星球
USN-1063-1: QEMU vulnerability
2011/2/15 3:26:53 | Ubuntu security notices
Referenced CVEs:
CVE-2011-0011
Description:
===========================================================
Ubuntu Security Notice USN-1063-1 February 14, 2011
qemu-kvm vulnerability
CVE-2011-0011
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
kvm 0.11.0-0ubuntu6.4
qemu 0.11.0-0ubuntu6.4
qemu-arm-static 0.11.0-0ubuntu6.4
qemu-kvm 0.11.0-0ubuntu6.4
qemu-kvm-extras 0.11.0-0ubuntu6.4
Ubuntu 10.04 LTS:
kvm 0.12.3+noroms-0ubuntu9.4
qemu 0.12.3+noroms-0ubuntu9.4
qemu-arm-static 0.12.3+noroms-0ubuntu9.4
qemu-common 0.12.3+noroms-0ubuntu9.4
qemu-kvm 0.12.3+noroms-0ubuntu9.4
qemu-kvm-extras 0.12.3+noroms-0ubuntu9.4
qemu-kvm-extras-static 0.12.3+noroms-0ubuntu9.4
Ubuntu 10.10:
kvm 0.12.5+noroms-0ubuntu7.2
qemu 0.12.5+noroms-0ubuntu7.2
qemu-arm-static 0.12.5+noroms-0ubuntu7.2
qemu-kvm 0.12.5+noroms-0ubuntu7.2
qemu-kvm-extras 0.12.5+noroms-0ubuntu7.2
qemu-kvm-extras-static 0.12.5+noroms-0ubuntu7.2
After a standard system update you need to restart any running QEMU sessions
to make all the necessary changes.
Details follow:
Neil Wilson discovered that if VNC passwords were blank in QEMU
configurations, access to VNC sessions was allowed without a password
instead of being disabled. A remote attacker could connect to running
VNC sessions of QEMU and directly control the system. By default, QEMU
does not start VNC sessions.
刪除Ubuntu自帶的Firefox搜尋引擎(二)
2011/2/14 22:24:00 | 手把手玩Ubuntu
在前篇所說的刪除多的搜尋引擎,我有點說錯,應該是每次更新 Firefox 預設都會重新加入。現在有比較好的方式,利用 crontab 排程工作,一段時間自動檢查那個目錄是否存在,存在就自動刪除。
1、FireFox 3 及 FireFox 4 路徑不一樣請選擇適合的,兩個都有裝就兩個都加。輸入指令編輯 crontab。
sudo gedit...
請按標題讀更多:)
1、FireFox 3 及 FireFox 4 路徑不一樣請選擇適合的,兩個都有裝就兩個都加。輸入指令編輯 crontab。
sudo gedit...
請按標題讀更多:)
USN-1061-1: iTALC vulnerability
2011/2/11 9:27:02 | Ubuntu security notices
Referenced CVEs:
CVE-2011-0724
Description:
===========================================================
Ubuntu Security Notice USN-1061-1 February 11, 2011
italc vulnerability
CVE-2011-0724
===========================================================
A security issue affects the following Edubuntu releases:
Edubuntu 9.10
Edubuntu 10.04 LTS
Edubuntu 10.10
This advisory does not apply to the corresponding versions of
Ubuntu, Kubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Edubuntu 9.10:
italc-client 1:1.0.9.1-0ubuntu16.1
Edubuntu 10.04 LTS:
italc-client 1:1.0.9.1-0ubuntu18.10.04.1
Edubuntu 10.10:
italc-client 1:1.0.9.1-0ubuntu18.10.10.1
After a standard system update, if you had originally installed from
the Edubuntu Live DVD and the bad keys were found, you will need to
redistribute the newly generated public keys to your iTALC clients and
restart each session. For more details, see:
https://wiki.ubuntu.com/iTalc/Keys
Details follow:
Stéphane Graber discovered that the iTALC private keys shipped with the
Edubuntu Live DVD were not correctly regenerated once Edubuntu was
installed. If an iTALC client was installed with the vulnerable keys, a
remote attacker could gain control of the system. Only systems using keys
from the Edubuntu Live DVD were affected.
USN-1060-1: Exim vulnerabilities
2011/2/10 23:55:19 | Ubuntu security notices
Referenced CVEs:
CVE-2010-2023, CVE-2010-2024, CVE-2010-4345, CVE-2011-0017
Description:
===========================================================
Ubuntu Security Notice USN-1060-1 February 10, 2011
exim4 vulnerabilities
CVE-2010-2023, CVE-2010-2024, CVE-2010-4345, CVE-2011-0017
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
exim4-daemon-custom 4.60-3ubuntu3.3
exim4-daemon-heavy 4.60-3ubuntu3.3
exim4-daemon-light 4.60-3ubuntu3.3
Ubuntu 8.04 LTS:
exim4-daemon-custom 4.69-2ubuntu0.3
exim4-daemon-heavy 4.69-2ubuntu0.3
exim4-daemon-light 4.69-2ubuntu0.3
Ubuntu 9.10:
exim4-daemon-custom 4.69-11ubuntu4.2
exim4-daemon-heavy 4.69-11ubuntu4.2
exim4-daemon-light 4.69-11ubuntu4.2
Ubuntu 10.04 LTS:
exim4-daemon-custom 4.71-3ubuntu1.1
exim4-daemon-heavy 4.71-3ubuntu1.1
exim4-daemon-light 4.71-3ubuntu1.1
Ubuntu 10.10:
exim4-daemon-custom 4.72-1ubuntu1.1
exim4-daemon-heavy 4.72-1ubuntu1.1
exim4-daemon-light 4.72-1ubuntu1.1
In general, a standard system update will make all the necessary changes.
