Archive for the tag "exploit"
Update for OpenJDK 7 with IcedTea 2.3.4 plugs 0-day exploit.
The past week was buzzing with the 0-day exploit for Oracle’s Java browser plugin, but according to CERT, the OpenJDK was affected as well by the underlying bug. Oracle “hastily” patched this critical vulnerability (CVE-2012-3174) although now it seems that only this particular “attack vector” was patched but the underlying vulnerability remains, leaving the way [...]
Posted: 16 January, 2013 in Slackware, Software.
Tags: 0day, exploit, java, openjdk
Comments: 8
OpenJDK 7u6_b30 with IcedTea 2.3.1 fixes 0day exploit
There is a 0-day (zero-day) exploit out for Java7 (both Oracle Java7 and OpenJDK 7).The attack is mounted through your web browser’s Java plugin. People using Java6 are not affected by the exploit. This includes everybody who is running a stable version of Slackware. There is no more Java in slackware-current, except for a SlackBuild [...]
Posted: 30 August, 2012 in Slackware, Software.
Tags: 0day, exploit, java
Comments: 17
Another glibc multilib update
Barely a week has passed, and we have yet another local root hole in glibc that needed patching. The Slackware ChangeLog said it like this: a/glibc-solibs-2.12.1-x86_64-3.txz: Rebuilt. Patched “The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.” This security issue allows a local attacker to gain root by specifying an unsafe [...]
Posted: 29 October, 2010 in Slackware, Software.
Tags: exploit, glibc, multilib, root
Comments: 7
New multilib glibc packages fix local root hole
New glibc packages for Slackware arrived on the mirrors last night. They close a serious local root hole. From the ChangeLog: Patched “dynamic linker expands $ORIGIN in setuid library search path”. This security issue allows a local attacker to gain root if they can create a hard link to a setuid root binary. Thanks to [...]
Posted: 21 October, 2010 in Slackware, Software.
Tags: exploit, glibc, multilib
Comments: 15