Changeset 321434c
- Timestamp:
- 10/26/2012 06:15:09 AM (12 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 802f7211
- Parents:
- 0d7beb4
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/vulnerabilities.xml
r0d7beb4 r321434c 26 26 <para>All software has bugs. Sometimes, a bug can be exploited, for example 27 27 to allow users to gain enhanced privileges (perhaps gaining a root shell, or 28 simply accessing or deleting other user s'files), or to allow a remote28 simply accessing or deleting other user's files), or to allow a remote 29 29 site to crash an application (denial of service), or for theft of data. These 30 30 bugs are labelled as vulnerabilities.</para> … … 38 38 packages which have long since been updated in BLFS.</para> 39 39 40 <para>BLFS differs from distributions - there is no BLFS security team and40 <para>BLFS differs from distributions - there is no BLFS security team, and 41 41 the editors only become aware of vulnerabilities after they are public 42 42 knowledge. Sometimes, a package with a vulnerability will not be updated in 43 the book for a long time. Issues can be logged in the trac system, which43 the book for a long time. Issues can be logged in the Trac system, which 44 44 might speed up resolution.</para> 45 45 46 46 <para>The normal way for BLFS to fix a vulnerability is, ideally, to update 47 the book to a new fixed releas se of the package. Sometimes that happens even47 the book to a new fixed release of the package. Sometimes that happens even 48 48 before the vulnerability is public knowledge, so there is no guarantee that 49 49 it will be shown as a vulnerability fix in the Changelog. Alternatively, a … … 55 55 56 56 <para>To keep track of what is being discovered, you may wish to follow the 57 security announcements of one or more distributions. For example, debian have58 <ulink url="http://www.debian.org/security"> debian security</ulink>.59 fedoralinks on security are at60 <ulink url="http://fedoraproject.org/wiki/Security">the fedora wiki</ulink>.61 details of gentoo linux security announcements are discussed at62 <ulink url="http://www.gentoo.org/security"> gentoo security</ulink>.57 security announcements of one or more distributions. For example, Debian has 58 <ulink url="http://www.debian.org/security">Debian security</ulink>. 59 Fedora's links on security are at 60 <ulink url="http://fedoraproject.org/wiki/Security">the Fedora wiki</ulink>. 61 details of Gentoo linux security announcements are discussed at 62 <ulink url="http://www.gentoo.org/security">Gentoo security</ulink>. 63 63 and the Slackware archives of security announcements are at 64 <ulink url="http://slackware.com/security"> slackware security</ulink>.64 <ulink url="http://slackware.com/security">Slackware security</ulink>. 65 65 </para> 66 66 … … 72 72 <ulink url="http://www.cert.hr">cert.hr</ulink> (Croatian). These are not 73 73 linux-specific. There is also a daily update at lwn.net for subscribers 74 (free access to the data after 2 weeks ), but their vulnerabilities database at74 (free access to the data after 2 weeks, but their vulnerabilities database at 75 75 <ulink url="http://lwn.net/Vulnerabilities/">lwn.net/Vulnerabilities</ulink> 76 76 is unrestricted).</para>
Note:
See TracChangeset
for help on using the changeset viewer.