Discussion:
My SuSE Security Icon Is Red Again. Is Linux really secure?
(too old to reply)
Josh
2005-08-24 02:04:07 UTC
Permalink
I seem to be getting an awful many lot of Suse Security Advices.

These are some of them. I wonder how many are out in wild that Suse has
not told about?
I don't think Linux and it's applications appear too very secure with
at least one alert per week average.

http://www.novell.com/linux/security/advisories.html

22 Aug 2005 acroread: remote code execution
19 Aug 2005 SUSE Security Summary Report
15 Aug 2005 apache, apache2: authentication bypass
11 Aug 2005 mozilla, MozillaFirefox, epiphany, galeon: information
leak
04 Aug 2005 kernel: local privilege escalation
28 Jul 2005 zlib: denial of service
28 Jul 2005 SUSE Security Summary Report
14 Jul 2005 Acrobat Reader 5: buffer overflow
13 Jul 2005 SUSE Security Summary Report
07 Jul 2005 php/pear XML::RPC: remote code execution
06 Jul 2005 heimdal: remote code execution
06 Jul 2005 zlib: remote denial of service
29 Jun 2005 clamav: multiple security and other bugfixes
27 Jun 2005 RealPlayer remote buffer overflow
24 Jun 2005 sudo: race condition, arbitrary code execution
23 Jun 2005 razor-agents: denial of service attack
22 Jun 2005 opera: various problems
22 Jun 2005 spamassassin: remote denial of service
22 Jun 2005 SUN Java security problems
17 Jun 2005 SUSE Security Summary Report
15 Jun 2005 Opera: various problems
10 Jun 2005 SUSE Security Summary Report
09 Jun 2005 Mozilla Firefox: various problems
09 Jun 2005 kernel: several security problems
07 Jun 2005 SUSE Security Summary Report
18 May 2005 SUSE Security Summary Report
29 Apr 2005 SUSE Security Summary Report
27 Apr 2005 Mozilla Firefox: various security problems
20 Apr 2005 PostgreSQL: buffer overflow problems
20 Apr 2005 RealPlayer: buffer overflow in RAM file handling
19 Apr 2005 OpenOffice_org: heap overflow problem
18 Apr 2005 cvs: remote code execution
15 Apr 2005 SUSE Security Summary Report
15 Apr 2005 php4, php5: remote denial of service
11 Apr 2005 kdelibs3: various KDE security problems
08 Apr 2005 SUSE Security Summary Report
04 Apr 2005 kernel: local privilege escalation
31 Mar 2005 ipsec-tools: remote denial of service
29 Mar 2005 SUSE Security Summary Report
24 Mar 2005 MySQL: remote code execution
24 Mar 2005 kernel: remote denial of service
23 Mar 2005 ImageMagick: remote code execution
18 Mar 2005 SUSE Security Summary Report
16 Mar 2005 Mozilla Firefox: remote code execution
14 Mar 2005 openslp: remote command execution
09 Mar 2005 RealPlayer: remote buffer overflow
04 Mar 2005 SUSE Security Summary Report
03 Mar 2005 cyrus-sasl: remote code execution
01 Mar 2005 imap: remote authentication bypass
28 Feb 2005 curl: buffer overflow in NTLM authentication
25 Feb 2005 SUSE Security Summary Report
25 Feb 2005 kernel: nvidia bugfix update
24 Feb 2005 cyrus-imapd: buffer overflows
22 Feb 2005 squid: remote denial of service
18 Feb 2005 SUSE Security Summary Report
14 Feb 2005 mailman: remote file disclosure
11 Feb 2005 SUSE Security Summary Report
10 Feb 2005 squid: remote command execution
04 Feb 2005 kernel bugfixes and SP1 merge
04 Feb 2005 SUSE Security Summary Report
26 Jan 2005 SUSE Security Summary Report
24 Jan 2005 realplayer 8: remote code execution
21 Jan 2005 kernel: local privilege escalation
17 Jan 2005 php4/mod_php4: remote code execution
12 Jan 2005 SUSE Security Summary Report
10 Jan 2005 libtiff/tiff: remote system compromise
22 Dec 2004 samba: remote privilege escalation
22 Dec 2004 kernel: various kernel problems
21 Dec 2004 SUSE Security Summary Report
16 Dec 2004 SUSE Security Summary Report
07 Dec 2004 SUSE Security Summary Report
03 Dec 2004 cyrus_imapd: remote command execution
01 Dec 2004 kernel: local and remote denial of service
Josh
m***@gmail.com
2005-08-24 02:12:41 UTC
Permalink
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
These are some of them. I wonder how many are out in wild that Suse has
not told about?
I don't think Linux and it's applications appear too very secure with
at least one alert per week average.
http://www.novell.com/linux/security/advisories.html
22 Aug 2005 acroread: remote code execution
19 Aug 2005 SUSE Security Summary Report
15 Aug 2005 apache, apache2: authentication bypass
11 Aug 2005 mozilla, MozillaFirefox, epiphany, galeon: information
leak
04 Aug 2005 kernel: local privilege escalation
28 Jul 2005 zlib: denial of service
28 Jul 2005 SUSE Security Summary Report
14 Jul 2005 Acrobat Reader 5: buffer overflow
13 Jul 2005 SUSE Security Summary Report
07 Jul 2005 php/pear XML::RPC: remote code execution
06 Jul 2005 heimdal: remote code execution
06 Jul 2005 zlib: remote denial of service
29 Jun 2005 clamav: multiple security and other bugfixes
27 Jun 2005 RealPlayer remote buffer overflow
24 Jun 2005 sudo: race condition, arbitrary code execution
23 Jun 2005 razor-agents: denial of service attack
22 Jun 2005 opera: various problems
22 Jun 2005 spamassassin: remote denial of service
22 Jun 2005 SUN Java security problems
17 Jun 2005 SUSE Security Summary Report
15 Jun 2005 Opera: various problems
10 Jun 2005 SUSE Security Summary Report
09 Jun 2005 Mozilla Firefox: various problems
09 Jun 2005 kernel: several security problems
07 Jun 2005 SUSE Security Summary Report
18 May 2005 SUSE Security Summary Report
29 Apr 2005 SUSE Security Summary Report
27 Apr 2005 Mozilla Firefox: various security problems
20 Apr 2005 PostgreSQL: buffer overflow problems
20 Apr 2005 RealPlayer: buffer overflow in RAM file handling
19 Apr 2005 OpenOffice_org: heap overflow problem
18 Apr 2005 cvs: remote code execution
15 Apr 2005 SUSE Security Summary Report
15 Apr 2005 php4, php5: remote denial of service
11 Apr 2005 kdelibs3: various KDE security problems
08 Apr 2005 SUSE Security Summary Report
04 Apr 2005 kernel: local privilege escalation
31 Mar 2005 ipsec-tools: remote denial of service
29 Mar 2005 SUSE Security Summary Report
24 Mar 2005 MySQL: remote code execution
24 Mar 2005 kernel: remote denial of service
23 Mar 2005 ImageMagick: remote code execution
18 Mar 2005 SUSE Security Summary Report
16 Mar 2005 Mozilla Firefox: remote code execution
14 Mar 2005 openslp: remote command execution
09 Mar 2005 RealPlayer: remote buffer overflow
04 Mar 2005 SUSE Security Summary Report
03 Mar 2005 cyrus-sasl: remote code execution
01 Mar 2005 imap: remote authentication bypass
28 Feb 2005 curl: buffer overflow in NTLM authentication
25 Feb 2005 SUSE Security Summary Report
25 Feb 2005 kernel: nvidia bugfix update
24 Feb 2005 cyrus-imapd: buffer overflows
22 Feb 2005 squid: remote denial of service
18 Feb 2005 SUSE Security Summary Report
14 Feb 2005 mailman: remote file disclosure
11 Feb 2005 SUSE Security Summary Report
10 Feb 2005 squid: remote command execution
04 Feb 2005 kernel bugfixes and SP1 merge
04 Feb 2005 SUSE Security Summary Report
26 Jan 2005 SUSE Security Summary Report
24 Jan 2005 realplayer 8: remote code execution
21 Jan 2005 kernel: local privilege escalation
17 Jan 2005 php4/mod_php4: remote code execution
12 Jan 2005 SUSE Security Summary Report
10 Jan 2005 libtiff/tiff: remote system compromise
22 Dec 2004 samba: remote privilege escalation
22 Dec 2004 kernel: various kernel problems
21 Dec 2004 SUSE Security Summary Report
16 Dec 2004 SUSE Security Summary Report
07 Dec 2004 SUSE Security Summary Report
03 Dec 2004 cyrus_imapd: remote command execution
01 Dec 2004 kernel: local and remote denial of service
Josh
So because OSS tends to release bug fixes ASAP, and MS prefers to wait
and send single mega-fixes (that often break as much as they fix) you
conlcude that OSS is insecure?
Nigel Feltham
2005-08-24 20:39:06 UTC
Permalink
Post by m***@gmail.com
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
These are some of them. I wonder how many are out in wild that Suse has
not told about?
I don't think Linux and it's applications appear too very secure with
at least one alert per week average.
http://www.novell.com/linux/security/advisories.html
22 Aug 2005 acroread: remote code execution
19 Aug 2005 SUSE Security Summary Report
15 Aug 2005 apache, apache2: authentication bypass
11 Aug 2005 mozilla, MozillaFirefox, epiphany, galeon: information
leak
04 Aug 2005 kernel: local privilege escalation
28 Jul 2005 zlib: denial of service
28 Jul 2005 SUSE Security Summary Report
14 Jul 2005 Acrobat Reader 5: buffer overflow
13 Jul 2005 SUSE Security Summary Report
07 Jul 2005 php/pear XML::RPC: remote code execution
06 Jul 2005 heimdal: remote code execution
06 Jul 2005 zlib: remote denial of service
29 Jun 2005 clamav: multiple security and other bugfixes
27 Jun 2005 RealPlayer remote buffer overflow
24 Jun 2005 sudo: race condition, arbitrary code execution
23 Jun 2005 razor-agents: denial of service attack
22 Jun 2005 opera: various problems
22 Jun 2005 spamassassin: remote denial of service
22 Jun 2005 SUN Java security problems
17 Jun 2005 SUSE Security Summary Report
15 Jun 2005 Opera: various problems
10 Jun 2005 SUSE Security Summary Report
09 Jun 2005 Mozilla Firefox: various problems
09 Jun 2005 kernel: several security problems
07 Jun 2005 SUSE Security Summary Report
18 May 2005 SUSE Security Summary Report
29 Apr 2005 SUSE Security Summary Report
27 Apr 2005 Mozilla Firefox: various security problems
20 Apr 2005 PostgreSQL: buffer overflow problems
20 Apr 2005 RealPlayer: buffer overflow in RAM file handling
19 Apr 2005 OpenOffice_org: heap overflow problem
18 Apr 2005 cvs: remote code execution
15 Apr 2005 SUSE Security Summary Report
15 Apr 2005 php4, php5: remote denial of service
11 Apr 2005 kdelibs3: various KDE security problems
08 Apr 2005 SUSE Security Summary Report
04 Apr 2005 kernel: local privilege escalation
31 Mar 2005 ipsec-tools: remote denial of service
29 Mar 2005 SUSE Security Summary Report
24 Mar 2005 MySQL: remote code execution
24 Mar 2005 kernel: remote denial of service
23 Mar 2005 ImageMagick: remote code execution
18 Mar 2005 SUSE Security Summary Report
16 Mar 2005 Mozilla Firefox: remote code execution
14 Mar 2005 openslp: remote command execution
09 Mar 2005 RealPlayer: remote buffer overflow
04 Mar 2005 SUSE Security Summary Report
03 Mar 2005 cyrus-sasl: remote code execution
01 Mar 2005 imap: remote authentication bypass
28 Feb 2005 curl: buffer overflow in NTLM authentication
25 Feb 2005 SUSE Security Summary Report
25 Feb 2005 kernel: nvidia bugfix update
24 Feb 2005 cyrus-imapd: buffer overflows
22 Feb 2005 squid: remote denial of service
18 Feb 2005 SUSE Security Summary Report
14 Feb 2005 mailman: remote file disclosure
11 Feb 2005 SUSE Security Summary Report
10 Feb 2005 squid: remote command execution
04 Feb 2005 kernel bugfixes and SP1 merge
04 Feb 2005 SUSE Security Summary Report
26 Jan 2005 SUSE Security Summary Report
24 Jan 2005 realplayer 8: remote code execution
21 Jan 2005 kernel: local privilege escalation
17 Jan 2005 php4/mod_php4: remote code execution
12 Jan 2005 SUSE Security Summary Report
10 Jan 2005 libtiff/tiff: remote system compromise
22 Dec 2004 samba: remote privilege escalation
22 Dec 2004 kernel: various kernel problems
21 Dec 2004 SUSE Security Summary Report
16 Dec 2004 SUSE Security Summary Report
07 Dec 2004 SUSE Security Summary Report
03 Dec 2004 cyrus_imapd: remote command execution
01 Dec 2004 kernel: local and remote denial of service
Josh
So because OSS tends to release bug fixes ASAP, and MS prefers to wait
and send single mega-fixes (that often break as much as they fix) you
conlcude that OSS is insecure?
Plus how often do MS systems automatically receive updates for Acroread,
Realplay, Firefox, Openoffice and Opera.

