On Wed, Apr 14, 2004 at 04:52:31PM +0200, Martin Schulze wrote:
> Package: kernel-source-2.4.18 kernel-image-2.4.18-1-alpha
> kernel-image-2.4.18-1-i386 kernel-image-2.4.18-i386bf
> kernel-patch-2.4.18-powerpc
> Vulnerability : several vulnerabilities
> Problem-Type : local
> Debian-sp
On Wed, 2004-04-14 at 16:52, Martin Schulze wrote:
> - --
> Debian Security Advisory DSA 479-1 [EMAIL PROTECTED]
> http://www.debian.org/security/ Martin Schulze
> April 14th, 200
Any reason why you are using full stops before the stars?
--
Pierre
On Wed, 2004-04-14 at 18:01, Jeff Coppock wrote:
> I'm having trouble with getting entries here to work. I have the
> following /var/log/auth.log messages that I want to filter out of
> logcheck (version 1.2.16, sarge):
>
> CR
Hello Martin Schulze,
am Mittwoch, 14. April 2004 um 16:52 schrieben Sie:
MS> --
MS> Debian Security Advisory DSA 479-1 [EMAIL PROTECTED]
MS> ...
MS> ---
On Thu, 15 Apr 2004 02:01, Jeff Coppock <[EMAIL PROTECTED]> wrote:
> I'm having trouble with getting entries here to work. I have the
> following /var/log/auth.log messages that I want to filter out of
> logcheck (version 1.2.16, sarge):
>
> CRON[15302]: (pam_unix) session opened for user root by
On Thu, 15 Apr 2004 03:49:35 +1000
Russell Coker <[EMAIL PROTECTED]> wrote:
> On Thu, 15 Apr 2004 02:01, Jeff Coppock <[EMAIL PROTECTED]> wrote:
> > I'm having trouble with getting entries here to work. I have the
> > following /var/log/auth.log messages that I want to filter out of
> > logcheck
Do we want to maintain local security as well as patching remote
exploits? I suppose any attacker who gained unpriviledged local access
could read all our data for the most part, although he wouldn't be able
to cover his tracks as well without gaining root through a local exploit
like this...
On
also keep in mind that you might need to edit logcheck.violations.ignore
if these entries are showing up in the "Possible Security Violations"
section of the email.
mike
On Wed, 2004-04-14 at 12:01, Jeff Coppock wrote:
> I'm having trouble with getting entries here to work. I have the
> followin
Jan Lühr <[EMAIL PROTECTED]> writes:
> Greetings,
>
> Am Mittwoch, 14. April 2004 16:52 schrieb Martin Schulze:
> > --
> > Debian Security Advisory DSA 479-1 [EMAIL PROTECTED]
> > http://www.debian.org/sec
> Date: Wed, 14 Apr 2004 11:27:55 -0700
> From: Jeff Coppock <[EMAIL PROTECTED]>
> On Thu, 15 Apr 2004 03:49:35 +1000
> Russell Coker <[EMAIL PROTECTED]> wrote:
>
> > On Thu, 15 Apr 2004 02:01, Jeff Coppock <[EMAIL PROTECTED]> wrote:
> > > I'm having trouble with getting entries here to work. I
On Wed, 14 Apr 2004 20:06:02 +0100
Marco Franzen <[EMAIL PROTECTED]> wrote:
> > Date: Wed, 14 Apr 2004 11:27:55 -0700
> > From: Jeff Coppock <[EMAIL PROTECTED]>
>
> > On Thu, 15 Apr 2004 03:49:35 +1000
> > Russell Coker <[EMAIL PROTECTED]> wrote:
> >
> > > On Thu, 15 Apr 2004 02:01, Jeff Coppock
On Wed, 14 Apr 2004 15:49:00 -0400
Brian Clark <[EMAIL PROTECTED]> wrote:
> Hi Jeff,
>
> On Wed, Apr 14, 2004 at 09:01:54AM -0700, Jeff Coppock wrote:
>
> > CRON[15613]:(pam_unix) session opened for user mail by (uid=0)
> > CRON[15613]:(pam_unix) session closed for user mail
>
> Were those list
Greetings,..
Am Mittwoch, 14. April 2004 20:57 schrieben Sie:
> Jan Lühr <[EMAIL PROTECTED]> writes:
> > Greetings,
> Okay... This is the result of a cursory check, do your homework, yada,
> yada...
>
Thanks for doing so ;) Anyway, this wasn't the intetention of my post.
