date:20051004

Re: [ilugd] i want to buys books on Linux Clustering and Linux ThinClients

2005-10-04 Thread ankush grover

On 10/4/05, gaurav <[EMAIL PROTECTED]> wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> i bought a Oreally book on "Beowulf clustering"
> - ->http://www.oreilly.com/catalog/clusterlinux/reviews.html recently
> for for 500 bucks ...I guess you get it from www.firstand
> second.com 
> or nayi sadak or maybe in your nearest book store
>
> btw clustering is mainly of two types like Beowulf, high-performance
> parallel computing clusters for which you have specially parallelize
> your program or SSI (single server Imaging ) like Mosix which allow
> transparent process migration ...no changes needed in application
> .there also maby distributed computing projects on java like
> Globus ...you decide which one of this suits your needs
>
> hey Mr.Gaurav,

Thanks for the reply.I will certainly will look into this book.

Thanks & Regards

Ankush Grover
___
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/

Re: [ilugd] i want to buys books on Linux Clustering and Linux Thin Clients

2005-10-04 Thread Manish Popli

Is this book good enough for beginners ??
 -Manish

 On 10/3/05, ankush grover <[EMAIL PROTECTED]> wrote:
>
> hey friends,
>
> Are there any good books on Linux Clustering and Linux Thin Clients ? I
> know
> a book on Linux Clustering "Linux Enterprise Cluster by Karl Kopper" but
> this book is not available in delhi.
>
> Does anyone knows about any other good books on clustering and thin
> clients.
>
> Thanks & Regards
>
> Ankush Grover
> ___
> ilugd mailinglist -- ilugd@lists.linux-delhi.org
> http://frodo.hserus.net/mailman/listinfo/ilugd
> Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi
> http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
>
>


--
Manish Popli
___
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/

Re: [ilugd] i want to buys books on Linux Clustering and Linux Thin Clients

2005-10-04 Thread ankush grover

hey ,

I went to the www.firstandsecond.com  the
"Linux Enterprise Cluster" by Karl Kopper is available there but in 2
editions one costing Rs 450 and other costing Rs 2312.

Thanks & Regards

Ankush Grover

On 10/4/05, Manish Popli <[EMAIL PROTECTED]> wrote:
>
> Is this book good enough for beginners ??
>  -Manish
>
>
___
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/

[ilugd] FOSS.in - 4 days 8hrs remain for speaker registration.

2005-10-04 Thread Guntupalli Karunakar

Hi all,
  To all FOSS enthusiasts, developers, G/LUG/FSUGer's , time closing
in for speakers registration for FOSS.IN ( http://www.foss.in ).
Less than 5days remaining.

First read the call for participation - http://foss.in/2005/cfp/

then hop into  http://foss.in/2005/speakers/ and register as speaker
and your talks.

You can register
 - Talk
 - BoF
 - Tutorial
 - Workshop

For BoFs/Tutorials/Workshops, if you are registering them, then plan
them well, its you who will have the lead the way and make them
happen, support always follows.

Also read  speakers guide - http://foss.in/2005/guides/speakers.php.

So hurry...

Karunakar

-- 

*
* Work: http://www.indlinux.org *
* Blog: http://cartoonsoft.com/blog *
*

___
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/

Re: [ilugd] long BLUG meet outside Bangalore.

2005-10-04 Thread Raj Mathur

> "Vivek" == vivek khurana <[EMAIL PROTECTED]> writes:

Vivek> --- Sudev Barar <[EMAIL PROTECTED]> wrote:

>> Can not go but damn interesting. LUGD what are we going to do
>> about this ans such?

Vivek>  As far as i remeber long long ago Abhishek kumar once
Vivek> suggested of holding a meeting at Jim corbett national
Vivek> park. But no response was there by the list.

