Re: Reaction to potential PGP schism

Hi Gioele-- On Thu 2023-12-21 11:02:06 +0100, Gioele Barabucci wrote: > On 21/12/23 04:16, Daniel Kahn Gillmor wrote: > As the Uploader of rust-sequoia-openpgp, what do you think of the > related sequoia-chameleon-gnupg project [1] (drop-in replacement for gpg > that uses sequoi

Re: Reaction to potential PGP schism

hey folks-- [ This message won't make sense unless the reader distinguishes clearly between OpenPGP the protocol and GnuPG the implementation! As a community we have a history of fuzzily conflating the two terms, which is one of the reasons that we're in this mess today. Please read

Re: Setting APT::Default-Release prevents installation of security updates in bookworm!?

enting security updates. Who do I contact about the archive aspects? FTP-master or the security-team? The security-team is in CC on the doc bugs so I'm hoping they will see it anyway. Thanks, --Daniel

Re: Setting APT::Default-Release prevents installation of security updates in bookworm!?

Hi Paul, On Fri, Jul 21, 2023 at 10:17:28AM +0800, Paul Wise wrote: > On Thu, 2023-07-20 at 22:12 +0200, Daniel Gröber wrote: > > > It seems packages from the debian-security repository are not affected by > > this increased priority and will not get in

Setting APT::Default-Release prevents installation of security updates in bookworm!?

l a kernel update from d-security that should get installed but doesn't. As soon as I remove the Default-Release line from apt.conf the update gets offered for installation. Has anyone else observed this or is something broken in my apt config somewhere? --Daniel

Re: deb.debian.org vs security.debian.org

Georgi Naplatanov wrote: > I have no opinion but found this > https://wiki.debian.org/SourcesList SZÉPE Viktor wrote: > And there is this > https://wiki.debian.org/NewInBullseye#Changes Both of these were referenced in my original message:

deb.debian.org vs security.debian.org

.html * https://lists.debian.org/debian-devel/2021/08/msg00167.html * https://lists.debian.org/debian-devel/2021/08/msg00172.html but no consensus. Thank you! Daniel Lewart Urbana, Illinois

Re: Misuse/Abuse

on > paste.debian.net. Clearly someone tries to run a command put as an address. Out of curiosity: Which kind of vulnerability are they trying to use here? Regards, Daniel -- Regards, Daniel Leidert | https://www.wgdd.de/ GPG-Key RSA4096 / BEED4DED5544A4C03E283DC74BCD0567C296D05D GPG-Key E

Bug#948634: debian-security-support: please elaborate on binutils' status

supported behind an authenticated HTTP zone for trusted users @Florian That linked message is yours; any objections from you? Thanks, Daniel P.S. Priority "important" since binutils' rdeps include dpkg-dev, gcc, and clang, so I assume this is quite visible.

Re: Why no security support for binutils? What to do about it?

> Some of its checks look inherently dangerous, e.g. the bash -n check for > shell syntax. Why would bash -n be dangerous? signature.asc Description: OpenPGP digital signature

Re: New wifite repo?

Hi Sophie! El mar., 10 de dic. de 2019 a la(s) 05:24, Sophie Brun (sop...@freexian.com) escribió: > Hi Daniel, > > > Le 26/11/2019 à 16:14, Daniel Echeverry a écrit : > > Hi! > > [..] > > I wrote to the upstream, and he will make a new release this weekend,

Bug#908678: Split file repo v2

as requested in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908678#139 we have created a data/CVE/.list repo ("v2") during MiniDebConf HH It is mirrored at Salsa: https://salsa.debian.org/dlange/debian_security_security-tracker_split_files_v2

Bug#908678: Update on the security-tracker git discussion

Am 06.06.19 um 07:31 schrieb Salvatore Bonaccorso: Could you again point me to your splitted up variant mirror? https://git.faster-it.de/debian_security_security-tracker_split_files/

Bug#908678: Update on the security-tracker git discussion

Zobel brought up the security-tracker git discussion in the #debian-security irc channel again and I'd like to record a few of the items touched there for others that were not present: DLange has a running mirror of the git repo with split files since three months. This is based on anarcat's

Bug#908678: Testing the filter-branch scripts

Am 13.11.18 um 23:09 schrieb Moritz Muehlenhoff: > The current data structure works very well for us and splitting the files > has many downsides. Could you detail what those many downsides are besides the scripts that need to be amended?