My point is, that five l
Russell Coker <[EMAIL PROTECTED]> wrote:
> Try this one:
> CRON\[.*\]:( )?\(pam_unix\) session (opened)|(closed) for user (root)|(mail)
> [...]
> For having two different words match you need to put each word in
> braces, "(opened|closed)" is the same as "opene(d|c)losed".
No!
"session (opened
If you checked the reference CVE numbers you should be able to tell when
the exposure first occurred (or close to it).
On Wed, 14 Apr 2004 at 04:30:16PM -0400, Jan L?hr wrote:
> Greetings,..
>
> Am Mittwoch, 14. April 2004 20:57 schrieben Sie:
> > Jan L?hr <[EMAIL PROTECTED]> writes:
> > > Greeti
With the rash of security gaffs in the kernel related to mmap and
mremap, does it make anyone else nervous to see the following in the
changelog for 2.4.26:
o mremap NULL pointer dereference fix
If this was a security concern, would it be noted in the changelog?
Additionally, the 2.4.25 kernel
On 14 Apr 2004 20:35:19 GMT
Paul Hink <[EMAIL PROTECTED]> wrote:
> Russell Coker <[EMAIL PROTECTED]> wrote:
>
> > Try this one:
> > CRON\[.*\]:( )?\(pam_unix\) session (opened)|(closed) for user
> > (root)|(mail)
>
> > [...]
>
> > For having two different words match you need to put each word i
Hello!
W liście z pon, 12-04-2004, godz. 02:00, Joe Bouchard pisze:
> In a meeting at work (I'm part of the IT group at a large corporation) someone
> mentioned a particular kind of network hardware which would stop working
> correctly after a while. We have a pretty busy network with broadcasts
Jan Lühr <[EMAIL PROTECTED]> writes:
> Greetings,..
>
> Am Mittwoch, 14. April 2004 20:57 schrieben Sie:
> > Jan Lühr <[EMAIL PROTECTED]> writes:
> > > Greetings,
>
> > Okay... This is the result of a cursory check, do your homework, yada,
> > yada...
> >
>
> Thanks for doing so ;) Anyway, this
On Wed, Apr 14, 2004 at 04:16:28PM -0500, Micah Anderson wrote:
> With the rash of security gaffs in the kernel related to mmap and
> mremap, does it make anyone else nervous to see the following in the
> changelog for 2.4.26:
>
> o mremap NULL pointer dereference fix
>
> If this was a security c
Dear all,
It seems that at least on ix86, the latest woody security updates for
the kernel packages are completely broken. The kernel packages named
kernel-image-2.4.18-1- with version 2.4.18-13 contain only
one module. DO NOT upgrade to these packages or your system will be
broken when you
> kernel packages named kernel-image-2.4.18-1- with version
2.4.18-13 contain only
> one module.
That and it expects the modules at 2.4.18-1 instead of 2.4.18-1-686-smp!
> hoping this warning is timely and not _too_ redundant,
:-)
Found out the hard way there is a 13.1 now tho' ...
On Wed, Apr 14, 2004 at 11:20:49PM +0200, Jaroslaw Tabor wrote:
> I'm almost sure that this is software problem. The machine is working
> without hardware changes for years, and it didn't happend before.
> The only changes I did, are software updates (from debian-security)
> and kernel upgrade afte
Hi,
I got the mail, and happy to know that you keep the good work. But when I
did 'apt-get update', there was no change in http://security.debian.org
files. Is it possible to make sure the files are updated before sending the
announcement?
I know that each mail has the link for all the files... b
Jeff Coppock <[EMAIL PROTECTED]> wrote:
> On 14 Apr 2004 20:35:19 GMT Paul Hink <[EMAIL PROTECTED]> wrote:
>
>> Russell Coker <[EMAIL PROTECTED]> wrote:
>>
>> > Try this one:
>> > CRON\[.*\]:( )?\(pam_unix\) session (opened)|(closed) for user
>> > (root)|(mail)
>> [...]
>> "session (opened|clo
I am gone from the office until Friday 16th of April ... I will respond to your
message about "[SECURITY] [DSA 484-1] New xonix packages fix failure to drop
privileges" when I return.
On Wed, 2004-04-14 at 07:52, Martin Schulze wrote:
> Several serious problems have been discovered in the Linux kernel.
