[SECURITY] [DSA-382-3] OpenSSH buffer management fix
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-382-3 [EMAIL PROTECTED] http://www.debian.org/security/ Wichert Akkerman September 21, 2003 - Package: ssh Vulnerability : buffer handling Problem type : possible remote Debian-specific: no CVE references : CAN-2003-0693 CAN-2003-0695 CAN-2003-0682 This advisory is an addition to the earlier DSA-382-1 and DSA-382-3 advisories: Solar Designer found four more bugs in OpenSSH that may be exploitable. For the Debian stable distribution these bugs have been fixed in version 1:3.4p1-1.woody.3 . Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1.orig.tar.gz Size/MD5 checksum: 837668 459c1d0262e939d6432f193c7a4ba8a8 http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-1.woody.3.diff.gz Size/MD5 checksum:36523 b264717da79efedfbaaecfede3ec5934 http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-1.woody.3.dsc Size/MD5 checksum: 1350 bf5970e940e1d5bf7345a1d9e778d7f4 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_alpha.deb Size/MD5 checksum:35900 634340333420155ddaf6f70fab3fbd59 http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_alpha.deb Size/MD5 checksum: 850196 c9e82af3e9f16941c64d0ae478e1f184 arm architecture (ARM) http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_arm.deb Size/MD5 checksum:35132 b7c3431b949c24cf1c040be28e06fbbf http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_arm.deb Size/MD5 checksum: 658324 5ac2853c07e93bc498aadcc63565bb82 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_hppa.deb Size/MD5 checksum: 755910 14d426db61713617a1e914bd1c675b07 http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_hppa.deb Size/MD5 checksum:35494 714c4e74169c5985ad745f8928d1e831 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_i386.deb Size/MD5 checksum:35414 ab621997a28bc30c928c2d317ae0c3a9 http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_i386.deb Size/MD5 checksum: 642624 a4293645b075984afa600f8094395c2d ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_ia64.deb Size/MD5 checksum: 1002720 ac989f421d1de08ce6487060ce231968 http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_ia64.deb Size/MD5 checksum:36906 45b3a0b3f0564cc6688fab9bc2bceee1 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_mipsel.deb Size/MD5 checksum: 727514 4b667b3d8306af3eb8073e66932c853d http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_mipsel.deb Size/MD5 checksum:35384 2395ff7a07f5d4e255844d0f608a8161 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_powerpc.deb Size/MD5 checksum: 681524 f8f9c03826fce1dccc16c7d47b93a376 http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_powerpc.deb Size/MD5 checksum:35150 b6a0d8c9edf371d118dd32d503102c6c s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_s390.deb Size/MD5 checksum: 718140 97e5e2e22860eb74d336e2938286d7a7 http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_s390.deb Size/MD5 checksum:35786 97f0c72c5d72b61b5fe9c0c2a1d278be sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_sparc.deb Size/MD5 checksum: 686130 d44dec2bc9161419f71f769fff78f95b http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_sparc.deb
[SECURITY] [DSA-383-1] OpenSSH buffer management fix
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-383-1 [EMAIL PROTECTED] http://www.debian.org/security/ Wichert Akkerman September 17, 2003 - Package: ssh-krb5 Vulnerability : buffer handling Problem type : possible remote Debian-specific: no CVS references : CAN-2003-0693 CAN-2003-0695 Several bugs have been found in OpenSSH's buffer handling. It is not known if these bugs are exploitable, but as a precaution an upgrade is advised. For the Debian stable distribution these bugs have been fixed in version 1:3.4p1-0woody3 . Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1.orig.tar.gz Size/MD5 checksum: 837668 459c1d0262e939d6432f193c7a4ba8a8 http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1-0woody3.diff.gz Size/MD5 checksum: 120256 101711fd74f01e6e670c334752cafe44 http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1-0woody3.dsc Size/MD5 checksum: 822 e39ebe0e44ae1998d5c47ddb45d6dbe8 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody3_alpha.deb Size/MD5 checksum: 888466 dd124b4ce632d30f00eed9409ea5b42a arm architecture (ARM) http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody3_arm.deb Size/MD5 checksum: 687666 9cc220113aadc19c647fb65f5f0d998b hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody3_hppa.deb Size/MD5 checksum: 789256 a5bbdfbea796a3e2d6b979622466ab63 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody3_i386.deb Size/MD5 checksum: 671568 faa1fa7949a7cce9388057a485d98dc5 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody3_ia64.deb Size/MD5 checksum: 1049956 51e568695ef150e6049e7b5b42d23891 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody3_mipsel.deb Size/MD5 checksum: 759494 0aeeb07fe815b8a0e36e5ded2763d1ab powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody3_powerpc.deb Size/MD5 checksum: 711472 cf3efec05458df632179302cd78032f0 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody3_s390.deb Size/MD5 checksum: 749046 93cc4a83d9b3afded11ccc1a6a62d127 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody3_sparc.deb Size/MD5 checksum: 694616 b56ebfa782eb8645e34058facd3e9ca5 - -- - Debian Security team [EMAIL PROTECTED] http://www.debian.org/security/ Mailing-List: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/aICCPLiSUC+jvC0RAs8CAJ4ibM/vFpJQu+O6IHry1yx113uM+gCfSK/S JfZ0Fqf8SmCaOQJe0MkHr2c= =AtV1 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[SECURITY] [DSA-262-1] samba security fix
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-262-1 [EMAIL PROTECTED] http://www.debian.org/security/ Wichert Akkerman March 15, 2003 - Package: samba Problem type : remote exploit Debian-specific: no CVE ids: CAN-2003-0085 CAN-2003-0086 Sebastian Krahmer of the SuSE security audit team found two problems in samba, a popular SMB/CIFS implementation. The problems are: * a buffer overflow in the SMB/CIFS packet fragment re-assembly code used by smbd. Since smbd runs as root an attacker can use this to gain root access to a machine running smbd. * the code to write reg files was vulnerable for a chown race which made it possible for a local user to overwrite system files Both problems have been fixed in upstream version 2.2.8, and version 2.2.3a-12.1 of package for Debian GNU/Linux 3.0/woody. - Obtaining updates: By hand: wget URL will fetch the file for you. dpkg -i FILENAME.deb will install the fetched file. With apt: deb http://security.debian.org/ stable/updates main added to /etc/apt/sources.list will provide security updates Additional information can be found on the Debian security webpages at http://www.debian.org/security/ - Debian GNU/Linux 2.2 alias potato - - No fixes for potato are available at this moment. Debian GNU/Linux 3.0 alias woody - Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Updated packages for m68k are not available at this moment. Source archives: http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1.dsc Size/MD5 checksum: 1417 f8ba1f1c191d72245498fe8517b34dfb http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz Size/MD5 checksum: 5460531 b6ec2f076af69331535a82b586f55254 http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1.diff.gz Size/MD5 checksum: 105954 c4f722541096dbdc492b3e37d532a457 Architecture independent packages: http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-12.1_all.deb Size/MD5 checksum: 2446596 09b98f69fe6fa23543824c13c5ef98c5 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_alpha.deb Size/MD5 checksum: 622740 53102afe9bc7357abaac9e6d163cff15 http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_alpha.deb Size/MD5 checksum: 600148 cdb00b063309e1bc314c013a2ab7df9d http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_alpha.deb Size/MD5 checksum: 1131054 9cf909b0e8b1a71945addbdb0a5b4051 http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_alpha.deb Size/MD5 checksum: 949532 3310dbdefcc1062ad3d940df6448d106 http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_alpha.deb Size/MD5 checksum: 1106444 