Re: Security hole in kernel fixed?

ср, 15 мая 2024 г. в 16:55, Hans : > Dear developers, Users. > in April 2024 the security hole CVE-2023-6546 was discovered in linux-image, > and I believe, it is fixed in kernel 6.1.0 (from debian/stable) as soon after > this a new kernel was released.

Re: Security hole in kernel fixed?

On 2024-05-15 at 03:05, Hans wrote: > Dear developers, As usual, most of us here are not Debian developers, even if some of us may be software developers. > in April 2024 the security hole CVE-2023-6546 was discovered in linux-image, > and I believe, it > is fixed in kernel 6.1.0 (from

Re: Security vulnerability at curl package: CVE-2023-44487: HTTP/2 Rapid Reset

On Tue, 2023-11-28 at 08:56 +, Marold Marcus (DC-AE/ESW1) wrote: > Hello, > I would like to request an upgrade of the curl package (Linux Ubuntu Core 22 > / Jammy) to Nghttp2 > v1.57.0 because of CVE-2023-44487: HTTP/2 Rapid Reset. > https://nghttp2.org/blog/2023/10/10/nghttp2-v1-57-0/ >

Re: Security vulnerability at curl package: CVE-2023-44487: HTTP/2 Rapid Reset

On Tue, 28 Nov 2023 08:56:28 + "Marold Marcus (DC-AE/ESW1)" wrote: Hello Marold, Firstly, we're (for the most part) users, not developers. >I would like to request an upgrade of the curl package (Linux Ubuntu >Core 22 / Secondly, we're _Debian_ users not Ubuntu. You'll have to take it up

Re: Security vulnerability at curl package: CVE-2023-44487: HTTP/2 Rapid Reset

Hi, On Tue, Nov 28, 2023 at 08:56:28AM +, Marold Marcus (DC-AE/ESW1) wrote: > I would like to request an upgrade of the curl package (Linux > Ubuntu Core 22 / Jammy) to Nghttp2 v1.57.0 because of > CVE-2023-44487: > HTTP/2 Rapid Reset. Your

Re: Security vulnerability at curl package: CVE-2023-44487: HTTP/2 Rapid Reset

Am 28.11.2023 um 08:56:28 Uhr schrieb Marold Marcus (DC-AE/ESW1): > I would like to request an upgrade of the curl package (Linux Ubuntu > Core 22 / Jammy) to Nghttp2 v1.57.0 because of > CVE-2023-44487: > HTTP/2 Rapid Reset. That is the debian

Re: Security question about daemon-init

On 29/08/2023 18:35, Bhasker C V wrote: Apologies in advance for cross-group posting. I have enabled selinux  and after carefully allowing certain permissions, I have put my system in enforcing mode I do see a suspicious line like this [  115.089395] audit: type=1400

Re: [SECURITY] [DLA 3173-1] linux-5.10 security update

Anssi Saari composed on 2022-11-02 09:40 (UTC+0200): > John Boxall wrote: >> Did I miss something in the last three years? When did buster go to a >> 5.10 kernel? My buster system is still on kernel 4.19. > Looks like a linux-5.10 source package was indeed added to Buster in > August and as you

Re: Security Updates

On Wed 09 Mar 2022 at 21:46:45 (-0500), Greg Wooledge wrote: > On Wed, Mar 09, 2022 at 08:28:39PM -0500, Dan Ritter wrote: > > Dimitrios Papanikolaou wrote: > > > > > > I have Debian 10 (buster) installed in my Nodes. > > > I use the sec repo: > > > > > > deb

Re: Security Updates

On Wed, Mar 09, 2022 at 08:28:39PM -0500, Dan Ritter wrote: > Dimitrios Papanikolaou wrote: > > Hi, > > > > I have Debian 10 (buster) installed in my Nodes. > > I use the sec repo: > > > > deb http://security.debian.org/debian-securitybuster/updates main contrib > > non-free > > I hope there

Re: Security Updates

Dimitrios Papanikolaou wrote: > Hi, > > I have Debian 10 (buster) installed in my Nodes. > I use the sec repo: > > deb http://security.debian.org/debian-securitybuster/updates main contrib > non-free I hope there is another / between security and buster. > This is what I have. But can you

