Wheezy/ELTS samba update broken for i386 arch
Hi, Samba update for ELTS is broken on i386 arch as some packages remain at old version and therefore there are broken dependencies: # aptitude -V install samba samba-common samba-common-bin tdb-tools The following NEW packages will be installed: libtalloc2{a} [2.0.7+git20120207-1] libtdb1{a} [1.2.10-2] libwbclient0{a} [2:3.6.6-6+deb7u17] samba{b} [2:3.6.6-6+deb7u17] samba-common [2:3.6.6-6+deb7u19] samba-common-bin [2:3.6.6-6+deb7u17] tdb-tools [1.2.10-2] 0 packages upgraded, 7 newly installed, 0 to remove and 1 not upgraded. Need to get 8,598 kB/8,663 kB of archives. After unpacking 43.9 MB will be used. The following packages have unmet dependencies: samba : Depends: samba-common (= 2:3.6.6-6+deb7u17) but 2:3.6.6-6+deb7u19 is to be installed. The following actions will resolve these dependencies: Keep the following packages at their current version: 1) samba [Not Installed] AMD64 arch looks fine: # aptitude -V install samba samba-common samba-common-bin tdb-tools The following NEW packages will be installed: libfile-copy-recursive-perl{a} [0.38-1] libtalloc2{a} [2.0.7+git20120207-1] libtdb1{a} [1.2.10-2] libwbclient0{a} [2:3.6.6-6+deb7u19] samba [2:3.6.6-6+deb7u19] samba-common [2:3.6.6-6+deb7u19] samba-common-bin [2:3.6.6-6+deb7u19] tdb-tools [1.2.10-2] update-inetd{a} [4.43] 0 packages upgraded, 9 newly installed, 0 to remove and 4 not upgraded. Cheers john
Re: [SECURITY] [DLA 1369-1] linux security update
Hi, Thanks for update. Had a weird issue when trying to update a machine yesterday (before the update came out) running.. ii linux-image-3.2.0-4-686-pae 3.2.96-2 i386 Linux 3.2 for modern PCs aptitude upgrade wouldn't pull in 3.2.0-5-686-pae for some reason. I tried to install the virtual package manually and it said: # aptitude install linux-image-686-pae The following packages will be upgraded: linux-image-686-pae{b} 1 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 5,874 B of archives. After unpacking 31.7 kB will be freed. The following packages have unmet dependencies: linux-image-686-pae : Depends: linux-image-3.2.0-6-686-pae which is a virtual package. The following actions will resolve these dependencies: Remove the following packages: 1) linux-image-2.6-686-bigmem 2) linux-image-686-pae Accept this solution? [Y/n/q/?] The following packages will be REMOVED: linux-image-2.6-686-bigmem{a} linux-image-686-pae{a} 0 packages upgraded, 0 newly installed, 2 to remove and 0 not upgraded. Need to get 0 B of archives. After unpacking 43.0 kB will be freed. Do you want to continue? [Y/n/?] (Reading database ... 32453 files and directories currently installed.) Removing linux-image-2.6-686-bigmem ... Removing linux-image-686-pae ... Current status: 0 updates [-1]. # aptitude install linux-image-686-pae linux-image-3.2.0-6-686-pae No candidate version found for linux-image-3.2.0-6-686-pae No candidate version found for linux-image-3.2.0-6-686-pae The following NEW packages will be installed: linux-image-686-pae{b} 0 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Not sure if this is a regular thing pre updates coming out or if linux-image-686-pae got pushed out before the dependency for some reason or made it to the uk mirror but the kernel itself didnt? Thought I would point this out. Cheers, John On Wed, 2 May 2018, Ben Hutchings wrote: Date: Wed, 02 May 2018 21:58:29 +0100 From: Ben Hutchings <b...@debian.org> Reply-To: debian-lts@lists.debian.org To: debian-lts-annou...@lists.debian.org Subject: [SECURITY] [DLA 1369-1] linux security update Resent-Date: Wed, 2 May 2018 20:58:55 + (UTC) Resent-From: debian-lts-annou...