Hi,
Markus Schabel wrote:
>
> I've seen some strange things on my (stable with security-updates)
> server: the last apt-get update didn't work because gzip segfaultet.
> I've copied gzip from another server over the version on this server,
> but it also crashed. Interesting was that the executabl
Hi list,
You know, as DSA-384-1, sendmail buffer overflow vulnerability
is fixed but another hole "sendmail relay access restrictions
can be bypassed with bogus DNS"(*) is NOT fixed yet.
* http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=174907
Do you know why maintainer let this issue alo
Hi list,
You know, as DSA-384-1, sendmail buffer overflow vulnerability
is fixed but another hole "sendmail relay access restrictions
can be bypassed with bogus DNS"(*) is NOT fixed yet.
* http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=174907
Do you know why maintainer let this issue alo
On Wed, 17 Sep 2003 22:29:58 +0200
Markus Schabel <[EMAIL PROTECTED]> wrote:
> I've seen some strange things on my (stable with security-updates)
> server: the last apt-get update didn't work because gzip segfaultet.
> I've copied gzip from another server over the version on this server,
> but it
On Wed, 17 Sep 2003 22:29:58 +0200
Markus Schabel <[EMAIL PROTECTED]> wrote:
> I've seen some strange things on my (stable with security-updates)
> server: the last apt-get update didn't work because gzip segfaultet.
> I've copied gzip from another server over the version on this server,
> but it
Hello!
I've seen some strange things on my (stable with security-updates)
server: the last apt-get update didn't work because gzip segfaultet.
I've copied gzip from another server over the version on this server,
but it also crashed. Interesting was that the executable was bigger
after the segfau
Viestissä Keskiviikko 17. Syyskuuta 2003 18:18, Robert Brockway kirjoitti:
> Hi. I just wanted to say thanks to the security team for the rapid
> deployment of the fixed versions of OpenSSH (twice).
>
> Often people are quick to post negative emails and not so quick to post
> positive emails, so I
Hello!
I've seen some strange things on my (stable with security-updates)
server: the last apt-get update didn't work because gzip segfaultet.
I've copied gzip from another server over the version on this server,
but it also crashed. Interesting was that the executable was bigger
after the segfaul
Viestissä Keskiviikko 17. Syyskuuta 2003 18:18, Robert Brockway kirjoitti:
> Hi. I just wanted to say thanks to the security team for the rapid
> deployment of the fixed versions of OpenSSH (twice).
>
> Often people are quick to post negative emails and not so quick to post
> positive emails, so I
Robert Brockway wrote:
Hi. I just wanted to say thanks to the security team for the rapid
deployment of the fixed versions of OpenSSH (twice).
I fully agree. thanks a lot!
--Chris
Adrian von Bidder wrote:
On Tuesday 16 September 2003 22:30, Rich Puhek wrote:
[mix stable/testing/unstable]
This is what I usually do - and usually, it works quite fine. Right now,
though, I've been pulling in more and more from testing/unstable since some
things depend on the new glibc, a
Arthur de Jong wrote:
> This will only work for a little while as a colleague of mine noted. This
> will block
> * IN A 64.94.110.11
> but not
> * IN NS 64.94.110.11
> which is a valid delegation. The 64.94.110.11 nameserver should then only
> return 64.94.110.11 for all requests for
ke, 2003-09-17 kello 18:12, James Miller kirjoitti:
> Will the package maintainers of BIND be integrating the patches from
> ISC-BIND to negate Verisign's recent shenanigans?
Well, it's not only a patch, it's part of bind upstream releases, so yes
of course it will eventually be in the packaged v
Ack, sorry folks.. I need to finish reading my mail before sending anything
out.
-Original Message-
From: James Miller [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 17, 2003 10:12 AM
To: debian-security@lists.debian.org
Subject: Verisign and Bind update
Will the package maintain
Hi. I just wanted to say thanks to the security team for the rapid
deployment of the fixed versions of OpenSSH (twice).
Often people are quick to post negative emails and not so quick to post
positive emails, so I just wanted to say that many of us really do
appreciate the work the security team
Will the package maintainers of BIND be integrating the patches from
ISC-BIND to negate Verisign's recent shenanigans?
--from ISC's web site --
In response to high demand from our users, ISC is releasing a patch for BIND
to support the declaration of "delegation-only" zones in caching/recursive
Robert Brockway wrote:
Hi. I just wanted to say thanks to the security team for the rapid
deployment of the fixed versions of OpenSSH (twice).
I fully agree. thanks a lot!
