On Tue, Nov 08, 2005 at 22:42:13 -0500, Gregory Arntson wrote:
>I am running the current-stable release. I am able to download packages
>via ftp through our ISA 2004 server. I would prefer to use http
See
http://www.faqs.org/docs/Linux-HOWTO/Web-Browsing-Behind-ISA-Server-HOWTO.ht
On Sun, Nov 14, 2004 at 02:03:36 +, David Ramsden wrote:
> There is a reference in the changelog for 2.4.28-rc3:
>"binfmt_elf: handle partial reads gracefully"
>
> I'm not sure if that's the one or not?
It is.
http://lwn.net/Articles/110898/ :
"Here goes the third release candidate.
It
reopen 265662
tags 265662 + sarge
thanks
On Thu, Aug 19, 2004 at 10:23:56 +0200, Jan Wagner wrote:
> Does anybody know, if rsync 2.6.2-3 will reach sarge before it is
> released?
The current status: http://bjorn.haxx.se/debian/testing.pl?package=rsync :
trying to update rsync from 2.6.2-2
On Thu, Aug 05, 2004 at 15:00:57 +0200, Norbert Tretkowski wrote:
> > I've just uploaded fixed packages for unstable; however I've noticed
> > mozilla still crashes on the crafted PNG provided by Chris Evans. It
> > seems that /usr/lib/mozilla/components/libimglib2.so is not dynamically
> > linked
On Mon, Jul 26, 2004 at 11:15:02 +0100, Chris Morris wrote:
> DSA-532 contained:
> >Package: libapache-mod-ssl
> >CVE Ids: CAN-2004-0488 CAN-2004-0700
>
> Is apache-ssl also vulnerable to these?
In all likeliness, no. See http://www.apache-ssl.org/#mod_ssl .
The apache-ssl sourc
> 29.06.2004 : Apache httpd 2.0.49 Apache Input Header DoS Vulnerability
> http://www.k-otik.net/bugtraq/06292004.Apache.php
That page identifies the issue as CAN-2004-0493 which was fixed in sid's
apache2 2.0.50-1 packages. (Stable is unaffected as it doesn't have apache2
packages)
> 29.06.2004
On Wed, Jul 07, 2004 at 15:52:27 +0200, Jeroen van Wolffelaar wrote:
> libpng and RHSA-2004-181:
>
> Was Debian's DSA-498[6] complete? RedHat announced a fix two
> times about it, RHSA-2004-180[7] and RHSA-2004-181[8]. Did DSA-498 cover
> both?
AFAICT the problem corrected by the libpng-1.2
On Mon, Jun 21, 2004 at 15:21:22 +0100, Alex Owen wrote:
> Has the local DOS expolit detailed at
> http://linuxreviews.org/news/2004-06-11_kernel_crash/ been addressed by
> the debian security team?
It's reasonable to assume updates are being prepared currently. As Debian
supports a large number o
On Mon, Jun 21, 2004 at 15:21:22 +0100, Alex Owen wrote:
> Has the local DOS expolit detailed at
> http://linuxreviews.org/news/2004-06-11_kernel_crash/ been addressed by
> the debian security team?
It's reasonable to assume updates are being prepared currently. As Debian
supports a large number o
On Fri, May 07, 2004 at 07:54:23 +0200, Martin Schulze wrote:
> For the stable distribution (woody) these problems have been fixed in
> version 3.35-1woody3.
I don't see an update of non-us's exim-tls package.
Ray
--
Frankly, I think anybody's a fool to put (Microsoft operating system
Windows) X
On Fri, May 07, 2004 at 07:54:23 +0200, Martin Schulze wrote:
> For the stable distribution (woody) these problems have been fixed in
> version 3.35-1woody3.
I don't see an update of non-us's exim-tls package.
Ray
--
Frankly, I think anybody's a fool to put (Microsoft operating system
Windows) X
On Tue, Apr 20, 2004 at 14:29:34 -0400, Eric Dantan Rzewnicki wrote:
> Has anyone heard about this?
Hmm... from the subject it sounds like it might be OSVDB ID: 4030
"TCP Reset Spoofing",
http://www.osvdb.org/displayvuln.php?osvdb_id=4030
aka CAN-2004-0230
http://cve.mitre.org/cgi-
On Tue, Apr 20, 2004 at 14:29:34 -0400, Eric Dantan Rzewnicki wrote:
> Has anyone heard about this?
