mirror of
https://github.com/PrivSec-dev/privsec.dev
synced 2024-12-22 12:51:34 -05:00
214b811afc
The Release Cycle section shows how the classic patching process of distributions isn't always effective, and can even introduce additional bugs and vulnerabilities non present in the upstream project. The two linked examples, though, are not that insightful; the first one links to a double free caused by an erroneous bugfix backport, while the second shows a simple crash, but caused by a patch not relevant to the backport of patches but wrote by a Debian developer trying to port the library to another kernel. In short, the second linked bug has little to do with the issue described in the guide. This small patch replaces the aforementioned Firefox bug report with the Debian Security Advisory 1571 (DSA-1571), describing a serious bug introduced in the OpenSSL crypto library by an incautious backport of a security fix, only present in Debian's OpenSSL package. In my opinion, it gives to the reader a clearer idea of what a partial backport can cause. Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it> |
||
---|---|---|
.. | ||
_index.md | ||
Android Tips.md | ||
Choosing Your Android-Based Operating System.md | ||
Choosing Your Desktop Linux Distribution.md | ||
Desktop-Linux-Hardening.md | ||
Firewalling with MirageOS on Qubes OS.md | ||
Linux Insecurities.md | ||
NetworkManager Trackability Reduction.md | ||
Securing OpenSSH with FIDO2.md | ||
Using Split GPG and Split SSH on Qubes OS.md |