Re: I.S.C. bind9 openssl Security Advisory. [revised]

2006-11-03 Thread Kurt Roeckx
On Thu, Nov 02, 2006 at 11:33:49PM -0700, Scott Edwards wrote: > Does this affect sarge? bind9 in sarge is dynamicly linked to libssl0.9.7. Sarge has a fixed version of openssl. You only need to restart your daemon. The fixed version of libssl0.9.7 is 0.9.7e-3sarge4. Kurt -- To UNSUBSCRIBE

Re: [DSA 1205-1] New thttpd packages fix insecure temporary file creation

2006-11-03 Thread debian-security-announce-request
Your message was not posted to the debian-security-announce mailing list. It has instead been forwarded to the security team and the listmaster team. The debian-security-announce list is a moderated mailing list on which security-related announcements are made by the security team for Debian GNU/L

Re: ignored redirects

2006-11-03 Thread Stephen Gran
This one time, at band camp, martin f krafft said: > also sprach Stephen Gran <[EMAIL PROTECTED]> [2006.11.03.1246 +0100]: > > I see them at one installation at work. There, the gateway is > > 10.103.4.3 or something, but some machines have their gateway > > still set to the old router, 10.103.4.1

Re: ignored redirects

2006-11-03 Thread martin f krafft
also sprach Stephen Gran <[EMAIL PROTECTED]> [2006.11.03.1246 +0100]: > I see them at one installation at work. There, the gateway is > 10.103.4.3 or something, but some machines have their gateway > still set to the old router, 10.103.4.1. When packets arrive at > .1 for an internet site, .1 sen

Re: ignored redirects

2006-11-03 Thread Stephen Gran
This one time, at band camp, martin f krafft said: > also sprach Stephen Gran <[EMAIL PROTECTED]> [2006.11.03.1227 +0100]: > > > net.ipv4.conf.all.accept_redirects = 0 > > > > That looks like overkill, see below. > > Right, it may not be needed, but it's probably not overkill to > disable a fea

Re: ignored redirects

2006-11-03 Thread martin f krafft
also sprach Stephen Gran <[EMAIL PROTECTED]> [2006.11.03.1227 +0100]: > > net.ipv4.conf.all.accept_redirects = 0 > > That looks like overkill, see below. Right, it may not be needed, but it's probably not overkill to disable a feature, is it? :) I do the above on all my machines. > No. icmp r

Re: ignored redirects

2006-11-03 Thread Stephen Gran
This one time, at band camp, martin f krafft said: > I saw this in our firewall logs this morning for the first time: > > kernel: Redirect from 84.42.143.87 on wan about 84.42.143.1 ignored. > kernel: Advised path = 84.72.16.145 -> 62.24.70.39, tos 00 > > I am aware of ICMP redirects and that

ignored redirects

2006-11-03 Thread martin f krafft
I saw this in our firewall logs this morning for the first time: kernel: Redirect from 84.42.143.87 on wan about 84.42.143.1 ignored. kernel: Advised path = 84.72.16.145 -> 62.24.70.39, tos 00 I am aware of ICMP redirects and that they're generally to be ignored, so I do: net.ipv4.conf.all