星球
USN-1069-1: Mailman vulnerabilities
2011/2/23 3:45:08 | Ubuntu security notices
Referenced CVEs:
CVE-2010-3089, CVE-2011-0707
Description:
===========================================================
Ubuntu Security Notice USN-1069-1 February 22, 2011
mailman vulnerabilities
CVE-2010-3089, CVE-2011-0707
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
mailman 2.1.5-9ubuntu4.4
Ubuntu 8.04 LTS:
mailman 1:2.1.9-9ubuntu1.4
Ubuntu 9.10:
mailman 1:2.1.12-2ubuntu0.2
Ubuntu 10.04 LTS:
mailman 1:2.1.13-1ubuntu0.2
Ubuntu 10.10:
mailman 1:2.1.13-4ubuntu0.2
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that Mailman did not properly sanitize certain fields,
resulting in cross-site scripting (XSS) vulnerabilities. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data, within the same
domain.
USN-1068-1: Aptdaemon vulnerability
2011/2/22 22:12:57 | Ubuntu security notices
Referenced CVEs:
CVE-2011-0725
Description:
===========================================================
Ubuntu Security Notice USN-1068-1 February 22, 2011
aptdaemon vulnerability
CVE-2011-0725
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.10:
python-aptdaemon 0.31+bzr506-0ubuntu6.1
In general, a standard system update will make all the necessary changes.
Details follow:
Sergey Nizovtsev discovered that Aptdaemon incorrectly filtered certain
arguments when using its D-Bus interface. A local attacker could use this
flaw to bypass security restrictions and view sensitive information by
reading arbitrary files.
為Rhythmbox加上EQ等化器外掛
2011/2/19 17:29:12 | 老森常譚
Rhythmbox,這支內建於ubuntu多年的音樂播放程式,是大家再熟悉不過的。數年前剛接觸ubuntu時,由於尚不習慣這類iTune風格的播放程式,因此找了仿WinAMP的Audacious來用。之後由於每半年都會重灌ubuntu,漸漸對於一再重複安裝部份軟體工具感到厭倦,才開始接觸內建的Rhythmbox。
仔細想想,其實聽對於音樂播放軟體的要求也不多,第一當然就是音質,其他大概就是playlist而已,所以好像也沒啥什麼好挑的。但提到音質,撇開硬體因素,播放軟體的equalizer就扮演著吃重的角色,equalizer當然不會真的讓音質變好或變差,但它可以讓我們依需求調整到想要的情境,也許有人喜歡高音多一點,有人喜歡低音重一點,僅需依個人喜好調整,而偏偏Rhythmbox竟然沒有包含EQ等化器的功能。印象中,兩年前有上網找是否有相關外掛,但似乎沒找著。
今天邊上網邊聽歌時,聽到一首歌很有感覺,心想如果能稍微調一下應該會更棒,於是又上網找是否有相關外掛,而這回找的結果截然不同,已有許多網友開發出相關外掛。以下就介紹在Google Code上的一個個專案—rbeq。
rbeq安裝方法很簡單,下載解壓縮後,將rhythmbox目錄複製到「家目錄」底下的「.gnome2」目錄裡頭,由於.gnome2為隱藏目錄,如果沒看到,按Ctrl + H即可顯示。複製好後,開啟Rhythmbox,到「編輯」-「外掛模組」可以找到「Rhythmbox Equalizer」,勾選後,即可在播放面板上方的「工具」-「Set Equalizer」中設定。
rbeq目前最新版為1.4,與前一版的最主要差異在於內建了很多組音場效果供你選擇。這邊推薦ballad這組設定,不僅提升了低音與高音部份,中音部份的音質也很柔和,讓整體音樂至少加了十分以上。當然,各種設定可能因硬體設備不同而效果不同,因此慢慢調出自己喜歡的數值,才是完美的設定。
2011.2.20更新:修正重開Rhythmbox無法記憶EQ設定值的問題
1.4版在選擇EQ設定後,重開Rhythmbox會發生設定值全部歸0的問題,在專案網頁上去年即有人回報此問題,而開發者也有進行修正,只是不知為何過了半年還是沒釋出改版,只能在Issues上看到一個大家都不會用的patch。
試了許久後,靈機一動,先看了一下patch的程式碼後,再去專案頁的Source比對一下,總算找到修正後的檔案:
1.到專案頁面後,依序找到「Source」-「Browse」。
2.接著在左方樹枝狀目錄依序找「svn」-「trunk」-「rhythmbox」-「plugins」-「rbeq」,並點擊右邊的equalizer.py。
3.進到equalizer.py內容頁後,點擊右邊的「View raw file」來下載此檔。
4.最後將此檔覆蓋原本的equalizer.py即可。
如果懶的找,可以在此篇文章下方的相關連結直接下載(迴紋針圖案)。另外此檔是針對1.4版的修正,未來如果有釋出新版,相信也已經一並解決此問題,就不需要重新用此檔覆蓋了。
【相關連結】
- rbeq – Project Hosting on Google Code
- Rhythmbox EQ | Corner of Seven
- Fix 1.4 remember last used preset:
為Rhythmbox加上EQ等化器外掛
2011/2/19 17:29:12 | 役言堂 - Ubuntu
Rhythmbox,這支內建於ubuntu多年的音樂播放程式,是大家再熟悉不過的。數年前剛接觸ubuntu時,由於尚不習慣這類iTune風格的播放程式,因此找了仿WinAMP的Audacious來用。之後由於每半年都會重灌ubuntu,漸漸對於一再重複安裝部份軟體工具感到厭倦,才開始接觸內建的Rhythmbox。(觀看全文...)
