What is Digg?133 Comments
- Malachai, on 11/28/2008, -16/+194These vulnerabilities were discovered YESTERDAY. Now, they're fixed.
This is one of the many reasons I love Linux. - ruiacp, on 11/29/2008, -18/+103Why did it take to much time to fix this? 24 hours? It only shows how slow amateur developers are.
True professional fix vulnerabilities faster. Try to beat MS if you can:
http://digg.com/microsoft/Microsoft_Security_Patch ...
Take it freedom fighters. Fast 7 years against too long 24 hours. With professionalism you surely get what you paid for.
/Extremely very much sarcasm - TheWindBlows, on 11/29/2008, -5/+55Most of these are local exploits. Even more of the them require root privileges to be done.
One of those is a graphics driver flaw.
To be honest I wouldn't even count this as a full 9 vulnerabilities.
Plus all the patches have been made. No big waits. - Metaleks, on 11/29/2008, -3/+45They were fixed in less than 24 hours. That's the Linux community, baby!
- kd420, on 11/29/2008, -2/+42I wondered why I got a kernel upgrade yesterday. I find it very comforting that they found the vulnerabilities even before they were exploited, just shows how effective they are.
- ileftfark, on 11/28/2008, -4/+34Yup, came to say the same thing... new kernel image in the repos today. APT handily brought in backported modules for the updated kernel as well.
- 1longtime, on 11/29/2008, -4/+213.8% Linux (estimated) and quite a bit of those are Ubuntu. It's approaching the Mac OS in popularity.
http://www.w3schools.com/browsers/browsers_os.asp - okmon, on 11/29/2008, -3/+19Obviously important! Because! Article has lots of! EXCLAMAT!ON PO!NTS!
- inactive, on 11/29/2008, -5/+20Digg users are retarded about anything but video games. These vulnerabilities have been known for months. Check these two links from securitytracker which cover bugs that are just now being patched.
http://securitytracker.com/alerts/2008/Nov/1021230 ...
http://securitytracker.com/alerts/2008/Oct/1021065 ... - tippmann1, on 11/29/2008, -4/+18umm no. linux is running on over 93 percent of the worlds 500 top supercomputers. not to mention linux runs way more mission critical servers for huge companies. And linux supports way more processor architectures than windows can ever dream of.
Also the reason why microsoft will never release a patch in the same time as linux is because microsoft has no where near the number of testers as the linux development team.
also if you look at the number of people running as an admin for everyday computing Ill bet you its closer to 85 to 90 percent on the windows side and 1 to 2 percent on the linux side. That makes it way easier to execute a flaw on windows than it is on linux.
and I dont even understand your last point so I'll let it slide. - Vadi0, on 11/29/2008, -3/+16Upgrade ASAP if you haven't already. System - Administration - Upgrade Manager.
- geniusj, on 11/29/2008, -1/+13I haven't looked into it, but if it's a kernel vulnerability, I'm doubting it's specific to ubuntu...
- ethana2, on 11/29/2008, -5/+17At least until Canonical issues security updates...
Nothing is perfect. Ubuntu, Fedora, SuSE, OSX, OSOL, and BSD are secure. Windows is not. - hugolp, on 11/29/2008, -4/+14You obviously have no idea about computer science. There are a lot of linux server arround and they are upgraded constantly. And those linux servers are in critical positions.
- JohnFlux, on 11/29/2008, -0/+10But lots of other distros also include non-upstream patches. So maybe other distros have pulled in the same set of patches?
- zwaldowski, on 11/29/2008, -0/+9I believe it was one of those customizations Ubuntu does (e.g., integrated patches that aren't upstream yet.
- sinembarg0, on 11/30/2008, -2/+11It is one more click than is OSX, you ***** douche. Ubuntu pops up a notification saying updates are available, you click it, it shows you a list of updates, you click install, then type your password. Same as on OS X, but it checks for updates much more often (OSX is maybe once per week). Also, with Ubuntu, you have to restart a lot less than OS X for updates.
It would be wise if you shut the ***** up about things which you do not know. "It is better to close your mouth and let people think you are an idiot than to open your mouth and prove them right." - vinceislegend, on 11/29/2008, -5/+14Kudos to the developers for fixing these already.
Still, doesn't enumerating all the exact vulnerabilities for the whole world seem like a bad idea? - rdoger6424, on 11/29/2008, -0/+9Simple math
7 < 24
anybody who doesn't understand this should walk. - aywwts4, on 11/29/2008, -1/+10Crap, I just finished compiling a custom kernel for my Aspire One two days ago. Now to do it all over again.