Vivek> 
http://article.gmane.org/gmane.user-groups.linux.delhi/1825/match=national+park

Vivek>  For this suggestion, as per ilugd rule #1 Sudev has
Vivek> volunteered to arrange such a meet provided enough people
Vivek> agree to meetup. :-)

I'm game provided it's somewhere in the Himalayas :)

-- Raju
-- 
Raj Mathur[EMAIL PROTECTED]  http://kandalaya.org/
   GPG: 78D4 FC67 367F 40E2 0DD5  0FEF C968 D0EF CC68 D17F
  It is the mind that moves

___
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/

[ilugd] (fwd) [SECURITY] MDKSA-2005:171 - Updated kernel packages fix multiple vulnerabilities

2005-10-04 Thread Raj Mathur

[Updated kernel packages are or will soon be available for all
distributions -- Raju]

This is an RFC 1153 digest.
(1 message)
--

Message-Id: <[EMAIL PROTECTED]>
From: Mandriva Security Team <[EMAIL PROTECTED]>
Sender: QATeam User <[EMAIL PROTECTED]>
To: bugtraq@securityfocus.com
Subject: MDKSA-2005:171 - Updated kernel packages fix multiple vulnerabilities
Date: Mon, 03 Oct 2005 13:46:39 -0600

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 ___

Mandriva Linux Security Update Advisory
 ___

 Package name:   kernel
 Advisory ID:MDKSA-2005:171
 Date:   October 3rd, 2005

 Affected versions:  Corporate 3.0, Multi Network Firewall 2.0
 __

 Problem Description:

 A number of vulnerabilities in the 2.6 Linux kernel have been corrected
 with these updated packages:
 
 An array index overflow in the xfrm_sk_policy_insert function could
 allow a local user to cause a Denial of Service (oops or deadlock) and
 possibly execute arbitrary code (CAN-2005-2456).
 
 The zlib routines in the Linux 2.6 kernel before 2.6.12.5 allowed a
 remote attacker to cause a DoS (crash) via a compressed file with
 "improper tables" (CAN-2005-2458).
 
 The huft_build function in the zlib routines in Linux 2.6 kernels prior
 to 2.6.12.5 returned the wrong value, allowing remote attackers to
 cause a DoS (crash) via a certain compressed file (CAN-2005-2459).
 
 A stack-based buffer overflow in the sendmsg function call in Linux 2.6
 kernels prior to 2.6.13.1 allow local users to execute arbitrary code by
 calling sendmsg and modifying the message contents in another thread
 (CAN-2005-2490).
 
 xattr.c in the ext2 and ext3 file system code in the 2.6 Linux kernel
 did not properly compare the name_index fields when sharing xattr
 blocks which would prevent default ACLs from being applied
 (CAN-2005-2801).
 
 The ipt_recent kernel module in 2.6 Linux kernels prior to 2.6.12 when
 running on 64-bit processors allowed remote attackers to cause a DoS
 (kernel panic) via certain attacks such as SSH brute force
 (CAN-2005-2872).
 
 The ipt_recent kernel module in 2.6 Linux kernels prior to 2.6.12 did
 not properly perform certain time tests when the jiffies value is
 greater than LONG_MAX which could cause ipt_recent netfilter rules to
 block too early (CAN-2005-2873).
 
 The updated packages have been patched to address these issues and all
 users are urged to upgrade immediately.
 
 Updated kernels for Mandrivalinux 10.1 and later will be made available
 soon.
 ___

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2456
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2458
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2459
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2490
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2801
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2872
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2873
 __

 Updated Packages:
  
 Multi Network Firewall 2.0:
 f7468b4d253251b7c7a5ee84571193c5  
mnf/2.0/RPMS/kernel-2.6.3.28mdk-1-1mdk.i586.rpm
 a9d37454e919b348a708922d2aece2ca  
mnf/2.0/RPMS/kernel-i686-up-4GB-2.6.3.28mdk-1-1mdk.i586.rpm
 790766354d63b081ce608ee769b73574  
mnf/2.0/RPMS/kernel-p3-smp-64GB-2.6.3.28mdk-1-1mdk.i586.rpm
 c5a5e24e5cc9b8c9cc17867966a3d70b  
mnf/2.0/RPMS/kernel-secure-2.6.3.28mdk-1-1mdk.i586.rpm
 7cdb6d2c133e02457229ef6eb2a7b405  
mnf/2.0/RPMS/kernel-smp-2.6.3.28mdk-1-1mdk.i586.rpm
 9c8a3b678f7a51be86a342a59188  
mnf/2.0/SRPMS/kernel-2.6.3.28mdk-1-1mdk.src.rpm

