similar to: FYI: OpenSSL Patch to Plug Severe Security Holes

Is there any update yet on when these fixes might be available in CentOS? thanks, -Alan

Michael Selvesteen wrote: >I use OpenSSH 3.9 on HP-UX 11vi. I compiled OpenSSL 0.9.7e by enabling >FIPS. I found in the FIPS document that OpenSSL now contains the >FIPS 140 specific cryptographic API and algorithm implementations >only; i.e. the API for low level algorithms (RSA, AES, 3DES, DSA, >SHA-1). Does it have any functional impacts on SSH. > >Will all the

I've created an "oldlinux" branch in github: https://github.com/libguestfs/libguestfs/commits/oldlinux The idea of this branch is that it contains patches to make libguestfs work on older versions of Linux that: - *don't* have virtio-serial in qemu/kernel - have ancient autotools Specifically we're targeting RHEL 5 (ca. 2007) and not anything older. This branch is

FYI in order to get 2.1.1p2 to work on my HP-UX 11.0 systems I had to patch atomicio.c for EWOULDBLOCK (HP read() does not give the POSIX return code). The new atomicio() is a clean fix for this timing problem; all it needs now is this one little tweak. Also had the "General Commercial Security" error (PAM_TERM_ERROR from pam_acct_mgmt()) which I have very crudely addressed for now by

Hi, Try this: dat1<- read.csv("dat7.csv",header=TRUE,stringsAsFactors=FALSE,sep="\t") dat.bru<- dat1[!is.na(dat1$evnmt_brutal),] fun1<- function(dat){??? ? ??? lst1<- split(dat,dat$patient_id) ??? lst2<- lapply(lst1,function(x) x[cumsum(x$evnmt_brutal==0)>0,]) ??? lst3<- lapply(lst2,function(x) x[!(all(x$evnmt_brutal==1)|all(x$evnmt_brutal==0)),]) ???

First the bug: I've found a timing problem in 2.1.1p1 at the point where the client version string is read, a core dump with a "Did not receive ident string..." error. This problem does not appear to have been mentioned yet in the list archive. This bug was noted on HP-UX 11.0 but could be a problem on other Unices as well. My Q&D fix (patch below) was to spin on EWOULDBLOCK

Forbes.com - Magazine Article <http://www.forbes.com/technology/2007/08/02/voip-security-flaws-tech-internet-cx_ag_0802techvoip.html> LAS VEGAS - Internet Security VoIP Vandals Andy Greenberg, 08.02.07, 12:32 AM ET Internet telephone services like Skype and Vonage are starting to look less like digital gimmicks and more like the next generation of voice communication. They're cheaper

On 08/20/2017 02:14 AM, ToddAndMargo via samba wrote: > On 08/20/2017 01:20 AM, Rowland Penny via samba wrote: >> On Sat, 19 Aug 2017 17:56:06 -0700 >> ToddAndMargo via samba <samba at lists.samba.org> wrote: >> >>> The cure was to add to smb.conf >>> >>> ; To operate with XP, add the following to the [global] section: >>> ; lanman

Hi, May be this helps: dat1<- read.csv("dat7.csv",header=TRUE,stringsAsFactors=FALSE,sep="\t") dat.bru<- dat1[!is.na(dat1$evnmt_brutal),] fun2<- function(dat){?? ????? lst1<- split(dat,dat$patient_id) ??? lst2<- lapply(lst1,function(x) x[cumsum(x$evnmt_brutal==0)>0,]) ??? lst3<- lapply(lst2,function(x) x[!(all(x$evnmt_brutal==1)|all(x$evnmt_brutal==0)),])

The 2.1.1p3 release of portable OpenSSH has been uploaded to the OpenBSD ftp master site. In a few hours it will be available from one of the many mirrors listed at: http://www.openssh.com/portable.html This release fixes several bugs reported since the previous release and extends portability to NeXT and Reliant Unix. As usual, the OpenBSD team has been hard at work further polishing and

The 2.1.1p3 release of portable OpenSSH has been uploaded to the OpenBSD ftp master site. In a few hours it will be available from one of the many mirrors listed at: http://www.openssh.com/portable.html This release fixes several bugs reported since the previous release and extends portability to NeXT and Reliant Unix. As usual, the OpenBSD team has been hard at work further polishing and

Can interested users please test the latest snapshot at http://www.mindrot.org/misc/junk/openssh-SNAP-2000071102.tar.gz It contains quite a few fixes for small problems that have been reported in the last few weeks. Pending feedback it is going to become 2.1.1p3 Regards, Damien Miller --------------- Changelog: 20000711 - (djm) Fixup for AIX getuserattr() support from Tom Bertelson

Greetings. (Third try at sending this, the first two seemed to disappear without a trace. Perhaps use of MS Outlook was the problem, even though in plain text...? Or attachment too big (22Kb)? Would like to know...) The final source code and documentation package for a FIPS 140 validated mode of OpenSSL was recently submitted. Once the final certification is awarded by NIST, in a month or

On Fri, 2015-02-06 at 08:40 -0600, mshinn wrote: > I recommend reading up on kreb's site: > > http://krebsonsecurity.com/2015/02/china-to-blame-in-anthem-hack/ > > Not sure the "hack" was an issue with their platforms per se. > > " > ?On January 27, 2015, an Anthem associate, a database administrator, > discovered suspicious activity ? a database

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

On Fri, Feb 6, 2015 at 8:17 AM, Chris Wensink < cwensink at five-star-plastics.com> wrote: > Hello Everyone, > > Does anyone have any more detail about what kind of system Anthem / Blue > Cross was running and what kind of attack broke into their system? > > It's terrible that it happened, but I think it would benefit all Admins > everywhere to learn how it happened

On 02/06/2015 08:17 AM, Chris Wensink wrote: > Hello Everyone, > > Does anyone have any more detail about what kind of system Anthem / Blue > Cross was running and what kind of attack broke into their system? > > It's terrible that it happened, but I think it would benefit all Admins > everywhere to learn how it happened so that we can secure our systems > from a

If you like your dentist, *call* them, today. <http://krebsonsecurity.com/2016/04/dental-assn-mails-malware-to-members/>, and the URL says it all - they mailed a card with a USB key... and some of them have malware, and Krebs says not all virus scanners can detect it.... mark "got off the phone with my dentists' office a few minutes ago

Hello, I am writing to comment on problems I have seen in the past that are currently still problems with compiling OpenSSH with the Sun Forte Compiler version 6 update 2 and gcc on Solaris 8 (not suprising since the problems are actually in the openssl code). I used the snapshot from 11/4 for this test on a brand new system I built from the July release of Solaris 8. I have the latest linker

Hi guys, I found a really nasty issue that affects people running on Heroku''s cedar stack. We are using Rails 3.1.rc5, pg 11, omniauth 2.6. Ruby is 1.9.2.180p Basically there is an incompatibility between the http, pg and OpenSSL modules which segfaults when making https calls, for example to log in through twitter. Now pg is a required gem when using Heroku cedar stack so leaving that