[SECURITY] [DSA 649-1] New xtrlock packages fix authentication bypass
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 649-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze January 20th, 2005 http://www.debian.org/security/faq - -- Package: xtrlock Vulnerability : buffer overflow Problem-Type : local Debian-specific: no CVE ID : CAN-2005-0079 Debian Bug : 278190 278191 A buffer overflow has been discovered in xtrlock, a minimal X display lock program which can be exploited by a malicious local attacker to crash the lock program and take over the desktop session. For the stable distribution (woody) this problem has been fixed in version 2.0-6woody2. For the unstable distribution (sid) this problem has been fixed in version 2.0-9. We recommend that you upgrade your xtrlock package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2.dsc Size/MD5 checksum: 500 d39ea1ae4ee66338786d018406065022 http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2.tar.gz Size/MD5 checksum: 6977 6e6cfc0627bb74bd5014b550c2ea7a5f Alpha architecture: http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_alpha.deb Size/MD5 checksum: 9604 d05e56b7856e770b1b43daaf43a0dc3d ARM architecture: http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_arm.deb Size/MD5 checksum: 8604 f0d46d569f47ecb8a138c9f91be6cdc6 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_i386.deb Size/MD5 checksum: 8730 63b6233b95553ffa59de4811c06a6502 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_ia64.deb Size/MD5 checksum:10104 ab12fc340b57cb3cbd58cbb0e6e1c188 HP Precision architecture: http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_hppa.deb Size/MD5 checksum: 8988 cd59712f225ec6d790ad608a8c0dac3a Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_m68k.deb Size/MD5 checksum: 8606 abac92671aefe845c7fd609668a9f367 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_mips.deb Size/MD5 checksum: 8830 1a09a3a4e99e8c5f94a555ad8f9fc0c0 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_mipsel.deb Size/MD5 checksum: 8828 7f56d17dd068abe7cb99a47f2e328fc9 PowerPC architecture: http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_powerpc.deb Size/MD5 checksum: 8636 cd7dfdba990035bc942e1c16844eefcd IBM S/390 architecture: http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_s390.deb Size/MD5 checksum: 9128 f85ab602c4160b29bdb98170114b2368 Sun Sparc architecture: http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_sparc.deb Size/MD5 checksum:11340 c5b11b174068e3b0ebc61aa5f6cf9412 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFB74S0W5ql+IAeqTIRApNNAJ90ul19QanusFjVAGWC0SAozK0DvgCffYYF /oPUNRKDjXVfZv1kwhd326U= =86PR -END PGP SIGNATURE-
[SECURITY] [DSA 650-1] New sword packages fix arbitrary command execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 650-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze January 20th, 2005 http://www.debian.org/security/faq - -- Package: sword Vulnerability : missing input sanitising Problem-Type : remote Debian-specific: no CVE ID : CAN-2005-0015 Ulf Härnhammar discovered that due to missing input sanitising in diatheke, a CGI script for making and browsing a bible website, it is possible to execute arbitrary commands via a specially crafted URL. For the stable distribution (woody) this problem has been fixed in version 1.5.3-3woody2. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your diatheke package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/s/sword/sword_1.5.3-3woody2.dsc Size/MD5 checksum: 612 9204579e3a264d7d43297c1b7bf98438 http://security.debian.org/pool/updates/main/s/sword/sword_1.5.3-3woody2.diff.gz Size/MD5 checksum:21169 c355f97deb2ef2c39b82aec857b15a21 http://security.debian.org/pool/updates/main/s/sword/sword_1.5.3.orig.tar.gz Size/MD5 checksum: 2389613 055f9c1e7c081a667674d9f4112abf11 Alpha architecture: http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3woody2_alpha.deb Size/MD5 checksum:82154 2c73838e4e5d1112ded21365df2578a3 http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.3-3woody2_alpha.deb Size/MD5 checksum: 1712920 e3914e31b0b0217ac8f227f8730c0ace http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_1.5.3-3woody2_alpha.deb Size/MD5 checksum:13312 29c89888a4b51b5aa555ff55b0a410ad http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3woody2_alpha.deb Size/MD5 checksum: 601828 dfcf6f97b2b3eead528e92b5dc387fe6 ARM architecture: http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3woody2_arm.deb Size/MD5 checksum:56756 0a83537894f73c59aac38b8698d68dc8 http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.3-3woody2_arm.deb Size/MD5 checksum: 989694 18f31fc2d82aec5b342a62822f6421d8 http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_1.5.3-3woody2_arm.deb Size/MD5 checksum:13326 f8a405bc39b9e73d84cb42448144b4ec http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3woody2_arm.deb Size/MD5 checksum: 298826 53df2455c33de26ddc7f661f1ff74a43 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3woody2_i386.deb Size/MD5 checksum:54788 7329737ccfe2988b667bf1cf4d0b684d http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.3-3woody2_i386.deb Size/MD5 checksum: 923510 87cbc45e59453e36004331d8a1ba4950 http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_1.5.3-3woody2_i386.deb Size/MD5 checksum:13320 190147bb90a295003c9bf6ad0e0a48d4 http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3woody2_i386.deb Size/MD5 checksum: 281460 c0c5beeb00046e67a6fa9089e9d43d14 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3woody2_ia64.deb Size/MD5 checksum:62174 fbf8fac6dfc7d61a739b3bdb3f499566 http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.3-3woody2_ia64.deb Size/MD5 checksum: 1291474 d38e91788454487c3fc8b40e017fc682 http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_1.5.3-3woody2_ia64.deb Size/MD5 checksum:13308 b24742b3c41724e34669d0b921cb3d27 http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3woody2_ia64.deb Size/MD5 checksum: 333424 7f076026a95ac0d0bdbe488777fb HP Precision architecture: http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3woody2_hppa.deb Size/MD5 checksum:62118 2504df74d92b6adb4910a6a4f3452183 http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.3-3woody2_hppa.deb Size/MD5 checksum: 1104178
Re: Re: Help! File permissions keep changing...
