[opensuse] Linux drive by download exploit - opensuse affected as well?
Just read something at https://scarybeastsecurity.blogspot.ru/2016/11/0day-poc-risky-design-decisio... How safe is opensuse and how quickly are security releases pushed out actually, e.g. latest Firefox 50 and other stuff that windows world sees really quickly in contrast to distro baked stuff. Thanks for commenting. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, Nov 17, 2016 at 06:33:13PM +0100, cagsm wrote:
Just read something at https://scarybeastsecurity.blogspot.ru/2016/11/0day-poc-risky-design-decisio...
How safe is opensuse and how quickly are security releases pushed out actually, e.g. latest Firefox 50 and other stuff that windows world sees really quickly in contrast to distro baked stuff.
I think we are affected. Bugs are open for both issues and waiting for fixes. https://bugzilla.suse.com/show_bug.cgi?id=1010829 https://bugzilla.suse.com/show_bug.cgi?id=1010514 Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am Freitag, 18. November 2016, 00:09:16 schrieb Marcus Meissner:
On Thu, Nov 17, 2016 at 06:33:13PM +0100, cagsm wrote:
Just read something at <https://scarybeastsecurity.blogspot.ru/2016/11/0day-poc-risky-design-deci sions-in.html>
How safe is opensuse and how quickly are security releases pushed out actually, e.g. latest Firefox 50 and other stuff that windows world sees really quickly in contrast to distro baked stuff.
I think we are affected.
Unfortunately you can't easely uninstall gstreamer-plugins-bad , which introduces the bad codec, because of dependencies. I think a final fix should also remove these dependencies ( uninstalling gstreamer-plugins-bad requires to uninstall totem and gnome-control-center, too ) , making gstreamer-plugins-bad an optional package without dependencies to important components of gnome. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On November 17, 2016 8:32:44 PM PST, "Markus Koßmann"
Am Freitag, 18. November 2016, 00:09:16 schrieb Marcus Meissner:
On Thu, Nov 17, 2016 at 06:33:13PM +0100, cagsm wrote:
Just read something at
<https://scarybeastsecurity.blogspot.ru/2016/11/0day-poc-risky-design-deci
sions-in.html>
How safe is opensuse and how quickly are security releases pushed out actually, e.g. latest Firefox 50 and other stuff that windows world sees really quickly in contrast to distro baked stuff.
I think we are affected.
Unfortunately you can't easely uninstall gstreamer-plugins-bad , which introduces the bad codec, because of dependencies. I think a final fix should also remove these dependencies ( uninstalling gstreamer-plugins-bad requires to uninstall totem and gnome-control-center, too ) , making gstreamer-plugins-bad an optional package without dependencies to important components of gnome.
It seems to me we can all protect our computers from this LOCAL exploit until such time as a rational defense is created. Either that or set your browser not to remain running in the background when you leave your desk. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
cagsm -
John Andersen -
Marcus Meissner -
Markus Koßmann