Compromising Debian Repositories

I was reading this [1] article and it brought a question do my mind: How hard would it be for the FBI or the NSA or the CIA to have a couple of agents infiltrated as package mantainers and seeding compromised packages to the official repositories? Could they submit an uncompromised source and

Re: Compromising Debian Repositories

I am really sorry if you think it's rude to start a topic here without subscribing. I thought that it was acceptable, since a lot of people do it in debian-users (I know it has a lot more volume than this one) and it's the default action when you click on Reply to All in most clients (well,

Re: Compromising Debian Repositories

On Sun, Aug 4, 2013 at 2:55 PM, Michael Stone mst...@debian.org wrote: On Sun, Aug 04, 2013 at 10:12:40AM +0200, Heimo Stranner wrote: I think the real issue is about if the malicious patch is not part of the source package Why? It certainly makes your argument simpler if you arbitrarily

Re: Compromising Debian Repositories

On Mon, Aug 5, 2013 at 9:17 AM, intrigeri intrig...@debian.org wrote: I need a reality check, as it's unclear to me what are the goals of this discussion. I don't think there are any goals. I asked it just to understand if it would be possible to do what I was thinking (apparently, it is) and

Enhancements/enabled hardening flags in Wheezy pkgs/release.

Hello everyone, Before Wheezy release we could find a web site, which contained notices about update as many packages as possible to use security hardening build flags via 'dpkg-buildflags'. Also, there could be found a note about packages that should have build flags enabled before the Wheezy

Enhancements/enabled hardening flags in Wheezy pkgs/release.

Hi Moritz, 90 percent of the hardening via '*dpkg-buildflags*'? That's a good information. I'd hoped, that the majority of all base packages and that's security-sensitive will be protected well. It's really a huge satisfaction. One more thing - does Debian include something like e.g. Ubuntu or

Re: Enhancements/enabled hardening flags in Wheezy pkgs/release.

Hello everyone, Michael web site with a statistic I've watching for time to time. Also *Debian* Hardening wiki page I studied a couple of time. ** *There is a lintian check for setuid binaries (...) *** * There isn't really any group effort tackling or monitoring *** * the assortment of useful

Re: Enhancements/enabled hardening flags in Wheezy pkgs/release.

Hello everyone Thanks for yours opinions. Yes, I know that AppArmor is available in Debian. That's good. It's just fine, that there is a possibilities to choose between SELinux and AppArmor. Unfortunately, I can help only with creating profiles for a various applications. For now, I'm trying to

Re: [SECURITY] [DSA 2856-1] libcommons-fileupload-java security update

Unsubscribe Daniel On Feb 8, 2014 1:00 AM, Florian Weimer f...@deneb.enyo.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2856-1 secur...@debian.org http

Re: Four people decided the fate of debian with systemd. Bad faith likely

On 2 March 2014 10:53:51 WET, Jack j...@jackpot.uk.net wrote: Systemd scares me. As far as I can see it does a lot of things right (in some cases these are things that no other contender does right); I'm not going to try to enumerate those things, that's been one elsewhere. But the way systemd has

RE: [SECURITY] [DSA 2926-1] linux security update

Die CVE-2014-0196 is wel interessant Local kernel DoS || privilege escalation Original message From: Moritz Muehlenhoff j...@debian.org Date: 12/05/2014 17:59 (GMT+01:00) To: debian-security-annou...@lists.debian.org Subject: [SECURITY] [DSA 2926-1] linux security update

Re: [SECURITY] [DSA 3074-1] php5 security update

Just filed a bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770105 cheers daniel -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/546bc6d3.9040

SSL 3.0 and older ciphers selected in applications

it would help avoid situations where the package needs to be recompiled to deal with security patching and therefore reduce the burden on the security updates process. If it will help the release team, is there anybody from the security team who could review the changes in my debdiff? Regards, Daniel

Re: Bug#772487: SSL 3.0 and older ciphers selected in applications

On 08/12/14 10:20, Adam D. Barratt wrote: On Mon, 2014-12-08 at 09:16 +0100, Daniel Pocock wrote: [...] If it will help the release team, is there anybody from the security team who could review the changes in my debdiff? Note that debian-security@lists.debian.org is not a contact address

