Apticron: Difference between revisions
From ICO wiki
Jump to navigationJump to search
No edit summary |
|||
| Line 70: | Line 70: | ||
[nädalapäev] - saab täpsustada millistel päevadel nädalas programm käivitatakse, kus 0=pühapäev, 1=esmaspäev, 2=teisipäev, 3=kolmapäev, 4=neljapäev, 5=reede, 6=laupäev või * mis tähendab et see programm käivitatakse iga nädalapäev | [nädalapäev] - saab täpsustada millistel päevadel nädalas programm käivitatakse, kus 0=pühapäev, 1=esmaspäev, 2=teisipäev, 3=kolmapäev, 4=neljapäev, 5=reede, 6=laupäev või * mis tähendab et see programm käivitatakse iga nädalapäev | ||
==Näidis teade== | |||
Järgnevalt on välja toodud näidis, milline näeb välja apticron'i poolt e-postiga saadetud teade süsteemis ootel olevatest uuendustest. | |||
Järgnev teade on saadetud programmi apticron poolt operatsioonisüsteemis Ubuntu 10.10: | |||
<source lang="bash"> | |||
apticron report [Mon, 25 Apr 2011 16:24:37 +0300] ======================================================================== | |||
apticron has detected that some packages need upgrading on: | |||
arvi-VirtualBox | |||
[ ::1 127.0.1.1 10.0.2.15 10.0.2.15 ] | |||
The following packages are currently pending an upgrade: | |||
chromium-browser 10.0.648.205~r81283-0ubuntu0.10.10.1 | |||
chromium-browser-inspector 10.0.648.205~r81283-0ubuntu0.10.10.1 | |||
chromium-codecs-ffmpeg 10.0.648.205~r81283-0ubuntu0.10.10.1 | |||
dhcp3-client 3.1.3-2ubuntu6.2 | |||
dhcp3-common 3.1.3-2ubuntu6.2 | |||
gdm 2.30.5-0ubuntu4.1 | |||
gnome-power-manager 2.32.0-0ubuntu1.1 | |||
gnome-terminal 2.32.0-0ubuntu1.1 | |||
gnome-terminal-data 2.32.0-0ubuntu1.1 | |||
indicator-application 0.2.9-0ubuntu1.1 | |||
initscripts 2.87dsf-4ubuntu19.1 | |||
language-selector 0.6.8 | |||
language-selector-common 0.6.8 | |||
libappindicator0.1-cil 0.2.9-0ubuntu1.1 | |||
libappindicator1 0.2.9-0ubuntu1.1 | |||
libgssapi-krb5-2 1.8.1+dfsg-5ubuntu0.7 | |||
libk5crypto3 1.8.1+dfsg-5ubuntu0.7 | |||
libkrb5-3 1.8.1+dfsg-5ubuntu0.7 | |||
libkrb5support0 1.8.1+dfsg-5ubuntu0.7 | |||
libldap-2.4-2 2.4.23-0ubuntu3.5 | |||
libnss3-1d 3.12.9+ckbi-1.82-0ubuntu0.10.10.1 | |||
libpolkit-agent-1-0 0.96-2ubuntu1.1 | |||
libpolkit-backend-1-0 0.96-2ubuntu1.1 | |||
libpolkit-gobject-1-0 0.96-2ubuntu1.1 | |||
libslp1 1.2.1-7.7ubuntu0.1 | |||
libsmbclient 2:3.5.4~dfsg-1ubuntu8.4 | |||
libtiff4 3.9.4-2ubuntu0.4 | |||
libwbclient0 2:3.5.4~dfsg-1ubuntu8.4 | |||
linux-firmware 1.38.6 | |||
linux-generic 2.6.35.28.36 | |||
linux-headers-2.6.35-28 2.6.35-28.50 | |||
linux-headers-2.6.35-28-generic 2.6.35-28.50 | |||
linux-headers-generic 2.6.35.28.36 | |||
linux-image-2.6.35-28-generic 2.6.35-28.50 | |||
linux-image-generic 2.6.35.28.36 | |||
policykit-1 0.96-2ubuntu1.1 | |||
python-appindicator 0.2.9-0ubuntu1.1 | |||
python-cupshelpers 1.2.3+20100723-0ubuntu8.2 | |||
python-gnomeapplet 2.30.0-1ubuntu5.1 | |||
python-gnomekeyring 2.30.0-1ubuntu5.1 | |||
python-gtkspell 2.25.3-5ubuntu2.1 | |||
python-wnck 2.30.0-1ubuntu5.1 | |||
samba-common 2:3.5.4~dfsg-1ubuntu8.4 | |||
samba-common-bin 2:3.5.4~dfsg-1ubuntu8.4 | |||
smbclient 2:3.5.4~dfsg-1ubuntu8.4 | |||
system-config-printer-common 1.2.3+20100723-0ubuntu8.2 | |||
system-config-printer-gnome 1.2.3+20100723-0ubuntu8.2 | |||
system-config-printer-udev 1.2.3+20100723-0ubuntu8.2 | |||
sysv-rc 2.87dsf-4ubuntu19.1 | |||
sysvinit-utils 2.87dsf-4ubuntu19.1 | |||
tomboy 1.4.2-0ubuntu2 | |||
tzdata 2011e-0ubuntu0.10.10 | |||
update-manager 1:0.142.23 | |||
update-manager-core 1:0.142.23 | |||
w3m 0.5.2-6ubuntu1 | |||
x11-xserver-utils 7.5+2ubuntu1.1 | |||
======================================================================== | |||
Package Details: | |||
Reading changelogs... | |||
--- Changes for chromium-browser (chromium-browser chromium-browser-inspector chromium-codecs-ffmpeg) --- chromium-browser (10.0.648.205~r81283-0ubuntu0.10.10.1) maverick-security; urgency=high | |||
* New upstream minor release from the Stable Channel (LP: #762275) | |||
This release fixes the following security issues: | |||
- [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process. | |||
Credit to Google Chrome Security Team (Inferno). | |||
- [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit | |||
to Christoph Diehl. | |||
This releasse also contains the security fixes from 10.0.648.204~r79063 | |||
(which has been skipped by the sponsors) (LP: #742118) | |||
+ Webkit bugs: | |||
- [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit | |||
to Sławomir Błażek. | |||
- [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit | |||
to Sergey Glazunov. | |||
- [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to | |||
Sergey Glazunov. | |||
- [74991] High, CVE-2011-1295: DOM tree corruption with broken node | |||
parentage. Credit to Sergey Glazunov. | |||
- [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit | |||
to Sergey Glazunov. | |||
+ Chromium bugs: | |||
- [72517] High, CVE-2011-1291: Buffer error in base string handling. | |||
Credit to Alex Turpin. | |||
Packaging changes: | |||
* Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3) | |||
preventing a SIGILL crash on some boards (LP: #735877) | |||
- update debian/control | |||
* Install libppGoogleNaClPluginChrome.so (LP: #738331) | |||
- update debian/rules | |||
- update debian/chromium-browser.install | |||
* Fix the apport hooks to pass the expected 'ui' to add_info(), needed when | |||
called from apport/ubuntu-bug (LP: #759635) | |||
- update debian/apport/chromium-browser.py | |||
* NaCL may be blacklisted, so only include it when it's actually been | |||
built (fixes the ftbfs on arm) (LP: #745854) | |||
- update debian/rules | |||
- update debian/chromium-browser.install | |||
* Harden the apport hooks in the extensions section | |||
- update debian/apport/chromium-browser.py | |||
-- Fabien Tassin <fta@ubuntu.com> Thu, 14 Apr 2011 22:36:16 +0200 | |||
--- Changes for dhcp3 (dhcp3-client dhcp3-common) --- | |||
dhcp3 (3.1.3-2ubuntu6.2) maverick-security; urgency=low | |||
* SECURITY UPDATE: arbitrary code execution via crafted hostname | |||
- Patch for CVE-2011-0997 was getting reverted during the build | |||
because of special quilt handling in debian/rules for the ldap | |||
patches. | |||
- debian/patches/00list: move CVE-2011-0997 patch before the ldap | |||
patches, and add comment. | |||
- CVE-2011-0997 | |||
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 19 Apr 2011 09:03:47 -0400 | |||
dhcp3 (3.1.3-2ubuntu6.1) maverick-security; urgency=low | |||
* SECURITY UPDATE: arbitrary code execution via crafted hostname | |||
- debian/patches/CVE-2011-0997.dpatch: filter strings in | |||
client/dhclient.c, common/options.c. | |||
- CVE-2011-0997 | |||
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 11 Apr 2011 08:55:27 -0400 | |||
--- Changes for gdm --- | |||
gdm (2.30.5-0ubuntu4.1) maverick-security; urgency=low | |||
* SECURITY UPDATE: race condition allowing privilege escalation | |||
- debian/patches/91_CVE-2011-0727.patch: fix | |||
daemon/gdm-session-worker.c to copy files as session user rather | |||
than root followed by a subsequent chown. | |||
- CVE-2011-0727 | |||
-- Steve Beattie <sbeattie@ubuntu.com> Tue, 29 Mar 2011 09:27:07 -0700 | |||
--- Changes for gnome-power-manager --- | |||
gnome-power-manager (2.32.0-0ubuntu1.1) maverick-proposed; urgency=low | |||
* debian/patches/12-add-appindicators.patch: | |||
- Fix leak by working around a libappindicator bug. LP: #569273 | |||
-- Michael Terry <mterry@ubuntu.com> Wed, 16 Mar 2011 15:55:26 -0400 | |||
--- Changes for gnome-python-desktop (python-gnomeapplet python-gnomekeyring python-wnck) --- gnome-python-desktop (2.30.0-1ubuntu5.1) maverick-proposed; urgency=low | |||
* 01_wnck_enums.patch: Patch from upstream bugzilla, fix flags in the wnck | |||
module that were declared as enums. (LP: #642913) | |||
-- Stefano Rivera <stefanor@ubuntu.com> Sat, 12 Mar 2011 23:55:41 +0200 | |||
--- Changes for gnome-python-extras (python-gtkspell) --- gnome-python-extras (2.25.3-5ubuntu2.1) maverick-proposed; urgency=low | |||
* Have dh_xulrunner install a dependency on xulrunner for python-gtkmozembed | |||
again (LP: #695728) | |||
- update debian/rules | |||
-- Micah Gersten <micahg@ubuntu.com> Fri, 07 Jan 2011 09:21:14 -0600 | |||
--- Changes for gnome-terminal (gnome-terminal gnome-terminal-data) --- gnome-terminal (2.32.0-0ubuntu1.1) maverick-proposed; urgency=low | |||
* debian/patches/21_watch_clipboard.patch: | |||
- Watch clipboard contents for paste shorkey to work. (LP: #630383) | |||
-- Omer Akram <om26er@ubuntu.com> Sun, 13 Mar 2011 20:20:13 +0500 | |||
--- Changes for indicator-application (indicator-application libappindicator0.1-cil libappindicator1 python-appindicator) --- indicator-application (0.2.9-0ubuntu1.1) maverick-proposed; urgency=low | |||
* debian/patches/10-fix-theme-changed-crash.patch: | |||
- Don't crash due to theme changes. LP: #708188 | |||
-- Michael Terry <mterry@ubuntu.com> Wed, 16 Mar 2011 15:28:25 -0400 | |||
--- Changes for krb5 (libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0) --- | |||
krb5 (1.8.1+dfsg-5ubuntu0.7) maverick-security; urgency=low | |||
* SECURITY UPDATE: kadmind denial of service from freeing of uninitialized | |||
pointer. | |||
- src/kadmin/server/{network,schpw}.c: fix, thanks to upstream. | |||
- CVE-2011-0285 | |||
- MITKRB5-SA-2011-004 | |||
-- Kees Cook <kees@ubuntu.com> Mon, 18 Apr 2011 15:40:00 -0700 | |||
--- Changes for language-selector (language-selector language-selector-common) --- language-selector (0.6.8) maverick-security; urgency=low | |||
* debian/language-selector-common.postinst: allow missing backend. | |||
-- Kees Cook <kees@ubuntu.com> Tue, 19 Apr 2011 13:08:16 -0700 | |||
