[arch-general] Security vulnerability (CVE-2014-0004) in udisks/udisks2
Hello, I already flagged the packages out of date, but maybe other people are interested, too, that there is a known security hole in udisks/udisks2, which has been fixed upstream with new releases: http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html Greetings, Manuel
Re: [arch-general] Security vulnerability (CVE-2014-0004) in udisks/udisks2
On 03/11/14 at 10:24am, Manuel Reimer wrote: Hello, I already flagged the packages out of date, but maybe other people are interested, too, that there is a known security hole in udisks/udisks2, which has been fixed upstream with new releases: http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html Greetings, Manuel FYI: https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html -- Jelle van der Waa signature.asc Description: Digital signature
Re: [arch-general] Security vulnerability (CVE-2014-0004) in udisks/udisks2
Jelle van der Waa jelle at vdwaa.nl writes: FYI: https://mailman.archlinux.org/pipermail/arch-dev-public/2014- March/025952.html Thank you for this information. Am I allowed to ask gmane.org to add this list to their archive? This would really help me to get access to this list. Greetings, Manuel
Re: [arch-general] Security vulnerability (CVE-2014-0004) in udisks/udisks2
Am 11.03.2014 11:52, schrieb Manuel Reimer: Jelle van der Waa jelle at vdwaa.nl writes: FYI: https://mailman.archlinux.org/pipermail/arch-dev-public/2014- March/025952.html Thank you for this information. Am I allowed to ask gmane.org to add this list to their archive? This would really help me to get access to this list. I am not sure if gmane needs our permission for that, since the list is public. However, posting to the list requires subscription (as for all our lists), so the gmane copy will be read-only. signature.asc Description: OpenPGP digital signature
Re: [arch-general] Security vulnerability (CVE-2014-0004) in udisks/udisks2
Am 11.03.2014 11:55, schrieb Thomas Bächler: Am 11.03.2014 11:52, schrieb Manuel Reimer: Jelle van der Waa jelle at vdwaa.nl writes: FYI: https://mailman.archlinux.org/pipermail/arch-dev-public/2014- March/025952.html Thank you for this information. Am I allowed to ask gmane.org to add this list to their archive? This would really help me to get access to this list. I am not sure if gmane needs our permission for that, since the list is public. However, posting to the list requires subscription (as for all our lists), so the gmane copy will be read-only. I quickly went over to gmane and requested subscription of arch-security to gmane, so there is nothing left but to wait. signature.asc Description: OpenPGP digital signature
Re: [arch-general] Security vulnerability (CVE-2014-0004) in udisks/udisks2
Thomas Bächler thomas at archlinux.org writes: I quickly went over to gmane and requested subscription of arch-security to gmane, so there is nothing left but to wait. I hope you didn't request readonly as, if I'm registered to the list with the mail address, I use from the gmane webinterface, it is possible to post to, for example, the general list. This posting is written using the gmane webinterface and in many cases I don't have access to my private mail, so having access to a list via webinterface can be very handy. Greetings, Manuel
Re: [arch-general] Security vulnerability (CVE-2014-0004) in udisks/udisks2
Am 11.03.2014 12:02, schrieb Manuel Reimer: Thomas Bächler thomas at archlinux.org writes: I quickly went over to gmane and requested subscription of arch-security to gmane, so there is nothing left but to wait. I hope you didn't request readonly as, if I'm registered to the list with the mail address, I use from the gmane webinterface, it is possible to post to, for example, the general list. This posting is written using the gmane webinterface and in many cases I don't have access to my private mail, so having access to a list via webinterface can be very handy. I think I did. I didn't know you could post to the list when you're subscribed. I guess I'll try to change the options again when I hear back from them. signature.asc Description: OpenPGP digital signature
Re: [arch-general] security problem in X with screen saver
On Thu, Jan 19, 2012 at 08:58, Divan Santana di...@s-tainment.co.za wrote: Hi All, As per http://www.phoronix.com/scan.php?page=news_itempx=MTA0NTA There is a quite a serious security problem. Is there a patch coming out soon? Does anyone yet know a workaround to this in the meanwhile? Can it be announced? Have you verified that your system? On my system none of the keys mentioned in that article have the reported results; they all jumps out to virtual terminals. I have not made any changes to the stock Arch config that would affect those keys. /M -- Magnus Therning OpenPGP: 0xAB4DFBA4 email: mag...@therning.org jabber: mag...@therning.org twitter: magthe http://therning.org/magnus
Re: [arch-general] security problem in X with screen saver
2012/1/19 Magnus Therning mag...@therning.org: On Thu, Jan 19, 2012 at 08:58, Divan Santana di...@s-tainment.co.za wrote: Hi All, As per http://www.phoronix.com/scan.php?page=news_itempx=MTA0NTA There is a quite a serious security problem. Is there a patch coming out soon? Does anyone yet know a workaround to this in the meanwhile? Can it be announced? Have you verified that your system? On my system none of the keys mentioned in that article have the reported results; they all jumps out to virtual terminals. I have not made any changes to the stock Arch config that would affect those keys. Use the Ctrl + Alt + * from the keypad to trigger the bug. As explained in the article, this is purely Xorg related. Use vlock for example if you want to avoid the problem. Tim
