Re: Alas and alack.
Bob Paige wrote:
>> I'm a big Linux fan because of usability, extensibility, flexibility,
>> and security issues. I believe that the different mechanisms
>> available with GNU software, especially the Debian GNU/Linux way,
>> lends itself well to dealing with these issues. But not even Debian
>> can deal with systems that are improperly managed. Apparently some
>> people still don't take software maintenance seriously. Self managed
>> systems can help some, but it still takes involvement from people, and
>> that will always be the bottom line as far as I am concerned.
>>
>Being something of a newbie myself, can someone suggest a way to keep a
>system up to date?
>
>I know through apt-get (or wajig) you can automatically download and
>install the latest updates, but I would like to see a system that
>automatically notifies you (via email?) when such an update results in
>new packages being installed.
>
>Ideas?
Subscribe to the following list, example quoted:
<quote>
To: debian-security-announce@lists.debian.org (Debian Security
Announcements)
Subject: [SECURITY] [DSA 244-1] New noffle packages fix buffer overflows
From: joey@infodrom.org (Martin Schulze)
Date: Mon, 27 Jan 2003 16:26:08 +0100 (CET)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-
--------------------------------------------------------------------------
Debian Security Advisory DSA 244-1
security@debian.org
http://www.debian.org/security/ Martin
Schulze
January 27th, 2003
http://www.debian.org/security/faq
-
--------------------------------------------------------------------------
Package : noffle
Vulnerability : buffer overflows
Problem-Type : remote
Debian-specific: no
CVE Id : CAN-2003-0037
Dan Jacobson noticed a problem in noffle, an offline news server, that
leads to a segmentation fault. It is not yet clear whether this
problem is exploitable. However, if it is, a remote attacker could
trigger arbitrary code execution under the user that calls noffle,
probably news.
For the stable distribution (woody) this problem has been fixed in
version 1.0.1-1.1.
The old stable distribution (potato) does not contain a noffle
package.
For the unstable distribution (sid) this problem has been fixed in
version 1.1.2-1.
We recommend that you upgrade your noffle package.
Upgrade Instructions
[...]
</quote>
--
gt kk5st@sbcglobal.net
You have a RIGHT to your opinion---even if it is crap.
Reply to: