Jump to content

sunrat

Forum Moderators
  • Content Count

    6,053
  • Joined

  • Last visited

Everything posted by sunrat

  1. 20 Illustrations About Our Addiction To Technology https://zeephy.com/20-illustrations-about-our-addiction-to-technology/
  2. Old story. A truck driver was sitting at the counter of a diner having breakfast. A group of four outlaw motorcyclists entered and all four sat at the counter, two on each side of him. One of the bikers reached over and picked up the driver’s glass and drank the truck driver’s juice. Another reached over and took his coffee cup and drank his coffee. Another took a piece of toast off his plate. The fourth one took his bacon. The truck driver said nary a word, stood up, paid his check and left. The bikers were laughing and one of them said to the waitress, “That guy’s not much of a man. We ate his breakfast and he never did a thing!” The waitress just smiled and said, “He’s not much of a truck driver either. He ran over four Harleys trying to get his Peterbilt out of the parking lot.”
  3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4572-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 18, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : slurm-llnl CVE ID : CVE-2019-12838 It was discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system did not escape strings when importing an archive file into the accounting_storage/mysql backend, resulting in SQL injection. For the stable distribution (buster), this problem has been fixed in version 18.08.5.2-1+deb10u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4573-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 18, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : symfony CVE ID : CVE-2019-18887 CVE-2019-18888 CVE-2019-18889 Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization. For the oldstable distribution (stretch), these problems have been fixed in version 2.8.7+dfsg-1.3+deb9u3. For the stable distribution (buster), these problems have been fixed in version 3.4.22+dfsg-2+deb10u1.
  4. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4570-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 17, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mosquitto CVE ID : CVE-2019-11779 Debian Bug : 940654 A vulnerability was discovered in mosquitto, a MQTT version 3.1/3.1.1 compatible message broker, allowing a malicious MQTT client to cause a denial of service (stack overflow and daemon crash), by sending a specially crafted SUBSCRIBE packet containing a topic with a extremely deep hierarchy. For the stable distribution (buster), this problem has been fixed in version 1.5.7-1+deb10u1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4571-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 17, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : thunderbird CVE ID : CVE-2019-15903 CVE-2019-11764 CVE-2019-11763 CVE-2019-11762 CVE-2019-11761 CVE-2019-11760 CVE-2019-11759 CVE-2019-11757 CVE-2019-11755 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 60.x series has ended, so starting with this update we're now following the 68.x releases. For the oldstable distribution (stretch), this problem has been fixed in version 1:68.2.2-1~deb9u1. For the stable distribution (buster), this problem has been fixed in version 1:68.2.2-1~deb10u1.
  5. I actually prefer Debian myself. I've used it (well, siduction) long enough to know how to overcome any niggles and tweak how I like it mainly by editing config files. I like MX mainly because of the enthusiasm and attitude of the developers. They are willing to help out any n00 new explorers asking stupid questions in the forums. I'm a bit less tolerant of some of the lame things I see posted there. There is a downside though, there are a few regular helpers there that throw every solution they can imagine at every problem, most of them wildly off-target. Every tool is a hammer, right? Another thing that puts me off using MX more regularly is the plethora of custom MX Tools which all do wonderful things but I know how to do most of those things with a simple one line cli command. Plus I really dislike Thunar and XFTerminal after being used to Dolphin and Konsole, and generally prefer KDE Plasma to Xfce. [I just accidentally typed Xfece, Freudian slip? ] But don't misunderstand, I recommend MX freely especially for live usb use. But speaking of live usb, I spent ages last night making live USB keys with root and home persistence and got it wrong at least half the time although I was actually testing for creation of an added data partition for one of the devs. I mentioned a bug where it was created with root permissions and I suggested it should be user permissions instead. He made a new version of the live-usb-maker for me to test. Didn't fix it yet though. Oh yeah, the best solution to having root and home persistence working is to set it up with persist_static rather than persist_all when first booting the stick and setting customisation. persist_static writes changes to the save file immediately whereas persist_all saves to RAM and only writes the save file at shutdown. I did have a couple of occasions where home changes were written but root changes were forgotten just as mentioned in the first post above when using persist_all.
  6. I don't know about Buster. There are no conf files in /etc that set it and I don't even have Synaptic installed. I think it may just be apt default and siduction may have carried over the config which I copied over for that post above from a time when it wasn't default in Debian several releases ago.
