Reko Turja wrote:
Dear all,
Today I saw a security notice:
..snip...
cat distinfo
MD5 (cups-1.3.3-source.tar.bz2) = d4911e68b6979d16bc7a55f68d16cc53
SHA256 (cups-1.3.3-source.tar.bz2) =
5e9e5670777055293e309cb0cbb2758df9c1275bf648df70478b7389c2d804de
SIZE (cups-1.3.3-source.tar.bz2) = 4077262
Update your ports and INDEX file as it seems that you are installing a
vulnerable version of cups-base. The VuXML report says:
Affects:
cups-base <1.3.4
so the cups-1.3.3 still has the vulnerability mentioned in the report.
Actually, I think the worst security problem I've seen is one I don't
personally care to fix right now, but I guess I will soon. It's the
fact that postscript is actually a language, one that's more general
purpose in limitations than many people realize. Isn't that true? I
think this means that my postscript interpreter (which is, for me, and I
think for most, is ghostscript) should have some security controls on
it, to limit postscript's direct access to local machine capabilities.
I think that the options in gs for security are too little. It'd be
pretty easy to write a really nasty worm. I remember laughing at my
Windows friends, back when that Philappines worm hit, but we could get
pretty easily hit on gs, or am I all wet?
I don't much like pdf, but at least its not succeptible to such a thing,
because pdf's not a general purpose language (not a language at all).
Nobody's take advantage of it, but it'd be possible to write a general
purpose docbook interpreter entirely in postscript. Wonder if modern gs
limitations would allow such a big program? Sure would be convenient.
-Rek
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