language-selector (0.6.7) maverick-security; urgency=low | |||
[ Kees Cook ] | |||
* SECURITY UPDATE: language selector backend did not verify policy kit | |||
authentication. | |||
- debian/language-selector-common.postinst: shut down old backend. | |||
- CVE-2011-0729 | |||
[ Martin Pitt ] | |||
* dbus_backend/ls-dbus-backend: Actually look at the PolicyKit check result | |||
and only proceed if it succeeded. Thanks to Romain Perier for finding this | |||
and providing the patch! This fixes a local root privilege escalation, as | |||
this allows any authenticated user to write arbitrary shell commands into | |||
/etc/default/locale. (LP: #764397) | |||
* dbus_backend/ls-dbus-backend: Reject locale names with invalid characters | |||
in it, to further prevent injecting shell code into /etc/default/locale | |||
for authenticated users. Thanks to Felix Geyer for the initial patch! | |||
(LP: #764397) | |||
* debian/control: Update Vcs-Bzr: for newly created maverick branch. | |||
-- Kees Cook <kees@ubuntu.com> Tue, 19 Apr 2011 10:31:37 -0700 | |||
--- Changes for linux-firmware --- | |||
linux-firmware (1.38.6) maverick-proposed; urgency=low | |||
* iwlwifi: add updated firmware for 5000 devices | |||
update iwlwifi-5000-5.ucode for 5000 series devices | |||
version: 8.83.5.1 - fix "tid mismatch" issue | |||
- LP: #728510 | |||
-- Tim Gardner <tim.gardner@canonical.com> Thu, 03 Mar 2011 09:05:44 -0700 | |||
--- Changes for linux-meta (linux-generic linux-headers-generic linux-image-generic) --- linux-meta (2.6.35.28.36) maverick-proposed; urgency=low | |||
* Bump ABI - Maverick ABI 28 | |||
-- Brad Figg <brad.figg@canonical.com> Mon, 28 Feb 2011 14:46:01 -0800 | |||
linux-meta (2.6.35.27.35) maverick-proposed; urgency=low | |||
[ Tim Gardner ] | |||
* LBM generic-pae packages are only built for i386 | |||
- LP: #720139 | |||
* LBM server packages are only built for amd64 | |||
- LP: #720139 | |||
-- Stefan Bader <stefan.bader@canonical.com> Thu, 17 Feb 2011 14:55:31 +0100 | |||
linux-meta (2.6.35.27.34) maverick-proposed; urgency=low | |||
* Bump ABI - Maverick ABI 26 | |||
-- Brad Figg <brad.figg@canonical.com> Thu, 10 Feb 2011 13:54:00 -0800 | |||
linux-meta (2.6.35.26.33) maverick-proposed; urgency=low | |||
* Bump ABI - Maverick ABI 26 | |||
-- Steve Conklin <sconklin@canonical.com> Fri, 28 Jan 2011 14:50:56 -0600 | |||
--- Changes for nss (libnss3-1d) --- | |||
nss (3.12.9+ckbi-1.82-0ubuntu0.10.10.1) maverick-security; urgency=low | |||
* New upstream release v3.12.9 with updated ckbi module | |||
(NSS_3_12_9_WITH_CKBI_1_82_RTM) | |||
- SECURITY UPDATE: Update "builtin certificates" module (ckbi) to | |||
explicitly mark the recently issued and revoked fraudulent certificates | |||
as explicitly not trusted; NSS will report SEC_ERROR_UNTRUSTED_CERT when | |||
attempting to verify one of these fraudulent certificates (LP: #741729) | |||
* Add new symbols | |||
- update debian/libnss3-1d.symbols | |||
-- Micah Gersten <micahg@ubuntu.com> Tue, 29 Mar 2011 03:13:10 -0500 | |||
--- Changes for openldap (libldap-2.4-2) --- openldap (2.4.23-0ubuntu3.5) maverick-security; urgency=low | |||
* SECURITY UPDATE: fix successful anonymous bind via chain overlay when | |||
using forwarded authentication failures | |||
- debian/patches/CVE-2011-1024 | |||
- CVE-2011-1024 | |||
* SECURITY UPDATE: verify password when authenticating to rootdn and using ndb | |||
backend. Note: Ubuntu is not compiled with --enable-ndb by default | |||
- debian/patches/CVE-2011-1025 | |||
- CVE-2011-1025 | |||
* SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests | |||
and requestDN is empty | |||
- debian/patches/CVE-2011-1081 | |||
- CVE-2011-1081 | |||
-- Jamie Strandboge <jamie@ubuntu.com> Wed, 16 Mar 2011 09:48:17 -0500 | |||
--- Changes for openslp-dfsg (libslp1) --- openslp-dfsg (1.2.1-7.7ubuntu0.1) maverick-security; urgency=low | |||
* SECURITY UPDATE: denial of service via circular reference | |||
- debian/patches/CVE-2010-3609.patch: detect circular reference in | |||
common/slp_message.c. Patch thanks to SUSE. | |||
- CVE-2010-3609 | |||
* debian/rules: add dh_quilt_patch and dh_quilt_unpatch so patches in | |||
debian/patches actually get applied. | |||
* debian/patches/series: disable 01_have_net_if_arp.diff and | |||
99_autoreconf.diff since they had never been applied. | |||
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 05 Apr 2011 14:50:59 -0400 | |||
--- Changes for policykit-1 (libpolkit-agent-1-0 libpolkit-backend-1-0 libpolkit-gobject-1-0 policykit-1) --- | |||
policykit-1 (0.96-2ubuntu1.1) maverick-security; urgency=low | |||
* SECURITY UPDATE: avoid /proc race conditions when checking privileges | |||
for pkexec. | |||
- 10_fix_proc_race.patch | |||
- CVE-2011-1485 | |||
-- Kees Cook <kees@ubuntu.com> Tue, 19 Apr 2011 12:25:33 -0700 | |||