  7. ------------------------------------------------------------------------ The Debian Project https://www.debian.org/ Updated Debian 10: 10.2 released press@debian.org November 16th, 2019 https://www.debian.org/News/2019/20191116 ------------------------------------------------------------------------ The Debian project is pleased to announce the second update of its stable distribution Debian 10 (codename "buster"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. Please note that the point release does not constitute a new version of Debian 10 but only updates some of the packages included. There is no need to throw away old "buster" media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror. Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release. New installation images will be available soon at the regular locations. Upgrading an existing installation to this revision can be achieved by pointing the package management system at one of Debian's many HTTP mirrors. A comprehensive list of mirrors is available at: https://www.debian.org/mirror/list Miscellaneous Bugfixes ---------------------- This stable update adds a few important corrections to the following packages: +---------------------------+-----------------------------------------+ | Package | Reason | +---------------------------+-----------------------------------------+ | aegisub [1] | Fix crash when selecting a language | | | from the bottom of the "Spell checker | | | language" list; fix crash when right- | | | clicking in the subtitles text box | | | | | akonadi [2] | Fix various crashes / deadlock issues | | | | | base-files [3] | Update /etc/debian_version for the | | | point release | | | | | capistrano [4] | Fix failure to remove old releases when | | | there were too many | | | | | cron [5] | Stop using obsolete SELinux API | | | | | cyrus-imapd [6] | Fix data loss on upgrade from version | | | 3.0.0 or earlier | | | | | debian-edu-config [7] | Handle newer Firefox ESR configuration | | | files; add post-up stanza to /etc/ | | | network/interfaces eth0 entry | | | conditionally | | | | | debian-installer [8] | Fix unreadable fonts on hidpi displays | | | in netboot images booted with EFI | | | | | debian-installer-netboot- | Rebuild against proposed-updates | | images [9] | | | | | | distro-info-data [10] | Add Ubuntu 20.04 LTS, Focal Fossa | | | | | dkimpy-milter [11] | New upstream stable release; fix | | | sysvinit support; catch more ASCII | | | encoding errors to improve resilience | | | against bad data; fix message | | | extraction so that signing in the same | | | pass through the milter as verifying | | | works correctly | | | | | emacs [12] | Update the EPLA packaging key | | | | | fence-agents [13] | Fix incomplete removal of fence_amt_ws | | | | | flatpak [14] | New upstream stable release | | | | | flightcrew [15] | Security fixes [CVE-2019-13032 | | | CVE-2019-13241] | | | | | fonts-noto-cjk [16] | Fix over-aggressive font selection of | | | Noto CJK fonts in modern web browsers | | | under Chinese locale | | | | | freetype [17] | Properly handle phantom points for | | | variable hinted fonts | | | | | gdb [18] | Rebuild against new libbabeltrace, with | | | higher version number to avoid conflict | | | with earlier upload | | | | | glib2.0 [19] | Ensure libdbus clients can authenticate | | | with a GDBusServer like the one in ibus | | | | | gnome-shell [20] | New upstream stable release; fix | | | truncation of long messages in Shell- | | | modal dialogs; avoid crash on | | | reallocation of dead actors | | | | | gnome-sound-recorder [21] | Fix crash when selecting a recording | | | | | gnustep-base [22] | Disable gdomap daemon that was | | | accidentally enabled on upgrades from | | | stretch | | | | | graphite-web [23] | Remove unused "send_email" function | | | [CVE-2017-18638]; avoid hourly error in | | | cron when there is no whisper database | | | | | inn2 [24] | Fix negotiation of DHE ciphersuites | | | | | libapache-mod-auth- | Fix use after free bug leading to crash | | kerb [25] | | | | | | libdate-holidays-de- | Mark International Childrens Day (Sep | | perl [26] | 20th) as a holiday in Thuringia from | | | 2019 onwards | | | | | libdatetime-timezone- | Update included data | | perl [27] | | | | | | libofx [28] | Fix null pointer dereference issue | | | [CVE-2019-9656] | | | | | libreoffice [29] | Fix the postgresql driver with | | | PostgreSQL 12 | | | | | libsixel [30] | Fix several security issues [CVE-2018- | | | 19756 CVE-2018-19757 CVE-2018-19759 | | | CVE-2018-19761 CVE-2018-19762 CVE-2018- | | | 19763 CVE-2019-3573 CVE-2019-3574] | | | | | libxslt [31] | Fix dangling pointer in xsltCopyText | | | [CVE-2019-18197] | | | | | lucene-solr [32] | Disable obsolete call to ContextHandler | | | in solr-jetty9.xml; fix Jetty | | | permissions on SOLR index | | | | | mariadb-10.3 [33] | New upstream stable release | | | | | modsecurity-crs [34] | Fix PHP script upload rules [CVE-2019- | | | 13464] | | | | | mutter [35] | New upstream stable release | | | | | ncurses [36] | Fix several security issues [CVE-2019- | | | 17594 CVE-2019-17595] and other issues | | | in tic | | | | | ndppd [37] | Avoid world writable PID file, that was | | | breaking daemon init scripts | | | | | network-manager [38] | Fix file permissions for "/var/lib/ | | | NetworkManager/secret_key" and /var/ | | | lib/NetworkManager | | | | | node-fstream [39] | Fix arbitrary file overwrite issue | | | [CVE-2019-13173] | | | | | node-set-value [40] | Fix prototype pollution [CVE-2019- | | | 10747] | | | | | node-yarnpkg [41] | Force using HTTPS for regular | | | registries | | | | | nx-libs [42] | Fix regressions introduced in previous | | | upload, affecting x2go | | | | | open-vm-tools [43] | Fix memory leaks and error handling | | | | | openvswitch [44] | Update debian/ifupdown.sh to allow | | | setting-up the MTU; fix Python | | | dependencies to use Python 3 | | | | | picard [45] | Update translations to fix crash with | | | Spanish locale | | | | | plasma-applet-redshift- | Fix manual mode when used with redshift | | control [46] | versions above 1.12 | | | | | postfix [47] | New upstream stable release; work | | | around poor TCP loopback performance | | | | | python-cryptography [48] | Fix test suite failures when built | | | against newer OpenSSL versions; fix a | | | memory leak triggerable when parsing | | | x509 certificate extensions like AIA | | | | | python-flask-rdf [49] | Add Depends on python{3,}-rdflib | | | | | python- | New upstream stable release; fix switch | | oslo.messaging [50] | connection destination when a rabbitmq | | | cluster node disappears | | | | | python-werkzeug [51] | Ensure Docker containers have unique | | | debugger PINs [CVE-2019-14806] | | | | | python2.7 [52] | Fix several security issues [CVE-2018- | | | 20852 CVE-2019-10160 CVE-2019-16056 | | | CVE-2019-16935 CVE-2019-9740 CVE-2019- | | | 9947] | | | | | quota [53] | Fix rpc.rquotad spinning at 100% CPU | | | | | rpcbind [54] | Allow remote calls to be enabled at | | | run-time | | | | | shelldap [55] | Repair SASL authentications, add a | | | 'sasluser' option | | | | | sogo [56] | Fix display of PGP-signed e-mails | | | | | spf-engine [57] | New upstream stable release; fix | | | sysvinit support | | | | | standardskriver [58] | Fix deprecation warning from | | | config.RawConfigParser; use external | | | "ip" command rather than deprecated | | | "ifconfig" command | | | | | swi-prolog [59] | Use HTTPS when contacting upstream pack | | | servers | | | | | systemd [60] | core: never propagate reload failure to | | | service result; fix sync_file_range | | | failures in nspawn containers on arm, | | | ppc; fix RootDirectory not working when | | | used in combination with User; ensure | | | that access controls on systemd- | | | resolved's D-Bus interface are enforced | | | correctly [CVE-2019-15718]; fix | | | StopWhenUnneeded=true for mount units; | | | make MountFlags=shared work again | | | | | tmpreaper [61] | Prevent breaking of systemd services | | | that use PrivateTmp=true | | | | | trapperkeeper-webserver- | Restore SSL compatibility with newer | | jetty9-clojure [62] | Jetty versions | | | | | tzdata [63] | New upstream release | | | | | ublock-origin [64] | New upstream version, compatible with | | | Firefox ESR68 | | | | | uim [65] | Resurrect libuim-data as a transitional | | | package, fixing