Somewhat ironic but how about this:
lynx -dump https://projects.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/midori | grep sha256sums
8 posts • joined 14 Jun 2010
Unaffected by this OpenSSL issue perhaps, but IE and Office feature again in this month's Patch Tuesday announcement (https://technet.microsoft.com/library/security/ms14-jun) with two critical remote exec vulnerabilities. BTW, my OpenSSL is already patched - stick that in your pipe and smoke it.
On perusing the ChangeLog for 3.14.4 (released the day before this article was written) it seems this issue was fixed. In any event the featured 0day is not working here on 3.13.9 or 3.14.2. Not having a go at the writer of the article but I am sticking my finger in the eye of that anon twat with so much time on his hands. BTW, that Internet Explorer Memory Corruption Vulnerability (CVE-2014-1776) seems to be quite popular with China's APT1. ;-p
"No doubt, Linux fans will be quick to point out that the bug can be exploited only by those with a valid account on a targeted machine in the first place."
Nope, but I'd like to point out that this doesn't work on a grsec-patched kernel (just tried it on 18.104.22.168-grsec). Let's see you preempt that one.
Biting the hand that feeds IT © 1998–2020