(www.openwall.com)

414 points st_goliath | 2 comments | 13 May 25 11:28 UTC | HN request time: 0.454s | source

Show context

teddyh ◴[13 May 25 12:09 UTC] No.43972000[source]▶

>>43971716 (OP) #

Note: In Debian, GNU screen is not installed with setuid-root privileges.

replies(4): >>43972155 #>>43972240 #>>43972667 #>>43972691 #

perlgeek ◴[13 May 25 13:24 UTC] No.43972691[source]▶

>>43972000 #

And the package in Debian Stable (aka bookworm) is too old to be affected by the vulnerabilities in 5.0.0.

I used to hate that Debian always was behind on software versions, but now I use different package sources for the few applications where I really don't want to rely on old software (like browsers), and otherwise doing great with the old stuff :-)

replies(2): >>43972806 #>>43980202 #

bandrami ◴[14 May 25 02:45 UTC] No.43980202[source]▶

>>43972691 #

Debian stable users missed heartbleed entirely. I think the glacial pace is underrated.

replies(2): >>43980272 #>>43982665 #

1. rs_rs_rs_rs_rs ◴[14 May 25 09:49 UTC] No.43982665[source]▶

>>43980202 #

> Debian stable users missed heartbleed entirely

Missed it? Not at all, Debian pioneered that style of bugs years before!

https://github.com/g0tmi1k/debian-ssh

replies(1): >>43983784 #

2. bandrami ◴[14 May 25 12:38 UTC] No.43983784[source]▶

>>43982665 (TP) #

And the default SELinux config was broken for like 15 years IIRC. It's always pick your poison.

↑

Multiple security issues in GNU Screen