Re: [ilugd] Re: [LIG] [OT] Sarovar, Fairplay, Apple
Hmm.. Just some thoughts.. I'm totally with the Freedom to create and distribute tag. But, what if you think from the corporate viewpoint? Suppose my company (i dont work for any, btw :) has spent a million bucks in developing and promoting a technology, would I like it if someone was to develop something which circumvents my security measures and possibly eat into or even trivialize my profits? As the management in charge of the company, I might *personally* appreciate original work being done by hackers and the community in general, but officially? Arent they just a pain which i'd want to counter ASAP? -- vik = -- Viksit Gaur http://www.viksit.com me[at]viksit.com viksit[at]linux-delhi[dot]org 'Not all who wander are lost.' - J.R.R. Tolkien, The Fellowship of the Ring __ Do you Yahoo!? Yahoo! Tax Center - File online by April 15th http://taxes.yahoo.com/filing.html ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Re: [LIG] [OT] Sarovar, Fairplay, Apple
Viksit Gaur wrote: Suppose my company (i dont work for any, btw :) has spent a million bucks in developing and promoting a technology, would I like it if someone was to develop something which circumvents my security measures and possibly eat into or even trivialize my profits? This is actually a gray area - while Free Software is about *creating* gray area and not stealing ideas from others, some times it becomes imperative that a proprietary technology is made available to the public(through a Free software ofcourse) when the technology becomes critical for the masses - e.g. making software which reads MSOffice files(Abiword,OOo), or making software which interoperates with MS machines in a file sharing network(Samba). 1. But the general idea of problems of this nature is - that if you dont like the policies of the company who creates this technology in the first place - dont buy it. Nobody is forcing you to do so! 2. On the other hand, people have strong opinions on the very terms under which this technology is given and find it unfairly restrictive. It is a gray area, and a persons opinion varies according to where he prefers drawing a line between these two arguments. - Sandip -- Sandip Bhattacharya sandip (at) puroga.com Puroga Technologies Pvt. Ltd. Work: http://www.puroga.comHome: http://www.sandipb.net GPG: 51A4 6C57 4BC6 8C82 6A65 AE78 B1A1 2280 A129 0FF3 -- Sandip Bhattacharya sandip (at) puroga.com Puroga Technologies Pvt. Ltd. Work: http://www.puroga.comHome: http://www.sandipb.net GPG: 51A4 6C57 4BC6 8C82 6A65 AE78 B1A1 2280 A129 0FF3 ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] (fwd) [SECURITY] [DSA 431-2] New perl packages fix information leak in suidperl
[Please upgrade Perl -- Raju] This is an RFC 1153 digest. (1 message) -- Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Full-Disclosure] [SECURITY] [DSA 431-2] New perl packages fix information leak in suidperl Date: Fri, 16 Apr 2004 18:51:19 -0700 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 431-2 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman April 16th, 2004http://www.debian.org/security/faq - -- Package: perl Vulnerability : information leak Problem-Type : local Debian-specific: no CVE Ids: CAN-2003-0618 Paul Szabo discovered a number of similar bugs in suidperl, a helper program to run perl scripts with setuid privileges. By exploiting these bugs, an attacker could abuse suidperl to discover information about files (such as testing for their existence and some of their permissions) that should not be accessible to unprivileged users. DSA 431-1 incorporated a partial fix for this problem. This advisory includes a more complete fix which corrects some additional cases. For the current stable distribution (woody) this problem has been fixed in version 5.6.1-8.7. For the unstable distribution, this problem has been fixed in version 5.8.3-3. We recommend that you update your perl package if you have the perl-suid package installed. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7.dsc Size/MD5 checksum: 687 a991455e0aceb15577058550a4e7a58b http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7.diff.gz Size/MD5 checksum: 157187 c4142d9553724963475e3ac83b7cfa75 http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1.orig.tar.gz Size/MD5 checksum: 5983695 ec1ff15464809b562aecfaa2e65edba6 Architecture independent components: http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.6.1-8.7_all.deb Size/MD5 checksum:30986 605d678c5351a04c559eb91c92224330 http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.7_all.deb Size/MD5 checksum: 3892174 622ee5f4426479eac9923ce8a615f8bb http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.6.1-8.7_all.deb Size/MD5 checksum: 1284502 c502b6581cddcbec73603365ba2b3c91 Alpha architecture: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_alpha.deb