• Arch-audit security concerns.


    @joekamprad said in Arch-audit security concerns.:

    Risk is almost lower on a rolling release, because latest packages means also latest security fixes

    This you say is true and is the only thing that leaves me a bit, although not much quieter …

    Autodidacta en la VIDA …y en Linux, también.

  • @joekamprad said in Arch-audit security concerns.:

    https://www.ubuntu.com/usn/
    Showing page 1 of 76

    Well, I just opened the site and … I’m much quieter with Antergos… ;)

    Autodidacta en la VIDA …y en Linux, también.

  • what specifically does antergos-welcome do? it looks like the MATE welcome screen??? if so, i would assume any MATE users wouldn’t necessarily need this after install. i removed it as well as webkitgtk in a VM running Gnome without issue.

  • @triode13 as it says it is a welcome screen wich guides you to startup with the system.
    And for shure it is save to remove if you do not need it anymore.

    [updates once a week] = [90% less problems]
    [Li{u}n//u//{i}x] since 1988 - overcoming failure means success
    howto-install-antergos
    how to add system logs
    i3-wm#gnome-shell

  • @ansgar said in Arch-audit security concerns.:

    Guys? Trump got you all deported or why are we talking Spanish?
    It’s a beautiful language but me not comprendo! xD

    Anyway I hope there will be some fixes for this things soon, or at least some solution to install older packets in that place.
    Have a nice day amigos!

    hahaha, to me there is no big difference reading spanish/english, writing is diffferent since i start typing in spanish and ended up writing in portuguese hehehehe.
    I didn’t know about the arch-audit package/command, but i’m not sure what to think of; should i be worried?

    Antergos (default OS) - WIN10 (abandoned)
    I3wm - Mate desktop
    AMD - A4 7300 Radeon graphics
    16 GB ram
    HD 1 TB
    Linux newbie since 06/2016

  • @fernandomaroto arch-audit only show up wich of installed packages are having an entry on the security list.

    [updates once a week] = [90% less problems]
    [Li{u}n//u//{i}x] since 1988 - overcoming failure means success
    howto-install-antergos
    how to add system logs
    i3-wm#gnome-shell

  • @joekamprad said in Arch-audit security concerns.:

    arch-audit only show up wich of installed packages are having an entry on the security list.

    Read then that they will be audited and put safely, or almost ;)

    Autodidacta en la VIDA …y en Linux, también.

  • @joekamprad @judd you two mean that if they are listed they are vulnerable, but also mean that arch developers already know and will work to fix them “as soon as possible”?

    Antergos (default OS) - WIN10 (abandoned)
    I3wm - Mate desktop
    AMD - A4 7300 Radeon graphics
    16 GB ram
    HD 1 TB
    Linux newbie since 06/2016

  • @fernandomaroto said in Arch-audit security concerns.:

    you two mean that if they are listed they are vulnerable, but also mean that arch developers already know and will work to fix them “as soon as possible”?

    Exactly that if

    Autodidacta en la VIDA …y en Linux, también.

  • Over a year old now, but this Igalia dev has a Gnome blog that i follow from time to time. Some interesting thoughts on webkitgtk and security in general. His follow-up articles to this topic are a must read, as well as the comment sections. He gives praise to Arch and Fedora.
    https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/

  • Both arch-audit and the official Arch Security Tracker at https://security.archlinux.org list 2 old CRITICAL bugs (leading to arbitrary code execution) for libtiff (and 2 for its lib32 version).

    We have version 4.0.8-1 in Arch, and apparently the bug should already have been fixed, see http://bugzilla.maptools.org/show_bug.cgi?id=2564 and https://bugzilla.redhat.com/show_bug.cgi?id=1410063

    Then I don’t understand why is libtiff still reported as vulnerable?

    EDIT: well, it looks like the Arch Security Team is wrong after all :) see https://github.com/ilpianista/arch-audit/issues/31

risks1 security10 arch-audit1 Posts 31Views 1914
Log in to reply