≡ Menu

apt-get command

VirtualBox is a virtual emulator like VMWare workstation. It has many of the features VMWare has, as well as some of its own.

I really like new Opensource VirtualBox from Sun. It is light on resources. Here is a quick tip - you can convert a VMware virtual machine to a VirtualBox machine using qemu-img utility.
[click to continue…]

Debian GNU/Linux 4.0 Update 6 Released

Didn't take long to release new updated version.

The Debian project is pleased to announce the sixth update of its stable distribution Debian GNU/Linux 4.0 (codename "etch"). This update mainly adds corrections for security problems to the stable release, along with a few adjustment to serious problems. This update has been rated as having important security impact. You are advised to upgrade system ASAP.
[click to continue…]

Security Alert: Streamripper buffer overflow bug

Multiple buffer overflows involving HTTP header and playlist parsing have been discovered in streamripper (CVE-2007-4337, CVE-2008-4829).

For the stable distribution (etch), these problems have been fixed in version 1.61.27-1+etch1.

For the unstable distribution (sid) and the testing distribution (lenny), these problems have been fixed in version 1.63.5-2.

How do I fix this bug and update package?

Simply type the following two commands:
# apt-get update
# apt-get upgrade

Debian Linux project released the OpenSSH security updates for computers powered by its Debian Linux operating systems. The Openssh package has remote unsafe signal handler DoS Vulnerability. It has been discovered that the signal handler implementing the login timeout in Debian's version of the OpenSSH server uses functions which are not async-signal-safe, leading to a denial of service vulnerability.

Systems affected by this issue suffer from lots of zombie sshd processes. Processes stuck with a "[net]" process title have also been observed. Over time, a sufficient number of processes may accumulate such that further login attempts are impossible. Presence of these processes does not indicate active exploitation of this vulnerability.

Package        : openssh
Vulnerability  : remote
Problem type   : unsafe signal handler
Debian-specific: no
CVE Id(s)      : CVE-2008-4109
Debian Bug     : 498678

How do I fix this problem?

Login as root and type the following commands to update the internal database, followed by corrected packages installation:
# apt-get update
# apt-get upgrade

shoes – A cross-platform Windowing Applikit

Shoes is a very informal graphics and windowing toolkit. It's for making regular old apps that run on Windows, Mac OS X and Linux. It's a blend of my favorite things from the Web, some Ruby style, and a sprinkling of cross-platform widgets. Shoes uses Ruby as its interface language.

It borrows a few things I like from the web:
=> Hyperlinks and URLs within Shoes and to the web.
=> Simple text layout -- though Shoes eschews floats.
=> Images and colors in the layout and in the background.
=> Margin and padding.
=> Resizable layouts.

How do I install shoes ?

First, get source code, enter:
$ cd /tmp
$ wget http://shoooes.net/dist/shoes-0.r925.tar.gz

Untar it:
$ tar -zxvf shoes-0.r925.tar.gz
$ cd shoes-0.r925
Now install required stuff under Debian / Ubuntu Linux:
$ sudo apt-get install libcairo2-dev libpixman-1-dev libpango1.0-dev libungif4-dev libjpeg62-dev libgtk2.0-dev vlc libvlc0-dev libsqlite3-dev libcurl4-openssl-dev ruby1.8-dev rake
If you are using RHEL / CentOS / Fedora Linux, enter:
# yum install giflib-devel cairo-devel libpixman-devel pango-devel libjpeg-devel gtk2-devel sqlite-devel vlc-devel libcurl-devel ruby-devel
Install it:
$ make
$ sudo make install

Sample output:

build options: shoes raisins (0.r925) [i486-linux]
CC       = cc
RUBY     = /usr
OPTIONS  =
installing executable file to /usr/local/bin
installing libraries to /usr/local/lib/shoes

See READM for for more information.

