[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Re: Full-Disclosure digest, Vol 1 #1950 - 4 msgs
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: [Full-Disclosure] Re: Full-Disclosure digest, Vol 1 #1950 - 4 msgs
- From: <chris_tang@xxxxxxxxxxxxx>
- Date: Wed, 06 Oct 2004 02:16:28 +0800 (HKT)
Hi,
Please be advised that my email has been changed to:
chriskftang@xxxxxxxxx
Please send all "full-disclosure" newsletters or related messages to
the above email address.
Thanx
Best Rgds,
Chris Tang
======================================================================
On Tue, 05 Oct 2004 12:00 , full-disclosure-request@xxxxxxxxxxxxxxxx sent:
>Send Full-Disclosure mailing list submissions to
> full-disclosure@xxxxxxxxxxxxxxxx
>
>To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.netsys.com/mailman/listinfo/full-disclosure
>or, via email, send a message with subject or body 'help' to
> full-disclosure-request@xxxxxxxxxxxxxxxx
>
>You can reach the person managing the list at
> full-disclosure-admin@xxxxxxxxxxxxxxxx
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Full-Disclosure digest..."
>
>
>Today's Topics:
>
> 1. [TURBOLINUX SECURITY INFO] 05/Oct/2004 (Turbolinux)
> 2. RE: Spyware installs with no interaction in IE on fully patched XP SP2
> box (Castigliola, Angelo)
> 3. SUSE Security Announcement: samba (SUSE-SA:2004:035) (Thomas Biege)
> 4. Paranid ramblings - what's the deal? Bounded variables aren't?
> (Clairmont, Jan M)
>
>--__--__--
>
>Message: 1
>Date: Tue, 5 Oct 2004 22:30:17 +0900
>From: Turbolinux security-announce@xxxxxxxxxxxxxxxx>
>Reply-To: server-users-e@xxxxxxxxxxxxxxxx
>To: security-announce@xxxxxxxxxxxxxxxx
>Subject: [Full-Disclosure] [TURBOLINUX SECURITY INFO] 05/Oct/2004
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>This is an announcement only email list for the x86 architecture.
>============================================================
>Turbolinux Security Announcement 05/Oct/2004
>============================================================
>
>The following page contains the security information of Turbolinux Inc.
>
> - Turbolinux Security Center
> http://www.turbolinux.com/security/
>
> (1) squid -> DoS vulnerability in squid
> (2) ImageMagick -> Multiple buffer overflow vulnerabilities in ImageMagick
>
>===========================================================
>* squid -> DoS vulnerability in squid
>===========================================================
>
> More information :
> Squid is a high-performance proxy caching server for web clients,
> supporting
> FTP, gopher, and HTTP data objects. Unlike traditional caching software,
> Squid handles all requests in a single, non-blocking, I/O-driven process.
>
> A vulnerability in the NTLM helpers in squid.
>
> Impact :
> The vulnerabilities allow remote attackers to cause a denial of service of
> sauid server services.
>
> Affected Products :
> - Turbolinux Appliance Server 1.0 Hosting Edition
> - Turbolinux Appliance Server 1.0 Workgroup Edition
> - Turbolinux 8 Server
> - Turbolinux 8 Workstation
> - Turbolinux 7 Server
> - Turbolinux 7 Workstation
>
> Solution :
> Please use the turbopkg (zabom) tool to apply the update.
> ---------------------------------------------
> [Turbolinux 10 Desktop, Turbolinux 10 F...]
> # zabom -u squid
>
> [other]
> # turbopkg
> or
> # zabom update squid
> ---------------------------------------------
>
>
>
>
> Source Packages
> Size : MD5
>
> squid-2.5.STABLE6-11.src.rpm
> 1538211 ff3e34c4b8c71d250f2781179ceec73a
>
> Binary Packages
> Size : MD5
>
> squid-2.5.STABLE6-11.i586.rpm
> 825195 85c3b583674e0ac0695c4cbf0404e586
>
>
>
> Source Packages
> Size : MD5
>
> squid-2.5.STABLE6-11.src.rpm
> 1538211 6b6d400ee15ee97ac6f7e98fbea26e50
>
> Binary Packages
> Size : MD5
>
> squid-2.5.STABLE6-11.i586.rpm
> 825663 bed921f91e657975cc6c72d2ea8f29d4
>
>
>
> Source Packages
> Size : MD5
>
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
> 1538211 b28eeeb88347c668fdb9938c4c1cd438
>
> Binary Packages
> Size : MD5
>
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
> 825370 335f0fe78cfb204c86ff5b05d12bfd34
>
>
>
> Source Packages
> Size : MD5
>
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
> 1538211 181d72c2668f72b6e50190f784421bed
>
> Binary Packages
> Size : MD5
>
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
> 825810 5e52e49f4be6e555f57b38ffb241c455
>
>
>
> Source Packages
> Size : MD5
>
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
> 1538211 45fd66fc13713b40beb996f664460f0e
>
> Binary Packages
> Size : MD5
>
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
> 829880 e2a6cf6b67a7c74249b23bce5a4adedf
>
>
>
> Source Packages
> Size : MD5
>
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/squid-2.5.STABLE6-11.src.rpm
> 1538211 191eab57b2adcecf91ceb4b34c94de09
>
> Binary Packages
> Size : MD5
>
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/squid-2.5.STABLE6-11.i586.rpm
> 830034 d6142042afcd410376e5a875c5436bc9
>
>
> Notice :
> After performing the update, it is necessary to restart the squid daemon.