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 10:48, Thijs Kinkhorst wrote: Hi Daniel, On Mon, December 8, 2014 09:16, Daniel Pocock wrote: I've made some changes to TLS code in reSIProcate - setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method() - adding configuration options to override the options

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 11:12, Kurt Roeckx wrote: On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote: Hi all, I've made some changes to TLS code in reSIProcate - setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method() This has no effect in jessie. SSLv2 and SSLv3

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 12:04, Thijs Kinkhorst wrote: On Mon, December 8, 2014 11:17, Daniel Pocock wrote: In the library package (libresiprocate-1.9.deb) there is no default SSL/TLS mode. It uses whatever the project using the library selects. If some developer wants to enable dynamic selection of TLS

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 12:36, Kurt Roeckx wrote: On Mon, Dec 08, 2014 at 11:42:28AM +0100, Daniel Pocock wrote: On 08/12/14 11:12, Kurt Roeckx wrote: On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote: Hi all, I've made some changes to TLS code in reSIProcate - setting OpenSSL's

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 13:53, Kurt Roeckx wrote: On Mon, Dec 08, 2014 at 01:20:39PM +0100, Daniel Pocock wrote: Just one other point: if somebody is trying sending the client hello using SSL v2 record layer but indicating support for TLS v1.0, should TLSv1_method or SSLv23_method accept that? I would

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 18:58, Kurt Roeckx wrote: On Mon, Dec 08, 2014 at 02:35:00PM +0100, Daniel Pocock wrote: I have no idea what technology is in use in the remote/client system. If my server socket is using TLSv1_method it is rejecting the connection and logging those errors on my server: error

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 19:25, Kurt Roeckx wrote: On Mon, Dec 08, 2014 at 07:22:33PM +0100, Daniel Pocock wrote: Will the TLSv1 method be removed in jessie or while jessie is still supported? This is something post jessie. Is it something that is going to happen with Ubuntu releases next year (e.g

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 20:06, Kurt Roeckx wrote: On Mon, Dec 08, 2014 at 07:42:54PM +0100, Daniel Pocock wrote: Is it something that is going to happen with Ubuntu releases next year (e.g. April 2015)? If so, it means that the repro package in jessie won't talk to a repro package in Ubuntu. I

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 21:16, Kurt Roeckx wrote: On Mon, Dec 08, 2014 at 08:17:53PM +0100, Daniel Pocock wrote: If I understand your reply correctly, the version in Ubuntu and Fedora will still talk TLS 1.0 with the version now waiting in jessie? Yes. Do you believe it would be reasonable for me

Re: SSL 3.0 and older ciphers selected in applications

On 08/12/14 21:28, Daniel Pocock wrote: On 08/12/14 21:16, Kurt Roeckx wrote: On Mon, Dec 08, 2014 at 08:17:53PM +0100, Daniel Pocock wrote: If I understand your reply correctly, the version in Ubuntu and Fedora will still talk TLS 1.0 with the version now waiting in jessie? Yes. Do

Re: [SECURITY] [DSA 3355-2] libvdpau regression update

e. Thanks for the quick fix! Daniel

Re: [SECURITY] [DSA 3355-2] libvdpau regression update

Hi * the amd64 build for 0.8-3+deb8u2 seems to be missing from [1]. Is this an error or am I missing something? Thanks Daniel [1] http://security.debian.org/pool/updates/main/libv/libvdpau/ On 11/02/2015 08:27 PM, Alessandro Ghedini wrote

Re: Verification of netboot installer and firmware files

On 09/06/2015 07:14 PM, Paul Wise wrote: > On Sun, Sep 6, 2015 at 10:20 AM, Daniel Reichelt wrote: > >> [1] >> http://ftp.nl.debian.org/debian/dists/stretch/main/installer-amd64/current/images/ > > ftp://ftp.debian.org/debian/dists/stretch/Release > ftp://ftp.debi

Verification of netboot installer and firmware files

missing s.th.? Looking forward to suggestions! If I'm really the first one to bring this up: IMHO the simplest solution would be to gpg-sign the hash lists under [1]/[2] and provide signed hash lists for [3] as well. Thanks Daniel [1] http://ftp.nl.debian.org/debian/dists/stretch/main

Re: Remove email

mv tiffanyryan2...@gmail.com /dev/null 2016-03-31 9:42 GMT-05:00 Tiffany Ryan <tiffanyryan2...@gmail.com>: > Please remove my email from you system > > tiffanyryan2...@gmail.com > -- "La imaginación es más importante que el conocimiento. Einstein" *Daniel

Re: Bug#791919: RFP: USBGuard -- protect your computer against rogue USB devices

=Licensing#License_of_Fedora_SPEC_Files The upstream repository (which includes the .spec file too) is licensed under GPLv2+. That's probably an inconsistency that I should fix... Regards, -- Daniel Kopeček Software Engineer, Special Projects Red Hat, Inc.