Are any of these attacks remote exploits? or just remote crashes and local attacks? From what I can tell everything just says Remote DOS, nothing about executing code. If its just a DOS that's not really too worrying. - Manther, on 11/29/2008, -1/+9Not if they're already fixed... There's not any real big worry if the vulnerabilities aren't around after they've been released to the public...
- jcruzlara, on 11/29/2008, -2/+10This is yet another reason people need to start to know what they are talking about. Ubuntu also has an automated updater nagger, I just found out about the vulnerability, and I also just found out that my computer was already patched. Stop bragging.
- smotpoker, on 11/30/2008, -1/+9#1 Do you have a source to verify that the bug existed in Linux as well? From what I remember and read just now googling it primarily affected BSDs. The only mentions of Linux suggest it was unaffected (probably because Linux usually uses gnu utilities/libs for fs reading which were created by RMS/GNU in an effort to avoid proprietary applications well after Unix was developed).
#2 It took 25 years to produce a significant/noticeable impact and get detected. Fixing it only took a few days at most I assume - edwinjose, on 11/30/2008, -1/+9My update was automatic. Use Ubuntu before complaining.
- tehmacuser, on 11/29/2008, -0/+8It cut off. It was supposed to read "All Ubuntu Users"
- Heywoodj, on 11/29/2008, -4/+11I wondered what that big bunch of updates was yesterday.
Thanks for the post-mordem - smotpoker, on 11/29/2008, -0/+7OMG, don't get the full disclosure debate started, haha. Many argue full disclosure ASAP is best because it forces developers to create patches faster and users/admins to apply them and both can learn from their mistakes faster (as Slade mentioned)
Others favor only partial disclosure to give developers time to create a proper/well-tested patch and prevent crackers from gaining a foothold.
IMO there is no clear/universal answer. It depends on how well know the class of vuln found is, how many people it affects, how critical it is and how hard it is to rectify. Full disclosure is best if you ask me, but *immediate* full disclosure without a window to properly research a resolution is a bit unfair (especially with more obscure flaws) - maz2331, on 11/29/2008, -0/+7The different distros tend to integrate their own patches, so the kernels are slightly different.
- smotpoker, on 11/29/2008, -1/+8Plus most are for older Ubuntu releases ( > 1 yr old) and are ubuntu-specific (don't affect other Linux versions)
- noisymime, on 11/29/2008, -1/+8So you're saying that MS are slow releasing patches because they have a crappy update mechanism and overly complex product family?
Maybe they should fix that then.... Just sayin' is all. - goober1473, on 11/29/2008, -2/+9First one, a user with root priv could crash a system. Or rather than figure out how to do this they could just run shutdown/halt etc.
- gcnaddict, on 11/29/2008, -2/+9Yes they have.
http://www.microsoft.com/technet/security/Bulletin ...
That one was corrected within hours of Microsoft finding out about it. It was even pushed out as an out-of-band patch. - javaroast, on 11/29/2008, -0/+6Those systems are at risk whether it is public or not. Hiding vulnerabilities does nothing to increase security.
- inactive, on 11/30/2008, -0/+6IE is a polished turd!
Nest a division with 0 padding and 0 margin. Where does the extra 3 pix come from? Out of its ass....
Like most things produced by Microsoft advertising inc... - Slade605, on 11/29/2008, -0/+6That was someone else doesn't make the same mistake.
- SuperMoses, on 11/29/2008, -3/+9Thanks captain obvious.
This will now debunk all those Ubuntu commercials claiming they were perfect /sarcasm - diggproof, on 11/29/2008, -0/+51longtime are you serious? That's one site and it's a site for web developers, those numbers don't reflect actual market share.
- smotpoker, on 11/30/2008, -0/+5Perhaps it would be "funny" if what you said was even remotely accurate. What's *actually* funny is how you still manage to think you have the slightest clue about computers/technology despite being proven wrong and making a fool of yourself time and again.
We rag on Windows security because MS has no idea how to implement it properly and resolve their issues (or they simply refuse to bother), which in the end makes everyone on the internet suffer (whether they are too ignorant to notice half of the time or not). We praise FOSS vendors/OSes because, despite having relatively little funding or corporate support, they always manage to come together and resolve problems which usually provides benefits superior than their proprietary counterparts.