> To do this, run the following command as user root.
> ---------------------------------------------
> # /etc/init.d/squid restart
> or
> # /etc/rc.d/init.d/squid restart
> ---------------------------------------------
>
> References:
>
> CVE
> [CAN-2004-0832]
> http://cve.mitre.org/cgi-bin/cvename.cgi\?name=CAN-2004-0832
>
>
>===========================================================
>* ImageMagick -> Multiple buffer overflow vulnerabilities in ImageMagick
>===========================================================
>
> More information :
> ImageMagick(TM) is an image display and manipulation tool for the X
> Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF and
> Photo CD image file formats.
>
> Multiple buffer overflow vulnerabilities in ImageMagick allowing remote
> attackers to execute arbitrary code via a malformed image or video file.
>
> Impact :
> These vulnerabilities may allow remote attackers to execute arbitrary
> code via a malformed image or video file in AVI or BMP formats.
>
> Affected Products :
> - Turbolinux 10 F...
> - Turbolinux 10 Desktop
> - Turbolinux 8 Server
> - Turbolinux 8 Workstation
> - Turbolinux 7 Server
> - Turbolinux 7 Workstation
>
> Solution :
> Please use the turbopkg (zabom) tool to apply the update.
> ---------------------------------------------
> [Turbolinux 10 Desktop, Turbolinux 10 F...]
> # zabom -u ImageMagick ImageMagick-devel
>
> [other]
> # turbopkg
> or
> # zabom update ImageMagick ImageMagick-devel
> ---------------------------------------------
>
>
>
>
> Source Packages
> Size : MD5
>
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/ImageMagick-5.5.7-5.src.rpm
> 5274681 6a9d3c1b208049830e7086b9aae75fe7
>
> Binary Packages
> Size : MD5
>
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-5.5.7-5.i586.rpm
> 2397224 dea16cf3ee2ce38381e3d2679ad8fa3c
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/ImageMagick-devel-5.5.7-5.i586.rpm
> 555804 840cc5d2ec79afd5cfdbf4223f625195
>
>
>
> Source Packages
> Size : MD5
>
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/ImageMagick-5.4.7-1.src.rpm
> 3614849 bb43185f084dd6e32f10694f35fb513d
>
> Binary Packages
> Size : MD5
>
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-5.4.7-2.i586.rpm
> 3207676 6839799de74d7439334a875a097b6049
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-c++-5.4.7-2.i586.rpm
> 1392173 d0af80e68a129fd41d301b7ec3469ff5
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-devel-5.4.7-2.i586.rpm
> 855821 be80bb2b23c8b87ab831bb99201b85c8
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/ImageMagick-perl-5.4.7-2.i586.rpm
> 60163 1281a234915115227a2bb2fa5071d6c7
>
>
>
> Source Packages
> Size : MD5
>
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/ImageMagick-5.4.3-3.src.rpm
> 3665019 ae1a64cf87ea0e6598ca147abd3349e4
>
> Binary Packages
> Size : MD5
>
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/ImageMagick-5.4.3-3.i586.rpm
> 3668565 d065de9b0d5a58b6393cc4805e0eb405
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/ImageMagick-devel-5.4.3-
3.i586.rpm
> 971835 df0dda9a20ad43b2a8b3ee7a5313f6a8
>
>
>
> Source Packages
> Size : MD5
>
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/ImageMagick-5.3.3-3.src.rpm
> 3656626 6197f1b2ff6d1a831d532a3fce210f94
>
> Binary Packages
> Size : MD5
>
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/ImageMagick-5.3.3-3.i586.rpm
> 3038600 0276001bdf52d75ab65dcac7ff4ebb49
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/ImageMagick-devel-5.3.3-3.i586.rpm
> 1267440 9e21404db4bf10a005a89f974fd8558e
>
>
>
> Source Packages
> Size : MD5
>
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/ImageMagick-5.3.3-3.src.rpm
> 3656626 084f8247af6313928f5dcdae20ed9713
>
> Binary Packages
> Size : MD5
>
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/ImageMagick-5.3.3-3.i586.rpm
> 3039080 e3ca8b73f9a5f6cbaf8a136d121fdebf
>
> ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/ImageMagick-devel-5.3.3-
3.i586.rpm
> 1267050 a3e0ef2ac5bd589f453f5ab529981fab
>
>
> References:
>
> CVE
> [CAN-2004-0827]
> http://cve.mitre.org/cgi-bin/cvename.cgi\?name=CAN-2004-0827
>
>
> * You may need to update the turbopkg tool before applying the update.