some issues after | | | upgrades to buster | | | | | vanguards [66] | New upstream stable release; prevent a | | | reload of tor's configuration via | | | SIGHUP causing a denial-of-service for | | | vanguards protections | | | | +---------------------------+-----------------------------------------+ Security Updates ---------------- This revision adds the following security updates to the stable release. The Security Team has already released an advisory for each of these updates: +----------------+-----------------------------+ | Advisory ID | Package | +----------------+-----------------------------+ | DSA-4509 [67] | apache2 [68] | | | | | DSA-4511 [69] | nghttp2 [70] | | | | | DSA-4512 [71] | qemu [72] | | | | | DSA-4514 [73] | varnish [74] | | | | | DSA-4515 [75] | webkit2gtk [76] | | | | | DSA-4516 [77] | firefox-esr [78] | | | | | DSA-4517 [79] | exim4 [80] | | | | | DSA-4518 [81] | ghostscript [82] | | | | | DSA-4519 [83] | libreoffice [84] | | | | | DSA-4520 [85] | trafficserver [86] | | | | | DSA-4521 [87] | docker.io [88] | | | | | DSA-4523 [89] | thunderbird [90] | | | | | DSA-4524 [91] | dino-im [92] | | | | | DSA-4525 [93] | ibus [94] | | | | | DSA-4526 [95] | opendmarc [96] | | | | | DSA-4527 [97] | php7.3 [98] | | | | | DSA-4528 [99] | bird [100] | | | | | DSA-4530 [101] | expat [102] | | | | | DSA-4531 [103] | linux-signed-amd64 [104] | | | | | DSA-4531 [105] | linux-signed-i386 [106] | | | | | DSA-4531 [107] | linux [108] | | | | | DSA-4531 [109] | linux-signed-arm64 [110] | | | | | DSA-4532 [111] | spip [112] | | | | | DSA-4533 [113] | lemonldap-ng [114] | | | | | DSA-4534 [115] | golang-1.11 [116] | | | | | DSA-4535 [117] | e2fsprogs [118] | | | | | DSA-4536 [119] | exim4 [120] | | | | | DSA-4538 [121] | wpa [122] | | | | | DSA-4539 [123] | openssl [124] | | | | | DSA-4539 [125] | openssh [126] | | | | | DSA-4541 [127] | libapreq2 [128] | | | | | DSA-4542 [129] | jackson-databind [130] | | | | | DSA-4543 [131] | sudo [132] | | | | | DSA-4544 [133] | unbound [134] | | | | | DSA-4545 [135] | mediawiki [136] | | | | | DSA-4547 [137] | tcpdump [138] | | | | | DSA-4549 [139] | firefox-esr [140] | | | | | DSA-4550 [141] | file [142] | | | | | DSA-4551 [143] | golang-1.11 [144] | | | | | DSA-4553 [145] | php7.3 [146] | | | | | DSA-4554 [147] | ruby-loofah [148] | | | | | DSA-4555 [149] | pam-python [150] | | | | | DSA-4556 [151] | qtbase-opensource-src [152] | | | | | DSA-4557 [153] | libarchive [154] | | | | | DSA-4558 [155] | webkit2gtk [156] | | | | | DSA-4559 [157] | proftpd-dfsg [158] | | | | | DSA-4560 [159] | simplesamlphp [160] | | | | | DSA-4561 [161] | fribidi [162] | | | | | DSA-4562 [163] | chromium [164] | | | | +----------------+-----------------------------+ Removed packages ---------------- The following packages were removed due to circumstances beyond our control: +-------------------+--------------------------------------------------+ | Package | Reason | +-------------------+--------------------------------------------------+ | firefox-esr [165] | [armel] No longer supportable due to nodejs | | | build-dependency | | | | +-------------------+--------------------------------------------------+ Debian Installer ---------------- The installer has been updated to include the fixes incorporated into stable by the point release. URLs ---- The complete lists of packages that have changed with this revision: http://ftp.debian.org/debian/dists/buster/ChangeLog The current stable distribution: http://ftp.debian.org/debian/dists/stable/ Proposed updates to the stable distribution: http://ftp.debian.org/debian/dists/proposed-updates stable distribution information (release notes, errata etc.): https://www.debian.org/releases/stable/ Security announcements and information: https://www.debian.org/security/ About Debian ------------ The Debian Project is an association of Free Software developers who volunteer their time and effort in order to produce the completely free operating system Debian. Contact Information ------------------- For further information, please visit the Debian web pages at https://www.debian.org/, send mail to <press@debian.org>, or contact the stable release team at <debian-release@lists.debian.org>.
