Security update for Debian Testing - 2010-07-30
This automatic mail gives an overview over security issues that were recently fixed in Debian Testing. The majority of fixed packages migrate to testing from unstable. If this would take too long, fixed packages are uploaded to the testing-security repository instead. It can also happen that vulnerable packages are removed from Debian testing. Removed from testing: = The following issues have been fixed by removing the (source) packages from testing. This probably means that you have to manually uninstall the corresponding binary packages to fix the issues. It can also mean that the packages have been replaced, or that they have been temporarily removed by the release team to make transitions from unstable easier. hsolink: CVE-2010-1671: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1671 http://bugs.debian.org/590670 How to update: -- Make sure the line deb http://security.debian.org squeeze/updates main contrib non-free is present in your /etc/apt/sources.list. Of course, you also need the line pointing to your normal squeeze mirror. You can use aptitude update aptitude dist-upgrade to install the updates. More information: - More information about which security issues affect Debian can be found in the security tracker: http://security-tracker.debian.org/tracker/ A list of all known unfixed security issues is at http://security-tracker.debian.org/tracker/status/release/testing -- To UNSUBSCRIBE, email to debian-testing-security-announce-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1oedcj-0005w3...@soler.debian.org
scans in my hosts. (Debian 5.0 and Apache 2.2.9)
Estimated: I am taking these scans in my hosts. (Debian 5.0 and Apache 2.2.9) This has been repeating since a weeks. Know what can be? What can I do to eliminate? Thanks. Marcelo Olcese. ### Logwatch 7.3.6+cvs20080702-debian (07/02/08) Processing Initiated: Thu Jul 29 06:25:15 2010 Date Range Processed: yesterday ( 2010-Jul-28 ) Period is day. Detail Level of Output: 0 Type of Output/Format: mail / text Logfiles for Host: ancal4 ## - httpd Begin Requests with error response codes 401 Unauthorized /htm/oculto/frame9.htm: 3 Time(s) /phpmyadmin/scripts/setup.php: 1 Time(s) 404 Not Found /PMA/scripts/setup.php: 1 Time(s) /PMA2005/scripts/setup.php: 1 Time(s) /_vti_bin/_vti_aut/author.dll: 1 Time(s) /admin/mysql/scripts/setup.php: 1 Time(s) /admin/phpmyadmin/scripts/setup.php: 1 Time(s) /admin/pma/scripts/setup.php: 1 Time(s) /admin/scripts/setup.php: 1 Time(s) /db/scripts/setup.php: 1 Time(s) /dbadmin/scripts/setup.php: 1 Time(s) /favicon.ico: 14 Time(s) /myadmin/scripts/setup.php: 1 Time(s) /mysql-admin/scripts/setup.php: 1 Time(s) /mysql/scripts/setup.php: 1 Time(s) /mysqladmin/scripts/setup.php: 1 Time(s) /mysqlmanager/scripts/setup.php: 1 Time(s) /nosuichfile.php: 1 Time(s) /noxdir/nosuichfile.php: 1 Time(s) /p/m/a/scripts/setup.php: 1 Time(s) /pHpMy/scripts/setup.php: 1 Time(s) /pHpMyAdMiN/scripts/setup.php: 1 Time(s) /php-my-admin/scripts/setup.php: 1 Time(s) /php-myadmin/scripts/setup.php: 1 Time(s) /phpMyA/scripts/setup.php: 1 Time(s) /phpMyAdmi/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.10.0/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.11.1/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.11.10/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.11.2/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.11.3/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.11.4/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.11.5/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.11.6/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.11.7/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.11.8/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.11.9/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.2.3/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.2.6/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.3.0/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.3.1/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.3.2/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.3.3/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.3.4/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.3.5/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.3.6/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.3.7/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.3.8/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.3.9/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.4.0/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.4.1/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.4.2/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.4.3/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.4.4/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.4.5/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.4.6/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.4.7/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.4.8/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.4.9/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.5.0/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.5.1/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.5.2/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.5.3/