Re: Security

Hi. On Fri, Feb 04, 2022 at 09:43:18AM +0100, Andrei POPESCU wrote: > On Du, 30 ian 22, 19:27:56, Reco wrote: > > > > > > > > How does "people installing without recommends" translate to "GNOME > > > users" is beyond me, > > > > Easy. Look closely at two graphical frontends to libvirt

Re: Security

On Fri, Feb 04, 2022 at 09:43:18AM +0100, Andrei POPESCU wrote: [...] > Those who want a graphical tool to manage their VMs? Installing some > -gnome packages still doesn't make me a GNOME user ;) > > (e.g. I'm using network-manager-gnome with LXDE) It creeps slowly on you ;-P (Just kidding.

Re: Security

On Du, 30 ian 22, 19:27:56, Reco wrote: > > > > > How does "people installing without recommends" translate to "GNOME > > users" is beyond me, > > Easy. Look closely at two graphical frontends to libvirt they provide in > main archive. > Now ask yourself - would I need these on a server? Who

Re: Security

On 2022-02-02 13:59:07 +1300, Richard Hector wrote: > On 2/02/22 00:26, Vincent Lefevre wrote: > > On 2022-01-31 01:36:06 +1300, Richard Hector wrote: > > > On 29/01/22 04:17, Vincent Lefevre wrote: > > > > Servers shouldn't have pkexec installed in the first place, anyway. > > > > > >

Re: Security

On 2/02/22 00:26, Vincent Lefevre wrote: On 2022-01-31 01:36:06 +1300, Richard Hector wrote: On 29/01/22 04:17, Vincent Lefevre wrote: > Servers shouldn't have pkexec installed in the first place, anyway. libvirt-daemon-system depends on policykit-1. Should that not be on my (kvm) server

Re: Security

On 2022-01-31 01:36:06 +1300, Richard Hector wrote: > On 29/01/22 04:17, Vincent Lefevre wrote: > > Servers shouldn't have pkexec installed in the first place, anyway. > > libvirt-daemon-system depends on policykit-1. > > Should that not be on my (kvm) server either? I don't need

Re: Security

Hi. On Sun, Jan 30, 2022 at 02:39:14PM +0100, Andrei POPESCU wrote: > On Du, 30 ian 22, 15:54:17, Reco wrote: > > On Mon, Jan 31, 2022 at 01:36:06AM +1300, Richard Hector wrote: > > > On 29/01/22 04:17, Vincent Lefevre wrote: > > > > > > > Servers shouldn't have pkexec installed in the

Re: Security

On Du, 30 ian 22, 15:54:17, Reco wrote: > Hi. > > On Mon, Jan 31, 2022 at 01:36:06AM +1300, Richard Hector wrote: > > On 29/01/22 04:17, Vincent Lefevre wrote: > > > > > Servers shouldn't have pkexec installed in the first place, anyway. > > > > > > > libvirt-daemon-system depends on

Re: Security

Hi. On Mon, Jan 31, 2022 at 01:36:06AM +1300, Richard Hector wrote: > On 29/01/22 04:17, Vincent Lefevre wrote: > > > Servers shouldn't have pkexec installed in the first place, anyway. > > > > libvirt-daemon-system depends on policykit-1. > > Should that not be on my (kvm) server

Re: Security

On 29/01/22 04:17, Vincent Lefevre wrote: Servers shouldn't have pkexec installed in the first place, anyway. libvirt-daemon-system depends on policykit-1. Should that not be on my (kvm) server either? Cheers, Richard

Re: Security

Nicholas Geovanis wrote: > On Fri, Jan 28, 2022, 6:57 AM Dan Ritter wrote: > > > Nicholas Geovanis wrote: > > > On Wed, Jan 26, 2022, 12:39 PM Andrei POPESCU > > > wrote: > > > > > > > On Ma, 25 ian 22, 16:13:23, Nate Bargmann wrote: > > > > And please don't bother to reply with "there are no

Re: Security

On Fri, Jan 28, 2022, 9:17 AM Vincent Lefevre wrote: > On 2022-01-27 21:44:07 -0600, Nicholas Geovanis wrote: > > On Wed, Jan 26, 2022, 12:39 PM Andrei POPESCU > > wrote: > > > > > I'll use the opportunity to draw attention to DSA-5059-1, see e.g. this > > > article for details: > > > > > > > >