ATTENTION: This security update brings changes to Exim's behaviour. Please
review the following information carefully, as your Exim configuration may
need to be adjusted after applying this update.
Exim no longer runs alternate configuration files specified with the -C
option as root. The new /etc/exim4/trusted_configs file can be used to
override this new behaviour. Files listed in trusted_configs and owned by
root will be run with root privileges when using the -C option.
In addition, Exim no longer runs as root when the -D option is used. Macro
definitions that require root privileges should now be placed in trusted
configuration files.
Please see the /usr/share/doc/exim4-*/NEWS.Debian file for detailed
information.
Details follow:
It was discovered that Exim contained a design flaw in the way it processed
alternate configuration files. An attacker that obtained privileges of the
"Debian-exim" user could use an alternate configuration file to obtain
root privileges. (CVE-2010-4345)
It was discovered that Exim incorrectly handled certain return values when
handling logging. A local attacker could use this flaw to obtain root
privileges. (CVE-2011-0017)
Dan Rosenberg discovered that Exim incorrectly handled writable sticky-bit
mail directories. If Exim were configured in this manner, a local user
could use this flaw to cause a denial of service or possibly gain
privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10,
and 10.04 LTS. (CVE-2010-2023)
Dan Rosenberg discovered that Exim incorrectly handled MBX locking. If
Exim were configured in this manner, a local user could use this flaw to
cause a denial of service or possibly gain privileges. This issue only
applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS. (CVE-2010-2024)
初音HMO黏土人開箱+停格動畫製作練習
2011/2/10 11:31:00 | 魔法設計的藝術
這個玩偶過年前就有看到網路上的介紹,實在是太可愛了,而且又全身可動,所以就入手囉。網路上已經有很多圖文並茂的開箱文了,那我就做個不一樣的,請她自己出來....秀一下:)第一次試著做停格動畫好累XD,我用兩個軟體作成,先用Luciole這個停格動畫軟體做一些片段,然後再用kdenlive軟體加配音軌、加字幕、剪輯,然後音樂是自己以前老作品-一隻大KB這兩個軟體在Ubuntu Studio10.04LTS的套件庫都有,我也試過了stopmotion軟體,但是stopmotion匯出時,會崩潰,然後該軟體已經在2008年停止發展了,介面上是比較好用,實在很想去trace原碼問題在哪,不然好可惜。
USN-1059-1: Dovecot vulnerabilities
2011/2/8 2:00:35 | Ubuntu security notices
Referenced CVEs:
CVE-2010-3304, CVE-2010-3706, CVE-2010-3707, CVE-2010-3779, CVE-2010-3780
Description:
===========================================================
Ubuntu Security Notice USN-1059-1 February 07, 2011
dovecot vulnerabilities
CVE-2010-3304, CVE-2010-3706, CVE-2010-3707, CVE-2010-3779,
CVE-2010-3780
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
dovecot-common 1:1.2.9-1ubuntu6.3
Ubuntu 10.10:
dovecot-common 1:1.2.12-1ubuntu8.1
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that the ACL plugin in Dovecot would incorrectly
propagate ACLs to new mailboxes. A remote authenticated user could possibly
read new mailboxes that were created with the wrong ACL. (CVE-2010-3304)
It was discovered that the ACL plugin in Dovecot would incorrectly merge
ACLs in certain circumstances. A remote authenticated user could possibly
bypass intended access restrictions and gain access to mailboxes.
(CVE-2010-3706, CVE-2010-3707)
It was discovered that the ACL plugin in Dovecot would incorrectly grant
the admin permission to owners of certain mailboxes. A remote authenticated
user could possibly bypass intended access restrictions and gain access to
mailboxes. (CVE-2010-3779)
It was discovered that Dovecot incorrecly handled the simultaneous
disconnect of a large number of sessions. A remote authenticated user could
use this flaw to cause Dovecot to crash, resulting in a denial of service.
(CVE-2010-3780)
FentISS : 專注於嵌入式系統虛擬化技術的新創公司
2011/2/7 23:26:00 | Jserv's blog
在介紹 [FentISS] 這間年輕的公司前,來看看歷史背景。 2006 年筆者在 [SA-RTL : Stand-Alone RTLinux] 一文提及「在 source tree 中還包含了XtratuM 架構的支援,其中 XtratuM 是相當特別的 nano-kernel / pico-kernel,SA-RTL 與其組合可帶來相當的 virtualization 彈性與效能,並且也可避開 FSMLabs 的 patent。」,當時對應的 [XtratuM] 是 0.3 版,由西班牙的 València 大學 (校名為 "Universitat Politècnica de València",簡稱 UPV) 的研究人員開發。2006 年十月,[XtratuM] 重新改寫,版本號定為...