ThinkPad T410 on Debian squeeze
2011/2/18 6:49:00 | 凍仁的 Ubuntu 筆記
近來因為工作上的關係凍仁敗了人生中的第一台 ThinkPad - T410 (詳情請看此),也因工作得跑 Windows 的關係多花了 NT$ 2,000 買 Windows7 的 license,不過好在有 Ultrabay 系統可以把光碟機換成硬碟槽,這樣在工作之於玩 Linux 也不會影響到上班的環境。
下表為凍仁家小黑的作業系統配置,值得一提的是 sda 用的磁碟分割表(Partition Table) 為 GPT,sdb 則為 MBR,為了向下相容 WindowsXP 總得用些舊規。
下表為凍仁家小黑的作業系統配置,值得一提的是 sda 用的磁碟分割表(Partition Table) 為 GPT,sdb 則為 MBR,
| dev | Operating System |
| sda1 | Windows Seven 64bit |
| sdb1 | Windows XP 32bit |
| sdb3 | Debian squeeze 64bit |
| sdb6 | Ubuntu 64bit (未裝) |
Graphics
Type: nVIDIA NVS 3100m# 檢查核心版本。
jonny@squeeze:~$ uname -r
# 搜尋 NVIDIA 相關套件。
jonny@squeeze:~$ sudo aptitude search nvidia-kernel
# 安裝對應的 NVIDIA 版本以及相關套件 (紅字部份會因人而異)。
jonny@squeeze:~$ sudo aptitude install nvidia-kernel-2.6.32-5-amd64 nvidia-glx nvidia-settings nvidia-xconfig
# 手動掛載 NVIDIA 模組,最後都得重開,手不手動似乎都無所謂。
# jonny@squeeze:~$ sudo modprobe nvidia
# 建立 NVIDIA 專屬的 xorg.conf。
jonny@squeeze:~$ sudo nvidia-xconfig
# 重新開機 (須 Kernel 支援故得重新開機跟換 Kernel)。
jonny@squeeze:~$ sudo shutdown -r now
Wireless LAN
Type: Intel® WiFi Link 1000# 加入 non-free 套件來源參數。
¡jonny@squeeze:~$ sudo vi /etc/apt/sources.list
......
deb ftp://opensource.nchc.org.tw/debian/ squeeze main non-free contrib
deb http://security.debian.org/ squeeze/updates main non-free contrib
# 安裝非自由的 firmware。
jonny@squeeze:~$ sudo aptitude update; sudo aptitude install firmware-iwlwifi wireless-tools
# 手動掛載 iwlagn 模組,依無線網卡型號而定(詳情請看)。
jonny@squeeze:~$ sudo modprobe iwlagn
Battery
# 安裝 Sysfs 虛擬檔案系統
jonny@squeeze:~$ sudo aptitude install sysfsutils
# 設定電池充電的零界點。
jonny@squeeze:~$ sudo vi /etc/sysfs.conf
...
# 低於 50% 才充電。
devices/platform/smapi/BAT0/start_charge_thresh = 50
# 充到 100% 時停止充電。
devices/platform/smapi/BAT0/stop_charge_thresh = 100
HDAPS
# 安裝硬碟監控程式。
jonny@squeeze:~$ sudo aptitude install hdaps
# 手動掛載新模組。
jonny@squeeze:~$ sudo modprobe thinkpad-ec hdaps
# 啟動服務。
jonny@squeeze:~$ sudo /etc/init.d/hdapsd start
相關連結:
★ThinkPad Ultrabay slim SATA 第二顆硬碟轉接盒 / USB 轉接盒 - 桌機與筆記型電腦 - PALMisLIFE 掌上生活討論區
資料來源:
★鳥哥的 Linux 私房菜-新手討論區 • 檢視主題 - 請問 nvidia driver on debian testing版本~請教.thanks!
★Intel Wireless WiFi Link 4965, 5100, 5300, 5350, 5150, 1000, 6000, 6250 devices (iwlagn) - Debian Wiki
★HDAPS for Debian 5.0 (Lenny) on IBM R52
___ USN-1066-1: Django vulnerabilities
2011/2/18 1:41:07 | Ubuntu security notices
Referenced CVEs:
CVE-2011-0696, CVE-2011-0697
Description:
===========================================================
Ubuntu Security Notice USN-1066-1 February 17, 2011
python-django vulnerabilities
CVE-2011-0696, CVE-2011-0697
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
python-django 1.1.1-1ubuntu1.2
Ubuntu 10.04 LTS:
python-django 1.1.1-2ubuntu1.3
Ubuntu 10.10:
python-django 1.2.3-1ubuntu0.2.10.10.2
ATTENTION: This update introduces a small backwards-imcompatible change
to perform full CSRF validation on all requests. Prior to this update,
AJAX requests were excepted from CSRF protections. For more details, please
see http://docs.djangoproject.com/en/1.2/releases/1.2.5/.