Re: Security

On Jo, 27 ian 22, 21:44:07, Nicholas Geovanis wrote: > On Wed, Jan 26, 2022, 12:39 PM Andrei POPESCU > > > > And please don't bother to reply with "there are no other users on this > > system I should worry about", the bad guys could still find ways to get > > in, e.g. via a compromised browser,

Re: Security

On Fri, Jan 28, 2022, 6:57 AM Dan Ritter wrote: > Nicholas Geovanis wrote: > > On Wed, Jan 26, 2022, 12:39 PM Andrei POPESCU > > wrote: > > > > > On Ma, 25 ian 22, 16:13:23, Nate Bargmann wrote: > > > And please don't bother to reply with "there are no other users on this > > > system I should

Re: Security

On 2022-01-27 21:44:07 -0600, Nicholas Geovanis wrote: > On Wed, Jan 26, 2022, 12:39 PM Andrei POPESCU > wrote: > > > I'll use the opportunity to draw attention to DSA-5059-1, see e.g. this > > article for details: > > > > > >

Re: Security

Nicholas Geovanis wrote: > On Wed, Jan 26, 2022, 12:39 PM Andrei POPESCU > wrote: > > > On Ma, 25 ian 22, 16:13:23, Nate Bargmann wrote: > > And please don't bother to reply with "there are no other users on this > > system I should worry about", the bad guys could still find ways to get > >

Re: Security

On Wed, Jan 26, 2022, 12:39 PM Andrei POPESCU wrote: > On Ma, 25 ian 22, 16:13:23, Nate Bargmann wrote: > > I am subscribed to that list and get them too. > > > > I just see that three more messages popped in since this morning from > > the security list. > > > > The complaints seem to be only

Re: Security

On Ma, 25 ian 22, 16:13:23, Nate Bargmann wrote: > I am subscribed to that list and get them too. > > I just see that three more messages popped in since this morning from > the security list. > > The complaints seem to be only about browsers. The inference seems to > be that the latest release

Re: Security

The proper way IMO is to subscribe to the CERT for your nation. Be the interface to it for your organization within your local responsibilities. You will then receive the high-risk advisories before they are publically released. That paid off, for example, during the ghost/meltdown Intel

Re: Security

I am subscribed to that list and get them too. I just see that three more messages popped in since this morning from the security list. The complaints seem to be only about browsers. The inference seems to be that the latest release always fixes security bugs. While this is true to an extent,

Re: Security

On 2022-01-25 15:47, Andy Smith wrote: > Hello, > > On Tue, Jan 25, 2022 at 03:05:51PM -0500, Polyna-Maude Racicot-Summerside > wrote: >> Kind of strange that some people complains we lag behind when I get >> information everyday that fixes are available for packages in the stable >> / old

Re: Security

Hello, On Tue, Jan 25, 2022 at 03:05:51PM -0500, Polyna-Maude Racicot-Summerside wrote: > Kind of strange that some people complains we lag behind when I get > information everyday that fixes are available for packages in the stable > / old stable release. I think you are getting worked up over

Re: security of debian default sudoers file (was: dead lock)

On 17/10/21 20:41, Gregor Zattler wrote: PS: in my opinion you should avoid creating a sudoers file unless you really know what you are doing. the defaults are very insecure. So force sudo to use the root passwd. After you ensure your root passwd works, simply add the line: Defaults

RE: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP withreserved IPs on wlan0?

I have used openwrt, but not recent version of it. I have been using Ubiquiti EdgeRouters running the stock EdgeOS. Very solid routers. I even have one sitting up in a tree in a Tupperware container in the snowy mountains! I recently discovered that EdgeOS is based on Debian and you can

Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?

On Mon, 8 Feb 2021 16:42:40 -0500 Dan Ritter wrote: > Celejar wrote: > > > If you are OK buying used equipment, Intel-based gigabit NICs, 4 ports > > > to a PCIe slot, cost about $35 (or $70 new). If you've got a 5 year old > > > > My understanding - please correct me if I'm wrong - is that

Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?

Celejar wrote: > > If you are OK buying used equipment, Intel-based gigabit NICs, 4 ports > > to a PCIe slot, cost about $35 (or $70 new). If you've got a 5 year old > > My understanding - please correct me if I'm wrong - is that with those > types of cards, the ports are distinct and aren't

Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?