破除 Realtime GNU/Linux 的迷思
2011/2/5 23:57:00 | Jserv's blog
原文標題: Getting real (time) about embedded GNU/Linux 原文作者: Robert Berger 寫作日期: July 20, 2010 繁體中文翻譯:黃敬群 (Jim Huang) <jserv@0xlab.org> 譯註:本文翻譯自 [Getting real (time) about embedded GNU/Linux] 一文,標題是典型的美式幽默,"Get real" 一詞有「醒醒吧」之意,而銜接其後的 "time",則恰好為本文主軸 Realtime Linux 之意。作者為文立意是縱觀分析 GNU/Linux 系統現有 Realtime 的實做方案,從而破除一些迷思,譯者在翻譯過程中,也補充一些資訊及看法。 何謂 Real-time? "Real-time" [譯註:常見的中文翻譯為「即時」(台灣)...
USN-1058-1: PostgreSQL vulnerability
2011/2/4 6:26:18 | Ubuntu security notices
Referenced CVEs:
CVE-2010-4015
Description:
===========================================================
Ubuntu Security Notice USN-1058-1 February 03, 2011
postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerability
CVE-2010-4015
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
postgresql-contrib-8.1 8.1.23-0ubuntu0.6.06.1
Ubuntu 8.04 LTS:
postgresql-contrib-8.3 8.3.14-0ubuntu8.04
Ubuntu 9.10:
postgresql-contrib-8.4 8.4.7-0ubuntu0.9.10
Ubuntu 10.04 LTS:
postgresql-contrib-8.4 8.4.7-0ubuntu0.10.04
Ubuntu 10.10:
postgresql-contrib-8.4 8.4.7-0ubuntu0.10.10
In general, a standard system update will make all the necessary changes.
Details follow:
Geoff Keating reported that a buffer overflow exists in the intarray
module's input function for the query_int type. This could allow an
attacker to cause a denial of service or possibly execute arbitrary
code as the postgres user.
USN-1057-1: Linux kernel vulnerabilities
2011/2/4 3:23:16 | Ubuntu security notices
Referenced CVEs:
CVE-2010-2943, CVE-2010-3297, CVE-2010-4072
Description:
===========================================================
Ubuntu Security Notice USN-1057-1 February 03, 2011
linux-source-2.6.15 vulnerabilities
CVE-2010-2943, CVE-2010-3297, CVE-2010-4072
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
linux-image-2.6.15-55-386 2.6.15-55.91
linux-image-2.6.15-55-686 2.6.15-55.91
linux-image-2.6.15-55-amd64-generic 2.6.15-55.91
linux-image-2.6.15-55-amd64-k8 2.6.15-55.91
linux-image-2.6.15-55-amd64-server 2.6.15-55.91
linux-image-2.6.15-55-amd64-xeon 2.6.15-55.91
linux-image-2.6.15-55-hppa32 2.6.15-55.91
linux-image-2.6.15-55-hppa32-smp 2.6.15-55.91
linux-image-2.6.15-55-hppa64 2.6.15-55.91
linux-image-2.6.15-55-hppa64-smp 2.6.15-55.91
linux-image-2.6.15-55-itanium 2.6.15-55.91
linux-image-2.6.15-55-itanium-smp 2.6.15-55.91
linux-image-2.6.15-55-k7 2.6.15-55.91
linux-image-2.6.15-55-mckinley 2.6.15-55.91
linux-image-2.6.15-55-mckinley-smp 2.6.15-55.91
linux-image-2.6.15-55-powerpc 2.6.15-55.91
linux-image-2.6.15-55-powerpc-smp 2.6.15-55.91
linux-image-2.6.15-55-powerpc64-smp 2.6.15-55.91
linux-image-2.6.15-55-server 2.6.15-55.91
linux-image-2.6.15-55-server-bigiron 2.6.15-55.91
linux-image-2.6.15-55-sparc64 2.6.15-55.91
linux-image-2.6.15-55-sparc64-smp 2.6.15-55.91
After a standard system update you need to reboot your computer to make
all the necessary changes.
Details follow:
Dave Chinner discovered that the XFS filesystem did not correctly order
inode lookups when exported by NFS. A remote attacker could exploit this to
read or write disk blocks that had changed file assignment or had become
unlinked, leading to a loss of privacy. (CVE-2010-2943)
Dan Rosenberg discovered that several network ioctls did not clear kernel
memory correctly. A local user could exploit this to read kernel stack
memory, leading to a loss of privacy. (CVE-2010-3297)
Kees Cook and Vasiliy Kulikov discovered that the shm interface did not
clear kernel memory correctly. A local attacker could exploit this to read
kernel stack memory, leading to a loss of privacy. (CVE-2010-4072)