This loser is comparing the amount of updates for the Windows OS with the
amount for Linux OS + all the applications and claiming Linux is less
secure because there are more updates - Try comparing like with like and
add the updates for Windows, Office (the MS equivalent of Openoffice), IIS
(ms equivalent of apache), Realplay, Firefox and Acroread together and then
compare this total with the number of updates for Linux and then see who
needs to update most often.

Then compare how easy it is to install those updates - the Linux OS and
Applications all get their updates installed from one place, the Windows
solution requires the user or administrator to get updates from at least 4
different companies (most of which don't have any way to automate updates)
for the same setup of apps shown in the OP's list.
TheLetterK
2005-08-24 02:27:17 UTC
Permalink
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
This is a good thing. You want fast response and pre-emptive patches.
Post by Josh
These are some of them. I wonder how many are out in wild that Suse has
not told about?
Generally, the patches are distributed ASAP--and there's not much Novell
could do to suppress vulnerability reports.
Post by Josh
I don't think Linux and it's applications appear too very secure with
at least one alert per week average.
This is why th eOpen Source Model generates secure software. It's
patched early, and often. Vulnerabilities are not hidden, they're solved.
Post by Josh
http://www.novell.com/linux/security/advisories.html
22 Aug 2005 acroread: remote code execution
19 Aug 2005 SUSE Security Summary Report
15 Aug 2005 apache, apache2: authentication bypass
11 Aug 2005 mozilla, MozillaFirefox, epiphany, galeon: information
leak
04 Aug 2005 kernel: local privilege escalation
28 Jul 2005 zlib: denial of service
28 Jul 2005 SUSE Security Summary Report
14 Jul 2005 Acrobat Reader 5: buffer overflow
13 Jul 2005 SUSE Security Summary Report
07 Jul 2005 php/pear XML::RPC: remote code execution
06 Jul 2005 heimdal: remote code execution
06 Jul 2005 zlib: remote denial of service
29 Jun 2005 clamav: multiple security and other bugfixes
27 Jun 2005 RealPlayer remote buffer overflow
24 Jun 2005 sudo: race condition, arbitrary code execution
23 Jun 2005 razor-agents: denial of service attack
22 Jun 2005 opera: various problems
22 Jun 2005 spamassassin: remote denial of service
22 Jun 2005 SUN Java security problems
17 Jun 2005 SUSE Security Summary Report
15 Jun 2005 Opera: various problems
10 Jun 2005 SUSE Security Summary Report
09 Jun 2005 Mozilla Firefox: various problems
09 Jun 2005 kernel: several security problems
07 Jun 2005 SUSE Security Summary Report
18 May 2005 SUSE Security Summary Report
29 Apr 2005 SUSE Security Summary Report
27 Apr 2005 Mozilla Firefox: various security problems
20 Apr 2005 PostgreSQL: buffer overflow problems
20 Apr 2005 RealPlayer: buffer overflow in RAM file handling
19 Apr 2005 OpenOffice_org: heap overflow problem
18 Apr 2005 cvs: remote code execution
15 Apr 2005 SUSE Security Summary Report
15 Apr 2005 php4, php5: remote denial of service
11 Apr 2005 kdelibs3: various KDE security problems
08 Apr 2005 SUSE Security Summary Report
04 Apr 2005 kernel: local privilege escalation
31 Mar 2005 ipsec-tools: remote denial of service
29 Mar 2005 SUSE Security Summary Report
24 Mar 2005 MySQL: remote code execution
24 Mar 2005 kernel: remote denial of service
23 Mar 2005 ImageMagick: remote code execution
18 Mar 2005 SUSE Security Summary Report
16 Mar 2005 Mozilla Firefox: remote code execution
14 Mar 2005 openslp: remote command execution
09 Mar 2005 RealPlayer: remote buffer overflow
04 Mar 2005 SUSE Security Summary Report
03 Mar 2005 cyrus-sasl: remote code execution
01 Mar 2005 imap: remote authentication bypass
28 Feb 2005 curl: buffer overflow in NTLM authentication
25 Feb 2005 SUSE Security Summary Report
25 Feb 2005 kernel: nvidia bugfix update
24 Feb 2005 cyrus-imapd: buffer overflows
22 Feb 2005 squid: remote denial of service
18 Feb 2005 SUSE Security Summary Report
14 Feb 2005 mailman: remote file disclosure
11 Feb 2005 SUSE Security Summary Report
10 Feb 2005 squid: remote command execution
04 Feb 2005 kernel bugfixes and SP1 merge
04 Feb 2005 SUSE Security Summary Report
26 Jan 2005 SUSE Security Summary Report
24 Jan 2005 realplayer 8: remote code execution
21 Jan 2005 kernel: local privilege escalation
17 Jan 2005 php4/mod_php4: remote code execution
12 Jan 2005 SUSE Security Summary Report
10 Jan 2005 libtiff/tiff: remote system compromise
22 Dec 2004 samba: remote privilege escalation
22 Dec 2004 kernel: various kernel problems
21 Dec 2004 SUSE Security Summary Report
16 Dec 2004 SUSE Security Summary Report
07 Dec 2004 SUSE Security Summary Report
03 Dec 2004 cyrus_imapd: remote command execution
01 Dec 2004 kernel: local and remote denial of service
Josh
John Perry
2005-08-24 03:01:51 UTC
Permalink
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
...could do to suppress vulnerability reports.
Post by Josh
I don't think Linux and it's applications appear too very secure with
at least one alert per week average.
This is why th eOpen Source Model generates secure software. It's
patched early, and often. Vulnerabilities are not hidden, they're solved.
...And, almost always, they're the result of diligent review by the
people working on the software, not worldwide catastrophes due to the
bad guys being more diligent than the seller. These things don't show
up because someone has used them to corrupt systems, they show up
because people are doing good work on their software.