Hmm... from the subject it sounds like it might be OSVDB ID: 4030
"TCP Reset Spoofing",
http://www.osvdb.org/displayvuln.php?osvdb_id=4030
aka CAN-2004-0230
http://cve.mitre.org/cgi-
On Sat, Apr 17, 2004 at 05:24:07 +0200, m wrote:
> # lsof | grep DEL
> apache-ss 28184root memDEL0,4 229382
> /SYSV
> ...
>
> It is normal ?
Yes. Apache uses the System V interprocess communication mechanisms
(ipc(5)). This kind of entry is associated with
On Sat, Apr 17, 2004 at 05:24:07 +0200, m wrote:
> # lsof | grep DEL
> apache-ss 28184root memDEL0,4 229382 /SYSV
> ...
>
> It is normal ?
Yes. Apache uses the System V interprocess communication mechanisms
(ipc(5)). This kind of entry is associated with tha
On Wed, Mar 24, 2004 at 12:55:11 +0200, Haim Ashkenazi wrote:
> I've looked in the documentation and found that ssl doesn't support name
> based virtual domains.
Yes, see "How to use TLS in application protocols" under
http://www.gnu.org/software/gnutls/documentation/gnutls/gnutls.html for
details
On Wed, Mar 24, 2004 at 12:55:11 +0200, Haim Ashkenazi wrote:
> I've looked in the documentation and found that ssl doesn't support name
> based virtual domains.
Yes, see "How to use TLS in application protocols" under
http://www.gnu.org/software/gnutls/documentation/gnutls/gnutls.html for
details
On Fri, Mar 19, 2004 at 12:56:15 +0100, Sebastian Schmitt wrote:
> is there a kernel patch/update for the 'do_mremap VMA limit local
> privilege escalation vulnerability' described in
> http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt ?
That link provides the CVE identification CAN-2004-
On Fri, Mar 19, 2004 at 12:56:15 +0100, Sebastian Schmitt wrote:
> is there a kernel patch/update for the 'do_mremap VMA limit local
> privilege escalation vulnerability' described in
> http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt ?
That link provides the CVE identification CAN-2004-
On Wed, Mar 03, 2004 at 01:25:46 +0100, Milan P. Stanic wrote:
> FreeS/WAN is "orphaned" upstream. OpenSWAN is based on FreeS/WAN and as
> such it does not work with 2.6.
"For Kernel's 2.6.0 and higher, Openswan uses the built in IPsec support.
Only the userland component of Openswan is required t
On Wed, Mar 03, 2004 at 01:25:46 +0100, Milan P. Stanic wrote:
> FreeS/WAN is "orphaned" upstream. OpenSWAN is based on FreeS/WAN and as
> such it does not work with 2.6.
"For Kernel's 2.6.0 and higher, Openswan uses the built in IPsec support.
Only the userland component of Openswan is required t
On Tue, Mar 02, 2004 at 21:41:34 +0100, Jaroslaw Tabor wrote:
> I've reviewed freeswan and OE feauture. This looks nice, but I'm afraid
> about security.
If you're looking for a VPN solution, by all means look at FreeS/WAN (or its
likely successor, OpenSWAN). Just forget about OE. OE isn't about t
On Tue, Mar 02, 2004 at 21:41:34 +0100, Jaroslaw Tabor wrote:
> I've reviewed freeswan and OE feauture. This looks nice, but I'm afraid
> about security.
If you're looking for a VPN solution, by all means look at FreeS/WAN (or its
likely successor, OpenSWAN). Just forget about OE. OE isn't about t
On Mon, Jan 19, 2004 at 14:40:12 +0100, Csan wrote:
> One of my servers has been cracked into and I am looking for the weak
> spots of the system and also looking for ways to lock the secholes I might
> (also) have. The linux box is an up-to-date woody (incl. security
> updates).
>
> My first ques
On Mon, Jan 19, 2004 at 14:40:12 +0100, Csan wrote:
> One of my servers has been cracked into and I am looking for the weak
> spots of the system and also looking for ways to lock the secholes I might
> (also) have. The linux box is an up-to-date woody (incl. security
> updates).
