Re: 10.04 LTS kernel security problem?
On 13/05/11 12:08, ubuntu-au@lists.ubuntu.com wrote: ... so in summary, if my 10.04 is up-to-date according to the Update Manager, then I can do online-banking etc as confidently with 10.04 as with any other currently supported version of Ubuntu, whatever the kernel number is, correct? Hi Dave, As a general rule, yes. I haven't been using a software firewall in Ubuntu before now. Apart from whatever role my modem/router plays in that regard, should I be installing and running a firewall from the Ubuntu repositories? If so, what should I use? I think 10.04 and later came with the ufw firewall enabled by default, but don't quote me on that. I use Shoreline Firewall, a.k.a. shorewall [1]. It strikes a great balance between ease of use and maximum customisation, IMO. But i've been using it for 10 years or so, so my knowledge of other firewalls is very limited. Shorewall's documentation is awesome - you can learn a lot about Linux networking and even networking in general, by reading through it in detail. How do Ubuntu users filter email through antivirus? Is there a widely used and recommended program in the Ubuntu repositories? I run my own mail server and it uses amavisd-new, spamassassin, and clamav to filter messages. Clamav is the part that does the virus scanning. I used the howto at [2], for what it's worth. If you don't run or want to run your own mail server, it will be pretty much irrelevant. Also, it's a little old now - some parts may have changed. I haven't been using a software firewall or an antivirus program since Ubuntu became the OS I use 95% of the time... It's definitely less necessary, but "defence in depth" is a good practice as far as i'm concerned, and i prefer not to be the low-hanging fruit for the bad guys. ;-) Regards, Paul [1] http://shorewall.net/ [2] http://www.fatofthelan.com/technical/how-to-install-postfix-dovecot-amavis-clamav-and-spamassassin-etch/ <>-- ubuntu-au mailing list ubuntu-au@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-au
Re: 10.04 LTS kernel security problem?
On Fri, 13 May 2011 06:08 +1000, "Paul Gear" wrote: On 12/05/11 14:07, Ian Fleming wrote: ... For Ubuntu linux-image-2.6.35-25-generic + covers what is mentioned in the article. Local exploit - meaning the attacker would need physical access to the machine. And there is not much to stop that... Encryption maybe? A quick note about reading security notices: Generally when a security notice says that it has a local exploit, it does not mean that it requires physical access to the machine. It means that the exploit must originate from code running on the system itself. This is as opposed to a remote exploit, which can originate from another system, often by sending a specially crafted network packet, or putting data into a network stream that the receiving system does not sanitise appropriately. An example of a local exploit would be privilege escalation, where a program exploits a kernel flaw to raise it from ordinary user status to root status. Examples of remote exploits are buffer overruns, cross-site scripting vulnerabilities, etc. (I'm sure Wikipedia will have useful general summaries of these concepts if you care to search.) To answer the original poster's question: with nearly all vulnerabilities, the main thing ordinary end users can do that directly affects their system's security is keeping up-to-date with security patches (through update manager in the case of Ubuntu). Other general security best practices which are helpful in various instances are: * using good (long) passwords * running a firewall * filtering email through antivirus * using web filtering proxies which block known malware sites * having a good network design which limits access to only the required resources (both inbound & outbound) Regards, Paul * Thanks folks, so in summary, if my 10.04 is up-to-date according to the Update Manager, then I can do online-banking etc as confidently with 10.04 as with any other currently supported version of Ubuntu, whatever the kernel number is, correct? I haven't been using a software firewall in Ubuntu before now. Apart from whatever role my modem/router plays in that regard, should I be installing and running a firewall from the Ubuntu repositories? If so, what should I use? How do Ubuntu users filter email through antivirus? Is there a widely used and recommended program in the Ubuntu repositories? I haven't been using a software firewall or an antivirus program since Ubuntu became the OS I use 95% of the time... Thanks very much, Dave -- ubuntu-au mailing list ubuntu-au@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-au Email had 1 attachment: * paul.vcf 1k (text/x-vcard) -- ubuntu-au mailing list ubuntu-au@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-au
Re: 10.04 LTS kernel security problem?
