Debian Security Advisory
Posted by bodhi
|
Re: Debian Security Advisory January 21, 2018 05:00PM |
Admin Registered: 13 years ago Posts: 18,550 |
> bodhi Wrote:
>
> There are many of ARM 32 being affected.
> Cortex A9 (eg. our MVEBU Armada 38x) is one of
> those. Therefore I will have new release kenel out
> ASAP when I can get back to my development rig.
Looks like the Spectre patch will be slow coming. So in the mean time, take the usual precaution if you have Armada 38x box.
-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
>
> There are many of ARM 32 being affected.
> Cortex A9 (eg. our MVEBU Armada 38x) is one of
> those. Therefore I will have new release kenel out
> ASAP when I can get back to my development rig.
Looks like the Spectre patch will be slow coming. So in the mean time, take the usual precaution if you have Armada 38x box.
-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
|
Re: Debian Security Advisory May 18, 2018 10:00PM |
Admin Registered: 13 years ago Posts: 18,550 |
Debian jessie security news.
-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
Quote
Debian Security Advisory DSA-4205-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 18, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
This is an advance notice that regular security support for Debian
GNU/Linux 8 (code name "jessie") will be terminated on the 17th of
June.
As with previous releases additional LTS support will be provided for
a reduced set of architectures and packages, a separate announcement
will be available in due time.
-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
|
Re: Debian Security Advisory March 22, 2020 09:14PM |
Admin Registered: 13 years ago Posts: 18,550 |
Vulnerabilites in Zyxel NAS326, and in general many other Zyxel products:
https://arstechnica.com/information-technology/2020/03/lilin-dvrs-and-zyxel-nas-devices-have-been-active-exploit-for-months/
https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml
So if you are running stock FW, now is a good time to install Debian:
https://forum.doozan.com/read.php?2,88619
-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
https://arstechnica.com/information-technology/2020/03/lilin-dvrs-and-zyxel-nas-devices-have-been-active-exploit-for-months/
https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml
So if you are running stock FW, now is a good time to install Debian:
https://forum.doozan.com/read.php?2,88619
-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
|
Re: Debian Security Advisory June 03, 2021 04:05PM |
Admin Registered: 13 years ago Posts: 18,550 |
https://lwn.net/Articles/858144/
Update your Debian package (caribou, firefox-esr, imagemagick, and isc-dhcp),
-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
Update your Debian package (caribou, firefox-esr, imagemagick, and isc-dhcp),
-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
|
Re: Debian Security Advisory May 25, 2022 05:05PM |
Admin Registered: 13 years ago Posts: 18,550 |
Update your dpkg.
https://www.debian.org/security/2022/dsa-5147
-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
https://www.debian.org/security/2022/dsa-5147
-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
|
Re: Debian Security Advisory June 10, 2022 08:24PM |
Admin Registered: 13 years ago Posts: 18,550 |
Quote
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5160-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 10, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : ntfs-3g
CVE ID : CVE-2021-46790 CVE-2022-30783 CVE-2022-30784 CVE-2022-30785
CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789
Debian Bug : 1011770
Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS
driver for FUSE. A local user can take advantage of these flaws for
local root privilege escalation.
For the oldstable distribution (buster), these problems have been fixed
in version 1:2017.3.23AR.3-3+deb10u2.
For the stable distribution (bullseye), these problems have been fixed in
version 1:2017.3.23AR.3-4+deb11u2.
We recommend that you upgrade your ntfs-3g packages.
-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
|
Re: Debian Security Advisory August 15, 2023 12:03AM |
Admin Registered: 13 years ago Posts: 18,550 |
Quote
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5477-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 14, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : samba
CVE ID : CVE-2022-2127 CVE-2023-3347 CVE-2023-34966 CVE-2023-34967
CVE-2023-34968
Debian Bug : 1041043
Several vulnerabilities have been discovered in Samba, which could result
in information disclosure, denial of service or insufficient enforcement
of security-relevant config directives.