--Chris
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Adrian von Bidder wrote:
On Tuesday 16 September 2003 22:30, Rich Puhek wrote:
[mix stable/testing/unstable]
This is what I usually do - and usually, it works quite fine. Right now,
though, I've been pulling in more and more from testing/unstable since some
things depend on the new glibc, and
Arthur de Jong wrote:
> This will only work for a little while as a colleague of mine noted. This
> will block
> * IN A 64.94.110.11
> but not
> * IN NS 64.94.110.11
> which is a valid delegation. The 64.94.110.11 nameserver should then only
> return 64.94.110.11 for all requests for
On Wed, 17 Sep 2003, Gaël Le Mignot wrote:
> > What precisely have they done? I'd not heard about
> > their latest idiocy...
>
> They decided to answer to all requests for a non-existing domain in
> .com or .net with the IP of some of their computers, hosting an
> advertising page...
ke, 2003-09-17 kello 18:12, James Miller kirjoitti:
> Will the package maintainers of BIND be integrating the patches from
> ISC-BIND to negate Verisign's recent shenanigans?
Well, it's not only a patch, it's part of bind upstream releases, so yes
of course it will eventually be in the packaged v
Ack, sorry folks.. I need to finish reading my mail before sending anything
out.
-Original Message-
From: James Miller [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 17, 2003 10:12 AM
To: [EMAIL PROTECTED]
Subject: Verisign and Bind update
Will the package maintainers of BIND be
Hi. I just wanted to say thanks to the security team for the rapid
deployment of the fixed versions of OpenSSH (twice).
Often people are quick to post negative emails and not so quick to post
positive emails, so I just wanted to say that many of us really do
appreciate the work the security team
Will the package maintainers of BIND be integrating the patches from
ISC-BIND to negate Verisign's recent shenanigans?
--from ISC's web site --
In response to high demand from our users, ISC is releasing a patch for BIND
to support the declaration of "delegation-only" zones in caching/recursive
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi!
Many people asked (in messages to [EMAIL PROTECTED]) how to get the security
updates when there's a newer version of the package in question in
proposed-updates, so I thought that posting this here could be useful.
Here's the way I do it recently:
Add (for every package you need) an entry li
On Wed, 17 Sep 2003, Gaël Le Mignot wrote:
> > What precisely have they done? I'd not heard about
> > their latest idiocy...
>
> They decided to answer to all requests for a non-existing domain in
> .com or .net with the IP of some of their computers, hosting an
> advertising page...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> While the "first generation" patches work with hardcoded values, there
> are others that are much more general. Check the link of the ISC patch
> for a description:
>
> http://www.isc.org/products/BIND/delegation-only.html
This will only work for
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Dale Amon ([EMAIL PROTECTED]) wrote:
> On Wed, Sep 17, 2003 at 11:57:16AM +0100, Andy Coates wrote:
> > They've put a wildcard DNS entry for .com and .net to resolve to their
> > product called "SiteFinder" which offers a IE/MSN like "Did you mean
> > to type " services.
> >
> > So any domain
On Wed, Sep 17, 2003 at 12:41:48PM +0200, Lukas Ruf wrote:
>
> do you also provide the sources of your unofficial distribution?
>
I just uploaded them (http://debian.home-dn.net/woody/ssh/)
apt-get source should work too
--
Emmanuel Lacour Easter-eggs
44
On Wed, Sep 17, 2003 at 11:57:16AM +0100, Andy Coates wrote:
> They've put a wildcard DNS entry for .com and .net to resolve to their
> product called "SiteFinder" which offers a IE/MSN like "Did you mean
> to type " services.
>
> So any domain that doesn't exist, or in the PENDING/DELETE stat
Hi!
Many people asked (in messages to [EMAIL PROTECTED]) how to get the security
updates when there's a newer version of the package in question in
proposed-updates, so I thought that posting this here could be useful.
Here's the way I do it recently:
Add (for every package you need) an entry li
Emmanuel,
> Emmanuel Lacour <[EMAIL PROTECTED]> [2003-09-17 12:33]:
>
> On Wed, Sep 03, 2003 at 11:20:45AM +0200, Matthias Faulstich wrote:
> > Hello,
> >
> > does anybody know, whether the chroot-patch will be included in future
> > versions of the official ssh package?
> >
>
> I maintain an
On Wednesday 17 September 2003 12:46, Dale Amon wrote:
> What precisely have they done? I'd not heard about
> their latest idiocy...
[EMAIL PROTECTED]:~$ dig verisign-go-fuck-yourself.com
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.2.2 <<>> verisign-go-fuck-yourself.com
;; global options: p
On Wednesday 17 September 2003 12:46, Dale Amon wrote:
> What precisely have they done? I'd not heard about
> their latest idiocy...
