Forgot your password?
typodupeerror
Operating Systems Security Linux

Tool Kills Hidden Linux Bugs, Vulnerabilities 47

Posted by Soulskill
from the cockroaches-hiding-in-your-tux dept.
mask.of.sanity writes with this excerpt from SC Magazine: "Australian researcher Silvio Cesare has released a tool capable of automatically detecting bugs and vulnerabilities in embedded Linux libraries. The script correlates vulnerability advisory CVEs for third-party libraries to determine if holes have carried over to Linux platforms or have not been patched. Such holes often escape the eye of developers because the libraries may not be kept updated with sources. This is further compounded because vulnerabilities in cross distributed packages can leave Linux platforms vulnerable."
This discussion has been archived. No new comments can be posted.

Tool Kills Hidden Linux Bugs, Vulnerabilities

Comments Filter:
  • Hell Yes (Score:1, Informative)

    by Anonymous Coward on Tuesday November 22, 2011 @06:46PM (#38142190)

    Go Silvio. He use to hang out with the kids in b4b0. Glad he is still kicking around and being productive. He also published something pertaining to binary infection based on vulnerabilities in the elf format circa the early 00s.

  • by Anonymous Coward on Wednesday November 23, 2011 @08:47AM (#38147230)

    At least Debian and Fedora, and likely every other non-shitty Linux distro *strongly* object to packages with embedded libraries, for exactly this reason: it is *unsanitary* and *dangerous*: it breaks the flow of security and regular bug fixes, and it greatly increases the exposure of users to both bugs and security holes.

    It gets so bad that Debian has a standing bad blood with the Ruby community because Ruby is "embedded third-party library hell", and therefore Debian maintainers either considers Ruby stuff unpackageable, or have to get in fights with upstream because they unbundle the libraries and suddenly upstream actually has to do its job and make sure their stuff works with more recent versions of the third-party libraries... (when it is an older version, that's a Debian bug).

    If you got games from the Humble Bundle 1 and 2, you likely know that *for up-to-date latest stable Debian, Ubuntu, Fedora...*, many of the SDL bugs related to sound and video are fixed by removing the libraries duplicated in the game tarball, so as to use the ones shipped by the distro...

"The only way for a reporter to look at a politician is down." -- H.L. Mencken

Working...