The version of Samba in the oldstable distribution (bullseye) cannot be
fully supported further: If you are using Samba as a domain controller
you should either upgrade to the stable distribution or if that's not
an immediate option consider to migrate to Samba from bullseye-backports
(which will be kept updated to the version in stable). Operating Samba
as a file/print server will continue to be supported, a separate DSA
will provide an update update along with documentation about the scope
of continued support.
For the stable distribution (bookworm), these problems have been fixed in
version 2:4.17.10+dfsg-0+deb12u1.
We recommend that you upgrade your samba packages.
Note the warning:
Quote
The version of Samba in the oldstable distribution (bullseye) cannot be
fully supported further: If you are using Samba as a domain controller
you should either upgrade to the stable distribution or if that's not
an immediate option consider to migrate to Samba from bullseye-backports
-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
|
Re: Debian Security Advisory October 06, 2023 03:04PM |
Admin Registered: 13 years ago Posts: 18,550 |
It's made headline in the news lately. If you're using Exim mail transport agent, must update.
Check if it is installed (you might be using it instead of sendmail).
-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
Check if it is installed (you might be using it instead of sendmail).
dpkg -l | grep -i exim
Quote
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5512-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
October 02, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : exim4
CVE ID : CVE-2023-42114 CVE-2023-42115 CVE-2023-42116
Several vulnerabilities were discovered in Exim, a mail transport agent,
which could result in remote code execution if the EXTERNAL or SPA/NTLM
authenticators are used.
For the oldstable distribution (bullseye), these problems have been fixed
in version 4.94.2-7+deb11u1.
For the stable distribution (bookworm), these problems have been fixed in
version 4.96-15+deb12u2.
We recommend that you upgrade your exim4 packages.
-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
|
Re: Debian Security Advisory March 29, 2024 05:52PM |
Admin Registered: 13 years ago Posts: 18,550 |
This is quite serious for Internet facing servers. SSH was compromized by a backdoor in xz-utils (specifically xz versions 5.6.0 and 5.6.1)
https://lwn.net/Articles/967180/
Debian Security Advisory
https://lists.debian.org/debian-security-announce/2024/msg00057.html
The Debian stable is OK. But if you are pulling any testing/unstable/experimental in your APT source list, then beware.
Or go ahead and check it anyway:
# dpkg -l | grep "xz-utils"
-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
Edited 2 time(s). Last edit at 03/29/2024 06:17PM by bodhi.
https://lwn.net/Articles/967180/
Quote
Andres Freund has posted a detailed investigation into a backdoor that was shipped with versions 5.6.0 and 5.6.1 of the xz compression utility. It appears that the malicious code may be aimed at allowing SSH authentication to be bypassed.
Update: there are advisories out now from Arch, Debian, Red Hat, and openSUSE.
Debian Security Advisory
https://lists.debian.org/debian-security-announce/2024/msg00057.html
Quote
Andres Freund discovered that the upstream source tarballs for xz-utils,
the XZ-format compression utilities, are compromised and inject
malicious code, at build time, into the resulting liblzma5 library.
Right now no Debian stable versions are known to be affected.
Compromised packages were part of the Debian testing, unstable and
experimental distributions, with versions ranging from 5.5.1alpha-0.1
(uploaded on 2024-02-01), up to and including 5.6.1-1. The package has
been reverted to use the upstream 5.4.5 code, which we have versioned
5.6.1+really5.4.5-1.
The Debian stable is OK. But if you are pulling any testing/unstable/experimental in your APT source list, then beware.
Or go ahead and check it anyway:
# dpkg -l | grep "xz-utils"
ii xz-utils 5.4.1-0.2 armel XZ-format compression utilities
-bodhi
===========================
Forum Wiki
bodhi's corner (buy bodhi a beer)
Edited 2 time(s). Last edit at 03/29/2024 06:17PM by bodhi.
