lug-bg: Debian Openssl vulnerability

2003-10-14 Thread Marian Popov 



Novinata e malko stara no vse pak ako niakoi ne e razbral 
:)



Debian 
: ASN.1 parsing vulnerability
- 
--Debian 
Security Advisory DSA 394-1 [EMAIL PROTECTED]http://www.debian.org/security/ Martin 
SchulzeOctober 11th, 2003 http://www.debian.org/security/faq- 
--
Package : openssl095Vulnerability 
: ASN.1 parsing vulnerabilityProblem-Type : remoteDebian-specific: 
noCVE references : CAN-2003-0543 CAN-2003-0544 CAN-2003-0545Steve 
Henson of the OpenSSL core team identified and prepared fixesfor a number of 
vulnerabilities in the OpenSSL ASN1 code that werediscovered after running a 
test suite by British NationalInfrastructure Security Coordination Centre 
(NISCC).A bug in OpenSSLs SSL/TLS protocol was also identified which 
causesOpenSSL to parse a client certificate from an SSL/TLS client when 
itshould reject it as a protocol error.The Common Vulnerabilities 
and Exposures project identifies thefollowing 
problems:CAN-2003-0543:Integer overflow in OpenSSL that allows 
remote attackers to cause adenial of service (crash) via an SSL client 
certificate withcertain ASN.1 tag 
values.CAN-2003-0544:OpenSSL does not properly track the number 
of characters in certainASN.1 inputs, which allows remote attackers to cause 
a denial ofservice (crash) via an SSL client certificate that causes 
OpenSSLto read past the end of a buffer when the long form is 
used.CAN-2003-0545:Double-free vulnerability allows remote 
attackers to cause a denialof service (crash) and possibly execute arbitrary 
code via an SSLclient certificate with a certain invalid ASN.1 encoding. 
This bugwas only present in OpenSSL 0.9.7 and is listed here only 
forreference.For the stable distribution (woody) this problem has 
beenfixed in openssl095 version 0.9.5a-6.woody.3.This package is not 
present in the unstable (sid) or testing (sarge)distribution.We 
recommend that you upgrade your libssl095a packages and restartservices 
using this library. Debian doesn't ship any packages thatare linked against 
this library.The following commandline (courtesy of Ray Dassen) produces 
a list ofnames of running processes that have libssl095 mapped into 
theirmemory space:find /proc -name maps -exec egrep -l 'libssl095' 
{} /dev/null \; | sed -e 's/[^0-9]//g' | xargs --no-run-if-empty ps --no-headers 
-p | sed -e 's/^\+//' -e 's/ \+/ /g' | cut -d ' ' -f 5 | sort | uniqYou 
should restart the associated services.Upgrade Instructions- 
wget urlwill fetch the file for youdpkg -i 
file.debwill install the referenced file.If you are using the 
apt-get package manager, use the line forsources.list as given 
below:apt-get updatewill update the internal databaseapt-get 
upgradewill install corrected packagesYou may use an automated 
update by adding the resources from thefooter to the proper 
configuration.Debian GNU/Linux 3.0 alias woody- 
Source archives:http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.3.dscSize/MD5 checksum: 631 ba6e597ab2db2984aef6c2a765ac29c0http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.3.diff.gzSize/MD5 checksum: 38851 6b197111a7068a7ea29ef55176771d89http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a.orig.tar.gzSize/MD5 checksum: 1892089 99d22f1d4d23ff8b927f94a9df3997b4Alpha 
architecture:http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_alpha.debSize/MD5 checksum: 497152 fe3d6854382f8dbe2d10f3f5700dd8f6ARM 
architecture:http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_arm.debSize/MD5 checksum: 402498 551b79fbb80903f174d6edeffd9869dfIntel 
IA-32 architecture:http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_i386.debSize/MD5 checksum: 399752 
2a856ac6b45d41beb0bf78880b236966Motorola 680x0 
architecture:http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_m68k.debSize/MD5 checksum: 376738 980e428e9b913672d939ebe77c18cd6dBig 
endian MIPS architecture:http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_mips.debSize/MD5 checksum: 412624 b8c7cc0b4dcbf1cf03480b93c78cd610Little 
endian MIPS architecture:http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_mipsel.debSize/MD5 checksum: 407388 de02385580cf33c344c1ffadcf8aed88PowerPC 
architecture:http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_powerpc.debSize/MD5 checksum: 425452 c3d04af89c64e6e9f0175e6cd4997058Sun 
Sparc architecture:http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_sparc.debSize/MD5 checksum: 412196 
ae1181c2873a304c583800459da53e5aThese files will probably be moved 
into the stable distribution onits next

lug-bg: ppp multilink

2003-10-14 Thread 
,
  Infotel2  (.. multilink), kak   
 (slackware 8.1)?



-
http://www.Elmaz.com -   !

A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

Re: lug-bg: debian: cdrom vs internet

2003-10-14 Thread raptor 
thanx za infoto...
knoppixa/morphix-a e idealniq wariant da zapochna poleka leka da ucha i debian...

 On Wednesday 08 October 2003 16:36, raptor wrote:
  hi,
 
  setnah si cd-romite sys apt-cdrom, kak da go nakaram ako daden paket go ima
  w cd-to izobshto da ne tyrsi w internet za po nowi wersii..
 
 ami apt vinagi ste predpo4ete po-nova versiq nezavisimo ot kyde e, dokato ne 
 mu promenish misleneto ot /etc/apt/sources.list, /etc/apt/apt.conf ili /etc/
 apt/preferences (man apt_preferences) ili ot command line options... 
 Dokolkoto razbiram ti  iskash ako go ima na CD-to i na http/ftp mirrors to 
 nezavisimo ot versiqta da predpo4ete da to4i ot cd, a ako go nqma na cd-to 
 togava da to4i ot mirrors. Ima mnogo na4ini, no naj-lesniq e da imash 
 sources.list samo s add-nati CDROM's izto4nici, drug samo s http/ftp 
 izto4nici i takyf s vsi4ki CDROM i ftp/http izto4nici i prosto da gi smenqsh 
 kak si iskash i apt-get update sled tova. Ako vis4ko e v edin 
 sources.list ste trqbva da izberesh nqkakvo diferencirane ili razdelenie 
 kogto izvikvash apt-get. Osven tova mozhesh da ne izpylnqvash apt-cdrom add, 
 a prosto mount-vash CD-to v /mnt/cdrom da re4em. Sled tova dobavqsh v 
 sources.list dobavqsh archiva kato localen (s unikalen path, kojto ste 
 izpolzvash za da diferencirash/razgrani4ish izto4nicite s -t):
 file:/mnt/cdrom/debian/  stable main 
 i posle: 
 apt-get install -t mnt/cdrom package ... 
 
 mozhe da stane i po-slozhno s apt-cdrom add i net archives v sources.list, 
 kato gledash s apt-cache policy package prioriteta za vseki URI i go 
 promenqsh s pinning ot /etc/apt/preferences taka 4e da to4i ot CD-to dori i s 
 po-malka version da e package i samo ako nqma takyf package na CD-to da to4i 
 ot inet... mozhe da se polu4i taka, 4e apt da ti kazhe, 4e tazi selekciq 
 koqto si izbral naprimer old version ot CD na daden paket  i new version na 
 drug paket kojto go nqma na CD-to i ste go to4ish ot inet mirrors e broken... 
 i syotvetno ste izplue to4no kakvo mu lipsva i da mu razreshish da izto4i 
 to4nite versions.
 
 Mozhe i apt-cache policy package, da vidish versiite, prioritetite i URI-tata 
 i da mu kazhesh da proveri dali to4no dadena version na paket e installable, 
 a ti ste izberesh tazi versiq koqto idva ot izto4nika CD.
 
 # apt-get install package=version 
 Naprimer: Ako ima i depends za to4no tazi version na paketa i tqh razreshavash 
 na apt premoderi  ;-) 


A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

Re: lug-bg: Sendmail Mail Hub in chroot

2003-10-14 Thread Vesselin Kolev 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Redaktirano izdanie na documenta:

http://www.lcpe.uni-sofia.bg/linuxdoc/sendmail/chroot-sendmail.html

Specialni blagodarnosti na:

George Danchev [EMAIL PROTECTED]

za TeX redakciata i commint-a..

  Vesselin Kolev

On Monday 13 Oct 2003 12:48, Vesselin Kolev wrote:
 ,



   Sendmail Mail Hub   SSLv3/TLSv1  chroot 
 Linux

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/i+1P+48lZPXaa+MRAvIcAKDqK8kt9PUhNJxHCjGGQvYPa1NqiACfbCUg
Wj/cxz/1/fq6Rk//NYe3MsU=
=Y0R/
-END PGP SIGNATURE-


A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

lug-bg: SMTP-AUTH

2003-10-14 Thread Denislav Ganchev 
Íÿêîé äà å íàÿñíî äàëè â  Mozilla (v1.4) ïîùåíñêèÿò
êëèåíò ïîäúðæà ïðîòîêîëà SMTP-AUTH è îò êàäå ñå
èçâúðøâà ñàìàòà íàñòðîéêà àêî èìà òàêàâà, àêî íÿìà
äàëè èìà free ïðîãðàìà çà ÷åòåíå íà ïîùà, êîÿòî äà ãî
ïîäúðæà. 

__
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html