Bug#908678: Testing the filter-branch scripts

> The Python job finished successfully here after 10 hours. 6h40 mins here as I ported your improved logic to the python2 version :). # git filter-branch --tree-filter '/usr/bin/python2 /split-by-year.pyc' HEAD Rewrite 1169d256b27eb7244273671582cc08ba88002819 (68356/68357) (24226 seconds passed,

Bug#908678: Some more thoughts and some tests on the security-tracker git repo

The main issue is that we need to get clone and diff+render operations back into normal time frames. The salsa workers (e.g. to render a diff) time out after 60s. Similar time constraints are put onto other rendering frond-ends. Actually you can easily get Apache to segfault if you do not

new version of wifite

Hi Team! I am working a new version of wifite[1], Could someone check it out? Thank you very much! Regards [1]: https://salsa.debian.org/pkg-security-team/wifite/ -- Daniel Echeverry http://wiki.debian.org/DanielEcheverry http://rinconinformatico.net Linux user: #477840 Debian user

Re: Pantalla fija con dibujos bloquea el ordenador

alt+tab -- *Daniel Romo* d4nnr.blogspot.com.co #Blog_Personal El 11 de enero de 2018, 10:45, DANIEL ROMO<danielromogar...@gmail.com> escribió: > Hola > > puedes enviar un print screen ? (con tu celular) > > > amt+tab para cambiar de ventana es una solución > >

Re: Pantalla fija con dibujos bloquea el ordenador

Hola puedes enviar un print screen ? (con tu celular) amt+tab para cambiar de ventana es una solución ;) -- *Daniel Romo* d4nnr.blogspot.com.co #Blog_Personal El 11 de enero de 2018, 02:42, R Calleja<rcalle...@gmail.com> escribió: > Hola buenos dias, alquien puede ayudarme. &g

Re: Unsuscribe

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 You need to use the web form: https://www.debian.org/MailingLists/unsubscribe On 01/11/17 13:55, Donald Haley wrote: > Please unsuscribe me. > > Thanks -BEGIN PGP SIGNATURE-

Re: [SECURITY] [DSA 3909-1] samba security update

re. Thanks for jumping in and reporting this, I wasn't sure if I hadn't just messed up my apt-pinning... > The 32bit i386 packages on the hand are fine, probably because they > were built by a buildd. On an i386 VM the upgrade ran fine here as well. Cheers Daniel signature.asc Description: OpenPGP digital signature

Re: Some Debian package upgrades are corrupting rsync "quick check" backups

On 01/28/2017 03:51 PM, Holger Levsen wrote: > On Sat, Jan 28, 2017 at 03:04:56PM +0100, Daniel Reichelt wrote: >> I highly suspect this stems from packages' rules files supporting >> reproducible builds. > > I rather think this is due to binNMUs not modifying debian/change

Re: Some Debian package upgrades are corrupting rsync "quick check" backups

moving it into place (thus retaining the inode number). Cheers Daniel signature.asc Description: OpenPGP digital signature

CVE 2016-2107 OpenSSL 1.0.1e-2+deb7u21

OpenSSL 1.0.1e-2+deb7u21 purports to have fixed CVE-2016-2107. However, an SSL Labs check of a site running this version still comes up with the issue: https://www.ssllabs.com/ssltest/analyze.html?viaform=on=www.k2dls.net So which is correct, is the issue is resolved in the referencee version

Re: [SECURITY] [DSA 3654-1] quagga security update

unsubscrbe On Thu, Aug 25, 2016 at 11:03 PM, Sebastien Delafond wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > - > - > Debian Security Advisory DSA-3654-1

Re: [SECURITY] [DSA 3621-1] mysql-connector-java security update

Uhpppopppiujiki MN I have .. buy bio Yg.viuuu  On 18 Jul 2016 17:32, "Salvatore Bonaccorso" wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > - - > Debian Security Advisory DSA-3621-1

Re: Bug#791919: RFP: USBGuard -- protect your computer against rogue USB devices

=Licensing#License_of_Fedora_SPEC_Files The upstream repository (which includes the .spec file too) is licensed under GPLv2+. That's probably an inconsistency that I should fix... Regards, -- Daniel Kopeček Software Engineer, Special Projects Red Hat, Inc.

Re: Debian SHA-1 deprecation

On 19/05/16 03:17, Paul Wise wrote: > On Wed, May 18, 2016 at 9:20 PM, Daniel Pocock wrote: > >> Can anybody comment on how Debian users will be impacted by SHA-1 >> deprecation? > > There is some info related to that in these two wiki pages: > > https://w

Debian SHA-1 deprecation

Can anybody comment on how Debian users will be impacted by SHA-1 deprecation? In particular: - will libraries like OpenSSL and GnuTLS continue to support it in stretch and beyond? - will web servers like Apache support it in server certificates or certificate chains? - will web servers and

Re: Remove email

mv tiffanyryan2...@gmail.com /dev/null 2016-03-31 9:42 GMT-05:00 Tiffany Ryan <tiffanyryan2...@gmail.com>: > Please remove my email from you system > > tiffanyryan2...@gmail.com > -- "La imaginación es más importante que el conocimiento. Einstein" *Daniel

Re: [SECURITY] [DSA 3355-2] libvdpau regression update

e. Thanks for the quick fix! Daniel

Re: [SECURITY] [DSA 3355-2] libvdpau regression update

Hi * the amd64 build for 0.8-3+deb8u2 seems to be missing from [1]. Is this an error or am I missing something? Thanks Daniel [1] http://security.debian.org/pool/updates/main/libv/libvdpau/ On 11/02/2015 08:27 PM, Alessandro Ghedini wrote

Re: Verification of netboot installer and firmware files

On 09/06/2015 07:14 PM, Paul Wise wrote: > On Sun, Sep 6, 2015 at 10:20 AM, Daniel Reichelt wrote: > >> [1] >> http://ftp.nl.debian.org/debian/dists/stretch/main/installer-amd64/current/images/ > > ftp://ftp.debian.org/debian/dists/stretch/Release > ftp://ftp.debi

Verification of netboot installer and firmware files

missing s.th.? Looking forward to suggestions! If I'm really the first one to bring this up: IMHO the simplest solution would be to gpg-sign the hash lists under [1]/[2] and provide signed hash lists for [3] as well. Thanks Daniel [1] http://ftp.nl.debian.org/debian/dists/stretch/main

Re: are unattended updates a good idea?

like needsrestart and apt-listchanges, and a test suite for your applications to check if they still work with the new packages and that every service is back to normal afterwards. Just sharing my thoughts about this. - Daniel -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 21:28, Daniel Pocock wrote: On 08/12/14 21:16, Kurt Roeckx wrote: On Mon, Dec 08, 2014 at 08:17:53PM +0100, Daniel Pocock wrote: If I understand your reply correctly, the version in Ubuntu and Fedora will still talk TLS 1.0 with the version now waiting in jessie? Yes. Do

SSL 3.0 and older ciphers selected in applications

it would help avoid situations where the package needs to be recompiled to deal with security patching and therefore reduce the burden on the security updates process. If it will help the release team, is there anybody from the security team who could review the changes in my debdiff? Regards, Daniel

Re: Bug#772487: SSL 3.0 and older ciphers selected in applications

On 08/12/14 10:20, Adam D. Barratt wrote: On Mon, 2014-12-08 at 09:16 +0100, Daniel Pocock wrote: [...] If it will help the release team, is there anybody from the security team who could review the changes in my debdiff? Note that debian-security@lists.debian.org is not a contact address

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 10:48, Thijs Kinkhorst wrote: Hi Daniel, On Mon, December 8, 2014 09:16, Daniel Pocock wrote: I've made some changes to TLS code in reSIProcate - setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method() - adding configuration options to override the options

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 11:12, Kurt Roeckx wrote: On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote: Hi all, I've made some changes to TLS code in reSIProcate - setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method() This has no effect in jessie. SSLv2 and SSLv3

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 12:04, Thijs Kinkhorst wrote: On Mon, December 8, 2014 11:17, Daniel Pocock wrote: In the library package (libresiprocate-1.9.deb) there is no default SSL/TLS mode. It uses whatever the project using the library selects. If some developer wants to enable dynamic selection of TLS

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 12:36, Kurt Roeckx wrote: On Mon, Dec 08, 2014 at 11:42:28AM +0100, Daniel Pocock wrote: On 08/12/14 11:12, Kurt Roeckx wrote: On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote: Hi all, I've made some changes to TLS code in reSIProcate - setting OpenSSL's

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 13:53, Kurt Roeckx wrote: On Mon, Dec 08, 2014 at 01:20:39PM +0100, Daniel Pocock wrote: Just one other point: if somebody is trying sending the client hello using SSL v2 record layer but indicating support for TLS v1.0, should TLSv1_method or SSLv23_method accept that? I would

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 18:58, Kurt Roeckx wrote: On Mon, Dec 08, 2014 at 02:35:00PM +0100, Daniel Pocock wrote: I have no idea what technology is in use in the remote/client system. If my server socket is using TLSv1_method it is rejecting the connection and logging those errors on my server: error

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 19:25, Kurt Roeckx wrote: On Mon, Dec 08, 2014 at 07:22:33PM +0100, Daniel Pocock wrote: Will the TLSv1 method be removed in jessie or while jessie is still supported? This is something post jessie. Is it something that is going to happen with Ubuntu releases next year (e.g

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 20:06, Kurt Roeckx wrote: On Mon, Dec 08, 2014 at 07:42:54PM +0100, Daniel Pocock wrote: Is it something that is going to happen with Ubuntu releases next year (e.g. April 2015)? If so, it means that the repro package in jessie won't talk to a repro package in Ubuntu. I

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 21:16, Kurt Roeckx wrote: On Mon, Dec 08, 2014 at 08:17:53PM +0100, Daniel Pocock wrote: If I understand your reply correctly, the version in Ubuntu and Fedora will still talk TLS 1.0 with the version now waiting in jessie? Yes. Do you believe it would be reasonable for me

Re: [SECURITY] [DSA 3074-1] php5 security update

Just filed a bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770105 cheers daniel -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/546bc6d3.9040

Re: [Reproducible-builds] concrete steps for improving apt downloading security and privacy

On 09/22/2014 04:07 AM, Elmar Stellnberger wrote: Am 22.09.14 um 01:52 schrieb Paul Wise: The Debian archive does not allow files to change their checksum, so every signature addition requires a new version number. That sounds like a bad idea to me. Yes, that is something we definitely do

Re: [Reproducible-builds] concrete steps for improving apt downloading security and privacy

On 09/21/2014 02:04 PM, Elmar Stellnberger wrote: a well programmed dpkg-cmp. ... and as long as the tool should not be available simply un-ar and compare the data.tar.gz-s. fwiw, this suggestion fails to compare the contents of control.tar.gz, which includes the maintainer scripts (preinst,

Re: [Reproducible-builds] concrete steps for improving apt downloading security and privacy

On 09/19/2014 06:07 AM, Elmar Stellnberger wrote: Isn`t there really any way to include the signatures in the header of the .deb files? Why not simply add multiple signature files in the control.tar.gz of a .deb just next to the md5sums which should in deed be a sha256sums (otherwise there

Re: [Reproducible-builds] concrete steps for improving apt downloading security and privacy

On 09/19/2014 12:34 AM, Paul Wise wrote: On Fri, Sep 19, 2014 at 9:30 AM, Hans-Christoph Steiner wrote: Finally did this: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762153 Please note that you proposal to add signatures to .deb files will break reproducible builds because the hash

Re: vacation mail

in the knowledge that they would not be back in the office to deal with the problem until August 25th. Such vacation mails would make my job alot easier. IT is fortunate for the senders of such mails that I am not a malicious individual. Best regards, Daniel On 6 Aug 2014, at 09:49, Grond wrote

Re: [SECURITY] [DSA 2972-1] linux security update

Thank You S. B. very much. now all I have to do; is Buy a new PC. Thanks again, dth On Sun, Jul 6, 2014 at 9:16 AM, Salvatore Bonaccorso car...@debian.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - -

Re: concrete steps for improving apt downloading security and privacy

I don't understand why so much noise on this subject. Https for Debian mirrors and a server centralized, maintained and owned by Debian for debsig-verify / debsums packages it will be enough, at least for the next years. PS: from now on I will filter out any email regarding nsa, debian

Re: concrete steps for improving apt downloading security and privacy

On Mon, Jul 07, 2014 at 02:54:15PM -0400, Hans-Christoph Steiner wrote: Do you have another idea for making it difficult for network observers to keep track of the software people are using? Well, you can always mirror the entire repository and configure your server/desktop to use that

Re: [SECURITY] [DSA 2968-1] gnupg2 security update

what should I do with the Above gobble-D-GOOK? even my usb Flashdrives Are wiped!, (not by me!). On Fri, Jun 27, 2014 at 1:14 AM, Salvatore Bonaccorso car...@debian.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 -

Re: [SECURITY] [DSA 2970-1] cacti security update

What am I supposed to Download this ONTO? PC I'm ON, is a PUBLIC Library PC. all of MY USB Flash-Drive are Wiped Clean. gobble-D-Gook = incomprehensible Material. On Sun, Jun 29, 2014 at 10:58 AM, Moritz Muehlenhoff j...@debian.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 -

Re: Debian mirrors and MITM

On Fri, May 30, 2014 at 11:50:32PM +1000, Alfie John wrote: Several times (public and private) I tried to explain how the download of APT (the binary itself) on an initial Debian install could be compromised via MITM since it's over plaintext. Then the verification of packages could simply be

Re: Debians security features: Which are active?

(linked to earlier) difficult to understand and apply in this regard. Daniel Cédric Lemarchand wrote: Please, honestly, do you know what every features in this list does, how they could be benefit for you and in which way ? Or did your choice will *only* be based on the number of supported

RE: [SECURITY] [DSA 2926-1] linux security update

Die CVE-2014-0196 is wel interessant Local kernel DoS || privilege escalation Original message From: Moritz Muehlenhoff j...@debian.org Date: 12/05/2014 17:59 (GMT+01:00) To: debian-security-annou...@lists.debian.org Subject: [SECURITY] [DSA 2926-1] linux security update

Re: [SECURITY] [DSA 2896-1] openssl security update

exploit this vulnerability against our site: http://filippo.io/Heartbleed/#noflag.org.uk https://www.ssllabs.com/ssltest/analyze.html?d=noflag.org.uk What could be going on here? Thanks in advance for all your help, Daniel Salvatore Bonaccorso wrote

Re: Aw: Re: [SECURITY] [DSA 2896-1] openssl security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Thank you all for your help. Mod_spdy has a statically-linked vulnerable version of OpenSSL. After the standard update we are no longer vulnerable. Daniel Estelmann, Christian wrote: Your server talks spdy. Have you upgraded mod_spdy to 0.9.4.2

Re: Four people decided the fate of debian with systemd. Bad faith likely

On 2 March 2014 10:53:51 WET, Jack j...@jackpot.uk.net wrote: Systemd scares me. As far as I can see it does a lot of things right (in some cases these are things that no other contender does right); I'm not going to try to enumerate those things, that's been one elsewhere. But the way systemd has

Re: [SECURITY] [DSA 2856-1] libcommons-fileupload-java security update

Unsubscribe Daniel On Feb 8, 2014 1:00 AM, Florian Weimer f...@deneb.enyo.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2856-1 secur...@debian.org http

Re: Enhancements/enabled hardening flags in Wheezy pkgs/release.

Hello everyone Thanks for yours opinions. Yes, I know that AppArmor is available in Debian. That's good. It's just fine, that there is a possibilities to choose between SELinux and AppArmor. Unfortunately, I can help only with creating profiles for a various applications. For now, I'm trying to

Re: Enhancements/enabled hardening flags in Wheezy pkgs/release.

Hello everyone, Michael web site with a statistic I've watching for time to time. Also *Debian* Hardening wiki page I studied a couple of time. ** *There is a lintian check for setuid binaries (...) *** * There isn't really any group effort tackling or monitoring *** * the assortment of useful

Enhancements/enabled hardening flags in Wheezy pkgs/release.

Hi Moritz, 90 percent of the hardening via '*dpkg-buildflags*'? That's a good information. I'd hoped, that the majority of all base packages and that's security-sensitive will be protected well. It's really a huge satisfaction. One more thing - does Debian include something like e.g. Ubuntu or

Enhancements/enabled hardening flags in Wheezy pkgs/release.