26f1822f7a466d546b8d131e244b9403 http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_alpha.deb Size/MD5 checksum: 2955638 108a1e79c6e0f4d35d239fa0da5d2af2 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_alpha.deb Size/MD5 checksum: 415342 1e0d39fbdd1b4adabc4e83efc9652ade http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_alpha.deb Size/MD5 checksum: 489330 4cc41e31ca14bca6c627885bf4158306 http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_alpha.deb Size/MD5 checksum: 1155752 96fc4d4fba8d5144eca524dab0d3f676 arm architecture (ARM) http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_arm.deb Size/MD5 checksum: 999684 e9a198658e31008f2029911fa8f3e6c6 http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_arm.deb Size/MD5 checksum: 829522 62dec09d61eacb27021e2bd7285a1485 http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_arm.deb Size/MD5 checksum: 555796 cf1ed859a65e3918290b046ebb94714e http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_arm.deb Size/MD5 checksum: 460742 b76711eedb3c58557919017bef9b66f3 http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_arm.deb Size/MD5 checksum: 1021712 6274000513467291e4e2e636e49e3caa http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_arm.deb Size/MD5 checksum: 546112
[SECURITY] [DSA-257-1] sendmail remote exploit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-257-1 [EMAIL PROTECTED] http://www.debian.org/security/ Wichert Akkerman March 4, 2003 - Package: sendmail Problem type : remote exploit Debian-specific: no Mark Dowd of ISS X-Force found a bug in the header parsing routines of sendmail: it could overflow a buffer overflow when encountering addresses with very long comments. Since sendmail also parses headers when forwarding emails this vulnerability can hit mail-servers which do not deliver the email as well. This has been fixed in upstream release 8.12.8, version 8.12.3-5 of the package for Debian GNU/Linux 3.0/woody and version 8.9.3-25 of the package for Debian GNU/Linux 2.2/potato. - Obtaining updates: By hand: wget URL will fetch the file for you. dpkg -i FILENAME.deb will install the fetched file. With apt: deb http://security.debian.org/ stable/updates main added to /etc/apt/sources.list will provide security updates Additional information can be found on the Debian security webpages at http://www.debian.org/security/ - Debian GNU/Linux 2.2 alias potato - - Potato was released for alpha, arm, i386, m68k, powerpc and sparc. At this moment updates for the m68k architecture are not yet available. Source archives: http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25.diff.gz Size/MD5 checksum: 142053 a5172ea9cce863ff7796a0e1573bb361 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25.dsc Size/MD5 checksum: 651 5c9e20403c26133eb3b7cd3fad80a608 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3.orig.tar.gz Size/MD5 checksum: 1068290 efedacfbce84a71d1cfb0e617b84596e alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25_alpha.deb Size/MD5 checksum: 989462 5a76b01999d5691e3dfd841f28e76ab1 arm architecture (ARM) http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25_arm.deb Size/MD5 checksum: 947790 c0cf8d1e66be69d3525623d126af7c4d i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25_i386.deb Size/MD5 checksum: 931394 b2cd8eb24365b443849ac74bf267a373 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25_powerpc.deb Size/MD5 checksum: 933404 077353947cd8d31bf9cd7b3fdb037b66 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25_sparc.deb Size/MD5 checksum: 945388 2d08ccae7c9afcfa553df345de92f7d2 Debian GNU/Linux 3.0 alias woody - Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. At this moment updates for the m68k architecture are not yet available. Source archives: http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5.diff.gz Size/MD5 checksum: 252348 2176de8c6803953544e45be7cb5b9edf http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5.dsc Size/MD5 checksum: 864 d59c00fa854c4f799a3b80cbc5afb430 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz Size/MD5 checksum: 1840401 b198b346b10b3b5afc8cb4e12c07ff4d Architecture independent packages: http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-5_all.deb Size/MD5 checksum: 747180 22fd21892f01d09bd0f8dea8b775c9d9 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_alpha.deb Size/MD5 checksum: 1218128 58560487fc226a845fd7296660a61cb5 http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_alpha.deb Size/MD5 checksum: 267188 a76d0c273d9dd6e5e21036687d08a9dc hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_hppa.deb Size/MD5 checksum: 261038 641be1e03d7740867a3411169c679df9 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_hppa.deb Size/MD5 checksum: 1183136 b28aefc29d9d006d2e41b20cabe3a022 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_i386.deb Size/MD5 checksum: 1003544 add112cbca33ed2ef08c71f4310c3b99 http://security.debian.org/pool/updates/main/s/sendmail/libmilter
[SECURITY] [DSA-257-2] sendmail-wide remote exploit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-257-2 [EMAIL PROTECTED] http://www.debian.org/security/ Wichert Akkerman March 4, 2003 - Package: sendmail-wide Problem type : remote exploit Debian-specific: no This advisory is an addendum to DSA-257-1; the sendmail problem discussed there also applies to the sendmail-wide packages. Mark Dowd of ISS X-Force found a bug in the header parsing routines of sendmail: it could overflow a buffer when encountering addresses specially crafted addresses. This has been fixed in version 8.9.3+3.2W-24 of the package for Debian GNU/Linux 2.2/potato and version 8.12.3+3.5Wbeta-5.2 of the package for Debian GNU/Linux 3.0/woody. - Obtaining updates: By hand: wget URL will fetch the file for you. dpkg -i FILENAME.deb will install the fetched file. With apt: deb http://security.debian.org/ stable/updates main added to /etc/apt/sources.list will provide security updates Additional information can be found on the Debian security webpages at http://www.debian.org/security/ - Debian GNU/Linux 2.2 alias potato - - Potato was released for alpha, arm, i386, m68k, powerpc and sparc. At this moment updates for the arm architecture are not yet available. Source archives: http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24.dsc Size/MD5 checksum: 541 c93cca69438ee75976517187d4f8d664 http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24.tar.gz Size/MD5 checksum: 1272761 2905292d7c17de5a1ae31d2ebf5c344c alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_alpha.deb Size/MD5 checksum: 302696 87b2cce86f430f8825439ecab1a405f8 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_i386.deb Size/MD5 checksum: 217618 7da2aeb124ff0da6a596b429a64415ab m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_m68k.deb Size/MD5 checksum: 202468 f66310eab0cca7ba0dcc6f55407a6359 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_powerpc.deb Size/MD5 checksum: 242646 7887c26fb5b701f56b9f4836e50f152d sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_sparc.deb Size/MD5 checksum: 236450 ef7e06fe112024b51a09857da19c7139 Debian GNU/Linux 3.0 alias woody - Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2.dsc Size/MD5 checksum: 738 13e84b5fad4146ae8b09a3c53def1425 http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta.orig.tar.gz Size/MD5 checksum: 1870451 4c7036e8042bae10a90da4a84a717963 http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2.diff.gz Size/MD5 checksum: 324768 d97da94eafadfb9c31dd7678fbb39c62 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_alpha.deb Size/MD5 checksum: 440346 481ec19be09824cb2394b990149396db arm architecture (ARM) http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_arm.deb Size/MD5 checksum: 369224 708693168ed3f0268fc9b346d4ffae13 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_hppa.deb Size/MD5 checksum: 413364 9bb9609e2f215e5f42e3c540563fc12e i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_i386.deb Size/MD5 checksum: 328606 c76a156b74928a1ba796a3a3b48d7423 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_ia64.deb Size/MD5 checksum: 574706 d1a2522112c46ff60d1cbaefdb49e2d7 m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_m68k.deb Size/MD5 checksum
