search for: hynek

...have been signed with Red Hat''s PGP key. But when you do this, don''t forget to upgrade your pam to pam-0.50-22, otherwise you run into problems - you won''t be able to login (thank God ssh worked). I think util-linux should have this dependence on pam-0.50-22 or higher.. Hynek -- Hynek Med, xmedh02@manes.vse.cz

...SMTP id AA04002 (5.67a8/IDA-1.5 for <linux-security@redhat.com>); Thu, 16 Jan 1997 15:17:35 +0100 Received: from localhost by manes.vse.cz with SMTP id AA01262 (5.67a8/IDA-1.5 for linux-security@redhat.com); Thu, 16 Jan 1997 15:17:33 +0100 Date: Thu, 16 Jan 1997 15:17:32 +0100 (MET) From: Hynek Med <xmedh02@manes.vse.cz> Approved: R.E.Wolff@BitWizard.nl To: linux-security@redhat.com Subject: Re: [linux-security] BoS: hmm..seen this one? Message-Id: <Pine.ULT.3.95.970116151337.28235G-100000@manes.vse.cz> Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Charset:...

Hi everyone, Prompted by the fact that addressing some of the recent SSL problems actually would benefit from also changing things on how openSSL is used (not just updating the library), I started looking into some improvements. The tracking ticket is: https://trac.xiph.org/ticket/2070 To sum it up: - hard disable SSLv3 - hard disable compression - new default cipher list - enable forward

...o sum it up: > - hard disable SSLv3 > - hard disable compression Landed ready to be released in 2.4.1. > - new default cipher list Went with https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 in the end. Previously planned using this: https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/#fnref2 Testing against Qualys gives me identical results for both. We might upgrade to the "Modern" Mozilla string in the future, but as of now that completely breaks our HTTPS functionality. I suspect, because we don't properly sup...

In Debian 1.1, the optional DOSEMU package installs /usr/sbin/dos setuid root. This is a serious security hole which can be exploited to gain access to any file on the system. Package: dosemu Version: 0.64.0.2-9 ------- start of cut text -------------- $ cat /etc/debian_version 1.1 $ id uid=xxxx(quinlan) gid=xxxx(quinlan) groups=xxxx(quinlan),20(dialout),24(cdrom) [quinlan:~]$ ls -al