paul
-
Content Count
5598 -
Joined
-
Last visited
-
Days Won
6
Posts posted by paul
-
-
I have my own servers around the world.
On one of them I run an svn server, which I use to "check in" important docs
no encryption tho'
-
-
Unfortunately, my life is extremely boring so I can't set a good example...
I hear y'man !!!
boring ! :(
although I did register my first NZ company this month .. not ready to go live yet, but working on it every day
-
use a non-standard port, forward/tunnel a few ports, etc... and you discover it's a pain to do from the command line unless you write a script for it.
PuTTY works great but I think it's windows only?
mkdir ~/.ssh
add configs into a file called ~/.ssh/config
example:
Host colosus.18londonst.co.nz User paulw Port 4755 Host donk User paul Port 4755 Host oink User root Port 4755 Host home.loudas.com User root Port 4755
then
ssh donk
uses the user and custom port by default
-
A vulnerability has been found and corrected in opensc:
Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13
and earlier allow physically proximate attackers to execute arbitrary
code via a long serial-number field on a smart card, related to
(1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c
(CVE-2010-4523).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
Multiple vulnerabilities has been found and corrected in xfig:
Stack-based buffer overflow in the read_1_3_textobject function in
f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject
function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier,
allows remote attackers to execute arbitrary code via a long string
in a malformed .fig file that uses the 1.3 file format. NOTE:
some of these details are obtained from third party information
(CVE-2009-4227).
Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier
allows remote attackers to cause a denial of service (application
crash) via a long string in a malformed .fig file that uses the 1.3
file format, possibly related to the readfp_fig function in f_read.c
(CVE-2009-4228).
Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a FIG image with a crafted color definition
(CVE-2010-4262).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
-
A vulnerability has been found and corrected in gif2png:
Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier
might allow context-dependent attackers to execute arbitrary code
via a long command-line argument, as demonstrated by a CGI program
that launches gif2png (CVE-2009-5018).
Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow
context-dependent attackers to cause a denial of service (application
crash) or have unspecified other impact via a GIF file that contains
many images, leading to long extensions such as .p100 for PNG output
files, as demonstrated by a CGI program that launches gif2png,
a different vulnerability than CVE-2009-5018 (CVE-2010-4694).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
-
A vulnerability has been found and corrected in perl-CGI:
Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote
attackers to inject arbitrary HTTP headers and conduct HTTP response
splitting attacks via unknown vectors. NOTE: this issue exists
because of an incomplete fix for CVE-2010-2761 (CVE-2010-4411).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been upgraded to the latest version (3.51)
which is not affected by this issue and in turn also brings many
bugfixes.
-
A vulnerability has been found and corrected in wireshark:
Buffer overflow in the MAC-LTE dissector
(epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13
and 1.4.0 through 1.4.2 allows remote attackers to cause a denial
of service (crash) and possibly execute arbitrary code via a large
number of RARs (CVE-2011-0444).
The updated packages have been upgraded to the latest version (1.2.14)
which is not affected by this issue.
-
Multiple vulnerabilities has been found and corrected in subversion:
The walk function in repos.c in the mod_dav_svn module for the Apache
HTTP Server, as distributed in Apache Subversion before 1.6.15,
allows remote authenticated users to cause a denial of service (NULL
pointer dereference and daemon crash) via vectors that trigger the
walking of SVNParentPath collections (CVE-2010-4539).
Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15
allow remote authenticated users to cause a denial of service (memory
consumption and daemon crash) via the -g option to the blame command
(CVE-2010-4644).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been upgraded to the latest versions (1.5.9,
1.6.15) which is not affected by these issues and in turn contains
many bugfixes as well.
-
The previous advisory MDVA-2011:000 updated openoffice.org to 3.2.1
but didn't include a rebuilt openoffice.org-voikko, thus preventing
installation of the update when the openoffice.org Finnish language
package is installed.
This advisory fixes the issue by providing the missing packages.
-
Multiple vulnerabilities has been found and corrected in evince:
Array index error in the PK and VF font parser in the dvi-backend
component in Evince 2.32 and earlier allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted font in conjunction with a DVI file that
is processed by the thumbnailer (CVE-2010-2640, CVE-2010-2641).
Heap-based buffer overflow in the AFM font parser in the dvi-backend
component in Evince 2.32 and earlier allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted font in conjunction with a DVI file that
is processed by the thumbnailer (CVE-2010-2642).
Integer overflow in the TFM font parser in the dvi-backend component in
Evince 2.32 and earlier allows remote attackers to execute arbitrary
code via a crafted font in conjunction with a DVI file that is
processed by the thumbnailer (CVE-2010-2643).
The updated packages have been patched to correct these issues.