  8. Changing Debian's default setting to install recommends to false is one of the dumbest things in MX IMHO. It causes regular problems with users missing functionality. In Debian default is true IIRC. I guess it may be to reduce space used for a live usb install but I'd rather have full functionality of my installed applications personally. I would change it to true if I were you. Create a file in /etc/apt/apt.conf.d/ call it something like 80myconf.conf and put this in it: // apt defaults for raymac APT::Get::AutomaticRemove "0"; APT::Get::HideAutoRemove "0"; APT::Install-Recommends "1"; APT::Install-Suggests "0"; Here's a brilliant explanation on Stackexchange - https://unix.stackexchange.com/questions/77053/apt-installing-more-packages-than-specified-as-dependencies/77076#77076 And explanation of Debian package relationships - https://www.debian.org/doc/debian-policy/ch-relationships.html
  9. Don't fear the PulseAudio. I hated it at first and purged it whenever I could, but it's way better now and I appreciate what it does. Makes a few things much easier actually.
  10. How old is your browser? You know you can download the latest Firefox tarball and just run it directly from a folder in your HOME. I just installed 32.0.0.293 by downloading the npapi tarball and moving libflashplayer.so to ~/.mozilla/plugins/ , seems to work ok. It's getting harder to find sites that use Flash these days to even test it! Thank ${deity}. Score from that htmltest site is 508/555, FF70.0.1
  11. I just did a live USB install (for science and inspired by this thread) and set it up for both root and home persistence and both worked fine. Installed a few programs, removed a couple, saved some files in home, all were still there after a reboot. I also set up a separate DATA partition which I shouldn't have - used a 16GB micro SD card in a USB adapter, making 8GB data partition doesn't leave much room for expansion so I will change that. I read the section in the manual about the Live-USB-Maker and watched the instructional video by dolphinoracle linked from there. Twice. For the Chromium problem, make sure you have the package chromium-sandbox installed. Apparently Synaptic misses it but it's ok if you install Chromium with MX Package Installer. See - https://forum.mxlinux.org/viewtopic.php?f=97&t=54027&p=540082
  12. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4568-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 14, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-common CVE ID : CVE-2019-3466 Rich Mirch discovered that the pg_ctlcluster script didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation. For the oldstable distribution (stretch), this problem has been fixed in version 181+deb9u3. For the stable distribution (buster), this problem has been fixed in version 200+deb10u3. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4569-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 14, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ghostscript CVE ID : CVE-2019-14869 Manfred Paul and Lukas Schauer reported that the .charkeys procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox. For the oldstable distribution (stretch), this problem has been fixed in version 9.26a~dfsg-0+deb9u6. For the stable distribution (buster), this problem has been fixed in version 9.27~dfsg-2+deb10u3.
  13. Never too old to learn. At least you're not millennials. (or for millennials - your? yaw? ) There was an interesting current affairs program on our local ABC (government funded public station) the other night. Apparently back in the 50s and 60s when I went to school, English was taught with emphasis on recognising phonics ie. the individual sounds that make up words. This was changed to just teaching recognition of whole words which has recently been proved to be way less effective. Some schools have gone back to using phonics and the results have been remarkable with most students improving a whole grade in English over a couple of years!
  14. Amen brother. I try to avoid buying anything online unless it's absolutely unavailable from a store. Currently trying to deal with an undelivered package of herbal supplements from the US that tracking says was delivered 3 weeks ago. Possibly it was stolen from my mailbox, but I didn't receive it so it's undelivered from my perspective.
  15. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4565-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 13, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : intel-microcode CVE ID : CVE-2019-11135 CVE-2019-11139 This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the TAA (TSX Asynchronous Abort) vulnerability. For affected CPUs, to fully mitigate the vulnerability it is also necessary to update the Linux kernel packages as released in DSA 4564-1. For the oldstable distribution (stretch), these problems have been fixed in version 3.20191112.1~deb9u1. For the stable distribution (buster), these problems have been fixed in version 3.20191112.1~deb10u1.
  16. MX have a several dedicated tools for setting up usb drives and each has a separate purpose and result. I haven't done it so can't help directly, but it's bound to be explained completely in the comprehensive and excellent MX manual. Also there have been a number of topics on their forum about this.