>
> My first ques
On Tue, Jan 06, 2004 at 19:06:50 +0100, LeVA wrote:
> But there are not any gpg-idea packages anywhere.
IDEA is patent encumbered in much of Europe, including The Netherlands where
non-us.debian.org is hosted and apparently Germany where ftp.gnupg.org is
hosted (AFAIK).
> On the www.gnupg.org sit
On Tue, Jan 06, 2004 at 19:06:50 +0100, LeVA wrote:
> But there are not any gpg-idea packages anywhere.
IDEA is patent encumbered in much of Europe, including The Netherlands where
non-us.debian.org is hosted and apparently Germany where ftp.gnupg.org is
hosted (AFAIK).
> On the www.gnupg.org sit
On Tue, Dec 02, 2003 at 13:35:51 -0600, Micah Anderson wrote:
> Previous kernel security holes have been treated with a lot more
> "transparancy" and communication than this one was, I am disappointed that
> this one wasn't.
I fail to see how this was treated with less transparency than previous
h
On Tue, Dec 02, 2003 at 13:35:51 -0600, Micah Anderson wrote:
> Previous kernel security holes have been treated with a lot more
> "transparancy" and communication than this one was, I am disappointed that
> this one wasn't.
I fail to see how this was treated with less transparency than previous
h
On Thu, Oct 30, 2003 at 08:46:13 -0800, $2a$ wrote:
> Is there a patch for pam ( and/or glibc ) to add blowfish password support
> (openBSD style)in Debian ?Other distibutions like suse or openwall already
> support this feature.Is this feature under way for debian as well ?
See bug #149447.
HTH,
On Thu, Oct 30, 2003 at 08:46:13 -0800, $2a$ wrote:
> Is there a patch for pam ( and/or glibc ) to add blowfish password support
> (openBSD style)in Debian ?Other distibutions like suse or openwall already
> support this feature.Is this feature under way for debian as well ?
See bug #149447.
HTH,
On Sun, Sep 28, 2003 at 21:31:56 +0200, Michelle Konzack wrote:
> Am 2003-09-28 13:33:02, schrieb Mike Hommey:
> >On Sunday 28 September 2003 12:22, Michelle Konzack wrote:
> >> Sice some hours I have tried to access some governement servers without
> >> success all Servers are ending in .fr or .go
On Sun, Sep 28, 2003 at 21:31:56 +0200, Michelle Konzack wrote:
> Am 2003-09-28 13:33:02, schrieb Mike Hommey:
> >On Sunday 28 September 2003 12:22, Michelle Konzack wrote:
> >> Sice some hours I have tried to access some governement servers without
> >> success all Servers are ending in .fr or .go
On Wed, Sep 24, 2003 at 13:04:20 +, [EMAIL PROTECTED] wrote:
> I have strange result on two our debian servers - both are woody. The
> first one (A) has kerenel 2.4.19, the other one (B) - 2.4.22. The A server
> is almost daily checked against new packages, the B server was upgraded
> yesterday
On Wed, Sep 24, 2003 at 13:04:20 +, [EMAIL PROTECTED] wrote:
> I have strange result on two our debian servers - both are woody. The
> first one (A) has kerenel 2.4.19, the other one (B) - 2.4.22. The A server
> is almost daily checked against new packages, the B server was upgraded
> yesterday
On Sat, Sep 20, 2003 at 11:13:35 -0700, Bill Moseley wrote:
> Will Bind9 in stable get the delegation-only patch?
Probably not. Stable only gets updated for security issues.
A Bind9 with the delegation-only patch is available for woody from
http://people.debian.org/~lamont/ .
> I would conside
On Sat, Sep 20, 2003 at 11:13:35 -0700, Bill Moseley wrote:
> Will Bind9 in stable get the delegation-only patch?
Probably not. Stable only gets updated for security issues.
A Bind9 with the delegation-only patch is available for woody from
http://people.debian.org/~lamont/ .
> I would conside
On Fri, Feb 07, 2003 at 11:41:51 +0100, Mathieu Laurent wrote:
> My mail servers use exiscan with exim3 on woody. The antivirus scanner is
> uvscan from McAfee.
