senooken JP Social
  • FAQ
  • Login
senooken JP Socialはsenookenの専用分散SNSです。
  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. r҉ustic cy͠be̸rpu̵nk???????? (cypnk@mastodon.social)'s status on Saturday, 15-Sep-2018 18:09:28 JST r҉ustic cy͠be̸rpu̵nk???????? r҉ustic cy͠be̸rpu̵nk????????

    So Alpine Linux has a pretty serious set of vulnerabilities because

    - It doesn’t download packages over TLS, making them prone to MitM. Which on its own isn’t terrible but it also...

    - Doesn’t check hashes before extracting to root (!)

    - And uses custom gzip code which is vulnerable to arbitrary code execution (!!)

    #Infosec

    https://justi.cz/security/2018/09/13/alpine-apk-rce.html

    In conversation Saturday, 15-Sep-2018 18:09:28 JST from mastodon.social permalink
    • Stanislas :nixos: repeated this.
    • Stanislas :nixos: (angristan@mstdn.io)'s status on Sunday, 16-Sep-2018 22:41:40 JST Stanislas :nixos: Stanislas :nixos:
      • steelman

      @steelman @cypnk indeed

      In conversation Sunday, 16-Sep-2018 22:41:40 JST permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

senooken JP Social is a social network, courtesy of senooken. It runs on GNU social, version 2.0.2-beta0, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All senooken JP Social content and data are available under the Creative Commons Attribution 3.0 license.