Re: OpenLDAP ssl support / SASL support
Previously Hanasaki JiJi wrote: I am CCing the package maintainer for confirmation. Wichert, if this is indeed the case, please could you add Secure connection support to the package? Thank you. I haven't maintained the openldap packages for some time now. There are ssl-enabled packags in testing and unstable, but I don't expect to see SSL-enabled packages ever making it into woody. You can easily make them yourself if you want, you just have to recompile the package with the tls option enabled. Wichert. -- Wichert Akkerman [EMAIL PROTECTED] http://www.wiggy.net/ A random hacker
[SECURITY] [DSA-200-1] Samba buffer overflow
-BEGIN PGP SIGNED MESSAGE- - Debian Security Advisory DSA-200-1 [EMAIL PROTECTED] http://www.debian.org/security/ Wichert Akkerman November 22, 2002 - Package: samba Problem type : remote exploit Debian-specific: no Steve Langasek found an exploitable bug in the password handling code in samba: when converting from DOS code-page to little endian UCS2 unicode a buffer length was not checked and a buffer could be overflowed. There is no known exploit for this, but an upgrade is strongly recommended. This problem has been fixed in version 2.2.3a-12 of the Debian samba packages and upstream version 2.2.7. - Obtaining updates: By hand: wget URL will fetch the file for you. dpkg -i FILENAME.deb will install the fetched file. With apt: deb http://security.debian.org/ stable/updates main added to /etc/apt/sources.list will provide security updates Additional information can be found on the Debian security webpages at http://www.debian.org/security/ - Debian GNU/Linux 3.0 alias woody - Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. At this moments updates for m68k, mips and mipsel are not yet available. Source archives: http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.dsc Size/MD5 checksum: 1469 5db10f38dc411972fed1e8e79ac9e2cb http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz Size/MD5 checksum: 5460531 b6ec2f076af69331535a82b586f55254 http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.diff.gz Size/MD5 checksum: 116834 55b9c9ed1e423608838b5493eec9f727 Architecture independent packages: http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-12_all.deb Size/MD5 checksum: 2446440 dca2cc174c245ee12e601f1ba2b115e9 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_alpha.deb Size/MD5 checksum: 415200 163bd412f5fd1ec9a2a125e0b1b024ba http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_alpha.deb Size/MD5 checksum: 598938 037ca8de5dbf1462e0c17a88c7cd35bc http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_alpha.deb Size/MD5 checksum: 946742 47bdd6c9a6088326e6842265e3de6f8e http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_alpha.deb Size/MD5 checksum: 1130570 8f88729028cd3cd368435bc5feb282fb http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_alpha.deb Size/MD5 checksum: 622300 c22e7b482598b6c61a99410d50e1c0d6 http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_alpha.deb Size/MD5 checksum: 488062 858e115dc3176c975c096e1328c08d49 http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_alpha.deb Size/MD5 checksum: 1105314 0bd614d744080ebd3383898871f73fd3 http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_alpha.deb Size/MD5 checksum: 1153962 8d1fcb828d6640136aaa93397fef3a4c http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_alpha.deb Size/MD5 checksum: 2951852 f880e61a41534119a50a9ae282212421 arm architecture (ARM) http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_arm.deb Size/MD5 checksum: 827734 e3592bb5e8c72aa3345176ac04374ae7 http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_arm.deb Size/MD5 checksum: 971194 b57cf8b4f59e0494d40faa01727068d3 http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_arm.deb Size/MD5 checksum: 555212 485db779cf0088b7517c16f9db37563c http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_arm.deb Size/MD5 checksum: 2538940 fcfac695c9519b47a1a8d88816567461 http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_arm.deb Size/MD5 checksum: 1020942 1546a075896de1bdffcf7b94f73237c5 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_arm.deb Size/MD5 checksum: 396136 b89712a3f81a1517c03d72e92f2f0d8a http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_arm.deb Size/MD5 checksum: 545278 868d941841b8202fdd31e3abdfcccae0 http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_arm.deb Size/MD5 checksum: 997842 b5ddde05fb712e4caece39742729587d http://security.debian.org/pool/updates/main/s/samba
Re: security updates for testing?
Previously martin f krafft wrote: give me an estimate (someone) on how much manpower is required to provide this service for testing? As usual that is pretty much impossible to say. In busy periods it might be two mandays per week, in more quiet periods (of which there are less and less) no time at all. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.wiggy.net/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: ftp on security.debian.org
Previously Björn Metzdorf wrote: seems not to be up again by now (at least not with security-packages). http works fine, but debmirror wants ftp :) Ftp works again (was silly problem with a symlink and a directory being the wrong way around). Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.wiggy.net/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ftp on security.debian.org
Previously Björn Metzdorf wrote: seems not to be up again by now (at least not with security-packages). http works fine, but debmirror wants ftp :) Ftp works again (was silly problem with a symlink and a directory being the wrong way around). Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.wiggy.net/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: Looking for a mirror ?
Previously Colm MacCarthaigh wrote: If it's of any use, I can give the security team accounts on ftp.ie.debian.org, which is ftp.heanet.ie. Thanks for the offer, but I do not think we will need it. I expect we will restore the service on klecker.debian.org, which already has all the packages from a mirror, enough diskspace and a standard debian.org machine setup. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.wiggy.net/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Looking for a mirror ?
Previously Colm MacCarthaigh wrote: If it's of any use, I can give the security team accounts on ftp.ie.debian.org, which is ftp.heanet.ie. Thanks for the offer, but I do not think we will need it. I expect we will restore the service on klecker.debian.org, which already has all the packages from a mirror, enough diskspace and a standard debian.org machine setup. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.wiggy.net/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: Using PAM with SFS
Previously Massimiliano Mirra wrote: Long version: $ apt-get source libpam-sfs E: Unable to find a source package for libpam-sfs Make sure you have a deb-src entry for non-us in /etc/apt/sources.list (and run apt-get update after adding it). So I got it from SourceForge (libpam-sfs-0.2.2.tar.gz), unpacked it and run dpkg-buildpackage. It dies with: apt-get build-dep libpam-sfs apt-get source libpam-sfs Works just fine. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.wiggy.net/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Using PAM with SFS
Previously Massimiliano Mirra wrote: Long version: $ apt-get source libpam-sfs E: Unable to find a source package for libpam-sfs Make sure you have a deb-src entry for non-us in /etc/apt/sources.list (and run apt-get update after adding it). So I got it from SourceForge (libpam-sfs-0.2.2.tar.gz), unpacked it and run dpkg-buildpackage. It dies with: apt-get build-dep libpam-sfs apt-get source libpam-sfs Works just fine. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.wiggy.net/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: Why does rpc.statd need a privileged port?
Previously Lupe Christoph wrote: Opinions? Comments? Does it really matter? Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.wiggy.net/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why does rpc.statd need a privileged port?
