1
0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-11-14 10:31:34 -05:00
privsec.dev/content/os
Andrea Pappacoda 214b811afc
linux distros: link to DSA-1571 (#64)
The Release Cycle section shows how the classic patching process of
distributions isn't always effective, and can even introduce additional
bugs and vulnerabilities non present in the upstream project. The two
linked examples, though, are not that insightful; the first one links to
a double free caused by an erroneous bugfix backport, while the second
shows a simple crash, but caused by a patch not relevant to the backport
of patches but wrote by a Debian developer trying to port the library
to another kernel. In short, the second linked bug has little to do with
the issue described in the guide.

This small patch replaces the aforementioned Firefox bug report with
the Debian Security Advisory 1571 (DSA-1571), describing a serious bug
introduced in the OpenSSL crypto library by an incautious backport of a
security fix, only present in Debian's OpenSSL package. In my opinion, it
gives to the reader a clearer idea of what a partial backport can cause.


Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it>
2022-10-06 22:23:18 -04:00
..
_index.md Updates 2022-07-16 19:40:48 -04:00
Android Tips.md Add apksigner location on macOS 2022-09-08 03:42:53 -04:00
Choosing Your Android-Based Operating System.md Rewording 2022-09-10 05:53:18 -04:00
Choosing Your Desktop Linux Distribution.md linux distros: link to DSA-1571 (#64) 2022-10-06 22:23:18 -04:00
Desktop-Linux-Hardening.md Mention fwupd 2022-09-16 00:59:41 -04:00
Firewalling with MirageOS on Qubes OS.md Typo Fixes 2022-09-04 05:59:16 -04:00
Linux Insecurities.md Enable lastmod from Git 2022-08-25 18:40:37 -04:00
NetworkManager Trackability Reduction.md NetworkManager Trackability Reduction (#60) 2022-09-09 03:04:50 -04:00
Securing OpenSSH with FIDO2.md Reannge Content 2022-09-03 03:26:07 -04:00
Using Split GPG and Split SSH on Qubes OS.md Remove unnecessary colons 2022-08-25 18:40:29 -04:00