Jan Luehr wrote:
> Is fix for 005 and 006 on its way?
The fixes you're talking about [1] don't seem complex at first sight,
as the patches for Drupal 4.6.6 [2,3] are pretty simple. So, I guess
the security team will be able to handle this without problems :)
If you can't wait, just try to apply t
Martin Schulze wrote:
> The following vulnerability matrix shows which version of MySQL in
> which distribution has this problem fixed:
>
>woodysargesid
> mysql3.23.49-8.15n/a n/a
> mysql-dfsg n/a 4.0.24-1
Adarsh V.P wrote:
> i am using hylafax with debian sarge.I can only use the fax
> utilites(sendfax,faxstat,...) while logging in as root.
Just "man faxadduser" can make you happy I guess :)
faxadduser and faxdelusers tools manage the hylafax auth files
/etc/hylafax/hosts.hfaxd
/va
Caroline Wassmuth a écrit :
> Bonjour,
> Je ne sais pas si je suis au bon endroit pour faire part d'un problème de
> livraison d'un colis La Redoute.
> Merci de bien vouloir me confirmer cette adresse afin que je vous explique
> mon cas.
> Salutations
> Caroline Wassmuth
How to explain her that
Christophe Chisogne a écrit :
> I guess lynx-ssl is affected too ? Is a lynx-ssl being prepared ?
Ok, it's DSA 876-1, solved :)
DSA-876-1 lynx-ssl -- buffer overflow
http://www.debian.org/security/2005/dsa-876
But I had a problem : I upgraded from Woody to Sarge.
Woody
Martin Schulze a écrit :
> Debian Security Advisory DSA 874-1 [EMAIL PROTECTED]
> (...)
> Package: lynx
> (...)
> For the stable distribution (sarge) this problem has been fixed in
> version 2.8.5-2sarge1.
I guess lynx-ssl is affected too ? Is a lynx-ssl being prepared
Martin C. a écrit :
> see any changes in that packagein 2.6.* kernels
The latest 2.6 kernel is found in kernel-image-2.6* packages.
Ex (for Pentium 4) : kernel-image-2.6-686 always depends
on the latest 2.6 kernel image available.
- In stable, it's version 101 [1] (2.6.8)
- In unstable, it's versi
Vincent Bernat a écrit :
> proftpd in Sarge is vulnerable to a format string vulnerability. The
> corresponding bug is marked as fixed in 1.2.10-20 and found in
> 1.2.10-15 (which is the Sarge version). This means that the Sarge
> version is still vulnerable.
Indeed, sarge proftpd
Geoff Crompton a écrit :
Similarly to my last email, is Debian's apache affected by this? Further
Woody isnt affected[1] :
CAN-2004-0174: Apache:
Denial of service via a "short-lived connection
on a rarely-accessed listening socket"
Ch.
[1] Non-Vulnerability Security Information for woody
http://w
Geoff Crompton a écrit :
I can't find a
DSA that corresponds to CAN-2003-0020.
Woody isnt affected[1] :
CAN-2003-0020: Apache:
Missing filter for terminal escape sequences from error logs
Ch.
[1] Non-Vulnerability Security Information for woody
http://www.nl.debian.org/security/nonvulns-woody
Jan Lühr a écrit :
Will kernel-source-2.4.27 be available in days or weeks?
I guess days, since security fixes often means 'priority=high'.
There are people working on it, ex Simon Horman. More infos:
activity on kernel-source-2.4.27-2.4.27 (svn, Debian subversion)
http://svn.debian.org/wsvn/kerne
Jan Lühr a écrit :
Do you recommend to use kernel-source-2.4.27 from sid (sarge) instead of
2.4.18 from woody?
On a production server, I would run 2.4, not 2.6. And as Debian security
support seems better now for the 2.4.27 kernel, I would choose it.
It include fixes backported from kernel.org 2.4
A.J. Loonstra a écrit :
I tried modifying the exploit not to use /dev/shm... but this is wat
happens:
(...)
It says it did exploit but it didn't...
I just modify it the same way (without /dev/shm tmpfs-mounted).
And it worked as expected (uid 0 and root access).