--- Changes for samba (libsmbclient libwbclient0 samba-common samba-common-bin smbclient) --- samba (2:3.5.4~dfsg-1ubuntu8.4) maverick-proposed; urgency=low | |||
* debian/patches/ntlm-auth-lp623342.patch: ntlm_auth returns an invalid | |||
response key. (LP: #623342) Patch taken from upstream | |||
(https://bugzilla.samba.org/show_bug.cgi?id=7568) | |||
-- Stefano Rivera <stefanor@ubuntu.com> Wed, 02 Mar 2011 22:38:19 +0100 | |||
--- Changes for system-config-printer (python-cupshelpers system-config-printer-common system-config-printer-gnome system-config-printer-udev) --- system-config-printer (1.2.3+20100723-0ubuntu8.2) maverick-proposed; urgency=low | |||
* debian/patches/75_do-not-list-duplicate-ppd-nicknames.patch: Fixed the | |||
patch to suppress duplicate listings of the same PPD file. The wrong | |||
entries were correctly suppressed, but the selection was applied to list | |||
which still contained them and so it often came to another driver than the | |||
selected one being set up (LP: #739375). | |||
-- Till Kamppeter <till.kamppeter@gmail.com> Tue, 22 Mar 2010 20:54:06 +0100 | |||
--- Changes for sysvinit (initscripts sysv-rc sysvinit-utils) --- sysvinit (2.87dsf-4ubuntu19.1) maverick-proposed; urgency=low | |||
* debian/initscripts/etc/init.d/umountroot: Improve handling of | |||
respawn of init: we now wait for inits map file to change. If this doesn't | |||
happen within 5 seconds, we unmount forcibly. (LP: #672177) | |||
-- James Hunt <james.hunt@ubuntu.com> Fri, 28 Jan 2011 11:45:35 +0000 | |||
--- Changes for tiff (libtiff4) --- | |||
tiff (3.9.4-2ubuntu0.4) maverick-security; urgency=low | |||
* SECURITY UPDATE: arbitrary code execution via malformed JPEG | |||
- debian/patches/CVE-2009-5022.patch: check width in | |||
libtiff/tif_ojpeg.c. | |||
- CVE-2009-5022 | |||
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 20 Apr 2011 13:04:56 -0400 | |||
tiff (3.9.4-2ubuntu0.3) maverick-security; urgency=low | |||
* SECURITY UPDATE: arbitrary code execution via crafted | |||
THUNDER_2BITDELTAS data | |||
- debian/patches/CVE-2011-1167.patch: validate bitspersample and | |||
make sure npixels is sane in libtiff/tif_thunder.c. | |||
- CVE-2011-1167 | |||
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 30 Mar 2011 13:02:48 -0400 | |||
--- Changes for tomboy --- | |||
tomboy (1.4.2-0ubuntu2) maverick-proposed; urgency=low | |||
* debian/patches/06_use_ubuntu_sso.patch | |||
- Use the Ubuntu One production services instead of edge | |||
servers (LP: #745721) | |||
-- Ken VanDine <ken.vandine@canonical.com> Wed, 30 Mar 2011 10:28:48 -0400 | |||
--- Changes for tzdata --- | |||
tzdata (2011e-0ubuntu0.10.10) maverick-proposed; urgency=low | |||
* New upstream release 2011e: (LP: #747946) | |||
- africa: Add start and end of DST in 2011 in Morocco. | |||
- southamerica: For Chile, delay end of DST in 2011 from April 2nd to May 7th | |||
-- Gary Lasker <gary.lasker@canonical.com> Sat, 02 Apr 2011 11:21:16 -0400 | |||
--- Changes for update-manager (update-manager update-manager-core) --- update-manager (1:0.142.23) maverick-proposed; urgency=low | |||
* DistUpgrade/DistUpgradeController.py: | |||
- add quirks handler for upgrade form the kubuntu ppa | |||
(LP: #680088) | |||
* UpdateManager/Core/DistUpgradeFetcherCore.py, do-release-upgrade: | |||
- fix deprecation warnings (LP: #744990) | |||
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 30 Mar 2011 10:01:59 +0200 | |||
--- Changes for w3m --- | |||
w3m (0.5.2-6ubuntu1) maverick-proposed; urgency=low | |||
* debian/patches/091_button.patch: | |||
- Support the button element as defined in HTML 4.01. | |||
Backport of 020_button.patch from natty. | |||
(LP: #683337, Closes: #136810) | |||
-- Tuomas Heino <iheino+ub@cc.hut.fi> Mon, 17 Jan 2011 09:57:32 +0200 | |||
--- Changes for x11-xserver-utils --- | |||
x11-xserver-utils (7.5+2ubuntu1.1) maverick-security; urgency=low | |||
* SECURITY UPDATE: root escalation via rogue hostname (LP: #752315) | |||
- xrdb: Create shell-escape-safe cpp options in the non-pathetic-cpp | |||
case. | |||
- http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56 | |||
- CVE-2011-0465 | |||
-- Timo Aaltonen <tjaalton@ubuntu.com> Wed, 06 Apr 2011 17:44:41 +0300 | |||
======================================================================== | |||
You can perform the upgrade by issuing the command: | |||
aptitude full-upgrade | |||
as root on arvi-VirtualBox | |||
-- | |||
apticron | |||
</source> | |||
Revision as of 13:11, 29 April 2011
Sissejuhatus
Järgnev artikkel kirjeldab programmi apticron, selle paigaldamist ja seadistamist Linux operatsioonisüsteemides. Juhendi dokumentatsioon on koostatud Ubuntu 10.10 ja Ubuntu Server põhjal. Selleks, et apticron töötaks peab olema paigaldatud ja korrektselt seadistatud postiedastusagent (ing k Mail Transport Agent) , milleks on näiteks postfix.