 Corporate 3.0:
 0f6c6ac828beca090b72d4f25b34ded2  
corporate/3.0/RPMS/kernel-2.6.3.28mdk-1-1mdk.i586.rpm
 8b228ab0567e6f8cae1e15fe44261f97  
corporate/3.0/RPMS/kernel-enterprise-2.6.3.28mdk-1-1mdk.i586.rpm
 4177dbd5341d41d1605b83546b1b419b  
corporate/3.0/RPMS/kernel-i686-up-4GB-2.6.3.28mdk-1-1mdk.i586.rpm
 543e310e249819d29d19354cac294376  
corporate/3.0/RPMS/kernel-p3-smp-64GB-2.6.3.28mdk-1-1mdk.i586.rpm
 0a6fd8b7c3434a6e903fa2183e5ef23c  
corporate/3.0/RPMS/kernel-secure-2.6.3.28mdk-1-1mdk.i586.rpm
 fccb12c9f27dc1b72e4d1ff212ae29d0  
corporate/3.0/RPMS/kernel-smp-2.6.3.28mdk-1-1mdk.i586.rpm
 15a9d0b1914ca4b47dc49d694ede1c33  
corporate/3.0/RPMS/kernel-source-2.6.3-28mdk.i586.rpm
 a62fc25d549523e00efa006644543dda  
corporate/3.0/RPMS/kernel-source-stripped-2.6.3-28mdk.i586.rpm
 9c8a3b678f7a51be86a342a59188  
corporate/3.0/SRPMS/kernel-2.6.3.28mdk-1-1mdk.src.rpm

 Corporate 3.0/X86_64:
 8ad1a6656bc68149b775b6012b4b3d10  
x86_64/corporate/3.0/RPMS/kernel-2.6.3.28mdk-1-1mdk.x86_64.rpm
 aced128f09

[ilugd] (fwd) [ GLSA 200510-01 ] gtkdiskfree: Insecure temporary file creation

2005-10-04 Thread Raj Mathur

[Please upgrade gtkdiskfree on all distributions -- Raju]

This is an RFC 1153 digest.
(1 message)
--

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===1547471991=="
Message-ID: <[EMAIL PROTECTED]>
From: Thierry Carrez <[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]
To: gentoo-announce@lists.gentoo.org
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com,
[EMAIL PROTECTED]
Subject: [Full-disclosure] [ GLSA 200510-01 ] gtkdiskfree: Insecure
temporary file creation
Date: Mon, 03 Oct 2005 17:54:26 +0200

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===1547471991==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="enig4AE0FD1F98C1CCD9C083"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--enig4AE0FD1F98C1CCD9C083
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200510-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: gtkdiskfree: Insecure temporary file creation
  Date: October 03, 2005
  Bugs: #104565
ID: 200510-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


gtkdiskfree is vulnerable to symlink attacks, potentially allowing a
local user to overwrite arbitrary files.

Background
==

gtkdiskfree is a GTK-based GUI to show free disk space.

Affected packages
=

---
 Package/  Vulnerable  /Unaffected
---
  1  app-admin/gtkdiskfree < 1.9.3-r1  >= 1.9.3-r1

Description
===

Eric Romang discovered that gtkdiskfree insecurely creates a
predictable temporary file to handle command output.

Impact
==

A local attacker could create a symbolic link in the temporary files
directory, pointing to a valid file somewhere on the filesystem. When
gtkdiskfree is executed, this would result in the file being
overwritten with the rights of the user running the application.

Workaround
==

There is no known workaround at this time.

Resolution
==

All gtkdiskfree users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/gtkdiskfree-1.9.3-r1"

References
==

  [ 1 ] CAN-2005-2918
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2918
  [ 2 ] Original Advisory
http://www.zataz.net/adviso/gtkdiskfree-09052005.txt

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200510-01.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


--enig4AE0FD1F98C1CCD9C083
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDQVQ3vcL1obalX08RAtwpAJwOVRrLdnmZeIURqfBFpMDJIHHo5gCff/MO
+ojITT9DkY5JVACB2PBNZ5Q=
=qOOj
-END PGP SIGNATURE-

--enig4AE0FD1F98C1CCD9C083--

--===1547471991==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--===1547471991==--