  17. I vape so have been following these reports with interest. There have been zero deaths from vaping outside the US and places like the UK have a lot of vapers. The deaths in virtually all cases have been in vapers who use black market THC vape oil, a fact which has only been mentioned as subtext in most sensationalist articles. I agree there should be much more control in who is able to buy vapes and related items. There is reported to be a wave of US high school students using them although this also isn't mirrored in other countries. Reportedly the reduction in the number of smokers has been dramatic in the UK, and I am seeing many ex-smokers here in Australia who have switched including myself. I am absolutely convinced it is much less harmful than smoking. I also think it it not harmless and should not be taken up by non-smokers ever. Myanmar and India have banned it so I assume they want people to keep smoking instead. It's a good topic for click bait and sensationalism. Don't fall for it. Here is an article from Mercola yesterday ranted about unsavoury practices by Juul, the largest e-cigarette company in the US - https://articles.mercola.com/sites/articles/archive/2019/11/13/contaminated-juul-pods.aspx They got $7 million from their vape fluid supplier to recall contaminated fluid, and then sold it to consumers anyway! Juul is owned by Altria, the parent company of Marlboro. One can never trust big corporations and big tobacco are just evil IMHO. A small paragraph from that article quotes a CDC report on the deaths -
  18. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4563-1 security@debian.org https://www.debian.org/security/ Alberto Garcia November 12, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : webkit2gtk CVE ID : CVE-2019-8812 CVE-2019-8814 These vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2019-8812 An anonymous researcher discovered that maliciously crafted web content may lead to arbitrary code execution. CVE-2019-8814 Cheolung Lee discovered that maliciously crafted web content may lead to arbitrary code execution. For the stable distribution (buster), these problems have been fixed in version 2.26.2-1~deb10+1. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4567-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 12, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dpdk CVE ID : CVE-2019-14818 It was discovered that the vhost PMD in DPDK, a set of libraries for fast packet processing, was affected by memory and file descriptor leaks which could result in denial of service. For the oldstable distribution (stretch), this problem has been fixed in version 16.11.9-1+deb9u2. For the stable distribution (buster), this problem has been fixed in version 18.11.2-2+deb10u2. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4566-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 12, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu Debian Bug : 944623 This update for QEMU, a fast processor emulator, backports support to passthrough the pschange-mc-no CPU flag. The virtualised MSR seen by a guest is set to show the bug as fixed, allowing to disable iTLB Multihit mitigations in nested hypervisors (cf. DSA 4564-1). For the stable distribution (buster), this problem has been fixed in version 1:3.1+dfsg-8+deb10u3.
  19. - ------------------------------------------------------------------------- Debian Security Advisory DSA-4564-1 security@debian.org https://www.debian.org/security/ Ben Hutchings November 12, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-11135 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. CVE-2018-12207 It was discovered that on Intel CPUs supporting hardware virtualisation with Extended Page Tables (EPT), a guest VM may manipulate the memory management hardware to cause a Machine Check Error (MCE) and denial of service (hang or crash). The guest triggers this error by changing page tables without a TLB flush, so that both 4 KB and 2 MB entries for the same virtual address are loaded into the instruction TLB (iTLB). This update implements a mitigation in KVM that prevents guest VMs from loading 2 MB entries into the iTLB. This will reduce performance of guest VMs. Further information on the mitigation can be found at <https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/multihit.html> or in the linux-doc-4.9 or linux-doc-4.19 package. A qemu update adding support for the PSCHANGE_MC_NO feature, which allows to disable iTLB Multihit mitigations in nested hypervisors will be provided via DSA 4566-1. Intel's explanation of the issue can be found at <https://software.intel.com/security-software-guidance/insights/deep-dive-machine-check-error-avoidance-page-size-change-0>. CVE-2019-0154 Intel discovered that on their 8th and 9th generation GPUs, reading certain registers while the GPU is in a low-power state can cause a system hang. A local user permitted to use the GPU can use this for denial of service. This update mitigates the issue through changes to the i915 driver. The affected chips (gen8 and gen9) are listed at <https://en.wikipedia.org/wiki/List_of_Intel_graphics_processing_units#Gen8>. CVE-2019-0155 Intel discovered that their 9th generation and newer GPUs are missing a security check in the Blitter Command Streamer (BCS). A local user permitted to use the GPU could use this to access any memory that the GPU has access to, which could result in a denial of service (memory corruption or crash), a leak of sensitive information, or privilege escalation. This update mitigates the issue by adding the security check to the i915 driver. The affected chips (gen9 onward) are listed at <https://en.wikipedia.org/wiki/List_of_Intel_graphics_processing_units#Gen9>. CVE-2019-11135 It was discovered that on Intel CPUs supporting transactional memory (TSX), a transaction that is going to be aborted may continue to execute speculatively, reading sensitive data from internal buffers and leaking it through dependent operations. Intel calls this "TSX Asynchronous Abort" (TAA). For CPUs affected by the previously published Microarchitectural Data Sampling (MDS) issues (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091), the existing mitigation also mitigates this issue. For processors that are vulnerable to TAA but not MDS, this update disables TSX by default. This mitigation requires updated CPU microcode. An updated intel-microcode package (only available in Debian non-free) will be provided via DSA 4565-1. The updated CPU microcode may also be available as part of a system firmware ("BIOS") update. Further information on the mitigation can be found at <https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html> or in the linux-doc-4.9 or linux-doc-4.19 package. Intel's explanation of the issue can be found at <https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort>. For the oldstable distribution (stretch), these problems have been fixed in version 4.9.189-3+deb9u2. For the stable distribution (buster), these problems have been fixed in version 4.19.67-2+deb10u2.