Hello World application

Sample hello.rb

 
Shoes.app {
  para strong("Hello, "), " world!"
}

OR

Shoes.app (:width => 200, :height => 50, :title => "Hi, Guest!") {
   para strong("Hello, "), " world!"
   @buttonQuit = button "Exit"
   @buttonQuit.click { exit() }
}

Run it as follows:
$ /usr/local/bin/shoes hello.rb
Another example:

Shoes.app {
  name = ask("Please, enter your name:")
  para "Hello, ", name
}

You can include images from web or create a simple links / urls:

 
Shoes.app (:title => "My App" ) {
  image "http://theos.in/wp-content/uploads/2008/06/honda-fcx-clarity-car-photo.jpg"
  para( link("Info").click{ alert ("The FCX Clarity, which runs on hydrogen and electricity, emits only water and none of the noxious fumes believed to induce global warming.") })
  para( link("Exit").click{ exit() } )
}

Sample output:

Loading images from the web

Fig.01: Loading images from the web

Sample applications

You can find sample application in /tmp/shoes-0.r925/samples/ directory. Here is animated clock program:

#
# Shoes Clock by Thomas Bell
# posted to the Shoes mailing list on 04 Dec 2007
#
Shoes.app :height => 260, :width => 250 do
  @radius, @centerx, @centery = 90, 126, 140
  animate(8) do
    @time = Time.now
    clear do
      draw_background
      stack do
        background black
        para @time.strftime("%a"),
          span(@time.strftime(" %b %d, %Y "), :stroke => "#ccc"),
          strong(@time.strftime("%I:%M"), :stroke => white),
          @time.strftime(".%S"), :align => "center", :stroke => "#666",
            :margin => 4
      end
      clock_hand @time.sec + (@time.usec * 0.000001),2,30,red
      clock_hand @time.min + (@time.sec / 60.0),5
      clock_hand @time.hour + (@time.min / 60.0),8,6
    end
  end
  def draw_background
    background rgb(230, 240, 200)
 
    fill white
    stroke black
    strokewidth 4
    oval @centerx - 102, @centery - 102, 204, 204
 
    fill black
    nostroke
    oval @centerx - 5, @centery - 5, 10, 10
 
    stroke black
    strokewidth 1
    line(@centerx, @centery - 102, @centerx, @centery - 95)
    line(@centerx - 102, @centery, @centerx - 95, @centery)
    line(@centerx + 95, @centery, @centerx + 102, @centery)
    line(@centerx, @centery + 95, @centerx, @centery + 102)
  end
  def clock_hand(time, sw, unit=30, color=black)
    radius_local = unit == 30 ? @radius : @radius - 15
    _x = radius_local * Math.sin( time * Math::PI / unit )
    _y = radius_local * Math.cos( time * Math::PI / unit )
    stroke color
    strokewidth sw
    line(@centerx, @centery, @centerx + _x, @centery - _y)
  end
end
Fig. 02: Animated clock

Fig. 02: Animated clock

Shoes manual

The manual can be launched by typing the following command
$ shoes -m

Further readings:

Red Hat has shipped a new version of its dnsmasq caching software to plug source UDP port bug. This could have made DNS spoofing attacks (CVE-2008-1447) easier. Dnsmasq is lightweight ultra fast dns cache server forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network.

This update has been rated as having moderate security impact, to upgrade your software, type the following command:
# yum update

This software only available under RHEL 5 / CentOS Linux 5.x. If you are using Debian / Ubuntu Linux, enter:
# apt-get update
# apt-get upgrade

Security Alert: BIND9 DNS Cache Poisoning Bug

An unpatched security hole in BIND 9 package could be used by attackers to poison your DNS cache. Attacker to take control of all hosted domains and can can lead to misdirected web traffic and email rerouting.

This update changes Debian's BIND 9 packages to implement the recommended countermeasure: UDP query source port randomization. This change increases the size of the space from which an attacker has to guess values in a backwards-compatible fashion and makes successful attacks significantly more difficult.

Details

  • Package : bind9
  • Vulnerability : DNS cache poisoning
  • Problem type : remote
  • Debian-specific: no
  • CVE Id(s) : CVE-2008-1447
  • CERT advisory : VU#800113

How do I fix BIND9 bug under Debian Linux?

