Re: Alas and alack.

To: debian-user@lists.debian.org
Subject: Re: Alas and alack.
From: Gary Turner <kk5st@sbcglobal.net>
Date: Tue, 28 Jan 2003 20:44:51 -0600
Message-id: <[🔎] onfe3vgqdipj5bf49gql1cpp0j88j6gk61@4ax.com>
In-reply-to: <[🔎] 3E36D97E.1070407@iname.com>
References: <[🔎] Pine.LNX.4.44.0301281116140.3196-100000@destiny.ringworld.org> <[🔎] 3E36C690.3050204@yahoo.com> <[🔎] 3E36D97E.1070407@iname.com>

Bob Paige wrote:

>> I'm a big Linux fan because of usability, extensibility, flexibility, 
>> and security issues.  I believe that the different mechanisms 
>> available with GNU software, especially the Debian GNU/Linux way, 
>> lends itself well to dealing with these issues.  But not even Debian 
>> can deal with systems that are improperly managed.  Apparently some 
>> people still don't take software maintenance seriously.  Self managed 
>> systems can help some, but it still takes involvement from people, and 
>> that will always be the bottom line as far as I am concerned.
>>
>Being something of a newbie myself, can someone suggest a way to keep a 
>system up to date?
>
>I know through apt-get (or wajig) you can automatically download and 
>install the latest updates, but I would like to see a system that 
>automatically notifies you (via email?) when such an update results in 
>new packages being installed.
>
>Ideas?

Subscribe to the following list, example quoted:

<quote>

To: debian-security-announce@lists.debian.org (Debian Security
Announcements)
Subject: [SECURITY] [DSA 244-1] New noffle packages fix buffer overflows
From: joey@infodrom.org (Martin Schulze)
Date: Mon, 27 Jan 2003 16:26:08 +0100 (CET)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

-
--------------------------------------------------------------------------
Debian Security Advisory DSA 244-1
security@debian.org
http://www.debian.org/security/                             Martin
Schulze
January 27th, 2003
http://www.debian.org/security/faq
-
--------------------------------------------------------------------------

Package        : noffle
Vulnerability  : buffer overflows
Problem-Type   : remote
Debian-specific: no
CVE Id         : CAN-2003-0037

Dan Jacobson noticed a problem in noffle, an offline news server, that
leads to a segmentation fault.  It is not yet clear whether this
problem is exploitable.  However, if it is, a remote attacker could
trigger arbitrary code execution under the user that calls noffle,
probably news.

For the stable distribution (woody) this problem has been fixed in
version 1.0.1-1.1.

The old stable distribution (potato) does not contain a noffle
package.

For the unstable distribution (sid) this problem has been fixed in
version 1.1.2-1.

We recommend that you upgrade your noffle package.


Upgrade Instructions
[...]

</quote>

-- 
gt                                kk5st@sbcglobal.net
You have a RIGHT to your opinion---even if it is crap.

Reply to:

References:
- Re: Alas and alack.
  - From: Scott Dier - dieman <dieman@ringworld.org>
- Re: Alas and alack.
  - From: Brian Masinick <masinick@yahoo.com>
- Re: Alas and alack.
  - From: Bob Paige <bobman@iname.com>

Prev by Date: Re: Slang for money [was: Re: Backup Consensus?]
Next by Date: Re: Missing a PERL module called 'concat'
Previous by thread: Re: Alas and alack.
Next by thread: Re: Alas and alack.
Index(es):
- Date
- Thread