Le Wed, 09 Jul 2008 15:31:30 -0400,
Mike Tancsa [EMAIL PROTECTED] a écrit :
Without the module loaded, I can do something simple like
# sh s
# cat s
MEOUTSIDE=64.x.x.x
MEINSIDE=192.168.5.0/24
REMOTEOUTSIDE=64.y.y.y
REMOTEINSIDE=192.168.1.0/24
IPSECKEY=zxzpprlNH61N11SGfrCa8dxZ
Hello,
we have been bitten by something that obvoiusly
is a feature, not a bug, but I do not quite understand
the intentions and reasoning behind it.
I have a host with manual interface and resolver configuration
and an additional interface that should get it's IP address
via DHCP. But only it's
Hi,
shouldn't there be a very urgent BIND update somewhere around? I
understand the latest flaw doesn't impact system security directly.
Nevertheless, it might impact the security of the whole network
indirectly.
- Olli
--
| Oliver Brandmueller | Offenbacher Str. 1 | Germany D-14197
On 2008-Jul-10 11:40:06 +0200, Oliver Brandmueller [EMAIL PROTECTED] wrote:
shouldn't there be a very urgent BIND update somewhere around?
There has been a very long thread about this in -security. Leaving
out the trolls and flaming, the salient points are:
- The bind port has been updated to
On Thu, Jul 10, 2008 at 07:44:51PM +1000, Peter Jeremy wrote:
On 2008-Jul-10 11:40:06 +0200, Oliver Brandmueller [EMAIL PROTECTED] wrote:
shouldn't there be a very urgent BIND update somewhere around?
There has been a very long thread about this in -security. Leaving
out the trolls and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeremy Chadwick wrote:
| On Thu, Jul 10, 2008 at 07:44:51PM +1000, Peter Jeremy wrote:
| On 2008-Jul-10 11:40:06 +0200, Oliver Brandmueller [EMAIL PROTECTED] wrote:
| shouldn't there be a very urgent BIND update somewhere around?
| There has been a
Hi,
On Thu, Jul 10, 2008 at 07:44:51PM +1000, Peter Jeremy wrote:
On 2008-Jul-10 11:40:06 +0200, Oliver Brandmueller [EMAIL PROTECTED] wrote:
shouldn't there be a very urgent BIND update somewhere around?
There has been a very long thread about this in -security. Leaving
out the trolls and
Hi,
On Thu, Jul 10, 2008 at 03:17:26AM -0700, Xin LI wrote:
Speaking as my own: Base system needs more conservative QA process,
e.g. we want to minimize the change, we need to analyst the impact
(FWIW the security fix would negatively affect heavy traffic sites)
and document it (i.e. the
Xin LI wrote:
Speaking as my own: Base system needs more conservative QA process, e.g.
...
rushing into a presumably patched state would not be a very good
solution.
I second this opinion. When there is hype all over the net about a new
vulnerability, it is too easy to allow ill-considered
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andrew Snow wrote:
| Xin LI wrote:
| Speaking as my own: Base system needs more conservative QA process, e.g.
| ...
| rushing into a presumably patched state would not be a very good
| solution.
|
| I second this opinion. When there is hype all over
Le Wed, 09 Jul 2008 15:31:30 -0400,
Mike Tancsa [EMAIL PROTECTED] a écrit :
Without the module loaded, I can do something simple like
glxsb0: detached
glxsb0: AMD Geode LX Security Block
(AES-128-CBC,RNG) mem 0xa000-0xa0003fff irq 10 at device 1.2 on
pci0 # sh s
The result of line 1:
At 07:09 AM 7/10/2008, Patrick Lamaizière wrote:
I've found, i think. The Geode handles only AES with a 128 bits key.
When setkey/ipsec opens a crypto session, the driver returns an error
(EINVAL) if the key length is != 128. So setkey fails.
There is no way to tell to the crypto framework
On Thu, Jul 10, 2008 at 12:25:33PM +0200, Oliver Brandmueller wrote:
OK, thanx for clarification. I totally overlooked the updated bind port;
anyhow, I use base system bind and didn't plan to change that (although
it might me a good idea, as this situation clearly shows).
You can always use
On Thu, Jul 10, 2008 at 12:29:55PM +0200, Oliver Brandmueller wrote:
Hi,
On Thu, Jul 10, 2008 at 03:17:26AM -0700, Xin LI wrote:
Speaking as my own: Base system needs more conservative QA process,
e.g. we want to minimize the change, we need to analyst the impact
(FWIW the security fix
On Thu, Jul 10, 2008 at 12:25:33PM +0200, Oliver Brandmueller wrote:
OK, thanx for clarification. I totally overlooked the updated bind port;
anyhow, I use base system bind and didn't plan to change that (although
it might me a good idea, as this situation clearly shows).