Install the BIND 9 upgrade, using following commands, enter:
# apt-get update
# apt-get install bind9

Sample output:

Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
  libdns22 libisc11 libisccc0 libisccfg1
Suggested packages:
  bind9-doc
The following packages will be upgraded:
  bind9 libdns22 libisc11 libisccc0 libisccfg1
5 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.
Need to get 1267kB of archives.
After unpacking 4096B disk space will be freed.
Do you want to continue [Y/n]? y
Get:1 http://security.debian.org stable/updates/main bind9 1:9.3.4-2etch3 [319kB]
Get:2 http://security.debian.org stable/updates/main libisc11 1:9.3.4-2etch3 [188kB]
Get:3 http://security.debian.org stable/updates/main libisccc0 1:9.3.4-2etch3 [96.7kB]
Get:4 http://security.debian.org stable/updates/main libisccfg1 1:9.3.4-2etch3 [111kB]
Get:5 http://security.debian.org stable/updates/main libdns22 1:9.3.4-2etch3 [552kB]
Fetched 1267kB in 1s (724kB/s)
Reading changelogs... Done
(Reading database ... 27244 files and directories currently installed.)
Preparing to replace bind9 1:9.3.4-2etch1 (using .../bind9_1%3a9.3.4-2etch3_amd64.deb) ...
Stopping domain name service...: bind.
Unpacking replacement bind9 ...
Preparing to replace libisc11 1:9.3.4-2etch1 (using .../libisc11_1%3a9.3.4-2etch3_amd64.deb) ...
Unpacking replacement libisc11 ...
Preparing to replace libisccc0 1:9.3.4-2etch1 (using .../libisccc0_1%3a9.3.4-2etch3_amd64.deb) ...
Unpacking replacement libisccc0 ...
Preparing to replace libisccfg1 1:9.3.4-2etch1 (using .../libisccfg1_1%3a9.3.4-2etch3_amd64.deb) ...
Unpacking replacement libisccfg1 ...
Preparing to replace libdns22 1:9.3.4-2etch1 (using .../libdns22_1%3a9.3.4-2etch3_amd64.deb) ...
Unpacking replacement libdns22 ...
Setting up libisc11 (9.3.4-2etch3) ...
Setting up libdns22 (9.3.4-2etch3) ...
Setting up libisccc0 (9.3.4-2etch3) ...
Setting up libisccfg1 (9.3.4-2etch3) ...
Setting up bind9 (9.3.4-2etch3) ...
Configuration file `/etc/bind/db.root'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : background this process to examine the situation
 The default action is to keep your current version.
*** db.root (Y/I/N/O/D/Z) [default=N] ? y
Installing new version of config file /etc/bind/db.root ...
Starting domain name service...: bind.

Also, verify that source port randomization is active. Check that the /var/log/daemon.log file does not contain messages of the following form:

 named[6106]: /etc/bind/named.conf.options:28: using specific
    query-source port suppresses port randomization and can be insecure.

If you see message replace replace the port numbers contained within them with "*" sign (e.g.,
replace "port 53" with "port *") in /etc/bind/named.conf.option file.

How do I fix this issue under Red Hat Linux / RHEL ?

Simply type the command, enter:
# yum update

RIP: BIND 8 under Debian 4.x

Debian team also posted BIND 8 deprecation notice. From the announcement:

The BIND 8 legacy code base could not be updated to include the recommended countermeasure (source port randomization, see DSA-1603-1 for details). There are two ways to deal with this situation:

1. Upgrade to BIND 9 (or another implementation with source port randomization). The documentation included with BIND 9 contains a migration guide.

2. Configure the BIND 8 resolver to forward queries to a BIND 9 resolver. Provided that the network between both resolvers is trusted, this protects the BIND 8 resolver from cache poisoning attacks (to the same degree that the BIND 9 resolver is protected).

This problem does not apply to BIND 8 when used exclusively as an authoritative DNS server. It is theoretically possible to safely use BIND 8 in this way, but updating to BIND 9 is strongly recommended.
BIND 8 (that is, the bind package) will be removed from the etch distribution in a future point release.