>
> Since the beginning of this week, I see that there are virus not
> detected by uvscan (with virus signature file up-to-date). There
On Fri, Feb 07, 2003 at 11:41:51 +0100, Mathieu Laurent wrote:
> My mail servers use exiscan with exim3 on woody. The antivirus scanner is
> uvscan from McAfee.
>
> Since the beginning of this week, I see that there are virus not
> detected by uvscan (with virus signature file up-to-date). There
On Wed, Feb 05, 2003 at 22:14:58 -0700, Miles Beck wrote:
> And on occasion I see this as well.
>
> [Mon Feb 3 06:25:11 2003] [notice] SIGUSR1 received. Doing graceful
> restart
Given the time, I'd guess that this is /etc/cron.daily/logrotate's execution
of the postrotate part of /etc/logrotate
On Wed, Feb 05, 2003 at 22:14:58 -0700, Miles Beck wrote:
> And on occasion I see this as well.
>
> [Mon Feb 3 06:25:11 2003] [notice] SIGUSR1 received. Doing graceful
> restart
Given the time, I'd guess that this is /etc/cron.daily/logrotate's execution
of the postrotate part of /etc/logrotate
On Thu, Nov 28, 2002 at 10:19:24 -0600, Hanasaki JiJi wrote:
> Snort is reporting scans in the alert.log but not the portscan.log
Which version? AFAIK the version in woody still has wrong log rotation
causing it to log to a file descriptor corresponding to an already deleted
file (#158042).
HTH,
On Thu, Nov 28, 2002 at 10:19:24 -0600, Hanasaki JiJi wrote:
> Snort is reporting scans in the alert.log but not the portscan.log
Which version? AFAIK the version in woody still has wrong log rotation
causing it to log to a file descriptor corresponding to an already deleted
file (#158042).
HTH,
On Tue, Oct 22, 2002 at 11:16:23 -0400, Phillip Hofmeister wrote:
> It seems to me that many recent updates have included packages for
> potato, woody, and sig (sarge?).
AFAIK it's more "a few" than it is "many".
> Is this trend going to continue?
Don't count on it.
> I thought sid/sarge was u
On Tue, Oct 22, 2002 at 11:16:23 -0400, Phillip Hofmeister wrote:
> It seems to me that many recent updates have included packages for
> potato, woody, and sig (sarge?).
AFAIK it's more "a few" than it is "many".
> Is this trend going to continue?
Don't count on it.
> I thought sid/sarge was u
On Thu, Oct 10, 2002 at 21:31:13 -, Kisteleki Róbert wrote:
> Yesterday I upgraded two severs with apt, which in turn upgraded the
> base-passwd package. The root password seems to be "upgraded" also, since
> one of the two machines doesn't allow su-ing to root any more; regular
> users can log
On Thu, Oct 10, 2002 at 21:31:13 -, Kisteleki Róbert wrote:
> Yesterday I upgraded two severs with apt, which in turn upgraded the
> base-passwd package. The root password seems to be "upgraded" also, since
> one of the two machines doesn't allow su-ing to root any more; regular
> users can lo
On Wed, Oct 09, 2002 at 22:21:31 +0200, Alberto Cortés wrote:
> Since I am not living in the US, and some security updates deals with
> cryptographic software, I understand that it will be illegal for me
> downloading these updates from outside of the USA.
The USA's export restrictions on cryptog
On Wed, Oct 09, 2002 at 22:21:31 +0200, Alberto Cortés wrote:
> Since I am not living in the US, and some security updates deals with
> cryptographic software, I understand that it will be illegal for me
> downloading these updates from outside of the USA.
The USA's export restrictions on crypto
On Mon, Sep 30, 2002 at 09:43:34 +0200, Zeno Davatz wrote:
> Can anyone give me a hint how to go about closing all the following port
> execpt ssh, http, https?
> 1524/tcp openingreslock
> 12345/tcp openNetBus
> 12346/tcp openNetBus
> 27665/tcp openTrinoo_Maste
On Mon, Sep 30, 2002 at 09:43:34 +0200, Zeno Davatz wrote:
> Can anyone give me a hint how to go about closing all the following port
> execpt ssh, http, https?
