similar to: Possible flaw in Vorbis

Hi Bob, I am CC:ing this reply to the general Samba list as I think it may be of interest. This is a report that crops up from time to time as a security hole report, and I'd like to explain in general why this is a misunderstanding. Bob Atkins wrote: > We are unable to keep individual users from mapping to any other user's > home directory once they have supplied a valid

Good day. I am posting the follow-up to the -hackers and CC'ing to the -security, because some more-or-less nasty points were found. Sat, Feb 23, 2008 at 10:32:02PM +0300, Eygene Ryabinkin wrote: > But there is another concern with bzero(): it is well-known function. > Especially for compilers. And it is bad: some arrays inside g_eli, > that hold decryption keys are the local

On Sat Oct 22 08:20:24 PM, Valeri Galtsev wrote: > I should have said CentOS 7. Older ones (CentOS 6 and 5) are not vulnerable. https://bugzilla.redhat.com/show_bug.cgi?id=1384344 Comment #35 points to a link that doesn't depend on /proc/self/mem and claims to work on CentOS 6 and 5. I'm not quite sure what I should be looking for when I run the program, though. I do hope Redhat

Leonardo Oliveira Ortiz wrote: > RedHat and Centos 4.x can be explored by this flaw? See: https://access.redhat.com/security/cve/cve-2016-5195 James Pearson

FYI, Santa Clara, Calif., Jan. 20, 2003 -- WhiteHat Security, Inc. a Santa Clara, California based company that specializes in Web Application Security, has discovered a serious security flaw affecting all web server world wide. From months of extensive research and testing, WhiteHat has found a way to exploit a flaw in the way all web servers communicate.

How does the latest Intel flaw relate to CentOS 6.x systems that run under VirtualBox hosted on Windows 7 computers? Given the virtual machine degree of separation from the hardware, can this issue actually be detected and exploited in the operating systems that run virtually?? If there is a slow down associated with the fix, how much might it impact the virtual systems?

Hi So after reading this, felt I should apply the fix to a CentOS6 VPS that I have. http://www.zdnet.com/article/linux-tcp-flaw-lets-anyone-hijack-internet-traffic/ The article doesn't talk about CentOS or Redhat, but I assume the problem is the same, and hoping the solution is the same. However that doesn't seem to be the case. [root at vps ~]# uname -r 2.6.32-042stab108.7 [root at

On Tue, November 1, 2016 6:25 pm, Tony Mountifield wrote: > In article <5818CD31.4050008 at moving-picture.com>, > James Pearson <james-p at moving-picture.com> wrote: >> Leonardo Oliveira Ortiz wrote: >> > RedHat and Centos 4.x can be explored by this flaw? >> >> See: >> >> https://access.redhat.com/security/cve/cve-2016-5195 > > In

Dear Sir/s, Can a crashed centos system be restore to its previous state before it crash? And if so, can you please tell me how to do it? Thanks, your help is very much appreciated. ----- Original Message ----- From: "Richard" <lists-centos at listmail.innovate.net> To: "CentOS mailing list" <centos at centos.org> Sent: Tuesday, November 1, 2016 5:05:59 PM

Thanks for the info Peter. The VPS is running on a Plesk environment. ------ Original Message ------ From: "Peter" <peter at pajamian.dhs.org> To: centos at centos.org Sent: 12/08/2016 3:36:32 PM Subject: Re: [CentOS] Linux TCP flaw >On 12/08/16 17:33, Andrew Dent wrote: >> So after reading this, felt I should apply the fix to a CentOS6 VPS >>that >> I

RedHat and Centos 4.x can be explored by this flaw? -----Mensagem original----- De: centos-bounces at centos.org [mailto:centos-bounces at centos.org] Em nome de Valeri Galtsev Enviada em: sexta-feira, 28 de outubro de 2016 12:50 Para: CentOS mailing list <centos at centos.org> Assunto: Re: [CentOS] CVE-2016-5195 ???DirtyCOW???: Critical Linux Kernel Flaw On Fri, October 28, 2016 9:43

In article <5818CD31.4050008 at moving-picture.com>, James Pearson <james-p at moving-picture.com> wrote: > Leonardo Oliveira Ortiz wrote: > > RedHat and Centos 4.x can be explored by this flaw? > > See: > > https://access.redhat.com/security/cve/cve-2016-5195 In other words, no: RHEL 4 and CentOS4 are not affected by this flaw. Tony -- Tony Mountifield

> Date: Tuesday, November 01, 2016 18:49:56 -0500 > From: Valeri Galtsev <galtsev at kicp.uchicago.edu> > > On Tue, November 1, 2016 6:25 pm, Tony Mountifield wrote: >> In article <5818CD31.4050008 at moving-picture.com>, >> James Pearson <james-p at moving-picture.com> wrote: >>> Leonardo Oliveira Ortiz wrote: >>> > RedHat and Centos

There seems to be a latent flaw in the definition of struct SEXPREC in Rinternals.h, which likely doesn't cause problems now, but could if the relative sizes of data types changes. The SEXPREC structure contains a union that includes a primsxp, symsxp, etc, but not a vecsxp. However, in allocVector in memory.c, zero-length vectors are allocated using allocSExpNonCons, which appears to

Package: xen-hypervisor-4.1-amd64 Version: 4.1.4-3+deb7u4 Severity: critical Hi, Not sure how come I'm the first one to file this kind of a bug report :) but here goes JFTR... http://xenbits.xen.org/xsa/advisory-123.html was embargoed, but advance warning was given to several big Xen VM farms, which led to e.g. https://aws.amazon.com/premiumsupport/maintenance-2015-03/

http://bugzilla.mindrot.org/show_bug.cgi?id=883 Summary: mdoc2man.awk causes flaw in ssh(1) man page Product: Portable OpenSSH Version: 3.8.1p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy:

> Hi > > So after reading this, felt I should apply the fix to a CentOS6 VPS that I > have. > http://www.zdnet.com/article/linux-tcp-flaw-lets-anyone-hijack-internet-traffic/ > > The article doesn't talk about CentOS or Redhat, but I assume the problem is > the same, and hoping the solution is the same. > However that doesn't seem to be the case. > >

Would a successful attack on the IP address of a VPS in a Plesk environment expose the VPS, the Virtual Host or both (and all other VPSs)? ------ Original Message ------ From: "Johnny Hughes" <johnny at centos.org> To: centos at centos.org Sent: 12/08/2016 9:08:23 PM Subject: Re: [CentOS] Linux TCP flaw >On 08/12/2016 05:58 AM, Andrew Dent wrote: >> Thanks for the

On 02/11/16 13:05, Richard wrote: > RHEL/Centos-4 is EOL so wouldn't be updated regardless (at least > under the normal EOL guidelines), but it is mentioned toward the > bottom of that page under "Affected Packages State": > > Red Hat Enterprise Linux 4 kernel Not affected It is mentioned because RHEL4 is in extended life phase, so not EOL yet. CentOS 4 is EOL

Dear Sir/s, What I mean is the system crashed where the OS is no longer booting properly. This started when I did a "partition resize". Unfortunately, we don't have any backup of the system. Thanks in advance for your help. Regards, CHRIS ----- Original Message ----- From: "Peter" <peter at pajamian.dhs.org> To: "CentOS mailing list" <centos at