On Fri, 2016-01-15 at 11:05, Milan Mogin wrote:
> please unsubscribe me
Go to https://lists.debian.org/debian-security-announce/
where you can unsubscribe yourself.
Detailed info about Debian mailing lists can be found at:
https://www.debian.org/MailingLists
> On 15/01/2016 10:53 a.m., Salvatore
On Wed, 2014-01-22 at 15:01, Marko Randjelovic wrote:
> On Sun, 19 Jan 2014 21:17:03 -0800
> Andrew Merenbach wrote:
> > I just decided to try this out the other day on my Wheezy 7.3 install.
> > It wasn't that painful and I haven't noticed any performance impact or
> > misbehaving (read: broke
On Wed, 2014-01-22 at 14:26, Nico Angenon wrote:
> File /tmp/a and tmp/b gives me the same numberlist...
>
> I'll fromat the box, it'll go faster...
True!
But if there is vulnerability (security hole) in your system it's just
a question of time when you'll have this situation again.
> -Mess
On Wed, 2014-01-22 at 13:37, Nico Angenon wrote:
> the same...no output
Maybe you can be lucky with:
ss -ulp
But, if you are really hacked it would be better to shutdown machine,
move disk to clean machine and try some forensic tools.
> -Message d'origine- From: Andika Triwidada
> S
On Fri, 2012-11-23 at 02:22, Jordon Bedwell wrote:
> On Fri, Nov 23, 2012 at 12:31 AM, Mike Mestnik
> wrote:
> > On 11/22/12 11:33, Laurentiu Pancescu wrote:
> >> More likely: a vulnerability in their web service (some form of
> >> execution of attacker-provided code), combined with a local privil
On Thu, 2012-11-22 at 12:32, Laurentiu Pancescu wrote:
> http://blog.crowdstrike.com/2012/11/http-iframe-injecting-linux-rootkit.html
Nothing about infection vector, so it is non-issue, probably.
Yes, root can be faked to install it from some third party module or
even DKMS, but root shouldn't do
On Thu, 2012-11-01 at 12:03, Axel Caspard wrote:
> I am curious to know why you would like to see bind replaced with dbndns?
The same as for exim: security records.
> - Original Message -
> From: "Milan P. Stanic"
> To: debian-security@lists.debian.org
> S
On Thu, 2012-11-01 at 22:48, Hideki Yamane wrote:
> Hi,
>
> Now we are using Exim as default MTA, but I doubt whether it'd be best
> choice since several critical security vulnerabilities has found this
> two or three years.
>
> Yes, it's often that such vulnerability has been found for softw
On Thu, 2012-02-09 at 23:19, Russell Coker wrote:
> On Thu, 9 Feb 2012, "Milan P. Stanic" wrote:
> > On Wed, 2012-02-08 at 17:56, Fernando Mercês wrote:
> > > I think you're talking about syscall interceptions and related stuff.
> > > You're r
On Wed, 2012-02-08 at 17:56, Fernando Mercês wrote:
> I think you're talking about syscall interceptions and related stuff.
> You're right, we can't trust, but it in this case we're talking about
> a very specialized malware and I don't see any fast action to bypass
> it. Maybe the conclusion is th
On Wed, 2012-02-08 at 22:56, Chris Davies wrote:
> Milan P. Stanic wrote:
> > What about statically linked binaries on the external media (CD, DVD,
> > USB ...) which is write protected with 'execute in place' mode?
>
> You can no longer trust the kernel. T
On Wed, 2012-02-08 at 19:39, Michael Stummvoll wrote:
> Am 08.02.12 18:46, schrieb Fernando Mercês:
> > Reading memory after turning off? There are a easy way to it?
> >
> > When I said "your own binaries", I mean "get fresh copies of
> > binaries and use in system with a USB stick or something li
On Sat, 2011-06-04 at 23:41, Jim Popovitch wrote:
> On Sat, Jun 4, 2011 at 23:08, Steven Bownas wrote:
> >
> > I am out of the office until 06/09/2011.
>
>
> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on liszt.debian.org
> X-Spam-Level: *
> X-Spam-Status: No, score=1.1 required=4.0
On Sun, 2008-07-20 at 14:04, Florian Weimer wrote:
> * John Elliot:
> > Hi, We have a couple of Sarge servers running bind9(9.2.4-1sarge3)
> > that appear to be vulnerable to the DNS cache poisoning issue(Looks
> > like port randomization was only introduced in bind9.3?) - As the
> > servers cannot
Hi!
In etch "semodule -r postfix" fails with next message:
libsepol.expand_module: Error while indexing out symbols
libsemanage.semanage_expand_sandbox: Expand module failed
Does someone know what is the problem and how the postfix module can be
removed?
