<br /> Debian Planet – News for Debian. Stuff that *really* matters.

Welcome to Debian Planet

News for Debian. Stuff that *really* matters


Debian Planet is hosted by Bluelinux Internet Services Ltd. Offering a special discounted rate for Free and Open Source software community members.

Buy your Debian merchandise at DebianShop.com.

These are important Debian sites one should not be without!

  • Official Debian site
  • Package search
  • Mailing list archives
  • Bug reports
  • Debian on CD
  • Debian Weekly News — excellent news source!
  • Unofficial APT sources

  • Developers’ Corner
  • Community
    Need help? You’re not alone on this planet.

  • Planet Debian
  • debianHELP
    (User support site)

  • Debian Administration
    (SysAdmin resources)

  • Debian International
  • DebianForum.de

  • DebianForum.dk

  • EsDebian

  • DebianWorld

  • Debian-Fr

  • MaximumDebian

  • DebianItalia
  • DebianUsers

  • Debian-BR

  • DebianHOWTO

  • Russian Debian (Русский)
  • Debian-JP
  • Debian Suisse
  • Contribute
    Got that latest or greatest scoop? Perhaps you have some important news for the Debian community? Submit a news item!

    Or perhaps you’ve written a rather ground breaking insight into some aspect of Debian and you feel compelled to share it with others? Knock up a longer editorial article and send it to the editors.

    General feedback should be sent to staff@debianplanet.org

    The place to get help on a Debian problem (after reading docs) or to just chat and chill is #debian on irc.oftc.net.

    Many of the Debian Planet staff live there so pop by and say hello.

    Debian Planet also has its own channel on the same network called #debianplanet.


    Security Report on Compromise Released
    Submitted by robster on Tuesday, December 09, 2003 – 11:49
    SecurityMartin Schulze has posted a report of the investigation into the server compromises. Services are starting to be resumed and things are starting to return to normal. James Troup has posted an update on the progression of the recovery. Many people have worked extremely hard on the resolution of this problem, which is an indicator that Debian is full of highly dedicated and motivated people.
    Category: News 0 comments

    Exploit Used Against Debian Found
    Submitted by JoeBuck on Monday, December 01, 2003 – 22:29
    SecurityThe hole that was used to gain root on the Debian servers has been found: by exploiting a bug in the brk() system call it’s possible for a process to gain access to the full kernel address space (at which point it is a simple matter to set the uid of the current process to zero and become root).
    Category: News 33 comments · read more

    Securing Linux – Interview of Russell Coker
    Submitted by ams on Thursday, July 03, 2003 – 07:23
    SecurityToday’s Australian Age has an interview of SE-Linux Debian Developer Russel Coker. Have you tested his SE Linux “play” machine with a public root password? You can find more about it here.
    Category: News 10 comments

    TrustedDebian: A new Debian-based security distro
    Submitted by brenno on Tuesday, March 18, 2003 – 11:57
    SecurityThe first public beta is out for TrustedDebian. This distribution is based on a standard Debian-distribution and complements it with many security features. In this release the main difference is protection against overflows, but the next release will incorporate the RSBAC-kernel patch. Many packages have already been recompiled to fully support the overflow protection.
    Category: News 10 comments · read more

    Setting up a Debian log server
    Submitted by andrew_barnes7 on Tuesday, October 29, 2002 – 14:22
    SecurityUpon browsing around rootprompt, I came across this PDF from Plutonium on setting up a Debian log server. The article goes into some detail of hardening the log server, including MD5 sums and other measures to make sure the box has not been compromised.
    Category: HOWTOs 7 comments

    An Introduction to GNU Privacy Guard
    Submitted by dscribner on Friday, September 20, 2002 – 07:07
    SecurityAlthough not directly Debian related this article targeting users new to GnuPG on GNU/Linux (and UNIX) systems, and how it can play an important role in their personal and business lives in inceasing the security and communication of digital medium. An Introduction to GNU Privacy Guard explains some of what GnuPG can do, the very basics in using it, and why it can be so important in becoming a valuable utility in anyone’s toolbox, both personally and professionally.
    Category: News 2 comments

    Snort box on Debian?
    Submitted by juraj on Monday, August 26, 2002 – 23:17
    SecurityI’ve been thinking about deploying several Snort sensors over my network. I decided that I would use Debian, because of apt-get (I want to be able to easily upgrade and fix security holes). However, I wanted to ask, how do you update your snort rules if there’s new attack signature available? I suppose there’s not a new snort package every day. Do you run ACID and MySQL on the sensor machine (so the ids machine does not generate any network traffic) or you log to remote DB? Do you use software like SnortCenter for management?
    Category: Q & A 7 comments · read more

    OpenSSH packages not vulnerable
    Submitted by robster on Thursday, August 01, 2002 – 16:22
    SecurityThe OpenSSH 3.4p1 packages on the OpenBSD FTP server were trojaned earlier today, as discovered by a FreeBSD user, Edwin Groothuis. The trojan only works at build time, and binaries produced from the source are not vulnerable, as detailed on his weblog (copied to /. because of bandwidth limitations).