Programmist
Apticron on shell’i skript, mis saadab e-posti teel nimekirja kõikidest saadaolevatest uuendustest, mida saab antud süsteemis paigaldada ning kokkuvõtte muudatuste kohta kõikides pakkides. Teadete plaanipäraseks saatmiseks kasutab apticron Linuxi süsteemi protsessi cron. Algselt oli programm mõeldud ootel olevate turvauuenduste teatamiseks, kuid seda saab kasutada ka paljudes teistes situatsioonides, kus vajatakse automaatset teate saatmist uuendustest. Apticron oli algselt välja töötatud Colm MacCarthaigh poolt koos Marc Sherman abiga. Alates 2006-st aastast on seda täiendanud Tiago Bortoletto Vaz.
Paigaldamine
Apticroni paigaldamiseks tuleb käsureale sisestada juurkasutaja õigustes järgmine käsk:
apt-get install apticron
Selle tulemusena paigaldatakse apticron koos teiste programmi tööks vajalike pakkidega.
Paigaldatakse järgmised failid:
- /etc/apticron/apticron.conf
- /etc/cron.d/apticron
- /etc/cron.daily/apticron
- /var/lib/misc/apticron.cron
- /usr/sbin/apticron
Seadistamine
Selleks, et apticron saadaks uuenduste nimekirja soovitud e-posti aadressile tuleb juurkasutaja õigustes avada teksti redaktoriga apticroni konfiguratsiooni fail.
/etc/apticron/apticron.conf
Konfiguratsiooni failis tuleb muuta kirje EMAIL=“root“ ning selle asemel sisestada:
EMAIL=“<e-posti aadress>“
Selle tulemusena saadetakse uuenduste nimekiri sisestatud e-posti aadressile.
Alternatiiviks eelnevale on ka käsurea käsk:
dpkg-reconfigure apticron
Selle tulemusena avaneb käsureal sinine aken kuhu saab kirjutada soovitud e-posti aadressi uuenduste nimekirja saatmiseks.
Ajakava seadistamine
Vaikimisi käivitatakse apticron kord päevas. Kui on soov käsitsi määrata aeg millal süsteemi protsess cron käivitab apticron'i tuleks juurkasutaja õigustes tekstiredaktoriga (näites on see avatud programmiga nano) avada järgnev fail:
nano /etc/cron.d/apticron
Selle tulemusena kuvatakse faili sisu, kus vaikimis peaks olema kaks rida teksti, mis näeb välja järgmine:
# cron entry for apticron
6 5 * * * root test -x /usr/sbin/apticron && /usr/sbin/apticron --cron
Antud näites käivitatakse apticron iga päeva hommikul kell 05:06
Alumise rea esimesed viis sümbolit on aja parameetrid:
6 5 * * *
[minut] [tund] [kuupäev] [kuu] [nädalapäev]
[minut] - saab valida väärtusi 0-59 või * mis tähendab, et see programm käivitatakse iga minut
[tund] - saab valida väärtusi 0-23 või * mis tähendab, et see programm käivitatakse iga tund
[kuupäev] - saab valida väärtusi 1-31 või * mis tähendab, et see programm käivitatakse iga päev
[kuu] - saab valida väärtusi 1-12 või * mis tähendab, et see programm käivitatakse iga kuu
[nädalapäev] - saab täpsustada millistel päevadel nädalas programm käivitatakse, kus 0=pühapäev, 1=esmaspäev, 2=teisipäev, 3=kolmapäev, 4=neljapäev, 5=reede, 6=laupäev või * mis tähendab et see programm käivitatakse iga nädalapäev
Näidis teade
Järgnevalt on välja toodud näidis, milline näeb välja apticron'i poolt e-postiga saadetud teade süsteemis ootel olevatest uuendustest.