It is a David vs Goliath paradigm in many respects and lots of people root for the underdog. What is really astonishing is how FOSS solutions have been superior to their proprietary counterparts on many fronts for over a decade with almost no corporate sponsorship (that really just picked up the last 3-4 years and from what I can tell doesn't provide all that much benefit except maybe on the virtualization front).
To many of us it is inspiring/gratifying/fulfilling to see how the power/will of individuals can manage to coalesce and surpass the efforts of giant monopolistic corporations who use dirty tactics and have 1000x more resources to blow... in a way it is a testament to the triumph of human spirit and good work ethic that so many businesses these days forego just to make the fastest/easiest buck possible regardless of who it hurts.
If it's what you want, just keep running around skewing facts and misrepresenting reality to fit your argument that only POS multi-billion dollar corps who have been caught defrauding customers and engaging in underhanded/unfair tactics countless times deserve our money/support. You will only continue making yourself look like an imbecile to anyone who has faculties for objective reasoning. - desslock73, on 11/29/2008, -11/+16Further proof no O/S is perfect.
- PhailQuail, on 11/29/2008, -0/+5VirtualBox is pretty simple, it gives you text to copy/paste into a terminal to run when you boot it up.
That was awhile ago though, it might do this automatically now. - ertz, on 11/29/2008, -6/+11Thank God I'm running Windows Vista... Oh wait...
- thecwin, on 11/29/2008, -1/+6Most of these vulnerabilities are denial of service and/or local only, and can't be used to access sensitive data or install rootkits. Plus very few of them work on the LTS version, which is what you should be running on a computer with sensitive data, like a server, particularly if you expect local users who aren't trusted to be messing around on it.
Nevertheless this is fairly serious, but not quite as serious as the other splice bug back in February (?).
Out of curiousity, has anyone ever done a security audit of the hardware drivers loaded on a typical Dell/HP server when running Windows (rather than just Windows itself)? - inactive, on 11/30/2008, -0/+5Ubuntu us, Ubuntu you, Ubuntu we, Ubuntu for every body...
(I must be drunk, broke into a tune by george...) - edwinjose, on 11/30/2008, -0/+5I updated out of this problem already.
- noisymime, on 11/29/2008, -0/+5@majortom1981
If the flaw is only being patched in Ubuntu, it means the problem is only present within the Ubuntu packages. If it was something that affected everyone, it would have been pushed upstream and corrected there.
Yes, updates can be set to happen automatically (Usually without the need for a reboot). Generally the updates don't even require the programs being updated to be closed. Machines can be set to use the main Ubuntu servers or your company can use its own apt repository that mirrors from Canonical. In this way, you have a chance to test every last little update that comes through before it gets rolled out to your production machines.
If you want even finer control, there's a stack of excellent update and configuration management packages out there that let you specify exactly when and how updates get pushed out giving much greater control than WSUS.
I'm not going to comment on your proxy server problem as it really just sounds like trolling. There's a million reasons it might have failed, PEBKAC being one of them. - czeman, on 11/29/2008, -2/+7What a concept!!! The Linux Community actually fixes problems immediately. Microsoft develops a marketing campaign to put problems with their products in the backs of our minds.
- CrudOMatic, on 11/29/2008, -0/+5Yes and No. MS WILL fix security problems in the OS itself quickly, but just stand around and kick the carpet when it comes to some apps (IE anyone?)
It seems that if there is a new version of an app on the drawing board, so to speak, they just ignore most bugs in the current version unless pressured to fix them. - smotpoker, on 11/29/2008, -1/+5There was an sgid issue as well but I think it only affects older versions of Ubuntu
Edit -
Here it is: "3. When files were created in the setgid directories, the Linux kernel package couldn't accurately strip permissions. Because of this, a local user could gain extra group privileges. This issue was discovered by David Watson and it affects only Ubuntu 6.06 LTS users!"
6.06 is what? Like 2 years old? I doubt that is what you're using on your aspire - prodigitalson, on 11/29/2008, -0/+4Yeah i wouldnt hold my breath for Adobe either. Its a catch 22, for adobe to even consider supporting linux there has to be a signifigant professional user base. For that user base to exists the Adobe apps have to be in place on that OS. See where im going with this?
The best you can do Is a Dual boot machine, Virtualization, or OS X (since you know... its a modified BSD underneath).
Games on the other hand... ***** GAMES. Get a damn console. - NexusV2, on 11/29/2008, -1/+5Yeah, I read that part too...
-
Show 51 - 100 of 135 discussions
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is