    The Debian packages were created some time ago from original untrojaned tarballs and are thus not affected in this way (and nor is the package maintainer’s machine). The source tarball and the binary packages in the Debian archive are not affected, as confirmed by the ssh package maintainer, and several other Debian developers.

    Category: News 12 comments

    The OpenSSH Saga Continues
    Submitted by robot101 on Thursday, June 27, 2002 – 22:38
    SecurityThe Debian Security Advisory number 134 has been updated a fourth time, thankfully this time with more info known by all about the nature of the SSH problems. In summary, everyone should upgrade to 3.4 (unless they run potato and havn’t upgraded to 3.x at all yet, in which case you’re not vulnerable) and enable privilege separation if it doesn’t break anything for them. For the full story, read on…
    Category: News 12 comments · read more

    New vulnerability in OpenSSH
    Submitted by Chang on Tuesday, June 25, 2002 – 16:58
    SecurityTheo de Raadt

    the presence of a vulnerability in OpenSSH sshd. Until the fix is
    posted (expected Thursday) he is holding off on giving specific details. For better or for worse, he says the best course of action in the meantime is an upgrade to OpenSSH version 3.3
    and enable privilege separation. This won’t prevent the system from being
    exploited, but the exploit will only grant access to a non-privileged account.
    Update: Enabling privilege separation has knock-on implications for PAM session modules, which are coded with the (not unreasonable) assumption that root privileges are available. Watch this space as we see more problems with this hurried and forced upgrade.
    Category: News 11 comments · read more

    1 2 Next 10 > Last

    Search articles

    ·News (406)
    ·Features (5)
    ·Site News (16)
    ·HOWTOs (79)
    ·Tips (21)
    ·Opinion (29)
    ·Q & A (35)
    ·Sponsorship (1)
    ·Press Releases (5)

    Log in


    Remember me

    » Register
    » New password

    Debian Security Announcements
    DSA-943 perl
    DSA-942 albatross
    DSA-903 unzip
    DSA-941 tuxpaint
    DSA-940 gpdf
    DSA-939 fetchmail
    DSA-938 koffice
    DSA-937 tetex-bin
    DSA-936 libextractor
    DSA-935 libapache2-mod-auth-pgsql

    Planet Debian
    Wouter Verhelst: On flames.
    Joachim Breitner: Fixing my planet.debian.org subscription
    Steve Kemp: She has the blood of reptile just underneath her skin
    Pierre Habouzit: Married …
    Pierre Habouzit: whitelister 0.4 (SPF) and aaege ….
    Pierre Habouzit: kde 3.4.1 upload
    Holger Levsen: In case you are running OpenWRT
    Michael Janssen: Shiny roofs are good for the environment!
    Matthew Palmer: Work it out yourself, dammit!
    Axel Beckert: Tell me which music you like and I tell who you are

    Debian Administration
    How do I prevent rebuilt packages from being upgraded?
    Disabling the print-screen key inside X?
    Monitoring your bandwidth usage with vnstat
    Ruby on Rails on Debian
    Choice for Virtual Private Servers?
    Monitoring your hardware’s temperature
    Sending mail with Exim from ‘dialup’ IP
    How to recover GRUB Debian Sarge after reinstalling Windows
    Getting a GUI
    Spam filtering with Pyzor and SpamBayes

    Latest poll: Which release scheme should Debian follow?
    Continue this way (release when ready)
    Give up on releasing
    Split the release up
    Speed the release up
    Crank the workload up (see DebianWiki ReleaseProposals for details on these)

    Total votes: 372
    0 comments · older polls

    home · archives · news feeds · about · polls · search · sections · user account

    Powered by the amazing Drupal

    Debian Planet is not officially related to the Debian Project.
    Debian and the Debian logo are trademarks of Software in the Public Interest, Inc.