expands $ORIGIN in setuid library search path”. This security issue allows a local attacker to gain root if they can create a hard link to a setuid root binary.  Thanks to […]