@lists.debian.org Package: linux Version: 3.2.101-1 CVE ID : CVE-2017-0861 CVE-2017-5715 CVE-2017-13166 CVE-2017-16526 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017 CVE-2017-18203 CVE-2017-18216 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332 CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-104 CVE-2018-1000199 Debian Bug : 887106 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-0861 Robb Glasser reported a potential use-after-free in the ALSA (sound) PCM core. We believe this was not possible in practice. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using the "retpoline" compiler feature which allows indirect branches to be isolated from speculative execution. CVE-2017-13166 A bug in the 32-bit compatibility layer of the v4l2 ioctl handling code has been found. Memory protections ensuring user-provided buffers always point to userland memory were disabled, allowing destination addresses to be in kernel space. On a 64-bit kernel (amd64 flavour) a local user with access to a suitable video device can exploit this to overwrite kernel memory, leading to privilege escalation. CVE-2017-16526 Andrey Konovalov reported that the UWB subsystem may dereference an invalid pointer in an error case. A local user might be able to use this for denial of service. CVE-2017-16911 Secunia Research reported that the USB/IP vhci_hcd driver exposed kernel heap addresses to local users. This information could aid the exploitation of other vulnerabilities. CVE-2017-16912 Secunia Research reported that the USB/IP stub driver failed to perform a range check on a received packet header field, leading to an out-of-bounds read. A remote user able to connect to the USB/IP server could use this for denial of service. CVE-2017-16913 Secunia Research reported that the USB/IP stub driver failed to
Re: Bug#866890: pspp - cve-2017-10791 - cve-2017-10792
On Mon, Jul 03, 2017 at 11:37:30PM +0200, Friedrich Beckmann wrote: Hi John, today I looked a little bit at the hash function. I think the problem is that compared to the referenced code the x parameter is type int instead of unsigned int. Googling around the overflow behavior of signed and the shift right of signed is not defined in the c standard although ???many?" implementations assume 2th complement signed implementation. Both is well defined for unsigned int operations. Ahh. Perhaps you're right. But I cannot see that this would cause a crash, so I suspect that's another problem. I changed the parameter type from int to unsigned int and I cannot see a problem in the regression. What problems did you encounter before your change (if any)? But looking at the code I wondered if this hash function also works on 64 Bit architectures. The reference only talks about uint32_t. I cannot see that it wouldn't "work". But it might not create such an efficient hash. Anyway maybe Ben will be able to have a look soon. J' -- Avoid eavesdropping. Send strong encrypted email. PGP Public key ID: 1024D/2DE827B3 fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3 See http://sks-keyservers.net or any PGP keyserver for public key. signature.asc Description: Digital signature
Re: pspp - cve-2017-10791 - cve-2017-10792
I suspect this report is mistaken. But this bit is Ben's code, so I'll let him comment on that. J' On Mon, Jul 03, 2017 at 07:22:57AM +0200, Friedrich Beckmann wrote: Dear owl337 team, thanks for looking at pspp and finding the security problems https://security-tracker.debian.org/tracker/CVE-2017-10791 and https://security-tracker.debian.org/tracker/CVE-2017-10792 in pspp! Your reports are quite detailed. Could you describe how you found the problems, i.e. do you have some information about collAFL? Regards Friedrich ___ pspp-dev mailing list pspp-...@gnu.org https://lists.gnu.org/mailman/listinfo/pspp-dev -- Avoid eavesdropping. Send strong encrypted email. PGP Public key ID: 1024D/2DE827B3 fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3 See http://sks-keyservers.net or any PGP keyserver for public key. signature.asc Description: Digital signature
Debian LTS - Wheezy repo broken?