Re: Debian SHA-1 deprecation

On 19/05/16 03:17, Paul Wise wrote: > On Wed, May 18, 2016 at 9:20 PM, Daniel Pocock wrote: > >> Can anybody comment on how Debian users will be impacted by SHA-1 >> deprecation? > > There is some info related to that in these two wiki pages: > > https://w

Debian SHA-1 deprecation

Can anybody comment on how Debian users will be impacted by SHA-1 deprecation? In particular: - will libraries like OpenSSL and GnuTLS continue to support it in stretch and beyond? - will web servers like Apache support it in server certificates or certificate chains? - will web servers and

Re: [SECURITY] [DSA 3621-1] mysql-connector-java security update

Uhpppopppiujiki MN I have .. buy bio Yg.viuuu  On 18 Jul 2016 17:32, "Salvatore Bonaccorso" wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > - - > Debian Security Advisory DSA-3621-1

Re: Some Debian package upgrades are corrupting rsync "quick check" backups

moving it into place (thus retaining the inode number). Cheers Daniel signature.asc Description: OpenPGP digital signature

Re: Some Debian package upgrades are corrupting rsync "quick check" backups

On 01/28/2017 03:51 PM, Holger Levsen wrote: > On Sat, Jan 28, 2017 at 03:04:56PM +0100, Daniel Reichelt wrote: >> I highly suspect this stems from packages' rules files supporting >> reproducible builds. > > I rather think this is due to binNMUs not modifying debian/change

Re: [SECURITY] [DSA 3654-1] quagga security update

unsubscrbe On Thu, Aug 25, 2016 at 11:03 PM, Sebastien Delafond wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > - > - > Debian Security Advisory DSA-3654-1

Re: [SECURITY] [DSA 3909-1] samba security update

re. Thanks for jumping in and reporting this, I wasn't sure if I hadn't just messed up my apt-pinning... > The 32bit i386 packages on the hand are fine, probably because they > were built by a buildd. On an i386 VM the upgrade ran fine here as well. Cheers Daniel signature.asc Description: OpenPGP digital signature

Re: Unsuscribe

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 You need to use the web form: https://www.debian.org/MailingLists/unsubscribe On 01/11/17 13:55, Donald Haley wrote: > Please unsuscribe me. > > Thanks -BEGIN PGP SIGNATURE-

new version of wifite

Hi Team! I am working a new version of wifite[1], Could someone check it out? Thank you very much! Regards [1]: https://salsa.debian.org/pkg-security-team/wifite/ -- Daniel Echeverry http://wiki.debian.org/DanielEcheverry http://rinconinformatico.net Linux user: #477840 Debian user

Re: Pantalla fija con dibujos bloquea el ordenador

alt+tab -- *Daniel Romo* d4nnr.blogspot.com.co #Blog_Personal El 11 de enero de 2018, 10:45, DANIEL ROMO<danielromogar...@gmail.com> escribió: > Hola > > puedes enviar un print screen ? (con tu celular) > > > amt+tab para cambiar de ventana es una solución > >

Re: Pantalla fija con dibujos bloquea el ordenador

Hola puedes enviar un print screen ? (con tu celular) amt+tab para cambiar de ventana es una solución ;) -- *Daniel Romo* d4nnr.blogspot.com.co #Blog_Personal El 11 de enero de 2018, 02:42, R Calleja<rcalle...@gmail.com> escribió: > Hola buenos dias, alquien puede ayudarme. &g

Bug#908678: Testing the filter-branch scripts

> The Python job finished successfully here after 10 hours. 6h40 mins here as I ported your improved logic to the python2 version :). # git filter-branch --tree-filter '/usr/bin/python2 /split-by-year.pyc' HEAD Rewrite 1169d256b27eb7244273671582cc08ba88002819 (68356/68357) (24226 seconds passed,

Bug#908678: Testing the filter-branch scripts

Am 13.11.18 um 23:09 schrieb Moritz Muehlenhoff: > The current data structure works very well for us and splitting the files > has many downsides. Could you detail what those many downsides are besides the scripts that need to be amended?