John Perry
Linønut
2005-08-24 03:52:48 UTC
Permalink
Post by John Perry
...And, almost always, they're the result of diligent review by the
people working on the software, not worldwide catastrophes due to the
bad guys being more diligent than the seller. These things don't show
up because someone has used them to corrupt systems, they show up
because people are doing good work on their software.
And reporting them voluntarily.

A good coder loves to massage his/her code until it is near perfect.

Just ask Donald Knuth.

Don't ask Josh, though. He uses a simplistic (and erroneous, and
misleading) counting method to assess security.
--
Linux - A most satisfying eXPerience
T-minus4years
2005-08-24 03:48:24 UTC
Permalink
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
These are some of them. I wonder how many are out in wild that Suse has
not told about?
I don't think Linux and it's applications appear too very secure with
at least one alert per week average.
http://www.novell.com/linux/security/advisories.html
22 Aug 2005 acroread: remote code execution
19 Aug 2005 SUSE Security Summary Report
15 Aug 2005 apache, apache2: authentication bypass
11 Aug 2005 mozilla, MozillaFirefox, epiphany, galeon: information
leak
04 Aug 2005 kernel: local privilege escalation
28 Jul 2005 zlib: denial of service
28 Jul 2005 SUSE Security Summary Report
14 Jul 2005 Acrobat Reader 5: buffer overflow
13 Jul 2005 SUSE Security Summary Report
07 Jul 2005 php/pear XML::RPC: remote code execution
06 Jul 2005 heimdal: remote code execution
06 Jul 2005 zlib: remote denial of service
29 Jun 2005 clamav: multiple security and other bugfixes
27 Jun 2005 RealPlayer remote buffer overflow
24 Jun 2005 sudo: race condition, arbitrary code execution
23 Jun 2005 razor-agents: denial of service attack
22 Jun 2005 opera: various problems
22 Jun 2005 spamassassin: remote denial of service
22 Jun 2005 SUN Java security problems
17 Jun 2005 SUSE Security Summary Report
15 Jun 2005 Opera: various problems
10 Jun 2005 SUSE Security Summary Report
09 Jun 2005 Mozilla Firefox: various problems
09 Jun 2005 kernel: several security problems
07 Jun 2005 SUSE Security Summary Report
18 May 2005 SUSE Security Summary Report
29 Apr 2005 SUSE Security Summary Report
27 Apr 2005 Mozilla Firefox: various security problems
20 Apr 2005 PostgreSQL: buffer overflow problems
20 Apr 2005 RealPlayer: buffer overflow in RAM file handling
19 Apr 2005 OpenOffice_org: heap overflow problem
18 Apr 2005 cvs: remote code execution
15 Apr 2005 SUSE Security Summary Report
15 Apr 2005 php4, php5: remote denial of service
11 Apr 2005 kdelibs3: various KDE security problems
08 Apr 2005 SUSE Security Summary Report
04 Apr 2005 kernel: local privilege escalation
31 Mar 2005 ipsec-tools: remote denial of service
29 Mar 2005 SUSE Security Summary Report
24 Mar 2005 MySQL: remote code execution
24 Mar 2005 kernel: remote denial of service
23 Mar 2005 ImageMagick: remote code execution
18 Mar 2005 SUSE Security Summary Report
16 Mar 2005 Mozilla Firefox: remote code execution
14 Mar 2005 openslp: remote command execution
09 Mar 2005 RealPlayer: remote buffer overflow
04 Mar 2005 SUSE Security Summary Report
03 Mar 2005 cyrus-sasl: remote code execution
01 Mar 2005 imap: remote authentication bypass
28 Feb 2005 curl: buffer overflow in NTLM authentication
25 Feb 2005 SUSE Security Summary Report
25 Feb 2005 kernel: nvidia bugfix update
24 Feb 2005 cyrus-imapd: buffer overflows
22 Feb 2005 squid: remote denial of service
18 Feb 2005 SUSE Security Summary Report
14 Feb 2005 mailman: remote file disclosure
11 Feb 2005 SUSE Security Summary Report
10 Feb 2005 squid: remote command execution
04 Feb 2005 kernel bugfixes and SP1 merge
04 Feb 2005 SUSE Security Summary Report
26 Jan 2005 SUSE Security Summary Report
24 Jan 2005 realplayer 8: remote code execution
21 Jan 2005 kernel: local privilege escalation
17 Jan 2005 php4/mod_php4: remote code execution
12 Jan 2005 SUSE Security Summary Report
10 Jan 2005 libtiff/tiff: remote system compromise
22 Dec 2004 samba: remote privilege escalation
22 Dec 2004 kernel: various kernel problems
21 Dec 2004 SUSE Security Summary Report
16 Dec 2004 SUSE Security Summary Report
07 Dec 2004 SUSE Security Summary Report
03 Dec 2004 cyrus_imapd: remote command execution
01 Dec 2004 kernel: local and remote denial of service
Josh
And, since these were discovered and patched by the software
developers, how many of these do you believe have been exploited by the
bad guys?
AeoN
2005-08-24 06:05:05 UTC
Permalink
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
These are some of them. I wonder how many are out in wild that Suse has
not told about?
I don't think Linux and it's applications appear too very secure with
at least one alert per week average.
http://www.novell.com/linux/security/advisories.html
Fine, but I rather deal with this than with anything Wincrap throws at me...
which it does often.
--
http://www.euronet.nl/users/frankvw/rants/microsoft/IhateMS.html
PerfectReign
2005-08-24 12:25:30 UTC
Permalink
On Wed, 24 Aug 2005 01:05:05 -0500, AeoN pretented somebody gave a rat's
Post by AeoN
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
These are some of them. I wonder how many are out in wild that Suse has
not told about?
I don't think Linux and it's applications appear too very secure with
at least one alert per week average.
http://www.novell.com/linux/security/advisories.html
Fine, but I rather deal with this than with anything Wincrap throws at me...
which it does often.
I wonder just how fucking stupid you are to post this kind of thing.