On Mon, 8 Feb 2021 11:03:35 -0500 Dan Ritter wrote: > Celejar wrote: > > > I can be glad that OpenWRT has improved their security practices > > > and simultaneously not be interested in using it. > > > > I think we are really in basic agreement. The reason I use OpenWRT is > > that I use a

Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?

> I think we are really in basic agreement. The reason I use OpenWRT is > that I use a residential all-in-one WAP / switch / router, which Debian > is unsuitable for. If I ever go the separate WAP / switch / router > route, I'll probably use Debian on the router for the reasons you > give: good

Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?

Celejar wrote: > > I can be glad that OpenWRT has improved their security practices > > and simultaneously not be interested in using it. > > I think we are really in basic agreement. The reason I use OpenWRT is > that I use a residential all-in-one WAP / switch / router, which Debian > is

Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?

On Mon, 8 Feb 2021 09:57:13 -0500 Dan Ritter wrote: > Celejar wrote: > > On Mon, 8 Feb 2021 08:36:34 -0500 > > Dan Ritter wrote: > > > > > OpenWRT's security process doesn't look as terrible as it used > > > to be, but it doesn't really look good right now, just trying to > > > be better. > >

Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?

Celejar wrote: > On Mon, 8 Feb 2021 08:36:34 -0500 > Dan Ritter wrote: > > > OpenWRT's security process doesn't look as terrible as it used > > to be, but it doesn't really look good right now, just trying to > > be better. > > Again, let's look at specific examples of vulnerabilities present

Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?

On Mon, 8 Feb 2021 08:36:34 -0500 Dan Ritter wrote: > Celejar wrote: > > On Mon, 8 Feb 2021 06:41:23 -0500 > > Dan Ritter wrote: > > > > > Gregory Seidman wrote: > > > > If you want a Linux router/AP, I recommend OpenWRT over Debian. It runs > > > > on > > > > ... > > > > > Debian gets

Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?

Celejar wrote: > On Mon, 8 Feb 2021 06:41:23 -0500 > Dan Ritter wrote: > > > Gregory Seidman wrote: > > > If you want a Linux router/AP, I recommend OpenWRT over Debian. It runs on > > ... > > > Debian gets security updates in a timely manner (for stable). > > > > How's OpenWRT's security

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

On 15/09/2020 10:44, Greg Wooledge wrote: > Another choice would be to run Debian stable, but don't install Debian's > version of nginx. Use upstream's releases, compile them yourself, and > update them yourself whenever you need to (for security reasons or > otherwise). If one chooses to do so,

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

On 15/09/2020 10:38, Klaus Singvogel wrote: > No: no new version. > > If you're unhappy with that, think about these choices: > > - install upcoming Debian 11 (Testing, Bullseye) and live with the changes > of packages and possible errors in the system. Release date unknown. > > - install

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

On Tue, Sep 15, 2020 at 03:38:33PM +0200, Klaus Singvogel wrote: > No: no new version. > > If you're unhappy with that, think about these choices: > > - install upcoming Debian 11 (Testing, Bullseye) and live with the changes > of packages and possible errors in the system. Release date

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

Hi Revanth, Suryadevara, Revanth wrote: > Hi Klaus, > > Just needed to re-confirm couple of things here > > 1. I understand that the NGINX version shipped by default is secured and will > be updated with patches should there be some security issues. But my question > is, Can we expect the

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

Suryadevara, Revanth wrote: > Just needed to re-confirm couple of things here > > 1. I understand that the NGINX version shipped by default is secured and will > be updated with patches should there be some security issues. But my question > is, Can we expect the latest version of NGINX(i.e.