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that Django did not properly validate HTTP requests that
contain an X-Requested-With header. An attacker could exploit this
vulnerability to perform cross-site request forgery (CSRF) attacks.
(CVE-2011-0696)
It was discovered that Django did not properly sanitize its input when
performing file uploads, resulting in cross-site scripting (XSS)
vulnerabilities. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a
remote attacker could exploit this to modify the contents, or steal
confidential data, within the same domain. (CVE-2011-0697)
USN-1067-1: Telepathy Gabble vulnerability
2011/2/18 1:34:59 | Ubuntu security notices
Description:
===========================================================
Ubuntu Security Notice USN-1067-1 February 17, 2011
telepathy-gabble vulnerability
https://launchpad.net/bugs/720201
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
telepathy-gabble 0.8.7-1ubuntu1.1
Ubuntu 10.04 LTS:
telepathy-gabble 0.8.12-0ubuntu1.1
Ubuntu 10.10:
telepathy-gabble 0.10.0-1ubuntu0.1
After a standard system update you need to restart your session to make all
the necessary changes.
Details follow:
It was discovered that Gabble did not verify the from field of google
jingleinfo updates. This could allow a remote attacker to perform man
in the middle attacks (MITM) on streamed media.
USN-1064-1: OpenSSL vulnerability
2011/2/16 4:53:25 | Ubuntu security notices
Referenced CVEs:
CVE-2011-0014
Description:
===========================================================
Ubuntu Security Notice USN-1064-1 February 15, 2011
openssl vulnerability
CVE-2011-0014
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
libssl0.9.8 0.9.8k-7ubuntu8.6
Ubuntu 10.10:
libssl0.9.8 0.9.8o-1ubuntu4.4
After a standard system update you need to reboot your computer to make
all the necessary changes.
Details follow:
Neel Mehta discovered that incorrectly formatted ClientHello handshake
messages could cause OpenSSL to parse past the end of the message.
This could allow a remote attacker to cause a crash and denial of
service by triggering invalid memory accesses.
USN-1065-1: shadow vulnerability
2011/2/16 4:49:46 | Ubuntu security notices
Referenced CVEs:
CVE-2011-0721
Description:
===========================================================
Ubuntu Security Notice USN-1065-1 February 15, 2011
shadow vulnerability
CVE-2011-0721
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
passwd 1:4.1.4.1-1ubuntu2.2
Ubuntu 10.04 LTS:
passwd 1:4.1.4.2-1ubuntu2.2
Ubuntu 10.10:
passwd 1:4.1.4.2-1ubuntu3.2
In general, a standard system update will make all the necessary changes.
Details follow:
Kees Cook discovered that some shadow utilities did not correctly validate
user input. A local attacker could exploit this flaw to inject newlines into
the /etc/passwd file. If the system was configured to use NIS, this could
lead to existing NIS groups or users gaining or losing access to the system,
resulting in a denial of service or unauthorized access.
USN-1062-1: Kerberos vulnerabilities
2011/2/15 8:59:48 | Ubuntu security notices
Referenced CVEs:
CVE-2010-4022, CVE-2011-0281, CVE-2011-0282
Description:
===========================================================
Ubuntu Security Notice USN-1062-1 February 15, 2011
krb5 vulnerabilities
CVE-2010-4022, CVE-2011-0281, CVE-2011-0282
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
krb5-kdc 1.6.dfsg.3~beta1-2ubuntu1.8
Ubuntu 9.10:
krb5-kdc 1.7dfsg~beta3-1ubuntu0.9
krb5-kdc-ldap 1.7dfsg~beta3-1ubuntu0.9
Ubuntu 10.04 LTS:
krb5-kdc 1.8.1+dfsg-2ubuntu0.6
krb5-kdc-ldap 1.8.1+dfsg-2ubuntu0.6
Ubuntu 10.10:
krb5-kdc 1.8.1+dfsg-5ubuntu0.4
krb5-kdc-ldap 1.8.1+dfsg-5ubuntu0.4
In general, a standard system update will make all the necessary changes.
Details follow:
Keiichi Mori discovered that the MIT krb5 KDC database propagation
daemon (kpropd) is vulnerable to a denial of service attack due
to improper logic when a worker child process exited because
of invalid network input. This could only occur when kpropd is
running in standalone mode; kpropd was not affected when running in
incremental propagation mode ("iprop") or as an inetd server. This
issue only affects Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu
10.10. (CVE-2010-4022)
Kevin Longfellow and others discovered that the MIT krb5 Key
Distribution Center (KDC) daemon is vulnerable to denial of service
attacks when using an LDAP back end due to improper handling of
network input. (CVE-2011-0281, CVE-2011-0282)