Previously Lupe Christoph wrote: Opinions? Comments? Does it really matter? Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.wiggy.net/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: Fwd: bugtraq.c httpd apache ssl attack
Previously Phillip Hofmeister wrote: I am using RedHat 7.3 with Apache 1.3.23. Someone used the program bugtraq.c to explore an modSSL buffer overflow to get access to a shell. The attack creates a file named /tmp/.bugtraq.c and compiles it using gcc. One wonders why you would have gcc installed on a webserver.. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.wiggy.net/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: Fwd: Apache 2.0.39 directory traversal and path disclosure bug
Previously Phillip Hofmeister wrote: YAY! sigh Yay indeed, unices aren't vulnerable.. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.wiggy.net/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: Debian Security Updates
Previously Aurelio Turco wrote: Furthermore: http://security.debian.org/debian-non-US does not appear to exist. security.debian.org is hosted in a non-US location and doesn't have a seperate non-US archive. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.wiggy.net/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: security.debian.org vs stable-proposed-updates
Previously Aurelio Turco wrote: Suppose a major functional bug is discovered in a package, one that is not technically a security bug but still one that can result in a serious loss of data. Will the fix be uploaded to security.debian.org or to the stable-proposed-updates on mirrors? stable-proposed-updates Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.wiggy.net/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: DSA scripts
Previously Javier Fern?ndez-Sanguino Pe?a wrote: 'Tiger' provides a module to check for DSAs released (retrieves this info from the WWW CVS data) It would be easier to get the data from the security RDF info I suspect. on me making new packages when DSAs are generated. However, I'm pretty sure advisories are available in RDF format too so I might get around to make the module access security.debian.org and retrieve them... Indeed, there is a link at http://www.debian.org/security to the RDF dataa. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.wiggy.net/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: DSA scripts
Previously Javier Fern?ndez-Sanguino Pe?a wrote: Are the advisories themselves in rdf format? Not afaik, but hopefully someone from debian-www (cc'ed) can arrange for that to be done. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.wiggy.net/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
[SECURITY] [DSA-138-1] Remote execution exploit in gallery
-BEGIN PGP SIGNED MESSAGE- - Debian Security Advisory DSA-138-1 [EMAIL PROTECTED] http://www.debian.org/security/ Wichert Akkerman August 1, 2002 - Package: gallery Problem type : remote exploit Debian-specific: no A problem was found in gallery (a web-based photo album toolkit): it was possible to pass in the GALLERY_BASEDIR variable remotely. This made it possible to execute commands under the uid of web-server. This has been fixed in version 1.2.5-7 of the Debian package and upstream version 1.3.1. - Obtaining updates: By hand: wget URL will fetch the file for you. dpkg -i FILENAME.deb will install the fetched file. With apt: deb http://security.debian.org/ stable/updates main added to /etc/apt/sources.list will provide security updates Additional information can be found on the Debian security web-pages at http://www.debian.org/security/ - Debian GNU/Linux 2.2 alias potato - - Potato does not contain the gallery package Debian GNU/Linux 3.0 alias woody - Woody was released for alpha, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-7.woody.0.dsc Size/MD5 checksum: 577 34188f0145b780cabc087dc273710428 http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5.orig.tar.gz Size/MD5 checksum: 132099 1a32e57b36ca06d22475938e1e1b19f9 http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-7.woody.0.diff.gz Size/MD5 checksum: 7125 707ec3020491869fa59f66d28e646360 Architecture independent packages: http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-7.woody.0_all.deb Size/MD5 checksum: 132290 8f6f152a45bdd3f632fa1cee5e994132 - -- - Debian Security team [EMAIL PROTECTED] http://www.debian.org/security/ Mailing-List: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQB1AwUBPUh3FqjZR/ntlUftAQEuJgL/Z9inFQxyaUZHvMqhyyPCBzORFbN4Edgu 67Ue5TXeNpZ4rDSgHAKnKBjeHnA4sw1qhubJlFLwzJVshJHrDbP1IXtesA77VEhx 6nM0V2aWX4HrZVO/OJS57IjbB1/vmrTc =n6mV -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: changelog.Debian and security advisories
Previously Adrian 'Dagurashibanipal' von Bidder wrote: Would it make sense if new packages uploaded as part of handling a DSA would include the DSA number in the changelog.Debian? Half the time we don't know the DSA number when creating the package. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.wiggy.net/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: apt-get update connection problem
Previously Jarrod Friedland wrote: deb ftp://security.debian.org/ stable/updates main contrib non-free Try http instead of ftp, If you insist on using ftp (which might be a bit slower) try ftp://security.debian.org/debian-security as the base path. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.wiggy.net/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: Fwd: RAZOR advisory: Linux util-linux chfn local root vulnerability
Previously ben wrote: when you say 'doesn't use,' do you perhaps mean 'never invokes'? because: # find / -name chfn /usr/bin/chfn /etc/pam.d/chfn Different implementation (from shadowutils iirc). Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.wiggy.net/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Support for Potato
Previously Jens Hafner wrote: I couldn't agree more. Will there be an official announcement on this list about how long you will be supporting potato? This week I hope. First we need to sort out a few technical issues related to the woody release. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Support for Potato
Previously Desai, Jason wrote: Does anybody know how long Debian will officially be supporting Potato and providing security updates for it? Currently we're thinking of at least 3 months full support and somewhat longer for remote exploits. We haven't made any decisions yet though. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Virus in that message?Re: Your password!
Previously David Ehle wrote: My mail shield found a virus in that message. Strange, considering it was already removed: -- Virus Warning Message (on smtp1.Stanford.EDU) Found virus WORM_FRETHEM.K in file decrypt-password.exe The uncleanable file is deleted. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: AW: dselect / apt-get and packages
Previously Marcel Weber wrote: Sorry for answering my questions for myself: There seems to be a patch for dpkg that uses the above packages for this reason. Is this incorporated in the newest releases of dpkg? Yes. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: iptables, Kerberos and openafs.
Previously Daniel Sw?rd wrote: I'm a complete novice when it comes to iptables, so I'm wondering if someone has a iptables-script which allows Kerberos, afs, ssh and ping. (it should of course disallow everything else...) Try mason to build your firewall for you. If will look at what you do on your network and build s custom firewall based on that. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [d-security] Re: DSA-134-1
Previously Christian Hammers wrote: Don't be too hard to him, if he'd pointed out that only default BSD is vulnerable it would not have been too hard to find the exploit before everybody had updated. He could have mentioned ssh protocol 1 wasn't vulnerable.. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OpenSSH vuln: BSD only?
Previously Wim Fournier wrote: I just read this over at iss, it seems that the vuln only exists for default installations of BSD and only for S-KEY and BSD authentication. That advisory sucks :). Keyboard-interactive authentication is vulnerable, and we use that for PAM as well by default (that makes PAM modules which use a conversation function like libpam-opie work). Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: open ssh exploit - user not getting created
Previously Sean McAvoy wrote: I was a little hasty in my first reply. It is a noted bug (http://bugzilla.mindrot.org/show_bug.cgi?id=285) Disabling compression will solve the problem on 2.2.x kernels. (Compression no) Actually our package contains a patch from Solar Designer to make privsep work on 2.2 kernels. It might still be broken on 2.0 kernels though, but I have no concrete information on that. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DSA-134-1
Previously Anthony DeRobertis wrote: $VENDOR says it's broken $VENDOR won't provide details $VENDOR says upgrade two minor releases $VENDOR says upgrading doesn't actually fix the problem $VENDOR says upgrading will break things Woody security update comes out before potato one. Lovely situation, isn't it? That makes for the weirdest DSA I can remember. Definitely. I really wish we could do more but the complete lack of more information we have make things difficult. Backporting OpenSSH 3.3p1 to to potato is also slightly complicated by missing build dependencies, but we hope to have packages ready sometime tomorrow. PS: With the Apache hole and then this, when was the last time you got any sleep, Wichert? This was my daytime, and most of the work was done by Daniel Jacobowitz. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA-134-1] OpenSSH remote vulnerability
Previously Phillip Hofmeister wrote: Does this effect the daemon or the client? Again we really have no information to base this on, but everything points to a problem in the daemon (privsep does not help in the client). If it effects the daemon, is the potato version vulnerable? I suspect so, we do not have the information to really confirm or deny this. I would recommend restricting ssh access if possible and/or look into an alternative like telnetd-ssl (make sure you use the -z secure option to only allow SSL connections). Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Updated Apache modules packages for testing?