--

End of this Digest
**

-- 
Raj Mathur[EMAIL PROTECTED]  http://kandalaya.org/
   GPG: 78D4 FC67 367F 40E2 0DD5  0FEF C968 D0EF CC68 D17F
  It is the mind that moves

___
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives

[ilugd] (fwd) [SECURITY] [ GLSA 200510-02 ] Berkeley MPEG Tools: Multiple insecure temporary files

2005-10-04 Thread Raj Mathur

[Please upgrade the Berkeley MPEG Tools on all distributions -- Raju]

This is an RFC 1153 digest.
(1 message)
--

MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===0348119590=="
Message-ID: <[EMAIL PROTECTED]>
From: Thierry Carrez <[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]
To: gentoo-announce@lists.gentoo.org
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com,
[EMAIL PROTECTED]
Subject: [Full-disclosure] [ GLSA 200510-02 ] Berkeley MPEG Tools: Multiple
 insecure temporary files
Date: Mon, 03 Oct 2005 18:03:02 +0200

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===0348119590==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="enig16235235BB140195D484C892"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--enig16235235BB140195D484C892
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200510-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: Berkeley MPEG Tools: Multiple insecure temporary files
  Date: October 03, 2005
  Bugs: #107344
ID: 200510-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


The Berkeley MPEG Tools use temporary files in various insecure ways,
potentially allowing a local user to overwrite arbitrary files.

Background
==

The Berkeley MPEG Tools are a collection of utilities for manipulating
MPEG video technology, including an encoder (mpeg_encode) and various
conversion utilities.

Affected packages
=

---
 Package /  Vulnerable  /   Unaffected
---
  1  media-video/mpeg-tools  < 1.5b-r2  >= 1.5b-r2

Description
===

Mike Frysinger of the Gentoo Security Team discovered that mpeg_encode
and the conversion utilities were creating temporary files with
predictable or fixed filenames. The 'test' make target of the MPEG
Tools also relied on several temporary files created insecurely.

Impact
==

A local attacker could create symbolic links in the temporary files
directory, pointing to a valid file somewhere on the filesystem. When
the utilities are executed (or 'make test' is run), this would result
in the file being overwritten with the rights of the user running the
command.

Workaround
==

There is no known workaround at this time.

Resolution
==

All Berkeley MPEG Tools users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/mpeg-tools-1.5b-r2"

References
==

  [ 1 ] CAN-2005-3115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3115

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200510-02.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


--enig16235235BB140195D484C892
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDQVY7vcL1obalX08RApj2AJ0VbG1kcKIsDjDkO9VcO6V3yuMdnACgk3hk
f2k54ubSKcIuN6bFX1WHeiE=
=/0+6
-END PGP SIGNATURE-

--enig16235235BB140195D484C892--

--===0348119590==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--===0348119590==--

--

End of this Digest
**

-- 
Raj Mathur[EMAIL PROTECTED]  http://kandalaya.org/
   GPG: 78

[ilugd] (fwd) [SECURITY] [DSA 837-1] New Mozilla Firefox packages fix denial of service

2005-10-04 Thread Raj Mathur

[Please upgrade Firefox on all distributions.  Firefox is also
vulnerable to a number of other bugs not reported in this advisory --
Raju]

This is an RFC 1153 digest.
(1 message)
--

Message-Id: <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED] (Martin Schulze)
To: bugtraq@securityfocus.com
Subject: [SECURITY] [DSA 837-1] New Mozilla Firefox packages fix denial of 
service
Date: Sun, 2 Oct 2005 08:07:56 +0200 (CEST)

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- --
Debian Security Advisory DSA 837-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 2nd, 2005   http://www.debian.org/security/faq
- --

Package: mozilla-firefox
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID : CAN-2005-2871
Debian Bug : 327452

Tom Ferris discovered a bug in the IDN hostname handling of Mozilla
Firefox, which is also present in the other browsers from the same
family that allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a hostname with dashes.

For the stable distribution (sarge) this problem has been fixed in
version 1.0.4-2sarge4.

For the unstable distribution (sid) this problem has been fixed in
version 1.0.6-5.

We recommend that you upgrade your mozilla-firefox package.