Re: [arch-general] security problem in X with screen saver
2012/1/19 Timothée Ravier timothee.romain.rav...@gmail.com: 2012/1/19 Magnus Therning mag...@therning.org: On Thu, Jan 19, 2012 at 08:58, Divan Santana di...@s-tainment.co.za wrote: Hi All, As per http://www.phoronix.com/scan.php?page=news_itempx=MTA0NTA There is a quite a serious security problem. Is there a patch coming out soon? Does anyone yet know a workaround to this in the meanwhile? Can it be announced? Have you verified that your system? On my system none of the keys mentioned in that article have the reported results; they all jumps out to virtual terminals. I have not made any changes to the stock Arch config that would affect those keys. Use the Ctrl + Alt + * from the keypad to trigger the bug. As explained in the article, this is purely Xorg related. Use vlock for example if you want to avoid the problem. Yes indeed, that works. What the hell was that other article doing mentioning all those Fn-keys then? /M -- Magnus Therning OpenPGP: 0xAB4DFBA4 email: mag...@therning.org jabber: mag...@therning.org twitter: magthe http://therning.org/magnus
Re: [arch-general] security problem in X with screen saver
Hi, a quick fix I developed for my Fedora 16 box: 1. Dump the xkb: $ xkbcomp $DISPLAY xkb.dump 2. Make a backup $ cp xkb.dump xkb.dump_orig 3. Remove all entries related to XF86ClearGrab and XF86Ungrab 4. Apply the XKB entries: $ xkbcomp xkb.dump $DISPLAY In case of any problems restore the original XKB entries: $ xkbcomp xkb.dump_orig $DISPLAY This should be applied after each Xorg start. Better way to fix this would be finding real XKB config file, but didn't manage to find any entries in /etc or /usr. It's probably compiled into libX11.so. Regards -- Maciej Sitarz
Re: [arch-general] security problem in X with screen saver
On 01/19/12 at 09:57am, Magnus Therning wrote: Yes indeed, that works. What the hell was that other article doing mentioning all those Fn-keys then? -- Magnus Therning OpenPGP: 0xAB4DFBA4 Just confirming that it works. I hope arch adds the patch to the repos soon. -- Madhurya Kakati () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Re: [arch-general] security problem in X with screen saver
On 01/19/2012 09:45 AM, Timothée Ravier wrote: 2012/1/19 Magnus Therning mag...@therning.org: On Thu, Jan 19, 2012 at 08:58, Divan Santana di...@s-tainment.co.za wrote: Hi All, As per http://www.phoronix.com/scan.php?page=news_itempx=MTA0NTA There is a quite a serious security problem. Is there a patch coming out soon? Does anyone yet know a workaround to this in the meanwhile? Can it be announced? Have you verified that your system? On my system none of the keys mentioned in that article have the reported results; they all jumps out to virtual terminals. I have not made any changes to the stock Arch config that would affect those keys. Use the Ctrl + Alt + * from the keypad to trigger the bug. As explained in the article, this is purely Xorg related. Use vlock for example if you want to avoid the problem. This has been fixed in xkeyboard-config 2.4.1-3 in testing. You have to reset your xkb map or restart X after updating. The feature is still enabled in xorg-server so if anyone wants to use it, just create the necessary key mappings. -- Florian Pritz -- {flo,bluewind}@server-speed.net signature.asc Description: OpenPGP digital signature
Re: [arch-general] security problem in X with screen saver
Florian Pritz bluew...@xinu.at on Thu, 19 Jan 2012 11:44:18 +0100: On 01/19/2012 09:45 AM, Timothée Ravier wrote: 2012/1/19 Magnus Therning mag...@therning.org: On Thu, Jan 19, 2012 at 08:58, Divan Santana di...@s-tainment.co.za wrote: Hi All, As per http://www.phoronix.com/scan.php?page=news_itempx=MTA0NTA There is a quite a serious security problem. Is there a patch coming out soon? Does anyone yet know a workaround to this in the meanwhile? Can it be announced? Have you verified that your system? On my system none of the keys mentioned in that article have the reported results; they all jumps out to virtual terminals. I have not made any changes to the stock Arch config that would affect those keys. Use the Ctrl + Alt + * from the keypad to trigger the bug. As explained in the article, this is purely Xorg related. Use vlock for example if you want to avoid the problem. This has been fixed in 2.4.1-3 in testing. You have to reset your xkb map or restart X after updating. The feature is still enabled in xorg-server so if anyone wants to use it, just create the necessary key mappings. This fixes the problem for me. Everything seems to be fine now. I vote for xkeyboard-config to be moved to [extra] asap. Thanks for the fast fix! -- Best regards, Chris O ascii ribbon campaign stop html mail - www.asciiribbon.org signature.asc Description: PGP signature
[arch-general] security problem in X with screen saver
Hi All, As per http://www.phoronix.com/scan.php?page=news_itempx=MTA0NTA There is a quite a serious security problem. Is there a patch coming out soon? Does anyone yet know a workaround to this in the meanwhile? Can it be announced?
