fdm Geplaatst: 26 november 2008 Geplaatst: 26 november 2008 Hallo, Ik kreeg van no-ip een bericht dat ik een patch moet binnen halen om het systeem veiliger te maken: Subject: Important No-IP Linux Update Client Security Update > Date: Mon, 24 Nov 2008 17:10:39 -0800 > > > No-IP has determined that the following advisory is applicable to > one or more of the systems you have registered. > > > Security Advisory - 2008-11-22 > ------------------------------------------------------------------------------ > Summary: > Important: No-IP Linux DUC (Dynamic Update Client) > > An updated version of the No-IP Linux Dynamic Update Client that fixes > a security issue is now available. > > This update has been rated as having important security impact. > > Description: > Versions 2.1.1- > 2.1.8 are prone to a stack-based buffer-overflow due to > a boundary error when processing HTTP responses received from the update > server. This can be exploited and cause a stack-based buffer overflow when > performing an update. > > A malicious user could exploit this by faking the No-IP update server > via DNS poisoning or a man in the middle attack. This can cause a denial of > service (client crash) or > potentially execute arbitrary code on the computer the client is running on. > > Users running versions 2.1.8 and older are encouraged to upgrade to the most > recent version, 2.1.9 > at http://www.no-ip.com/downloads?page=linux&av=1 > > Regards, > > The No-IP Team > > Note: This email was sent from an unmonitored account. If you have any > questions or comments please open a trouble ticket at > http://www.no-ip.com/ticket Mijn vraag: Als ik mijn server Ubuntu 8.10 update met de standaard update formule, komt deze patch dan mee? Als ik no-ip opnieuw installeer, is dan meteen de laatste versie binnen? Groeten. Het is hoogstwaarschijnlijk dat er binnenkort iets onwaarschijnlijks gaat gebeuren.
Aanbevolen berichten