Bug#908678: Some more thoughts and some tests on the security-tracker git repo

The main issue is that we need to get clone and diff+render operations back into normal time frames. The salsa workers (e.g. to render a diff) time out after 60s. Similar time constraints are put onto other rendering frond-ends. Actually you can easily get Apache to segfault if you do not

Bug#908678: Update on the security-tracker git discussion

Zobel brought up the security-tracker git discussion in the #debian-security irc channel again and I'd like to record a few of the items touched there for others that were not present: DLange has a running mirror of the git repo with split files since three months. This is based on anarcat's

Bug#908678: Update on the security-tracker git discussion

Am 06.06.19 um 07:31 schrieb Salvatore Bonaccorso: Could you again point me to your splitted up variant mirror? https://git.faster-it.de/debian_security_security-tracker_split_files/

Bug#908678: Split file repo v2

as requested in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908678#139 we have created a data/CVE/.list repo ("v2") during MiniDebConf HH It is mirrored at Salsa: https://salsa.debian.org/dlange/debian_security_security-tracker_split_files_v2

Re: New wifite repo?

Hi Sophie! El mar., 10 de dic. de 2019 a la(s) 05:24, Sophie Brun (sop...@freexian.com) escribió: > Hi Daniel, > > > Le 26/11/2019 à 16:14, Daniel Echeverry a écrit : > > Hi! > > [..] > > I wrote to the upstream, and he will make a new release this weekend,

Bug#948634: debian-security-support: please elaborate on binutils' status

supported behind an authenticated HTTP zone for trusted users @Florian That linked message is yours; any objections from you? Thanks, Daniel P.S. Priority "important" since binutils' rdeps include dpkg-dev, gcc, and clang, so I assume this is quite visible.

Re: Why no security support for binutils? What to do about it?

> Some of its checks look inherently dangerous, e.g. the bash -n check for > shell syntax. Why would bash -n be dangerous? signature.asc Description: OpenPGP digital signature

Re: Misuse/Abuse

on > paste.debian.net. Clearly someone tries to run a command put as an address. Out of curiosity: Which kind of vulnerability are they trying to use here? Regards, Daniel -- Regards, Daniel Leidert | https://www.wgdd.de/ GPG-Key RSA4096 / BEED4DED5544A4C03E283DC74BCD0567C296D05D GPG-Key E

deb.debian.org vs security.debian.org

.html * https://lists.debian.org/debian-devel/2021/08/msg00167.html * https://lists.debian.org/debian-devel/2021/08/msg00172.html but no consensus. Thank you! Daniel Lewart Urbana, Illinois

Re: deb.debian.org vs security.debian.org

Georgi Naplatanov wrote: > I have no opinion but found this > https://wiki.debian.org/SourcesList SZÉPE Viktor wrote: > And there is this > https://wiki.debian.org/NewInBullseye#Changes Both of these were referenced in my original message:

Setting APT::Default-Release prevents installation of security updates in bookworm!?

l a kernel update from d-security that should get installed but doesn't. As soon as I remove the Default-Release line from apt.conf the update gets offered for installation. Has anyone else observed this or is something broken in my apt config somewhere? --Daniel

Re: Setting APT::Default-Release prevents installation of security updates in bookworm!?

Hi Paul, On Fri, Jul 21, 2023 at 10:17:28AM +0800, Paul Wise wrote: > On Thu, 2023-07-20 at 22:12 +0200, Daniel Gröber wrote: > > > It seems packages from the debian-security repository are not affected by > > this increased priority and will not get in

Re: Setting APT::Default-Release prevents installation of security updates in bookworm!?

enting security updates. Who do I contact about the archive aspects? FTP-master or the security-team? The security-team is in CC on the doc bugs so I'm hoping they will see it anyway. Thanks, --Daniel

Re: IS THERE ANY INTELLIGENT LIFE AT YOUR END ATALL????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Um, can't this a**hole just use a filter or something? Oh wait, sorry, there isn't any intelligent life at your end either. Oops. --- Dan Chen [EMAIL PROTECTED] GPG key: www.cs.unc.edu/~chenda/pubkey.gpg.asc On Sat, 1 Sep 2001, Layne wrote: nothing worth a horse's a** -- To

