-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5716-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
June 19, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5710-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
June 14, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5701-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
May 31, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5697-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
May 24, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5696-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
May 22, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5694-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
May 17, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5689-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
May 15, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5687-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
May 10, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5683-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
May 08, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5676-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
May 02, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5675-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
April 26, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5668-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
April 20, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5656-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
April 11, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5654-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
April 03, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5648-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
March 28, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5639-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
March 13, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5636-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
March 06, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5634-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
February 28, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5629-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
February 23, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5617-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
February 08, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5612-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
February 01, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5607-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
January 24, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5602-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
January 17, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5598-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
January 10, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5595-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
January 04, 2024
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5585-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
December 21, 2023
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5577-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
December 13, 2023
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5573-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
December 09, 2023
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5569-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
November 30, 2023
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5556-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
November 15, 2023
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5551-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
November 09, 2023
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5546-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
November 02, 2023
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-5536-1 secur...@debian.org
https://www.debian.org/security/ Andres Salomon
October 26, 2023
On Mon, 2004-07-26 at 14:37 -0400, John Richard Moser wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andres Salomon wrote:
| On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote:
|
[...]
Did some digging. pipacs said that PAGEEXEC force-enables the 'disable
vsyscall
On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm interested in discussing the viability of PaX on Debian. I'd like
to discuss the changes to the base system that would be made, the costs
in terms of overhead and compatibility,
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=155529repeatmerged=yes
On Thu, Aug 08, 2002 at 09:31:00PM -0400, Anthony DeRobertis wrote:
http://online.securityfocus.com/archive/1/286087/2002-07-30/2002-08-05/0
I haven't seen anything about this from Debian. They site GNU libc
2.2.5 as
I've crontabbed `DEBIAN_FRONTEND=noninteractive apt-get -q
dist-upgrade`. I've not yet had any problems w/ it; debconf questions
should use the default, and config files should not be overwritten. Of
course, this is w/ stable; I wouldn't trust this w/ testing/unstable.
On Thu, Aug 01, 2002
debian-security-announce sounds like the list you want.
On Sat, Mar 16, 2002 at 11:43:41PM +0530, Sandip Bhattacharya wrote:
Pardon my ignorance, but I was under the impression that this list is only
about official Security Announcements for Debian(DSA), and not a general
discussion on
debian-security-announce sounds like the list you want.
On Sat, Mar 16, 2002 at 11:43:41PM +0530, Sandip Bhattacharya wrote:
Pardon my ignorance, but I was under the impression that this list is only
about official Security Announcements for Debian(DSA), and not a general
discussion on
Take a look at the St. Jude kernel module/model paper on sourceforge. I
haven't gotten the module to do anything other than hang the box (under
2.4), but the paper itself is interesting, and along the lines of what
you want. Essentially, privileged processes have certain syscalls
watched
Take a look at the St. Jude kernel module/model paper on sourceforge. I
haven't gotten the module to do anything other than hang the box (under
2.4), but the paper itself is interesting, and along the lines of what
you want. Essentially, privileged processes have certain syscalls
watched
argh, this sounds like the sort of thing that would've been useful
when i set up rsync on our company backup machine (as opposed to writing
a small shell that chrooted and ran rsync).
it doesn't appear to be in debian unstable; apt-cache shows no third
party module for it, and it's most
argh, this sounds like the sort of thing that would've been useful
when i set up rsync on our company backup machine (as opposed to writing
a small shell that chrooted and ran rsync).
it doesn't appear to be in debian unstable; apt-cache shows no third
party module for it, and it's most
I looked into it a while ago; at the time, I was using 2.4, and it
hadn't yet been ported (and I didn't have the time to do it). The paper
certainly was interesting, though. Cylant ran a contest a while back,
with a commercial product that sounded very similar to the St. Jude
model (plus a few
I looked into it a while ago; at the time, I was using 2.4, and it
hadn't yet been ported (and I didn't have the time to do it). The paper
certainly was interesting, though. Cylant ran a contest a while back,
with a commercial product that sounded very similar to the St. Jude
model (plus a few
this as a remote exploit.
On Tue, Sep 18, 2001 at 05:01:59PM -0400, Aaron M. Ucko wrote:
Andres Salomon [EMAIL PROTECTED] writes:
How is this a remote exploit?
If I know somebody uses most as a pager for mail, I can send him or
her a specially-formatted message which will do various nasty
at 04:24:05PM -0700, Micah Anderson wrote:
Not all mutt users use vi, as a pager I use most, as an editor I use
jed. These things can be configured.
On Tue, 18 Sep 2001, Andres Salomon wrote:
Aside from the fact that it's a pretty big IF; I'm not aware of too many
mail clients
this as a remote exploit.
On Tue, Sep 18, 2001 at 05:01:59PM -0400, Aaron M. Ucko wrote:
Andres Salomon [EMAIL PROTECTED] writes:
How is this a remote exploit?