> This update takes care of Linux 2.4.18 for the alpha, i386 and powerpc
> architectures. The Common Vulnerabilities and Exposures project
> identifies the following problems tha
On 14 Apr 2004 22:44:40 GMT
Paul Hink <[EMAIL PROTECTED]> wrote:
> Jeff Coppock <[EMAIL PROTECTED]> wrote:
>
> > On 14 Apr 2004 20:35:19 GMT Paul Hink <[EMAIL PROTECTED]> wrote:
> >
> >> Russell Coker <[EMAIL PROTECTED]> wrote:
> >>
> >> > Try this one:
> >> > CRON\[.*\]:( )?\(pam_unix\) sessio
Email loading...
Image not loading? View message
here.Discontinue IKM5q0i90L10ZIEjJ1Wl3Ag0GZv5Z11CROF1ayiuk.zFZR/0
zihwp vhwj, wobpq, ian . sctms rzawyi wzoshm, tktvzl, klkw . pssjpl
phjam zdzirc, cvxbg, nui . zxe htfr oaldim, hvzmx, jwfq . smaen
khhgo rcbeh, qpqlpe, sog . gyssby bjoipc ihjmo,
Bonjour,
Votre message m'est bien parvenu. Cependant je suis en vacances jusqu'au 19
avril.
Si vous avez des informations urgentes a traiter, vous pouvez envoyer un mail a
benoit bouye, [EMAIL PROTECTED]
qui vous repondra dans les plus bref delai. Vous pouvez egalement contacter
medias-cite par
I am gone from the office until Friday 16th of April ... I will respond to your
message about "[SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root
exploit (source+alpha+i386+powerpc)" when I return.
Greetings,
Am Mittwoch, 14. April 2004 16:52 schrieb Martin Schulze:
> --
> Debian Security Advisory DSA 479-1 [EMAIL PROTECTED]
> http://www.debian.org/security/ Martin Schulze
I'm having trouble with getting entries here to work. I have the
following /var/log/auth.log messages that I want to filter out of
logcheck (version 1.2.16, sarge):
CRON[15302]: (pam_unix) session opened for user root by (uid=0)
CRON[15302]: (pam_unix) session closed for user root
CRON[15613]:(p
hi joey,
the new packages on security.d.o are way to small (1meg vs. 8meg in the
past), and seem to contain NO MODULES besides dummy.o .
i fear upgerading woody will disconnect any network connections. please
please review and pull that update.
thanks, /felix.
At 16:52 14.04.04 +0200, you wrote:
Email loading...
Image not loading? View message
here.Discontinue IKM5q0i90L10ZIEjJ1Wl3Ag0GZv5Z11CROF1ayiuk.zFZR/0
zihwp vhwj, wobpq, ian . sctms rzawyi wzoshm, tktvzl, klkw . pssjpl
phjam zdzirc, cvxbg, nui . zxe htfr oaldim, hvzmx, jwfq . smaen
khhgo rcbeh, qpqlpe, sog . gyssby bjoipc ihjmo,
Bonjour,
Votre message m'est bien parvenu. Cependant je suis en vacances jusqu'au 19 avril.
Si vous avez des informations urgentes a traiter, vous pouvez envoyer un mail a benoit
bouye, [EMAIL PROTECTED]
qui vous repondra dans les plus bref delai. Vous pouvez egalement contacter
medias-cite par t
I am gone from the office until Friday 16th of April ... I will respond to your
message about "[SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit
(source+alpha+i386+powerpc)" when I return.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trou
Greetings,
Am Mittwoch, 14. April 2004 16:52 schrieb Martin Schulze:
> --
> Debian Security Advisory DSA 479-1 [EMAIL PROTECTED]
> http://www.debian.org/security/ Martin Schulze
I'm having trouble with getting entries here to work. I have the
following /var/log/auth.log messages that I want to filter out of
logcheck (version 1.2.16, sarge):
CRON[15302]: (pam_unix) session opened for user root by (uid=0)
CRON[15302]: (pam_unix) session closed for user root
CRON[15613]:(p
hi joey,
the new packages on security.d.o are way to small (1meg vs. 8meg in the
past), and seem to contain NO MODULES besides dummy.o .
i fear upgerading woody will disconnect any network connections. please
please review and pull that update.
thanks, /felix.
At 16:52 14.04.04 +0200, you wrote:
On Wed, Apr 14, 2004 at 04:52:31PM +0200, Martin Schulze wrote:
> Package: kernel-source-2.4.18 kernel-image-2.4.18-1-alpha
> kernel-image-2.4.18-1-i386 kernel-image-2.4.18-i386bf kernel-patch-2.4.18-powerpc
> Vulnerability : several vulnerabilities
> Problem-Type : local
> Debian-speci
On Wed, 2004-04-14 at 16:52, Martin Schulze wrote:
> - --
> Debian Security Advisory DSA 479-1 [EMAIL PROTECTED]
> http://www.debian.org/security/ Martin Schulze
> April 14th, 200
Any reason why you are using full stops before the stars?