On 12/05/11 14:07, Ian Fleming wrote: ... For Ubuntu linux-image-2.6.35-25-generic + covers what is mentioned in the article. Local exploit - meaning the attacker would need physical access to the machine. And there is not much to stop that... Encryption maybe? A quick note about reading security notices: Generally when a security notice says that it has a local exploit, it does not mean that it requires physical access to the machine. It means that the exploit must originate from code running on the system itself. This is as opposed to a remote exploit, which can originate from another system, often by sending a specially crafted network packet, or putting data into a network stream that the receiving system does not sanitise appropriately. An example of a local exploit would be privilege escalation, where a program exploits a kernel flaw to raise it from ordinary user status to root status. Examples of remote exploits are buffer overruns, cross-site scripting vulnerabilities, etc. (I'm sure Wikipedia will have useful general summaries of these concepts if you care to search.) To answer the original poster's question: with nearly all vulnerabilities, the main thing ordinary end users can do that directly affects their system's security is keeping up-to-date with security patches (through update manager in the case of Ubuntu). Other general security best practices which are helpful in various instances are: using good (long) passwords running a firewall filtering email through antivirus using web filtering proxies which block known malware sites having a good network design which limits access to only the required resources (both inbound & outbound) Regards, Paul <>-- ubuntu-au mailing list ubuntu-au@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-au
Re: 10.04 LTS kernel security problem?
A security guard might be more appropriate. If an intruder is standing in front of the machine, then it could be game over. DOS is as simple as pulling a plug, power or network will do. Or pick up the machine and walk out the door. Key loggers? It is easy to get caught up the electronic attacks when the physical attack could be more devastating, at least short term. Regards George On May 12, 2011 2:08 PM, "Ian Fleming" wrote: > On Thursday, May 12, 2011 12:40:48 AM Ian Fleming wrote: >> On Wednesday, May 11, 2011 11:11:38 PM David wrote: >> > Hi folks, >> > >> > I clean-installed 10.04 LTS two days ago. In a computer mag I read >> > something about Ubuntu (or Linux kernel) vulnerabilities for 10.04 being >> > discovered recently. I may be remembering it wrong, but I thought the >> > mag said that if you had kernel 2.6.35.25 then you are in the clear. >> > >> > When my 10.04 boots it shows the number as 'Linux 2.6.32.31-generic'. >> > >> > Straight after installing I had let Update Manager get the OS up to >> > date. Am I in the clear, as far as these alleged vulnerabilities go? Or >> > is there something else I have to do to 'get a newer kernel'? >> > >> > Thanks in advance, >> > >> > Dave >> >> hi Dave... >> >> Know security issues will be patched asap and that includes LTS releases. >> >> Ubuntu adds its own patches to the vanilla kernel and so maintains its own >> kernel to a certain extent. >> >> A list of known vulnerabilities for Ubuntu release can be found here: >> http://www.ubuntu.com/usn/lucid/ >> >> Its hard to answer your question without more information re the issue. >> >> There is a good chance that Ubuntu has a patch/update for it even though >> the kernel version is lower than others. > > For Ubuntu linux-image-2.6.35-25-generic + covers what is mentioned in the > article. > > Local exploit - meaning the attacker would need physical access to the > machine. > > And there is not much to stop that... Encryption maybe? > > =) > > -- > ubuntu-au mailing list > ubuntu-au@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-au -- ubuntu-au mailing list ubuntu-au@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-au
Re: 10.04 LTS kernel security problem?