They have registered domains like
http://www.islandone-is-bad.org
to point to their own web site. (Note: the web site is overloaded and thus
frequently doesn't work
> What precisely have they done? I'd not heard about
> their latest idiocy...
They decided to answer to all requests for a non-existing domain in
.com or .net with the IP of some of their computers, hosting an
advertising page...
--
Gael Le Mignot "Kilobug" - [EMAIL PROTECTED] - htt
Dale Amon ([EMAIL PROTECTED]) wrote:
> What precisely have they done? I'd not heard about
> their latest idiocy...
>
> [I note that I just got html mail from them about
> a domain renewal... I just delete html mail
> without reading.]
They've put a wildcard DNS entry for .com and .net to res
> > does anybody know, whether the chroot-patch will be included in
future
> > versions of the official ssh package?
thanks to Emmanuel Lacour, there is also a private repository with
ssh+chroot for woody:
http://debian.home-dn.net/woody/ssh/
Alexis Bory
On Wednesday 17 September 2003 11:57, Ronny Adsetts wrote:
> Better to get Verisign to revoke this stupidity. After all, another TLD
> did the same some time ago and the US government intervened, IIRC, to
> get it changed back (.biz?).
>
host sdkljhsdlfkjsdfkljsdf.cc
sdkljhsdlfkjsdfkljsdf.cc has
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> While the "first generation" patches work with hardcoded values, there
> are others that are much more general. Check the link of the ISC patch
> for a description:
>
> http://www.isc.org/products/BIND/delegation-only.html
This will only work for
What precisely have they done? I'd not heard about
their latest idiocy...
[I note that I just got html mail from them about
a domain renewal... I just delete html mail
without reading.]
--
--
IN MY NAME:Dale Amon, CEO/MD
On 17 Sep 2003, Ronny Adsetts wrote:
> Adding this *hard coded* value to an official Debian package that could
> be around for a couple of years (in stable) would be foolish IMHO. I
> haven't reviewed the patch, so may be wrong about the nature of it...
> (anyone have a link for the patch?)
While
On Wed, Sep 03, 2003 at 11:20:45AM +0200, Matthias Faulstich wrote:
> Hello,
>
> does anybody know, whether the chroot-patch will be included in future
> versions of the official ssh package?
>
I maintain an unofficial at :
deb http://debian.home-dn.net/woody ssh/
(up to date with last secur
It is not hardcoded. A new configuration directive has been added, and
it is completely up to the administrator to decide to use it.
http://www.isc.org/products/BIND/delegation-only.html
Boyan Krosnov, CCIE#8701
http://boyan.ludost.net/
just another techie speaking for himself
> -Original Me
Adrian von Bidder said the following on 17/09/03 10:11:
Patches for various dns servers to get back to the old behaviour of
the dns system have been published. For example, the ISC has just
released an "official" patch for BIND9.
I wonder if there are plans to make security upgrades of the dns
Dale Amon ([EMAIL PROTECTED]) wrote:
> On Wed, Sep 17, 2003 at 11:57:16AM +0100, Andy Coates wrote:
> > They've put a wildcard DNS entry for .com and .net to resolve to their
> > product called "SiteFinder" which offers a IE/MSN like "Did you mean
> > to type " services.
> >
> > So any domain
On Wed, Sep 17, 2003 at 12:41:48PM +0200, Lukas Ruf wrote:
>
> do you also provide the sources of your unofficial distribution?
>
I just uploaded them (http://debian.home-dn.net/woody/ssh/)
apt-get source should work too
--
Emmanuel Lacour Easter-eggs
44
On Wed, Sep 17, 2003 at 11:57:16AM +0100, Andy Coates wrote:
> They've put a wildcard DNS entry for .com and .net to resolve to their
> product called "SiteFinder" which offers a IE/MSN like "Did you mean
> to type " services.
>
> So any domain that doesn't exist, or in the PENDING/DELETE stat
Emmanuel,
> Emmanuel Lacour <[EMAIL PROTECTED]> [2003-09-17 12:33]:
>
> On Wed, Sep 03, 2003 at 11:20:45AM +0200, Matthias Faulstich wrote:
> > Hello,
> >
> > does anybody know, whether the chroot-patch will be included in future
> > versions of the official ssh package?
> >
>
> I maintain an
On Wednesday 17 September 2003 12:46, Dale Amon wrote:
> What precisely have they done? I'd not heard about
> their latest idiocy...
[EMAIL PROTECTED]:~$ dig verisign-go-fuck-yourself.com
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.2.2 <<>> verisign-go-fuck-yourself.com
;; global options: p
On Wednesday 17 September 2003 10:48, Oliver Hitz wrote:
> Patches for various dns servers to get back to the old behaviour of the
> dns system have been published. For example, the ISC has just released
> an "official" patch for BIND9.