  20. +1 it could be VBox. One thing I found with VBox when I used it was it worked best when the installed version of Guest Additions matched the exact version of VBox it was running in. Weird things happen with a mismatch. I don't have a current LXQT install, but 2 systems with siduction/KDE don't have this problem. In fact I was thinking recently how these are currently the best-behaved versions of any OS I've ever had! Touch wood.
  21. To summarise my last post which seems to have been misunderstood, if you can launch it from terminal with just "opera" you should be able to put just "opera" in your menu entry. /usr/bin/opera will work anyway so job done!
  22. /usr/bin/ should be in your PATH, so the simple way should work: $ opera Try that in a terminal. If it opens that should be all you need in your launcher. PS. MX can be run live from CD/USB. It even has an advanced persistence utility which will set up a USB flash drive to retain all you changes and data. You can use that every day instead of installing to HD. And MX-19 is out now! I have it installed and it's quite good. Got a glowing review at DistroWatch - https://distrowatch.com/weekly.php?issue=20191104#mx PPS. MX has Opera in the MX Package Installer.
  23. New Zealanders love their weird birbs (that's how they spell it colloquially). The fact we call their people "Kiwis" speaks volumes. NZ has a North Island and a South Island. Affectionately, Australia is known as West Island.
  24. - -------------------------------------------------------------------------- Debian Security Advisory DSA-4562-1 security@debian.org https://www.debian.org/security/ Michael Gilbert November 10, 2019 https://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : chromium CVE ID : CVE-2019-5869 CVE-2019-5870 CVE-2019-5871 CVE-2019-5872 CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667 CVE-2019-13668 CVE-2019-13669 CVE-2019-13670 CVE-2019-13671 CVE-2019-13673 CVE-2019-13674 CVE-2019-13675 CVE-2019-13676 CVE-2019-13677 CVE-2019-13678 CVE-2019-13679 CVE-2019-13680 CVE-2019-13681 CVE-2019-13682 CVE-2019-13683 CVE-2019-13685 CVE-2019-13686 CVE-2019-13687 CVE-2019-13688 CVE-2019-13691 CVE-2019-13692 CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 CVE-2019-13697 CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707 CVE-2019-13708 CVE-2019-13709 CVE-2019-13710 CVE-2019-13711 CVE-2019-13713 CVE-2019-13714 CVE-2019-13715 CVE-2019-13716 CVE-2019-13717 CVE-2019-13718 CVE-2019-13719 CVE-2019-13720 CVE-2019-13721 Several vulnerabilities have been discovered in the chromium web browser. CVE-2019-5869 Zhe Jin discovered a use-after-free issue. CVE-2019-5870 Guang Gong discovered a use-after-free issue. CVE-2019-5871 A buffer overflow issue was discovered in the skia library. CVE-2019-5872 Zhe Jin discovered a use-after-free issue. CVE-2019-5874 James Lee discovered an issue with external Uniform Resource Identifiers. CVE-2019-5875 Khalil Zhani discovered a URL spoofing issue. CVE-2019-5876 Man Yue Mo discovered a use-after-free issue. CVE-2019-5877 Guang Gong discovered an out-of-bounds read issue. CVE-2019-5878 Guang Gong discovered an use-after-free issue in the v8 javascript library. CVE-2019-5879 Jinseo Kim discover that extensions could read files on the local system. CVE-2019-5880 Jun Kokatsu discovered a way to bypass the SameSite cookie feature. CVE-2019-13659 Lnyas Zhang discovered a URL spoofing issue. CVE-2019-13660 Wenxu Wu discovered a user interface error in full screen mode. CVE-2019-13661 Wenxu Wu discovered a user interface spoofing issue in full screen mode. CVE-2019-13662 David Erceg discovered a way to bypass the Content Security Policy. CVE-2019-13663 Lnyas Zhang discovered a way to spoof Internationalized Domain Names. CVE-2019-13664 Thomas Shadwell discovered a way to bypass the SameSite cookie feature. CVE-2019-13665 Jun Kokatsu discovered a way to bypass the multiple file download protection feature. CVE-2019-13666 