> Jonas.
>
> On Sat, 9 May 2020, 01:22 Roman Medina-Heigl Hernandez,
> mailto:ro...@rs-labs.com>> wrote:
>
> Gracias Alberto. Now it's solved (it has been a little bit tricky).
>
> My final config:
>
> * /etc/imapd.conf
> tls_ciphers: T
:
> MinProtocol = None
> CipherString = DEFAULT
> To:
> /etc/ssl/openssl.cnf
>
> Regards,
>
> Alberto
>
> On Fri, May 08, 2020 at 09:07:31PM +0200, Roman Medina-Heigl Hernandez wrote:
>> Hi,
>>
>> I upgraded from Jessie to Buster (thru Stretch) and n
Hi,
I upgraded from Jessie to Buster (thru Stretch) and noticed that Cyrus
(imaps & pop3s) stopped negotiating TLS 1.0 and 1.1 protocols (I know
they're not recommended but I need them for older clients). I tried
several combinations of tls_ciphers and tls_versions in /etc/imapd.conf
(even very pe
El 19/02/2019 a las 17:44, Russ Allbery escribió:
> Roman Medina-Heigl Hernandez writes:
>
> So you cannot overwrite /home/synology/rsyncd.conf.
> Can the client just do:
>
> rsync rsyncd.conf :./
>
You're right, I was wrong. It's game over :)
> I think to
El 19/02/2019 a las 4:16, Russ Allbery escribió:
> Unfortunately, I took a closer look, and it turns out that this command
> was never safe. It also allows arbitrary code excution on the server
> side if the client can write to $HOME. This is because:
>
>--config=FILE
> This specif
El 18/02/2019 a las 18:27, Russ Allbery escribió:
> While I agree that using undocumented features of rsync is a little
> dubious, I'm also willing to include a fix to allow the specific command
> line "rsync --server --daemon " since (a) it seems to be safe, (b)
> looks easy enough to do, and (c)
Added Russ (rssh maintainer).
I cannot probe it but I guess chances are high that the issue is present
both in stable and oldstable (I cannot find a good reason to filter
different commands: solution should be the same or very similar) so I'm
still keeping debian-security in the loop.
PS: Thx Ho
Hi security-fellows,
I applied recent rssh security updates to Debian 8 (jessie) and I
noticed that it breaks Synology's "Hyper backup" tool (with rsync method).
The relevant log lines at my Debian server:
Feb 10 03:28:21 roman rssh[19985]: cmd 'rsync' approved
Feb 10 03:28:21 roman rssh[19985]:
Hi,
Someone working on a fixed .deb for this?
http://www.openwall.com/lists/oss-security/2018/03/17/2
--
Saludos,
-Román
Hello,
Have you seen this?
http://seclists.org/bugtraq/2009/Mar/0187.html
I'm wondering:
1) Is Alberto going to release updated (no official) packages?
(http://etc.inittab.org/~agi/debian/libapache-mod-security2)
2) When will mod-security be re-incorporated to Debian? ETA? I think
license issues
> in appliances, which act as SSL ends, inspecting all traffic, and
> generating on the fly SSL certificates... Of course, they are not
> cheap at all... (maybe around $20.000 each).
>
> Best regards,
>
> Jonas.
>
> On Dec 15, 2007 8:53 AM, Roman Medina-Heigl Hernand
; For Layer-7 filtering, you could check
>
> Application Layer Packet Classifier for Linux:
> http://l7-filter.sourceforge.net/
>
> Kernel Iptables Layer 7: http://l7-filter.sourceforge.net/HOWTO-kernel
>
>
>
> On Dec 14, 2007 6:53 PM, Roman Medina-Heigl Hernand
Willi Mann escribió:
>> I'm interested in a better authentication method than registering all
>> the MACs+IPs of all my users (which after all is just dust in the wind
>> ...) using my current hardware (16 servers, 1 for at least 250
>> clients). I was thinking about ppp based authentication but it
Hello,
The other day I updated my system (Debian Sid, with self-compiled 2.4
vanilla kernel + grsec patch) to latest packages, including glibc
2.3.5-6 and it got broken. Yes, it is a known issue:
http://forums.grsecurity.net/viewtopic.php?t=1152
http://lists.debian.org/debian-user/2005/08/msg00747
On Sat, 31 Jul 2004 21:53:25 -0700, you wrote:
>The Debian security team cannot monitor the mailing lists for every project
>in Debian: there are literally thousands. We rely on channels which are
>explicitly devoted to the dissemination of security announcements (e.g.,
>BUGTRAQ), and communicati
Hi all. Sorry for my late response. I'm on vacation. Comments inline.
On Thu, 22 Jul 2004 20:28:23 +0200 (CEST), you wrote:
>About security fixes in the SquirrelMail code; SquirrelMail does not (contrary to
>Roman's standpoint) adhere to a obscurity-policy but in stead openly discloses any
>se
Is there any official or non-official .deb package with a chrooted
apache distro? Any related project?
Thanks.
Saludos,
--Roman
--
PGP Fingerprint:
09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742
[Key ID: 0xEAD56742. Available at KeyServ]
Is there any official or non-official .deb package with a chrooted
apache distro? Any related project?
Thanks.
Saludos,
--Roman
--
PGP Fingerprint:
09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742
[Key ID: 0xEAD56742. Available at KeyServ]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
wi
04:35 -0500, you wrote:
>On Thu, Oct 30, 2003 at 07:58:50PM +0100, Roman Medina wrote:
>
>> On Thu, 30 Oct 2003 12:21:09 -0500, you wrote:
>> >> > Ask [EMAIL PROTECTED]
>> >
>> >See above.
>>
>> I'm not subscribed to debian-apache ne
04:35 -0500, you wrote:
>On Thu, Oct 30, 2003 at 07:58:50PM +0100, Roman Medina wrote:
>
>> On Thu, 30 Oct 2003 12:21:09 -0500, you wrote:
>> >> > Ask [EMAIL PROTECTED]
>> >
>> >See above.
>>
>> I'm not subscribed to debian-apache ne
On Thu, 30 Oct 2003 12:21:09 -0500, you wrote:
>On Thu, Oct 30, 2003 at 05:49:34PM +0100, [EMAIL PROTECTED] wrote:
>
>> It's a Woody 3.0 up-to-date machine. Are you sure Apache shipped on Debian
>> is actually secure? These segfaults scare me... it smells like
>> 0day-exploit...
>> >[...]
>> > Ask
On Thu, 30 Oct 2003 12:21:09 -0500, you wrote:
>On Thu, Oct 30, 2003 at 05:49:34PM +0100, [EMAIL PROTECTED] wrote:
>
>> It's a Woody 3.0 up-to-date machine. Are you sure Apache shipped on Debian
>> is actually secure? These segfaults scare me... it smells like
>> 0day-exploit...
>> >[...]
>> > Ask
22 matches
Mail list logo