TIA
--
To UNSUBSCRIBE, email to [EMAIL
On Sat, Dec 09, 2006 at 03:43:33PM +0100, Moritz Muehlenhoff wrote:
> Package: clamav
> Vulnerability : missing sanity checks
> Problem-Type : remote
> Debian-specific: no
> CVE ID : CVE-2006-5874
[...]
> For the upcoming stable distribution (etch) this problem has been
> fixed i
On Tue, Jun 28, 2005 at 10:51:40PM +0200, Sven Mueller wrote:
> Anyway, for the kind of use you would like to put your smartphone to,
> you also need some interface for the host application to contact the
> smartphone by and to transmit the data in both directions, some UI on
> the smartphone to pr
On Mon, Feb 07, 2005 at 06:25:19PM +1100, Matthew Palmer wrote:
> Obviously you've never done this. Good luck finding someone who even knows
> what TCP/IP is, let alone sufficient knowledge to be able to track a cracker
> in real time with no warning.
How smart they are can be seen at:
http://www
On Mon, Jul 26, 2004 at 11:21:24PM +1000, Russell Coker wrote:
> Adding a new LSM module is like adding a new device driver, people who choose
> not to use it will not even notice it's there, so there's nothing stopping
> Linus from adding them at any time.
LIDS patch is actually LSM module and
On Mon, Jul 26, 2004 at 01:36:37PM +1000, Russell Coker wrote:
> LIDS used to be in the LSM kernel patch, but got removed before LSM
> was merged into 2.6.x because it wasn't being maintained.
> Is LIDS being maintained again?
It is maintained and developed actively again, for now.
On the http:/
On Sun, Jul 25, 2004 at 11:02:54AM +1000, Russell Coker wrote:
> On Sun, 25 Jul 2004 02:43, hanasaki <[EMAIL PROTECTED]> wrote:
> > The idea is to run bind, http and other servers in a jail. I am just
> > getting started and know little about it, for now. I was hoping that
> > there were Debian p
On Thu, Mar 11, 2004 at 08:25:15PM +0100, Norbert Tretkowski wrote:
> * Milan P. Stanic wrote:
> > Can I put in version something like libselinux1_1.6-0.1-bp.mps_i386.deb
> > instead of libselinux1_1.6-0.1_i386.deb?
>
> Well, if 1.6-0.1 will be in our next stable release, you
On Thu, Mar 11, 2004 at 08:25:15PM +0100, Norbert Tretkowski wrote:
> * Milan P. Stanic wrote:
> > Can I put in version something like libselinux1_1.6-0.1-bp.mps_i386.deb
> > instead of libselinux1_1.6-0.1_i386.deb?
>
> Well, if 1.6-0.1 will be in our next stable release, you
On Thu, Mar 11, 2004 at 09:42:52PM +1100, Russell Coker wrote:
> If you copy all files related to a package intact then you don't have to make
> such changes.
>
> If you make any changes at all (even re-compiling with a different compiler
> and/or libc) then you must update the changelog appropr
On Thu, Mar 11, 2004 at 09:02:50AM +1100, Russell Coker wrote:
> > If someone needs them I can put it on the net or post somewhere, or
> > maybe help if the help is needed.
>
> If you could establish an apt repository for it then that would be very
> useful. Brian's SE Linux packages haven't bee
On Thu, Mar 11, 2004 at 09:42:52PM +1100, Russell Coker wrote:
> If you copy all files related to a package intact then you don't have to make
> such changes.
>
> If you make any changes at all (even re-compiling with a different compiler
> and/or libc) then you must update the changelog appropr
On Thu, Mar 11, 2004 at 09:02:50AM +1100, Russell Coker wrote:
> > If someone needs them I can put it on the net or post somewhere, or
> > maybe help if the help is needed.
>
> If you could establish an apt repository for it then that would be very
> useful. Brian's SE Linux packages haven't bee
On Wed, Mar 10, 2004 at 01:29:16PM +0100, Milan P. Stanic wrote:
> That is. I just rebuilt policycoreutils and pam with libselinux1
> which is linked with libattr and it was smooth.
> Now I have to backport coreutils and sysvinit, huh.
Hate to reply myself, but I'd like to inf
On Wed, Mar 10, 2004 at 01:29:16PM +0100, Milan P. Stanic wrote:
> That is. I just rebuilt policycoreutils and pam with libselinux1
> which is linked with libattr and it was smooth.
> Now I have to backport coreutils and sysvinit, huh.
Hate to reply myself, but I'd like to inf
On Wed, Mar 10, 2004 at 10:04:38PM +1100, Russell Coker wrote:
> > So, the question: how can I link libattr to libselinux1?
>
> Edit src/Makefile and add -lattr in the $(CC) line for $(LIBSO).
That is. I just rebuilt policycoreutils and pam with libselinux1
which is linked with libattr and it was
On Wed, Mar 10, 2004 at 10:04:38PM +1100, Russell Coker wrote:
> > So, the question: how can I link libattr to libselinux1?
