Ceci n'est pas une pipe

This time the vulnerability reported by the Debian Security Advisory Team is to those who have to run the shelter - it must be said - even the most sysadmin easy!

As rarely happens, this time the problem is specific Linux distributions, even if it is an indirect consequence of the bug is not Debian-specific discovered a few days ago in OpenSSH. To put it simply, all the host and user keys generated for each SSH connection from the `openssh` Buggiano are completely unreliable, because their generation did not take place following a randomization algorithm valid and are therefore easily predictable. "

For people wise, attached at the bottom of this post the release of DSA.

Solving the problem is child's play. Just run:

apt-get dist-upgrade

and confirm the prompt that play below:

Here, finally, the Debian Security Advisory DSA-1576-1. Happy reading!

Sun has finally decided to open all the Java code, but it all, even those portions which held up to the completely inaccessible to the community. The open source version of Java development framework is called OpenJDK and its use will be completely regulated by the GPL.

A moment still write off most of the libraries for encryption, graphics, audio and SNMP management. It is not just something, but the team Sun is working to complete the job. The main consequence will be the release of Java in all distributions of GNU / Linux, now opposed because of previous license of the Java Community Process, incompatible with the GPL.

The objectives of Sun are the same as all the major software houses that have recently converted to open philosophy: to capture the largest possible number of open source developers, thus countering the advance of other language runtime. A battle which is certainly good to the community and the philosophy that governs.

Today I was presented a small problem: after you add a network printer HP Color LaserJet 2840 to a LAN I configured the client because print to that printer using the protocol CUPS printing. On the client runs Debian GNU / Linux firewall-protected iptable. Although the printer was identified, was unable to start printing a document without first disable the firewall.

Analysis and resolution of the problem required only a few minutes! After a begun on `` tail / var / log / messages I launched a test print:

#tail -f /var/log/messages
I immediately obtained a video log these lines generated by iptable:

Mar 18 12:34:53 localhost kernel: DROPPED IN= OUT=eth2 src=192.168.1.112 DST=192.168.1.138 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1700 DPT=161 LEN=58
Mar 18 12:34:53 localhost Officejet_6300_series?ip=192.168.1.138: INFO: open device failed; will retry in 30 seconds...

In other words, the exchange of packets on UDP port 161 was blocked (in nerdese: dropped) from the firewall. It is enough to add a firewall rule to allow for the transit of UDP packets on that door to solve the problem.

This morning I read a post describing an apparent vulnerability of Linux systems. This is actually a sequence of characters that - if launched from the command line - generates an infinite loop, resulting in block CPU and RAM saturation. It is not a deficiency of Linux, but an obvious logical error of those who run the string to bash on any operating system that is equipped. The author of the post suggests, however, the most simple and effective way to alleviate the effects of microscopic but dangerous script.

Perhaps this article may be useful to dampen some 'apologetic tones that you decant the stainless GNU / Linux operating system: there is a sequence of characters that few, if you typed in the terminal, send the entire system tilt. Read the rest '