Let's see, the number of Linux viruses EVER out in the wild. One.

The number of years since that linux virus was out in the wild. Eight.

The number of Linux viruses out in the wild right now. Zero.

FOAD.

HAND.
--
kai
www.perfectreign.com

If we drove to Walla Walla and put a bullet between his eyes,
his last thought would be "Ah HA! I win! I made you react!"
--anon
Patrick Grimbergen
2005-08-24 06:07:54 UTC
Permalink
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
These are some of them. I wonder how many are out in wild that Suse has
not told about?
I don't think Linux and it's applications appear too very secure with
at least one alert per week average.
http://www.novell.com/linux/security/advisories.html
22 Aug 2005 acroread: remote code execution
19 Aug 2005 SUSE Security Summary Report
15 Aug 2005 apache, apache2: authentication bypass
11 Aug 2005 mozilla, MozillaFirefox, epiphany, galeon: information
leak
04 Aug 2005 kernel: local privilege escalation
28 Jul 2005 zlib: denial of service
28 Jul 2005 SUSE Security Summary Report
14 Jul 2005 Acrobat Reader 5: buffer overflow
13 Jul 2005 SUSE Security Summary Report
07 Jul 2005 php/pear XML::RPC: remote code execution
06 Jul 2005 heimdal: remote code execution
06 Jul 2005 zlib: remote denial of service
29 Jun 2005 clamav: multiple security and other bugfixes
27 Jun 2005 RealPlayer remote buffer overflow
24 Jun 2005 sudo: race condition, arbitrary code execution
23 Jun 2005 razor-agents: denial of service attack
22 Jun 2005 opera: various problems
22 Jun 2005 spamassassin: remote denial of service
22 Jun 2005 SUN Java security problems
17 Jun 2005 SUSE Security Summary Report
15 Jun 2005 Opera: various problems
10 Jun 2005 SUSE Security Summary Report
09 Jun 2005 Mozilla Firefox: various problems
09 Jun 2005 kernel: several security problems
07 Jun 2005 SUSE Security Summary Report
18 May 2005 SUSE Security Summary Report
29 Apr 2005 SUSE Security Summary Report
27 Apr 2005 Mozilla Firefox: various security problems
20 Apr 2005 PostgreSQL: buffer overflow problems
20 Apr 2005 RealPlayer: buffer overflow in RAM file handling
19 Apr 2005 OpenOffice_org: heap overflow problem
18 Apr 2005 cvs: remote code execution
15 Apr 2005 SUSE Security Summary Report
15 Apr 2005 php4, php5: remote denial of service
11 Apr 2005 kdelibs3: various KDE security problems
08 Apr 2005 SUSE Security Summary Report
04 Apr 2005 kernel: local privilege escalation
31 Mar 2005 ipsec-tools: remote denial of service
29 Mar 2005 SUSE Security Summary Report
24 Mar 2005 MySQL: remote code execution
24 Mar 2005 kernel: remote denial of service
23 Mar 2005 ImageMagick: remote code execution
18 Mar 2005 SUSE Security Summary Report
16 Mar 2005 Mozilla Firefox: remote code execution
14 Mar 2005 openslp: remote command execution
09 Mar 2005 RealPlayer: remote buffer overflow
04 Mar 2005 SUSE Security Summary Report
03 Mar 2005 cyrus-sasl: remote code execution
01 Mar 2005 imap: remote authentication bypass
28 Feb 2005 curl: buffer overflow in NTLM authentication
25 Feb 2005 SUSE Security Summary Report
25 Feb 2005 kernel: nvidia bugfix update
24 Feb 2005 cyrus-imapd: buffer overflows
22 Feb 2005 squid: remote denial of service
18 Feb 2005 SUSE Security Summary Report
14 Feb 2005 mailman: remote file disclosure
11 Feb 2005 SUSE Security Summary Report
10 Feb 2005 squid: remote command execution
04 Feb 2005 kernel bugfixes and SP1 merge
04 Feb 2005 SUSE Security Summary Report
26 Jan 2005 SUSE Security Summary Report
24 Jan 2005 realplayer 8: remote code execution
21 Jan 2005 kernel: local privilege escalation
17 Jan 2005 php4/mod_php4: remote code execution
12 Jan 2005 SUSE Security Summary Report
10 Jan 2005 libtiff/tiff: remote system compromise
22 Dec 2004 samba: remote privilege escalation
22 Dec 2004 kernel: various kernel problems
21 Dec 2004 SUSE Security Summary Report
16 Dec 2004 SUSE Security Summary Report
07 Dec 2004 SUSE Security Summary Report
03 Dec 2004 cyrus_imapd: remote command execution
01 Dec 2004 kernel: local and remote denial of service
Josh
Josh is known as a troll in AOL.Suse, but I am quite surtpriced he took the
tike to take a look at the SuSE website.
Darrell Stec
2005-08-24 21:22:13 UTC
Permalink
After serious contemplation, on or about Wednesday 24 August 2005 2:07 am
Post by Patrick Grimbergen
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
These are some of them. I wonder how many are out in wild that Suse has
not told about?
I don't think Linux and it's applications appear too very secure with
at least one alert per week average.
http://www.novell.com/linux/security/advisories.html
22 Aug 2005 acroread: remote code execution
19 Aug 2005 SUSE Security Summary Report
[rest of list snipped]
Post by Patrick Grimbergen
Post by Josh
01 Dec 2004 kernel: local and remote denial of service
Josh
Josh is known as a troll in AOL.Suse, but I am quite surtpriced he took
the tike to take a look at the SuSE website.
Yet his post insinuates that he personally is getting those Advisories
rather than copying from a website.
--
Later,
Darrell Stec ***@neo.rr.com

