Re: Weird curl, Firefox issue
On 09/20/2017 10:26 AM, R P Herrold wrote: On Tue, 19 Sep 2017, ToddAndMargo wrote: https://support.kaspersky.com/viruses/rescuedisk Any idea why I can get to the right web site with Firefox, but not curl? $ curl -L -vvv http://support.kaspersky.com/viruses/rescuedisk/ -o eraseme.html lynx notes there is "** bad HTML **" getting there during one of the 3xx redirects -- Russ herrold Hi Russ, I see it. Thank you! Bad HTML: SELECT end tag not within FORM element * Entering HText_setLastOptionValue: value:"æ¥æ¬èª ", checked:off HText_setLastOptionValue: LAST_ORDER value="æ¥æ¬èª" val_cs=43 "utf-8" (submit_val_cs 43 "utf-8") submit_value="http://support.kaspersky.co.jp/; -T
Weird curl, Firefox issue
On Tue, 19 Sep 2017, ToddAndMargo wrote: > https://support.kaspersky.com/viruses/rescuedisk > > Any idea why I can get to the right web site with > Firefox, but not curl? > > $ curl -L -vvv http://support.kaspersky.com/viruses/rescuedisk/ -o > eraseme.html lynx notes there is "** bad HTML **" getting there during one of the 3xx redirects -- Russ herrold
Re: emacs on SL6 - was Re: Security ERRATA Important: emacs on SL7.x x86_64
On Tue, Sep 19, 2017 at 11:47 PM, Bill Maidmentwrote: > Hi Andrew > So much for security issue support for 10 years. Probably best to assume > only 7 years in real life. > This is why I'm switching all our users over to SL7 MATE, now that SL6 is > in its final phase. > Cheers > Bill > Here's the description about "Production 3 phase": https://access.redhat.com/support/policy/updates/errata/#Production_3_Phase "During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. Other errata advisories may be delivered as appropriate." So, yes, not all security updates are available once RHEL (therefore Scientific Linux) goes into that phase. Akemi
RE: emacs on SL6 - was Re: Security ERRATA Important: emacs on SL7.x x86_64
Hi Andrew So much for security issue support for 10 years. Probably best to assume only 7 years in real life. This is why I'm switching all our users over to SL7 MATE, now that SL6 is in its final phase. Cheers Bill -Original message- > From:Andrew C Aitchison> Sent: Wednesday 20th September 2017 16:32 > To: scientific-linux-us...@listserv.fnal.gov > Subject: emacs on SL6 - was Re: Security ERRATA Important: emacs on SL7.x > x86_64 > > On Tue, 19 Sep 2017, Pat Riehecky wrote: > > > Synopsis: Important: emacs security update > > Advisory ID: SLSA-2017:2771-1 > > Issue Date:2017-09-19 > > CVE Numbers: CVE-2017-14482 > > -- > > > > Security Fix(es): > > > > * A command injection flaw within the Emacs "enriched mode" handling has > > been discovered. By tricking an unsuspecting user into opening a specially > > crafted file using Emacs, a remote attacker could exploit this flaw to > > execute arbitrary commands with the privileges of the Emacs user. > > (CVE-2017-14482) > > I see from https://access.redhat.com/security/cve/CVE-2017-14482 > that RedHat have marked this "wont fix" on RHEL6 and "investigating" > on RHEL5, which seems odd - I'd have expected the other way around > (unless a RHEL5 customer is paying for it). > > Yes, there is a workaround, but I imagine that emacs is commonly used > on RHEL6 and SL6 servers and it only takes one careless mistake... > > How do other SL6 users feel about this "wont fix" ? > > I'm trying to write my own patch, but seem to be struggling to patch > a file near a ctrl-L character ... > > -- > Andrew C. Aitchison Cambridge, UK > and...@aitchison.me.uk > >