Exim mail Problem

stop this from happening? Thanks in advance, Daniel J. Rychlik

Re: Security on an old machine

, it's working as one-disc firewall for our 384/64 kbit speed ADSL account, with routing between two 10 mbit ethernet card too. kernel 2.4.18, pppd, pppoe, limited iptables support. Working from a compressed filesystem loaded from floppy's 512. record. asd -- Daniel asd Vasarhelyi PGP key avaible

Re: ssh banner

. Tripwire or software like that will cry. Daniel Vasarhelyi -- Daniel asd Vasarhelyi PGP key avaible at http://asd.musichello.com/gpg-pub.key and public keyservers Key fingerprint = EA00 AF4D A83C 1122 0967 DDF5 27BC 390F 181F 9954 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject

Re: spam

be unnecessary too: spammers use non-existing mailbox names and if you generate an automaticed reply, your mailbox get's filled with Mail Deliverity Errors. In the other side, in this case sender gets a report message, lowering the risk you miss something important. Daniel -- Daniel asd

A new Banner for the new Year

Please accept this new banner that I created with Gimp and a Woody system. Its a small token of my appreciation to all my mentors at Debian Security. Sincerely Yours, Daniel J. Rychlik Debian GNU/Linux Advocate attachment: debian-banner2.jpg

Re: Gaim remote overflows (12x)

How about the stable version? On Tue, 2004-01-27 at 19:55, Adam D. Barratt wrote: On Tue, 2004-01-27 at 18:40, Daniel van Eeden wrote: Debian versions of gaim patched? http://security.e-matters.de/advisories/012004.html gaim 0.75-2 was uploaded a couple of hours ago. Changes: gaim

Fwd: Re: Gaim remote overflows (12x)

-Forwarded Message- From: Martin Schulze [EMAIL PROTECTED] To: Daniel van Eeden [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Gaim remote overflows (12x) Date: Tue, 27 Jan 2004 19:58:22 +0100 Daniel van Eeden wrote: Are the debian versions already patched? http

phpix remote root exploit

Someone used this bug to attack my system... My advice to all phpix users...chmod 700 /var/www/phpix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=229794 Daniel van Eeden [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL

Re: [ph.unimelb.edu.au #11] AutoReply: [SECURITY] [DSA 542-1] New Qt packages fix arbitrary code execution and denial of service

goal. It does provide some amusement to the rest of the world, however. :) Regards, Daniel -- There is no satisfaction in hanging a man who does not object to it. -- G. B. Shaw -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL

Re: updates to the apt keys?

Maybe include 10 keys in the distribution? key1: valid from 2003 untill 2004 key2: valid from 2004 untill 2005 key3: valid from 2005 untill 2006 etc. The keys should be kept apart from eachother in a safe. Daniel On Thu, 2004-12-30 at 13:38 +0100, martin f krafft wrote: Assume it's the end

screen lets local users on tty1 remove themselves from the output of w

information. It won't work if not connected to /dev/tty1 Could anybody confirm this? -- Daniel van Eeden [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part smime.p7s Description: S/MIME cryptographic signature

Re: screen lets local users on tty1 remove themselves from the output of w

I did reproduce it on my alpha running Debian 3.0 And it seems like I'm still logged on and all programs are just running fine and I can still use the bash prompt which executed screen. The last command says I'm still logged in, but w and who won't show my session. Daniel van Eeden [EMAIL

Re: [SECURITY] [DSA 643-1] New queue packages fix buffer overflows

+IAeqTIRAk5gAKCiF4/BxJKCS9sO/unLnxk20Q/IkwCgp1pG HTFfGLLM5sBKoRYUI5VqR3Y= =LOOJ -END PGP SIGNATURE- -- | /+\ \| | | David Croft Infotrek -- Daniel van Eeden [EMAIL PROTECTED] smime.p7s Description: S/MIME cryptographic signature

Re: [SECURITY] [DSA 660-1] New kdebase packages fix authentication bypass

: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFB98T+W5ql+IAeqTIRAo08AJ4j+/SVb0nAKIkwLxGOVfracoqP3QCeMk/0 CAgqM2quLUj7c9qrl95OeNY= =PU6m -END PGP SIGNATURE- -- Daniel van Eeden [EMAIL PROTECTED