If I know somebody uses most as a pager for mail, I can send him or
her a specially-formatted message which will do various nasty
at 04:24:05PM -0700, Micah Anderson wrote:
Not all mutt users use vi, as a pager I use most, as an editor I use
jed. These things can be configured.
On Tue, 18 Sep 2001, Andres Salomon wrote:
Aside from the fact that it's a pretty big IF; I'm not aware of too many
mail clients that use
ippl is also quite helpful. http://pltplp.net/ippl/.
On Wed, Aug 15, 2001 at 09:59:27AM +0200, J?rgen Persson wrote:
[...]
How can I find out, from where this attack is originating? Must I increase
the verbositiy level of sshd to achieve this?
sshd might be able to do it. I'm logging
On Tue, Jul 10, 2001 at 09:05:18AM -0400, Jason Healy wrote:
At 994738826s since epoch (07/10/01 02:20:26 -0400 UTC), Micah Anderson wrote:
These both seem like excellent practices, for the clueless in all of us -
can someone describe how this is done for sudo? How do you configure PAM to
As far as trusting their password choices, I'm not too worried about
password guessing attacks; if an admin gets a password past pam_cracklib.so
(without overriding it as root), I have doubts that someone's going to
guess the password. Admins using the same password for multiple accounts
is
As far as trusting their password choices, I'm not too worried about
password guessing attacks; if an admin gets a password past pam_cracklib.so
(without overriding it as root), I have doubts that someone's going to
guess the password. Admins using the same password for multiple accounts
is
This is completely off-topic at this point, but there are a few uses
of sudo. The original poster trusts his admins, and wants to give
them all root privs without the hassle of having them all use one
account. Sudo is not enforcing anything in this case, it is merely
a) allowing convenience by
This is completely off-topic at this point, but there are a few uses
of sudo. The original poster trusts his admins, and wants to give
them all root privs without the hassle of having them all use one
account. Sudo is not enforcing anything in this case, it is merely
a) allowing convenience by
A few quick searches on google turned up some rather interesting
kernel patches...
sockfs:
http://users.ox.ac.uk/~mbeattie/linux-kernel.html
I'm not quite sure what to make of this. Very interesting, but
I can't imagine having 1024 numbers/socket representations in a
directory is the best way to
Perhaps I'm misunderstanding your proposition, but how is this different
than, say, having inetd listen on ports below 1024, and then
forking/changing to a different user once a connection is made to the port?
[root@incandescent drive2]# echo finger stream tcp nowait nobody /usr/bin/id
Perhaps I'm misunderstanding your proposition, but how is this different
than, say, having inetd listen on ports below 1024, and then
forking/changing to a different user once a connection is made to the port?
[EMAIL PROTECTED] drive2]# echo finger stream tcp nowait nobody /usr/bin/id
On Tue, May 01, 2001 at 10:11:45AM +, Adam Olsen wrote:
On Tue, May 01, 2001 at 05:48:54AM -0400, Andres Salomon wrote:
Perhaps I'm misunderstanding your proposition, but how is this different
than, say, having inetd listen on ports below 1024, and then
forking/changing to a different
On Tue, May 01, 2001 at 11:25:49AM +0100, Tim Haynes wrote:
Andres Salomon [EMAIL PROTECTED] writes:
Perhaps I'm misunderstanding your proposition, but how is this different
than, say, having inetd listen on ports below 1024, and then
forking/changing to a different user once
On Fri, Apr 06, 2001 at 10:55:52AM -0300, H?lio Alexandre Lopes Loureiro wrote:
Verify if your "/etc/syslog.conf" is right:
kern.*tab -/var/log/kern.log
They are, in fact, tabs. Actually, the syslog.conf file is the one
that came w/ debian's sysklogd package; i haven't
This is a fairly common error w/ 2.4.x. Actually, error is the wrong
word; more like warning. The only reason you're seeing it is because
TCP_DEBUG is defined. If it's annoying, you can undefine it in
linux/include/net/tcp.h.
On Fri, Apr 06, 2001 at 12:03:40PM -0400, Noah L. Meyerhans
Ugh. Why did my apt-get dist-upgrades not mention or grab this package?
Btw, now that's it's installed, it's logging correctly..
On Fri, Apr 06, 2001 at 02:26:31PM -0500, Nathan E Norman wrote:
X-Mailing-List: [EMAIL PROTECTED] archive/latest/2255
Resent-Sender: [EMAIL PROTECTED]
This is a fairly common error w/ 2.4.x. Actually, error is the wrong
word; more like warning. The only reason you're seeing it is because
TCP_DEBUG is defined. If it's annoying, you can undefine it in
linux/include/net/tcp.h.
On Fri, Apr 06, 2001 at 12:03:40PM -0400, Noah L. Meyerhans
Ugh. Why did my apt-get dist-upgrades not mention or grab this package?
Btw, now that's it's installed, it's logging correctly..
