Re: Checking for services to be restarted on a default Debian installation
On mar., 2014-09-02 at 00:11 +0300, Mikko Rapeli wrote: As a workaround I, and hopefully most users, know about debian-goodies and checkrestart, and figure out on their own if a reboot is necessary. It's quite certain that about nobody know about debian-goodies or checkrestart. Regards, -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: Checking for services to be restarted on a default Debian installation
Hi, Le 02/09/2014 04:05, Yves-Alexis Perez a écrit : It's quite certain that about nobody know about debian-goodies or checkrestart. The Securing Debian Manual recommends it, so hopefully you’re wrong. https://www.debian.org/doc/manuals/securing-debian-howto/ch4#s-lib-security-update Regards David signature.asc Description: OpenPGP digital signature
Re: Checking for services to be restarted on a default Debian installation
On Tue, Sep 02 2014, David Prévot taf...@debian.org wrote: Le 02/09/2014 04:05, Yves-Alexis Perez a écrit : It's quite certain that about nobody know about debian-goodies or checkrestart. The Securing Debian Manual recommends it, so hopefully you’re wrong. https://www.debian.org/doc/manuals/securing-debian-howto/ch4#s-lib-security-update I agree that certainly most people do not know about it. And it's almost certain that most casual users do not. I'm a long time Debian user and I didn't know about it. I think the original point raised in this thread is a good one. There should be a more unified and automated way for the system to know that restart are needed in order for security fixes take affect. Admins should have to manually run obscure scripts to check things like that. jamie. pgpnj2ZVXVKH_.pgp Description: PGP signature
Re: Checking for services to be restarted on a default Debian installation
On 02/09/2014 18:04, Jameson Graef Rollins wrote: On Tue, Sep 02 2014, David Prévot taf...@debian.org wrote: Admins should have to manually run obscure scripts to check things like that. s/should have/should not have/ -- Jack. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54060130.1010...@jackpot.uk.net
Re: Checking for services to be restarted on a default Debian installation
On Tue, Sep 02 2014, Jack j...@jackpot.uk.net wrote: On 02/09/2014 18:04, Jameson Graef Rollins wrote: On Tue, Sep 02 2014, David Prévot taf...@debian.org wrote: Admins should have to manually run obscure scripts to check things like that. s/should have/should not have/ Yes, thank you for the correction. I definitely meant that they should *not* have to manually run obscure scripts... jamie. pgpuBgJ8m4yyu.pgp Description: PGP signature
Re: Checking for services to be restarted on a default Debian installation
The needrestart package from jessie with package defaults appears to run automatically and suggest, but not automatically perform, necessary service restarts. On 09/02/2014 11:56 AM, Jameson Graef Rollins wrote: On Tue, Sep 02 2014, Jack j...@jackpot.uk.net wrote: On 02/09/2014 18:04, Jameson Graef Rollins wrote: On Tue, Sep 02 2014, David Prévot taf...@debian.org wrote: Admins should have to manually run obscure scripts to check things like that. s/should have/should not have/ Yes, thank you for the correction. I definitely meant that they should *not* have to manually run obscure scripts... jamie. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54061965.7090...@comcast.net
Re: [SECURITY] [DSA 3017-1] php-cas security update
On Sep 2, 2014 12:47 PM, Thijs Kinkhorst th...@debian.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3017-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst September 2, 2014 http://www.debian.org/security/faq - - Package: php-cas CVE ID : CVE-2014-4172 Debian Bug : 759718 Marvin S. Addison discovered that Jasig phpCAS, a PHP library for the CAS authentication protocol, did not encode tickets before adding them to an URL, creating a possibility for cross site scripting. For the stable distribution (wheezy), this problem has been fixed in version 1.3.1-4+deb7u1. The unstable distribution (sid) will be fixed soon. We recommend that you upgrade your php-cas packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJUBfLYAAoJEFb2GnlAHawEPTQIAJqk7ssQH8+kRu82vo+nQn+k bXL8oVfaFOszBtuxyi3b2pfIkcysMJK8ynpHTpJZKziO7ECxzBArhhv+i71vkNBm 3UmDgMY9Gg17YV3Si0UP+barEG7HstNHWvCXKtDmQxlRR46b0Bt4DO5yx6naSZ+S Ka9TagRcQmMT3t4jtRvAUW6Qe5nyve/uhuOkW0NJU/hJFDlJ0UgYxknwwpaJ7wFQ ha/mKW7eFWMPHezeUDC5agdl3hdmn00bYPwMOQytSaL1Ydt6Qmhou3V9RZL1BopF de3voyjGfOEHimtOCKNnmR7uc230Dvwq1nsCyqMHxAwilupYnEh9srG52S72KUM= =S625 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140902164014.4cd825a...@kinkhorst.com
Re: Checking for services to be restarted on a default Debian installation
On Tue, Sep 02 2014, Tom Dial tdd...@comcast.net wrote: The needrestart package from jessie with package defaults appears to run automatically and suggest, but not automatically perform, necessary service restarts. This package is Priority: optional, and therefore not installed by default. What about just making it important or required? jamie. pgprQZW4xsnGy.pgp Description: PGP signature
External check
CVE-2013-2597: RESERVED -- The output might be a bit terse, but the above ids are known elsewhere, check the references in the tracker. The second part indicates the status of that id in the tracker at the moment the script was run. -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54056730.b+0eu6ykek1yygav%atomo64+st...@gmail.com