similar to: SMB protocol security flaw

Dear CentOS, Ken wants you to know about this story on http://www.theage.com.au. Personal Message: How much did MS pay for the article? Linux misses Windows of opportunity September 27, 2005 URL: http://www.theage.com.au/articles/2005/09/26/1127586780339.html The online edition of The Age brings you updated local and world news, sports results, entertainment news and reviews and the latest

hi all, you might be interested in this article. cheers, joe A Sydney software engineer has been embroiled in a controversy in which Microsoft stands accused of trying to use him as a paid proxy to finesse entries on the Wikipedia site. Doug Mahugh, Microsoft "technical evangelist", emailed the engineer, Rick Jelliffe, on Monday, hoping to use Mr Jelliffe's

For even more information about "Heartbleed". -Connie Sieh ---------- Forwarded message ---------- Date: Wed, 9 Apr 2014 12:27:54 -0500 From: The SANS Institute <NewsBites at sans.org> Subject: FLASH NewsBites - Heartbleed Open SSL Vulnerability FLASH NewsBites - Heartbleed Open SSL Vulnerability FLASH NewsBites are issued only when a security event demands global and immediate

I found something interesting via strace. lda is writing a timestamp with utime before doign the fsync, but I'm really not a C guy, so I have no idea why that's going on via procmail and not via commandline. I assume it's related to the choice of pread64 vs read. when called from commandline (working): read(0, "July 14-20, 2013\n10 courses. Bon"..., 4096) = 4096

(I almost didn''t post this cause I hope you would notice it immediately after installing the OS... It''s here for the people that don''t/won''t use Caldera OpenLinux 1.2 ) Hello to all! By default, Caldera OpenLinux 1.2 adds the currrent working directory to the end of the $PATH on login. This of course gives a normal user the possibility of gaining a root shell

FYI, Santa Clara, Calif., Jan. 20, 2003 -- WhiteHat Security, Inc. a Santa Clara, California based company that specializes in Web Application Security, has discovered a serious security flaw affecting all web server world wide. From months of extensive research and testing, WhiteHat has found a way to exploit a flaw in the way all web servers communicate.

http://bugzilla.mindrot.org/show_bug.cgi?id=883 Summary: mdoc2man.awk causes flaw in ssh(1) man page Product: Portable OpenSSH Version: 3.8.1p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy:

Don't know what else to call this. Googling and some time on the IRC channel haven't gotten me anywhere. Here's the sitch, which is a bit complicated but is something my customers are in fact encountering on an everyday basis: 1. Bob is on a Zap channel talking through the PSTN to Carol. Both have the misfortune, like so many of us, of having LECs who do not offer disconnect

There is an updated ruby package for CentOS 3.3 (and added to 3.1) https://rhn.redhat.com/errata/RHSA-2004-441.html refers Updated files are :- ruby-1.6.8-9.EL3.2.i386.rpm ruby-devel-1.6.8-9.EL3.2.i386.rpm ruby-libs-1.6.8-9.EL3.2.i386.rpm ruby-mode-1.6.8-9.EL3.2.i386.rpm in updates/i386/RPMS/ in addition irb-1.6.8-9.EL3.2.i386.rpm has been added to the addons repository These are

Hello all, Does anybody know if this one has been patched? http://thehackernews.com/2016/01/openssh-vulnerability-cryptokeys.html Thanks. Boris.

Hi So after reading this, felt I should apply the fix to a CentOS6 VPS that I have. http://www.zdnet.com/article/linux-tcp-flaw-lets-anyone-hijack-internet-traffic/ The article doesn't talk about CentOS or Redhat, but I assume the problem is the same, and hoping the solution is the same. However that doesn't seem to be the case. [root at vps ~]# uname -r 2.6.32-042stab108.7 [root at

> Hi > > So after reading this, felt I should apply the fix to a CentOS6 VPS that I > have. > http://www.zdnet.com/article/linux-tcp-flaw-lets-anyone-hijack-internet-traffic/ > > The article doesn't talk about CentOS or Redhat, but I assume the problem is > the same, and hoping the solution is the same. > However that doesn't seem to be the case. > >

On 12/08/16 17:56, Barry Brimer wrote: >> [root at vps ~]# uname -r >> 2.6.32-042stab108.7 > > Not needed. This affects 3.6+ kernels. You don't have one of those. It affects RHEL6 which runs 2.6.32, they backported the features that it affects. If the above openvz kernel was based on a RHEL6 kernel (and I'd guess it was) then it's affected. Peter

On Fri, 12 Aug 2016, Peter wrote: > On 12/08/16 17:56, Barry Brimer wrote: >>> [root at vps ~]# uname -r >>> 2.6.32-042stab108.7 >> >> Not needed. This affects 3.6+ kernels. You don't have one of those. > > It affects RHEL6 which runs 2.6.32, they backported the features that it > affects. If the above openvz kernel was based on a RHEL6 kernel (and

On 08/11/2016 11:07 PM, Barry Brimer wrote: > > On Fri, 12 Aug 2016, Peter wrote: > >> On 12/08/16 17:56, Barry Brimer wrote: >>>> [root at vps ~]# uname -r >>>> 2.6.32-042stab108.7 >>> >>> Not needed. This affects 3.6+ kernels. You don't have one of those. >> >> It affects RHEL6 which runs 2.6.32, they backported the

Thanks for the info Peter. The VPS is running on a Plesk environment. ------ Original Message ------ From: "Peter" <peter at pajamian.dhs.org> To: centos at centos.org Sent: 12/08/2016 3:36:32 PM Subject: Re: [CentOS] Linux TCP flaw >On 12/08/16 17:33, Andrew Dent wrote: >> So after reading this, felt I should apply the fix to a CentOS6 VPS >>that >> I

Would a successful attack on the IP address of a VPS in a Plesk environment expose the VPS, the Virtual Host or both (and all other VPSs)? ------ Original Message ------ From: "Johnny Hughes" <johnny at centos.org> To: centos at centos.org Sent: 12/08/2016 9:08:23 PM Subject: Re: [CentOS] Linux TCP flaw >On 08/12/2016 05:58 AM, Andrew Dent wrote: >> Thanks for the

On Sat, October 22, 2016 7:49 pm, Valeri Galtsev wrote: > Dear All, > > I guess, we all have to urgently apply workaround, following, say, this: > > https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ > > At least those of us who still have important multi user machines running > Linux. I should have said CentOS 7. Older ones

On Sat Oct 22 08:20:24 PM, Valeri Galtsev wrote: > I should have said CentOS 7. Older ones (CentOS 6 and 5) are not vulnerable. https://bugzilla.redhat.com/show_bug.cgi?id=1384344 Comment #35 points to a link that doesn't depend on /proc/self/mem and claims to work on CentOS 6 and 5. I'm not quite sure what I should be looking for when I run the program, though. I do hope Redhat

What is the best approach on centos 6 to mitigate the problem is officially patched? As far as I can tell Centos 6 is vulnerable to attacks using ptrace. There is a mitigation described here https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13 which doesn't fix the underlying problem, but at least protects against known attack vectors. However, I'm unsure if the script only