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

On Tue, Sep 15, 2020 at 12:23:11PM +, Suryadevara, Revanth wrote: > Hi Klaus, > > Just needed to re-confirm couple of things here > > 1. I understand that the NGINX version shipped by default is secured and will > be updated with patches should there be some security issues. But my

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

On Tue, Sep 15, 2020 at 12:23:11PM +, Suryadevara, Revanth wrote: > 1. I understand that the NGINX version shipped by default is secured and will > be updated with patches should there be some security issues. But my question > is, Can we expect the latest version of NGINX(i.e. v1.18.x) to

RE: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

to be available in Debian 10? Thanks, Revanth. -Original Message- From: Klaus Singvogel Sent: 15 September 2020 15:10 To: Suryadevara, Revanth Cc: debian-user@lists.debian.org Subject: Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution Hi Revanth, as you might have

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

On Tue, Sep 15, 2020 at 09:13:04AM +, Suryadevara, Revanth wrote: > 1.) Pertaining to Nginx there is no CVE-ID, main concern is, > According to nginx download page, (http://nginx.org/en/download.html) Nginx > 1.14.x is no longer supported and will not be getting regular patches. So, if >

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

laus Singvogel > Sent: 15 September 2020 13:32 > To: Suryadevara, Revanth > Cc: debian-user@lists.debian.org > Subject: Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution > > Suryadevara, Revanth wrote: > > > > We have a system running on Debian 10 w

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

Hi. Please do not top post. On Tue, Sep 15, 2020 at 09:13:04AM +, Suryadevara, Revanth wrote: > Hi Klaus, > > 1.) Pertaining to Nginx there is no CVE-ID, main concern is, > According to nginx download page, (http://nginx.org/en/download.html) > Nginx 1.14.x is no longer

RE: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

Cc: debian-user@lists.debian.org Subject: Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution Suryadevara, Revanth wrote: > > We have a system running on Debian 10 with Nginx v1.14.2, GNOME Evolution > v3.30.5-1.1 installed along with other packages. > [...] &

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

Suryadevara, Revanth wrote: > > We have a system running on Debian 10 with Nginx v1.14.2, GNOME Evolution > v3.30.5-1.1 installed along with other packages. > [...] > When can we expect latest versions of Nginx and GNOME Evolution to be > available in Debian 10 ? Which security bugs do you

Re: Security issue ... please could someone help !!!

Hi. On Sun, Apr 05, 2020 at 09:03:00PM +0100, Bhasker C V wrote: > I kept digging down and saw that anything below 32 bytes is not accepted > (by cryptsetup --key-file option) but anything above 32 bytes is > discarded. cryptsetup(8), "-s" option. > Does this mean that cryptsetup plain

Re: Security Issue with sssd / AD authentication?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kent West wrote: > Probably not the best place to put this information, but I figure here > is better than no where... > > I'm tinkering with authentication a Debian (10.1) box via Active > Directory, so that an AD user can log into the Debian

Re: Security Issue with sssd / AD authentication?

On 11/8/19 11:53 AM, Roberto C. Sánchez wrote: On Fri, Nov 08, 2019 at 11:36:34AM -0600, Kent West wrote: Probably not the best place to put this information, but I figure here is better than no where... I'm tinkering with authentication a Debian (10.1) box via Active Directory, so that an

Re: Security Issue with sssd / AD authentication?

On Fri, Nov 08, 2019 at 11:36:34AM -0600, Kent West wrote: > Probably not the best place to put this information, but I figure here is > better than no where... > > I'm tinkering with authentication a Debian (10.1) box via Active Directory, > so that an AD user can log into the Debian box. > >

Re: Security Updates

On Sun, Dec 30, 2018 at 08:00:51PM +0100, Marek Gráfel wrote: > I also tried the command via the apt-get update terminal, telling me that > the operation is declined. Make sure you run apt-get as root or with sudo: sudo apt-get update Then: sudo apt-get upgrade -- Nazar

Re: Security Updates

On 12/30/18 11:00 AM, Marek Gráfel wrote: I do not know English well, but I hope that the translation through Google Is there a Debian mailing list in your native language? https://lists.debian.org/completeindex.html David

Re: Security Updates

Marek Gráfel wrote: ... > I do not know English well, but I hope that the translation through Google > will be enough to lead me to write a procedure how to install security > updates, and please explain why your Debian freezes despite Linux Mintu? I > think Debian is higher than Linux Mint. Thank

Re: Security updates for Chromium on Debian Jessie

Hi, Alex. On 29/09/17 07:19, Alex ARNAUD wrote: In the last DSA for the chromium-browser package (DSA-3985-1) I noticed that the updates were released for stable, testing and unstable but not for oldstable. I think the same thing happened with the previous update.

Re: security-cdn.debian.org weigert me?

