Re: [SECURITY] [DSA 2563-1] viewvc security update

2012-10-23 Thread Jon Dowland 
Hi,

This DSA was signed with key 0x401DAC04, which is not in any debian-keyring
package I can find, nor on pgp.mit.edu. Is this a mistake? Thanks!


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20121023204811.GJ25000@debian

Re: security issues with apache!

2006-03-07 Thread Jon Dowland 
At 1141730613, Petter Senften wrote:
 Recently I've noticed that my Apache-installation gets
 violated and that an intruder somehow manages to put stuff
 in /tmp and /var/tmp.  Then it makes Apache execute these.

Do you have mod_cgi installed and activated? If you are not
using it, disable it.

If the trouble-maker is executing things via PHP scripts,
you can stop them by disabling the exec and related
functions in PHP. The following line in /etc/php.ini would
do it for example:

disable_functions = system, exec, shell_exec, passthru, popen, pcntl_exec, 
openlog 

Alternatively turning on safe mode does this, I believe.

-- 
Jon Dowland
http://alcopop.org/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: [SECURITY] [DSA 871-1] New libgda2 packages fix arbitrary code execution

2005-10-25 Thread Jon Dowland 
On Tue, Oct 25, 2005 at 05:23:19PM +0200, Martin Schulze wrote:
 Package: libgda2
   ^^^
snip
 http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2.dsc
 ^
Sorry to be a pest :(

-- 
Jon Dowland


signature.asc
Description: Digital signature