Hi,
Another serious bug has been found in Exim, which is installed by
default on Debian and some other Linux distributions:
https://seclists.org/oss-sec/2019/q3/253
The impact is remote execution as an unprivileged user, although
it cannot be ruled out that there might be other routes to the same
code running in a privileged context.
If your distribution is still under security support then I expect
they will push out new packages in the next few days.
If not then you will need to upgrade it or rebuild the package. It's
quite a simple fix.
There's been no embargo this time, so attacks could be out in the
wild already.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce
Hi,
TL;DR: Read this to learn how to install CentOS 8
https://tools.bitfolk.com/wiki/Installing_CentOS_8
Unabridged edition:
Given that CentOS 8 was released a few days ago I had a look at
adding its installer.
Unfortunately it seems that CentOS 8 has dropped kernel support for
PV-mode Xen guests, which are the only type of guests that BitFolk
currently supports. It is therefore not possible to use the official
CentOS installer or core kernel package at the moment.
We are in the process of moving to PVH mode¹ guests, but that's not
ready yet. It all works; the main difficulty now is supporting both
modes without it being a terribly confusing user experience.
In the meantime, it is pretty simple to install CentOS 8 from
another Linux. This could be any distribution including an earlier
version of CentOS, though I would suggest that doing it from the
BitFolk Rescue VM² makes most sense as it's always available and
runs from RAM.
As the core kernel package of CentOS 8 also does not support PV mode
guests, it is also necessary to enable ELRepo³ and install the
kernel-ml package.
Here is a transcript of me installing CentOS 8 from scratch by this
method with full explanation of every step.
https://tools.bitfolk.com/wiki/Installing_CentOS_8
Don't be put off by the massive amount of text here; the vast majority
of it is command output which I have only included so you know what
to expect.
The only issue I have found with this method are some odd 1–2 minute
pauses around creating initramfs / bootloader config. This only
happens inside the install chroot and is probably something trying
to probe and timing out. It appears to be harmless, just irritating.
If you know what that is about or have any other improvements to
make, please do edit the page⁴; it is a wiki.
Cheers,
Andy
¹ https://wiki.xen.org/wiki/Xen_Project_Software_Overview#PVH_.28x86.29
² https://tools.bitfolk.com/wiki/Rescue
³ https://elrepo.org/tiki/kernel-ml
⁴ I would suggest refraining from adding purely optional things that
are a matter of taste though, as otherwise the page will become
incredibly long and opinionated.
--
https://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce
One that caught one server in the past month was webmin's, where one
version was hacked with a backdoor would by default let an attacker
run code as root, and later versions could also do so, depending on
how they'd been set up.
http://www.webmin.com/exploit.html
It didn't help that it's easy to let webmin update itself rather than
using the usual Debian apt / apt-get utilities and, if you don't use
it very often, it's easy to miss an update release.
What it did was install something listening to port 59000. As that
port (and almost all others) has always been blocked by the firewall,
it doesn't seem to have done anything bad, but it's rebuild on a fresh
VPS and destroy it time.
Ian, knowing that Andy has always disliked webmin...
