I received this CERT Advisory about 6 hours ago, regarding PHP.
The php website confirms the details: www.php.net
I think this is going to be a problem for us, due to the way
the Debian packaging works -
We upgraded to Apache 1.3.19-1 for security reasons.
Package dependencies meant we ended u
--
Welcome to the liers.org/liers.net auction notification list. You are receiving this
message because you have been subscribed to this list. This list has been setup to
notify you when the auction of "liers.org" and "liers.net", on eBay commences. If you
do not wish to be on this list you
On Thursday, 2002-02-28 at 08:37:45 -, Jeff wrote:
> I received this CERT Advisory about 6 hours ago, regarding PHP.
> The php website confirms the details: www.php.net
> I think this is going to be a problem for us, due to the way
> the Debian packaging works -
> We upgraded to Apache 1.3
Does apt from potato (0.3.19) support Pinning? I don't think so. Thus,
you will need to upgrade your apt manually first.
--
Dmitry Borodaenko
On Thu, Feb 28, 2002 at 10:37:00AM +0100, Lupe Christoph wrote:
> If you want to run more up to date packages, you have to
> get them from the "testing",
On Thu, Feb 28, 2002 at 01:25:25PM +0200, Dmitry Borodaenko wrote:
> Does apt from potato (0.3.19) support Pinning? I don't think so. Thus,
> you will need to upgrade your apt manually first.
>
> On Thu, Feb 28, 2002 at 10:37:00AM +0100, Lupe Christoph wrote:
> > If you want to run more up to dat
Previously Andrew Suffield wrote:
> The normal solution in debian is to backport a fix to stable. I see
> php.org has a patch for php 4.0.6, this can probably be backported to
> 4.0.3/4.0.5 fairly easily.
Already done. Before being able to make a php security fix we need
to fix the ABI changes in
Hello!
I am using netsaint_statd on a debian machine and I would like to know
what I am doing, eg what security holes may this create?
As I understand it, the netsaint_statd deamon makes it possible to
extract information about CPU load, disk usage, memory load etc.
Is this a security problem?
Has
> Andrew Suffield wrote:
> Installing unstable packages is in no sense a solution, for
> people doing serious security setups.
What should be realised of course, is that Apache recommended
moving to 1.3.19 and quite some time ago 1.3.23 - so while you
might consider the packaging to be unstable,
I'm not aware of any security holes created by it... I
originally start'd using it with Netsaint to monitor 2 networks but then
changed over to NPRE as it had built-in mechanics for only allowing the
checks to come from a specific host(s) thereby greatly limiting who
could access that dat
Netsaint is actually pretty extensible, if you do a bit of lateral thinking.
I implemented it for all of the linux boxes at an isp I was working at about
a year ago. However I wasnt particularly happy with the way it implemented
remote agents, iirc it used a perl script with sockets to access them
On Thu, Feb 28, 2002 at 02:56:02PM -, Jeff wrote:
> > Andrew Suffield wrote:
> > Installing unstable packages is in no sense a solution, for
> > people doing serious security setups.
> What should be realised of course, is that Apache recommended
> moving to 1.3.19 and quite some time ago 1.3.
On Thu, Feb 28, 2002 at 08:37:45AM -, Jeff wrote:
> I received this CERT Advisory about 6 hours ago, regarding PHP.
> The php website confirms the details: www.php.net
> I think this is going to be a problem for us, due to the way
> the Debian packaging works -
> I guess that the immediate s
For some very good reasons I had to do a mass change of passwords
on one of our exposed login machines (no breach/hack, different
reason).
There is a utility included in Debian Stable (and the others) to do
this called chpasswd.
I believe there may be some security issu
hello,
chpasswd is in the shadow source package (you can find this out using
apt-show commands). You can workaround the problem by using a script
which will use the -e option and fill an encrypted passwd, this will
also solved this other problem you talk about. There is a bug already
reported abo
Title: ëìì§íëë ììì§
ì´ë¬í ë©ì¼ì ë°ì§ ìì¼ìë ¤ë©´ ìì ê±°ë¶ë¥¼ ëë¬ ì£¼ì¸ì.
