(Black) Friday's security updates

[Posted November 23, 2012 by n8willis]

Debian has updated trousers (denial of service).

Fedora has updated libsocialweb (F16, F17; information disclosure), pcp (F16, F17; insecure temporary files), and xen (F16, F17; multiple vulnerabilities).

openSUSE has updated lighttpd (denial of service).

Red Hat has updated java-1.4.2-ibm (multiple vulnerabilities).

(Black) Friday's security updates

Posted Nov 23, 2012 19:36 UTC (Fri) by nix (subscriber, #2304) [Link] (2 responses)

We are living in a world in which we can have a hole in trousers. More disturbing yet, a black hole in trousers.

(Black) Friday's security updates

Posted Nov 23, 2012 22:31 UTC (Fri) by iabervon (subscriber, #722) [Link] (1 responses)

It's a strange world where a hole in trousers can be a denial of service. In my experience, holes in trousers are usually information disclosures, although I've had a few instances of data loss.

(Black) Friday's security updates

Posted Nov 23, 2012 23:19 UTC (Fri) by mikachu (guest, #5333) [Link]

We are at least lucky that it's only a local vulnerability.

(Black) Friday's security updates

Posted Nov 24, 2012 1:38 UTC (Sat) by zlynx (guest, #2285) [Link] (1 responses)

Having trousers installed at all is a denial of service. Trousers must be removed before servicing.

hole in trousers

Posted Nov 24, 2012 7:48 UTC (Sat) by dambacher (subscriber, #1710) [Link]

Well it surely depends on the selected service...

But normally you will find the accompanying bug soon after.
This is when tightly closed containers come handy, I never heard of sandboxes in this context.

(Black) Friday's security updates

Posted Nov 24, 2012 5:09 UTC (Sat) by n8willis (subscriber, #43041) [Link]

I will say, on the record, that getting to type the words "Debian has updated trousers (denial of service)" the day after Thanksgiving immediately made the first-item slot on my 2012/2013 "What I'm thankful for" list. Although it probably would've made the list on most other days as well.

Nate