Did you trie to use the share parameters force group = ... create mask = ... directory mask = ... In our installation they work pretty well. Jann --- Jann Wegner Institut fuer Demoskopie Allensbach, EDV fon +49 7533 805148fax +49 7533 3048 [EMAIL PROTECTED] http://www.ifd-allensbach.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: .desktop arbitrary program execution (was: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution)
On Wednesday 19 January 2005 04:45, David Mandelberg wrote: Attached. Save to your GNOME/KDE desktop (like many newbies do) and double click the new icon. .desktop files (currently) don't need the x bit set to work, so no chmod'ing is necessary. Hmm, attached a screenshot how every MUA should handle this. With this display, no attachment ever could fake its way into naive[1] users brains. Regards, David [1] naive != stupid attachment: kmail.png
Stefan Markowitz ist außer Haus.
Ich werde ab 20.01.2005 nicht im Büro sein. Ich kehre zurück am 22.01.2005. Ich werde Ihre Nachricht nach meiner Rückkehr beantworten.
Re: [SECURITY] [DSA 651-1] New squid packages fix denial of service
277181 39 Martin Schulze wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 651-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze January 20th, 2005 http://www.debian.org/security/faq - -- Package: squid Vulnerability : buffer overflow, integer overflow Problem-Type : remote Debian-specific: no CVE ID : CAN-2005-0094 CAN-2005-0095 Several vulnerabilities have been discovered in Squid, the internet object cache, the popular WWW proxy cache. The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities: CAN-2005-0094 infamous41md discovered a buffer overflow in the parser for Gopher responses which will lead to memory corruption and usually crash Squid. CAN-2005-0095 infamous41md discovered an integer overflow in the receiver of WCCP (Web Cache Communication Protocol) messages. An attacker could send a specially crafted UDP datagram that will cause Squid to crash. For the stable distribution (woody) these problems have been fixed in version 2.4.6-2woody5. For the unstable distribution (sid) these problems have been fixed in version 2.5.7-4. We recommend that you upgrade your squid package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5.dsc Size/MD5 checksum: 612 69bd41324bb88cc4a76fcacba1f6cb9b http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5.diff.gz Size/MD5 checksum: 227846 52f6d82e486f23dba4240260dc64ea57 http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz Size/MD5 checksum: 1081920 59ce2c58da189626d77e27b9702ca228 Alpha architecture: http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_alpha.deb Size/MD5 checksum: 814804 684a7a602a7dce53d3e2d5ea526cdfeb http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_alpha.deb Size/MD5 checksum:75340 061412b8ca998b1ae5a7c576eac51425 http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_alpha.deb Size/MD5 checksum:60094 8ecf3345226d4023c661cb5950929d5c ARM architecture: http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_arm.deb Size/MD5 checksum: 725286 b9103ba40dfcc47200b971a0ad123bb9 http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_arm.deb Size/MD5 checksum:73116 fe083c2e4e65e0bcff82b42c292f9c69 http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_arm.deb Size/MD5 checksum:58444 225728ea1d83a4f999cbcd1cbc918471 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_i386.deb Size/MD5 checksum: 684376 bd4f50309316282ffdf9012e6a051349 http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_i386.deb Size/MD5 checksum:72850 f0f790e828a53ae94406c68d8c386ac7 http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_i386.deb Size/MD5 checksum:58014 9f2e5d189aa0df9d01d47c6870ca25f9 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_ia64.deb Size/MD5 checksum: 953366 146cb3cfadbb09b473289462fcb85c4e http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_ia64.deb Size/MD5 checksum:79224 6a83889272e28d86602d86358929196b http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_ia64.deb Size/MD5 checksum:62766 6b48ca53c8bc2f0972a1b4653d04fa54 HP Precision architecture: http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_hppa.deb Size/MD5 checksum: 779204 684c9f7e7b7bd4abda5eda0890974951 http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_hppa.deb Size/MD5 checksum:74562 861f28d3d058c56d620ce557b488780f http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_hppa.deb Size/MD5 checksum:59574 16d03b269cb3d067cd6129b9bf1eccdc Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_m68k.deb
Spamassassin slowdown?
Has anyone noticed a big slow down in spam assassin? I know it is no speed demon in the best of times, but I have started seeing huge loads and am modifying my exim4.conf to send fewer files through it... just so I can receive email again. The problem began just a couple of days ago, I believe not long after the last dselect update I did... My poor little server is on its knees crying in pain. Very sad sight. :-( -- -- Dale Amon [EMAIL PROTECTED]+44-7802-188325 International linux systems consultancy Hardware software system design, security and networking, systems programming and Admin Have Laptop, Will Travel -- signature.asc Description: Digital signature