LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Quotes of the week

[Posted September 21, 2011 by corbet]

This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate rich text format file (.rtf), text file (.txt), or Word document (.doc) that is located in the same network directory as a specially crafted dynamic link library (DLL) file.
-- Microsoft makes .txt files dangerous

THIS ERRATA IS CLASSIFIED MAGINOT BLUE STARS. YOU DO NOT POSSESS NECESSARY CLEARANCE TO VIEW FULL ERRATA. VIEW REDACTED ERRATA (Y/N)? Y

QLOGIC 2400 FIRMWARE CODE NAME ███ ██████ ██████ AND QLOGIC 2500 FIRMWARE CODE NAME ████████ ██████ HAVE BEEN UPDATED TO 5.06.01. THIS CHANGE WAS NECESSARY BECAUSE OF ██████ MOVEMENT IN ███ ██████ AND UNEXPECTED EVOLUTION ON PHASE ████ OF SCORPION STARE. ALSO, MINOR CHANGES DUE TO ███████ DISCOVERY AT ████████ BUILDING OF GROOM LAKE (SEE ███████-██████████ ERRATA FOR DETAILS).

SPECIFIC CHANGES:

  • ██████████ FIXED
  • NON-NEWTONIAN ██████████ CONFLICTS RESOLVED WITH ADDITIONAL █████ █████████
  • TACTICAL YIELD OF ██████████ INCREASED BY ███████ IN CORNER CASES INVOLVING ██████████ (SEE █████████)
  • ████ ████ ████ █████████████ █████
  • RESOLVED ISSUES RELATING TO CASE NIGHTMARE GREEN
  • ADDED █████ ████ ███ ████ OXCART ████████ SPYWARE ████ REMOTE ████████ CAMERA ████ CONTAINMENT (SEE ███ ███ ██████)
  • ROTATED ███████████ CODE WHEEL (SEE ████ MANUAL)
-- FEDORA-2011-12302 (Thanks to Rahul Sundaram; see also FEDORA-2011-10266 and FEDORA-2011-2890)
(Log in to post comments)

Quotes of the week

Posted Sep 22, 2011 0:39 UTC (Thu) by nix (subscriber, #2304) [Link]

Lovely. Note the humourless idiots in the comments moaning about how 'unprofessional' the changelog is. It's art, guys. :)

(The relevance of CASE NIGHTMARE GREEN and Groom Lake is clear, but I'm somewhat disturbed by MAGINOT BLUE STARS having anything whatsoever to do with disk drives rather than, say, display hardware. They surely need some sort of mechanism to turn off the SCORPION STARE stuff in countries outside the EU which have adopted different methods. Do they think that -- no, wait, can't discuss that here, sorry.)

Quotes of the week

Posted Sep 22, 2011 1:01 UTC (Thu) by bronson (subscriber, #4806) [Link]

That was hilarious! And a great argument for open firmware. Yeah, too bad about all the YouTube comments.

Quotes of the week

Posted Sep 22, 2011 1:29 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

That's all fine and games until someone uploads The Ring to Youtube: http://xkcd.com/396/

PS: for those who haven't got inside references in the changelog - read "The Laundry" series by Charles Stross.

Quotes of the week

Posted Sep 22, 2011 1:26 UTC (Thu) by rickmoen (subscriber, #6943) [Link]

I must say I do commend Tom 'Spot' Callaway on his taste in SF authors.

Rick Moen
rick@linuxmafia.com

Quotes of the week

Posted Sep 22, 2011 2:11 UTC (Thu) by pr1268 (subscriber, #24648) [Link]

████████ on the ██████ mailing list have ████ to an all-time ███.

Quotes of the week

Posted Sep 22, 2011 4:47 UTC (Thu) by gmaxwell (subscriber, #30048) [Link]

This should be a required style for blobs.

(Or better— document the worst thing which it could possible do with our current level of understanding. "This update by qlogic may program the hardware to rewrite all financial transactions and direct the funds back to qlogic by encoding them into any mail queues stored on the same system, use at your own risk")

Quotes of the week

Posted Sep 22, 2011 8:26 UTC (Thu) by james (subscriber, #1325) [Link]

Surely it's the DLL that's dangerous?

Quotes of the week

Posted Sep 22, 2011 10:12 UTC (Thu) by niner (subscriber, #26151) [Link]

"Microsoft makes opening .txt files dangerous" would probably have been the most correct version

Quotes of the week

Posted Sep 22, 2011 14:41 UTC (Thu) by rgmoore (✭ supporter ✭, #75) [Link]

I think you mean "Microsoft makes opening .txt files anything on Windows dangerous."

Quotes of the week

Posted Sep 22, 2011 22:04 UTC (Thu) by Tuna-Fish (subscriber, #61751) [Link]

Well technically, it only made starting programs that try to load nonexistent dll's dangerous. There's bound to be *at least one* program on windows that doesn't have that problem?

Dangerous .txt files

Posted Sep 25, 2011 12:34 UTC (Sun) by pjm (subscriber, #2080) [Link]

Opening text files on Free Unix systems is also potentially dangerous. The first example I thought of was truetype rendering bugs, but the problem of text files being dangerous on Unix systems is much older than that, probably predating Linux: various terminals have escape codes that allow either direct insertion of characters into the input stream, or at least binding a key to send an arbitrary string of characters, so one might bind a key to "<arbitrary commands>;clear\n" for example. There have also been bugs in terminal emulators (I think including gnome-terminal/libvte) that could be triggered by "cat foo.txt".

Macro viruses

Posted Sep 25, 2011 13:20 UTC (Sun) by pflugstad (subscriber, #224) [Link]

Any editor that supports macros (Word, Emacs, Vi, etc, etc, etc) is potentially dangerous. Macro viruses have existed in Emacs since 1992 (according to Secrets and Lies).

Quotes of the week

Posted Sep 23, 2011 1:42 UTC (Fri) by docwhat (subscriber, #40373) [Link]

The references in the Fedora warning above are to Charles Stross's excellent Laundry Files series. I highly recommend the series… and the rest of his books as well.

Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds