What surprises me here is OpenSSH. It's not supposed to use OpenSSL but
Debian update process suggests to restart it after updating OpenSSL to a
fixed version. Is it an overkill on their part? It might confuse admins.
adam@proxy ~ $ ldd /usr/sbin/sshd
linux-vdso.so.1 (0x7fffb068e000)
On Wednesday 09 Apr 2014 09:49:40 I wrote:
On Tuesday 08 Apr 2014 18:25:34 Tom Wijsman wrote:
On Tue, 08 Apr 2014 15:25:31 +0100
Peter Humphrey pe...@prh.myzen.co.uk wrote:
I just wanted to save some time and confusion for anyone wanting to
dip a toe into the muddy snort waters.
On 04/10/2014 05:03 PM, Adam Carter wrote:
What surprises me here is OpenSSH. It's not supposed to use OpenSSL
but Debian update process suggests to restart it after updating
OpenSSL to a fixed version. Is it an overkill on their part? It
might confuse admins.
adam@proxy
Am Wed, 9 Apr 2014 18:06:35 -0600
schrieb Joseph syscon...@gmail.com:
Is gentoo effected by this new 'Heartbleed' bug?
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
cryptographic software library
http://heartbleed.com/
Just FYI: security issues such as this
On Thu, Apr 10, 2014 at 05:53:44PM +0800, J?n Zahornadsk? wrote:
On 04/10/2014 05:03 PM, Adam Carter wrote:
What surprises me here is OpenSSH. It's not supposed to use OpenSSL
but Debian update process suggests to restart it after updating
OpenSSL to a fixed version. Is it an
On Thu, Apr 10, 2014 at 4:22 PM, Matthew Finkel
matthew.fin...@gmail.com wrote:
On Thu, Apr 10, 2014 at 05:53:44PM +0800, J?n Zahornadsk? wrote:
On 04/10/2014 05:03 PM, Adam Carter wrote:
What surprises me here is OpenSSH. It's not supposed to use OpenSSL
but Debian update process
The Heartbleed bug is in the Heartbeat function of TSL (a second keep
alive). OpenSSL does not use TLS for transport security, it uses its
own Protokoll for security.
2014-04-10 12:51 GMT+02:00 Nilesh Govindrajan m...@nileshgr.com:
On Thu, Apr 10, 2014 at 4:22 PM, Matthew Finkel
Exactly, OpenSSH depends on OpenSSL, but should never use the buggy code.
Some details in the answer here:
http://superuser.com/questions/739349/does-heartbleed-affect-ssh-keys
On 04/10/2014 07:00 PM, Randolph Maaßen wrote:
The Heartbleed bug is in the Heartbeat function of TSL (a second keep
On Thu, 10 Apr 2014 10:52:21 +, Matthew Finkel wrote:
Right. heartbleed does not directly affect openssh, but openssh uses
openssl and it's good practice to keep the shared libraries on-disk and
the shared libraries in-memory in sync.
The easiest way to do that is with
Hi all,
I rarely do this (I know, I should do it periodically at least), so I'd
like someone to check these...
These are the packages that would be unmerged:
dev-python/python-exec
selected: 1.1 1.2
protected: none
omitted: none
perl-core/ExtUtils-Command
On Apr 10, 2014 4:48 PM, Tanstaafl tansta...@libertytrek.org wrote:
Hi all,
I rarely do this (I know, I should do it periodically at least), so I'd
like someone to check these...
These are the packages that would be unmerged:
dev-python/python-exec
selected: 1.1 1.2
On 10/04/2014 13:16, Tanstaafl wrote:
Hi all,
I rarely do this (I know, I should do it periodically at least), so I'd
like someone to check these...
These are the packages that would be unmerged:
dev-python/python-exec
selected: 1.1 1.2
protected: none
omitted:
On Thu, 10 Apr 2014 16:51:39 +0530
Nilesh Govindrajan m...@nileshgr.com wrote:
seems alright except virtual/init
That is a virtual that is no longer used, it is thus safe to remove.
--
With kind regards,
Tom Wijsman (TomWij)
Gentoo Developer
E-mail address : tom...@gentoo.org
GPG Public
On 4/10/2014 7:21 AM, Alan McKinnon alan.mckin...@gmail.com wrote:
Everything else in that list is routine except maybe pciutils and gpm.
Add them to world manually if you use those apps
Thanks Alan/Tom...