Tom Van Goethem discovered an information leak. CVE-2019-13667 Khalil Zhani discovered a URL spoofing issue. CVE-2019-13668 David Erceg discovered an information leak. CVE-2019-13669 Khalil Zhani discovered an authentication spoofing issue. CVE-2019-13670 Guang Gong discovered a memory corruption issue in the v8 javascript library. CVE-2019-13671 xisigr discovered a user interface error. CVE-2019-13673 David Erceg discovered an information leak. CVE-2019-13674 Khalil Zhani discovered a way to spoof Internationalized Domain Names. CVE-2019-13675 Jun Kokatsu discovered a way to disable extensions. CVE-2019-13676 Wenxu Wu discovered an error in a certificate warning. CVE-2019-13677 Jun Kokatsu discovered an error in the chrome web store. CVE-2019-13678 Ronni Skansing discovered a spoofing issue in the download dialog window. CVE-2019-13679 Conrad Irwin discovered that user activation was not required for printing. CVE-2019-13680 Thijs Alkamade discovered an IP address spoofing issue. CVE-2019-13681 David Erceg discovered a way to bypass download restrictions. CVE-2019-13682 Jun Kokatsu discovered a way to bypass the site isolation feature. CVE-2019-13683 David Erceg discovered an information leak. CVE-2019-13685 Khalil Zhani discovered a use-after-free issue. CVE-2019-13686 Brendon discovered a use-after-free issue. CVE-2019-13687 Man Yue Mo discovered a use-after-free issue. CVE-2019-13688 Man Yue Mo discovered a use-after-free issue. CVE-2019-13691 David Erceg discovered a user interface spoofing issue. CVE-2019-13692 Jun Kokatsu discovered a way to bypass the Same Origin Policy. CVE-2019-13693 Guang Gong discovered a use-after-free issue. CVE-2019-13694 banananapenguin discovered a use-after-free issue. CVE-2019-13695 Man Yue Mo discovered a use-after-free issue. CVE-2019-13696 Guang Gong discovered a use-after-free issue in the v8 javascript library. CVE-2019-13697 Luan Herrera discovered an information leak. CVE-2019-13699 Man Yue Mo discovered a use-after-free issue. CVE-2019-13700 Man Yue Mo discovered a buffer overflow issue. CVE-2019-13701 David Erceg discovered a URL spoofing issue. CVE-2019-13702 Phillip Langlois and Edward Torkington discovered a privilege escalation issue in the installer. CVE-2019-13703 Khalil Zhani discovered a URL spoofing issue. CVE-2019-13704 Jun Kokatsu discovered a way to bypass the Content Security Policy. CVE-2019-13705 Luan Herrera discovered a way to bypass extension permissions. CVE-2019-13706 pdknsk discovered an out-of-bounds read issue in the pdfium library. CVE-2019-13707 Andrea Palazzo discovered an information leak. CVE-2019-13708 Khalil Zhani discovered an authentication spoofing issue. CVE-2019-13709 Zhong Zhaochen discovered a way to bypass download restrictions. CVE-2019-13710 bernardo.mrod discovered a way to bypass download restrictions. CVE-2019-13711 David Erceg discovered an information leak. CVE-2019-13713 David Erceg discovered an information leak. CVE-2019-13714 Jun Kokatsu discovered an issue with Cascading Style Sheets. CVE-2019-13715 xisigr discovered a URL spoofing issue. CVE-2019-13716 Barron Hagerman discovered an error in the service worker implementation. CVE-2019-13717 xisigr discovered a user interface spoofing issue. CVE-2019-13718 Khalil Zhani discovered a way to spoof Internationalized Domain Names. CVE-2019-13719 Khalil Zhani discovered a user interface spoofing issue. CVE-2019-13720 Anton Ivanov and Alexey Kulaev discovered a use-after-free issue. CVE-2019-13721 banananapenguin discovered a use-after-free issue in the pdfium library. For the oldstable distribution (stretch), support for chromium has been discontinued. Please upgrade to the stable release (buster) to continue receiving chromium updates or switch to firefox, which continues to be supported in the oldstable release. For the stable distribution (buster), these problems have been fixed in version 78.0.3904.97-1~deb10u1.
×
×
  • Create New...