Webpage Sorcery
http://webpagesorcery.com
We Put the Magic in Your Webpages
Patrick Grimbergen
2005-08-24 22:10:40 UTC
Permalink
Post by Darrell Stec
Post by Patrick Grimbergen
Josh is known as a troll in AOL.Suse, but I am quite surtpriced he took
the tike to take a look at the SuSE website.
Yet his post insinuates that he personally is getting those Advisories
rather than copying from a website.
If I say I am a gorilla, does that mean I am so?
I don't say that he doesn't have some kind of linux experience, it's just
that his posts are always negative towards Linux and posted via Google
Groups. Apparently also via some Windoze machine in Africa, but I never
checked this myself.
Toosmoky
2005-08-24 07:38:44 UTC
Permalink
Post by Josh
I don't think Linux and it's applications appear too very secure with
at least one alert per week average.
Yet all that Windows Update updates is...Windows.

Not Acrobat, Realplayer, Firefox etc. Just Windows.
--
Toosmoky
Ride the Penguin...
http://toosmoky.d2.net.au
Brian Wakem
2005-08-24 08:29:11 UTC
Permalink
Post by Toosmoky
Post by Josh
I don't think Linux and it's applications appear too very secure with
at least one alert per week average.
Yet all that Windows Update updates is...Windows.
Not Acrobat, Realplayer, Firefox etc. Just Windows.
And Microsoft just keeps quiet about most security problems and hopes nobody
finds them.
--
Brian Wakem
Email: Loading Image...
John Kloosterman
2005-08-24 07:52:39 UTC
Permalink
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
These are some of them. I wonder how many are out in wild that Suse has
not told about?
I don't think Linux and it's applications appear too very secure with
at least one alert per week average.
[snip list]

Well - if you take a look at the exact weaknesess you can see they are
very difficult to exploit. So there was no serious danger here. Most
updates where "just to be sure", and thus closed the very unlikely
possibility of a exploit.

Now - the amount of tiny corrections just gives me a safe feeling. Even
before a whole chain of unlikely events would lead to a safety
compromise the tiny holes are repaired. Even before someone has the time
to figure out how to use it - its aready pached.

This is a security model thats fast and dynamic. It gives possible
crackers a very small "timewindow" to operate. So chances a real exploit
would take place are very dim.

Now - take the "security by obscurity" security model a closed software
vendor uses as a contrast. Here there are known exploits but they wait
until a lot of them can be "bundled" in one big patch. They hope no-one
will stumble upon this weakness because nobody *should* know. In
practice however this is a false hope, as demonstrated over and over
again. By using this policy they leave a very big "timewindow" in wich
crackers have a comfortable amout of time to develop a exploit an use it.

Also - by bundeling a lot of patches to one big patch, chances that one
or more patches brake anything increases dramaticly. In the Linux
security model every application or library etc. is patched seperatly.
If something goes wrong they can concentyrate on this soley patch. In
bundled paches like close source vendors use this is not possible.
Mosttimes they wait until the next bundled pactch to correct this. In
case of security-weaknesess this gives crackers a big "timewindow" (the
time between two bundled patches) to operate and do their evil things.

So - to sum up - my trust in the dynamic "lot of paches in a short
reaction time" is far bigger than the trust in "bundled patches in a
long time". Also my trust in open model is much bigger, because everyone
is informed much faster about weaknesess an can take countermeasures
before a exploit can take place. In the "security by obscuity" model,
most times users are informed when exploits *allready* have taking
place. The open source model thus has a pre-exploit safety model and the
closed source has a post-exploit security model.

In practice the post-exploit model has proven to be a serious
miscalculation. Al lot of people and corporations fell victem by
exploits that where *known* by the vendor but nót by the users.

In contrast the pre-exploit model has proven to be safer, because the
users are being informed as fast as possible an can take timley
countermeasures.

So - its not hard to decide with model to use to be really safe....

John.
Peter Jensen
2005-08-24 08:16:08 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
[Snip]

I find it a bit ironic that you bitch about a lot of minor software
updates that have never been exploited, while posting through a hacked
Windows machine in Sudan.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDDCzBd1ZThqotgfgRAjPeAJwPF2RoSb/EphIl+Zhu1KnEzE2lHQCgjfEv
2SboA8zUVwZ0392zpbsPJ/Q=
=wgVi
-----END PGP SIGNATURE-----
--
PeKaJe

Killing is stupid; useless!
-- McCoy, "A Private Little War", stardate 4211.8
Chris
2005-08-24 10:19:57 UTC
Permalink
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
These are some of them. I wonder how many are out in wild that Suse has
not told about?
I don't think Linux and it's applications appear too very secure with
at least one alert per week average.
http://www.novell.com/linux/security/advisories.html
So, what's your solution? Just ignore them for a month and then release
the patches in one nice big package that make's it /look/ like you have
fewer vulnerabilities. Oh wait someone's already thought of that and it
doesn't work!