Upgrade Instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

  Source archives:


http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4.dsc
  Size/MD5 checksum: 1001 8da49448d0292379ed213ed55b50f636

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4.diff.gz
  Size/MD5 checksum:   323756 9badf2bda14c11b86ab011d90ec281f6

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
  Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d

  Alpha architecture:


http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_alpha.deb
  Size/MD5 checksum: 11163256 741a6fe56dbd1c917f70ea4a83f5d4f5

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_alpha.deb
  Size/MD5 checksum:   166972 e694067de0f9e51eba3b71fed7192fad

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_alpha.deb
  Size/MD5 checksum:58796 066536b71dd6ed961be9a17aa79f9ca1

  AMD64 architecture:


http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_amd64.deb
  Size/MD5 checksum:  9398022 6bc930760808bc9d9b61fb1f01bd860d

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_amd64.deb
  Size/MD5 checksum:   161704 b602c78f8f7ff6071d85639ead31b0d1

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_amd64.deb
  Size/MD5 checksum:57272 d9f98cb3de4145f0866772bc599f5573

  ARM architecture:


http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_arm.deb
  Size/MD5 checksum:  8216838 391be886f3e02b83cbdf198fc9e64f43

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_arm.deb
  Size/MD5 checksum:   153148 e320c57a33a8d2f90db51e8ccd1fdcbf

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_arm.deb
  Size/MD5 checksum:52626 f011883c695c1f62417810a7046bfb18

  Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_i386.deb
  Size/MD5 checksum:  8889628 c2dae022a03416af59f47a124ac04771

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_i386.deb
  Size/MD5 checksum:   156932 f3c968bdc962762016ab5ce7de6c3d49

http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_i386.deb
  Size/MD5 checksum:54188 9c2479ab8ebd935c40f52dc516d1ef9b

  Intel IA-64 architecture:


http://security.debian.

[ilugd] [LIH](fwd) [SECURITY] [DSA 839-1] New apachetop packages fix insecure temporary file

2005-10-04 Thread Raj Mathur

[Please upgrade apachetop on all distributions -- Raju]

This is an RFC 1153 digest.
(1 message)
--

Message-Id: <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED] (Martin Schulze)
Sender: [EMAIL PROTECTED]
To: debian-security-announce@lists.debian.org (Debian Security Announcements)
Cc: 
Subject: [Full-disclosure] [SECURITY] [DSA 839-1] New apachetop packages fix
insecure temporary file
Date: Tue, 4 Oct 2005 08:41:43 +0200 (CEST)

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- --
Debian Security Advisory DSA 839-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
October 4th, 2005   http://www.debian.org/security/faq
- --

Package: apachetop
Vulnerability  : insecure temporary file
Problem type   : local
Debian-specific: no
CVE ID : CAN-2005-2660

Eric Romang discovered an insecurely created temporary file in
apachetop, a realtime monitoring tool for the Apache webserver that
could be exploited with a symlink attack to overwrite arbitrary files
with the user id that runs apachetop.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 0.12.5-1sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 0.12.5-5.

We recommend that you upgrade your apachetop package.


Upgrade Instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

  Source archives:


http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1.dsc
  Size/MD5 checksum:  613 cf61395747017a6c8a4319be4cbafe83

http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1.diff.gz
  Size/MD5 checksum: 2956 76b0826270dcf4c51b191b9aaa3f58f8

http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5.orig.tar.gz
  Size/MD5 checksum:   126967 47c40c26319d5718a2a56dcefe06

  Alpha architecture:


http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_alpha.deb
  Size/MD5 checksum:36262 d532edba02bdf8d4dd2316b68866d906

  AMD64 architecture:


http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_amd64.deb
  Size/MD5 checksum:31370 c8fdae994094269fbe3f597858c8ba14

  ARM architecture:


http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_arm.deb
  Size/MD5 checksum:30572 dc820d6f5af5a89989705c919f5b8bdb

  Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_i386.deb
  Size/MD5 checksum:30160 cc20d5d7ab5798ec98966b944259fde4

  Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_ia64.deb
  Size/MD5 checksum:40446 06f813d834fc7566317c94d4ff07c9ff

  HP Precision architecture:


http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_hppa.deb
  Size/MD5 checksum:34332 aea9a750be0952a46d1d03f9b0d8d8cd