On Thursday, May 12, 2011 12:40:48 AM Ian Fleming wrote: > On Wednesday, May 11, 2011 11:11:38 PM David wrote: > > Hi folks, > > > > I clean-installed 10.04 LTS two days ago. In a computer mag I read > > something about Ubuntu (or Linux kernel) vulnerabilities for 10.04 being > > discovered recently. I may be remembering it wrong, but I thought the > > mag said that if you had kernel 2.6.35.25 then you are in the clear. > > > > When my 10.04 boots it shows the number as 'Linux 2.6.32.31-generic'. > > > > Straight after installing I had let Update Manager get the OS up to > > date. Am I in the clear, as far as these alleged vulnerabilities go? Or > > is there something else I have to do to 'get a newer kernel'? > > > > Thanks in advance, > > > > Dave > > hi Dave... > > Know security issues will be patched asap and that includes LTS releases. > > Ubuntu adds its own patches to the vanilla kernel and so maintains its own > kernel to a certain extent. > > A list of known vulnerabilities for Ubuntu release can be found here: > http://www.ubuntu.com/usn/lucid/ > > Its hard to answer your question without more information re the issue. > > There is a good chance that Ubuntu has a patch/update for it even though > the kernel version is lower than others. For Ubuntu linux-image-2.6.35-25-generic + covers what is mentioned in the article. Local exploit - meaning the attacker would need physical access to the machine. And there is not much to stop that... Encryption maybe? =) -- ubuntu-au mailing list ubuntu-au@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-au
Re: 10.04 LTS kernel security problem? - detail
On Thu, 12 May 2011 00:40 +1000, "Ian Fleming" wrote: > On Wednesday, May 11, 2011 11:11:38 PM David wrote: > > Hi folks, > > > > I clean-installed 10.04 LTS two days ago. In a computer mag I read > > something about Ubuntu (or Linux kernel) vulnerabilities for 10.04 being > > discovered recently. I may be remembering it wrong, but I thought the > > mag said that if you had kernel 2.6.35.25 then you are in the clear. > > > > When my 10.04 boots it shows the number as 'Linux 2.6.32.31-generic'. > > > > Straight after installing I had let Update Manager get the OS up to > > date. Am I in the clear, as far as these alleged vulnerabilities go? Or > > is there something else I have to do to 'get a newer kernel'? > > > > Thanks in advance, > > > > Dave > > hi Dave... > > Know security issues will be patched asap and that includes LTS releases. > > Ubuntu adds its own patches to the vanilla kernel and so maintains its > own > kernel to a certain extent. > > A list of known vulnerabilities for Ubuntu release can be found here: > http://www.ubuntu.com/usn/lucid/ > > Its hard to answer your question without more information re the issue. > > There is a good chance that Ubuntu has a patch/update for it even though > the > kernel version is lower than others. Thanks, I read this: http://www.zdnet.com/blog/open-source/ubuntu-security-holes-found-holes-fixed/8402?tag=mantle_skin;content It lists further down the page the types of vulnerability in 10.04. (Further down there are reader comments about "spin and zealotry"!) Dave -- ubuntu-au mailing list ubuntu-au@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-au
Re: 10.04 LTS kernel security problem?
On Wednesday, May 11, 2011 11:11:38 PM David wrote: > Hi folks, > > I clean-installed 10.04 LTS two days ago. In a computer mag I read > something about Ubuntu (or Linux kernel) vulnerabilities for 10.04 being > discovered recently. I may be remembering it wrong, but I thought the > mag said that if you had kernel 2.6.35.25 then you are in the clear. > > When my 10.04 boots it shows the number as 'Linux 2.6.32.31-generic'. > > Straight after installing I had let Update Manager get the OS up to > date. Am I in the clear, as far as these alleged vulnerabilities go? Or > is there something else I have to do to 'get a newer kernel'? > > Thanks in advance, > > Dave hi Dave... Know security issues will be patched asap and that includes LTS releases. Ubuntu adds its own patches to the vanilla kernel and so maintains its own kernel to a certain extent. A list of known vulnerabilities for Ubuntu release can be found here: http://www.ubuntu.com/usn/lucid/ Its hard to answer your question without more information re the issue. There is a good chance that Ubuntu has a patch/update for it even though the kernel version is lower than others. -- ubuntu-au mailing list ubuntu-au@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-au
Re: 10.04 LTS kernel security problem?
On Wed, May 11, 2011 at 11:11 PM, David wrote: > Hi folks, > > I clean-installed 10.04 LTS two days ago. In a computer mag I read > something about Ubuntu (or Linux kernel) vulnerabilities for 10.04 being > discovered recently. I may be remembering it wrong, but I thought the > mag said that if you had kernel 2.6.35.25 then you are in the clear. > > When my 10.04 boots it shows the number as 'Linux 2.6.32.31-generic'. > > Straight after installing I had let Update Manager get the OS up to > date. Am I in the clear, as far as these alleged vulnerabilities go? Or > is there something else I have to do to 'get a newer kernel'? > I don't know the specifics of the vulnerability you mention, however, if you updated it, and keep it updated, it's good to go, you don't need to do anything else. The kernel version might stay the same, but the fix would have been applied to it. Desktops usually update automatically, or at least prompt you to update. Servers you need to do a little extra work to get them to update automatically. -- ubuntu-au mailing list ubuntu-au@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-au