Skip to content

ludiosarchive/unfixed-security-bugs

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
 
 

Repository files navigation

A list of publicly known but unfixed security bugs

Please submit a pull request if you have corrections or know about any other unfixed security bugs.

tar

Chrome

Pretty much every terminal emulator

sudo

  • When running sudo -u non-root-user as root, TIOCSTI allows the command in sudo -u non-root-user command to execute anything as root. Can be fixed with Defaults use_pty in sudoers. More notes.

  • sudo credential caching (generally enabled by default; disabled with Defaults timestamp_timeout=0) allows any process in a TTY to do a passwordless sudo within the timeout period, not just commands that you've prefixed with sudo in the shell.

VirtualBox

virt-manager/spice-gtk

Xorg

Node

Erlang/OTP

Twisted

WeeChat

phantomjs, libqtwebkit4, libqt5webkit5

  • These packages exist in a state of permanent insecurity because they don't keep up with the ~6-week browser update cycle. (e.g. take any one of the many WebKit security bugs fixed after the last release of these packages, which could be a ~year old.)

Windows

Packages in your Linux distribution

On your LineageOS device

About

A list of publicly known but unfixed security bugs

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published