Jump to content

sunrat

Forum Moderators
  • Content Count

    5,997
  • Joined

  • Last visited

Community Reputation

1,981 Excellent

1 Follower

About sunrat

  • Rank
    Thread Kahuna
  • Birthday 09/04/1954

Profile Information

  • Gender
    Male
  • Location
    Melbourne, Australia
  • Interests
    Computers - Linux, graphics, music
    Flying R/C helicopters
    Gardening
    Sound Engineering/Production
    Ingress

Previous Fields

  • Main System Specs:
    OS:siduction, AVLinux, Debian Buster/ KDE, MX-17.1, Win10, Intel Core i5-6500 @ 3.6 GHz, Gigabyte H170-HD3-CF mobo, Corsair RM750i PS, 16GB RAM Kingston HyperX 2133, ASUS GTX970, M-Audio Audiophile 2496 soundcard, Samsung 850 EVO 500GB SSD, WD SATA2 HD 2TB, Sony 43" 4k TV
  • Secondary System Specs:
    OS: siduction, Debian Buster KDE Plasma 5, KXStudio, Win7, Core2Duo E8500 @ 3.17 GHz, Gigabyte GA-EP45-UD3R mobo, Antec Earth Watts 650W, 4GB RAM Kingston HyperX 800, ASUS GTX560Ti, OCZ Vertex2 SSD 120GB, WD SATA2 HD 2x1TB, LG 27MU67 4k monitor
  • Other System(s) Specs:
    LG GPad 8.3 Android tablet, Google Pixel phone, ASUS EeePC 900 antiX

Recent Profile Visitors

571 profile views
  1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4509-3 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 15, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apache2 CVE ID : CVE-2019-10092 Debian Bug : 941202 It was reported that the apache2 update released as DSA 4509-1 incorrectly fixed CVE-2019-10092. Updated apache2 packages are now available to correct this issue. For reference, the relevant part of the original advisory text follows. CVE-2019-10092 Matei "Mal" Badanoiu reported a limited cross-site scripting vulnerability in the mod_proxy error page. For the oldstable distribution (stretch), this problem has been fixed in version 2.4.25-3+deb9u9. For the stable distribution (buster), this problem has been fixed in version 2.4.38-3+deb10u3.
  2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4543-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 14, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : sudo CVE ID : CVE-2019-14287 Debian Bug : 942322 Joe Vennix discovered that sudo, a program designed to provide limited super user privileges to specific users, when configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, allows to run commands as root by specifying the user ID - -1 or 4294967295. This could allow a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access. Details can be found in the upstream advisory at https://www.sudo.ws/alerts/minus_1_uid.html . For the oldstable distribution (stretch), this problem has been fixed in version 1.8.19p1-2.1+deb9u1. For the stable distribution (buster), this problem has been fixed in version 1.8.27-1+deb10u1.
  3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4539-3 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 13, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl Debian Bug : 941987 The update for openssl released as DSA 4539-1 introduced a regression where AES-CBC-HMAC-SHA ciphers were not enabled. Updated openssl packages are now available to correct this issue. For the stable distribution (buster), this problem has been fixed in version 1.1.1d-0+deb10u2.
  4. LOL. That reminds me of a Pakulu Papito post, "Prank your housemates by filling all the sugar bowls in the house with cocaine".
  5. Epic drone chase of the ride HELIX at Liseberg in Gothenburg, Sweden. That's some unbelievably amazing drone flying!
  6. Just to confuse you even more, you can set up rsync to run as a systemd service with a systemd timer. Or even run it to watch folders for changes as shown in SB's above linked Arch wiki page. However, I just use Syncthing for that. The cron method is probably a touch easier for starters though.
  7. No social media here either. Avaaz are running an ongoing campaign to force Facebook et al to take down lots of these disinformation posts and accounts. I just donated 10 bucks to help them. https://secure.avaaz.org/campaign/en/war_on_planet_rb_loc/?fpla
  8. Edit, 1hour later: Just stumbled upon this - https://issuu.com/readdork/docs/dork__october_2017
  9. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4539-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 07, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssh Debian Bug : 941663 A change introduced in openssl 1.1.1d (which got released as DSA 4539-1) requires sandboxing features which are not available in Linux kernels before 3.19, resulting in OpenSSH rejecting connection attempts if running on an old kernel. This does not affect Linux kernels shipped in Debian oldstable/stable, but may affect buster systems which are running on an older kernel. For the stable distribution (buster), this problem has been fixed in version 1:7.9p1-10+deb10u1.
  10. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4542-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond October 06, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jackson-databind CVE ID : CVE-2019-12384 CVE-2019-14439 CVE-2019-14540 CVE-2019-16335 CVE-2019-16942 CVE-2019-16943 Debian Bug : 941530 940498 933393 930750 It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker providing maliciously crafted input to perform code execution, or read arbitrary files on the server. For the oldstable distribution (stretch), these problems have been fixed in version 2.8.6-1+deb9u6. For the stable distribution (buster), these problems have been fixed in version 2.9.8-3+deb10u1.
  11. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4541-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 04, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libapreq2 CVE ID : CVE-2019-12412 Debian Bug : 939937 Max Kellermann reported a NULL pointer dereference flaw in libapreq2, a generic Apache request library, allowing a remote attacker to cause a denial of service against an application using the library (application crash) if an invalid nested "multipart" body is processed. For the oldstable distribution (stretch), this problem has been fixed in version 2.13-7~deb9u1. For the stable distribution (buster), this problem has been fixed in version 2.13-7~deb10u1.
  12. In the past I have wondered how LAME (not) encoder managed to become so popular and widely used when it seemed to be violating patents, the last of which expired in 2017. Now I know. This from http://lame.sourceforge.net/tech-FAQ.txt
  13. When pasting a reply, there's a message link under the editor that says "Pasted as rich text. Paste as plain text instead." The bottom post above is rich text, the top is plain text which seems to strip the line and para breaks.
  14. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4509-2 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 2, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : subversion Debian Bug : 936034 The security fixes for the HTTP/2 code in Apache 2 shipped in DSA 4509 unveiled a bug in Subversion which caused a regression in mod_dav_svn when used with HTTP/2. For the oldstable distribution (stretch), this problem has been fixed in version 1.9.5-1+deb9u5.
×
×
  • Create New...