ì¥ì°©ì 문ì
ì°¾ìê°ê¸
I received this CERT Advisory about 6 hours ago, regarding PHP.
The php website confirms the details: www.php.net
I think this is going to be a problem for us, due to the way
the Debian packaging works -
We upgraded to Apache 1.3.19-1 for security reasons.
Package dependencies meant we ended up
--
Welcome to the liers.org/liers.net auction notification list. You are
receiving this message because you have been subscribed to this list. This
list has been setup to notify you when the auction of "liers.org" and
"liers.net", on eBay commences. If you do not wish to be on this list you
On Thursday, 2002-02-28 at 08:37:45 -, Jeff wrote:
> I received this CERT Advisory about 6 hours ago, regarding PHP.
> The php website confirms the details: www.php.net
> I think this is going to be a problem for us, due to the way
> the Debian packaging works -
> We upgraded to Apache 1.3.
Does apt from potato (0.3.19) support Pinning? I don't think so. Thus,
you will need to upgrade your apt manually first.
--
Dmitry Borodaenko
On Thu, Feb 28, 2002 at 10:37:00AM +0100, Lupe Christoph wrote:
> If you want to run more up to date packages, you have to
> get them from the "testing",
On Thu, Feb 28, 2002 at 01:25:25PM +0200, Dmitry Borodaenko wrote:
> Does apt from potato (0.3.19) support Pinning? I don't think so. Thus,
> you will need to upgrade your apt manually first.
>
> On Thu, Feb 28, 2002 at 10:37:00AM +0100, Lupe Christoph wrote:
> > If you want to run more up to date
Previously Andrew Suffield wrote:
> The normal solution in debian is to backport a fix to stable. I see
> php.org has a patch for php 4.0.6, this can probably be backported to
> 4.0.3/4.0.5 fairly easily.
Already done. Before being able to make a php security fix we need
to fix the ABI changes in
Hello!
I am using netsaint_statd on a debian machine and I would like to know
what I am doing, eg what security holes may this create?
As I understand it, the netsaint_statd deamon makes it possible to
extract information about CPU load, disk usage, memory load etc.
Is this a security problem?
Has
> Andrew Suffield wrote:
> Installing unstable packages is in no sense a solution, for
> people doing serious security setups.
What should be realised of course, is that Apache recommended
moving to 1.3.19 and quite some time ago 1.3.23 - so while you
might consider the packaging to be unstable, t
I'm not aware of any security holes created by it... I
originally start'd using it with Netsaint to monitor 2 networks but then
changed over to NPRE as it had built-in mechanics for only allowing the
checks to come from a specific host(s) thereby greatly limiting who
could access that data
Netsaint is actually pretty extensible, if you do a bit of lateral thinking.
I implemented it for all of the linux boxes at an isp I was working at about
a year ago. However I wasnt particularly happy with the way it implemented
remote agents, iirc it used a perl script with sockets to access them.
On Thu, Feb 28, 2002 at 02:56:02PM -, Jeff wrote:
> > Andrew Suffield wrote:
> > Installing unstable packages is in no sense a solution, for
> > people doing serious security setups.
> What should be realised of course, is that Apache recommended
> moving to 1.3.19 and quite some time ago 1.3.2
On Thu, Feb 28, 2002 at 08:37:45AM -, Jeff wrote:
> I received this CERT Advisory about 6 hours ago, regarding PHP.
> The php website confirms the details: www.php.net
> I think this is going to be a problem for us, due to the way
> the Debian packaging works -
> I guess that the immediate so
For some very good reasons I had to do a mass change of passwords
on one of our exposed login machines (no breach/hack, different
reason).
There is a utility included in Debian Stable (and the others) to do
this called chpasswd.
I believe there may be some security issue
hello,
chpasswd is in the shadow source package (you can find this out using
apt-show commands). You can workaround the problem by using a script
which will use the -e option and fill an encrypted passwd, this will
also solved this other problem you talk about. There is a bug already
reported abou
29 matches
Mail list logo