Op 29-09-17 om 13:52 schreef Paul van der Vlis: > Ik vind het daarom toch vreemd dat hij connect naar > security-cdn.debian.org. Dat kan ik nergens uithalen. En morgen kan het > weer wat anders zijn. Volgens mij is men overgestapt van eigen Debian-services, naar het cloud-platform van deze

Re: security-cdn.debian.org weigert me?

Op 28-09-17 om 14:04 schreef Floris: > Waarschijnlijk al tig keer gecontroleerd, maar hoe zien de > sources.list(.d/) er uit op de probleem machine? root@kvm:/usr/local/sbin# cat /etc/apt/sources.list deb http://ftp.nl.debian.org/debian/ jessie main contrib non-free deb

Re: security-cdn.debian.org weigert me?

On Fri, 29 Sep 2017 11:38:27 +0200 Paul van der Vlis wrote: > names="security.debian.org ftp.nl.debian.org popov.debian.org \ > popcon.debian.org ns1.vandervlis.nl ns2.vandervlis.nl" > > ip4="" > for name in $names; do >ip4="$ip4 `dig -t A +short $name | tr '\r \n' '

Re: Security updates for Chromium on Debian Jessie

Le 28/09/2017 à 19:39, Daniel Bareiro a écrit : Hi, Sven. On 28/09/17 14:13, Sven Joachim wrote: In the last DSA for the chromium-browser package (DSA-3985-1) I noticed that the updates were released for stable, testing and unstable but not for oldstable. I think the same thing happened with

Re: security-cdn.debian.org weigert me?

Op 28-09-17 om 19:17 schreef Geert Stappers: > On Thu, Sep 28, 2017 at 01:22:44PM +0200, Paul van der Vlis wrote: >> Op 28-09-17 om 12:27 schreef Floris: >>> Waar verwijzen de guests naar? >> security.debian.org verwijst daar ook naar villa.debian.org. >> >> Hmm, op de probleem-machine verwijst

Re: Security updates for Chromium on Debian Jessie

Hi, Sven. On 28/09/17 14:13, Sven Joachim wrote: >> In the last DSA for the chromium-browser package (DSA-3985-1) I noticed >> that the updates were released for stable, testing and unstable but not >> for oldstable. I think the same thing happened with the previous update. >> >> Maybe I'm

Re: security-cdn.debian.org weigert me?

On Thu, Sep 28, 2017 at 01:22:44PM +0200, Paul van der Vlis wrote: > Op 28-09-17 om 12:27 schreef Floris: > > Waar verwijzen de guests naar? > security.debian.org verwijst daar ook naar villa.debian.org. > > Hmm, op de probleem-machine verwijst dit naar > mirror-conova-security.debian.org. En op

Re: Security updates for Chromium on Debian Jessie

On 2017-09-28 11:08 -0300, Daniel Bareiro wrote: > In the last DSA for the chromium-browser package (DSA-3985-1) I noticed > that the updates were released for stable, testing and unstable but not > for oldstable. I think the same thing happened with the previous update. > > Maybe I'm missing

Re: security-cdn.debian.org weigert me?

Op Thu, 28 Sep 2017 13:22:44 +0200 schreef Paul van der Vlis : Op 28-09-17 om 12:27 schreef Floris: Misschien heb je er niks aan, maar bij mij verwijst security.debian.org/ naar villa.debian.org $ ping4 security.debian.org PING security.debian.org (212.211.132.32) 56(84)

Re: security-cdn.debian.org weigert me?

Op 28-09-17 om 12:27 schreef Floris: > Misschien heb je er niks aan, maar bij mij verwijst security.debian.org/ > naar villa.debian.org > $ ping4 security.debian.org > PING security.debian.org (212.211.132.32) 56(84) bytes of data. > 64 bytes from villa.debian.org (212.211.132.32): icmp_seq=1

Re: security-cdn.debian.org weigert me?