Size/MD5 checksum: 620294 07e38c51c8ca20102b088fdce1fab354 http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_alpha.deb Size/MD5 checksum: 435786 ecadd53c15edb37aa6919210dfa71a7d http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_alpha.deb Size/MD5 checksum: 1217702 66bbe713ab6017e91dd050d2bc3a3626 http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_alpha.deb Size/MD5 checksum: 208726 98fb9debca3d28a7b92454a03fba23da http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_alpha.deb Size/MD5 checksum: 2826500 8998d4bb47b35558e302cddce343a79a http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_alpha.deb Size/MD5 checksum:34570 b706eb26f78cc37ebc1d037301a98160 ARM architecture: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_arm.deb Size/MD5 checksum: 516692 c767fd61532053e819d860b59120adfc http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_arm.deb Size/MD5 checksum: 362950 17996f407fec576584b7f57c13d335f9 http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_arm.deb Size/MD5 checksum: 1164306 b94f9f79d1cfc369146d13ce87d5b13a http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_arm.deb Size/MD5 checksum: 545424 ef03138c3fbf6e4814d9bfcec3c3778a http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_arm.deb Size/MD5 checksum: 2307408 962e45a6371c99305a9fb9a5ab9a4ec2 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_arm.deb Size/MD5 checksum:
[ilugd] (fwd) [SECURITY] [DSA 488-1] New logcheck packages fix insecure temporary directory
[Please upgrade if you have logcheck installed on any distribution -- Raju] This is an RFC 1153 digest. (1 message) -- Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Full-Disclosure] [SECURITY] [DSA 488-1] New logcheck packages fix insecure temporary directory Date: Fri, 16 Apr 2004 19:17:29 -0700 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 488-1 [EMAIL PROTECTED] http://www.debian.org/security/ Matt Zimmerman April 16th, 2004 http://www.debian.org/security/faq - -- Package: logcheck Vulnerability : insecure temporary directory Problem-Type : local Debian-specific: no CVE Ids: CAN-2004-0404 Christian Jaeger reported a bug in logcheck which could potentially be exploited by a local user to overwrite files with root privileges. logcheck utilized a temporary directory under /var/tmp without taking security precautions. While this directory is created when logcheck is installed, and while it exists there is no vulnerability, if at any time this directory is removed, the potential for exploitation exists. For the current stable distribution (woody) this problem has been fixed in version 1.1.1-13.1woody1. For the unstable distribution (sid), this problem has been fixed in version 1.1.1-13.2. We recommend that you update your logcheck package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/l/logcheck/logcheck_1.1.1-13.1woody1.dsc Size/MD5 checksum: 613 8e01951f551f262ad2ca57543f8e365a http://security.debian.org/pool/updates/main/l/logcheck/logcheck_1.1.1-13.1woody1.diff.gz Size/MD5 checksum:24812 e4e98736893194d3d59d01ba34e2f3e7 http://security.debian.org/pool/updates/main/l/logcheck/logcheck_1.1.1.orig.tar.gz Size/MD5 checksum:29998 51c91fff337e30958df368c648911647 Architecture independent components: http://security.debian.org/pool/updates/main/l/logcheck/logcheck-database_1.1.1-13.1woody1_all.deb Size/MD5 checksum:16450 f14aed68d079c1a64651c6c75ef1ab14 http://security.debian.org/pool/updates/main/l/logcheck/logcheck_1.1.1-13.1woody1_all.deb Size/MD5 checksum:25146 c6f1446b5d520e42384ffb3408da864e http://security.debian.org/pool/updates/main/l/logcheck/logtail_1.1.1-13.1woody1_all.deb Size/MD5 checksum: 9338 5bfca1c9d03ee43a18d54df1be5891d9 These files will probably be moved into the stable distribution on its next revision. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAgJOnArxCt0PiXR4RAiR+AJ9KtFWwZp6r/1ICXsPJkeYFTndPwQCeMOx9 lnvjNqt8qi8Jpfm+mkZX+7o= =pB4y -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -- End of this Digest ** -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] Re: [LIH](fwd) [SECURITY] [DSA 431-2] New perl packages fix information leak in suidperl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [4/17/2004 12:07 PM] Raj Mathur : | [Please upgrade Perl -- Raju] urgent only if you use suid-perl srs -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (MingW32) iD8DBQFAgNHpRB4r9e3t77kRAnnNAKCG2/YUYuMc2WQVEM6clY5QQMeVWACg00Uu eA+IRURowfDugMkjWZI/+HM= =0eRG -END PGP SIGNATURE- ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Re: [LIG] [OT] Sarovar, Fairplay, Apple
