Re: [ilugd] community project (need contribution)
Google has a similar service http://answers.google.com/answers/ On 8/24/05, vishalsharma [EMAIL PROTECTED] wrote: Hello All, i going to have this project online in couple of days and i need help and contribution of you guys on this . The project is : - i am going to have an online database of the problems with the solutions of different services running on linux based servers like CVS, APACHE , SENDMAIL (OR ANY MAIL SERVER), IPTABLES etc. If a user faced a certain problem and got the exact solution for that he can just come to the website and will register there and can put the problems with solution so if somebody else will face the same problem he will have quick help on that. There will be a searchable index of different services from where one can find the solutions. it will be good for the ppl who are doing administration of linux servers and facing problems on day to day basis. I faced lots of problems while working with the servers and the services so i will put the problems with the solutions soon, same i want from you guys to put on but first i will like to know what you ppl think about this and the ppl who wants to contribute can email me bak on this email id. i will put the domain up in couple of days so pls start sending me the data which i can put into my databse. Please do email me the suggestions also Hope to see some replies from you guys Thanks VIshal ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/ ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Call For Papers: ILUGD event in September
Has a sufficient number of talks been short-listed? Any publically available list of talks that have been shortlisted/submitted? Nandz. -- http://nandz.blogspot.com ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Call For Papers: ILUGD event in September
ams == Abhijit Menon-Sen [EMAIL PROTECTED] writes: ams At 2005-07-19 09:06:01 +0530, [EMAIL PROTECTED] wrote: The short list will be announced on August 25, 2005 ams Has a sufficient number of talks been short-listed? Over-subscribed is the only way of putting it. I'll be mailing the first-cut draft talks list in the morning (sun is up morning, not clock has rolled over to 00:00 morning). Regards, -- Raju -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
[ilugd] (fwd) [SECURITY] [DSA 784-1] New courier packages fix denial of service
[Please upgrade if you use Courier Mail server on any distribution. This vulnerability applies only to Courier being used with SPF, but it'd be a good idea to upgrade anyway -- Raju] This is an RFC 1153 digest. (1 message) -- Message-Id: [EMAIL PROTECTED] From: [EMAIL PROTECTED] (Martin Schulze) Sender: [EMAIL PROTECTED] To: debian-security-announce@lists.debian.org (Debian Security Announcements) Cc: Subject: [Full-disclosure] [SECURITY] [DSA 784-1] New courier packages fix denial of service Date: Thu, 25 Aug 2005 14:56:43 +0200 (CEST) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 784-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze August 25th, 2005 http://www.debian.org/security/faq - -- Package: courier Vulnerability : programming error Problem-Type : remote Debian-specific: no CVE ID : CAN-2005-2151 Debian Bug : 320290 A problem has been discovered in the Courier Mail Server. DNS failures were not handled properly when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption. The default configuration on Debian has SPF checking disabled, so most machines are not vulnerable. This is explained in the courier manpage, section SENDER POLICY FRAMEWORK KEYWORDS. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 0.47-4sarge1. For the unstable distribution (sid) this problem has been fixed in version 0.47-6. We recommend that you upgrade your courier-mta package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/c/courier/courier_0.47-4sarge1.dsc Size/MD5 checksum: 1216 f66af88f70ac1c057617ce67b2e23fe8 http://security.debian.org/pool/updates/main/c/courier/courier_0.47-4sarge1.diff.gz Size/MD5 checksum:92865 444bd593fcac1056ef4c36c0859b88f6 http://security.debian.org/pool/updates/main/c/courier/courier_0.47.orig.tar.gz Size/MD5 checksum: 6350808 361a84e497148ce557c150d3576ec24b Architecture independent components: http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.47-4sarge1_all.deb Size/MD5 checksum: 370366 60a4176d1d4b0670b7aff9997336d1ee Alpha architecture: http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge1_alpha.deb Size/MD5 checksum:71398 d282a01d18ff370558d4367299783288 http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge1_alpha.deb Size/MD5 checksum:65106 7295abd0f17b14ecc1a11163c97f120f http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge1_alpha.deb Size/MD5 checksum:65386 5133e33acb847b44c834c8070271cb8c http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge1_alpha.deb Size/MD5 checksum: 293228 648ead6a63a17d98580845b7ee106305 http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge1_alpha.deb Size/MD5 checksum:28712 efe49864ceda2590d54e26a48480cb1e http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge1_alpha.deb Size/MD5 checksum: 1001448 7d45af75950cb25892fdbb52bb077d46 http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge1_alpha.deb Size/MD5 checksum:21084 03dd9e04ff3f296322841f6e93be6c62 http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge1_alpha.deb Size/MD5 checksum:84148 b3a49e76496e31a27822f1d230e00f73 http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge1_alpha.deb Size/MD5 checksum: 979266 91120fcfd586e5d8f41e836284149356 http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge1_alpha.deb Size/MD5 checksum: 141600 9c2d6f482da591e180f714ac3d926ef8 http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge1_alpha.deb Size/MD5 checksum: 2317502 6baf4dd23aa18288d7ca36f9640305ca