>Please refer to the following URL for detailed information.
>
> http://www.turbolinux.com/download/zabom.html
> http://www.turbolinux.com/download/zabomupdate.html
>
>Package Update Path
>http://www.turbolinux.com/update
>
>============================================================
> * To obtain the public key
>
>Here is the public key
>
> http://www.turbolinux.com/security/
>
> * To unsubscribe from the list
>
>If you ever want to remove yourself from this mailing list,
> you can send a message to server-users-e-ctl@xxxxxxxxxxxxxxxx> with
>the word `unsubscribe' in the body (don't include the quotes).
>
>unsubscribe
>
> * To change your email address
>
>If you ever want to chage email address in this mailing list,
> you can send a message to server-users-e-ctl@xxxxxxxxxxxxxxxx> with
>the following command in the message body:
>
> chaddr 'old address' 'new address'
>
>If you have any questions or problems, please contact
>supp_info@xxxxxxxxxxxxxxxx>
>
>Thank you!
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.6 (GNU/Linux)
>
>iD8DBQFBYqHtK0LzjOqIJMwRAgNPAJ9TkkL73895x0W7UXTix5/7Ai6vRQCgr1s5
>D6e2lOCXUmCWuYNVxpgAvWY=
>=qIgj
>-----END PGP SIGNATURE-----
>
>
>
>
>
>--__--__--
>
>Message: 2
>Subject: RE: [Full-Disclosure] Spyware installs with no interaction in IE on
>fully patched XP SP2 box
>Date: Tue, 5 Oct 2004 10:50:02 -0400
>From: "Castigliola, Angelo" ACastigliola@xxxxxxxxxxxxxxxxx>
>To: "Alla Bezroutchko" alla@xxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxx>
>
>I am sure there is a configuration setting or software (perhaps the
>software made the configuration change) that is preventing this from
>installing on your computer.
>
>I tested with a default XP SP1 install with all the Microsoft Updates
>that have been applied to stop this type of IE hack. The spyware still
>installs itself on the machine.
>
>XP SP1 with the following patches:
>http://support.microsoft.com/default.aspx\?scid=kb;en-us;814078
>http://support.microsoft.com/default.aspx\?scid=kb;en-us;816093
>http://support.microsoft.com/default.aspx\?scid=kb;en-us;823182
>http://support.microsoft.com/default.aspx\?scid=kb;en-us;825119
>http://support.microsoft.com/default.aspx\?scid=kb;en-us;832894
>http://support.microsoft.com/default.aspx\?scid=kb;en-us;835732
>http://support.microsoft.com/default.aspx\?scid=kb;en-us;840374
>http://support.microsoft.com/default.aspx\?scid=kb;en-us;840315
>http://support.microsoft.com/default.aspx\?scid=kb;en-us;839645
>http://support.microsoft.com/default.aspx\?scid=kb;en-us;867801
>
>These are _ALL_ the Microsoft Updates that specifically patch up IE
>holes.
>
>My question to the forum is: If this is not a 0-day IE exploit that
>allows software to install on a computer with no user interaction then
>what Microsoft Update applies to this exploit?
>
>Again I fear there is no Microsoft Update available that will fix this
>hole.
>
>Can someone confirm that a Default install of XP SP2 with all patches
>will not stop spyware from themexp.org from installing?