Previously John Foster wrote: I did the upgrade to the security patched version. After doing so I had to restart Apache with only the DSO modules running in order to keep it from segfaulting. I determined by a lot of trial and error that this was being caused by several of the modules that I load. It seems to run fine after removing these mods...but I want to get them included as some of them are quite helpful. We are really going to need more information from you: * what architecture are you running * what exact version of apache (or apache-ssl or apache-perl) do you have? * what are the DSO modules that give the problems? * what package (and version) do they come from? Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Updated Apache-SSL package for testing?
Previously John Foster wrote: Will there be an apache-ssl version added to the security area? Yes, I actually just put it there for most architectures. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Updated Apache modules packages for testing?
Previously John Foster wrote: Wichert Akkerman wrote: * what architecture are you running Debian Woody (currently upgraded thru today) That's not the architecture. Architecture is one of alpha, arm, i386, ia64, hppa m68k, mips, mipsel, powerps, s390, sparc. * what exact version of apache (or apache-ssl or apache-perl) do you have? # apache -v Server version: Apache/1.3.26 (Unix) Debian GNU/Linux Server built: Jun 20 2002 08:42:59 Of the package please. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Updated Apache modules packages for testing?
Previously John Foster wrote: apache-1.3.26-0woody I thgink you are missing a 1 at the end there apache-ssl-1.3.26.1+1 That is not the security fixed version, that is 1.3.26.1+1.48-0woody2 Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Updated Apache packages for testing?
Previously Martin WHEELER wrote: [EMAIL PROTECTED]:~# apt-get -t unstable install apache apache-common Reading Package Lists... Done Building Dependency Tree... Done Sorry, apache is already the newest version. Sorry, apache-common is already the newest version. 0 packages upgraded, 0 newly installed, 0 to remove and 30 not upgraded. Try this: # echo deb http://security.debian.org/ woody/updates main /etc/apt/sources.list # apt-get update # apt-get upgrade Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: sources.list for potato
Previously Olaf Meeuwissen wrote: For a truly stable Debian system, drop deb http://http.us.debian.org/debian dists/potato-proposed-updates/ I wouldn't recommend that, on occasion a package makes it into proposed-updates that really should not be installed on a potato reason for some reason. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: sources.list for potato
Previously Pavel Minev Penev wrote: And there is no deb http://non-us.debian.org/debian-security unstable/updates main contrib non-free , is it? No, and there never will be. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA-131-1] Apache chunk handling vulnerability
Previously Andrey Elperin wrote: Do you mean 1.3.26 instead of 1.3.16 ? Yes. Guess that was my usual typo :( Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: [SECURITY] [DSA-131-1] Apache chunk handling vulnerability]
Previously Shane Machon wrote: Does anyone know if this effects potato's apache-ssl package also? It does. Same for apache-perl. I'll have fixed for both of those out today, I really needed to get some sleep first though. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Single small patch against the Apache vulnerability?
Previously Christian Hammers wrote: Is anybody aware of a small single patch against the recent apache vulnerability? I have some self compiled production servers with 3rd party binary add ons and cannot easily compile a complete new version. Easiest would be to get the updated Debian apache package (apt-get source apache on a machine running potato) and get the correct cert patch from the debian/patches/ subdirectory. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: mod-ssl and new apache
Previously Rishi L Khan wrote: Does mod_ssl support the new apache yet? Should just work. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[SECURITY] [DSA-131-1] Apache chunk handling vulnerability
-BEGIN PGP SIGNED MESSAGE- - Debian Security Advisory DSA-131-1 [EMAIL PROTECTED] http://www.debian.org/security/ Wichert Akkerman June 19, 2002 - Package: apache Problem type : remote DoS / exploit Debian-specific: no CVE name : CAN-2002-0392 CERT advisory : VU#944335 Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for handling invalid requests which use chunked encoding also might allow arbitrary code execution on 64 bit architectures. This has been fixed in version 1.3.9-14.1 of the Debian apache package, as well as upstream versions 1.3.16 and 2.0.37. We strongly recommend that you upgrade your apache package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.2 alias potato - - Potato was released for alpha, arm, i386, m68k, powerpc and sparc. Source archives: http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9-14.1.diff.gz MD5 checksum: 0faccc7432b4ef650cfeebb2edf9bdc3 http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9-14.1.dsc MD5 checksum: 47140e36fc2947511d162dc7fef680bb http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9.orig.tar.gz MD5 checksum: 6758fe8b931be0b634b6737d9debf703 Architecture independent archives: http://security.debian.org/dists/stable/updates/main/binary-all/apache-doc_1.3.9-14.1_all.deb MD5 checksum: 0b9c3b2bd1efefb2592cc8cbff59a67b Alpha architecture: http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-common_1.3.9-14.1_alpha.deb MD5 checksum: a4c9b63065ec47ad0c90bd9d1ab8d240 http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-dev_1.3.9-14.1_alpha.deb MD5 checksum: 50a5514d4882395b9843a4dd9ced7967 http://security.debian.org/dists/stable/updates/main/binary-alpha/apache_1.3.9-14.1_alpha.deb MD5 checksum: 6ca230385c54a792923051e154dab020 ARM architecture: http://security.debian.org/dists/stable/updates/main/binary-arm/apache-common_1.3.9-14.1_arm.deb MD5 checksum: 43bb5b39c0644a02379d456c0f6552e2 http://security.debian.org/dists/stable/updates/main/binary-arm/apache-dev_1.3.9-14.1_arm.deb MD5 checksum: 08121fd95be917ac771a06243ccb2b9b http://security.debian.org/dists/stable/updates/main/binary-arm/apache_1.3.9-14.1_arm.deb MD5 checksum: 9852ce45dcebc5c3381f5a7f2bc95ed6 Intel IA-32 architecture: http://security.debian.org/dists/stable/updates/main/binary-i386/apache-common_1.3.9-14.1_i386.deb MD5 checksum: 1d4b57055b1f292d6a970a66294f887d http://security.debian.org/dists/stable/updates/main/binary-i386/apache-dev_1.3.9-14.1_i386.deb MD5 checksum: 857a57d16e39b52c4f29884e3b6d8140 http://security.debian.org/dists/stable/updates/main/binary-i386/apache_1.3.9-14.1_i386.deb MD5 checksum: 97e213fda0d0ff92036f368721239562 Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-common_1.3.9-14.1_m68k.deb MD5 checksum: d3aa0224fcef26d6698b7a6832f797e3 http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-dev_1.3.9-14.1_m68k.deb MD5 checksum: 089f975084015cecafbb3961e9f1aa6b http://security.debian.org/dists/stable/updates/main/binary-m68k/apache_1.3.9-14.1_m68k.deb MD5 checksum: ed03ccfea9a18cb828f6804f3f5169af PowerPC architecture: http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-common_1.3.9-14.1_powerpc.deb MD5 checksum: a67c40c388a887f51e14b71386847fe8 http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-dev_1.3.9-14.1_powerpc.deb MD5 checksum: 1d0e323a6298611fb18b9e856de9c2b3 http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache_1.3.9-14.1_powerpc.deb MD5 checksum: 6afbf9a5c97fcf25567bd9b10764df6c Sun Sparc architecture: http://security.debian.org/dists/stable/updates/main/binary-sparc/apache-common_1.3.9-14.1_sparc.deb MD5 checksum: 3a41a937db7b1f748077d079d72dacba http://security.debian.org/dists/stable/updates/main/binary-sparc/apache-dev_1.3.9-14.1_sparc.deb MD5 checksum: 1aca3619e9b5a045e3b2551a3be5a61c http://security.debian.org/dists/stable/updates/main/binary-sparc/apache_1.3.9-14.1_sparc.deb MD5 checksum: 1c7954b8b80a776267668a01e93660df These packages will be moved into the stable distribution on its next revision. - -- - apt-get: deb http
Re: Are current Apache debs affected by new bug?