Just switch off SuseWatcher if it really bothers you to have a secure
system. But don't come crying to us when you've been comprimised.

Nice try 'Josh'.
ray
2005-08-24 14:47:02 UTC
Permalink
You could certainly ignore the situation altogether. I don't think that
would be much of a risk. I've been running Linux on our home network,
three computers, for over a year - DSL is on 24/7/365 with no problems.
Andrew
2005-08-24 22:14:16 UTC
Permalink
Josh wrote:
<<<< snipping mindless dribble >>>>

Josh I have a word for you. Here I'll say it slowly so you can
understand it.


P... L ... O... I ... N... K
me
2005-08-25 00:22:01 UTC
Permalink
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
Josh
You know, I have been having a really bad time at work lately,
I can feel myself heading towards "going postal" It would be
such a shame for this to happen to someone random, can anyone
figure out the address of this troll and the others that buzz
incesantly around here? ( assuming that they aren't all the
same loser? )


;)
TokaMundo
2005-08-25 07:25:35 UTC
Permalink
Post by me
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
Josh
You know, I have been having a really bad time at work lately,
I can feel myself heading towards "going postal" It would be
such a shame for this to happen to someone random, can anyone
figure out the address of this troll and the others that buzz
incesantly around here? ( assuming that they aren't all the
same loser? )
;)
Smiley or not, your post is illegal. Under current homeland
security law, it can easily be construed as "domestic terrorism".
You could end up in a world of shit. Just like one cannot say "bomb"
in an airport, you cannot make stupid veiled threats in Usenet.

Get a clue, retard boy. NEVER say "going postal". The worst you
should ever say is "going coastal". That is where you leave work, go
down to the beach, and have a beer.
Don't take it lightly (this post). All it would take is ONE
complaint post from anyone, and your account would get nailed, and you
might get a knock on your door. If they take the time, manpower, and
resources to come to your door, your ass is grass, cause it will be
you that pays the cost.
Peter Köhlmann
2005-08-25 07:38:43 UTC
Permalink
Post by TokaMundo
Post by me
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
Josh
You know, I have been having a really bad time at work lately,
I can feel myself heading towards "going postal" It would be
such a shame for this to happen to someone random, can anyone
figure out the address of this troll and the others that buzz
incesantly around here? ( assuming that they aren't all the
same loser? )
;)
Smiley or not, your post is illegal. Under current homeland
security law, it can easily be construed as "domestic terrorism".
You could end up in a world of shit. Just like one cannot say "bomb"
in an airport, you cannot make stupid veiled threats in Usenet.
So much for the (perceived) freedom of speech in the US

And, BTW, you are full of it

< snip more bullshit >
--
"Last I checked, it wasn't the power cord for the Clue Generator that
was sticking up your ass." - John Novak, rasfwrj
TokaMundo
2005-08-25 07:56:54 UTC
Permalink
On Thu, 25 Aug 2005 09:38:43 +0200, Peter K?hlmann
Post by Peter Köhlmann
Post by TokaMundo
Post by me
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
Josh
You know, I have been having a really bad time at work lately,
I can feel myself heading towards "going postal" It would be
such a shame for this to happen to someone random, can anyone
figure out the address of this troll and the others that buzz
incesantly around here? ( assuming that they aren't all the
same loser? )
;)
Smiley or not, your post is illegal. Under current homeland
security law, it can easily be construed as "domestic terrorism".
You could end up in a world of shit. Just like one cannot say "bomb"
in an airport, you cannot make stupid veiled threats in Usenet.
So much for the (perceived) freedom of speech in the US
And, BTW, you are full of it
< snip more bullshit >
Bullshit, retard boy. You make threats in Usenet, and your ass can
surely get in a sling, and the reason is the new laws which are in
place.

Show me where the bullshit is, little boy.
Peter Köhlmann
2005-08-25 08:09:06 UTC
Permalink
Post by TokaMundo
On Thu, 25 Aug 2005 09:38:43 +0200, Peter K?hlmann
Post by Peter Köhlmann
Post by TokaMundo
Post by me
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
Josh
You know, I have been having a really bad time at work lately,
I can feel myself heading towards "going postal" It would be
such a shame for this to happen to someone random, can anyone
figure out the address of this troll and the others that buzz
incesantly around here? ( assuming that they aren't all the
same loser? )
;)
Smiley or not, your post is illegal. Under current homeland
security law, it can easily be construed as "domestic terrorism".
You could end up in a world of shit. Just like one cannot say "bomb"
in an airport, you cannot make stupid veiled threats in Usenet.
So much for the (perceived) freedom of speech in the US
And, BTW, you are full of it
< snip more bullshit >
Bullshit, retard boy. You make threats in Usenet, and your ass can
surely get in a sling, and the reason is the new laws which are in
place.
Which of those laws might apply in sweden, norway, russia or germany?
Hint: None of them. Usenet is not a US only thing