>
>Angelo Castigliola III
>Operations Technical Analyst I
>UnumProvident IT Services
>207.575.3820
>
>-----Original Message-----
>From: full-disclosure-admin@xxxxxxxxxxxxxxxx
>[full-disclosure-admin@xxxxxxxxxxxxxxxx','','','')">full-disclosure-admin@xxxxxxxxxxxxxxxx]
> On Behalf Of Alla
>Bezroutchko
>Sent: Tuesday, October 05, 2004 7:01 AM
>To: full-disclosure@xxxxxxxxxxxxxxxx
>Subject: Re: [Full-Disclosure] Spyware installs with no interaction in
>IE on fully patched XP SP2 box
>
>
>Carr, Robert wrote:
>> Interesting...
>>
>> I just went there, and he's right. Atpartners.cab installed without
>> permission. My McAfee picked it right up as Atpartners.dll, downloaded
>
>> to Temp Internet files. Spyware detected as NetPals. On the other
>> hand, I'm admin of my machine, I wonder if a "user" would get an error
>
>> message about not having the correct rights...
>
>I have tested it on Windows XP SP2 and on fully patched Windows 2000. In
>
>both cases _nothing_ gets run or installed. Both systems are more or
>less standard installations without any special IE hardening (except
>patches).
>
>When I surf to the site with Windows XP "Installing components...
>ATpartners.cab" briefly appears in the status bar and then the site gets
>
>displayed. Under the normal browser bars there is a message saying "The
>site might require the following ActiveX control: FREE on-line games and
>
>special offers from... Click here to install...". I don't click on it.
>Searching the disk for atpartnets.cab or atpartners.dll finds nothing.
>The CLSID of the ActiveX control only appears in the registry in
>"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\"
>.
>
>With Windows 2000 I also get "Installing components... ATpartners.cab"
>in the status bar and then the dialog box asking if I want to install
>"Free online games from ATgames.com". This is a usual dialog box you get
>
>when a page attempts to install an ActiveX control. If I click "No",
>nothing gets installed, no atpartners files on the file system, no
>traces of the CLSID in the registry.
>
>I suppose the cab file gets downloaded so that Windows can read and
>display the signature of the file. It does not get run or installed
>unless explicitly permitted by user.
>
>So, as far as I can see this is no 0-day.
>
>Alla.
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>--__--__--
>
>Message: 3
>Date: Tue, 05 Oct 2004 16:57:52 +0200
>From: Thomas Biege thomas@xxxxxxx>
>To: full-disclosure@xxxxxxxxxxxxxxxx
>Subject: [Full-Disclosure] SUSE Security Announcement: samba (SUSE-SA:2004:035)
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>______________________________________________________________________________
>
> SUSE Security Announcement
>
> Package: samba
> Announcement-ID: SUSE-SA:2004:035
> Date: Tuesday, Oct 5th 2004 16:53:01 MEST
> Affected products: 8.1, 8.2, 9.0
> SUSE Linux Enterprise Server 8
> SUSE Linux Desktop 1.0
> Vulnerability Type: remote file disclosure
> Severity (1-10): 6
> SUSE default package: Yes
> Cross References: CAN-2004-0815
>
> Content of this advisory:
> 1) security vulnerability resolved:
> - Samba file access problem
> problem description
> 2) solution/workaround
> 3) special instructions and notes
> 4) package location and checksums
> 5) pending vulnerabilities, solutions, workarounds:
> - opera
> - kernel
> - mozilla
> 6) standard appendix (further information)
>
>______________________________________________________________________________
>
>1) problem description, brief discussion
>
> The Samba server, which allows to share files and resources via
> the SMB/CIFS protocol, contains a bug in the sanitation code of path
> names which allows remote attackers to access files outside of the
> defined share. In order to access these files, they must be readable
> by the account used for the SMB session.
> CAN-2004-0815 has been assigned to this issue.
>
>2) solution/workaround
>
> As a temporary workaround you can set the
> wide links = no
> option in smb.conf and restart the samba server. However an update
> is recommended nevertheless.
>
>3) special instructions and notes
>
> After successfully updating the samba package, you need to issue the
> following command as root:
>
> rcsmb restart
>
>4) package location and checksums
>
> Please download the update package for your distribution and verify its
> integrity by the methods listed in section 3) of this announcement.
> Then, install the package using the command "rpm -Fhv file.rpm" to apply
> the update.
> Our maintenance customers are being notified individually. The packages
> are being offered to install from the maintenance web.
