Category Archives: Security

DenyHosts Synchronization Mode

I recently deployed a new server to host this and my other websites. Because this is a public facing server, part of this deployment includes securing the accessible ports. To secure SSH I generally limit the users that are allowed to login to the system using AllowUsers directive, disallow root login using PermitRootLogin no and often change… Read More »

Configure Automatic Updates : Ubuntu Server

Configure Automatic Updates : Ubuntu Server Ubuntu Server allows you to activate automatic updates during the initial installation process. This setting configures your system to automatically download and install security updates. This system is configurable and this tutorial will outline how to enable it if you hadn’t previously, disable it if you no longer want… Read More »

Tunnel SSH over SSL

Tunnel SSH over SSL Have you ever found yourself behind a restrictive firewall that only allows outbound http(s) traffic, but you need to SSH out? Perhaps you’ve tried running SSH on port 443 (https) but those connections have been denied as well. In this post I’ll outline how to configure stunnel on an SSH server… Read More »

[USN-896-1] Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities

The following security announcement applies to firefox and xulrunner. If you have firefox and xulrunner installed, please see below for details on the vulnerability and instructions on patching your system: Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause… Read More »

[USN-895-1] Firefox 3.0 and Xulrunner 1.9 vulnerabilities

The following security announcement applies to firefox and xulrunner. If you have firefox and xulrunner installed, please see below for details on the vulnerability and instructions on patching your system: Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause… Read More »

[USN-901-1] Squid vulnerabilities

The following security announcement applies to squid. If you have squid installed, please see below for details on the vulnerability and instructions on patching your system: It was discovered that Squid incorrectly handled certain auth headers. A remote attacker could exploit this with a specially-crafted auth header and cause Squid to go into an infinite… Read More »

[USN-900-1] Ruby vulnerabilities

The following security announcement applies to libruby1.9 and ruby1.9. If you have libruby1.9 and ruby1.9 installed, please see below for details on the vulnerability and instructions on patching your system: Emmanouel Kellinis discovered that Ruby did not properly handle certain string operations. An attacker could exploit this issue and possibly execute arbitrary code with application… Read More »

[USN-899-1] Tomcat vulnerabilities

The following security announcement applies to libtomcat6-java. If you have libtomcat6-java installed, please see below for details on the vulnerability and instructions on patching your system: It was discovered that Tomcat did not correctly validate WAR filenames or paths when deploying. A remote attacker could send a specially crafted WAR file to be deployed and cause… Read More »

[USN-898-1] gnome-screensaver vulnerability

The following security announcement applies to gnome-screensaver. If you have gnome-screensaver installed, please see below for details on the vulnerability and instructions on patching your system: It was discovered that gnome-screensaver did not correctly handle monitor hotplugging. An attacker with physical access could cause gnome-screensaver to crash and gain access to the locked session. The… Read More »