search for: spectr

Displaying 20 results from an estimated 265 matches for "spectr".

Did you mean: spectre
2013 Nov 11
1
Incorrect Responses on deliverable mails with LMTP server
Appears some change between 2.2.6 and 2.2.7 altered the response codes for LMTP user verification probes. Dovecot 2.2.6: Nov 2 15:50:48 spectre postfix/qmgr[627]: 3dBjr80wMgz1s: from=<double-bounce at spectre.leuxner.net>, size=271, nrcpt=1 (queue active) Nov 2 15:50:48 spectre postfix/cleanup[6226]: 3dBjr80xbYz1w: message-id=<20131102145047.2D3C6824147 at sam.dfn-cert.de> Nov 2 15:50:48 spectre postfix/lmtp[6228]: 3dBjr80wM...
2012 Mar 23
0
Dovecot v2.1.3 (f30437ed63dc) Auth/Login Issues
Hi, some change between ff5c341f8838 and f30437ed63dc seems to have broken auth: => Bad Login Mar 23 09:01:46 spectre dovecot: master: Dovecot v2.1.3 (f30437ed63dc) starting up [...] Mar 23 10:25:44 spectre dovecot: auth: Debug: auth client connected (pid=7266) Mar 23 10:25:45 spectre dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=188.138.0.199#011rip=80.187.102.243#011lport...
2018 Feb 06
2
add Spectre variant 2 mitigations
On 6 February 2018 at 20:09, David Newall <openssh at davidnewall.com> wrote: > Do we need to do anything? It's not clear to me how SSH is vulnerable to > Spectre -- that is, how SSH can be used to execute a Spectre attack? I am more concerned with it being the target of a Spectre style attack. There's some long lived private data (host keys in the case of sshd, session keys in the case of ssh and sshd and user keys in the case of ssh-agent) and there...
2013 Feb 18
2
Quota Problems with LMTP in HG 62a930eb22b5
Since updating to the latest HG these errors occur. Nothing else changed in the config: $ dovecot --version 2.2.beta1 (62a930eb22b5) ==> /var/log/dovecot/dovecot.log <== Feb 18 09:47:32 spectre dovecot: lmtp(14340): Connect from local Feb 18 09:47:32 spectre dovecot: lmtp(14340, tlx at leuxner.net): Error: mkdir_parents(/var/vmail/domains/leuxner.net/tlx/mdbox) failed: File exists Feb 18 09:47:32 spectre dovecot: lmtp(14340, tlx at leuxner.net): Error: mkdir_parents(/var/vmail/domains/le...
2018 Feb 05
2
add Spectre variant 2 mitigations
Hi. Both GCC and clang are adding mitigations for Spectre variant 2 although neither have yet made a release and neither are on by default. After trolling through and building release candidate branches for both I believe this is what is required for the ssh programs (although all the dependent libraries will also need to be built with mitigations, and...
2013 Jun 01
2
v2.2.2 (7b1152c83e3e) latest changes break LMTP
Suppose this one breaks it: http://hg.dovecot.org/dovecot-2.2/rev/c4a85c9df948 ==> /var/log/mail.log <== Jun 1 14:01:30 spectre postfix/lmtp[456]: 3bN0qP5kwFzSy: to=<tlx at leuxner.net>, relay=spectre.leuxner.net[private/dovecot-lmtp], delay=1481, delays=1481/0/0.01/0.01, dsn=4.3.0, status=deferred (host spectre.leuxner.net[private/dovecot-lmtp] said: 451 4.3.0 <tlx at leuxner.net> Temporary internal error (in...
2010 Feb 28
2
Dovecot 2.0.beta3: mdbox mailbox crashes upon login
...; for testing today: # dsync convert -u user at domain mdbox:~/mdbox Set mail location to mdbox in 'mail.conf' and restarted server: mail_location = mdbox:~/mdbox Dovecot panicked instantly upon login with different clients. Tried to disable several plugins to no avail: Feb 28 14:43:02 spectre dovecot: imap(user at domain): Panic: file mailbox-list-fs.c: line 170 (fs_list_get_path): assertion failed: (mailbox_list_is_valid_pattern(_list, name)) Feb 28 14:43:02 spectre dovecot: imap(user at domain): Raw backtrace: /usr/lib/dovecot/libdovecot.so.0 [0x7f0a0d891e72] -> /usr/lib/dovecot/l...
2018 Mar 16
2
spectre variant 2
Hi all! I'm running an up-to-date Centos-7 on an AMD Vishera 6300, 6 core CPU. I note that when I run the redhat script to test for spectre & meltdown I get this result for variant 2: Variant #2 (Spectre): Vulnerable CVE-2017-5715 - speculative execution branch target injection - Kernel with mitigation patches: OK - HW support / updated microcode: NO - IBRS: Not disabled on kernel commandline - IBPB: Not disabled on k...
2013 Aug 08
1
HG changes affecting received headers
Let me say this is a rather cosmetic issue, but it appears with the latest commits (around 2.2.5 release) the scheme of 'Received' headers has changed for LMTP: 1) Inet socket: Return-Path: <dfn-adv-bounces at dfn-cert.de> Delivered-To: <tlx at leuxner.net> Received: from spectre.leuxner.net ([188.138.0.199]) by spectre.leuxner.net (Dovecot) with LMTP id 8AkXDF5cA1LvDgAAZ53dLw for <tlx at leuxner.net>; Thu, 08 Aug 2013 10:52:46 +0200 2) UNIX socket: Return-Path: <dfn-adv-bounces at dfn-cert.de> Delivered-To: <tlx at leuxner.net> Received: from spectre....