You also might want to explain why in the US the first amendment suddenly
does not apply any longer and your freedom of speech is flushed down the
drain
Post by TokaMundo
Show me where the bullshit is, little boy.
I just did
--
Just out of curiosity does this actually mean something or have some
of the few remaining bits of your brain just evaporated?
TokaMundo
2005-08-25 11:40:42 UTC
Permalink
On Thu, 25 Aug 2005 10:09:06 +0200, Peter K?hlmann
Post by Peter Köhlmann
Post by TokaMundo
On Thu, 25 Aug 2005 09:38:43 +0200, Peter K?hlmann
Post by Peter Köhlmann
Post by TokaMundo
Post by me
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
Josh
You know, I have been having a really bad time at work lately,
I can feel myself heading towards "going postal" It would be
such a shame for this to happen to someone random, can anyone
figure out the address of this troll and the others that buzz
incesantly around here? ( assuming that they aren't all the
same loser? )
;)
Smiley or not, your post is illegal. Under current homeland
security law, it can easily be construed as "domestic terrorism".
You could end up in a world of shit. Just like one cannot say "bomb"
in an airport, you cannot make stupid veiled threats in Usenet.
So much for the (perceived) freedom of speech in the US
And, BTW, you are full of it
< snip more bullshit >
Bullshit, retard boy. You make threats in Usenet, and your ass can
surely get in a sling, and the reason is the new laws which are in
place.
Which of those laws might apply in sweden, norway, russia or germany?
Hint: None of them. Usenet is not a US only thing
Hey, if you guys want to be characterless, honorless bat's turds and
make stupid threats against folks in a public forum, go right ahead.
HERE, it's not legal.
Post by Peter Köhlmann
You also might want to explain why in the US the first amendment suddenly
does not apply any longer and your freedom of speech is flushed down the
drain
You're an idiot. There is a big difference between free speech (me
calling you an idiot), and someone making a threat against someone
else.
Post by Peter Köhlmann
Post by TokaMundo
Show me where the bullshit is, little boy.
I just did
Actually, you did no such thing.
Peter Köhlmann
2005-08-25 12:21:39 UTC
Permalink
TokaMundo, stupid like a retarded brick, wrote:


< snip cretins rant >

Idiot
--
Just out of curiosity does this actually mean something or have some
of the few remaining bits of your brain just evaporated?
TokaMundo
2005-08-25 18:56:22 UTC
Permalink
On Thu, 25 Aug 2005 14:21:39 +0200, Peter K?hlmann
Post by Peter Köhlmann
< snip cretins rant >
Idiot
Responding to a post by snipping everything, then declaring
something as retarded as this is stupid, and makes you no more than a
troll, Peter. You're about as lame as it gets. Your knowledge of
Usenet resides somewhere near nil.
Peter Köhlmann
2005-08-25 19:26:59 UTC
Permalink
Post by TokaMundo
On Thu, 25 Aug 2005 14:21:39 +0200, Peter K?hlmann
Post by Peter Köhlmann
< snip cretins rant >
Idiot
Responding to a post by snipping everything, then declaring
something as retarded as this is stupid, and makes you no more than a
troll, Peter. You're about as lame as it gets. Your knowledge of
Usenet resides somewhere near nil.
You are quite wrong
I simply snipped everything of your post which was at the intellectual level
of an amoeba, and left all the rest intact
--
If you had any brains, you'd be dangerous.
TokaMundo
2005-08-25 19:48:07 UTC
Permalink
On Thu, 25 Aug 2005 21:26:59 +0200, Peter K?hlmann
Post by Peter Köhlmann
You are quite wrong
No. You are. You are a Usenet retard. Particularly to have been
here for so long, yet be such a stupid poster.
Post by Peter Köhlmann
I simply snipped everything of your post which was at the intellectual level
of an amoeba, and left all the rest intact
Just like I said before. You're an idiot. You, and your posts are
at the intellectual level of pond scum.

I don't need to snip everything to call you an idiot.
Patrick Grimbergen
2005-08-25 22:02:15 UTC
Permalink
Post by TokaMundo
On Thu, 25 Aug 2005 21:26:59 +0200, Peter K?hlmann
Post by Peter Köhlmann
You are quite wrong
No. You are. You are a Usenet retard. Particularly to have been
here for so long, yet be such a stupid poster.
Post by Peter Köhlmann
I simply snipped everything of your post which was at the intellectual
level of an amoeba, and left all the rest intact
Just like I said before. You're an idiot. You, and your posts are
at the intellectual level of pond scum.
I don't need to snip everything to call you an idiot.
Here in The Netherlands, they don't threaten you (they let the police do
that) and just kill you straightaway...
James Knott
2005-08-25 11:56:06 UTC
Permalink
Post by TokaMundo
Get a clue, retard boy. NEVER say "going postal".
Somehow, saying "going UPS" or "going FexEx", just doesn't seem to
work. ;-)
anal_aviator
2005-08-25 10:06:42 UTC
Permalink
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
Josh
FlatTurd is back again.
Rikishi 42
2008-08-09 12:17:34 UTC
Permalink
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
These are some of them. I wonder how many are out in wild that Suse has
not told about?
I don't think Linux and it's applications appear too very secure with
at least one alert per week average.
You're the local paranoid, aren't you?

You see the word security, and presume that just because there are fixes,
the previous situation was completely unsafe ? Grow up.
--
The sand remembers once there was beach and sunshine
but chip is warm too
-- haiku from Effector Online, Volume 1, Number 6
Unruh
2008-08-09 13:35:37 UTC
Permalink
Post by Rikishi 42
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
These are some of them. I wonder how many are out in wild that Suse has
not told about?
I don't think Linux and it's applications appear too very secure with
at least one alert per week average.
I assume you would rather have a product that never told you about
security? That would make you feel better? Yes, SUSE and all Linux distros
have security announcements and fixes. they have about 10,000 products in
their release. Would you rathr they came out with fixes or kept them quiet?
Post by Rikishi 42
--
The sand remembers once there was beach and sunshine
but chip is warm too
-- haiku from Effector Online, Volume 1, Number 6
houghi
2008-08-09 14:43:23 UTC
Permalink
Post by Rikishi 42
You're the local paranoid, aren't you?
Nah, just trolling.

houghi
--
________________________ Open your eyes, open your mind
| proud like a god don't pretend to be blind
| trapped in yourself, break out instead
http://openSUSE.org | beat the machine that works in your head
Ram
2008-08-11 20:38:57 UTC
Permalink
Post by Rikishi 42
Post by Josh
I seem to be getting an awful many lot of Suse Security Advices.
These are some of them. I wonder how many are out in wild that Suse has
not told about?
I don't think Linux and it's applications appear too very secure with
at least one alert per week average.
You're the local paranoid, aren't you?
You see the word security, and presume that just because there are fixes,
the previous situation was completely unsafe ? Grow up.
Well if your lucky you might get a fix for security issues on the 1st
Tuesday of the month with Windows.

Ram

Loading...