Long ago I started one thread about making security updates effective, so...
On Mon, Sep 01, 2014 at 08:48:25PM +0200, Thijs Kinkhorst wrote:
> My questions to this list:
> - Do people agree that this would be something that's good to have in a
> default installation? Are there drawbacks?
Well,
On Thu, May 15, 2008 at 09:52:10AM +0200, Vladislav Kurz wrote:
> It would be also helpful to print the line as dokuwd.pl does.
> Is there any repository with newer versions of ssh-vulnkey or dokuwd.pl ?
Try the Ubuntu version which contains a fixed ssh-vulnkey (
http://www.ubuntu.com/usn/usn-612-
Hello,
packages.debian.org perhaps is the right place to read package
changelogs online, but security update changelogs seem to be missing.
Where are they?
An example:
http://packages.debian.org/stable/net/links2
links to non-existing
http://packages.debian.org/changelogs/pool/main/l/links2/link
On Mon, Nov 27, 2006 at 03:52:40PM -0500, Morgan Walker wrote:
> There is also a package called cron-apt which will automatically update
> your debian machines and send you an email regarding what it updated.
And upgraded, if you really trust your package sources:
$ cat /etc/cron-apt/action.d/9-d
On Mon, Sep 04, 2006 at 07:39:16PM +0200, Thorsten Schifferdecker wrote:
> you wrote there's a sec-update of apache, but on security.debian.org
> no update apache debs where found.
Try again a few times. It's on some of the security.debian.org hosts,
and propably replicating to all of them.
-Mik
On Sat, Sep 02, 2006 at 10:37:04AM +0200, Rolf Kutz wrote:
> * Quoting Mikko Rapeli ([EMAIL PROTECTED]):
> > I think it is relevant: should the effectiveness actions in general
> > be based on the host where the update was applied through lsof, package
> > dependencies p
On Fri, Sep 01, 2006 at 06:56:17PM -0400, Michael Stone wrote:
> On Sat, Sep 02, 2006 at 12:28:17AM +0300, Mikko Rapeli wrote:
> >- can a process running vulnerable code be exploited to not show the
> > shared libraries and other non-shared libraries and files it had opened
>
On Thu, Aug 31, 2006 at 07:23:27PM -0300, Henrique de Moraes Holschuh wrote:
> Indeed. lsof +L1 is currently useless for detecting unlinked libraries.
>
> I've been using lsof | grep "path inode" to detect them for a while now.
> Still, I hope the older, saner lsof +L1 behaviour can be restored s
On Tue, Aug 29, 2006 at 10:54:45PM +0200, Moritz Muehlenhoff wrote:
> Mikko Rapeli wrote:
> > Could Debian security advisories help a bit, since the people making the
> > packaging changes propably know how to make the changes effective on a
> > running installation too?
>
Files on the file system are updated by the apt[itude] and dpkg. But
then what?
Most server packages restart the services after upgrades. Most library
and desktop application packages don't.
Should the local adm take a look at each upgrade and manually check which
files changed on the Debian ins
On Tue, Jun 27, 2006 at 06:16:43PM +0200, Moritz Muehlenhoff wrote:
> Mikko Rapeli wrote:
> >> http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha
> >>/kernel-headers-2.6.8-2_2.6.8-16sarge1_alpha.deb
> >^ ^^
On Tue, Jun 27, 2006 at 07:00:01AM +0200, Moritz Muehlenhoff wrote:
> Upgrade Instructions
> -
>
> wget url
> will fetch the file for you
> dpkg -i file.deb
> will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
On Thu, Jun 15, 2006 at 02:06:24PM -0400, Joey Hess wrote:
> Mikko Rapeli wrote:
> > Why isn't kernel-image-2.[4, 6]-[386, 686...] installed by the
> > installer, since it is required for kernel security support?
>
> We didn't think to do that until too late for sar
On Thu, Jun 15, 2006 at 01:18:12PM +0200, Willi Mann wrote:
> The kernel ABI changed, so the change was needed. Install the
> kernel-image-2.4-686 (or whatever you need) package.
>
> http://wiki.debian.org/DebianKernelABIChanges
Ok, I'll ask the dumb question which has been on my mind for too lo
14 matches
Mail list logo