--
Pierre
On Wed, 2004-04-14 at 18:01, Jeff Coppock wrote:
> I'm having trouble with getting entries here to work. I have the
> following /var/log/auth.log messages that I want to filter out of
> logcheck (version 1.2.16, sarge):
>
> CR
Hello Martin Schulze,
am Mittwoch, 14. April 2004 um 16:52 schrieben Sie:
MS> --
MS> Debian Security Advisory DSA 479-1 [EMAIL PROTECTED]
MS> ...
MS> ---
On Thu, 15 Apr 2004 02:01, Jeff Coppock <[EMAIL PROTECTED]> wrote:
> I'm having trouble with getting entries here to work. I have the
> following /var/log/auth.log messages that I want to filter out of
> logcheck (version 1.2.16, sarge):
>
> CRON[15302]: (pam_unix) session opened for user root by
On Thu, 15 Apr 2004 03:49:35 +1000
Russell Coker <[EMAIL PROTECTED]> wrote:
> On Thu, 15 Apr 2004 02:01, Jeff Coppock <[EMAIL PROTECTED]> wrote:
> > I'm having trouble with getting entries here to work. I have the
> > following /var/log/auth.log messages that I want to filter out of
> > logcheck
Do we want to maintain local security as well as patching remote
exploits? I suppose any attacker who gained unpriviledged local access
could read all our data for the most part, although he wouldn't be able
to cover his tracks as well without gaining root through a local exploit
like this...
On
also keep in mind that you might need to edit logcheck.violations.ignore
if these entries are showing up in the "Possible Security Violations"
section of the email.
mike
On Wed, 2004-04-14 at 12:01, Jeff Coppock wrote:
> I'm having trouble with getting entries here to work. I have the
> followin
Jan Lühr <[EMAIL PROTECTED]> writes:
> Greetings,
>
> Am Mittwoch, 14. April 2004 16:52 schrieb Martin Schulze:
> > --
> > Debian Security Advisory DSA 479-1 [EMAIL PROTECTED]
> > http://www.debian.org/sec
> Date: Wed, 14 Apr 2004 11:27:55 -0700
> From: Jeff Coppock <[EMAIL PROTECTED]>
> On Thu, 15 Apr 2004 03:49:35 +1000
> Russell Coker <[EMAIL PROTECTED]> wrote:
>
> > On Thu, 15 Apr 2004 02:01, Jeff Coppock <[EMAIL PROTECTED]> wrote:
> > > I'm having trouble with getting entries here to work. I
On Wed, 14 Apr 2004 20:06:02 +0100
Marco Franzen <[EMAIL PROTECTED]> wrote:
> > Date: Wed, 14 Apr 2004 11:27:55 -0700
> > From: Jeff Coppock <[EMAIL PROTECTED]>
>
> > On Thu, 15 Apr 2004 03:49:35 +1000
> > Russell Coker <[EMAIL PROTECTED]> wrote:
> >
> > > On Thu, 15 Apr 2004 02:01, Jeff Coppock
On Wed, 14 Apr 2004 15:49:00 -0400
Brian Clark <[EMAIL PROTECTED]> wrote:
> Hi Jeff,
>
> On Wed, Apr 14, 2004 at 09:01:54AM -0700, Jeff Coppock wrote:
>
> > CRON[15613]:(pam_unix) session opened for user mail by (uid=0)
> > CRON[15613]:(pam_unix) session closed for user mail
>
> Were those list
Greetings,..
Am Mittwoch, 14. April 2004 20:57 schrieben Sie:
> Jan Lühr <[EMAIL PROTECTED]> writes:
> > Greetings,
> Okay... This is the result of a cursory check, do your homework, yada,
> yada...
>
Thanks for doing so ;) Anyway, this wasn't the intetention of my post.
My point is, that five l
Russell Coker <[EMAIL PROTECTED]> wrote:
> Try this one:
> CRON\[.*\]:( )?\(pam_unix\) session (opened)|(closed) for user (root)|(mail)
> [...]
> For having two different words match you need to put each word in
> braces, "(opened|closed)" is the same as "opene(d|c)losed".
No!
"session (opened
If you checked the reference CVE numbers you should be able to tell when
the exposure first occurred (or close to it).
