Archive: posts from September 2009

Ubuntu Netbook Remix on an Acer Aspire One A110 24 Sep 09

acer-aspire-oneFor my weeks on call, Brightbox let me choose an ultra-mobile (netbook) PC. This will allow me to leave the house without having to carry a heavy full-size laptop with me.

I wanted one that worked well with Linux, preferably Ubuntu Netbook Remix, had SSD rather than hard disk, and built-in 3G connectivity.

I’ve picked the Acer Aspire One (AAO) A110. It was available in the UK from Tesco in this spec with 1GB of RAM for GBP 179 – a bargain.

It came with a truly dreadful pre-installed build of Windows XP Home. Very slow and very much not recommended. Ubuntu Netbook Remix is, on the other hand, superb.

I’ve installed the pre-release Ubuntu 9.10 “Karmic”. Here’s what I’ve found that’s specific to the A110. I’ve written up these notes in the hope that they’ll be useful to someone else thinking of running Linux on an AAO. While there is a wealth of information about it out on the Internet, it’s not all collected together in one place.
Read the rest of this entry »

Posted 24 September 2009 by George Hills 6 comments

+ + + +

NGINX buffer underflow security vulnerability 15 Sep 09

From the Debian Security team (CVE-2009-2629):

nginx … is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process  or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request.

New versions of our nginx packages that address this security vulnerability are now available.  nginx 0.6.39 (with the fair balancer module) is available from the Brightbox apt repositories – running the following command will get you the latest version:

sudo apt-get update
sudo apt-get install nginx

Our more experimental nginx-brightbox package has also been upgraded to 0.6.39.  This includes a number of nginx addons, such as the upload module, geoip module, and Phusion Passenger 2.0.5.

Posted 15 September 2009 by John Leach Comments Off

+ + +

Rails form helper security vulnerability 4 Sep 09

A vulnerability has been found in the Rails form helpers that allows an attacker to inject arbitrary HTML into pages.  This opens up an unpatched Rails app to potential cross site scripting attacks (XSS), which could result in stolen session cookies and other such scenarios.

All versions of Rails above and including version 2.0 are affected. There are two new official releases to fix this, 2.3.4 and 2.2.3.  If you’re still running Rails 2.0 or 2.1 and can’t upgrade, patches have been provided by the security team but need applying manually.  In this case, we’d recommend vendoring the rails gems and then applying the patches.

More details from the security team here.

Posted 4 September 2009 by John Leach 2 comments

+ + + + + +