similar to: Integer underflow in the "file" program before 4.20

On 03/12/2016 12:08, Jeremiah C. Foster wrote: > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we have a bug in dovecot, which > merits a > CVE. See details below. If you haven't configured any > auth_policy_* > settings you are ok. This

> On December 3, 2016 at 9:11 PM "Jeremiah C. Foster" <jeremiah at jeremiahfoster.com> wrote: > > > On Sat, 2016-12-03 at 12:23 +1000, Noel Butler wrote: > > On 03/12/2016 12:08, Jeremiah C. Foster wrote: > > > > > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > > > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2.

On 02.12.2016 10:45, Jonas Wielicki wrote: > On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: >> We are sorry to report that we have a bug in dovecot, which merits a >> CVE. See details below. If you haven't configured any auth_policy_* >> settings you are ok. This is fixed with >> https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13

Good Morning, We just performed some security scanning on one of our AIX systems and these vulnerabilities was returned: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4755 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5000 We are currently running: 5.8.0.6101 The latest on IBMs

Hi, Just want to ask about the status of this:- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0002 >From list archives I gather the fix is still under refinement (but committed (and removed?) in HEAD and RELENG_5_2). One paranoid little shop is running a public web server on RELENG_4_9, and contemplating this patch:-

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:08.openssl Security Advisory The FreeBSD Project Topic: Buffer overflow in OpenSSL SSL_get_shared_ciphers() Category: contrib Module: openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:08.openssl Security Advisory The FreeBSD Project Topic: Buffer overflow in OpenSSL SSL_get_shared_ciphers() Category: contrib Module: openssl

A new libvorbis release is now available. http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.tar.bz2 http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.tar.gz http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.zip This release fixes some robustness issues with corrupt streams, including a security issue. Also new in this release is support for multiplexed streams in

Hi, http://dev.rubyonrails.org/ticket/8453 http://dev.rubyonrails.org/ticket/8371 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3227 I came across the above by accident. While I am subscribed to the so called rails security list where supposed announcement of security issues were to be posted, neither of the above problem made the list. While I use rails a lot and like it, the above

hi all, i haven't seen any discussion here of this issue, nor do i see any obviously related (open) bugs in bugzilla. It's not clear to me from the CVE how important this issue is or isn't, but i'm a bit concerned. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4091 thanks as always to wayne & the other contributors

We are sorry to report that we have a bug in dovecot, which merits a CVE. See details below. If you haven't configured any auth_policy_* settings you are ok. This is fixed with https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13a5a725ae and https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d57351fd42c67a8612fc Important vulnerability in Dovecot

Dear List, I''m thinking about using xen productive in our datacenter, i''m still testing around with it. Now I got some questions, just for basic understanding, we got for example this environment: 2 Nodes 1 SCSI Pool server (Connected via scsi to both nodes) Now I want to build a "cluster" so i would like to make this: Node 1 -> Primary -| | --> domU

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:04.file Security Advisory The FreeBSD Project Topic: Heap overflow in file(1) Category: contrib Module: file Announced: 2007-05-23

On Fri, 2018-01-05 at 21:42 +1030, David Newall wrote: > On 05/01/18 20:06, Jakub Jelen wrote: > > if the confined user has write access to the chroot directory, > > there are ways how to get out, gain privileges and or do other > > nasty things. > > I'm not inexperienced with UNIX and unix-like operating systems (30+ > years), and I can't think what these

http://bugzilla.mindrot.org/show_bug.cgi?id=1356 Summary: X11 forwarding broken. Product: Portable OpenSSH Version: 4.5p1 Platform: Other OS/Version: FreeBSD Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: marka at isc.org Created

Hello, I need some advice how to debug this issue ... Recently I got a new mainboard for a router, it's a Gigabyte GA-H77N-WIFI with two onboard re(4) NICs. The problem is that re0 works fine and re1 doesn't: It doesn't receive any packets. Tcpdump displays all outgoing packets, but no incoming ones on re1. Ifconfig shows the link correctly (100 or 1000 Mbit, depending on where I

[Splitting this out from the original thread to reduce noise in it] On 17.06.2013, at 18:43, Jakob Stoklund Olesen <stoklund at 2pi.dk> wrote: > > On Jun 17, 2013, at 7:03 AM, Benjamin Kramer <benny.kra at gmail.com> wrote: > >> >> On 17.06.2013, at 15:56, Diego Novillo <dnovillo at google.com> wrote: >> >>> On 2013-06-15 16:39 ,

Hi, This happened to me repeatedly (but not always), even after updating to the latest RELENG_7 yesterday ... 1. Boot into single user mode 2. fsck / # finishes successful! 3. mount -u / 4. Do a few edits to files in /etc 5. mount -u -o ro / softdep_waitidle: Failed to flush worklist for 0xc1f36b30 mount: /dev/ad0s1a : Device busy I can't remount the root file system read-only, so

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:23.openssl Security Advisory The FreeBSD Project Topic: Multiple problems in crypto(3) Category: contrib Module: openssl Announced:

Hello all I tried to enable PCI Passthrough in my Debian Squeeze installation. Unfortunately, it didnt work. The following bug showed up (excerpt from dmesg): [ 10.148612] uhci_hcd 0000:00:14.2: PCI INT D -> Link[LNKD] -> GSI 11 (level, low) -> IRQ 11 [ 4.678352] Failed to setup GSI :11, err_code:-22 [ 4.678480] dmfe 0000:00:0e.0: PCI INT A -> Link[LNKB] -> GSI 11 (level, low)