Järgnev teade on saadetud programmi apticron poolt operatsioonisüsteemis Ubuntu 10.10:
apticron report [Mon, 25 Apr 2011 16:24:37 +0300] ========================================================================
apticron has detected that some packages need upgrading on:
arvi-VirtualBox
[ ::1 127.0.1.1 10.0.2.15 10.0.2.15 ]
The following packages are currently pending an upgrade:
chromium-browser 10.0.648.205~r81283-0ubuntu0.10.10.1
chromium-browser-inspector 10.0.648.205~r81283-0ubuntu0.10.10.1
chromium-codecs-ffmpeg 10.0.648.205~r81283-0ubuntu0.10.10.1
dhcp3-client 3.1.3-2ubuntu6.2
dhcp3-common 3.1.3-2ubuntu6.2
gdm 2.30.5-0ubuntu4.1
gnome-power-manager 2.32.0-0ubuntu1.1
gnome-terminal 2.32.0-0ubuntu1.1
gnome-terminal-data 2.32.0-0ubuntu1.1
indicator-application 0.2.9-0ubuntu1.1
initscripts 2.87dsf-4ubuntu19.1
language-selector 0.6.8
language-selector-common 0.6.8
libappindicator0.1-cil 0.2.9-0ubuntu1.1
libappindicator1 0.2.9-0ubuntu1.1
libgssapi-krb5-2 1.8.1+dfsg-5ubuntu0.7
libk5crypto3 1.8.1+dfsg-5ubuntu0.7
libkrb5-3 1.8.1+dfsg-5ubuntu0.7
libkrb5support0 1.8.1+dfsg-5ubuntu0.7
libldap-2.4-2 2.4.23-0ubuntu3.5
libnss3-1d 3.12.9+ckbi-1.82-0ubuntu0.10.10.1
libpolkit-agent-1-0 0.96-2ubuntu1.1
libpolkit-backend-1-0 0.96-2ubuntu1.1
libpolkit-gobject-1-0 0.96-2ubuntu1.1
libslp1 1.2.1-7.7ubuntu0.1
libsmbclient 2:3.5.4~dfsg-1ubuntu8.4
libtiff4 3.9.4-2ubuntu0.4
libwbclient0 2:3.5.4~dfsg-1ubuntu8.4
linux-firmware 1.38.6
linux-generic 2.6.35.28.36
linux-headers-2.6.35-28 2.6.35-28.50
linux-headers-2.6.35-28-generic 2.6.35-28.50
linux-headers-generic 2.6.35.28.36
linux-image-2.6.35-28-generic 2.6.35-28.50
linux-image-generic 2.6.35.28.36
policykit-1 0.96-2ubuntu1.1
python-appindicator 0.2.9-0ubuntu1.1
python-cupshelpers 1.2.3+20100723-0ubuntu8.2
python-gnomeapplet 2.30.0-1ubuntu5.1
python-gnomekeyring 2.30.0-1ubuntu5.1
python-gtkspell 2.25.3-5ubuntu2.1
python-wnck 2.30.0-1ubuntu5.1
samba-common 2:3.5.4~dfsg-1ubuntu8.4
samba-common-bin 2:3.5.4~dfsg-1ubuntu8.4
smbclient 2:3.5.4~dfsg-1ubuntu8.4
system-config-printer-common 1.2.3+20100723-0ubuntu8.2
system-config-printer-gnome 1.2.3+20100723-0ubuntu8.2
system-config-printer-udev 1.2.3+20100723-0ubuntu8.2
sysv-rc 2.87dsf-4ubuntu19.1
sysvinit-utils 2.87dsf-4ubuntu19.1
tomboy 1.4.2-0ubuntu2
tzdata 2011e-0ubuntu0.10.10
update-manager 1:0.142.23
update-manager-core 1:0.142.23
w3m 0.5.2-6ubuntu1
x11-xserver-utils 7.5+2ubuntu1.1
========================================================================
Package Details:
Reading changelogs...
--- Changes for chromium-browser (chromium-browser chromium-browser-inspector chromium-codecs-ffmpeg) --- chromium-browser (10.0.648.205~r81283-0ubuntu0.10.10.1) maverick-security; urgency=high
* New upstream minor release from the Stable Channel (LP: #762275)
This release fixes the following security issues:
- [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
Credit to Google Chrome Security Team (Inferno).
- [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
to Christoph Diehl.
This releasse also contains the security fixes from 10.0.648.204~r79063
(which has been skipped by the sponsors) (LP: #742118)
+ Webkit bugs:
- [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
to Sławomir Błażek.
- [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
to Sergey Glazunov.
- [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
Sergey Glazunov.
- [74991] High, CVE-2011-1295: DOM tree corruption with broken node
parentage. Credit to Sergey Glazunov.
- [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
to Sergey Glazunov.
+ Chromium bugs:
- [72517] High, CVE-2011-1291: Buffer error in base string handling.
Credit to Alex Turpin.
Packaging changes:
* Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
preventing a SIGILL crash on some boards (LP: #735877)
- update debian/control
* Install libppGoogleNaClPluginChrome.so (LP: #738331)
- update debian/rules
- update debian/chromium-browser.install
* Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
called from apport/ubuntu-bug (LP: #759635)
- update debian/apport/chromium-browser.py
* NaCL may be blacklisted, so only include it when it's actually been
built (fixes the ftbfs on arm) (LP: #745854)
- update debian/rules
- update debian/chromium-browser.install
* Harden the apport hooks in the extensions section
- update debian/apport/chromium-browser.py
-- Fabien Tassin <fta@ubuntu.com> Thu, 14 Apr 2011 22:36:16 +0200
--- Changes for dhcp3 (dhcp3-client dhcp3-common) ---
dhcp3 (3.1.3-2ubuntu6.2) maverick-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted hostname
- Patch for CVE-2011-0997 was getting reverted during the build
because of special quilt handling in debian/rules for the ldap
patches.
- debian/patches/00list: move CVE-2011-0997 patch before the ldap
patches, and add comment.
- CVE-2011-0997
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 19 Apr 2011 09:03:47 -0400
dhcp3 (3.1.3-2ubuntu6.1) maverick-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted hostname
- debian/patches/CVE-2011-0997.dpatch: filter strings in
client/dhclient.c, common/options.c.
- CVE-2011-0997
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 11 Apr 2011 08:55:27 -0400
--- Changes for gdm ---
gdm (2.30.5-0ubuntu4.1) maverick-security; urgency=low
* SECURITY UPDATE: race condition allowing privilege escalation
- debian/patches/91_CVE-2011-0727.patch: fix
daemon/gdm-session-worker.c to copy files as session user rather
than root followed by a subsequent chown.