-
A vulnerability has been found and corrected in php-phar:
Multiple format string vulnerabilities in the phar extension in PHP
5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive
information (memory contents) and possibly execute arbitrary code
via a crafted phar:// URI that is not properly handled by the (1)
phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or
(4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5)
phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers
errors in the php_stream_wrapper_log_error function (CVE-2010-2094).
The updated packages have been upgraded to the latest version (2.0.0)
and patched to correct this issue.
-
Multiple vulnerabilities has been found and corrected in MHonArc:
MHonArc 2.6.16 allows remote attackers to cause a denial of service
(CPU consumption) via start tags that are placed within other start
tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence,
a different vulnerability than CVE-2010-4524 (CVE-2010-1677).
Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in
MHonArc 2.6.16 allows remote attackers to inject arbitrary web script
or HTML via a malformed start tag and end tag for a SCRIPT element,
as demonstrated by <scr<body>ipt> and </scr<body>ipt> sequences
(CVE-2010-4524).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been upgraded to the latest version (2.6.18)
which is not vulnerable to these issues.
-
A vulnerability has been found and corrected in wireshark:
Buffer overflow in epan/dissectors/packet-enttec.c in Wireshark 1.4.2
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted ENTTEC DMX
packet with Run Length Encoding (RLE) compression (CVE-2010-4538).
The updated packages have been patched to correct this issue.
-
A null pointer dereference due to receiving a short packet for a direct
connection in the MSN code could potentially cause a denial of service.
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
This update provides pidgin 2.7.8 that has been patched to address
this flaw.
-
A vulnerability has been found and corrected in dhcp:
ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover
partnerships, allows remote attackers to cause a denial of service
(communications-interrupted state and DHCP client service loss)
by connecting to a port that is only intended for a failover peer,
as demonstrated by a Nagios check_tcp process check to TCP port 520
(CVE-2010-3616).
The updated packages have been patched to correct this issue.
-
Multiple vulnerabilities has been found and corrected in phpmyadmin:
error.php in PhpMyAdmin 3.3.8.1 and earlier allows remote attackers
to conduct cross-site scripting (XSS) attacks via a crafted BBcode
tag containing @ characters, as demonstrated using [a@url@page]
(CVE-2010-4480).
phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass
authentication and obtain sensitive information via a direct request
to phpinfo.php, which calls the phpinfo function (CVE-2010-4481).
This upgrade provides the latest phpmyadmin version for MES5 (3.3.9)
and patches the version for CS4 to address these vulnerabilities.
-
This is a bugfix and maintenance advisory that upgrades OpenOffice.org
to the 3.2.1 version. Additionally a couple of Mandriva reported bugs
has been fixed as described as follows:
Openoffice.org status bar items got hidden whenever using
openoffice.org-kde4 package integration.
Viewing OpenOffice.org documents inside Firefox under 64bits 2010.1
version was not possible.
Additionally OpenOffice.org 3.2.1 requires saxon9 that is also provided
with this advisory.
-
A bug in the integration with CUPS causes programs that rely on
xulrunner(Firefox, Thunderbird) to crash when trying to print (#61009).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
-
Security issues were identified and fixed in mozilla-thunderbird:
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird
before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do
not properly validate downloadable fonts before use within an operating
system's font implementation, which allows remote attackers to execute
arbitrary code via vectors related to @font-face Cascading Style Sheets
(CSS) rules (CVE-2010-3768).
The line-breaking implementation in Mozilla Firefox before 3.5.16 and
3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7,
and SeaMonkey before 2.0.11 on Windows does not properly handle long
strings, which allows remote attackers to execute arbitrary code
via a crafted document.write call that triggers a buffer over-read
(CVE-2010-3769).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before
3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow
remote attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors (CVE-2010-3776).
Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13
and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause
a denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors (CVE-2010-3777).
Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16,
Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows
remote attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors (CVE-2010-3778).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
-
This update provides a visual refresh for packages artwork to mark
the Mandriva 2010.2 release.
-
A vulnerability was discovered and corrected in git (gitweb):
A cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and
previous versions allows remote attackers to inject arbitrary web
script or HTML code via f and fp variables (CVE-2010-3906).
The updated packages have been patched to correct this issue.
-
A vulnerability was discovered and corrected in php-intl:
Integer overflow in the NumberFormatter::getSymbol (aka
numfmt_get_symbol) function in PHP 5.3.3 and earlier allows
context-dependent attackers to cause a denial of service (application
crash) via an invalid argument (CVE-2010-4409).
The updated packages have been upgraded to php-intl-1.1.2 and patched
to correct this issue.
What can I do with a netbook? [solved]
in Laptops and Portable Devices
Posted · Report reply
I doubt a dev environment would work very well, but as a mobile device they work a treat