Re: possible samba security problem

? -- Daniel van Eeden [EMAIL PROTECTED] smime.p7s Description: S/MIME cryptographic signature

Re: IS THERE ANY INTELLIGENT LIFE AT YOUR END AT ALL????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Um, can't this a**hole just use a filter or something? Oh wait, sorry, there isn't any intelligent life at your end either. Oops. --- Dan Chen [EMAIL PROTECTED] GPG key: www.cs.unc.edu/~chenda/pubkey.gpg.asc On Sat, 1 Sep 2001, Layne wrote: nothing worth a horse's a**

Re: Mutt tmp files

-BEGIN PGP SIGNED MESSAGE- On Friday 16 November 2001 11:21, Oyvind A. Holm wrote: On 2001-11-15 19:11 Florian Bantner wrote: Another thing is... You're a bit concerned that root can read your mail. A good advice is to never - NEVER place your private (secret) key on another machine

Re: Root is God? (was: Mutt tmp files)

-BEGIN PGP SIGNED MESSAGE- On Friday 16 November 2001 11:39, Mathias Gygax wrote: There is no way, nor any reason why, to setup a system in such a way that the maintainer of the system cannot maintain it. maintainer is someone else. root is there for serving the daemons.

Exim mail Problem

stop this from happening? Thanks in advance, Daniel J. Rychlik

RE: (fwd) OpenSSH trojan!

Should debian users be worried if they only install the pre built .deb package or should we evaluate the source and install the ssh from source? I guess the next question is Do I Have it? Sincerely, Daniel J. Rychlik Money does not make the world go round , Gravity does . -Original

Kuvert Application Problem

/tmpkuver.0.26244: No such file or directory. Any Ideas? Sincerely, Daniel J. Rychlik Money does not make the world go round , Gravity does .

Quick Question about the 2.2 Kernel and Iptables

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Quick Question about the 2.2 Kernel and Iptables, does the 2.2 kernel have support for Iptables? Im rebuilding my server tonight I need to know if the latest stable 2.2 will handle iptables. Sincerely, Daniel J. Rychlik Money does not make

Mail relay attempts

=mail.sopovico.pt (eircom.net) [194.38.132.105] 2002-08-26 19:36:25 refused relay (host) to [EMAIL PROTECTED] from [EMAIL PROTECTED] H=mail.sopovico.pt (eircom.net) [194.38.132.105] Sincerely, Daniel J. Rychlik Money does not make the world go round , Gravity does . -BEGIN PGP SIGNATURE

RE: Mail relay attempts

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 If you use Iptables and you block spoofed addresses with Iptables, will that stop the spoofing in their tracks, therefore decreasing the chance of a DOS? Sincerely, Daniel J. Rychlik Money does not make the world go round , Gravity does

RE: suspicious apache log entries

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 'nod', agreed Geoff. Sincerely, Daniel J. Rychlik Money does not make the world go round , Gravity does . - -Original Message- From: Geoff Crompton [mailto:[EMAIL PROTECTED] On Behalf Of Geoff Crompton Sent: Tuesday, September 10

Re: Security on an old machine

, it's working as one-disc firewall for our 384/64 kbit speed ADSL account, with routing between two 10 mbit ethernet card too. kernel 2.4.18, pppd, pppoe, limited iptables support. Working from a compressed filesystem loaded from floppy's 512. record. asd -- Daniel asd Vasarhelyi PGP key avaible

Re: ssh banner

. Tripwire or software like that will cry. Daniel Vasarhelyi -- Daniel asd Vasarhelyi PGP key avaible at http://asd.musichello.com/gpg-pub.key and public keyservers Key fingerprint = EA00 AF4D A83C 1122 0967 DDF5 27BC 390F 181F 9954

Re: spam

be unnecessary too: spammers use non-existing mailbox names and if you generate an automaticed reply, your mailbox get's filled with Mail Deliverity Errors. In the other side, in this case sender gets a report message, lowering the risk you miss something important. Daniel -- Daniel asd

Re: Where to install the firewall scripts

Putting it into /etc/rc.boot will not harm the system. I think it's the best place to put the script, it's ran before entering runlevel-2 which sets up network interfaces. asd -- Daniel asd Vasarhelyi PGP key avaible at http://asd.musichello.com/gpg-pub.key and public keyservers Key fingerprint

