security mirror out of date: 128.101.240.212
FYI: weinholt one of the security.debian.org mirrors is out of date. 128.101.240.212 has a /debian-security/dists/etch/updates/Release file dated 10 May 2007 madduck weinholt: please email [EMAIL PROTECTED] and cc [EMAIL PROTECTED] madduck also write a mail to debian-security@lists.debian.org to alert people. weinholt i don't really have time for that, unfortunately, i have work to do -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft [EMAIL PROTECTED] : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems a woman is like your shadow; follow her, she flies; fly from her, she follows. -- sébastien-roch-nicolas chamfort signature.asc Description: Digital signature (GPG/PGP)
Re: [SECURITY] [DSA 1289-1] New Linux 2.6.18 packages fix several vulnerabilities
On Sun, May 13, 2007 at 01:33:16PM +0200, Moritz Muehlenhoff wrote: CVE-2007-1496 Michal Miroslaw reported a DoS vulnerability (crash) in netfilter. A remote attacker can cause a NULL pointer dereference in the nfnetlink_log function. CVE says: | nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows | attackers to cause a denial of service (crash) via unspecified vectors | involving the (1) nfulnl_recv_config function, (2) using multiple | packets per netlink message, and (3) bridged packets, which trigger a | NULL pointer dereference. Could someone who knows netfilter a bit better comment on this? In what circumstances in real life is this exploitable? Is there any workaround? I'm not using bridging, I don't care about logging, so I'm happy to disable it, I'm not sure what that netlink thing means.. Marcin -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security mirror out of date: 128.101.240.212
On Mon, May 14, 2007 at 10:04:46AM +0200, martin f krafft wrote: FYI: weinholt one of the security.debian.org mirrors is out of date. 128.101.240.212 has a /debian-security/dists/etch/updates/Release file dated 10 May 2007 Is this related to the problems I'm having over here with upgrading the kernel to the latest 2.6.18.dfsg.1-12etch2 version? It did work on one computer, but two other doesn't get the update. On the one where it worked apt-cache policy says: apt-cache policy linux-image-2.6.18-4-486 linux-image-2.6.18-4-486: Installed: 2.6.18.dfsg.1-12etch2 Candidate: 2.6.18.dfsg.1-12etch2 Version table: *** 2.6.18.dfsg.1-12etch2 0 500 http://security.debian.org etch/updates/main Packages 100 /var/lib/dpkg/status 2.6.18.dfsg.1-12 0 500 http://ftp.fi.debian.org etch/main Packages On the two others the Candidate is still 2.6.18.dfsg.1-12etch1 no matter what I do (aptitude update, apt-get update, dselect update...) so I had to wget the kernel (k7 version) from ftp://ftp.debian.org/debian-security/pool/updates/main/l/linux-2.6/ and install it by hand with dpkg -i. Those computers are all on the same network, sharing the same connection to the internet. Anyone else seeing this problem? Tomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security mirror out of date: 128.101.240.212
[CC to debian-admin and security@ removed] On Mon, May 14, 2007 at 04:17:16PM +0300, Tomas Nykung wrote: weinholt one of the security.debian.org mirrors is out of date. 128.101.240.212 has a /debian-security/dists/etch/updates/Release file dated 10 May 2007 Is this related to the problems I'm having over here with upgrading the kernel to the latest 2.6.18.dfsg.1-12etch2 version? It did work on one computer, but two other doesn't get the update. On the one where it worked apt-cache policy says: apt-cache policy linux-image-2.6.18-4-486 linux-image-2.6.18-4-486: Installed: 2.6.18.dfsg.1-12etch2 Candidate: 2.6.18.dfsg.1-12etch2 Version table: *** 2.6.18.dfsg.1-12etch2 0 500 http://security.debian.org etch/updates/main Packages 100 /var/lib/dpkg/status 2.6.18.dfsg.1-12 0 500 http://ftp.fi.debian.org etch/main Packages On the two others the Candidate is still 2.6.18.dfsg.1-12etch1 no matter what I do (aptitude update, apt-get update, dselect update...) so I had to wget the kernel (k7 version) from ftp://ftp.debian.org/debian-security/pool/updates/main/l/linux-2.6/ and install it by hand with dpkg -i. Those computers are all on the same network, sharing the same connection to the internet. Anyone else seeing this problem? Yes, this is precisely the problem. FWIW, another workaround is to rerun the apt-get update until you do get the correct file back; as the mirror is selected randomly from a DNS round-robin, you should find the updated Packages file gets to you after a few tries. You may find a similar error - 404 when downloading the package, for the same reason. In that case, simply retry the apt-get upgrade until it works. Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security mirror out of date: 128.101.240.212