[ilugd] (fwd) [SECURITY] [DSA 785-1] New libpam-ldap packages fix authentication bypass
This is an RFC 1153 digest. (1 message) -- Message-Id: [EMAIL PROTECTED] From: [EMAIL PROTECTED] (Martin Schulze) Sender: [EMAIL PROTECTED] To: debian-security-announce@lists.debian.org (Debian Security Announcements) Cc: Subject: [Full-disclosure] [SECURITY] [DSA 785-1] New libpam-ldap packages fix authentication bypass Date: Thu, 25 Aug 2005 18:54:57 +0200 (CEST) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 785-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze August 25th, 2005 http://www.debian.org/security/faq - -- Package: libpam-ldap Vulnerability : authentication bypass Problem-Type : remote Debian-specific: no CVE ID : CAN-2005-2641 CERT advisory : VU#778916 It has been discovered that libpam-ldap, the Pluggable Authentication Module allowing LDAP interfaces, ignores the result of an attempt to authenticate against an LDAP server that does not set an optional data field. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 178-1sarge1. For the unstable distribution (sid) this problem has been fixed in version 178-1sarge1. We recommend that you upgrade your libpam-ldap package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - Source archives: http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1.dsc Size/MD5 checksum: 672 d669aa6f0c46e637446594350af42cc8 http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1.diff.gz Size/MD5 checksum:19528 2924e1797c39f05e37bafaa761ca2c96 http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178.orig.tar.gz Size/MD5 checksum: 127074 222186c498d24a7035e8a7494fc0797d Alpha architecture: http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_alpha.deb Size/MD5 checksum:59270 a6960b38195110ce4c555cf89e2cc752 AMD64 architecture: http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_amd64.deb Size/MD5 checksum:56984 e14265169b634d5c6ee243cc1b8cc410 ARM architecture: http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_arm.deb Size/MD5 checksum:55852 6a4f6cee9779f0bd45511fe4dda02245 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_i386.deb Size/MD5 checksum:57406 eafc9a4a7ee19e173cca4069ce822938 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_ia64.deb Size/MD5 checksum:65072 4de0ae7288d74d2eb7708424603b50f6 HP Precision architecture: http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_hppa.deb Size/MD5 checksum:60552 3eb44b515aa7fdd05376520de7ab99dd Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_m68k.deb Size/MD5 checksum:55992 41341e49ab1dd2b2f7c6e1365186579f Big endian MIPS architecture: http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_mips.deb Size/MD5 checksum:56360 3d4ad06491d46a8cbcc80236dd3edd08 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_mipsel.deb Size/MD5 checksum:56292 258c5c9a7b9b725c305c122a6843a4d9 PowerPC architecture: http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_powerpc.deb Size/MD5 checksum:57216 933ce656b572a6faaf1273eb2a5bba41 IBM S/390 architecture: http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_s390.deb Size/MD5 checksum:57370 217d4f36380fcecec41236ed53f9a2d6 Sun Sparc architecture: http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_sparc.deb Size/MD5 checksum:56934 411656469f51633a23ae7e9961786fca These files will probably be
[ilugd] (fwd) [SECURITY] [ GLSA 200508-15 ] Apache 2.0: Denial of Service vulnerability
[Please upgrade Apache2 on all distributions -- Raju] This is an RFC 1153 digest. (1 message) -- MIME-Version: 1.0 Content-Type: multipart/signed; boundary=nextPart9397724.vZgbaO6qQG; protocol=application/pgp-signature; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: [EMAIL PROTECTED] From: Sune Kloppenborg Jeppesen [EMAIL PROTECTED] To: gentoo-announce@gentoo.org Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk, [EMAIL PROTECTED] Subject: [ GLSA 200508-15 ] Apache 2.0: Denial of Service vulnerability Date: Thu, 25 Aug 2005 07:09:44 +0200 --nextPart9397724.vZgbaO6qQG Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200508-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Apache 2.0: Denial of Service vulnerability Date: August 25, 2005 Bugs: #102991 ID: 200508-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis A bug in Apache may allow a remote attacker to perform a Denial of Service attack. Background == The Apache HTTP Server Project is a featureful, freely-available HTTP (Web) server. Affected packages = --- Package / Vulnerable / Unaffected --- 1 net-www/apache 2.0.54-r9 = 2.0.54-r9 2.0 Description === Filip Sneppe discovered that Apache improperly handles byterange requests to CGI scripts. Impact == A remote attacker may access vulnerable scripts in a malicious way, exhausting all RAM and swap space on the server, resulting in a Denial of Service of the Apache server. Workaround == There is no known workaround at this time. Resolution == All apache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =net-www/apache-2.0.54-r9 References == [ 1 ] ASF Bugzilla Bug 29962 http://issues.apache.org/bugzilla/show_bug.cgi?id=29962 Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200508-15.