Shell history

emgent | Developement | Friday, April 11th, 2008

emgent@emanuele-gentili:~$ history|awk ‘{a[$2]++ } END{for(i in a){print a[i] ” ” i}}’ |sort -rn|head
108 ls
97 vim
97 cd
27 sudo
20 bzr
18 rm
16 git
11 python
10 quilt
9 wget

Security Corner 0.3: lighttpd Denial of Service

emgent | Security | Monday, April 7th, 2008

Affected by security bug quite significant, lighttpd is still be vulnerable to Ubuntu repositories.

Lighttpd 1.4.19 and earlier allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.

Vulnerable Version:

  • Hardy (upgraded)
  • Gutsy
  • Feisty
  • Edgy

CVE

Debdiffs:

Upgrade by .deb packages:

 

Upgrade by Repository:

  • Gutsy
deb http://ppa.launchpad.net/emgent/ubuntu gutsy main
deb-src http://ppa.launchpad.net/emgent/ubuntu gutsy main

apt-get update

apt-get upgrade

 

  •  Feisty
deb http://ppa.launchpad.net/emgent/ubuntu feisty main
deb-src http://ppa.launchpad.net/emgent/ubuntu feisty main

 apt-get update

 apt-get upgrade

 

  • Edgy
deb http://ppa.launchpad.net/emgent/ubuntu edgy main
deb-src http://ppa.launchpad.net/emgent/ubuntu edgy main

 apt-get update

 apt-get upgrade

Horde3 security patch preview

emgent | Security | Thursday, March 27th, 2008

Affected by security bug quite significant, horde3 is still be vulnerable to Ubuntu repositories.

Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain
configurations, allows remote authenticated users to read and execute arbitrary files via “..” sequences and a null byte in the theme name.
Fix directory traversal vulnerability in Registry.php which allows an attacker to read and execute arbitrary local files via crafted
path sequences.

Vulnerable Version:

  • Hardy (upgraded)
  • Gutsy
  • Feisty
  • Edgy
  • Dapper

CVE

Debdiffs:

Upgrade by .deb packages:

Upgrade by Repository:

  • Gutsy
deb http://ppa.launchpad.net/emgent/ubuntu gutsy main
deb-src http://ppa.launchpad.net/emgent/ubuntu gutsy main

 apt-get update

apt-get upgrade

 

  •  Feisty
deb http://ppa.launchpad.net/emgent/ubuntu feisty main
deb-src http://ppa.launchpad.net/emgent/ubuntu feisty main

 apt-get update

 apt-get upgrade

 

  • Edgy
deb http://ppa.launchpad.net/emgent/ubuntu edgy main
deb-src http://ppa.launchpad.net/emgent/ubuntu edgy main

 apt-get update

 apt-get upgrade

 

  • Dapper
deb http://ppa.launchpad.net/emgent/ubuntu dapper main
deb-src http://ppa.launchpad.net/emgent/ubuntu dapper main

 apt-get update

 apt-get upgrade

lighttpd security patch preview

emgent | Security | Tuesday, March 11th, 2008

Affected by security bug quite significant, lighttpd is still be vulnerable to Ubuntu repositories.

mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.

Hence a preview of the bug and my relative debdiff that will be placed in a circle in the mirror:

lighttpd

Vulnerable Version:

  • Hardy
  • Gutsy
  • Feisty
  • Edgy
  • Dapper

CVE

Debdiff Relatives:

VLC security patch preview

emgent | Security | Tuesday, March 11th, 2008

Affected by security bug quite significant, VLC is still be vulnerable to Ubuntu repositories.

Hence a preview of the bug and my relative debdiff that will be placed in a circle in the mirror:

VLC

Vulnerable Version:

  • Hardy
  • Gutsy
  • Feisty
  • Edgy
  • Dapper

CVE

Debdiff Relatives:

hello world.

emgent | Life | Thursday, February 28th, 2008

This is the first post in my ENGRISH blog :P

Perchè questo sito usa Freesoftware?