Allegedly, on or about 28 January 2015, Doug sent: > ... A remote attacker able to call either of these functions could > exploit the flaw to execute arbitrary code with the permissions of the > user running the application.... All these security flaws come with the usual "flaw allows escalation of privileges, able to execute arbitrary commands..." red flags, but rarely give an understandable note about how easily an external hack can begin the attempt while the user is doing something ordinary that exposes them to the thing. i.e. It's all jargon aimed at programmers. In the dim and distant past, when I had a brief dalliance with Windows before Linux became realistically usable, you'd commonly get warnings about flaws which gave understandable information. e.g. Opening a malicious attachment, or even just reading a malicious email, with version of <particular> program less than x.y, allows the hacker to do destructive things to your system. I know I've vagued-up the example, but you've got a sample of something that you might actually do - simply read an email, not even do anything with the attachments, get a virus because your email program stupidly executes something embedded in it. That's probably less of a risk to Linux users, because we've never had stupid software like Outlook or Outlook express. But we've certainly got browsers with flash plug-ins installed, which (flash) has always been a security nightmare, and it's just not feasible to simply forbid it; so many websites that we regularly want to use would simply fail to work. -- [tim@localhost ~]$ uname -rsvp Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. George Orwell's '1984' was supposed to be a warning against tyranny, not a set of instructions for supposedly democratic governments. ZNQR LBH YBBX -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org