similar to: [Debian 2.0] /usr/bin/suidexec gives root access

Hi, There is a severe problem with the db-1.85.4 library''s Linux port that can be found on sunsite.unc.edu under /pub/Linux/libs/db-1.85.4-src.tar.gz (sp?): This library contains a "snprintf" function which breaks down to a common sprintf, ignoring the size parameter. Obviously, this was thought to be a terribly bad work-around for C libraries which don''t contain an

The following code is a first attempt at a simple but flexible suid wrapper which checks argv[] and environment. It might introduce new security holes or have other bugs; using 1 as a general failure exit value may be the wrong thing to do. The wrapper reads a configuration file named /etc/wrapper.cfg; see the comments in wrapper.c for the file''s format. Flame, comment, or use at will.

Puppet 2.6.14 is a security release in the 2.6.x branch which addresses CVEs 2012-1053 and 2012-1054. All users of Puppet 2.6.x are encouraged to upgrade when possible to Puppet 2.6.14. Other information available at: http://puppetlabs.com/security or visit http://puppetlabs.com/security/cve/cve-2012-1053 and http://puppetlabs.com/security/cve/cve-2012-1053 Detailed feature release notes are

Hi, I just came across this annoncement, which is particularly interesting as it is only 25 min away from my place... :-) Anyway, I guess the core of this is targeted at developers mainly. Cheers, Philipp Free Software/Open Source-Telephony-Summit 2004 http://www.guug.de/veranstaltungen/telephony-summit-2004/ http://www.heise.de/newsticker/data/avr-16.12.03-000/ We are happy to announce

Free Software/Open Source Telephony-Summit 2006 Tuesday, May 2nd 2006 Wiesbaden, Germany For the third time the German Unix User Group (GUUG - www.guug.de) organizes the Free Software/Open Source Telephony-Summit, an international workshop and technical conference for developers and users of Free Software/Open Source telephony applications and for

Hi! Jim is right. There is a bug in all GnuPG versions up to 1.0.3: If you have more than one cleartext signature in a file (or pipe that to gpg), gpg does not compare each signature but flags each document as good or bad depending on the first document in the file. This is a very serious bug in gpg's verification function. I have made a snapshot version which corrects this bug available

Hi all, Full path: /usr/lib/ruby/site_ruby/1.8/puppet/provider/ssh_authorized_key/parsed.rb Two problems: 1) Even if filebucketing is disabled, this (still) tries to backup authorized_keys to /var/lib/puppet/clientbucket/[...]; no other modules are doing filebucketing when it''s disabled but they (correctly) do when it is enabled. 2) The filebucketing is (still) being done with euid set

For all who are interested: A quick review of CeBIT 2005. :-) CeBIT was a very successfull event. Most of the time, the asterisk-booth was crowded with more people than we could talk to. We had with us a demo-installation including different IP-phones, digital and analog phones as well as a Siemens HiPATH PBX to which our Asterisk-server served as a VoIP-gateway, and many people were impressed

How may one save a graphic as svg on Windows? The svg() command is recognized and functions well on Linux, etc., but not on Windows, it seems. I'm trying to use Hadley Wickam's ggplot2 and I would like to be able to save created charts as svg for later input into Illustrator. I am able to accomplish this workflow under Linux, but I don't know how to get R to recognize the svg() command

Hello, in the time since the relase of GnuPG 1.0, 2 new translation have been done: pt_PT and id. They will be in the next version. Please, if you want to do a translation, contact me first so that I can coordinate the efforts. werner -- Werner Koch at guug.de www.gnupg.org keyid 621CC013

-----BEGIN PGP SIGNED MESSAGE----- ##### ## ## ###### ## ### ## ## ##### ## # ## ## ## ## ### ## ##### . ## ## . ###### . Secure Networks Inc. Security Advisory

Hi, I have released a new snapshot of GnuPG, I hope this is one of the last ones before 1.0.2 ;-) This is still a BETA VERSION and not intended for general use. ftp://ftp.gnupg.org/pub/gcrypt/devel/gnupg-1.0.1e.tar.gz (1600k) The usual diff file is also available, but this time there is only a detached signature for this diff file, because I noticed to late that the --not-dash-escaped option

Hello List :-) I'm sorry that this is a bit off-topic, but I don't know where to ask this question. Is there anyone who can tell if Asterisk will be present at CeBIT this year? Kind regards Thilo -- Thilo R??ler Linup Front Pallaswiesenstrasse 203 64293 Darmstadt Tel: 06151/9067-0 Fax: 06151/9067-299 Mobil: 0151/18242584 http://www.linupfront.de E-Mail:

Hi there, I just wanted to point out that Asterisk will be present at CeBit this year. We gathered some money from sponsors and were able to afford a booth together with a training-company. We'd be happy to find others joining us at the booth somewhere between 10th and 16th of March in Hannover, Germany :-) Kind regards ... -- Thilo R??ler Linup Front Pallaswiesenstrasse 203 64293

Hi! We are pleased to release Dovecot release v2.3.7.2 Tarball is available at https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading to

Hi! We are pleased to release Dovecot release v2.2.36.4 Tarball is available at https://dovecot.org/releases/2.2/dovecot-2.2.36.4.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.36.4.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading

Hi! We are pleased to release Pigeonhole release v0.5.7.2 Tarball is available at https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: ManageSieve protocol parser does not properly handle

Dear subscribers, we have been made aware of critical vulnerability in Dovecot and Pigeonhole. --- Open-Xchange Security Advisory 2019-08-14 ? Product: Dovecot Vendor: OX Software GmbH ? Internal reference: DOV-3278 Vulnerability type: Improper input validation (CWE-20) Vulnerable version: All versions prior to 2.3.7.2 and 2.2.36.4 Vulnerable component: IMAP and ManageSieve protocol parsers

Hi! We are pleased to release Pigeonhole release v0.4.24.2 Tarball is available at https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz.sig Changes ------- * CVE-2019-11500: ManageSieve protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading

Hi! We are pleased to release Dovecot release v2.3.7.2 Tarball is available at https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz.sig Binary packages are available at https://repo.dovecot.org/ Changes ------- * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte ? when scanning data in quoted strings, leading to