[conspire] Security holes fixed in SVG, CUPS
Edward Mokurai Cherlin
mokurai at sugarlabs.org
Thu Sep 15 07:16:42 PDT 2011
Debian and thus Ubuntu have sent out security patches this week for
ways to execute arbitrary code in SVG interpretation and in CUPS
printing. I have not attempted to determine which other distros have
done the same, but I have browsed a bit in the Debian Security
Advisory database this morning. There is a lot of it, and these are
not by any means the first such vulnerabilities found in SVG handling
and in CUPS.
For fans of the excellent Science Made Stupid and Culture Made Stupid,
it seems to me that Computer Security Made Stupid would be a natural.
There is just so much material to work with. For the cognoscenti, it
could begin as a simple parody of the extensive Securing Debian Howto.
However, the actual comedy section,
10.5 Genius/Paranoia Ideas — what you could do
seems to be beyond parody.
After a clean install and initial configuration, use the chattr
program with the +i attribute to make files unmodifiable...Note that
this strategy also prevents you from upgrading your system's
We could just go straight for Computers Made Stupid, although
Artificial Stupidity has reached such heights that that would be
redundant. Certainly Computer Users Made Stupid would be coals to
Newcastle. What else? Technopeasants Made Stupid? Duh! Trolling Made
Stupid? Too late. Spamming Made Stupid? Ditto. A Billion Linux-Using
Children at a Time Made Smart? Now we're talking. I just gave that
presentation at Ohio LinuxFest, under the title Linux for All.
Edward Mokurai (默雷/धर्ममेघशब्दगर्ज/دھرممیگھشبدگر ج) Cherlin
Silent Thunder is my name, and Children are my nation.
The Cosmos is my dwelling place, the Truth my destination.
More information about the conspire