On 2021/02/17 09:53, John Paul Adrian Glaubitz wrote:
around it by having multiple so's -- installing the 'so'
that each program compiled with.
That's not really a solution though. Having ten copies of libpng on your
harddisk means you will have to update ten copies of libpng when there
is a vulnerability.
Found this looking for something else and didn't want this
F.U.D.D. to continue. This isn't true. First point: those
libraries aren't the entry point of an attack, the programs that use
those libraries are. Second, it is the executable that needs to be
updated and they will be linked with ONE new library that fixes the,
vulnerability, not 10.