:: Re: [DNG] Question about about "Sec…
Inizio della pagina
Questo messaggio è parte di questo thread:
Mil thread completo ordinato per data
Mtito at <-
M 
Delete this message
Reply to this message
Autore: R A Montante, Ph.D.
Data:  
To: tito, R A Montante, Ph.D. via Dng
Oggetto: Re: [DNG] Question about about "Security updates"

On 7/27/25 09:31, tito wrote:
> On Sun, 27 Jul 2025 09:06:31 -0400
> "R A Montante, Ph.D. via Dng" <dng@???> wrote:
>
> From daemon@??? Sun Jul 27 02:29:03 2025
> Return-path: <daemon@???>
> Envelope-to: bobmon@???
> Delivery-date: Sun, 27 Jul 2025 02:29:03 -0400
> Received: from daemon by whiteknight.TygerzHome with local (Exim 4.96)
>     (envelope-from <daemon@???>)
>     id 1ufusY-0006JK-2m
>     for bobmon@???;
>     Sun, 27 Jul 2025 02:29:02 -0400
> Subject: Debian security status of whiteknight
> To: bobmon@???
> Message-Id: <E1ufusY-0006JK-2m@???>
> From: daemon <daemon@???>
> Date: Sun, 27 Jul 2025 02:29:02 -0400
> Status: RO
>
> Security report based on the bullseye release
>
> *** New security updates
>
> CVE-2025-49794 A use-after-free vulnerability was found in libxml2....
> <https://security-tracker.debian.org/tracker/CVE-2025-49794>
>   - libxml2, libxml2, libxml2-utils
>
>     [ more output deleted ]
> Hi,
>
>          Are these critical issues?
>          Can I do something to eliminate them?
>          If not, how can I disable the email from being generated?

>
>      No they are not
>      Yes, can remove the script from cron, but not advisable.
>      Disable by commenting out the MAILTO=root from de the cron job (Add a # at start of the line)

>
>      ~ $ nano /etc/cron.d/debsecan
>      ‘# cron entry for debsecan’
>      ‘# MAILTO=root’

>
>
> apt list debsecan
> Listing... Done
> debsecan/stable 0.4.20.1 all
>
> debsecan is a tool to generate a list of vulnerabilities which affect
> a particular Debian installation. debsecan runs on the host which is
> to be checked, and downloads vulnerability information over the
> Internet. It can send mail to interested parties when new
> vulnerabilities are discovered or when security updates become
> available.
>
> So: apt purge debsecan
>
> will get you rid of the emails.
>
> Hope this helps.
> Ciao,
> Tito

Hah!  Thank you, Tito!

I'd never heard of debsecan, learn something new every day.... Since no
particular remedial action is shown,  I'll guess that its output is
mostly of interest to people who are actively working with CVEs.  (Not
me.)  Now I'm curious about what, if anything, is required to deal with
the vulnerabilities.

After looking at the config. file in "/etc/default/debsecan", I've
changed the suite to "bookworm".  Maybe the reports will be useful if
they're reporting on the appropriate distro.  Then maybe change the
"mailto" variable so it doesn't email my user account.

-Bob


Questo messaggio è stato inviato alle seguenti mailing lists:
dng
Informazioni sulla Mailing List | Messaggi correlati		<-Re: [DNG] Question about about "Security updates"[DNG] debsecan WAS: Question about about "Security updates"->

Donate to Dyne.org

dyne.org open discussions
amministrato da dyne.org hackers		Lurker (versione 2.3)