Debian GNU/Linux

General
Development
Edit

News

[1413 total ]
DSA-1930 drupal6 - several vulnerabilities

Posted about 1 month ago

Several vulnerabilities have been found in drupal6, a fully-featured
content management framework. The Common Vulnerabilities and Exposures
project identifies the following problems:

DSA-1928 linux-2.6.24 - privilege escalation/denial of service/sensitive memory leak

Posted about 1 month ago

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, sensitive memory leak or privilege
escalation. The Common Vulnerabilities and Exposures project
identifies the following problems:

DSA-1929 linux-2.6 - privilege escalation/denial of service/sensitive memory leak

Posted about 1 month ago

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, sensitive memory leak or privilege
escalation. The Common Vulnerabilities and Exposures project
identifies the following problems:

DSA-1927 linux-2.6 - privilege escalation/denial of service/sensitive memory leak

Posted about 1 month ago

Notice: Debian 5.0.4, the next point release of Debian 'lenny', will
include a new default value for the mmap_min_addr tunable. This
change will add an additional safeguard against a class of security
vulnerabilities known as "NULL ... [More] pointer dereference" vulnerabilities,
but it will need to be overridden when using certain applications.
Additional information about this change, including instructions for
making this change locally in advance of 5.0.4 (recommended), can be
found at:
http://wiki.debian.org/mmap_min_addr. [Less]

DSA-1926 typo3-src - several vulnerabilities

Posted about 1 month ago

Several remote vulnerabilities have been discovered in the TYPO3 web
content management framework. The Common Vulnerabilities and Exposures
project identifies the following problems:

Backupninja: the ultimate data defender

Posted about 1 month ago

Everyone knows they should do regular backups. Sooner or later, your hardware will fail, or you will accidentally delete a directory, or something else will happen.

Many people, however, ignore periodic backups because they find it too much ... [More] of a hassle. That’s why, the backup procedure must be fully automated and require no user intervention, at all.

Backupninja is a backup system that provides excellent automation and configuration facilities. You only need to instruct Backupninja once, and he will take silent duty of defending your valuable data. This can be done via direct edit of configuration files, or via a nice console wizard called ninjahelper, which also helps to test the backup actions interactively.

Backupninja doesn’t do the hard work himself, but rather relies on specialized tools like rdiff and duplicity, thus following the Unix-way. There is built-in support for specialised backup actions, including things like the backup of Subversion repositories, or LDAP, MySQL, and PostgreSQL databases. It can do remote, incremental backups, as well as burning them to CDs or ISO images.

But the best part is that Backupninja is capable of learning new powerful skills, just by reading user-provided shell scripts. For example, I use the following script to dump important package information of my Debian system:

#!/bin/sh

dpkg --get-selections > /var/backups/dpkg-selections
if [ $? -ne 0 ]
then
error “dpkg selections dump failed”
else
info “dpkg selections dump done”
fi

aptitude search -F %p ‘~i’ > /var/backups/apt-installed && \
aptitude search -F %p ‘~i!~M’ > /var/backups/apt-installed-manual && \
aptitude search -F %p ‘~i ~M’ > /var/backups/apt-installed-auto
if [ $? -ne 0 ]
then
error “installed package list dump failed”
else
info “installed package list dump done”
fi
Note the use of some special functions: debug, info, and error. They put descriptive messages into the log file. It allows me to quickly ensure that fresh backups have actually been created. I’ve been using Backupninja to backup my personal data for a long time.

Pros:

Fully automates the backup procedure
Is very easy to setup
Is very flexible

Cons:

Build-in functionality could support more features
Support for non-shell backup scripts is limited

The package has been available in Debian since at least Etch, and in Ubuntu at least since Dapper. [Less]

DSA-1924 mahara - several vulnerabilities

Posted about 1 month ago

Two vulnerabilities have been discovered in mahara, an electronic portfolio,
weblog, and resume builder. The Common Vulnerabilities and Exposures
project identifies the following problems:

DSA-1924 mahara - several vulnerabilities

Posted about 1 month ago

Two vulnerabilities have been discovered in, an electronic portfolio,
weblog, and resume builder. The Common Vulnerabilities and Exposures
project identifies the following problems:

DSA-1925 proftpd-dfsg - insufficient input validation

Posted about 1 month ago

It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon,
does not properly handle a '\0' character in a domain name in the
Subject Alternative Name field of an X.509 client certificate, when the
dNSNameRequired TLS option is enabled.

DebConf10 dates and venue announced

Posted about 1 month ago

The DebConf10 team just sent out a press release announcing the dates and venue
for DebConf10 in New York City. Most of the readers of this blog
already saw it through some other list, so I’ll just put the dates here and
provide the ... [More] full text plus other relevant info via links.

Dates: July 25-31, 2010 will be DebCamp and August 1-7, 2010 will be DebConf.
Press release text
First press coverage in response to our announcement
Main conference website
Visa info
Email address for visa help(read the visa info page before emailing)
Yes, thanks to Valessio Brito we already have “I’m going to DebConf10” buttons.

We hope to see many of you there! [Less]