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.5.4/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.5.5-pl1/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.5.5-rc1/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.5.5-rc2/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.5.5/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.5.6-rc1/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.5.6-rc2/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.5.6/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.5.7-pl1/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.5.7/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.5.8/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.5.9/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.6.0-alpha/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.6.0-alpha2/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.6.0-beta1/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.6.0-beta2/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.6.0-pl1/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.6.0-pl2/scripts/setup.php: 1 Time(s) /phpMyAdmin-2.6.0-pl3/scripts/setup.php: 1 Time(s)
Re: scans in my hosts. (Debian 5.0 and Apache 2.2.9)
Op 29 jul 2010, om 16:34 heeft OLCESE, Marcelo Oscar. het volgende geschreven: Estimated: I am taking these scans in my hosts. (Debian 5.0 and Apache 2.2.9) This has been repeating since a weeks. Know what can be? What can I do to eliminate? Thanks. Marcelo Olcese. Someone is scanning your system for vulnerable PHPMyAdmin installations, and other possibly vulnerable stuff. As long as you watch your PHPMyAdmin installations if you have any and make sure nobody can abuse them, nothing's wrong. Try, for example, requiring http authentication to access the directories, or turning off your webserver if you didn't need it anyway. Sjors smime.p7s Description: S/MIME cryptographic signature
Re: scans in my hosts. (Debian 5.0 and Apache 2.2.9)
If your phpMyAdmin installations are safe and protected and you wish to remove these from your log files for vanity reasons, please see this guide with a cool fail2ban config that should help you: http://foosel.org/blog/2008/04/banning_phpmyadmin_bots_using_fail2ban Ash. On Thu, Jul 29, 2010 at 3:49 PM, Sjors Gielen mailingl...@dazjorz.comwrote: Op 29 jul 2010, om 16:34 heeft OLCESE, Marcelo Oscar. het volgende geschreven: Estimated: I am taking these scans in my hosts. (Debian 5.0 and Apache 2.2.9) This has been repeating since a weeks. Know what can be? What can I do to eliminate? Thanks. Marcelo Olcese. Someone is scanning your system for vulnerable PHPMyAdmin installations, and other possibly vulnerable stuff. As long as you watch your PHPMyAdmin installations if you have any and make sure nobody can abuse them, nothing's wrong. Try, for example, requiring http authentication to access the directories, or turning off your webserver if you didn't need it anyway. Sjors
Re: scans in my hosts. (Debian 5.0 and Apache 2.2.9)
On 7/29/10 11:43 AM, Ashley Taylor wrote: If your phpMyAdmin installations are safe and protected and you wish to remove these from your log files for vanity reasons, please see this guide with a cool fail2ban config that should help you: http://foosel.org/blog/2008/04/banning_phpmyadmin_bots_using_fail2ban Ash. On Thu, Jul 29, 2010 at 3:49 PM, Sjors Gielenmailingl...@dazjorz.comwrote: Op 29 jul 2010, om 16:34 heeft OLCESE, Marcelo Oscar. het volgende geschreven: Estimated: I am taking these scans in my hosts. (Debian 5.0 and Apache 2.2.9) This has been repeating since a weeks. Know what can be? What can I do to eliminate? Thanks. Marcelo Olcese. Someone is scanning your system for vulnerable PHPMyAdmin installations, and other possibly vulnerable stuff. As long as you watch your PHPMyAdmin installations if you have any and make sure nobody can abuse them, nothing's wrong. Try, for example, requiring http authentication to access the directories, or turning off your webserver if you didn't need it anyway. Sjors There was a recent influx of attacks on some hosts who were using outdated versions [some by almost 4 revisions ~ one host I know of is using a version of PHPMyAdmin with about 20 CVE's against it that I confirmed myself ~ they have yet to push their security experts to update this as an emergency or close the loop by creating a prompted login ~ some who were very high end hosts] and they were open so a lot of people might see this happening more and more. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c51b444.7060...@envygeeks.com
Re: scans in my hosts. (Debian 5.0 and Apache 2.2.9)
Op 29 jul 2010, om 16:34 heeft OLCESE, Marcelo Oscar. het volgende geschreven: Estimated: I am taking these scans in my hosts. (Debian 5.0 and Apache 2.2.9) This has been repeating since a weeks. Know what can be? What can I do to eliminate? Thanks. Marcelo Olcese. Someone is scanning your system for vulnerable PHPMyAdmin installations, and other possibly vulnerable stuff. As long as you watch your PHPMyAdmin installations if you have any and make sure nobody can abuse them, nothing's wrong. Try, for example, requiring http authentication to access the directories, or turning off your webserver if you didn't need it anyway. Sjors smime.p7s Description: S/MIME cryptographic signature