Good day, I'm trying to use the Debian LTS repo but its not working. Can someone have a look for me? The guide documentation that I used is here: https://wiki.debian.org/LTS/Using From what I understand, this repo should be online until 2018. Output of apt-get update follows, W: Failed to fetch http://httpredir.debian.org/debian/dists/wheezy/main/source/Sources 404 Not Found W: Failed to fetch http://httpredir.debian.org/debian/dists/wheezy/contrib/source/Sources 404 Not Found W: Failed to fetch http://httpredir.debian.org/debian/dists/wheezy/non-free/source/Sources 404 Not Found W: Failed to fetch http://httpredir.debian.org/debian/dists/wheezy/main/binary-amd64/Packages 404 Not Found W: Failed to fetch http://httpredir.debian.org/debian/dists/wheezy/contrib/binary-amd64/Packages 404 Not Found W: Failed to fetch http://httpredir.debian.org/debian/dists/wheezy/non-free/binary-amd64/Packages 404 Not Found W: Failed to fetch http://httpredir.debian.org/debian/dists/wheezy-updates/main/source/Sources 404 Not Found W: Failed to fetch http://httpredir.debian.org/debian/dists/wheezy-updates/contrib/source/Sources 404 Not Found W: Failed to fetch http://httpredir.debian.org/debian/dists/wheezy-updates/non-free/source/Sources 404 Not Found W: Failed to fetch http://httpredir.debian.org/debian/dists/wheezy-updates/main/binary-amd64/Packages 404 Not Found W: Failed to fetch http://httpredir.debian.org/debian/dists/wheezy-updates/contrib/binary-amd64/Packages 404 Not Found W: Failed to fetch http://httpredir.debian.org/debian/dists/wheezy-updates/non-free/binary-amd64/Packages 404 Not Found W: Failed to fetch http://security.debian.org/dists/wheezy/updates/main/source/Sources 404 Not Found W: Failed to fetch http://security.debian.org/dists/wheezy/updates/contrib/source/Sources 404 Not Found W: Failed to fetch http://security.debian.org/dists/wheezy/updates/non-free/source/Sources 404 Not Found W: Failed to fetch http://security.debian.org/dists/wheezy/updates/main/binary-amd64/Packages 404 Not Found W: Failed to fetch http://security.debian.org/dists/wheezy/updates/contrib/binary-amd64/Packages 404 Not Found W: Failed to fetch http://security.debian.org/dists/wheezy/updates/non-free/binary-amd64/Packages 404 Not Found E: Some index files failed to download. They have been ignored, or old ones used instead. Any help is much appreciated. Regards, John H. Mitchell Network Administrator Sentraal-Suid Koƶperasie Tell: +27 44 801 4551 Email: jmitch...@tagri.co.za<mailto:jmitch...@tagri.co.za> Website: www.tagri.co.za [Disclamer]<http://www.ssk.co.za/uploads/files/Email_Disclaimer.pdf> Disclaimer The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful. This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing a safer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more visit the Mimecast website.
Re: Upgrading from Debian 6.0 LTS to 7
On Mon, 22 Feb 2016, Alexis Grigoriou wrote: This is the approach I took and all went well, except for a few packages that I needed to install manually and a message from mysql "Could not perform immediate configuration on 'mysql-server-5.5" Which I had to install manually with it's dependencies. Thanks for the help guys. Having done a good number of squeeze->wheezy upgrades recently I've found that if you are running mysql 5.1 it is worth upgrading to mysql 5.5 BEFORE going to wheezy as it makes the upgrade process not have issues with mysql. Do this before changing sources to wheezy: apt-get install mysql-client-5.5 mysql-server-5.5 I've also come across a range of different grub/boot issues but I think they have mainly been related to machines that were upgraded from lenny on xen. Some don't seem to like grub2 at all. john
Re: [CVE-2014-9090] x86_64, traps: Stop using IST for #SS
On 12/05/2014 05:47 AM, Luis Henriques wrote: Following this email I am sending for review the CVE-2014-9090 fix backports for both Lucid (2.6.32) and Precise (3.2.0). I'm also CC'ing Debian mailing-lists, Moritz, Ben and Willy as these backports could be of interest both to Debian and to the 2.6.32 and 3.2 stable kernels. Andy Lutomirski (1): x86_64, traps: Stop using IST for #SS arch/x86/include/asm/page_32_types.h | 1 - arch/x86/include/asm/page_64_types.h | 11 +-- arch/x86/kernel/dumpstack_64.c | 1 - arch/x86/kernel/entry_64.S | 2 +- arch/x86/kernel/traps.c | 13 + 5 files changed, 7 insertions(+), 21 deletions(-) So both the Lucid and Precise patches look good to me. Like Stefan I noticed the missing define but it does not appear to be used by the patch. I have not worked my way through the list of patches that Willy provided so I can't yet comment on which of any of them should be included. But I think the additional two patches that Ben pointed out af726f21ed8a x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C b645af2d5905 x86_64, traps: Rework bad_iret really should go with this Acked-by: John Johansen john.johan...@canonical.com -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5485a158.2050...@canonical.com