Jump to content

Forums

  1. The Highlands

    1. Announcements

      General announcements of note for all forum members.

      1,756
      posts
    2. Bruno's All Things Linux

      The place to free your mind and explore Linux, which for many, isn't an "alternative" operating system — it's their only OS.

      204,582
      posts
    3. All Things Windows

      Topics related to Windows, Microsoft, help with Windows, techniques, performance, betas, all types of Applications, Windows news, Windows server OSes, the future of operating systems, and more.

      42,539
      posts
    4. All Things Mac

      Topics and discussions related to Apple, Macintosh hardware and accessories, OS X, Classic, iTunes / iTMS (Mac & PC), mainstream Mac software, and more.

      3,522
      posts
    5. Hardware

      Exploring CPUs, motherboards, overclocking, building your own PC, case mods, PC brands, handhelds, peripherals of all types, DVDs, CD burners, hardware-specific software, device drivers, and anything else related to hardware.

      19,266
      posts
    6. Mobility

      Topics related to ANY AND ALL Mobile Platforms, Mobile Devices, Mobile Operating Systems, Mobile Apps, and more.

      2,036
      posts
    7. Security & Networking

      Protecting PCs from attack, networking, network hardware, remote access, sharing broadband, different broadband technologies, network troubleshooting, spam, encryption, firewalls, and more.

      23,474
      posts
    8. Social Media

      Social Media will cover all topics related to Social Media, Web 2.0, browsers and web applications, email, and more.

      17,570
      posts
    9. The Restaurant at the Edge of the Universe

      The The Restaurant at the Edge of the Universe, previously known as The Water Cooler, is a place to post stuff that has absolutely nothing at all to do with computers, broadband, Scot's Newsletter, or anything that's "supposed" to be here.

      49,729
      posts
    10. Forum Feedback

      Forum-Related Feedback Only, Please: Bugs, problems, forum software, skins, graphics, webhost, stuff we're testing, suggestions, and more. NOTE: Testing Subforum is under the Forum Feedback forum.
      6,467
      posts
  • Recent Posts

    • - ------------------------------------------------------------------------- Debian Security Advisory DSA-4580-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 09, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For the oldstable distribution (stretch), these problems have been fixed in version 68.3.0esr-1~deb9u1. For the stable distribution (buster), these problems have been fixed in version 68.3.0esr-1~deb10u1.   - ------------------------------------------------------------------------- Debian Security Advisory DSA-4581-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 10, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : git CVE ID : CVE-2019-1348 CVE-2019-1349 CVE-2019-1352 CVE-2019-1353 CVE-2019-1387 CVE-2019-19604 Several vulnerabilities have been discovered in git, a fast, scalable, distributed revision control system. CVE-2019-1348 It was reported that the --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=..., allowing to overwrite arbitrary paths. CVE-2019-1387 It was discovered that submodule names are not validated strictly enough, allowing very targeted attacks via remote code execution when performing recursive clones. CVE-2019-19604 Joern Schneeweisz reported a vulnerability, where a recursive clone followed by a submodule update could execute code contained within the repository without the user explicitly having asked for that. It is now disallowed for `.gitmodules` to have entries that set `submodule.<name>.update=!command`. In addition this update addresses a number of security issues which are only an issue if git is operating on an NTFS filesystem (CVE-2019-1349, CVE-2019-1352 and CVE-2019-1353). For the oldstable distribution (stretch), these problems have been fixed in version 1:2.11.0-3+deb9u5. For the stable distribution (buster), these problems have been fixed in version 1:2.20.1-2+deb10u1.   - ------------------------------------------------------------------------- Debian Security Advisory DSA-4582-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 13, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : davical CVE ID : CVE-2019-18345 CVE-2019-18346 CVE-2019-18347 Debian Bug : 946343 Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server. For the oldstable distribution (stretch), these problems have been fixed in version 1.1.5-1+deb9u1. For the stable distribution (buster), these problems have been fixed in version 1.1.8-1+deb10u1.   - ------------------------------------------------------------------------- Debian Security Advisory DSA-4583-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 13, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : spip CVE ID : not yet available A vulnerability was discovered in the SPIP publishing system, which could result in unauthorised writes to the database by authors. The oldstable distribution (stretch) is not affected. For the stable distribution (buster), this problem has been fixed in version 3.2.4-1+deb10u2.   - ------------------------------------------------------------------------- Debian Security Advisory DSA-4565-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 13, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : intel-microcode CVE ID : CVE-2019-11135 CVE-2019-11139 Debian Bug : 946515 This update ships updated CPU microcode for CFL-S (Coffe Lake Desktop) models of Intel CPUs which were not yet included in the Intel microcode update released as DSA 4565-1. For details please refer to https://www.intel.com/content/dam/www/public/us/en/security-advisory/documents/IPU-2019.2-microcode-update-guidance-v1.01.pdf Additionally this update rolls back CPU microcode for HEDT and Xeon processors with signature 0x50654 which were affected by a regression causing hangs on warm reboots (Cf. #946515). For the oldstable distribution (stretch), these problems have been fixed in version 3.20191115.2~deb9u1. For the stable distribution (buster), these problems have been fixed in version 3.20191115.2~deb10u1.   - ------------------------------------------------------------------------- Debian Security Advisory DSA-4584-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 14, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : spamassassin CVE ID : CVE-2018-11805 CVE-2019-12420 Debian Bug : 946652 946653 Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. CVE-2018-11805 Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios. CVE-2019-12420 Specially crafted mulitpart messages can cause spamassassin to use excessive resources, resulting in a denial of service. For the oldstable distribution (stretch), these problems have been fixed in version 3.4.2-1~deb9u2. For the stable distribution (buster), these problems have been fixed in version 3.4.2-1+deb10u1.
    • I'm also starting to consider that MAYBE Debian stable is the right fit for me.  I've been focusing on rolling-releases to solve the re-installation problem, but I'm also reading in Debian forums that dist-upgrades go so smoothly.  With 5-year +/- support windows, a SMOOTH dist-upgrade could suit my purpose just fine.   Coming from the 'Buntu family, nearly every dist-upgrade results in a trouble-shooting session of some sort....if not right away, shortly thereafter.  I've learned that clean re-installs of Ubuntu are the best path forward.  But then I switched to Lubuntu, and the LXDE/LXQT support windows are 3 years instead of 5, so the only way to stay up-to-date with LTS releases is to upgrade every 2 years, or "assume the risk" between years 3-4 (the underlying Ubuntu supports 5 years, it's the LXDE/LXQT GUI layer thats limited to 3).  I've gone down both paths, but both paths lead to a re-install because Ubuntu's upgrade-in-place is never smooth for me....even when it SEEMS smooth, I discover problems later.   So Debian users comments regarding smoothness and reliability for upgrade-in-place catch my ear.  And knowing Debian's "release when ready, and not before" philosophy, I have to believe that includes the upgrade path.  I had a guy tell me he's upgraded his Debian stable "in place" for 20 years now, and still going strong...rock solid.  Whoa, REALLY?!  Seems grandiose, but you have my attention!  Any other Debian users on here care to comment on your Debian upgrade experiences?  I'm only interested in upgrade-in-place experiences....any issues from upgrade?  How many times have you upgraded "in place" without re-installation?    
  • Who's Online (See full list)

    There are no registered users currently online

  • Today's Birthdays

    No users celebrating today
  • Member Statistics

    • Total Members
      4,980
    • Most Online
      721

    Newest Member
    Bookmem
    Joined
×
×
  • Create New...