On Wed, 2005-11-09 at 23:01 -0500, Marc Deslauriers wrote:
> On Wed, 2005-11-09 at 17:21 -0500, Marc Deslauriers wrote:
> > Right now, the worm that is going around is targeting CAN-2005-1921. FL
> > released updates for that in July.
> >
> > Tonight, I'll build some packages that address all the
On Wed, 2005-11-09 at 17:21 -0500, Marc Deslauriers wrote:
> Right now, the worm that is going around is targeting CAN-2005-1921. FL
> released updates for that in July.
>
> Tonight, I'll build some packages that address all the other issues,
> just in case. They will be located here for QA:
>
>
> On Wed, Nov 09, 2005 at 05:04:27PM -0500, James Kosin wrote:
> > They also address CVE-2005-3353, CVE-2005-3388, CVE-2005-3389 and
> > CVE-2005-3390...
> > do we need to concern ourselves with these?
>
> Do you plan to wait until attacks will show up?
>
> Michal
Everyday in my logs now I see
On Wed, 2005-11-09 at 17:04 -0500, James Kosin wrote:
> >>The CVE website states that CAN-2005-2498 is not the same as
> >>CAN-2005-1921; so, I think to reason; both need to be fixed if we are
> >>vulnerable.
> >
> >
> >Indeed. But sources referenced in RHSA-2005:564-15, where
> >CAN-2005-1751 and
On Wed, Nov 09, 2005 at 05:04:27PM -0500, James Kosin wrote:
> They also address CVE-2005-3353, CVE-2005-3388, CVE-2005-3389 and
> CVE-2005-3390...
> do we need to concern ourselves with these?
Do you plan to wait until attacks will show up?
Michal
--
fedora-legacy-list mailing list
fedora-leg
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Michal Jaegermann wrote:
>On Wed, Nov 09, 2005 at 04:19:35PM -0500, James Kosin wrote:
<< SNIP >>
We could base our build for FC1 from the patches in FC3... If and
only if, we are allowed to update some packages inside to newer
versions. FC3
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Michal Jaegermann wrote:
>On Wed, Nov 09, 2005 at 04:19:35PM -0500, James Kosin wrote:
>
>>>On Wed, Nov 09, 2005 at 11:22:28AM -0800, Jesse Keating wrote:
>>>
Does look like we need to patch this. RHEL issued an update,
>>>
>>>
>>>Do you mea
On Wed, Nov 09, 2005 at 04:19:35PM -0500, James Kosin wrote:
> > On Wed, Nov 09, 2005 at 11:22:28AM -0800, Jesse Keating wrote:
> >
> >> Does look like we need to patch this. RHEL issued an update,
> >
> >
> > Do you mean that one from August?
> > https://rhn.redhat.com/errata/RHSA-2005-748.html CA
> On Wed, 2005-11-09 at 13:27 -0700, Michal Jaegermann wrote:
> > If I understand correctly that is really an XML_RPC vulnerability in
> > pear libraries; so if you do not have such capability, or it is not
> > turned on, then you are not vulnerable. Of course there are some
> > applications which
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Jesse Keating wrote:
>On Wed, 2005-11-09 at 13:36 -0700, Michal Jaegermann wrote:
>
>>Do you mean that one from August?
>>https://rhn.redhat.com/errata/RHSA-2005-748.html
>>CAN ids between that one and
>>http://www.securityfocus.com/bid/14088/in
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Michal Jaegermann wrote:
> On Wed, Nov 09, 2005 at 11:22:28AM -0800, Jesse Keating wrote:
>
>> On Wed, 2005-11-09 at 14:12 -0500, Josep L. Guallar-Esteve wrote:
>>
>>
>>> http://www.securityfocus.com/bid/14088/info
>>> http://vil.nai.com/vil/con
On Wed, 9 Nov 2005, Jason Edgecombe wrote:
Dan Hollis wrote:
It doesnt exist in fedora at all right now, extras or not.
I was just pointing out that these recent incidents are a strong argument
for putting mod_security in core.
It doesn't exist?!
Then what's this:
http://mirror.linux.duke.edu/
On Wed, 2005-11-09 at 13:36 -0700, Michal Jaegermann wrote:
> Do you mean that one from August?