> 1524/tcp openingreslock
> 12345/tcp openNetBus
> 12346/tcp openNetBus
> 27665/tcp openTrinoo_Mast
[Please do not use HTML in email]
On Wed, Sep 18, 2002 at 21:53:58 +0800, Glen Tapley wrote:
>Periodically when I run ps x, I find processes running and tonight I found
>the following process
>
>sendmail: server debian.org [65.125.64.134] child wai
>sendmail: server debian.org
[Please do not use HTML in email]
On Wed, Sep 18, 2002 at 21:53:58 +0800, Glen Tapley wrote:
>Periodically when I run ps x, I find processes running and tonight I found
>the following process
>
>sendmail: server debian.org [65.125.64.134] child wai
>sendmail: server debian.or
On Sun, Aug 11, 2002 at 17:40:15 +0200, Jens Hafner wrote:
> Things start to break as soon as I connect the laptop to my private
> network (192.168.0.0/24) whose default gateway is a debian (woody, kernel
> 2.2.19) box. I configured the gateway to accept protocol 50 packages and
> port 500 connecti
On Sun, Jul 07, 2002 at 23:36:35 +1200, Adam Warner wrote:
> PS: murphy.debian.org might be sick (though it's amazingly fast at the
> moment). Even though my message got through I received a reply telling me:
>
> Your message was not delivered for the following reason:
>
> E-mail Account: dma4 is
On Sun, Jul 07, 2002 at 23:13:13 +1200, Adam Warner wrote:
> This doesn't work:
> $ ssh [EMAIL PROTECTED] '/root/apt-upgrade'
Use "ssh -t [EMAIL PROTECTED] '/root/apt-upgrade'". From ssh(1):
-t Force pseudo-tty allocation. This can be used to execute arbi
trary screen-base
On Mon, Jul 01, 2002 at 13:24:37 +0100, Jeff Armstrong wrote:
> > -Original Message-
> > From: J.H.M. Dassen (Ray) [mailto:[EMAIL PROTECTED]
> > This has been fixed; see http://bugs.debian.org/151342 for details.
> I don't think this is 'fixed'?
On Mon, Jul 01, 2002 at 11:23:08 +0100, Sam Vilain wrote:
> Does anyone know if this affects Debian?
This has been fixed; see http://bugs.debian.org/151342 for details.
HTH,
Ray
--
Gartner Group ?!? Never heard of them. What did they do in computing
except manage to put on their tie withou
On Tue, Jun 25, 2002 at 17:14:49 -0400, [EMAIL PROTECTED] wrote:
> Unable to log onto secure sites.
> Followed http://pandor etc directions
> Got an index of / ~kitamd/morzilla without the ability to download
> apt-get update or
> apt-get install mozilla
> What can you suggest?
Some s
On Mon, May 13, 2002 at 18:05:19 -0300, Eduardo Gargiulo wrote:
> Which is the best way to ensure that clients will connect using ssh2 and
> not ssh1?
Configure sshd to only accept the version 2 protocol by putting "Protocol 2"
in /etc/ssh/sshd_config and doing /etc/init.d/ssh restart.
HTH,
Ray
-
On Mon, May 13, 2002 at 18:05:19 -0300, Eduardo Gargiulo wrote:
> Which is the best way to ensure that clients will connect using ssh2 and
> not ssh1?
Configure sshd to only accept the version 2 protocol by putting "Protocol 2"
in /etc/ssh/sshd_config and doing /etc/init.d/ssh restart.
HTH,
Ray
On Sat, Mar 16, 2002 at 23:43:41 +0530, Sandip Bhattacharya wrote:
> Am I on the wrong list
You're on the wrong list. debian-security is listed on
http://lists.debian.org under Development as "Security in Debian". You're
looking for debian-security-announce which is a restricted posting list
featu
On Sat, Mar 16, 2002 at 23:43:41 +0530, Sandip Bhattacharya wrote:
> Am I on the wrong list
You're on the wrong list. debian-security is listed on
http://lists.debian.org under Development as "Security in Debian". You're
looking for debian-security-announce which is a restricted posting list
feat
On Fri, Dec 21, 2001 at 08:52:56 -0600, Jor-el wrote:
> One of the puzzling things mentioned on that site (as well as the Openwall
> site that it linked to) was 'trampolines'. Any idea what these are?