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Viksit == Viksit Gaur [EMAIL PROTECTED] writes: Viksit Hmm.. Just some thoughts.. Viksit I'm totally with the Freedom to create and distribute Viksit tag. But, what if you think from the corporate viewpoint? Viksit Suppose my company (i dont work for any, btw :) has spent Viksit a million bucks in developing and promoting a technology, Viksit would I like it if someone was to develop something which Viksit circumvents my security measures and possibly eat into or Viksit even trivialize my profits? You may not like it but you'd have to live with it. Just as you have the right to embed security into your software, others have the right to study, hack and bypass that security. I think you're missing the important point here -- stealing music is illegal, but providing tools that MAY be used to steal music isn't. If we support the banning of tools that may possibly be used for illegal purposes we'll have to ban just about everything -- starting with computers, Winduhs, Linux, gdb, nmap, C compilers, Perl, netstat, ping, mutt, Emacs, EVERYTHING! Viksit As the management in charge of the company, I might Viksit *personally* appreciate original work being done by Viksit hackers and the community in general, but officially? Viksit Arent they just a pain which i'd want to counter ASAP? No. If you want to protect your music don't protect the people who write software -- prosecute those who use the software to perform illegal acts. Remember -- it's not the tool that is illegal, it's the use to which it is put by an individual that is or is not. Regards, - -- Raju - -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 http://mailcrypt.sourceforge.net/ iD8DBQFAgNN7yWjQ78xo0X8RAoQeAJ9UKaujdXJvSKoXvJ+og0BtV8euFACdHTeU WTDYMeib523PgB4M/rd0dV8= =ydUJ -END PGP SIGNATURE- ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Re: [LIG] [OT] Sarovar, Fairplay, Apple
This is actually a gray area - while Free Software is about *creating* gray area and not stealing ideas from others, some times it becomes imperative that a proprietary technology is made available to the public(through a Free software ofcourse) when the technology becomes critical for the masses - e.g. making software which reads MSOffice files(Abiword,OOo), or making software which interoperates with MS machines in a file sharing network(Samba). Well, as for this argument, the companies in question wouldnt go against such programs because the End Result is the propogation of their own technology - be it Word files or Win interoperability. But in terms of Apple's itunes or other such programs, I'm sure the arguments dont hold. 1. But the general idea of problems of this nature is - that if you dont like the policies of the company who creates this technology in the first place - dont buy it. Nobody is forcing you to do so! Exactly. But I'm *not* buying it. I'm creating an alternative for myself and thousands of others, to get the product yet not paying for it. Maybe this is where the creation of Gray areas comes in.. 2. On the other hand, people have strong opinions on the very terms under which this technology is given and find it unfairly restrictive. But can you blame a company from trying to make profits by selling a service - Apple hasnt exactly put in unfair trade practices or something, which might lead to ideological differences? -- vik = -- Viksit Gaur http://www.viksit.com me[at]viksit.com viksit[at]linux-delhi[dot]org 'Not all who wander are lost.' - J.R.R. Tolkien, The Fellowship of the Ring __ Do you Yahoo!? Yahoo! Tax Center - File online by April 15th http://taxes.yahoo.com/filing.html ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Re: [LIG] [OT] Sarovar, Fairplay, Apple
Hey! No. If you want to protect your music don't protect the people who write software -- prosecute those who use the software to perform illegal acts. True. Brings to mind the RIAA suing that 12 year old girl though! Brianna Something, from NYC. Remember -- it's not the tool that is illegal, it's the use to which it is put by an individual that is or is not. Well put. -- vik = -- Viksit Gaur http://www.viksit.com me[at]viksit.com viksit[at]linux-delhi[dot]org 'Not all who wander are lost.' - J.R.R. Tolkien, The Fellowship of the Ring __ Do you Yahoo!? Yahoo! Tax Center - File online by April 15th http://taxes.yahoo.com/filing.html ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Re: [LIG] [OT] Sarovar, Fairplay, Apple
Raj Mathur wrote: Remember -- it's not the tool that is illegal, it's the use to which it is put by an individual that is or is not. I agree. This is probably the assumption under which guns are allowed in USA. But what about a country like ours, where people are not allowed (easily) to keep guns because they have a potential of hurting others? - Sandip -- Sandip Bhattacharya sandip (at) puroga.com Puroga Technologies Pvt. Ltd. Work: http://www.puroga.comHome: http://www.sandipb.net GPG: 51A4 6C57 4BC6 8C82 6A65 AE78 B1A1 2280 A129 0FF3 ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Re: [LIG] [OT] Sarovar, Fairplay, Apple
