Archive for the tag "exploit"
The past week was buzzing with the 0-day exploit for Oracle’s Java browser plugin, but according to CERT, the OpenJDK was affected as well by the underlying bug. Oracle “hastily” patched this critical vulnerability (CVE-2012-3174) although now it seems that only this particular “attack vector” was patched but the underlying vulnerability remains, leaving the way [...]
There is a 0-day (zero-day) exploit out for Java7 (both Oracle Java7 and OpenJDK 7).The attack is mounted through your web browser’s Java plugin. People using Java6 are not affected by the exploit. This includes everybody who is running a stable version of Slackware. There is no more Java in slackware-current, except for a SlackBuild [...]
Barely a week has passed, and we have yet another local root hole in glibc that needed patching. The Slackware ChangeLog said it like this: a/glibc-solibs-2.12.1-x86_64-3.txz: Rebuilt. Patched “The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.” This security issue allows a local attacker to gain root by specifying an unsafe [...]
New glibc packages for Slackware arrived on the mirrors last night. They close a serious local root hole. From the ChangeLog: Patched “dynamic linker expands $ORIGIN in setuid library search path”. This security issue allows a local attacker to gain root if they can create a hard link to a setuid root binary. Thanks to [...]