Hello everyone, Before Wheezy release we could find a web site, which contained notices about update as many packages as possible to use security hardening build flags via 'dpkg-buildflags'. Also, there could be found a note about packages that should have build flags enabled before the Wheezy

Re: Compromising Debian Repositories

On Mon, Aug 5, 2013 at 9:17 AM, intrigeri intrig...@debian.org wrote: I need a reality check, as it's unclear to me what are the goals of this discussion. I don't think there are any goals. I asked it just to understand if it would be possible to do what I was thinking (apparently, it is) and

Re: Compromising Debian Repositories

I am really sorry if you think it's rude to start a topic here without subscribing. I thought that it was acceptable, since a lot of people do it in debian-users (I know it has a lot more volume than this one) and it's the default action when you click on Reply to All in most clients (well,

Re: Compromising Debian Repositories

On Sun, Aug 4, 2013 at 2:55 PM, Michael Stone mst...@debian.org wrote: On Sun, Aug 04, 2013 at 10:12:40AM +0200, Heimo Stranner wrote: I think the real issue is about if the malicious patch is not part of the source package Why? It certainly makes your argument simpler if you arbitrarily

Compromising Debian Repositories

I was reading this [1] article and it brought a question do my mind: How hard would it be for the FBI or the NSA or the CIA to have a couple of agents infiltrated as package mantainers and seeding compromised packages to the official repositories? Could they submit an uncompromised source and

Re: INVALID state and no known connection.

Hi Rolf. *The information about connections is stored in * * /proc/net/ip_conntrack. The maximum connections * * (...) in /proc/sys/net/ipv4/netfilter/ip_conntrack_max* I checked these values and it looks this way; # cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max 55740 # cat

Re: INVALID state and no known connection.

, at 11:34 AM, Daniel Curtis sidetripp...@gmail.com wrote: Hi Mr Rolf Okay, I will check these values; /proc/net/ip_conntrack etc. Generally it is normal, that there are INVALID connections, right? Yes, I'm seeing this syslog tag. Should I remove it from my iptables script (e.g. -j LOG

INVALID state and no known connection.

Hi As we know iptables INVALID state means, that the packet is associated with no known connection, right? So, if I have a lot of INVALID entries in my log files, does it means, that something is wrong? Hidden process etc.? An example of logged entries; t4 kernel: [18776.221378] [INVALID in]

Re: INVALID state and no known connection.

Hi andika. Another INVALID packet description. I read a lot of information and I don't know what is the truth. Frankly, the first time I see a description, which concerns RAM memory. So, I have a 1 GB of RAM memory. Just for example; free -m command result; used: 640, free: 230 and top command;

Re: [SECURITY] [DSA 2631-1] squid3 security update

thank You, Salvatore B. gonna try this today. On Sun, Feb 24, 2013 at 2:51 AM, Salvatore Bonaccorso car...@debian.orgwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2630-1

Re: [SECURITY] [DSA 2612-2] ircd-ratbox update

thank you, guys. will make use of it. On 2/10/13, Moritz Muehlenhoff j...@debian.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2612-2 secur...@debian.org

Re: NULL Scan issues or something else?

Hi Mr Edwin Yes, I have this rule and is responsible for the established/related connections. This rule is almost at the very end of the INPUT chain. * (...) before the rule that logs/drops your packets?* Do you mean those strange packages mentioned in the first mail, right? Frankly, not; This

Re: NULL Scan issues or something else?

Hi Mr Erwan So, everything is okay? Even these strange logs mentioned earlier? I'm still curious about this rule; *SYN,RST, ACK,FIN, PSH,URG, SYN,RST,ACK, FIN,PSH,URG* What do you mean by writing, that I should not contact servers? Best regards!

Re: NULL Scan issues or something else?

Hi Mr Erwan Let's summarize: these logs are normal and are not something... *bad*. Even if there are many IP's connections (*INVALID*) probes. I understand, that I should have not contact with the servers. Okay, but if those servers are providing e.g. a website, which I visit? How to avoid them?

Re: Iceweasel ESR 10 security update.

Hi Mr Mestnik I'm just curious why Debian does not publish updated versions of the packages as soon as possible. Especially, when it comes to the security updates. Other distributions are doing it much faster. Personally, I do not like to use the applications that I know, it is vulnerable. As I

Iceweasel ESR 10 security update.

