Re: [pca] Hurray to PCA and We Sun Solve! They have spared me numerous hours of tedious work
Thanks to Sean for providing feedback! What do you think? could this be integrated into vanilla pca, or should we make a fork? For now I think it would be better to implement this in a wrapper to PCA or in a separate client. As far as I understand it, only output from PCA which is already provided would be required for your proposal. Maybe Sean would be happy if there simply was a file upload option for the patch list on wesunsolve anyway? I think the list of patches he has isn't from PCA, but from some external source. Martin.
Re: [pca] Hurray to PCA and We Sun Solve! They have spared me numerous hours of tedious work
Correct, the list of patches I get is from the tool that does our system auditing (checks for old patches, checks for open ports, etc). I simply wrote down each patch it is checking for and finding lacking, and putting that into a text file. Which I searched, added one at a time on the wesunsolve site. Now I can simply ctrl-a, and copy - paste into the entry box thanks to Thomas. Cheers! Sean -Original Message- From: pca-boun...@lists.univie.ac.at [mailto:pca-boun...@lists.univie.ac.at] On Behalf Of Martin Paul Sent: Friday, April 20, 2012 8:17 AM To: PCA (Patch Check Advanced) Discussion Subject: Re: [pca] Hurray to PCA and We Sun Solve! They have spared me numerous hours of tedious work Thanks to Sean for providing feedback! What do you think? could this be integrated into vanilla pca, or should we make a fork? For now I think it would be better to implement this in a wrapper to PCA or in a separate client. As far as I understand it, only output from PCA which is already provided would be required for your proposal. Maybe Sean would be happy if there simply was a file upload option for the patch list on wesunsolve anyway? I think the list of patches he has isn't from PCA, but from some external source. Martin.
Re: [pca] samba patch from oracle.
On Thu, Apr 19, 2012 at 9:16 AM, Laurent Blume laur...@elanor.org wrote: Le 19/04/12 00:42, Francois a écrit : Thanks Dagobert for pointing this out ! seems to be the only way to upgrade the DIY way without waiting for Oracle to react !... Or use OpenCSW and prod them a little on #opencsw when needed. I just did that for Samba, found a packaging bug for them, but in the end it works better than Solaris' ;-) I've put in a SR with Oracle too. They said they are going to release 3.6.4, which is bullshit because Samba stated they we backporting patches for many versions due to the serious nature of the exploit and ease of attack. My Redhat and Debian machines were updated for the samba exploit about a week ago, but we may have to wait until May to get this fixed. PATHETIC. I'm not expecting much from them anymore. Even the zero day telnet exploit took them weeks to fix. Your Solaris can be secured by two methods: build your own binaries (or rely on OpenCSW, which I hope stays up to date better than Blastwave did), or don't run any services on it. But I think few of us want Solaris as a desktop machine...
Re: [pca] EXTERNAL: Re: samba patch from oracle.
The problem with Samba and the Big-O is lawyers pouring through the license agreement and approving its distribution. They do NOT like GPLv3... -Original Message- From: pca-boun...@lists.univie.ac.at [mailto:pca-boun...@lists.univie.ac.at] On Behalf Of francis picabia Sent: Friday, April 20, 2012 10:12 AM To: PCA (Patch Check Advanced) Discussion Subject: EXTERNAL: Re: [pca] samba patch from oracle. On Thu, Apr 19, 2012 at 9:16 AM, Laurent Blume laur...@elanor.org wrote: Le 19/04/12 00:42, Francois a écrit : Thanks Dagobert for pointing this out ! seems to be the only way to upgrade the DIY way without waiting for Oracle to react !... Or use OpenCSW and prod them a little on #opencsw when needed. I just did that for Samba, found a packaging bug for them, but in the end it works better than Solaris' ;-) I've put in a SR with Oracle too. They said they are going to release 3.6.4, which is bullshit because Samba stated they we backporting patches for many versions due to the serious nature of the exploit and ease of attack. My Redhat and Debian machines were updated for the samba exploit about a week ago, but we may have to wait until May to get this fixed. PATHETIC. I'm not expecting much from them anymore. Even the zero day telnet exploit took them weeks to fix. Your Solaris can be secured by two methods: build your own binaries (or rely on OpenCSW, which I hope stays up to date better than Blastwave did), or don't run any services on it. But I think few of us want Solaris as a desktop machine...
Re: [pca] samba patch from oracle.
On 4/20/2012 8:12 AM, francis picabia wrote: I've put in a SR with Oracle too. They said they are going to release 3.6.4, which is bullshit because Samba stated they we backporting patches for many versions due to the serious nature of the exploit and ease of attack. I've heard 3.6 still has some winbind issues, so I certainly hope they don't issue a major version upgrade rather than simply bumping to 3.5.14 8-/. My Redhat and Debian machines were updated for the samba exploit about a week ago, but we may have to wait until May to get this fixed. PATHETIC. Yup. Your Solaris can be secured by two methods I'm still trying to be optimistic that Illumian or OpenIndiana will take off and get production ready so we can have the benefits of Solaris technology without the headache of dealing with Oracle.