On Wed, 14 Apr 2004 at 04:30:16PM -0400, Jan L?hr wrote:
> Greetings,..
>
> Am Mittwoch, 14. April 2004 20:57 schrieben Sie:
> > Jan L?hr <[EMAIL PROTECTED]> writes:
> > > Greeti
With the rash of security gaffs in the kernel related to mmap and
mremap, does it make anyone else nervous to see the following in the
changelog for 2.4.26:
o mremap NULL pointer dereference fix
If this was a security concern, would it be noted in the changelog?
Additionally, the 2.4.25 kernel
On 14 Apr 2004 20:35:19 GMT
Paul Hink <[EMAIL PROTECTED]> wrote:
> Russell Coker <[EMAIL PROTECTED]> wrote:
>
> > Try this one:
> > CRON\[.*\]:( )?\(pam_unix\) session (opened)|(closed) for user
> > (root)|(mail)
>
> > [...]
>
> > For having two different words match you need to put each word i
Hello!
W liście z pon, 12-04-2004, godz. 02:00, Joe Bouchard pisze:
> In a meeting at work (I'm part of the IT group at a large corporation) someone
> mentioned a particular kind of network hardware which would stop working
> correctly after a while. We have a pretty busy network with broadcasts
Jan Lühr <[EMAIL PROTECTED]> writes:
> Greetings,..
>
> Am Mittwoch, 14. April 2004 20:57 schrieben Sie:
> > Jan Lühr <[EMAIL PROTECTED]> writes:
> > > Greetings,
>
> > Okay... This is the result of a cursory check, do your homework, yada,
> > yada...
> >
>
> Thanks for doing so ;) Anyway, this
On Wed, Apr 14, 2004 at 04:16:28PM -0500, Micah Anderson wrote:
> With the rash of security gaffs in the kernel related to mmap and
> mremap, does it make anyone else nervous to see the following in the
> changelog for 2.4.26:
>
> o mremap NULL pointer dereference fix
>
> If this was a security c
On Wed, Apr 14, 2004 at 11:20:49PM +0200, Jaroslaw Tabor wrote:
> I'm almost sure that this is software problem. The machine is working
> without hardware changes for years, and it didn't happend before.
> The only changes I did, are software updates (from debian-security)
> and kernel upgrade afte
Hi,
I got the mail, and happy to know that you keep the good work. But when I
did 'apt-get update', there was no change in http://security.debian.org
files. Is it possible to make sure the files are updated before sending the
announcement?
I know that each mail has the link for all the files... b
Jeff Coppock <[EMAIL PROTECTED]> wrote:
> On 14 Apr 2004 20:35:19 GMT Paul Hink <[EMAIL PROTECTED]> wrote:
>
>> Russell Coker <[EMAIL PROTECTED]> wrote:
>>
>> > Try this one:
>> > CRON\[.*\]:( )?\(pam_unix\) session (opened)|(closed) for user
>> > (root)|(mail)
>> [...]
>> "session (opened|clo
I am gone from the office until Friday 16th of April ... I will respond to your
message about "[SECURITY] [DSA 484-1] New xonix packages fix failure to drop
privileges" when I return.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECT
On Wed, 2004-04-14 at 07:52, Martin Schulze wrote:
> Several serious problems have been discovered in the Linux kernel.
> This update takes care of Linux 2.4.18 for the alpha, i386 and powerpc
> architectures. The Common Vulnerabilities and Exposures project
> identifies the following problems tha
Dear all,
It seems that at least on ix86, the latest woody security updates for
the kernel packages are completely broken. The kernel packages named
kernel-image-2.4.18-1- with version 2.4.18-13 contain only
one module. DO NOT upgrade to these packages or your system will be
broken when you r
> kernel packages named kernel-image-2.4.18-1- with version
2.4.18-13 contain only
> one module.
That and it expects the modules at 2.4.18-1 instead of 2.4.18-1-686-smp!
> hoping this warning is timely and not _too_ redundant,
:-)
Found out the hard way there is a 13.1 now tho' ...
--
T
On 14 Apr 2004 22:44:40 GMT
Paul Hink <[EMAIL PROTECTED]> wrote:
> Jeff Coppock <[EMAIL PROTECTED]> wrote:
>
> > On 14 Apr 2004 20:35:19 GMT Paul Hink <[EMAIL PROTECTED]> wrote:
> >
> >> Russell Coker <[EMAIL PROTECTED]> wrote:
> >>
> >> > Try this one:
> >> > CRON\[.*\]:( )?\(pam_unix\) sessio
68 matches
Mail list logo