  Motorola 680x0 architecture:


http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_m68k.deb
  Size/MD5 checksum:27844 df4e67fb0a58d32537dd4cb7c88c3e24

  Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_mips.deb
  Size/MD5 checksum:34964 ab8c82dec697e8567a0b819f25ff1c60

  Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_mipsel.deb
  Size/MD5 checksum:34864 48009e8eb7bf1cac0178d33bed3594e9

  PowerPC architecture:


http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_powerpc.deb
  Size/MD5 checksum:33138 22c5a90df13d862497d4fd0060d2d53a

  IBM S/390 architecture:


http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_s390.deb
  Size/MD5 checksum:31172 120ff918508d38deaf737f22d8a1da96

  Sun Sparc architecture:


http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_sparc.deb
  Size/MD5 checksum:30532 2a5637a3f94148621756e648b0e9cfdb


  These files will probably be moved into t

Re: [ilugd] long BLUG meet outside Bangalore.

2005-10-04 Thread [EMAIL PROTECTED]

Raj Mathur wrote:

> I'm game provided it's somewhere in the Himalayas :)

For those really keen on pursuing the himalayan dream or Corbett get 
away here is some relevant information:

Corbett National Park is presently closed and will )reopen after 15 Nov*.
The best place to stay , and enjoy is Dhikala - inside the NP. The other
two places are Bijrani and Sonandi - not as good

Ramnagar the entry point to Corbett NP and its surroundings is overnite
from Delhi - by Train -

Outside of the NP there are a whole range of places private and
Government,  to stay - from very very high end ones - to some basic ones
where the accommodation is in tents and huts.


relevant links -
both of which are private operators and
http://www.indianwildlifeportal.com/national-parks/corbett-national-park.html
http://www.corbettnationalpark.com


Another place deeper in the Himalaya - is Binsar Wild Life Sanctuary
4 hours drive from Kathgodam. Kathgodam is overnite by train from delhi.

There is again High end accommodation, as well as KMVN, - government run 
  decent accommodation. The views are fantastic and its inside a Leopard 
Sanctuary.

http://www.kmvn.org/

link to the binsar section - which has the tariffs
http://www.siplweb.com/kmvn/accomodation-tariff.asp?lid=2&trhid=21

  The tariffs:
  Room Category  Room Type   No. of RoomsRoom Rent
  Family SuitSuper Delux-SD  2   1200 Rs.
  Double bed Standard -S 5   600 Rs.
  Double bed Delux -D11  800 Rs.
  Double bed Super Delux-SD  8   900 Rs.


where to reserve:

Central Reservation Centre
Manager,
Centrral Reservation Centre,
C/O Parvat Tours
Near Rickshaw Stand
Tallital, Nainital-263001
Phone : (05942) 236374, 235656, 231435, 231436
Fax No.: (05942) 236374
E-mail: [EMAIL PROTECTED]

*Delhi Office*

PRO, KMVN
103, Indra Prakash Building,
21, Barakhamba Road, New Delhi-110001
Ph : (011) 23712246, 51519366
Fax : (011) 23319835
E-mail: [EMAIL PROTECTED]


Hope this information helps
ram

___
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/

Re: [ilugd] i want to buys books on Linux Clustering and Linux ThinClients

Re: [ilugd] i want to buys books on Linux Clustering and Linux Thin Clients

Re: [ilugd] i want to buys books on Linux Clustering and Linux Thin Clients

[ilugd] FOSS.in - 4 days 8hrs remain for speaker registration.

Re: [ilugd] long BLUG meet outside Bangalore.

[ilugd] (fwd) [SECURITY] MDKSA-2005:171 - Updated kernel packages fix multiple vulnerabilities

[ilugd] (fwd) [ GLSA 200510-01 ] gtkdiskfree: Insecure temporary file creation

[ilugd] (fwd) [SECURITY] [ GLSA 200510-02 ] Berkeley MPEG Tools: Multiple insecure temporary files

[ilugd] (fwd) [SECURITY] [DSA 837-1] New Mozilla Firefox packages fix denial of service

[ilugd] [LIH](fwd) [SECURITY] [DSA 839-1] New apachetop packages fix insecure temporary file

Re: [ilugd] long BLUG meet outside Bangalore.

11 matches

Site Navigation

Mail list logo

Footer information