So people are falling for a fake page that is not even well disguised, apply a
patch from there and now worry about being exploited? Call me unimpressed, but
what is expected to be done about that?
Please, only get your patches through trusted sources, not from windy websites
that just look
On Thu, 5 Apr 2018, Tony Hoyle wrote:
> It's concerning that the holeybeep.ninja site exploited an unrelated
> fault for 'fun' without apparently telling anyone.
To be fair, they told you exactly what was going to happen: “Apply this
[patch] as soon as possible using the following command:
The patch vulnerability seems more severe to me, as people apply patches
all the time (they shouldn't do it as root, but people are people).
It's concerning that the holeybeep.ninja site exploited an unrelated
fault for 'fun' without apparently telling anyone.
Tony
Source: beep
Version: 1.3-3
Severity: grave
Tags: security upstream
Justification: user security hole
Control: fixed -1 1.3-4+deb9u1
Control: fixed -1 1.3-3+deb8u1
Hi,
The following vulnerability was published for beep:
CVE-2018-0492[0]:
local privilege escalation
If you fix the vulnerability
4 matches
Mail list logo