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tomas Nykung wrote: On Mon, May 14, 2007 at 10:04:46AM +0200, martin f krafft wrote: FYI: weinholt one of the security.debian.org mirrors is out of date. 128.101.240.212 has a /debian-security/dists/etch/updates/Release file dated 10 May 2007 Right, it seems that /org on saens was full. I've removed saens from the debian-security.debian.org DNS round-robin, and removed a few directories in the security to free up enough space to be able to sync the main debian archive. That allowed a load of old stuff to be deleted, resulting in about 2.5 GB of free space on /org, so I've now synced the security mirror and we still have ~560MB spare, so I'll put saens back in the DNS for the moment. Clearly this needs attention in the near future though. Cheers, Phil. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGSLU+YgOKS92bmRARAoE7AJ92Q27ScDEt9fqukQ8kKgwtZh8hyQCeP7u8 /dk33/WOVwdcJoq4zqeMg8k= =8Uwl -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security mirror out of date: 128.101.240.212
On Mon, May 14, 2007 at 08:15:11PM +0100, Philip Hands wrote: Right, it seems that /org on saens was full. I've removed saens from the debian-security.debian.org DNS round-robin, and removed a few directories in the security to free up enough space to be able to sync the main debian archive. That allowed a load of old stuff to be deleted, resulting in about 2.5 GB of free space on /org, so I've now synced the security mirror and we still have ~560MB spare, so I'll put saens back in the DNS for the moment. Thanks, this fixed the problem. PS What I don't understand is why I always got the bad mirror, regardless how many times I tried to rerun aptitude/apt-get update both yesterday and today (and on two computers while the first one I upgraded did get the upgrade without any problem). The only way I could get the upgraded kernel version was to wget it and install i by hand. Not that I will lose any sleep because of this ;) but if someone have time to shed some light on this I would be grateful. DS Tomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security mirror out of date: 128.101.240.212
On Tue, 2007-05-15 at 00:14 +0300, Tomas Nykung wrote: What I don't understand is why I always got the bad mirror, regardless how many times I tried to rerun aptitude/apt-get update both yesterday and today (and on two computers while the first one I upgraded did get the upgrade without any problem). The only way I could get the upgraded kernel version was to wget it and install i by hand. Not that I will lose any sleep because of this ;) but if someone have time to shed some light on this I would be grateful. it's pre-defined in /etc/hosts? local (or upstream) cache is stale? random luck? -Jim P. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security mirror out of date: 128.101.240.212
Hi, On Mon May 14, 2007 at 17:17:13 -0400, Jim Popovitch wrote: On Tue, 2007-05-15 at 00:14 +0300, Tomas Nykung wrote: What I don't understand is why I always got the bad mirror, regardless how many times I tried to rerun aptitude/apt-get update both yesterday and today (and on two computers while the first one I upgraded did get the upgrade without any problem). The only way I could get the upgraded kernel version was to wget it and install i by hand. Not that I will lose any sleep because of this ;) but if someone have time to shed some light on this I would be grateful. it's pre-defined in /etc/hosts? local (or upstream) cache is stale? random luck? no. Bad karma. -- [EMAIL PROTECTED] /root]# man real-life No manual entry for real-life -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: security mirror out of date: 128.101.240.212
--On May 15, 2007 12:14:28 AM +0300 Tomas Nykung [EMAIL PROTECTED] wrote: PS What I don't understand is why I always got the bad mirror, regardless how many times I tried to rerun aptitude/apt-get update both yesterday and today (and on two computers while the first one I upgraded did get the upgrade without any problem). The only way I could get the upgraded kernel version was to wget it and install i by hand. Not that I will lose any sleep because of this ;) but if someone have time to shed some light on this I would be grateful. DS Random luck, or, probably as, or more likely, bad caching resolver that doesn't round-robin it's cached replies. -- Michael Loftis Modwest Operations Manager Powerful, Affordable Web Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
