Follow

📢 Descriptions of the GNU vulnerabilities I've found earlier this year are now public! 🎉

Read them here: lists.gnu.org/archive/html/bug This should be an interesting read even if you're not very familiar with the Hurd and 🙂

(phew, it took me quite some time to write, too!)

These vulnerabilities have been assigned CVE-2021-43412, CVE-2021-43413, CVE-2021-43411, CVE-2021-43414

(Thanks to Amos Jeffries for requesting the CVEs!)

@bugaevc GNU vulnerabilities?

Is it the year of Hurd on the desktop?!

(now where did I put my Debian GNU/#Hurd VM)

@rysiek if you haven't updated your VM in a while, you could even try out the exploits for yourself :)

@bugaevc seriously though, good to see progress on Hurd. Thank you for your work!

@bugaevc I don't know the first thing about microkernels, and can't tell Hurd from March, but this was a fairly approachable read! Thank you for all those "background" sections; just enough detail to understand, in general, what you're even talking about :)

@peter it is, though the pace is slow. Some recent commits to the Hurd proper can be seen here: git.savannah.gnu.org/cgit/hurd and there's also GNU Mach, glibc, and various other repos

@bugaevc congratulations! It's sweet to get new CVEs to one's name 🙇

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!