>
> I wonder if there are plans to make security upgrades of
On Wednesday 17 September 2003 12:46, Dale Amon wrote:
> What precisely have they done? I'd not heard about
> their latest idiocy...
They have registered domains like
http://www.islandone-is-bad.org
to point to their own web site. (Note: the web site is overloaded and thus
frequently doesn't work
> What precisely have they done? I'd not heard about
> their latest idiocy...
They decided to answer to all requests for a non-existing domain in
.com or .net with the IP of some of their computers, hosting an
advertising page...
--
Gael Le Mignot "Kilobug" - [EMAIL PROTECTED] - htt
Dale Amon ([EMAIL PROTECTED]) wrote:
> What precisely have they done? I'd not heard about
> their latest idiocy...
>
> [I note that I just got html mail from them about
> a domain renewal... I just delete html mail
> without reading.]
They've put a wildcard DNS entry for .com and .net to res
> > does anybody know, whether the chroot-patch will be included in
future
> > versions of the official ssh package?
thanks to Emmanuel Lacour, there is also a private repository with
ssh+chroot for woody:
http://debian.home-dn.net/woody/ssh/
Alexis Bory
--
To UNSUBSCRIBE, email to [EMAIL
On Wednesday 17 September 2003 11:57, Ronny Adsetts wrote:
> Better to get Verisign to revoke this stupidity. After all, another TLD
> did the same some time ago and the US government intervened, IIRC, to
> get it changed back (.biz?).
>
host sdkljhsdlfkjsdfkljsdf.cc
sdkljhsdlfkjsdfkljsdf.cc has
What precisely have they done? I'd not heard about
their latest idiocy...
[I note that I just got html mail from them about
a domain renewal... I just delete html mail
without reading.]
--
--
IN MY NAME:Dale Amon, CEO/MD
Hi all,
By now probably everybody has heard about Verisign's latest change to
the .net and .com domains (otherwise read about it in your favourite
tech news site). While the security of dns per se is not really
affected, the change influences other services such as spam
countermeasures.
Patches f
On 17 Sep 2003, Ronny Adsetts wrote:
> Adding this *hard coded* value to an official Debian package that could
> be around for a couple of years (in stable) would be foolish IMHO. I
> haven't reviewed the patch, so may be wrong about the nature of it...
> (anyone have a link for the patch?)
While
On Wed, Sep 03, 2003 at 11:20:45AM +0200, Matthias Faulstich wrote:
> Hello,
>
> does anybody know, whether the chroot-patch will be included in future
> versions of the official ssh package?
>
I maintain an unofficial at :
deb http://debian.home-dn.net/woody ssh/
(up to date with last secur
It is not hardcoded. A new configuration directive has been added, and
it is completely up to the administrator to decide to use it.
http://www.isc.org/products/BIND/delegation-only.html
Boyan Krosnov, CCIE#8701
http://boyan.ludost.net/
just another techie speaking for himself
> -Original Me
Adrian von Bidder said the following on 17/09/03 10:11:
Patches for various dns servers to get back to the old behaviour of
the dns system have been published. For example, the ISC has just
released an "official" patch for BIND9.
I wonder if there are plans to make security upgrades of the dns
s
* Shane Machon ([EMAIL PROTECTED]) [030917 06:50]:
> On a more general note, is potato still supported by the Security Team?
No. There was a notice sometimes ago.
Cheers,
Andi
--
http://home.arcor.de/andreas-barth/
PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
On Wed, Sep 17, 2003 at 12:12:35AM -0700, Rick Moen wrote:
> I note:
> http://incoming.debian.org/ssh_3.6.1p2-8_i386.deb
> http://incoming.debian.org/ssh_3.6.1p2-8_mipsel.deb
> http://incoming.debian.org/ssh_3.6.1p2-8_powerpc.deb
>
> ...and would guess they're built from upstream's v. 3.7.1.
>
On Wednesday 17 September 2003 10:48, Oliver Hitz wrote:
> Patches for various dns servers to get back to the old behaviour of the
> dns system have been published. For example, the ISC has just released
> an "official" patch for BIND9.
>
> I wonder if there are plans to make security upgrades of
To,Digital Brand Manager,clear express web support,from: [EMAIL PROTECTED]Dear brother Christ,common Name:Peyyala PhillipOrganisation Name:Mr&Mrs Peyyala Phillip marys ministries
we have already rigistered delphi advanced mail registration membership option 3 paid US $15 to delphi forms LLC.USA da
Quoting Jan Niehusmann ([EMAIL PROTECTED]):
> So I guess we all have to upgrade again. Didn't see packages with
> patches derived from 3.7.1, yet.