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 --nextPart9397724.vZgbaO6qQG Content-Type: application/pgp-signature -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQBDDVKczKC5hMHO6rkRAuoeAJ0au3yZOGky6ImduRlao90sxKPjEwCfW5BF qo2RjvKvVs9yZedCHQ9CVHE= =Q219 -END PGP SIGNATURE- --nextPart9397724.vZgbaO6qQG-- -- End of this Digest ** -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
[ilugd] (fwd) [SECURITY] [ GLSA 200508-17 ] libpcre: Heap integer overflow
[Please upgrade libpcre on all distributions -- Raju] This is an RFC 1153 digest. (1 message) -- MIME-Version: 1.0 Content-Type: multipart/mixed; boundary1057302616== Message-ID: [EMAIL PROTECTED] From: Stefan Cornelius [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] To: gentoo-announce@lists.gentoo.org Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, [EMAIL PROTECTED] Subject: [Full-disclosure] [ GLSA 200508-17 ] libpcre: Heap integer overflow Date: Thu, 25 Aug 2005 20:36:06 +0200 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===1057302616== Content-Type: multipart/signed; micalg=pgp-sha1; protocol=application/pgp-signature; boundary=enig8AD0C7873DF90B660EFE2046 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --enig8AD0C7873DF90B660EFE2046 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200508-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: libpcre: Heap integer overflow Date: August 25, 2005 Bugs: #103337 ID: 200508-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis libpcre is vulnerable to a heap integer overflow, possibly leading to the execution of arbitrary code. Background == libpcre is a library providing functions for Perl-compatible regular expressions. Affected packages = --- Package / Vulnerable / Unaffected --- 1 dev-libs/libpcre 6.3 = 6.3 Description === libpcre fails to check certain quantifier values in regular expressions for sane values. Impact == An attacker could possibly exploit this vulnerability to execute arbitrary code by sending specially crafted regular expressions to applications making use of the libpcre library. Workaround == There is no known workaround at this time. Resolution == All libpcre users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/libpcre-6.3 References == [ 1 ] CAN-2005-2491 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 [ 2 ] SecurityTracker Alert ID 1014744 http://www.securitytracker.com/alerts/2005/Aug/1014744.html Availability This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200508-17.xml Concerns? = Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to [EMAIL PROTECTED] or alternatively, you may file a bug at http://bugs.gentoo.org. License === Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0 --enig8AD0C7873DF90B660EFE2046 Content-Type: application/pgp-signature; name=signature.asc Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename=signature.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDDg+bEpc7MgVybcQRAmNtAJ9MEjtuXblDEPoV6AuJiuwabsnY7wCeNTe3 RVo4RubcaEsmQnCOSXbMG2I= =IBJT -END PGP SIGNATURE- --enig8AD0C7873DF90B660EFE2046-- --===1057302616== Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ --===1057302616==-- -- End of this Digest ** -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] [LIH](fwd) [SECURITY] [DSA 784-1] New courier packages fix denial of service
On Fri, Aug 26, 2005 at 02:54:44AM +0530, Raj Mathur wrote: [Please upgrade if you use Courier Mail server on any distribution. This vulnerability applies only to Courier being used with SPF, but it'd be a good idea to upgrade anyway -- Raju] It would be even wiser to ditch SPF if you're using it http://www.circleid.com/article/1039_0_1_0_C/ http://www.circleid.com/article/1157_0_1_0_C/ ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
[ilugd] OT - The Mythical Man Month - Views/reviews?
Hi, I've just ordered this classic from firstandsecond.com - and can't wait for them to deliver it... in the meantime... anyone out there who's already read it? View/reviews? Nandz. -- http://nandz.blogspot.com ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
[ilugd] [OT] Perl on winblows
Hi! Anyone using perl on M$ windows? If so how is the performance/stability of perl on windows 98. regards VK I have studied in an university called life Disclaimer The facts expressed here belong to everybody, the opinions to me. The distinction is yours to draw... Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