>
> Edit src/Makefile and add -lattr in the $(CC) line for $(LIBSO).
That is. I just rebuilt policycoreutils and pam with libselinux1
which is linked with libattr and it was
On Wed, Mar 10, 2004 at 04:58:14PM +1100, Russell Coker wrote:
> > I suspect that the problem can be with old glibc (2.2.5) but I'm not
> > sure. Because that I'd like to ask should I backport glibc from sarge?
>
> There have been some changes to the way libxattr works. From memory I think
> tha
On Wed, Mar 10, 2004 at 04:58:14PM +1100, Russell Coker wrote:
> > I suspect that the problem can be with old glibc (2.2.5) but I'm not
> > sure. Because that I'd like to ask should I backport glibc from sarge?
>
> There have been some changes to the way libxattr works. From memory I think
> tha
Hi!
[ Sorry, I'm not sure if this list is right place to ask this, but
I can't remember better one ]
I'm trying to backport SELinux tools and libraries from unstable to
stable (woody). Well, actually I succeed to build all except coreutils
and sysvinit and installed all under UML and get to the
Hi!
[ Sorry, I'm not sure if this list is right place to ask this, but
I can't remember better one ]
I'm trying to backport SELinux tools and libraries from unstable to
stable (woody). Well, actually I succeed to build all except coreutils
and sysvinit and installed all under UML and get to the
On Wed, Mar 03, 2004 at 08:54:38AM +0100, Dariush Pietrzak wrote:
> > FreeS/WAN is "orphaned" upstream. OpenSWAN is based on FreeS/WAN and as
> > such it does not work with 2.6.
> That is untrue.
> 1.x branch works with 2.4.x kernels, 2.x branch works with 2.6.x
Right! I shouldn't write mail at
On Wed, Mar 03, 2004 at 08:54:38AM +0100, Dariush Pietrzak wrote:
> > FreeS/WAN is "orphaned" upstream. OpenSWAN is based on FreeS/WAN and as
> > such it does not work with 2.6.
> That is untrue.
> 1.x branch works with 2.4.x kernels, 2.x branch works with 2.6.x
Right! I shouldn't write mail at
On Tue, Mar 02, 2004 at 03:37:52PM -0600, Jacques Normand wrote:
> On Tue, Mar 02, 2004 at 10:08:22PM +0100, J.H.M. Dassen (Ray) wrote:
> > If you're looking for a VPN solution, by all means look at FreeS/WAN (or its
> > likely successor, OpenSWAN). Just forget about OE. OE isn't about the type
> >
On Tue, Mar 02, 2004 at 03:37:52PM -0600, Jacques Normand wrote:
> On Tue, Mar 02, 2004 at 10:08:22PM +0100, J.H.M. Dassen (Ray) wrote:
> > If you're looking for a VPN solution, by all means look at FreeS/WAN (or its
> > likely successor, OpenSWAN). Just forget about OE. OE isn't about the type
> >
On Mon, Dec 01, 2003 at 07:23:18AM +1100, Russell Coker wrote:
> On Mon, 1 Dec 2003 05:10, "Milan P. Stanic" <[EMAIL PROTECTED]> wrote:
> > On Sun, Nov 30, 2003 at 11:24:43PM +1100, Russell Coker wrote:
> > > It's a pity that the developers of other securit
On Mon, Dec 01, 2003 at 07:23:18AM +1100, Russell Coker wrote:
> On Mon, 1 Dec 2003 05:10, "Milan P. Stanic" <[EMAIL PROTECTED]> wrote:
> > On Sun, Nov 30, 2003 at 11:24:43PM +1100, Russell Coker wrote:
> > > It's a pity that the developers of other securit
On Sun, Nov 30, 2003 at 11:24:43PM +1100, Russell Coker wrote:
> It's a pity that the developers of other security systems didn't get
> involved, it would be good to have a choice of LIDS, HP's system, DTE, and
> others in the standard kernel.
LIDS uses LSM in 2.5/2.6 kernel series, IIRC.
On Sun, Nov 30, 2003 at 11:24:43PM +1100, Russell Coker wrote:
> It's a pity that the developers of other security systems didn't get
> involved, it would be good to have a choice of LIDS, HP's system, DTE, and
> others in the standard kernel.
LIDS uses LSM in 2.5/2.6 kernel series, IIRC.
--
e SMTP over TLS"
So, all SMTP MTA's with SSL/TLS should cooperate, shouldn't they?
--
E-Mail: Milan P. Stanic <[EMAIL PROTECTED]>
Key fingerprint = EA81 54A6 7F35 5A38 FCE6 9EF6 9D24 E68E 5C1D AF15
--
44 matches
Mail list logo