I note:
http://incoming.debian.org/ssh_3.6.1p2-8_i386.deb
http://incoming.debian.org/ssh_3.6.1p2-8_mipsel.deb
http://incoming.debian.org/ssh_3.6.1p
On Tuesday 16 September 2003 22:30, Rich Puhek wrote:
[mix stable/testing/unstable]
This is what I usually do - and usually, it works quite fine. Right now,
though, I've been pulling in more and more from testing/unstable since some
things depend on the new glibc, and some other things randomly
On Wed, Sep 17, 2003 at 08:24:43AM +0300, Birzan George Cristian wrote:
> According to the DSA, this is based on the 3.7 fix. OpenSSH's site lists
> the only not vulnerable version as 3.7.1. In my mind, that means the ssh
> version on security.debian.org right now is _STILL_ vulnerable. I'm not
> a
Hi all!
After the woody security fix of ssh (new version 3.4p1-1.1) we cannot
use HostBased Authentication for SSH V.2. There was no change in the
configuration files or the host keys, besides, interestingly the
/etc/ssh/ssh_host_key
(responsible for V.1 authentication, thus uninteresing
Hi all,
By now probably everybody has heard about Verisign's latest change to
the .net and .com domains (otherwise read about it in your favourite
tech news site). While the security of dns per se is not really
affected, the change influences other services such as spam
countermeasures.
Patches f
On Tue, Sep 16, 2003 at 09:51:43PM +0200, Matthias Merz wrote:
> So only one problem remains: The version in woody-proposed-updates is
> 1:3.4p1-1.woody.1 which is "newer" than the patched version. So I had to
> manually "downgrade" my proposed-updates-version to get the fix.
> (apt-get dist-upgrad
On Tue, Sep 16, 2003 at 01:10:34PM -0400, Dossy wrote:
> On 2003.09.16, Christian Hammers <[EMAIL PROTECTED]> wrote:
> > The new version has already been installed. This was quick. Good work,
> > security team.
> >
> > openssh (1:3.4p1-1.1) stable-security; urgency=high
> >
> > * NMU by the se
* Shane Machon ([EMAIL PROTECTED]) [030917 06:50]:
> On a more general note, is potato still supported by the Security Team?
No. There was a notice sometimes ago.
Cheers,
Andi
--
http://home.arcor.de/andreas-barth/
PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
--
On Wed, Sep 17, 2003 at 12:12:35AM -0700, Rick Moen wrote:
> I note:
> http://incoming.debian.org/ssh_3.6.1p2-8_i386.deb
> http://incoming.debian.org/ssh_3.6.1p2-8_mipsel.deb
> http://incoming.debian.org/ssh_3.6.1p2-8_powerpc.deb
>
> ...and would guess they're built from upstream's v. 3.7.1.
>
On Tue, Sep 16, 2003 at 05:31:06PM +0200, Christian Hammers wrote:
> The new version has already been installed. This was quick. Good work,
> security team.
>
> openssh (1:3.4p1-1.1) stable-security; urgency=high
>
> * NMU by the security team.
> * Merge patch from OpenBSD to fix a security
To,Digital Brand Manager,clear express web support,from: [EMAIL PROTECTED]Dear brother Christ,common Name:Peyyala PhillipOrganisation Name:Mr&Mrs Peyyala Phillip marys ministries
we have already rigistered delphi advanced mail registration membership option 3 paid US $15 to delphi forms LLC.USA da
Quoting Jan Niehusmann ([EMAIL PROTECTED]):
> So I guess we all have to upgrade again. Didn't see packages with
> patches derived from 3.7.1, yet.
I note:
http://incoming.debian.org/ssh_3.6.1p2-8_i386.deb
http://incoming.debian.org/ssh_3.6.1p2-8_mipsel.deb
http://incoming.debian.org/ssh_3.6.1p
On Tuesday 16 September 2003 22:30, Rich Puhek wrote:
[mix stable/testing/unstable]
This is what I usually do - and usually, it works quite fine. Right now,
though, I've been pulling in more and more from testing/unstable since some
things depend on the new glibc, and some other things randomly
On Wed, Sep 17, 2003 at 08:24:43AM +0300, Birzan George Cristian wrote:
> According to the DSA, this is based on the 3.7 fix. OpenSSH's site lists
> the only not vulnerable version as 3.7.1. In my mind, that means the ssh
> version on security.debian.org right now is _STILL_ vulnerable. I'm not
> a
85 matches
Mail list logo