- CVE-2011-0727
-- Steve Beattie <sbeattie@ubuntu.com> Tue, 29 Mar 2011 09:27:07 -0700
--- Changes for gnome-power-manager ---
gnome-power-manager (2.32.0-0ubuntu1.1) maverick-proposed; urgency=low
* debian/patches/12-add-appindicators.patch:
- Fix leak by working around a libappindicator bug. LP: #569273
-- Michael Terry <mterry@ubuntu.com> Wed, 16 Mar 2011 15:55:26 -0400
--- Changes for gnome-python-desktop (python-gnomeapplet python-gnomekeyring python-wnck) --- gnome-python-desktop (2.30.0-1ubuntu5.1) maverick-proposed; urgency=low
* 01_wnck_enums.patch: Patch from upstream bugzilla, fix flags in the wnck
module that were declared as enums. (LP: #642913)
-- Stefano Rivera <stefanor@ubuntu.com> Sat, 12 Mar 2011 23:55:41 +0200
--- Changes for gnome-python-extras (python-gtkspell) --- gnome-python-extras (2.25.3-5ubuntu2.1) maverick-proposed; urgency=low
* Have dh_xulrunner install a dependency on xulrunner for python-gtkmozembed
again (LP: #695728)
- update debian/rules
-- Micah Gersten <micahg@ubuntu.com> Fri, 07 Jan 2011 09:21:14 -0600
--- Changes for gnome-terminal (gnome-terminal gnome-terminal-data) --- gnome-terminal (2.32.0-0ubuntu1.1) maverick-proposed; urgency=low
* debian/patches/21_watch_clipboard.patch:
- Watch clipboard contents for paste shorkey to work. (LP: #630383)
-- Omer Akram <om26er@ubuntu.com> Sun, 13 Mar 2011 20:20:13 +0500
--- Changes for indicator-application (indicator-application libappindicator0.1-cil libappindicator1 python-appindicator) --- indicator-application (0.2.9-0ubuntu1.1) maverick-proposed; urgency=low
* debian/patches/10-fix-theme-changed-crash.patch:
- Don't crash due to theme changes. LP: #708188
-- Michael Terry <mterry@ubuntu.com> Wed, 16 Mar 2011 15:28:25 -0400
--- Changes for krb5 (libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0) ---
krb5 (1.8.1+dfsg-5ubuntu0.7) maverick-security; urgency=low
* SECURITY UPDATE: kadmind denial of service from freeing of uninitialized
pointer.
- src/kadmin/server/{network,schpw}.c: fix, thanks to upstream.
- CVE-2011-0285
- MITKRB5-SA-2011-004
-- Kees Cook <kees@ubuntu.com> Mon, 18 Apr 2011 15:40:00 -0700
--- Changes for language-selector (language-selector language-selector-common) --- language-selector (0.6.8) maverick-security; urgency=low
* debian/language-selector-common.postinst: allow missing backend.
-- Kees Cook <kees@ubuntu.com> Tue, 19 Apr 2011 13:08:16 -0700
language-selector (0.6.7) maverick-security; urgency=low
[ Kees Cook ]
* SECURITY UPDATE: language selector backend did not verify policy kit
authentication.
- debian/language-selector-common.postinst: shut down old backend.
- CVE-2011-0729
[ Martin Pitt ]
* dbus_backend/ls-dbus-backend: Actually look at the PolicyKit check result
and only proceed if it succeeded. Thanks to Romain Perier for finding this
and providing the patch! This fixes a local root privilege escalation, as
this allows any authenticated user to write arbitrary shell commands into
/etc/default/locale. (LP: #764397)
* dbus_backend/ls-dbus-backend: Reject locale names with invalid characters
in it, to further prevent injecting shell code into /etc/default/locale
for authenticated users. Thanks to Felix Geyer for the initial patch!
(LP: #764397)
* debian/control: Update Vcs-Bzr: for newly created maverick branch.
-- Kees Cook <kees@ubuntu.com> Tue, 19 Apr 2011 10:31:37 -0700
--- Changes for linux-firmware ---
linux-firmware (1.38.6) maverick-proposed; urgency=low
* iwlwifi: add updated firmware for 5000 devices
update iwlwifi-5000-5.ucode for 5000 series devices
version: 8.83.5.1 - fix "tid mismatch" issue
- LP: #728510
-- Tim Gardner <tim.gardner@canonical.com> Thu, 03 Mar 2011 09:05:44 -0700
--- Changes for linux-meta (linux-generic linux-headers-generic linux-image-generic) --- linux-meta (2.6.35.28.36) maverick-proposed; urgency=low
* Bump ABI - Maverick ABI 28
-- Brad Figg <brad.figg@canonical.com> Mon, 28 Feb 2011 14:46:01 -0800
linux-meta (2.6.35.27.35) maverick-proposed; urgency=low
[ Tim Gardner ]
* LBM generic-pae packages are only built for i386
- LP: #720139
* LBM server packages are only built for amd64
- LP: #720139
-- Stefan Bader <stefan.bader@canonical.com> Thu, 17 Feb 2011 14:55:31 +0100
linux-meta (2.6.35.27.34) maverick-proposed; urgency=low
* Bump ABI - Maverick ABI 26
-- Brad Figg <brad.figg@canonical.com> Thu, 10 Feb 2011 13:54:00 -0800
linux-meta (2.6.35.26.33) maverick-proposed; urgency=low
* Bump ABI - Maverick ABI 26
-- Steve Conklin <sconklin@canonical.com> Fri, 28 Jan 2011 14:50:56 -0600
--- Changes for nss (libnss3-1d) ---
nss (3.12.9+ckbi-1.82-0ubuntu0.10.10.1) maverick-security; urgency=low
* New upstream release v3.12.9 with updated ckbi module
(NSS_3_12_9_WITH_CKBI_1_82_RTM)
- SECURITY UPDATE: Update "builtin certificates" module (ckbi) to
explicitly mark the recently issued and revoked fraudulent certificates
as explicitly not trusted; NSS will report SEC_ERROR_UNTRUSTED_CERT when
attempting to verify one of these fraudulent certificates (LP: #741729)
* Add new symbols
- update debian/libnss3-1d.symbols
-- Micah Gersten <micahg@ubuntu.com> Tue, 29 Mar 2011 03:13:10 -0500
--- Changes for openldap (libldap-2.4-2) --- openldap (2.4.23-0ubuntu3.5) maverick-security; urgency=low
* SECURITY UPDATE: fix successful anonymous bind via chain overlay when
using forwarded authentication failures
- debian/patches/CVE-2011-1024
- CVE-2011-1024
* SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
backend. Note: Ubuntu is not compiled with --enable-ndb by default
- debian/patches/CVE-2011-1025
- CVE-2011-1025
* SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
and requestDN is empty
- debian/patches/CVE-2011-1081
- CVE-2011-1081
-- Jamie Strandboge <jamie@ubuntu.com> Wed, 16 Mar 2011 09:48:17 -0500
--- Changes for openslp-dfsg (libslp1) --- openslp-dfsg (1.2.1-7.7ubuntu0.1) maverick-security; urgency=low
* SECURITY UPDATE: denial of service via circular reference
- debian/patches/CVE-2010-3609.patch: detect circular reference in
common/slp_message.c. Patch thanks to SUSE.
