|^^|

source: http://linux-audit.com/linux-vulnerabilities-explained-from-detection-to-treatment/

exploit updates:

http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/

Linux Vulnerabilities Explained: From Detection to Treatment

If you worked with a computer the last decade, you know the importance of keeping your software up-to-date. Those who don’t, are stacking up vulnerabilities, waiting for them to being exploited by others. Although GNU/Linux and most software are open source and can be reviewed, security flaws in software packages remain. While it isn’t easy to close every vulnerability on your system, we can at least create a stable process around it. The goals? Know which vulnerabilities exists and how to treat them.

What is a Vulnerability?

As with many technical terms, the details are in the definition. The exact definition of a vulnerability differ for every organization. However, it common to describe it as a weakness in an asset, process, or piece of software. The risk involved in having a vulnerability is that a known or unknown threats (or threat actors) might abuse the weakness. This in its turn can result in a specific bad outcome, like data loss or exposure. For example, a programming flaw has a chance to become a big data leak, with all your personal data in the hands of unauthorized individuals.

For this article, we discuss two main categories of vulnerabilities commonly found on Linux systems. The first category is vulnerabilities in the operating system and software packages. The second category is weaknesses introduced by default and changed software configurations.

Common Linux Vulnerabilities

Linux has weaknesses similar to those other operating systems have. These weaknesses are inherent to how computers work. Most of them are caused during the development cycle of software. The weakness is usually somewhere in the logic involved. One missing “if” statement can be enough to make a piece of software instantly vulnerable to a common attack. The big difference is that every operating system has different ways to deal with them. This starts with the compile flags used during compiling the source code, up to the time when software is being executed.

ARCH LINUX SECURITY ADVISORY: https://wiki.archlinux.org/index.php/Security_Advisories

eof