A new Banner for the new Year

Please accept this new banner that I created with Gimp and a Woody system. Its a small token of my appreciation to all my mentors at Debian Security. Sincerely Yours, Daniel J. Rychlik Debian GNU/Linux Advocate attachment: debian-banner2.jpg

Gaim remote overflows (12x)

Debian versions of gaim patched? http://security.e-matters.de/advisories/012004.html -- Daniel van Eeden [EMAIL PROTECTED] http://compukid.no-ip.org/ jabber: [EMAIL PROTECTED] aim: Compukid128 icq: 36952189

Re: Gaim remote overflows (12x)

How about the stable version? On Tue, 2004-01-27 at 19:55, Adam D. Barratt wrote: On Tue, 2004-01-27 at 18:40, Daniel van Eeden wrote: Debian versions of gaim patched? http://security.e-matters.de/advisories/012004.html gaim 0.75-2 was uploaded a couple of hours ago. Changes: gaim

Fwd: Re: Gaim remote overflows (12x)

-Forwarded Message- From: Martin Schulze [EMAIL PROTECTED] To: Daniel van Eeden [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Gaim remote overflows (12x) Date: Tue, 27 Jan 2004 19:58:22 +0100 Daniel van Eeden wrote: Are the debian versions already patched? http

phpix remote root exploit

Someone used this bug to attack my system... My advice to all phpix users...chmod 700 /var/www/phpix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=229794 Daniel van Eeden [EMAIL PROTECTED]

Re: phpix remote root exploit

You're right...not a root exploit. (but this exploit will make all local root exploits act like remote root exploits) Today I had a MyDoom breakfast, for lunch 12 gaim overflows and for dinner a delicous phpix unsafe inclusion. Anybody suggestions for the dessert? Daniel van Eeden [EMAIL

phpix bug 229794 security patch

It's not the most beatiful patch. (die is evil) but it seems to work. Is it secure enough? Daniel van Eeden [EMAIL PROTECTED] Common subdirectories: phpix-2.0.2.orig/albums and phpix-2.0.2/albums Only in phpix-2.0.2: build-stamp Common subdirectories: phpix-2.0.2.orig/CVS and phpix-2.0.2/CVS

Re: phpix bug 229794 security patch

: security_error.php) kind of thing? -- Daniel van Eeden [EMAIL PROTECTED] http://compukid.no-ip.org/ jabber: [EMAIL PROTECTED] aim: Compukid128 icq: 36952189

Bug#337624: All local users can view the webcalendar password from the debconf info

Package: webcalendar Version: 0.9.45-7 Severity: normal -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Every local user can view the password with this command: debconf-get-selections | grep webcalendar/conf/db_password The passwords for cacti and slapd are properly hidden, so this is probaly

radvd setuid dir?

Why is /var/run/radvd setuid radvd? The exact permissions of /var/run/radvd on my debian sid system: drwsr-xr-x 2 radvd root 27 Nov 21 22:31 radvd Cheers, Daniel van Eeden [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble

This is an very serious bug

This bug really should have critical or release-critical as severity level. It almost caused an production box with debian sarge to break. (/var filesystem full) I verified this bug on stable and sid. As this is an DOS attack. Regards, Daniel van Eeden -- To UNSUBSCRIBE, email to [EMAIL

Re: Security Debian Questions

George, You could try booting from an debian install cd/dvd and choosing the rescue option. Then you'll have to chroot into you installation and fix the mountpoints. But this is a work-around, it shouldn't be so hard to do. Cheers, Daniel On Fri, 2007-04-20 at 20:30 -0500, George P Boutwell

Re: security idea - bootable CD to check your system

-only security. [1] http://packages.debian.org/stable/admin/debsums Cheers, Daniel van Eeden On Sun, 2007-06-24 at 15:23 +0100, andy baxter wrote: hello, I am writing to ask what you think of the following idea? Something that I would like to see is a bootable CDROM which can check all

Re: [SECURITY] [DSA-2010-1] New kvm packages fix several vulnerabilities

Hi Debian Security folks-- On 03/10/2010 01:18 PM, dann frazier wrote: Debian Security Advisory DSA-2010 secur...@debian.org http://www.debian.org/security/ Dann Frazier March 10,

<    1   2   3   4   5   >