>
> SUSE Linux 9.0:
>
> ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/samba-2.2.8a-226.i586.rpm
> eb71869029b35d2a97d55e26514524db
> patch rpm(s):
>
> ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/samba-2.2.8a-226.i586.patch.rpm
> 48bb3e455079fcfdf4ad2baa28f28557
> source rpm(s):
>
> ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/samba-2.2.8a-226.src.rpm
> d162ea5a39b14ee16ae1c6d5df9211bb
>
> SUSE Linux 8.2:
>
> ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/samba-2.2.8a-225.i586.rpm
> 79b0514a827bdd782e6d3f62bb92fb85
> patch rpm(s):
>
> ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/samba-2.2.8a-225.i586.patch.rpm
> a50dd448212245d51e9ac59ae50514e8
> source rpm(s):
>
> ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/samba-2.2.8a-225.src.rpm
> 25d488678b607b3c67612ee065abd77a
>
> SUSE Linux 8.1:
>
> ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-2.2.8a-224.i586.rpm
> 93d0fb2502f30593548dbe2f41ec8948
> patch rpm(s):
>
> ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-2.2.8a-224.i586.patch.rpm
> da5b107fb71c5daf5972b6e0aaca4f5c
> source rpm(s):
>
> ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/samba-2.2.8a-224.src.rpm
> e0b9f9af6c5348cb9840b5d98a1c59dc
>
>
> x86-64 Platform:
> SUSE Linux 9.0:
>
> ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/samba-2.2.8a-226.x86_64.rpm
> 0f1c94aa23653b0cf9b318646d9153af
> patch rpm(s):
>
> ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/samba-2.2.8a-226.x86_64.patch.rpm
> 569974c359702c263b0968ce8fb9810f
> source rpm(s):
>
> ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/samba-2.2.8a-226.src.rpm
> 75c1a01d03af42835809691840eaa331
>
>______________________________________________________________________________
>
>5) Pending vulnerabilities in SUSE Distributions and Workarounds:
>
> - opera
> New opera packages are available on our ftp servers, fixing
> CAN-2004-0691, CAN-2004-0597, CAN-2004-0598, CAN-2004-0599 and
> CAN-2004-0746.
>
> - kernel
> Update kernels for the kNFSd problem for SLES 8 and SL 8.1 have been
> released.
>
> - mozilla
> We are in the process of releasing updates for mozilla (and related
> browsers), fixing various issues: CAN-2004-0597, CAN-2004-0718,
> CAN-2004-0722, CAN-2004-0757, CAN-2004-0758, CAN-2004-0759,
> CAN-2004-0760, CAN-2004-0761, CAN-2004-0762, CAN-2004-0763,
> CAN-2004-0764 and CAN-2004-0765.
> We will give you concrete details in a separate mozilla advisory when
> the updates are available.
>
>
>______________________________________________________________________________
>
>6) standard appendix: authenticity verification, additional information
>
> - Package authenticity verification:
>
> SUSE update packages are available on many mirror ftp servers all over
> the world. While this service is being considered valuable and important
> to the free and open source software community, many users wish to be
> sure about the origin of the package and its content before installing
> the package. There are two verification methods that can be used
> independently from each other to prove the authenticity of a downloaded
> file or rpm package:
> 1) md5sums as provided in the (cryptographically signed) announcement.
> 2) using the internal gpg signatures of the rpm package.
>
> 1) execute the command
> md5sum
> after you downloaded the file from a SUSE ftp server or its mirrors.
> Then, compare the resulting md5sum with the one that is listed in the
> announcement. Since the announcement containing the checksums is
> cryptographically signed (usually using the key security@xxxxxxx),
> the checksums show proof of the authenticity of the package.
> We disrecommend to subscribe to security lists which cause the
> email message containing the announcement to be modified so that
> the signature does not match after transport through the mailing
> list software.
> Downsides: You must be able to verify the authenticity of the
> announcement in the first place. If RPM packages are being rebuilt
> and a new version of a package is published on the ftp server, all
> md5 sums for the files are useless.
>
> 2) rpm package signatures provide an easy way to verify the authenticity
> of an rpm package. Use the command
> rpm -v --checksig
> to verify the signature of the package, where is the
> filename of the rpm package that you have downloaded. Of course,
> package authenticity verification can only target an un-installed rpm
> package file.
> Prerequisites:
> a) gpg is installed
> b) The package is signed using a certain key. The public part of this
> key must be installed by the gpg program in the directory
> ~/.gnupg/ under the user's home directory who performs the
> signature verification (usually root). You can import the key
> that is used by SUSE in rpm packages for SUSE Linux by saving
> this announcement to a file ("announcement.txt") and
> running the command (do "su -" to be root):
> gpg --batch; gpg
> SUSE Linux distributions version 7.1 and thereafter install the
> key "build@xxxxxxx" upon installation or upgrade, provided that
> the package gpg is installed. The file containing the public key
> is placed at the top-level directory of the first CD (pubring.gpg)
> and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .
>
>
> - SUSE runs two security mailing lists to which any interested party may
> subscribe:
>
> suse-security@xxxxxxxx
> - general/linux/SUSE security discussion.
> All SUSE security announcements are sent to this list.
> To subscribe, send an email to
> suse-security-subscribe@xxxxxxxx>.
>
> suse-security-announce@xxxxxxxx
> - SUSE's announce-only mailing list.
> Only SUSE's security announcements are sent to this list.
> To subscribe, send an email to
> suse-security-announce-subscribe@xxxxxxxx>.
>
> For general information or the frequently asked questions (faq)
> send mail to:
> suse-security-info@xxxxxxxx> or
> suse-security-faq@xxxxxxxx> respectively.
>
> =====================================================================
> SUSE's security contact is security@xxxxxxxx> or security@xxxxxxx>.
> The security@xxxxxxx> public key is listed below.
> =====================================================================
>______________________________________________________________________________
>
> The information in this advisory may be distributed or reproduced,
> provided that the advisory is not modified in any way. In particular,
> it is desired that the clear-text signature shows proof of the
> authenticity of the text.
> SUSE Linux AG makes no warranties of any kind whatsoever with respect
> to the information contained in this security advisory.
>
>Type Bits/KeyID Date User ID
>pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team security@xxxxxxx>
>pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key build@xxxxxxx>
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
>
>iQEVAwUBQWK1Q3ey5gA9JdPZAQG2XAf/brEQk2j1Eh3S7Q3r9jnNHM/0oJ6rfish
>wS/GcWazRcIV7I8JnUqspDU9zYamS2oB8Vu977yTFc+nhTryvpWsbJDnQIjtYE52
>bEMMFW6gYTzUqG2U31mWKaqtpuFJJNuA3Lu0HgsxaQJ5F7qjVcsBOwX5PqCARMFp
>KIcGJi8BtLsQ36x2ZWOXKG6p8jXxx8kSVln7T6e1T0v4tVURA6BaEkE4Dh0ZoKh1
>V+lYw0QipbBIByWnY/rT4T1tvZE9NUG3JSHe0olyvDekmm/WzoHLIqOe2cKfR77a
>nNb+cA81JW7JJk10NWKY4hzUX9oLCN8/mAvl40nvCHX+9YHldeM3Ag==
>=LbT6
>-----END PGP SIGNATURE-----
>
>
>--__--__--
>
>Message: 4
>Date: Tue, 5 Oct 2004 11:48:59 -0400
>From: "Clairmont, Jan M" jan.m.clairmont@xxxxxxxxxxxxx>
>To: full-disclosure@xxxxxxxxxxxxxxxx>
>Subject: [Full-Disclosure] Paranid ramblings - what's the deal? Bounded
>variables aren't?
>
>Every time I send out a memo to full-disclosure i get this this mail bounce
>message and
>it gets posted on full-disclosure. Anybody have an idea what's happening.
>
>
>Message Follows:
>
>From: Mailer-Daemon@xxxxxxx
>
>Subject: NDN: [Full-Disclosure] Shows when no limits are set or restricted
>shell or bat ac
>
>Sorry. Your message could not be delivered to:
>
>tycho,IC&S (The name was not found at the remote site. Check that the name
>has been entered correctly.)
>
>
>
>Are these guys phishing, swishing or whatever Netherlands uber alles?
>Or is this just their mail-server barfing? Should probably point dig at it
>and debug it but I have gotten in trouble for that type of "help" before?
>
>
>Keep on computing, even though your bytes are fried.
>
>Jan Clairmont, Paladin of the Dept. of Insecurity Department, where no
>redundancy is allowed or is it redundancy is
required, have to look that up in the book of insecurity security chapter 4
verse 3(The bible of the Mad Arab Adulah
Medula, taken from
>the NecronoMicron or the latest M$ directorate).
>
>Unix Security Support/Consultant I think?
>
>
>
>
>--__--__--
>
>_______________________________________________
>Full-Disclosure mailing list
>Full-Disclosure@xxxxxxxxxxxxxxxx
>http://lists.netsys.com/mailman/listinfo/full-disclosure
>
>
>End of Full-Disclosure Digest
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html