Hi Whether the Iceweasel 10.0.11 ESR package can be updated a little faster due to several security issues? On January 8 Mozilla published about 20 Security Advisories[1]. Many distributions already have updated Firefox to the latest 18 and 10.0.12 ESR versions[2]. According to the website for

Re: Linux 3.2: backports some features from mainline kernel (3.7)?

Hi Mr Cyril, Thank you for pointing out this website. I completely forgot about it and definitely, I should look there first, before writing a message here. I did not look over this web site (Changlelog for 3.2.X) for a long time, because for now, I am still using a linux-2.6 on all of my

Linux 3.2: backports some features from mainline kernel (3.7)?

Hi, Kernel 3.7 is officially out. This Linux release includes many improvements practically in every aspect. Many changes also concerns security. Very interesting are: Cryptographically-signed kernel modules and - long awaited - symlink and hardlink restrictions (already in Linux 3.6), but it

Re: Zero Day MySQL Buffer Overflow

Hi Thijs! Okay now everything is clear. Regards!

Re: About default init umask , and kernel umask, cron umask

(...) so a good umask may be set there for init. Hi, and a good setting for umask is? I know that it depends on many things, but what do you think? Cheers

Re: Zero Day MySQL Buffer Overflow

Hi, Thank You, I should look there first (Security Tracker). But I see, that two of three CVE's are marked as 'vulnerable' for all branches; stable, testing and unstable. Frankly, only first CVE is Fixed for Squeeze. It is normal? Regards!

Zero Day MySQL Buffer Overflow

Hi, I would like to inform about a new stack-based buffer overflow vulnerability for MySQL. The following CVEs have been assigned to track this MySQL vulnerability: CVE-2012-5611 MySQL (Linux) Stack based buffer overrun PoC Zeroday CVE-2012-5612 MySQL (Linux) Heap Based Overrun PoC Zeroday

Re: [SECURITY] [DSA 2550-1] asterisk security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Moritz Please test/report, whether the packages located at http://people.debian.org/~jmm/ fix the problem for you. Could you please publish the source package as well? And is this going to go into squeeze-updates eventually? Cheers Daniel

Re: Hardening Debian

Thanks guys. I've received quite a massive response it seems. All the information I was looking for. Thanks again, Dan On Wed, Nov 24, 2010 at 10:48 AM, Daniel Hood dsmh...@gmail.com wrote: Does anyone have a good checklist or script to harden a vanilla debian box after installation? Dan

Hardening Debian

Does anyone have a good checklist or script to harden a vanilla debian box after installation? Dan -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive:

Re: [SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities

Hi Debian Security folks-- On 03/10/2010 01:18 PM, dann frazier wrote: Debian Security Advisory DSA-2010 secur...@debian.org http://www.debian.org/security/ Dann Frazier March 10,

Re: [SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities

On 03/10/2010 02:49 PM, dann frazier wrote: On Wed, Mar 10, 2010 at 02:18:38PM -0500, Daniel Kahn Gillmor wrote: It's not clear to me from the instructions above whether users should re-build their kvm modules package as well as installing the revised versions. Is the vulnerability fully

[Fwd: Re: [SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities]

sorry, this proposed boilerplate change was meant to go to the list, not just to dann. Thanks for all your work, folks. --dkg ---BeginMessage--- On 03/10/2010 04:53 PM, dann frazier wrote: On Wed, Mar 10, 2010 at 04:09:48PM -0500, Daniel Kahn Gillmor wrote: So would the 4th be fixed

Re: GnuPG 1.4.10 RC1 available from Debian Experimental

://bugs.g10code.com/gnupg/issue931 (for example) Regards, Daniel -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Study: Attacks on package managers (inclusing apt)

regarding this study, so I hereby start this thread). Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Unofficial fix for the Ruby vulnerabilities announced yesterday

Since the security team hasn't released a fix or an advisory yet for the Ruby vulnerabilites discovered yesterday, I've rolled my own as a stopgap. See http://dfranke.us/rubyfix.txt -- Daniel Franke [EMAIL PROTECTED] http://www.dfranke.us

  1   2   3   4   5   >