> https://rhn.redhat.com/errata/RHSA-2005-748.html
> CAN ids between that one and
> http://www.securityfocus.com/bid/14088/info
> do not agree although the latest worm descriptions would suggest
> that R
On Wed, 2005-11-09 at 13:27 -0700, Michal Jaegermann wrote:
> If I understand correctly that is really an XML_RPC vulnerability in
> pear libraries; so if you do not have such capability, or it is not
> turned on, then you are not vulnerable. Of course there are some
> applications which require t
On Wed, Nov 09, 2005 at 11:22:28AM -0800, Jesse Keating wrote:
> On Wed, 2005-11-09 at 14:12 -0500, Josep L. Guallar-Esteve wrote:
> > http://www.securityfocus.com/bid/14088/info
> > http://vil.nai.com/vil/content/v_136821.htm
> > http://news.zdnet.com/2100-1009_22-5938475.html
> > http://www.eweek
On Wed, Nov 09, 2005 at 02:12:45PM -0500, Josep L. Guallar-Esteve wrote:
> On Wednesday 09 November 2005 14:02, Matthew Nuzum wrote:
> > Which worm is this that you're guarding against? I haven't heard of a new
> > worm yet.
>
> http://www.securityfocus.com/bid/14088/info
..
If I understand co
Dan Hollis wrote:
On Wed, 9 Nov 2005, Jesse Keating wrote:
On Wed, 2005-11-09 at 11:33 -0800, Dan Hollis wrote:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139778
seems like a damn good idea now.
If this package exists in Extras, it could be easily rebuilt for Fedora
1,2.
It do
On Wed, 9 Nov 2005, Jesse Keating wrote:
On Wed, 2005-11-09 at 11:33 -0800, Dan Hollis wrote:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139778
seems like a damn good idea now.
If this package exists in Extras, it could be easily rebuilt for Fedora
1,2.
It doesnt exist in fedora at
On Wed, 2005-11-09 at 11:33 -0800, Dan Hollis wrote:
>
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139778
>
> seems like a damn good idea now.
If this package exists in Extras, it could be easily rebuilt for Fedora
1,2.
--
Jesse Keating RHCE (http://geek.j2solutions.net)
Fedora
On Wed, 9 Nov 2005, James Kosin wrote:
In light of the recent PHP attacks, I've added as a precautionary
measure the mod_security module to my RPM for the httpd (Apache) web
server to help secure things more.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139778
seems like a damn
On Wed, 2005-11-09 at 14:12 -0500, Josep L. Guallar-Esteve wrote:
> http://www.securityfocus.com/bid/14088/info
> http://vil.nai.com/vil/content/v_136821.htm
> http://news.zdnet.com/2100-1009_22-5938475.html
> http://www.eweek.com/article2/0,1759,1882889,00.asp?kc=EWRSS03129TX1K616
> http://new
Am Mi, den 09.11.2005 schrieb Matthew Nuzum um 20:02:
> > In light of the recent PHP attacks, I've added as a precautionary
> > measure the mod_security module to my RPM for the httpd (Apache) web
> > server to help secure things more.
> > I haven't experienced
On Wednesday 09 November 2005 14:02, Matthew Nuzum wrote:
> Which worm is this that you're guarding against? I haven't heard of a new
> worm yet.
http://www.securityfocus.com/bid/14088/info
http://vil.nai.com/vil/content/v_136821.htm
http://news.zdnet.com/2100-1009_22-5938475.html
http://www.eweek
> From: [EMAIL PROTECTED] [mailto:fedora-legacy-list-
> [EMAIL PROTECTED] On Behalf Of James Kosin
> Sent: Wednesday, November 09, 2005 9:27 AM
> To: Discussion of the Fedora Legacy Project
> Subject: PHP Attacks
>
> Everyone,
>
> In light of the recent PH
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Everyone,
In light of the recent PHP attacks, I've added as a precautionary
measure the mod_security module to my RPM for the httpd (Apache) web
server to help secure things more.
I haven't experienced the problem; yet, KNOCKING on W
25 matches
Mail list logo