-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi
> > Is there a place where to find pending issues for debian? > > http://security.debian.org/ > Hm. I may be blind, but here I only see the already anounced issues. I am looking for a list of issues, not jet announced. Like the one in the SuSE Mailing. > 2) Pending vulnerabilities in SuSE Distributions and Workarounds: > > - openssh > After stabilizing the openssh package, updates for the > distributions 6.4-7.2 are currently being prepared. The update > packages fix a security problem related to the recently discovered > problems with source ip based access restrictions in a user's > ~/.ssh/authorized_keys2 file. The packages will appear shortly on > our ftp servers. Please note that packages for the distributions > 6.3 and up including 7.0 containing cryptographic software are > located on the German ftp server ftp.suse.de, all other packages > can be found on ftp.suse.com at the usual location. We will issue a > dedicated Security announcement for the openssh package. > > - The ziptool program runs setuid root in the easy permission > mode and contains an overflow which allows local attackers to gain > root privileges. A zipdrive must be configured and a zipdisk being > inserted in order to exploit the bug. The overflow has been fixed. > Please update your packages. > > - The ncpfs package containing the setuid root programs > ncpmount and ncpumount was vulnerable to local bufferoverflow > attacks. The package has been fixed. > Hendrik - -- PGP ID 21F0AC0265C92061 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (GNU/Linux) Comment: For info see http://www.gnupg.org iD4DBQE8BhpaIfCsAmXJIGERAkcbAJ9M0T0/mIu6eesnN380pZX0nKVuHACYhH0I jY3XZbsQBxSkvfisPy9TSQ== =W0uY -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