[arch-general] Security
Hi all, I am new to this list and fairly new to Arch Linux. My Question is do I need to install a firewall? if so which one? Thanks in advance, Gordy
Re: [arch-general] Security
On Fri, Mar 12, 2010 at 11:49 AM, Gordon Campbell gordy2...@hotmail.co.uk wrote: Hi all, I am new to this list and fairly new to Arch Linux. My Question is do I need to install a firewall? if so which one? Thanks in advance, Gordy For a home computer you don't need to have a firewall installed, since you're probably not running any services (e.g.: web, database or e-mail server) that would listen on certain ports. Your router most likely uses NAT [1] as well, and this means that incoming traffic won't reach any machines inside the local network, unless you've configured port forwarding [2]. [1] http://en.wikipedia.org/wiki/Network_address_translation [2] http://en.wikipedia.org/wiki/Port_forwarding
Re: [arch-general] Security
Am 12.03.2010 10:49, schrieb Gordon Campbell: Hi all, I am new to this list and fairly new to Arch Linux. My Question is do I need to install a firewall? if so which one? Thanks in advance, Gordy You probably don't, but here is a link to some nice instructions for setting one up manually: http://wiki.archlinux.org/index.php/Simple_stateful_firewall_HOWTO I recommend to read section 1 and 2, but I am not very fond of subsections 2.7 and 2.8 (especially 2.8 seems like nonsense). Anyway, this will show you what kind of firewalling you can do in Linux without a good security concept. signature.asc Description: OpenPGP digital signature
Re: [arch-general] Security
On Fri, Mar 12, 2010 at 09:49:17AM -, Gordon Campbell wrote: Hi all, I am new to this list and fairly new to Arch Linux. My Question is do I need to install a firewall? if so which one? In Linux the actual firewall is part of the kernel, you just need to activate and configure it. Activting it requires the iptables package, and configuring it means writing 'rules'. If you run one of the fat desktops (KDE, Gnome) they will have a GUI tool to configure iptables. In the other case there are various tools available, see http://wiki.archlinux.org/index.php/Firewalls. Or you could learn the iptables rules syntax and do it manually - for the brave only but the most flexible. Ciao, -- FA O tu, che porte, correndo si ? E guerra e morte !
Re: [arch-general] Security
Am Fri, 12 Mar 2010 09:49:17 - schrieb Gordon Campbell gordy2...@hotmail.co.uk: I am new to this list and fairly new to Arch Linux. My Question is do I need to install a firewall? if so which one? Thanks in advance, Here's a good iptables tutorial with some good example firewall scripts: http://www.frozentux.net/documents/iptables-tutorial/ Greetings, Heiko
Re: [arch-general] Security
On Friday 12 March 2010 19:26:13 Heiko Baums wrote: Am Fri, 12 Mar 2010 09:49:17 - schrieb Gordon Campbell gordy2...@hotmail.co.uk: I am new to this list and fairly new to Arch Linux. My Question is do I need to install a firewall? if so which one? ufw is a good iptables frontend. Pretty easy to set up HTH -- Regards Shridhar
Re: [arch-general] Security
On 03/12/2010 05:22 AM, f...@kokkinizita.net wrote: If you run one of the fat desktops (KDE, Gnome) they will have a GUI tool to configure iptables. FYI - I've found firestarter to be a good, simple one for small home network use. DR
Re: [arch-general] security
Hi, Thanks for all your advice. So far I am enjoying my experience with Arch Linux since I changed my Distro over from Fedora about a month ago. Gordy
Re: [arch-general] security
On Fri, Mar 12, 2010 at 12:43 PM, Gordon Campbell gordy2...@hotmail.co.uk wrote: Hi, Thanks for all your advice. So far I am enjoying my experience with Arch Linux since I changed my Distro over from Fedora about a month ago. Just one more opinion, it can't hurt :) I myself don't need a firewall beyond my router, but if I was in need of one, I would certainly use Firehol [1]. It is a clever bash script that pretends to be like a high level language for definitions of a firewall. When the system is booting, the script is converted to the real iptables rules. It may be a little less efficient in boot time, but the flexibility and elegance of the definition language pay it very well, IMHO. So, hope that helps you. [1] http://firehol.sourceforge.net/ -- A: Because it obfuscates the reading. Q: Why is top posting so bad? --- Denis A. Altoe Falqueto ---
[arch-general] Security updates packages in testing
Hi, there has been some security updates for packages in Core that have been upgraded and have been lying in Testing for a long while. The ones that come to mind are bzip2 and openssh but there might be more. Is there any reason those havent moved yet? As far as i can see bzip2 is missing some signoffs since April. One month+ is a lot of time for such packages to stay in Testing IMO. Someone should move them quick. Greg