Op Thu, 28 Sep 2017 11:08:53 +0200 schreef Paul van der Vlis : Op 27-09-17 om 20:41 schreef Geert Stappers: On Wed, Sep 27, 2017 at 04:47:36PM +0200, Paul van der Vlis wrote: Hoi, Een machine geeft sinds een paar dagen foutmeldingen bij het ophalen van security

Re: security issues

On Sunday 27 August 2017 12:22:30 Mike McClain wrote: > On Sat, Aug 26, 2017 at 04:35:21PM -0400, Gene Heskett wrote: > > I have had the ultimate revenge on those who were enemies at one > > time, I've outlived the turkeys without doing anything to hasten > > their demise. ;-) > > I thought that

Re: security issues

On Sat, Aug 26, 2017 at 04:35:21PM -0400, Gene Heskett wrote: > > I have had the ultimate revenge on those who were enemies at one time, > I've outlived the turkeys without doing anything to hasten their > demise. ;-) > I thought that was worthy of being a tagline. Hope you don't mind. Mike --

Re: security issues

On Saturday 26 August 2017 15:43:40 Brian wrote: > [Lots of snipping] > > On Sat 26 Aug 2017 at 15:25:53 -0400, Gene Heskett wrote: > > On Saturday 26 August 2017 14:51:41 Brian wrote: > > > That's what you think! But while you are slumbering, she is > > > emailing friends and talking with Donald

Re: security issues

[Lots of snipping] On Sat 26 Aug 2017 at 15:25:53 -0400, Gene Heskett wrote: > On Saturday 26 August 2017 14:51:41 Brian wrote: > > > That's what you think! But while you are slumbering, she is emailing > > friends and talking with Donald on Twitter. Never underestimate a > > woman's ability to

Re: security issues

On Saturday 26 August 2017 15:25:53 Gene Heskett wrote: > > > install any of the firewall type stuff, dd-wrt in the router is > > > the best guard dog. I've been running some form of it for 15 or > > > more years, and have not been breached. > > > > Isn't dd-wrt only suitable for particular

Re: security issues

On Saturday 26 August 2017 14:51:41 Brian wrote: > On Sat 26 Aug 2017 at 07:40:09 -0400, Gene Heskett wrote: > > On Saturday 26 August 2017 04:13:38 Dejan Jocic wrote: > > > On 26-08-17, R Calleja wrote: > > > > Buenos dias, soy usuario de debian 8.9 desde hace 2 años. > > > > Tengo problemas de

Re: security issues

On Sat 26 Aug 2017 at 07:40:09 -0400, Gene Heskett wrote: > On Saturday 26 August 2017 04:13:38 Dejan Jocic wrote: > > > On 26-08-17, R Calleja wrote: > > > Buenos dias, soy usuario de debian 8.9 desde hace 2 años. > > > Tengo problemas de seguridad que me obligan a reinstalar el sistema > > > a

Re: security issues

On Saturday 26 August 2017 04:13:38 Dejan Jocic wrote: > On 26-08-17, R Calleja wrote: > > Buenos dias, soy usuario de debian 8.9 desde hace 2 años. > > Tengo problemas de seguridad que me obligan a reinstalar el sistema > > a menudo, una vez al año. > > He leido documentos y ayuda para mejorar

Re: security issues

Bien, pues entonces lo que vamos a hacer es, lo primero de todo, borrar la caché de Firefox; para lo cual debes ejecutar el siguiente comando en una terminal: rm -rf /.cache/mozilla/firefox Después, vas a esnifar (escuchar) el tráfico de red, por si encuentras tráfico sospechoso (por ejemplo,

Re: security issues

Exactamente, ¿qué problemas de seguridad son los que te presenta Debian? Santiago. El 26 ago. 2017 8:59, "R Calleja" escribió: > Buenos dias, soy usuario de debian 8.9 desde hace 2 años. > Tengo problemas de seguridad que me obligan a reinstalar el sistema a > menudo, una

Re: security issues

Le nonidi 9 fructidor, an CCXXV, Dejan Jocic a écrit : > 10. I'm sure that there is more 0. Think about against what risks you want to protect yourself. Security is always a compromise with convenience. The only absolute security is when you do nothing with no computer at all, but that is not

Re: security issues

On 26-08-17, R Calleja wrote: > Buenos dias, soy usuario de debian 8.9 desde hace 2 años. > Tengo problemas de seguridad que me obligan a reinstalar el sistema a > menudo, una vez al año. > He leido documentos y ayuda para mejorar la seguridad. > Pero no soy un usuario con conocimientos avanzados

Re: Security hole in LXDE?