You can
On Thu, Jul 10, 2008 at 10:03:24AM -0400, Tuc at T-B-O-H.NET wrote:
On Thu, Jul 10, 2008 at 12:25:33PM +0200, Oliver Brandmueller wrote:
OK, thanx for clarification. I totally overlooked the updated bind port;
anyhow, I use base system bind and didn't plan to change that (although
it
Tuc at T-B-O-H.NET wrote:
On Thu, Jul 10, 2008 at 12:25:33PM +0200, Oliver Brandmueller wrote:
OK, thanx for clarification. I totally overlooked the updated bind port;
anyhow, I use base system bind and didn't plan to change that (although
it might me a good idea, as this situation
On Thu, Jul 10, 2008 at 10:03:24AM -0400, Tuc at T-B-O-H.NET wrote:
On Thu, Jul 10, 2008 at 12:25:33PM +0200, Oliver Brandmueller wrote:
OK, thanx for clarification. I totally overlooked the updated bind
port;
anyhow, I use base system bind and didn't plan to change that
At 06:29 AM 7/10/2008, Oliver Brandmueller wrote:
Hi,
On Thu, Jul 10, 2008 at 03:17:26AM -0700, Xin LI wrote:
Speaking as my own: Base system needs more conservative QA process,
e.g. we want to minimize the change, we need to analyst the impact
(FWIW the security fix would negatively affect
--On Wednesday, July 09, 2008 11:50:25 +0200 Ronald Klop
[EMAIL PROTECTED] wrote:
On Tue, 08 Jul 2008 20:27:26 +0200, Paul Schmehl [EMAIL PROTECTED]
wrote:
Ever since I upgraded this workstation to 7.0 STABLE, I have been unable
to reboot with my USB hard drive attached. During the boot
Given the serious nature of the vulnerability, I'm sure this is at the top of
someone's list. Do we have a scheduled release date yet?
--
Paul Schmehl
As if it wasn't already obvious,
my opinions are my own and not
those of my employer.
___
Given the serious nature of the vulnerability, I'm sure this is at the
top of
someone's list. Do we have a scheduled release date yet?
From -security :
Dear all,
Doug just updated the ports tree with the updated BIND ports. If you
urgently want to upgrade and really cannot wait for the
On Thu, Jul 10, 2008 at 12:09 PM, Paul Schmehl [EMAIL PROTECTED] wrote:
Given the serious nature of the vulnerability, I'm sure this is at the top
of someone's list. Do we have a scheduled release date yet?
See the thread BIND update?.
Scott
PS: please do not crosspost.
On Thu, Jul 10, 2008 at 10:52:35AM +0200, Patrick M. Hausen wrote:
Hello,
we have been bitten by something that obvoiusly
is a feature, not a bug, but I do not quite understand
the intentions and reasoning behind it.
I have a host with manual interface and resolver configuration
and an
On Thu, 10 Jul 2008 17:31:51 +0200, Paul Schmehl
[EMAIL PROTECTED] wrote:
--On Wednesday, July 09, 2008 11:50:25 +0200 Ronald Klop
[EMAIL PROTECTED] wrote:
On Tue, 08 Jul 2008 20:27:26 +0200, Paul Schmehl
[EMAIL PROTECTED]
wrote:
Ever since I upgraded this workstation to 7.0 STABLE, I
--On Thursday, July 10, 2008 21:47:17 +0200 Ronald Klop
[EMAIL PROTECTED] wrote:
On Thu, 10 Jul 2008 17:31:51 +0200, Paul Schmehl [EMAIL PROTECTED]
wrote:
--On Wednesday, July 09, 2008 11:50:25 +0200 Ronald Klop
[EMAIL PROTECTED] wrote:
On Tue, 08 Jul 2008 20:27:26 +0200, Paul Schmehl
Hello,
I'm attempting quad-boot my notebook with STABLE and CURRENT, both
i386 and AMD64. I installed them manually by booting from a thumb
drive, partitioning the hard disk and extracting the distributions
from ISO images that I had stored on an external hard drive. My disk
layout is as follows:
On Thu, Jul 10, 2008 at 8:09 PM, Carlos A. M. dos Santos
[EMAIL PROTECTED] wrote:
Hello,
I'm attempting quad-boot my notebook with STABLE and CURRENT, both
i386 and AMD64. I installed them manually by booting from a thumb
drive, partitioning the hard disk and extracting the distributions
On Thu, Jul 10, 2008 at 8:35 PM, Peter Wemm [EMAIL PROTECTED] wrote:
On Thu, Jul 10, 2008 at 8:09 PM, Carlos A. M. dos Santos
[EMAIL PROTECTED] wrote:
Hello,
I'm attempting quad-boot my notebook with STABLE and CURRENT, both
i386 and AMD64. I installed them manually by booting from a thumb
29 matches
Mail list logo