Hmmm... what is pciutils used for? From a little googling, it seems like
it is a tool
On Thu, Apr 10, 2014 at 9:26 AM, Tanstaafl tansta...@libertytrek.org wrote:
Hmmm... what is pciutils used for? From a little googling, it seems like it
is a tool that I would manually have to use, not something required by the
system itself for anything that happens automatically (ie, at boot
On 10/04/2014 15:26, Tanstaafl wrote:
On 4/10/2014 7:21 AM, Alan McKinnon alan.mckin...@gmail.com wrote:
Everything else in that list is routine except maybe pciutils and gpm.
Add them to world manually if you use those apps
Thanks Alan/Tom...
Hmmm... what is pciutils used for? From a
I use msmtp for outgoing mail, and plan to continue to do so.
However, I need to temporarily set up an SMTP server to accept
incoming mail from the Internet for local users. It is not going to
handle sending of email, and I need it _not_ to install something as
/usr/bin/sendmail (that's already
Am 10.04.2014 17:32, schrieb Grant Edwards:
I use msmtp for outgoing mail, and plan to continue to do so.
However, I need to temporarily set up an SMTP server to accept
incoming mail from the Internet for local users. It is not going to
handle sending of email, and I need it _not_ to install
On Thursday 10 Apr 2014 17:41:05 Volker Armin Hemmann wrote:
well, IMHO postfix is pretty easy to setup up. While sendmail is a
complete nightmare.
I've just about got it set up here, so it can't be too hard.
Eximqmail - never touched those.
Are they even still maintained?
--
Regards
On 2014-04-10, Peter Humphrey pe...@prh.myzen.co.uk wrote:
On Thursday 10 Apr 2014 17:41:05 Volker Armin Hemmann wrote:
well, IMHO postfix is pretty easy to setup up. While sendmail is a
complete nightmare.
I've just about got it set up here, so it can't be too hard.
Eximqmail - never
Grant Edwards:
On 2014-04-10, Peter Humphrey pe...@prh.myzen.co.uk wrote:
On Thursday 10 Apr 2014 17:41:05 Volker Armin Hemmann wrote:
well, IMHO postfix is pretty easy to setup up. While sendmail is a
complete nightmare.
I've just about got it set up here, so it can't be too hard.
On Thu, Apr 10, 2014 at 08:09:48PM +, Grant Edwards wrote:
qmail hasn't been touched since 2007, so it seems to be abandoned.
That's somewhat of an exaggeration. qmail has been public domain since
2007, and its core hadn't been touched for about a decade before that.
Due to the way the
On 10/04/2014 17:41, Volker Armin Hemmann wrote:
Am 10.04.2014 17:32, schrieb Grant Edwards:
I use msmtp for outgoing mail, and plan to continue to do so.
However, I need to temporarily set up an SMTP server to accept
incoming mail from the Internet for local users. It is not going to
I would say postfix for sure.
On 10 April 2014 16:52, Alan McKinnon alan.mckin...@gmail.com wrote:
On 10/04/2014 17:41, Volker Armin Hemmann wrote:
Am 10.04.2014 17:32, schrieb Grant Edwards:
I use msmtp for outgoing mail, and plan to continue to do so.
However, I need to temporarily
On 04/09/2014 05:06 PM, Joseph wrote:
Is gentoo effected by this new 'Heartbleed' bug?
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
cryptographic software library
http://heartbleed.com/
This topic was discussed in my favorite podcast, http://twit.tv/sn
Steve
On 11/04/2014 00:55, walt wrote:
On 04/09/2014 05:06 PM, Joseph wrote:
Is gentoo effected by this new 'Heartbleed' bug?
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
cryptographic software library
http://heartbleed.com/
This topic was discussed in my favorite
On Thu, Apr 10, 2014 at 03:55:47PM -0700, walt wrote:
On 04/09/2014 05:06 PM, Joseph wrote:
Is gentoo effected by this new 'Heartbleed' bug?
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
cryptographic software library
http://heartbleed.com/
This topic
On 4/10/2014 6:59 PM, Alan McKinnon wrote:
Steve Gibson explained that the heartbeat feature was introduced in openssl to
allow *UDP* connections to mimic the 'keepalive' function of the TCP protocol.
IIRC Steve didn't explain how UDP bugs can compromise TCP connections.
Anyone here really
Hi,
On 04/11/2014 12:55 AM, walt wrote:
Steve Gibson explained that the heartbeat feature was introduced in openssl to
allow *UDP* connections to mimic the 'keepalive' function of the TCP protocol.
IIRC Steve didn't explain how UDP bugs can compromise TCP connections.
Anyone here really
29 matches
Mail list logo