I guess it's the same trampolines mentioned in gcc's documentation:
: GCC implements taking th
On Fri, Dec 21, 2001 at 08:52:56 -0600, Jor-el wrote:
> One of the puzzling things mentioned on that site (as well as the Openwall
> site that it linked to) was 'trampolines'. Any idea what these are?
I guess it's the same trampolines mentioned in gcc's documentation:
: GCC implements taking t
On Sat, Sep 15, 2001 at 12:51:26 -0400, Russell Speed wrote:
> I am curious if the following is an example of a buffer overflow.
It looks like an attempt to exploit a buffer overflow. IIRC the fact that it
got logged to syslog means it didn't work.
> I changed the passwords - and added an entry t
On Sat, Sep 15, 2001 at 12:51:26 -0400, Russell Speed wrote:
> I am curious if the following is an example of a buffer overflow.
It looks like an attempt to exploit a buffer overflow. IIRC the fact that it
got logged to syslog means it didn't work.
> I changed the passwords - and added an entry
On Sun, Aug 05, 2001 at 19:41:41 +, Marco Tassinari wrote:
> /usr/local/lib/libpcap.a(gencode.o): In function `pcap_compile':
Any particular reason you're using a local libpcap rather than the libpcap0
and libpcap-dev Debian packages?
Ray
--
Obsig: developing a new sig
On Sun, Aug 05, 2001 at 19:41:41 +, Marco Tassinari wrote:
> /usr/local/lib/libpcap.a(gencode.o): In function `pcap_compile':
Any particular reason you're using a local libpcap rather than the libpcap0
and libpcap-dev Debian packages?
Ray
--
Obsig: developing a new sig
--
To UNSUBSCRIBE
On Thu, Dec 07, 2000 at 17:21:00 -0300, Eduardo Gargiulo wrote:
> I use elm to write my email messages. I want to sign messages from inside
> elm. Is there any way to do this
elm-me+ is the only elm(derivative) in Debian; it supports MIME and PGP.
The author of the -me patches has since moved on
On Thu, Dec 07, 2000 at 20:57:38 +, Kozman Balint wrote:
> Sorry for the stupid question, but what is the funny 'sunrpc - 111' port?
That's portmap(8).
> I scanned my site, and found it open, but I didn't set it up in inetd.conf
> and don't know which daemon listens it.
It is used in dealing
On Thu, Dec 07, 2000 at 17:21:00 -0300, Eduardo Gargiulo wrote:
> I use elm to write my email messages. I want to sign messages from inside
> elm. Is there any way to do this
elm-me+ is the only elm(derivative) in Debian; it supports MIME and PGP.
The author of the -me patches has since moved on
On Thu, Dec 07, 2000 at 20:57:38 +, Kozman Balint wrote:
> Sorry for the stupid question, but what is the funny 'sunrpc - 111' port?
That's portmap(8).
> I scanned my site, and found it open, but I didn't set it up in inetd.conf
> and don't know which daemon listens it.
It is used in dealin
On Wed, Sep 06, 2000 at 17:50:05 -0500, Herbert Ho wrote:
> how about encrypted loopback? just need the crypto/int'l patch for the
> kernel. no other software. but then again it doesn't use gpg
That's not a disadvantage, as encrypted filesystems are a different area
(protect against differen
On Wed, Sep 06, 2000 at 17:50:05 -0500, Herbert Ho wrote:
> how about encrypted loopback? just need the crypto/int'l patch for the
> kernel. no other software. but then again it doesn't use gpg
That's not a disadvantage, as encrypted filesystems are a different area
(protect against differe
I'm not on debian-security, so Ray is forwarding this for me :)
Quoting J.H.M. Dassen (Ray) ([EMAIL PROTECTED]):
> There was a small fix provided which I applied to my mysql-server package
> and uploaded it as mysql-server_3.22.30-4_i386.deb.
The author of MySQL made an official fix f
On Mon, Oct 25, 1999 at 21:15:42 -0400, [EMAIL PROTECTED] wrote:
> Anyone want to see how hard it would be to port it to Linux and package
> it?
There's a patch already:
http://freshmeat.net/appindex/1999/10/26/940925245.html . I just compiled
it, and it seems to work fine. (It would be nice if th
77 matches
Mail list logo