Previously Timm Gleason wrote: I looked through the changelogs and the changelog.Debian files, but couldn't conclusively decide if the current vulnerability in Apache has been taken care of or not. Anyone else know? Yes, it's not fixed yet. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Are current Apache debs affected by new bug?
Previously Loren Jordan wrote: Has anybody verified this? Is there any time frame for us to expect an updated apache.deb on security.d.o? I hope to have a security advisory done by the end of today. The notice from iss.net shows a 1 line patch to the http_protocol.c file, but a previous message in this thread says it might not/doesn't fix the problem. It indeed doesn't. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Quality of security assurance with Debian vs. RedHat vs. SuSE
Previously Federico Grau wrote: Careful ... as I understand it, Woody does _NOT_ get security updates. If there is a security fix it gets posted to Sid, and after 2 weeks of non-critical bugs it migrates into testing/Woody. That migration doesn't happen anymore, updates for woody are made seperately. If you are depending on security.debian.org for Woody security updates, be wary. I believe I have seen Wichert Akkerman state on this mailing list that he is currently using the Woody section of security.debian.org to do some testing for the future. Testing is actually done elsewhere at the moment. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Forum for security-review of code?
Previously Karl E. Jorgensen wrote: Can anybody suggest a suitable forum/mailing list to ask for help on this? The security-audit list comes to mind. Google can tell you where to find it :) Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Security Updates Sources
Previously Olaf Meeuwissen wrote: Right now, for binary-i386 you'll be getting packages for new upstream releases. Packages concerned: qpopper, qpopper-drac and squirrelmail. It looks pretty much the same for the other architectures I looked at. All architectures have the exact same packages. At this moment I wouldn't recommend using the woody security stuff. What is currently there is mostly me playing with a few packages and nothing final. The packages there might be replaced with others with a possibly lower version number. If you use the stable security packages you will automatically get the proper woody security packages as well when woody is releassd, and that is the recommended setting to use. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: secure file transfer
Previously Michael van der Kolff wrote: if you want to implement a huge one you'll have to find the x.509 cert patch, but from what I hear it's quite a flexible implementation. It seems to work quite well. The X.509 and multi-crypto patches are both included in the kernel-patch-freeswan package so it should be easy to create a freeswan enabled kernel. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: pam_unix and remember [OT]
Previously Jor-el wrote: I'm sure it will. Then again, whats he going to do - not fix this bug for another year? He has gotten enough points from his user community for dilly dallying on this one for a year now. Then again you might have noticed that PAM changes maintainer recently and the new maintainer has been very active and in facted even posted a mesage with the progress he is making to debian-devel this week. Wichert -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: pam_unix and remember [OT]
Previously Jor-el wrote: I'm sure it will. Then again, whats he going to do - not fix this bug for another year? He has gotten enough points from his user community for dilly dallying on this one for a year now. Then again you might have noticed that PAM changes maintainer recently and the new maintainer has been very active and in facted even posted a mesage with the progress he is making to debian-devel this week. Wichert -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: possible hole in mozilla et al
Previously Raymond Wood wrote: but I would really like to see either: a) woody receiving security patches as soon as sid and potato; or b) no woody. From a security viewpoint b) is the only option, and we have always said so. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A Linux version of system and network monitoring?
Previously Crawford Rainwater wrote: Does anyone know of a Linux based system and network monitoring program out there? Similar to Tivoli or HP OpenView, preferably under GPL and free? If so, links and such would be great. netsaint, mon. tkined is useful as well (part of scotty now iirc). Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A Linux version of system and network monitoring?
Previously Crawford Rainwater wrote: Does anyone know of a Linux based system and network monitoring program out there? Similar to Tivoli or HP OpenView, preferably under GPL and free? If so, links and such would be great. netsaint, mon. tkined is useful as well (part of scotty now iirc). Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: world readable log files and /etc/ files
Previously Ian Cumming wrote: I was quite alarmed. There seem to be many files with world readable permissions, which _shouldnt_. If you don't trust your local users on a server you have a different problem imho. What is the policy for log files? I understand that it doesnt do _that_ much harm allowing others to read, but it does disclose more than I want to reveal. World-readable except for files with sensitive information. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: world readable log files and /etc/ files
Previously Ian Cumming wrote: I was quite alarmed. There seem to be many files with world readable permissions, which _shouldnt_. If you don't trust your local users on a server you have a different problem imho. What is the policy for log files? I understand that it doesnt do _that_ much harm allowing others to read, but it does disclose more than I want to reveal. World-readable except for files with sensitive information. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[SECURITY] [DSA-128-1] sudo buffer overflow
-BEGIN PGP SIGNED MESSAGE- - Debian Security Advisory DSA-128-1 [EMAIL PROTECTED] http://www.debian.org/security/ Wichert Akkerman April 26, 2002 - Package: sudo Problem type : buffer overflow Debian-specific: no fc found a buffer overflow in the variable expansion code used by sudo for its prompt. Since sudo is necessarily installed suid root a local user can use this to gain root access. This has been fixed in version 1.6.2-2.2 and we recommend that you upgrade your sudo package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.2 alias potato - - Potato was released for alpha, arm, i386, m68k, powerpc and sparc. Source archives: http://security.debian.org/dists/stable/updates/main/source/sudo_1.6.2p2-2.2.diff.gz MD5 checksum: 958560c409b43bd13463b3d380fc534a http://security.debian.org/dists/stable/updates/main/source/sudo_1.6.2p2-2.2.dsc MD5 checksum: 7323f0f3614513156120ccc4772524f8 http://security.debian.org/dists/stable/updates/main/source/sudo_1.6.2p2.orig.tar.gz MD5 checksum: dd5944c880fd5cc56bc0f0199e92d2b4 Alpha architecture: http://security.debian.org/dists/stable/updates/main/binary-alpha/sudo_1.6.2p2-2.2_alpha.deb MD5 checksum: 66cb0d4f730560fddba65e44dd78c34d ARM architecture: http://security.debian.org/dists/stable/updates/main/binary-arm/sudo_1.6.2p2-2.2_arm.deb MD5 checksum: f74bae46ebd07bd8f430261153d13f90 Intel IA-32 architecture: http://security.debian.org/dists/stable/updates/main/binary-i386/sudo_1.6.2p2-2.2_i386.deb MD5 checksum: 9ac9b91818dd7b2f2888aa39aac0da98 Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/main/binary-m68k/sudo_1.6.2p2-2.2_m68k.deb MD5 checksum: 46f6d595363d23c96701cd303511e1a5 PowerPC architecture: http://security.debian.org/dists/stable/updates/main/binary-powerpc/sudo_1.6.2p2-2.2_powerpc.deb MD5 checksum: 66c23d2544e9a8f19c57c919a4a751c9 Sun Sparc architecture: http://security.debian.org/dists/stable/updates/main/binary-sparc/sudo_1.6.2p2-2.2_sparc.deb MD5 checksum: 9654ecac0230abe0f28524469fb5887e These packages will be moved into the stable distribution on its next revision. - -- - apt-get: deb http://security.debian.org/ stable/updates main dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQB1AwUBPMiNiqjZR/ntlUftAQErEwL/Xi3i/N5tGqezLTsuJlgChy6MLnX7gJG4 cMa5MzW+1xUH39xz6JAgPKQv9C4FyPqgEOOwa5xt/0vkNasj8ARiu/avLM4Uk6uS 22t9YWRjlnP4tPIi4DPhv20LFu1jeSNH =0Rd2 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[SECURITY] [DSA-127-1] buffer overflow in xpilot-server
