Re: Testers needed for dnsmasq update

2008-07-21 Thread Moritz Muehlenhoff
On 2008-07-16, Moritz Muehlenhoff [EMAIL PROTECTED] wrote: I have a Etch dnsmasq packages ready, which enable source port randomisation to counter the upcoming Kaminsky DNS attack. I need testers, though: http://people.debian.org/~jmm/dnsmasq/ contains packages for all eleven Debian release

Re: [SECURITY] [DSA 1612-1] New ruby1.8 packages fix several vulnerabilities

2008-07-21 Thread jpalm
Hello. I am on vacation and out of the office from July 20th to July 27th. If you need assistance with e-mail, web hosting, or technical support, please leave a message with Danny Beckett or Ray Brown at 616-301-1037. If you have any other questions or messages, please leave a detailed message

Re: Sarge, Bind9 (9.2.4-1sarge3) and DNS cache poisoning

2008-07-21 Thread Carlos Carvalho
Florian Weimer ([EMAIL PROTECTED]) wrote on 20 July 2008 22:07: * Vincent Deffontaines: If you run a Netfilter NAT firewall, you can use the source port NAT randomization feature of Netfilter. This feature is available in Linux vanilla kernel since 2.6.21.1 Thanks, very interesting.

Mass-updating cached hosts keys afrer ssh security upgrade?

2008-07-21 Thread JW
Hello, In the past several weeks I have applied the openssh/openssl updates to my systems - the updates the fix the random-number-generator weakness. This has turned into an unexpected nightmare: my users have, between them all, dozens of cached host keys, and they are nearly unable to work

Re: [SECURITY] [DSA 1612-1] New ruby1.8 packages fix several vulnerabilities

2008-07-21 Thread Nick Phillips
On 22/07/2008, at 5:29 AM, Moritz Muehlenhoff wrote: Stable updates are available for amd64, arm, hppa, i386, ia64, mipsel, s390 and sparc. No mention of powerpc? What's going on? - some of the binary packages from the ruby source package for ppc do seem to have made it into the security

Re: Mass-updating cached hosts keys afrer ssh security upgrade?

2008-07-21 Thread Michael Loftis
ssh-keyscan --On July 21, 2008 6:43:31 PM -0500 JW [EMAIL PROTECTED] wrote: Hello, In the past several weeks I have applied the openssh/openssl updates to my systems - the updates the fix the random-number-generator weakness. This has turned into an unexpected nightmare: my users have,

Re: Mass-updating cached hosts keys afrer ssh security upgrade?

2008-07-21 Thread Michael Stone
On Mon, Jul 21, 2008 at 06:43:31PM -0500, JW wrote: This has turned into an unexpected nightmare: my users have, between them all, dozens of cached host keys, and they are nearly unable to work because every time they turn around they're getting bad-old-cached-key warnings (REMOTE HOST

Re: Mass-updating cached hosts keys afrer ssh security upgrade?

2008-07-21 Thread Bernd Eckenfels
In article [EMAIL PROTECTED] you wrote: I've been trying to go through all the known_hosts files manually and update them to give my users a break, but it's a tedious nightmare. Adding to the complexity is that many of the known_hosts files are armored (the hostname/ip address is not in