I agree. This is probably the assumption under which guns are allowed in USA. But what about a country like ours, where people are not allowed (easily) to keep guns because they have a potential of hurting others? The reasons are probably political, not to mention archaic laws and the absence of good lawmakers (who're actually supported in parliament!). I mean, legalizing guns would probably be better, because most are available illegally, and thus untraceable after a situation. But, this opens up a totally new debate, one which has raged the US for eons : Gun law regulations. -- vik = -- Viksit Gaur http://www.viksit.com me[at]viksit.com viksit[at]linux-delhi[dot]org 'Not all who wander are lost.' - J.R.R. Tolkien, The Fellowship of the Ring __ Do you Yahoo!? Yahoo! Tax Center - File online by April 15th http://taxes.yahoo.com/filing.html ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Re: [LIG] [OT] Sarovar, Fairplay, Apple
On Saturday, April 17, 2004 2:49 PM [GMT+0800=SGT], Raj Mathur [EMAIL PROTECTED] wrote: You may not like it but you'd have to live with it. Just as you have the right to embed security into your software, others have the right to study, hack and bypass that security. Rights are defined by law, and law may make such study illegal. There are no innate rights in the Indian Constitution[1]. Rights which are granted today may be removed tomorrow[2]. I think you're missing the important point here -- stealing music is illegal, but providing tools that MAY be used to steal music isn't. If we support the banning of tools that may possibly be used for illegal purposes we'll have to ban just about everything -- starting with computers, Winduhs, Linux, gdb, nmap, C compilers, Perl, netstat, ping, mutt, Emacs, EVERYTHING! Remember -- it's not the tool that is illegal, it's the use to which it is put by an individual that is or is not. True, in general. However, tools may be banned, even if the purpose that they may be used for is not clear, or proven. Examples include the ban of knifes with blades longer than 6 inches[3], the transport of cultures for communicable diseases, etc. Raju, I agree with you fully, and we are in good company, Hume, Franklin, Mills, et al. However, the law is what the law says it is, not what is right, or reasonable. == [1] The US Declaration of Independance states that some rights are inalienable, and among these are the rights to life, liberty, and the pursuit of happiness. However, the Declaration has no legal value, the Constitution does, and that grants rights, not recognizes their existance. [2] cf The right to Property. This was a Fundumental Right under the 1950 Constitution. Look for Section Article 19 (f). Look carefully. Then look at the 44th Amendment. Also, look for Article 31, Right to Property. [3] Being in possesion of a knife with blade longer than 6 inches is not in itself illegal, but the Court will accept that as evidence adducing against you. Inaccurately but pithily, you are guilty unless you can prove yourself innocent. Similar laws exist about the carrying of lock picks. -- Sanjeev ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Re: [LIG] [OT] Sarovar, Fairplay, Apple
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Ghane, Ghane == Sanjeev Gupta Sanjeev writes: Ghane On Saturday, April 17, 2004 2:49 PM [GMT+0800=SGT], Raj Ghane Mathur [EMAIL PROTECTED] wrote: You may not like it but you'd have to live with it. Just as you have the right to embed security into your software, others have the right to study, hack and bypass that security. Ghane Rights are defined by law, and law may make such study Ghane illegal. There are no innate rights in the Indian Ghane Constitution[1]. Rights which are granted today may be Ghane removed tomorrow[2]. Agreed. I think you're missing the important point here -- stealing music is illegal, but providing tools that MAY be used to steal music isn't. If we support the banning of tools that may possibly be used for illegal purposes we'll have to ban just about everything -- starting with computers, Winduhs, Linux, gdb, nmap, C compilers, Perl, netstat, ping, mutt, Emacs, EVERYTHING! Remember -- it's not the tool that is illegal, it's the use to which it is put by an individual that is or is not. Ghane True, in general. However, tools may be banned, even if Ghane the purpose that they may be used for is not clear, or Ghane proven. Examples include the ban of knifes with blades Ghane longer than 6 inches[3], the transport of cultures for Ghane communicable diseases, etc. Ghane Raju, I agree with you fully, and we are in good company, Ghane Hume, Franklin, Mills, et al. However, the law is what the Ghane law says it is, not what is right, or reasonable. Also agreed. However in this case the right to innovate, even if it hurts a business, has not been assigned or declined. Apple is assuming that they do have the