-BEGIN PGP SIGNED MESSAGE- - Debian Security Advisory DSA-127-1 [EMAIL PROTECTED] http://www.debian.org/security/ Wichert Akkerman April 17, 2002 - Package: xpilot Problem type : remote buffer overflow Debian-specific: no An internal audit by the xpilot (a multi-player tactical manoeuvring game for X) maintainers revealed a buffer overflow in xpilot server. This overflow can be abused by remote attackers to gain access to the server under which the xpilot server is running. This has been fixed in upstream version 4.5.1 and version 4.1.0-4.U.4alpha2.4.potato1 of the Debian package. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.2 alias potato - - Potato was released for alpha, arm, i386, m68k, powerpc and sparc. At this moment arm packages are not available yet. Source archives: http://security.debian.org/dists/stable/updates/main/source/xpilot_4.1.0-4.U.4alpha2.4.potato1.diff.gz MD5 checksum: 6c7aa5e06237d0848cc05c3f121d43f3 http://security.debian.org/dists/stable/updates/main/source/xpilot_4.1.0-4.U.4alpha2.4.potato1.dsc MD5 checksum: 51c30a3a226f52e0f99ed5d656e42f37 http://security.debian.org/dists/stable/updates/main/source/xpilot_4.1.0.orig.tar.gz MD5 checksum: 049f4e51d8f033911d3ce055b3b6b701 Architecture independent archives: http://security.debian.org/dists/stable/updates/main/binary-all/xpilot_4.1.0-4.U.4alpha2.4.potato1_all.deb MD5 checksum: 05c17a821e576b8886d6dfd4e737 Alpha architecture: http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_alpha.deb MD5 checksum: f506b1c9866c9585900351c10955dd43 http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_alpha.deb MD5 checksum: c45fd37746a572ca4d778a2f6e52dbc5 http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_alpha.deb MD5 checksum: 3950b11932d57fb3ae72d1d5621d7f05 http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_alpha.deb MD5 checksum: a66b89463d42a6975df899fa130470f8 Intel IA-32 architecture: http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_i386.deb MD5 checksum: f0d1306de990f6160ba5cc3e1580b2b2 http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_i386.deb MD5 checksum: 28b1c0e638e142f93eb2af7ca71f80d5 http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_i386.deb MD5 checksum: 4bb509a8a5711bc570c9e2645b926a35 http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_i386.deb MD5 checksum: b2c7cf184d6ff9b9b52e7e5a324ff3d7 Motorola 680x0 architecture: http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_m68k.deb MD5 checksum: dbac533733306578fdc22c585c1e55e6 http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_m68k.deb MD5 checksum: d8d9414db73b3088330755a7d561ac5d http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_m68k.deb MD5 checksum: 84ec746bc1c1e816448e10868981794d http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_m68k.deb MD5 checksum: ae66ef2a10d456761541c135bf88fb16 PowerPC architecture: http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb MD5 checksum: 49cc8ed07762238a86369190e76dad69 http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb MD5 checksum: cb0ec5bcf0895efb66f403cafa55d65b http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb MD5 checksum: 98b99485dddf88297de54d3cf9af57b0 http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb MD5 checksum: 256bb2bdfad21832a159570239900da5 Sun Sparc architecture: http://security.debian.org/dists/stable/updates/main/binary-sparc/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_sparc.deb MD5 checksum: c496e49126d1e2b6991ffbd1c131f5c9 http
Re: Bastian Gl??er/PD/Kreditwerk ist au?er Haus.
Previously Edmunds wrote: I know that Debian origin is Deutchland It's not actually. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bastian Gl??er/PD/Kreditwerk ist au?er Haus.
Previously Edmunds wrote: I know that Debian origin is Deutchland It's not actually. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: NFS, password transparency, and security
Previously Alan Shutko wrote: An AFS-based setup is used at many places to great effect, especially on untrusted nets, but I don't know how bad setup is. I suspect it's evil. There is also SFS which works very nicely indeed. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: on potato's proftpd
Previously martin f krafft wrote: that's a purist approach which doesn't work with security. I does, and in fact it's a very good approach: make sure you study what the real problem is instead of trying to fix things with bandaid. With all the energy wasted on this someone could have found the real problem already.. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: on potato's proftpd
Previously martin f krafft wrote: that's a purist approach which doesn't work with security. I does, and in fact it's a very good approach: make sure you study what the real problem is instead of trying to fix things with bandaid. With all the energy wasted on this someone could have found the real problem already.. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: on potato's proftpd
Previously martin f krafft wrote: wrong. fix things with bandaid to give you more time to find the real problem. i am not saying that this is the final fix. put it this way, you aren't going to wait for intruders to make use of the opportunity while you search the drunkbold who broke your window last night. dig? Lets put is this way: two people from the security team have stated they want to know why the current security fix is broken before they will consider introducing a bandaid. So lets just stop this discussion and start looking why the glibc glob fix fails for proftpd. EOD. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: on potato's proftpd
Previously martin f krafft wrote: i don't get it. will someone please push this package ivo made as an NMU into security.debian.org ASAP? i'd do it myself, but i am still waiting for DAM approval... I'ld like someone to answer my question first: how come the glob fix in glibc doesn't fix proftpd? Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: on potato's proftpd
Previously martin f krafft wrote: wichert, it didn't. why should we discuss this before pushing the temporary fix into the security archives??? Because it might impact other packages as well. i'd also like to see answered, but right now, debian's got a semi-bug in a package found on security.debian.org, we know about it, why do we even hesitate? I'ld rather make sure we don't have a bug in multiple packages then a reasonably harmless semi-bug in a single package. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: on potato's proftpd
Previously martin f krafft wrote: i don't get it. will someone please push this package ivo made as an NMU into security.debian.org ASAP? i'd do it myself, but i am still waiting for DAM approval... I'ld like someone to answer my question first: how come the glob fix in glibc doesn't fix proftpd? Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: on potato's proftpd
Previously martin f krafft wrote: wichert, it didn't. why should we discuss this before pushing the temporary fix into the security archives??? Because it might impact other packages as well. i'd also like to see answered, but right now, debian's got a semi-bug in a package found on security.debian.org, we know about it, why do we even hesitate? I'ld rather make sure we don't have a bug in multiple packages then a reasonably harmless semi-bug in a single package. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: CERT Advisory CA-2002-05 Multiple Vulnerabilities in PHP fileupload
Previously Andrew Suffield wrote: The normal solution in debian is to backport a fix to stable. I see php.org has a patch for php 4.0.6, this can probably be backported to 4.0.3/4.0.5 fairly easily. Already done. Before being able to make a php security fix we need to fix the ABI changes in the SNMP security fix first, which is what I'm working on now. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: CERT Advisory CA-2002-05 Multiple Vulnerabilities in PHP fileupload
Previously Andrew Suffield wrote: The normal solution in debian is to backport a fix to stable. I see php.org has a patch for php 4.0.6, this can probably be backported to 4.0.3/4.0.5 fairly easily. Already done. Before being able to make a php security fix we need to fix the ABI changes in the SNMP security fix first, which is what I'm working on now. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: Squid HTTP Proxy Security Update
Previously Philipe Gaspar wrote: Is the Squid Version 2.2.STABLE5 on Debian potato vulnerable? No. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Squid HTTP Proxy Security Update
Previously Philipe Gaspar wrote: Is the Squid Version 2.2.STABLE5 on Debian potato vulnerable? No. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: strange entry in /etc/init.d
