WordPress 1.5.2 “Strayhorn” has been released today. The changelog mentions that several vulnerabilities have been fixed but — once again — the developers don’t provide any details! One has to look at the diffs to see what has been fixed.
I hate that kind of silly security by obscurity. Vague vulnerability descriptions are almost useless for administrators, just saying “we’ve fixed some security problems” is even worse!
August 15th, 2005: See this article for a reply to some comments I’ve received.
August 18th, 2005: The WordPress developers seem to have problems with release management too: There are two different 1.5.2 versions, read more in WordPress Security Annoyances.
As mentioned recently, Debian Sarge’s installer doesn’t work on my Dell Inspiron 9300. I like Debian but I think it’s a shame that the sarge installer was already outdated on the day of its release.
The official sarge installer still uses a 2.4 kernel by default but includes a 2.6 kernel that can be used by booting with "install26
" or "expert26
". But even that kernel, 2.6.8, is too old for the Inspiron 9300. It still doesn’t recognize the hard disk.
Ubuntu’s installer, which uses a 2.6.11 kernel, works fine on the machine. Although Ubuntu is a nice distribution, I like pure Debian better. Unfortunately I wasn’t able to find any 2.6.11 based Debian installer on the net, even a question on debian-boot yielded nothing.
Anyhow, I finally had the time to build one myself:
debian-2.6.11-i386-businesscard.iso (GPG signature)
The image is basically a sarge businesscard ISO with a 2.6.11 kernel from Debian testing instead of the original 2.6.8 kernel.
Unlike with Ubuntu, installation on the Inspiron 9300 still doesn’t work out of the box but with a few tricks I was able to install Debian sarge:
- Boot with
expert26
- When the installer starts up, switch to the second console (Alt-F2) and enter these commands:
~ # modprobe ide_generic ~ # modprobe ata_piix
Without this the installer won’t find the CD-ROM.
- If network configuration via DHCP fails, just retry — worked for me
- When asked what version of Debian you would like to install, choose stable. Installing testing or unstable directly doesn’t work.
- It doesn’t matter which kernel you choose to install, we have to replace it with a 2.6.11 kernel later anyway
- Just before the first reboot, that means right after the installer ejects the CD-ROM, switch back to console two. Now download and install the latest available Debian kernel. I’ve used 2.6.11-1-686:
~ # mount -t proc proc /target/proc ~ # chroot /target sh-2.05b# cd /root sh-2.05b# wget http://blog.blackdown.de/static/debian/kernel-image-2.6.11-1-686_2.6.11-7_i386.deb sh-2.05b# dpkg -i kernel-image-2.6.11-1-686_2.6.11-7_i386.deb … sh-2.05b# exit ~ # umount /target/proc
- Reboot (using the kernel just installed) and complete the installation
- Upgrade to testing or unstable
- Build a custom kernel (2.6.12 or newer). It’s probably a good idea to include some additional libata patches. To get the DVD drive working you have to apply this patch.
Thanks to Matthias Klose, Debian packages for Blackdown J2SE-1.4.2-02 are available now. Just add something like
deb ftp://ftp.tux.org/java/debian/ sarge non-free
to your /etc/apt/sources.list
.
Upgrading is recommended as 1.4.2-02 contains an important security fix.
Blackdown has released J2SE 1.4.2-02 for Linux on x86 and AMD64/EM64T yesterday. The release fixes a security issue (JRE May Allow Untrusted Applet to Elevate Privileges), so make sure you upgrade.
Users of other Java implementations based on Sun’s code should check for updates too.