right to stop development and propagation of a program that may hurt their business. I believe that we should fight that assumption. If we do fight, the outcome is unclear. The free software community, the hacker community, all of us may lose. However it's not on my agenda to lie back and accept the inevitable, and inevitable it certainly shall be if we don't question the whole basis of Apple's legality in sending the notice. Regards, - -- Raju Ghane [snip] - -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 http://mailcrypt.sourceforge.net/ iD8DBQFAgOCryWjQ78xo0X8RAgYcAKCLmTGpcTPxeQsHzTERawxE+5/NtwCgjh7c Fx8PVEvC8jRWmafZFTNyK+w= =s/qU -END PGP SIGNATURE- ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] Open Source Software:-
Hi all, Can anyone provide a single session lecture on Open Source Software.This is for a few group. Kindly advice. regards, ARUN KUMAR.A ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] (fwd) [SECURITY] [DSA 490-1] New Zope packages fix arbitrary code execution
[Please upgrade if you use Zope with the ZCatalog plug-in on any platform -- Raju] This is an RFC 1153 digest. (1 message) -- Message-Id: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Full-Disclosure] [SECURITY] [DSA 490-1] New Zope packages fix arbitrary code execution Date: Sat, 17 Apr 2004 17:42:05 +0200 (CEST) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 490-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze April 17th, 2004http://www.debian.org/security/faq - -- Package: zope Vulnerability : arbitrary code execution Problem-Type : remote Debian-specific: no CVE ID : CVE-2002-0688 A vulnerability has been discovered in the index support of the ZCatalog plug-in in Zope, an open source web application server. A flaw in the security settings of ZCatalog allows anonymous users to call arbitrary methods of catalog indexes. The vulnerability also allows untrusted code to do the same. For the stable distribution (woody) this problem has been fixed in version 2.5.1-1woody1. For the unstable distribution (sid) this problem has been fixed in version 2.6.0-0.1 and higher. We recommend that you upgrade your zope package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1.dsc Size/MD5 checksum: 684 bae9669b048bb73ff0fb4de1cba378d4 http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1.diff.gz Size/MD5 checksum:88172 d8461358bc98af430ed32dd89a45dbcb http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1.orig.tar.gz Size/MD5 checksum: 2165141 65d502b2acf986693576decad6b837cf Alpha architecture: http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_alpha.deb Size/MD5 checksum: 2236994 a0eb7df5046ae357d760d18ef8a2619e ARM architecture: http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_arm.deb Size/MD5 checksum: 2148088 dba70d7c78d850557783603038bc9947 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_i386.deb Size/MD5 checksum: 2130316 5172bd775bcd0ae107242525cf67b443 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_ia64.deb Size/MD5 checksum: 2388054 51c1ad0503162c4f0e152f233a45b3ca HP Precision architecture: http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_hppa.deb Size/MD5 checksum: 2240312 bbac2d795c157069d27e63ffaf0f3b5c Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_m68k.deb Size/MD5 checksum: 2133690 1662a0ece415a56d4e25ad6f31576b9f Big endian MIPS architecture: http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_mips.deb Size/MD5 checksum: 2172370 5f127d8ac54046e75c6ab9bbfe9224c1 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_mipsel.deb Size/MD5 checksum: 2170856 f57b6a66116df5b30f499f5e4cdab6aa PowerPC architecture: http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_powerpc.deb Size/MD5 checksum: 2168352 2b66d671fe1cb86a84df066902c503d0 IBM S/390 architecture: http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_s390.deb Size/MD5 checksum: 2153234 97df94cbfc71001ce67d6f02e6dde798 Sun Sparc architecture: http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_sparc.deb Size/MD5 checksum: 2212970 5a660d1befe3b8ba2be26439eb1d1b21 These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version:
[ilugd] debian linux cds i am totally confused
Hi, I downloaded the Debian Linux 3.02 but i am totally confused as to why there are so many cds there (totalling 8 as compared to generally 3 in others). Is it becuase that it has a lot more packages there or is it because the source code is included in it.the site http://www.debian.org seems to br blank on this issue too. If anybody is using it please clarify which are the cds i need to write(i dont need the source code). Regards. = Surendra Verma, WD-22,Shivalik House, IIT Delhi, New Delhi-110016, India. ph -11-26527315 Yahoo! India Matrimony: Find your partner online. http://yahoo.shaadi.com/india-matrimony/ ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