- CVE-2010-3609
* debian/rules: add dh_quilt_patch and dh_quilt_unpatch so patches in
debian/patches actually get applied.
* debian/patches/series: disable 01_have_net_if_arp.diff and
99_autoreconf.diff since they had never been applied.
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 05 Apr 2011 14:50:59 -0400
--- Changes for policykit-1 (libpolkit-agent-1-0 libpolkit-backend-1-0 libpolkit-gobject-1-0 policykit-1) ---
policykit-1 (0.96-2ubuntu1.1) maverick-security; urgency=low
* SECURITY UPDATE: avoid /proc race conditions when checking privileges
for pkexec.
- 10_fix_proc_race.patch
- CVE-2011-1485
-- Kees Cook <kees@ubuntu.com> Tue, 19 Apr 2011 12:25:33 -0700
--- Changes for samba (libsmbclient libwbclient0 samba-common samba-common-bin smbclient) --- samba (2:3.5.4~dfsg-1ubuntu8.4) maverick-proposed; urgency=low
* debian/patches/ntlm-auth-lp623342.patch: ntlm_auth returns an invalid
response key. (LP: #623342) Patch taken from upstream
(https://bugzilla.samba.org/show_bug.cgi?id=7568)
-- Stefano Rivera <stefanor@ubuntu.com> Wed, 02 Mar 2011 22:38:19 +0100
--- Changes for system-config-printer (python-cupshelpers system-config-printer-common system-config-printer-gnome system-config-printer-udev) --- system-config-printer (1.2.3+20100723-0ubuntu8.2) maverick-proposed; urgency=low
* debian/patches/75_do-not-list-duplicate-ppd-nicknames.patch: Fixed the
patch to suppress duplicate listings of the same PPD file. The wrong
entries were correctly suppressed, but the selection was applied to list
which still contained them and so it often came to another driver than the
selected one being set up (LP: #739375).
-- Till Kamppeter <till.kamppeter@gmail.com> Tue, 22 Mar 2010 20:54:06 +0100
--- Changes for sysvinit (initscripts sysv-rc sysvinit-utils) --- sysvinit (2.87dsf-4ubuntu19.1) maverick-proposed; urgency=low
* debian/initscripts/etc/init.d/umountroot: Improve handling of
respawn of init: we now wait for inits map file to change. If this doesn't
happen within 5 seconds, we unmount forcibly. (LP: #672177)
-- James Hunt <james.hunt@ubuntu.com> Fri, 28 Jan 2011 11:45:35 +0000
--- Changes for tiff (libtiff4) ---
tiff (3.9.4-2ubuntu0.4) maverick-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via malformed JPEG
- debian/patches/CVE-2009-5022.patch: check width in
libtiff/tif_ojpeg.c.
- CVE-2009-5022
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 20 Apr 2011 13:04:56 -0400
tiff (3.9.4-2ubuntu0.3) maverick-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via crafted
THUNDER_2BITDELTAS data
- debian/patches/CVE-2011-1167.patch: validate bitspersample and
make sure npixels is sane in libtiff/tif_thunder.c.
- CVE-2011-1167
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 30 Mar 2011 13:02:48 -0400
--- Changes for tomboy ---
tomboy (1.4.2-0ubuntu2) maverick-proposed; urgency=low
* debian/patches/06_use_ubuntu_sso.patch
- Use the Ubuntu One production services instead of edge
servers (LP: #745721)
-- Ken VanDine <ken.vandine@canonical.com> Wed, 30 Mar 2011 10:28:48 -0400
--- Changes for tzdata ---
tzdata (2011e-0ubuntu0.10.10) maverick-proposed; urgency=low
* New upstream release 2011e: (LP: #747946)
- africa: Add start and end of DST in 2011 in Morocco.
- southamerica: For Chile, delay end of DST in 2011 from April 2nd to May 7th
-- Gary Lasker <gary.lasker@canonical.com> Sat, 02 Apr 2011 11:21:16 -0400
--- Changes for update-manager (update-manager update-manager-core) --- update-manager (1:0.142.23) maverick-proposed; urgency=low
* DistUpgrade/DistUpgradeController.py:
- add quirks handler for upgrade form the kubuntu ppa
(LP: #680088)
* UpdateManager/Core/DistUpgradeFetcherCore.py, do-release-upgrade:
- fix deprecation warnings (LP: #744990)
-- Michael Vogt <michael.vogt@ubuntu.com> Wed, 30 Mar 2011 10:01:59 +0200
--- Changes for w3m ---
w3m (0.5.2-6ubuntu1) maverick-proposed; urgency=low
* debian/patches/091_button.patch:
- Support the button element as defined in HTML 4.01.
Backport of 020_button.patch from natty.
(LP: #683337, Closes: #136810)
-- Tuomas Heino <iheino+ub@cc.hut.fi> Mon, 17 Jan 2011 09:57:32 +0200
--- Changes for x11-xserver-utils ---
x11-xserver-utils (7.5+2ubuntu1.1) maverick-security; urgency=low
* SECURITY UPDATE: root escalation via rogue hostname (LP: #752315)
- xrdb: Create shell-escape-safe cpp options in the non-pathetic-cpp
case.
- http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
- CVE-2011-0465
-- Timo Aaltonen <tjaalton@ubuntu.com> Wed, 06 Apr 2011 17:44:41 +0300
========================================================================
You can perform the upgrade by issuing the command:
aptitude full-upgrade
as root on arvi-VirtualBox
--
apticron