On Fri, Apr 06, 2001 at 02:26:31PM -0500, Nathan E Norman wrote:
X-Mailing-List: debian-security@lists.debian.org archive/latest/2255
Resent-Sender: [EMAIL
Check out
http://members.nbci.com/dsinet/network-sniffers/interface-promiscuity-obscurity.txt
The only other thing I can think of is, something (or someone) is resetting
interface flags (not even sure if that's still possible, the article's from
'98),
or there's some subtle bug in the nic's
On Fri, Mar 16, 2001 at 10:27:23PM -0600, JonesMB wrote:
Hi, Are you sure that this machine wasn't compromised ???
this line made me wonder about what the correct output of ifconfig should
be. I assume that if I am not listening on the port, the PROMISC entry
should not be reported in
Check out
http://members.nbci.com/dsinet/network-sniffers/interface-promiscuity-obscurity.txt
The only other thing I can think of is, something (or someone) is resetting
interface flags (not even sure if that's still possible, the article's from '98),
or there's some subtle bug in the nic's
On Fri, Mar 16, 2001 at 09:04:47PM -0500, S.Salman Ahmed wrote:
marlonsj == marlonsj iso-8859-1 writes:
marlonsj Hi, Are you sure that this machine wasn't compromised ???
marlonsj
Absolutely.
I get the same behaviour from ifconfig on another sid machine (this one
is behind
On Fri, Mar 16, 2001 at 10:27:23PM -0600, JonesMB wrote:
Hi, Are you sure that this machine wasn't compromised ???
this line made me wonder about what the correct output of ifconfig should
be. I assume that if I am not listening on the port, the PROMISC entry
should not be reported in
This rather disturbs me, since I depend on sudo far too much..
- Forwarded message from Gossi The Dog [EMAIL PROTECTED] -
Delivered-To: [EMAIL PROTECTED]
Approved-By: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Delivered-To: bugtraq@securityfocus.com
Date: Fri, 23 Feb 2001
try it w/ traceroute. lotsa fun, and it works
on mandrake, too.
things like this make me glad i don't have to deal w/ untrusted
customers that have shell access...
ii traceroute 1.4a8-1Traces the route taken by packets over a TCP
On Mon, Jan 08, 2001 at 11:13:49AM -0700, Kevin
Ooops. Mandrake cooker, and Debian unstable. In other words: glibc2.2
systems. glibc 2.1's resolver (/lib/libnss_db.so.2) appears unaffected.
This is why some of you aren't seeing it.
ii libc6 2.2-6 GNU C Library: Shared libraries and Timezone
On Thu, Dec 28, 2000 at 04:46:00PM -0800, Joe Buck wrote:
Notice that security holes fall into classes? One category of hole
should be easy to eliminate from Debian by instituting a code auditing
requirement. I'm referring to insecure creation of temporary files,
allowing for symlink
On Wed, Dec 13, 2000 at 10:23:12AM -0800, Alex Swavely wrote:
I think the point here is that the user WILL NOT read such documentation 90%
of the time, regardless (which is why the RTFM Coffee Mug over at thinkgeek
is so popular).
this is exactly why i think something like this would be
I believe he was talking about a hardening script, which would
imply some sort of automated script that removes setuid bits,
permissions, etc, throughout the filesystem. To this end, I agree
with Wichert; it's not needed in debian. Very few binaries are
setuid root, and permissions are
On Tue, Dec 12, 2000 at 07:27:32PM -0500, S.Salman Ahmed wrote:
"AS" == Andres Salomon [EMAIL PROTECTED] writes:
AS
AS The HOWTO, on the other hand, falls under the category of
AS know-what-you're-doing-and-do-it-safely. About the only things
AS I can see
On Tue, Dec 12, 2000 at 08:41:30PM -0500, S.Salman Ahmed wrote:
"AS" == Andres Salomon [EMAIL PROTECTED] writes:
AS Oh, I totally agree; this would have to be on a per-package
AS basis, however. Hence, it would rely on each maintainers
AS willingness to do so. F
I believe he was talking about a hardening script, which would
imply some sort of automated script that removes setuid bits,
permissions, etc, throughout the filesystem. To this end, I agree
with Wichert; it's not needed in debian. Very few binaries are
setuid root, and permissions are generally
On Tue, Dec 12, 2000 at 07:27:32PM -0500, S.Salman Ahmed wrote:
AS == Andres Salomon [EMAIL PROTECTED] writes:
AS
AS The HOWTO, on the other hand, falls under the category of
AS know-what-you're-doing-and-do-it-safely. About the only things
AS I can see being put
On Tue, Dec 12, 2000 at 08:41:30PM -0500, S.Salman Ahmed wrote:
AS == Andres Salomon [EMAIL PROTECTED] writes:
AS Oh, I totally agree; this would have to be on a per-package
AS basis, however. Hence, it would rely on each maintainers
AS willingness to do so. For example
On Fri, Nov 17, 2000 at 03:46:19AM -0900, Ethan Benson wrote:
On Fri, Nov 17, 2000 at 12:36:54PM +, thomas lakofski wrote:
fyi -- i've not tried it.
i have, it does not work, i tried several different variations and
failed to create any files in /var/spool/cron.
i do not believe
82 matches
Mail list logo