Perhaps you inadvertly entered the
Christophe Chisogne a écrit :
Vladislav Kurz a écrit :
mount -t tmpfs tmpfs /dev/shm
With or without that, it fails with
Oups, I'm sorry, it really works, with /dev/shm mounted :(
but for about 10% of executions. (yes, 'again' was the keyword)
Tested with 2.4.27-1-686 (2004-09-03
Vladislav Kurz a écrit :
mount -t tmpfs tmpfs /dev/shm
With or without that, it fails with
"[-] FAILED: uselib (Cannot allocate memory)
Killed"
Tested with 2.4.27-1-686 (2004-09-03)
compiled with gcc (GCC) 3.3.5 (Debian 1:3.3.5-5)
and 2.4.27 kernel headers
(-I/usr/src/kernel-source-2.4.27/include/)
A kernel vulnerability related to intel drms
(CAN-2004-1056 insufficient locking checks in DRM code),
has been reported by some vendors [5-7].
It seems to have been fixed in kernel-source-2.6.8-11,
and will be fixed by a backport to kernel-source-2.4.27-8
(also fixes CAN-2004-1235 about uselib) [1-
ravier françois a écrit :
bonjour,
je vous envoye se mail car j'ai un probleme de message qui apparais sur mon
ecran se message et le suivant ,
free ver
guardian activation limit exceeded for the free version please restart to
recharge
si vous pouvrer m'indiquée comment faire pour mens séparée.
a
Christophe Chisogne a écrit :
I see that the "FPU crash CAN-2004-0554" is fixed:
PS I found that information from (Google and) bug #253871.
Debian Bug report logs - #253871
CAN-2004-0554 user application can hang the kernel
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=253871
Ch.
Philip Ross a écrit :
The latest 2.4 kernel for Woody (kernel-image-2.4.18-1-686 version
2.4.18-13.1) is still vulnerable to the FPU crash CAN-2004-0554
discovered back in June 2004 and fixed in the 2.4.27 kernel. The code
available at http://www.securiteam.com/exploits/5ZP0N0AD5A.html will
cra
David Ramsden a écrit :
On Sat, Nov 13, 2004 at 04:41:00PM -0800, peace bwitchu wrote:
http://securitytracker.com/alerts/2004/Nov/1012165.html
PoC for the first one is at:
http://www.k-otik.com/exploits/2004.elfdump.c.php
There is a reference in the changelog for 2.4.28-rc3:
"binfmt_elf: han
martin f krafft wrote:
guy behind the repository is not a Debian developer. This simply
means that you cannot trust him the same way you trust Debian
developers, whether about integrity or competence.
In a few words: perhaps he's not Debian Developper (I dont know),
but he's well know in the (frenc
Seems imlib has multiple overflows vulnerabilities [1,2,3].
Are Woody/Sarge vulnerable? Is a DSA in preparation for it?
Christophe
[1] imlib: Buffer overflows in image decoding
http://www.gentoo.org/security/en/glsa/glsa-200412-03.xml
[2] CAN-2004-1026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
A bug report about a vulnerability of 'dir' [1] in package coreutils says it
"was fixed upstream in coreutils-5.1.0, and the latest is coreutils-5.2.0"
but Debian/woody is vulnerable (dir is in woody package fileutils).
I just filed a bug [2] for fileutils on woody, and I'm posting here
because it'
Is Debian webmin vulnerable to this one?
I dont see anything on deb security page.
GLSA 200406-12: Webmin: Multiple vulnerabilities
Published: Jun 16, 2004
http://www.securityfocus.com/advisories/6857
Christophe
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble?
On proftpd.org front page, I read proftpd has a bug relating
to ASCII translation [1]. Previous one [2] was critical
(remote root shell) but affected only proftpd 1.2.7rc1 and up.
Woody/stable has 1.2.4+1.2.5rc1, which is clearly not affected
by the previous one.
But is it affected by the new p
On proftpd.org front page, I read proftpd has a bug relating
to ASCII translation [1]. Previous one [2] was critical
(remote root shell) but affected only proftpd 1.2.7rc1 and up.
Woody/stable has 1.2.4+1.2.5rc1, which is clearly not affected
by the previous one.
But is it affected by the new proft
26 matches
Mail list logo