potato libssl09 package vulnerable?

2002-08-02 Thread Paul Baker
So I see that the openssl, libssl-dev, libssl0.9.6 packages in potato have been fixed for DSA-136-1. I'm wondering if the libssl09 packages are also vulnerable to this exploit? If it is, is a fixed package going to be out soon, or should I be expending the effort to back port woody's openssl094

PGP

2002-08-02 Thread Daniel Rychlik
-BEGIN PGP SIGNED MESSAGE- Hello, I have recently setup PGP on my Debian server at home. I have setup Exim for relay of 3 hosts. I would like to be able to include pgp signature signing for the three hosts. My wife uses Outlook for her email and I was wandering if their was a way to

PGP

2002-08-02 Thread Daniel Rychlik
G jq q

Re: Question on the safety sharing NFS with untrusted machines.

2002-08-02 Thread Michelle Konzack
Hello, there is a Debian-Package ssl-nfs (or secure-nfs) in the Mirror... It is much more save the all other trics with your Networks. Michelle Am 13:07 25/07/02 -0500 hat Dast geschrieben: > >Hello all, >So my question is, is it safer to host the NFS from the DMZ and mount >remotely on machin

Re: (fwd) OpenSSH trojan!

2002-08-02 Thread Vincent Hanquez
On Fri, Aug 02, 2002 at 05:10:11PM +0300, Halil Demirezen wrote: > I wanna make it clear. > > We are using OpenSSH_3.4p1 Debian 1:3.4p1-1, SSH protocols 1.5/2.0, > OpenSSL 0x0090603f > > > and we installed the ssh from the deb packages using > apt-get install utility. > > I wonder if there is a

Re: (fwd) OpenSSH trojan!

2002-08-02 Thread Florian Weimer
Halil Demirezen <[EMAIL PROTECTED]> writes: > and we installed the ssh from the deb packages using > apt-get install utility. > > I wonder if there is any risk on this stable version of OpenSSH > (Debian) undependent from openbsd's source tarball? There isn't an easy way to determine whether a De

Re: (fwd) OpenSSH trojan!

2002-08-02 Thread Halil Demirezen
I wanna make it clear. We are using OpenSSH_3.4p1 Debian 1:3.4p1-1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f and we installed the ssh from the deb packages using apt-get install utility. I wonder if there is any risk on this stable version of OpenSSH (Debian) undependent from openbsd's source

Re: (fwd) OpenSSH trojan!

2002-08-02 Thread Vincent Hanquez
On Fri, Aug 02, 2002 at 03:36:53PM +0200, Florian Weimer wrote: > Vincent Hanquez <[EMAIL PROTECTED]> writes: > > > as the others said, no. > > only Openbsd source package has been trojaned > > No, both 3.4p1 and 3.2.2p1 (portable versions) have been changed, too. sorry i've forget a word. I was

Re: (fwd) OpenSSH trojan!

2002-08-02 Thread Florian Weimer
Vincent Hanquez <[EMAIL PROTECTED]> writes: > as the others said, no. > only Openbsd source package has been trojaned No, both 3.4p1 and 3.2.2p1 (portable versions) have been changed, too. -- Florian Weimer[EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-S

Re: (fwd) OpenSSH trojan!

2002-08-02 Thread Vincent Hanquez
On Fri, Aug 02, 2002 at 02:27:11PM +0300, Halil Demirezen wrote: > I installl my Debian system on 29th July. and i get the packets from > mirror security.debian... as anyone can say , should i be worried.? as the others said, no. only Openbsd source package has been trojaned -- Tab

Re: (fwd) OpenSSH trojan!

2002-08-02 Thread Halil Demirezen
I installl my Debian system on 29th July. and i get the packets from mirror security.debian... as anyone can say , should i be worried.? On Thu, 1 Aug 2002, Dale Amon wrote: > On Thu, Aug 01, 2002 at 03:06:47PM -0500, Daniel J. Rychlik wrote: > > Should debian users be worried if they only inst

Re: openssh-3.4p1.tar.gz on ftp.openbsd.org trojaned

2002-08-02 Thread Roberto Gordo Saez
See also: http://online.securityfocus.com/archive/75/285547/2002-07-30/2002-08-05/0/ -- Roberto Gordo - Free Software Engineer Linalco "Especialistas Linux y en Software Libre" Tel: +34-91-5970074 Fax: +34-91-5970083