On Mon, Feb 27, 2017 at 09:00:15PM +1100, Davor Balder wrote: > Hi Hans, > > Question 1 which one: stable, testing or unstable? IMHO if it's not stated then stable is to be assumed. Users who run testing/sid are generally expected to have some degree of troubleshooting knowledge (the clue is in

Re: [SOLVED] Re: Security hole in LXDE?

On Tue 07 Mar 2017 at 09:05:03 +0100, to...@tuxteam.de wrote: > On Mon, Mar 06, 2017 at 08:53:39PM +, Brian wrote: > > [...] > > > I'll reconstruct my previous response. If there is no root password, > > (a bad idea, see my other post) > > > sudo is installed and the "first user" is put

Re: [SOLVED] Re: Security hole in LXDE?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Mar 06, 2017 at 08:53:39PM +, Brian wrote: [...] > I'll reconstruct my previous response. If there is no root password, (a bad idea, see my other post) > sudo is installed and the "first user" is put into the sudo group. I've no proof

Re: [SOLVED] Re: Security hole in LXDE?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Mar 06, 2017 at 08:58:25PM +, Joe wrote: [...] > A member of the sudo group has permanent root privileges. He might as > well simply login as root every day, and not bother with another user. Sorry, I've to disagree. It's a question of

Re: [SOLVED] Re: Security hole in LXDE?

On Mon, 6 Mar 2017 20:47:50 + (UTC) Curt wrote: > On 2017-03-06, Joe wrote: > > > > Who said anything about lpadmin? The question is about the wisdom of > > automatically including someone in the sudo group, which in a > > default Debian sudoers file,

Re: [SOLVED] Re: Security hole in LXDE?

On Mon 06 Mar 2017 at 19:57:25 +, Joe wrote: > On Mon, 6 Mar 2017 19:36:40 + > Brian wrote: > > > On Mon 06 Mar 2017 at 18:59:18 +, Joe wrote: > > > > > On Mon, 6 Mar 2017 13:40:45 -0500 > > > Greg Wooledge wrote: > > > > > > > On Mon,

Re: [SOLVED] Re: Security hole in LXDE?

On 2017-03-06, Joe wrote: > > Who said anything about lpadmin? The question is about the wisdom of > automatically including someone in the sudo group, which in a default > Debian sudoers file, gives full root privileges to everything, using the > user's password. > > We have

Re: [SOLVED] Re: Security hole in LXDE?

On Mon, 6 Mar 2017 19:36:40 + Brian wrote: > On Mon 06 Mar 2017 at 18:59:18 +, Joe wrote: > > > On Mon, 6 Mar 2017 13:40:45 -0500 > > Greg Wooledge wrote: > > > > > On Mon, Mar 06, 2017 at 06:31:46PM +, Joe wrote: > > > > Debian

Re: [SOLVED] Re: Security hole in LXDE?

Greg Wooledge: > On Mon, Mar 06, 2017 at 06:31:46PM +, Joe wrote: >> Debian appears to use the group 'sudo' as an administrative group, >> where some other distributions use 'wheel'. >> >> I would not have thought that users would be added to it by default, >> there are no members on my

Re: [SOLVED] Re: Security hole in LXDE?

On Mon 06 Mar 2017 at 18:59:18 +, Joe wrote: > On Mon, 6 Mar 2017 13:40:45 -0500 > Greg Wooledge wrote: > > > On Mon, Mar 06, 2017 at 06:31:46PM +, Joe wrote: > > > Debian appears to use the group 'sudo' as an administrative group, > > > where some other

Re: [SOLVED] Re: Security hole in LXDE?

On Mon, 6 Mar 2017 13:40:45 -0500 Greg Wooledge wrote: > On Mon, Mar 06, 2017 at 06:31:46PM +, Joe wrote: > > Debian appears to use the group 'sudo' as an administrative group, > > where some other distributions use 'wheel'. > > > > I would not have thought that users

Re: [SOLVED] Re: Security hole in LXDE?

On Mon, Mar 06, 2017 at 06:31:46PM +, Joe wrote: > Debian appears to use the group 'sudo' as an administrative group, > where some other distributions use 'wheel'. > > I would not have thought that users would be added to it by default, > there are no members on my sid/xfce4 workstation.

  1   2   3   4   5   6   7   8   9   10   >