Previously Andreas Goesele wrote: I found this strange as I thought for bash one would write It is not a bash file, it is used by pam_env and contains lines with a simple key=value syntax. Is it possible that some package would add such a line to my /etc/environment? What package could that be? Or should I worry about an intruder? One of libc6 or locales will modify it. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: strange entry in /etc/init.d
Previously Andreas Goesele wrote: I found this strange as I thought for bash one would write It is not a bash file, it is used by pam_env and contains lines with a simple key=value syntax. Is it possible that some package would add such a line to my /etc/environment? What package could that be? Or should I worry about an intruder? One of libc6 or locales will modify it. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: Bug#130876: ssh: -5 discloses too much infomation to an attacker, security
Previously Matthew Vernon wrote: retitle 130876 Sending server software version information should be optional I'm not sure I agree with that: that easily leads to the configurable version response option that was discussed on openssh-dev recently where it was concluded that is not a good idea. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Bug#130876: ssh: -5 discloses too much infomation to an attacker, security
Previously Matthew Vernon wrote: retitle 130876 Sending server software version information should be optional I'm not sure I agree with that: that easily leads to the configurable version response option that was discussed on openssh-dev recently where it was concluded that is not a good idea. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: securid logins
Previously Petro wrote: I don't think so. But I'd be interested in the responses as well. There is some support in PAM and in OpenSSH. I have a cryptocard RB-1 token now which I intent to get working with OpenSSH at least once I have some free time to spent on it. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [2] Mailserver HDD organization
Previously Eelco van Beek wrote: Why not put your mail into a database?. No more security and scalability hassles. (www.dbmail.org) Because it restricts you to using dbmail stuff. Personally I'm very happy with using maildirs and importing only select mailheaders in a custom sql database so I can still have a useful adressbook and good search options. Also the claim on the dbmail homepage that a database is faster then parsing a filesystem is not true, it depends very much on what exactly you're parsing and in a lot of cases a filesystem will be a lot faster even. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Mailserver HDD organization
Previously Hendrik Naumann wrote: Why whas Exim choosen to be the standart MTA for Debian? It was a good successor to smail, postfix didn't exist yet, sendmail ate too much resources and the rest was too obscure. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Unusual Bind log entry
Previously Mustafa Baig wrote: Jan 19 19:22:44 cold named[7247]: starting (/etc/bind/named.conf). named 8.2.3-REL-NOESW Sat Jan 27 01:46:37 MST 2001 ^Ibdale@winfree:/home/bdale/debian/bind-8.2.3/src/bin/named Its the last part consisting of ^ibdale@winfree which is suspicious. Any ideas? No, it's the path where bind binary was build. Looks like it was build by the bdale account on a machine called winfree in the directory /home/bdale/debian/bind-8.2.3. Which makes perfect sense if you know that the package maintainer is Bdale Garbee. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Mailserver HDD organization
Previously Hendrik Naumann wrote: Why whas Exim choosen to be the standart MTA for Debian? It was a good successor to smail, postfix didn't exist yet, sendmail ate too much resources and the rest was too obscure. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: Unusual Bind log entry
Previously Mustafa Baig wrote: Jan 19 19:22:44 cold named[7247]: starting (/etc/bind/named.conf). named 8.2.3-REL-NOESW Sat Jan 27 01:46:37 MST 2001 [EMAIL PROTECTED]:/home/bdale/debian/bind-8.2.3/src/bin/named Its the last part consisting of [EMAIL PROTECTED] which is suspicious. Any ideas? No, it's the path where bind binary was build. Looks like it was build by the bdale account on a machine called winfree in the directory /home/bdale/debian/bind-8.2.3. Which makes perfect sense if you know that the package maintainer is Bdale Garbee. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: allowing users to change passwords
Previously martin f krafft wrote: what would speak against setting the user's login shell to /usr/bin/passwd? Nothing, works just fine. It might be a bit confusing for users though since they will have to enter their original password twice as well. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Detecting break-ins
Previously Noah L. Meyerhans wrote: Provided you recognize IPPL's capabilities and limitation, it can be a very useful tool. As always, it can be dangerous if misused. Biggest problem with it is that it seems to die on occasion, although I haven't seen that on unstable boxes recently. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Detecting break-ins
Previously Noah L. Meyerhans wrote: Provided you recognize IPPL's capabilities and limitation, it can be a very useful tool. As always, it can be dangerous if misused. Biggest problem with it is that it seems to die on occasion, although I haven't seen that on unstable boxes recently. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: faster -- Re: Debian security being trashed in Linux Today comments
Previously Alvin Oga wrote: i did an dist-upgrade update upgrade today... and saw sudo get update before fixes to sudo was posted to bugtraq Actually it was posted to bugtraq about 15 minutes before but you only saw it later due to moderation :) Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian security being trashed in Linux Today comments
Previously Colin Phipps wrote: It is not misleading in this case, the tail is the _most_ important part of the data. It doesn't matter if we patch every other hole in 10 minutes if we leave one open for months. Both are interesting though. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Following security issues found upstream
Previously Jean-Marc Boursot wrote: Like the last postfix DoS? Am I wrong or there wasn't any bugtraq report for that? There was, Wietse announced it to bugtraq. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: faster -- Re: Debian security being trashed in Linux Today comments
Previously Alvin Oga wrote: i did an dist-upgrade update upgrade today... and saw sudo get update before fixes to sudo was posted to bugtraq Actually it was posted to bugtraq about 15 minutes before but you only saw it later due to moderation :) Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: Debian security being trashed in Linux Today comments
Previously Colin Phipps wrote: It is not misleading in this case, the tail is the _most_ important part of the data. It doesn't matter if we patch every other hole in 10 minutes if we leave one open for months. Both are interesting though. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: Debian security being trashed in Linux Today comments
Previously Adam Warner wrote: Someone with better knowledge of all the facts might want to comment on the claim that Debian is always the last to fix security holes and the tag team follow up I've been fighting for months now to try to convince them to release an advisory or fix for ftpd... Someone should point them to Javier's analysis of security response times.. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian security being trashed in Linux Today comments
Previously Adam Warner wrote: Someone with better knowledge of all the facts might want to comment on the claim that Debian is always the last to fix security holes and the tag team follow up I've been fighting for months now to try to convince them to release an advisory or fix for ftpd... Someone should point them to Javier's analysis of security response times.. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: [security] What's being done?
Previously Daniel Stone wrote: Considering that an upload hasn't been made to rectify this root hole, why hasn't something else been done about it - regular or security NMU? One would think that this is definitely serious. Waiting for the m68k build, I intend to release a DSA tomorrow. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Secure Finger Daemon
Previously eim wrote: Which Finger daemon is *really* secure ? I haven't looked at all of them, but cfingerd most certainly is not. Wichet. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Secure Finger Daemon
Previously eim wrote: Which Finger daemon is *really* secure ? I haven't looked at all of them, but cfingerd most certainly is not. Wichet. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |