Re: Weird curl, Firefox issue

2017-09-20 Thread ToddAndMargo 

On 09/20/2017 10:26 AM, R P Herrold wrote:

On Tue, 19 Sep 2017, ToddAndMargo wrote:


https://support.kaspersky.com/viruses/rescuedisk

Any idea why I can get to the right web site with
Firefox, but not curl?

$ curl -L -vvv http://support.kaspersky.com/viruses/rescuedisk/ -o
eraseme.html


lynx notes there is "** bad HTML **" getting there during one
of the 3xx redirects

-- Russ herrold




Hi Russ,

I see it.  Thank you!

Bad HTML: SELECT end tag not within FORM element *

Entering HText_setLastOptionValue: value:"日本語
", checked:off

HText_setLastOptionValue: LAST_ORDER value="日本語"
val_cs=43 "utf-8" (submit_val_cs 43 "utf-8")
submit_value="http://support.kaspersky.co.jp/;


-T

Weird curl, Firefox issue

2017-09-20 Thread R P Herrold 
On Tue, 19 Sep 2017, ToddAndMargo wrote:

> https://support.kaspersky.com/viruses/rescuedisk
> 
> Any idea why I can get to the right web site with
> Firefox, but not curl?
> 
> $ curl -L -vvv http://support.kaspersky.com/viruses/rescuedisk/ -o
> eraseme.html

lynx notes there is "** bad HTML **" getting there during one 
of the 3xx redirects

-- Russ herrold

Re: emacs on SL6 - was Re: Security ERRATA Important: emacs on SL7.x x86_64

2017-09-20 Thread Akemi Yagi 
On Tue, Sep 19, 2017 at 11:47 PM, Bill Maidment  wrote:

> Hi Andrew
> So much for security issue support for 10 years. Probably best to assume
> only 7 years in real life.
> This is why I'm switching all our users over to SL7 MATE, now that SL6 is
> in its final phase.
> Cheers
> Bill
>

​Here's the description about "Production 3 phase":

​
https://access.redhat.com/support/policy/updates/errata/#Production_3_Phase

​"​During the Production 3 Phase, Critical impact Security Advisories
(RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be
released as they become available. Other errata advisories may be delivered
as appropriate."

So, yes, not all security updates are available once RHEL (therefore
Scientific Linux) goes into that phase.

Akemi

RE: emacs on SL6 - was Re: Security ERRATA Important: emacs on SL7.x x86_64

2017-09-20 Thread Bill Maidment 
Hi Andrew
So much for security issue support for 10 years. Probably best to assume only 7 
years in real life.
This is why I'm switching all our users over to SL7 MATE, now that SL6 is in 
its final phase.
Cheers
Bill
 
 
-Original message-
> From:Andrew C Aitchison 
> Sent: Wednesday 20th September 2017 16:32
> To: scientific-linux-us...@listserv.fnal.gov
> Subject: emacs on SL6 - was Re: Security ERRATA Important: emacs on SL7.x 
> x86_64
> 
> On Tue, 19 Sep 2017, Pat Riehecky wrote:
> 
> > Synopsis:  Important: emacs security update
> > Advisory ID:   SLSA-2017:2771-1
> > Issue Date:2017-09-19
> > CVE Numbers:   CVE-2017-14482
> > --
> >
> > Security Fix(es):
> >
> > * A command injection flaw within the Emacs "enriched mode" handling has
> > been discovered. By tricking an unsuspecting user into opening a specially
> > crafted file using Emacs, a remote attacker could exploit this flaw to
> > execute arbitrary commands with the privileges of the Emacs user.
> > (CVE-2017-14482)
> 
> I see from https://access.redhat.com/security/cve/CVE-2017-14482
> that RedHat have marked this "wont fix" on RHEL6 and "investigating"
> on RHEL5, which seems odd - I'd have expected the other way around
> (unless a RHEL5 customer is paying for it).
> 
> Yes, there is a workaround, but I imagine that emacs is commonly used
> on RHEL6 and SL6 servers and it only takes one careless mistake...
> 
> How do other SL6 users feel about this "wont fix" ?
> 
> I'm trying to write my own patch, but seem to be struggling to patch
> a file near a ctrl-L character ...
> 
> -- 
> Andrew C. Aitchison   Cambridge, UK
>   and...@aitchison.me.uk
> 
>