2018 Feb 22
0
[RFC] Sceptre a Spectre variant 1 detector
Hi All, Over the last few weeks I have been developing an LLVM Utility pass to check a program at the IR level for Spectre variant 1 (bounds check bypass) vulnerabilities. The pass was initially developed for internal use. However, as it has proved to be useful we have decided to share it with the LLVM community. The pass currently must be enabled with -mllvm -enable-sceptre. When it finds a vulnerability it outp...
2018 Mar 09
4
CentOS 6 i386 - meltdown and spectre
...nd all its derivatives. I asked CentOS community because that's the community I'm member of. Not to say that CentOS is not secure or anything like that. Anyway, I'm stuck with a few 32bit systems exposed to customers and I have to come up with an answer to their question about meltdown/spectre. At this point all I can say is that Red Hat hasn't patched 32bit systems but that is hard to believe so I assumed that I'm wrong and decided to ask the community. Thank you, -- Peter On Fri, Mar 9, 2018 at 7:52 AM, Johnny Hughes <johnny at centos.org> wrote: > I have built a...
2018 Mar 13
4
LLVM Release Schedules: 5.0.2, 6.0.1
Hi, We don't normally do X.Y.2 releases, but there has been some interest in getting a 5.0.2 release out with the Spectre mitigations included, so I am proposing the following schedule for a 5.0.2 release: LLVM 5.0.2 -rc1 Mon Mar 19 -final Mon Mar 26 To keep things easy for testers, 5.0.2 will be for Spectre related fixes only and won't be opened up for general bugs. And here is the schedule for 6.0.1:...
2018 Mar 06
2
CentOS 6 i386 - meltdown and spectre
I have a clean install, fully updated CentOS 6 32-bit. When I run the Red Hat detection script: https://access.redhat.com/sites/default/files/spectre-meltdown--a79614b.sh it finds that the system is vulnerable. Is this false positive or there is no patches for CentOS 6 32-bit systems? Thank you, -- Peter
2018 Jan 08
4
Response to Meltdown and Spectre
By now, we're sure most everyone have heard of the Meltdown and Spectre attacks. If not, head over to https://meltdownattack.com/ and get an overview. Additional technical details are available from Google Project Zero. https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html The FreeBSD Security Team was notified of the issue in late D...
2018 Jan 08
4
Response to Meltdown and Spectre
By now, we're sure most everyone have heard of the Meltdown and Spectre attacks. If not, head over to https://meltdownattack.com/ and get an overview. Additional technical details are available from Google Project Zero. https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html The FreeBSD Security Team was notified of the issue in late D...
2018 Feb 19
2
Is CentOS Linux protected against the Meltdown and Spectre security flaws?
What are the patches that I can download and install to be protected against the Meltdown and Spectre security vulnerabilities? ===BEGIN SIGNATURE=== Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 30 Oct 2017 [1] https://tdtemcerts.wordpress.com/ [2] http://tdtemcerts.blogspot.sg/ [3] https://www.scribd.com/user/270125049/Teo-En-Ming ===END SIGNATURE===
2018 Mar 16
0
spectre variant 2
On 16/03/18 18:24, Fred Smith wrote: > Hi all! > > I'm running an up-to-date Centos-7 on an AMD Vishera 6300, 6 core CPU. > What kernel are you running (uname -r)? > I note that when I run the redhat script to test for spectre & meltdown > I get this result for variant 2: > > Variant #2 (Spectre): Vulnerable > CVE-2017-5715 - speculative execution branch target injection > - Kernel with mitigation patches: OK > - HW support / updated microcode: NO > - IBRS: Not disabled on kernel co...
2010 Mar 27
3
Dovecot 2.0beta4 HG 11014: Crashes on parsing settings via LMTP service
Hi, unfortunately no core was dumped. Let me know if you need more info to debug. ==> /var/log/dovecot.log <== Mar 27 08:13:38 spectre dovecot: lmtp(8362): Connect from local Mar 27 08:13:38 spectre dovecot: lmtp(8362): Panic: file settings-parser.c: line 1501 (settings_link_get_new): assertion failed: (diff + sizeof(*old_link->array) <= old_link->parent->info->struct_size) Mar 27 08:13:38 spectre dovecot: lmtp(836...
2010 May 05
1
2.0 beta4 (5d76f5b13883): Home directory not recognized
Hi, latest Mercurial seems to have problems with the Config Module unloads: May 5 19:18:16 spectre dovecot: master: Dovecot v2.0.beta4 (5d76f5b13883) starting up May 5 19:18:34 spectre dovecot: managesieve: Error: fd_read() partial input (54/88) May 5 19:18:34 spectre dovecot: imap-login: Fatal: Error reading configuration: read(/var/run/dovecot/config) failed: EOF May 5 19:18:34 spectre dov...
2012 May 05
1
HG 3d8a25a4394d Patch breaks UserDB Lookups
Patch http://hg.dovecot.org/dovecot-2.1/rev/3d8a25a4394d breaks auth May 5 09:01:52 spectre dovecot: lmtp(24442): Connect from local May 5 09:01:52 spectre dovecot: lmtp(24442): Error: userdb lookup(tlx at leuxner.net): Disconnected unexpectedly May 5 09:01:52 spectre dovecot: auth: Fatal: master: service(auth): child 24443 killed with signal 11 (core not dumped) May 5 09:01:52 spectr...