similar to: [Bug 3594] New: PKCS11Provider now requires full paths

https://bugzilla.mindrot.org/show_bug.cgi?id=2610 Bug ID: 2610 Summary: ssh should not complain about "no slots" when PKCS11Provider is specified, but no slot is found nor used Product: Portable OpenSSH Version: 7.3p1 Hardware: Other OS: Linux Status: NEW

https://bugzilla.mindrot.org/show_bug.cgi?id=2635 Bug ID: 2635 Summary: Unable to use SSH Agent and user level PKCS11Provider configuration directive Product: Portable OpenSSH Version: 7.3p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5

Hi, I am trying to preload two shared libraries while running Qemu using libvirt. To preload the shared libraries I have added an environment variable in the $domain.xml file with the following command: ``` virt-xml generic --edit --confirm --qemu-commandline

Hi We have the one server SAMBA 4.3.11-ubuntu in Active Directory mode with some Windows Clients The Ubuntu repository not update samba package (last version is 4.3.11). Please, how am i can fix the CVE-2017-7494 (Remote code execution from a writable share) in my SAMBA server? Should option 'nt pipe support = no' will influence how SAMBA_AD works? Anderson Hoffmann

Greetings Samba team, It has been a long time since I needed to ask a Samba technical question. Server and workstation are both running the latest Samba packages via Ubuntu 16.04 LTS. I recently applied the security updates... actually that was yesterday I applied them. > samba (2:4.3.11+dfsg-0ubuntu0.16.04.23) xenial-security; urgency=medium > > * SECURITY UPDATE: client code can

On Wed, Jul 17, 2019 at 13:33:08 -0500, Probir Roy wrote: > Hi, > > I am trying to preload two shared libraries while running Qemu using > libvirt. To preload the shared libraries I have added an environment > variable in the $domain.xml file with the following command: > > ``` > virt-xml generic --edit --confirm --qemu-commandline >

According to the changelog from Ubuntu ( http://changelogs.ubuntu.com/changelogs/pool/main/s/samba/samba_4.3.11+dfsg-0ubuntu0.16.04.7/changelog) this fix has been backported into the Ubuntu 4.3.11 packages. samba (2:4.3.11+dfsg-0ubuntu0.16.04.7) xenial-security; urgency=medium * SECURITY UPDATE: remote code execution from a writable share - debian/patches/CVE-2017-7494.patch: refuse to

We have the same issue with Samba 4.13.17. For Ubuntu 20.04 with Samba 4.13.17 there seems to be only a workaround to solve the login problem: Modifying the Local Security Policy -> Local Policies -> Security Options -> Network security: "Configure encryption types allowed for Kerberos" Check only DES_CBC_CRC, DES_CBC_MD5 and RC4_HMAC_MD5. ? This worked for us to login again. ?

https://bugzilla.samba.org/show_bug.cgi?id=3594 Summary: --delete doesn't delete destination files that don't exist at the source Product: rsync Version: 2.6.7 Platform: PPC OS/Version: Mac OS X Status: NEW Severity: normal Priority: P3 Component: core AssignedTo:

Hi all! I found this today on FD: http://seclists.org/fulldisclosure/2012/Aug/4

Hey Andre,? Sure, we already on the latest Patch Level on Ubuntu with 2:4.13.17~dfsg-0ubuntu1.20.04.4 Installer, but the issue still exist.? The only way to resolve the issue and to make a login possible again, was the workaround in my previous mail.? The Windows clients are Windows 10 22H2 with all updates installed. We also doesn't have any special settings in smb.conf. If you have any

On Tue, 2010-04-06 at 15:52 +0300, Lars Nooden wrote: > You might wish to focus on sftp instead of scp. Okay, I will have a look. I had some problems: 1) I would like to store smart card information -o PKCS11Provider=/usr/lib/opensc-pkcs11.so in /etc/ssh/ssh-config. Is it possible? 2) ssh-add -s does not seem to work. Read:

On 03/11/2019 11:37, Michael Lueck via samba wrote: > Greetings Samba team, > > It has been a long time since I needed to ask a Samba technical question. > > Server and workstation are both running the latest Samba packages via > Ubuntu 16.04 LTS. I recently applied the security updates... actually > that was yesterday I applied them. > > >> samba

Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,

Engine keys are keys whose file format is understood by a specific engine rather than by openssl itself. Since these keys are file based, the pkcs11 interface isn't appropriate for them because they don't actually represent tokens. The current most useful engine for openssh keys are the TPM engines, which allow all private keys to be stored in a form only the TPM hardware can decode,

Hi, In November, upstream released RHSA-2007:1016-4 containing critical samba updates for v4. I see the CentOS released packages and announcement for ia64, but none for i386 or x86_64. Were they overlooked? Am I not looking right? Thanks! Marc.

OpenSSH 8.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

Hello. Just popping in (not subscribed, please CC) to ask if it's planned to add "identity selection" when using a PKCS#11 provider. To be more clear: I have a (working) reader+smartcard, handled by PKCS11Provider /usr/lib/opensc-pkcs11.so statement in config file. Card is "formatted" w/ "pkcs15-init -C", and got a couple PINs, some mail certs and some keypairs

https://bugzilla.mindrot.org/show_bug.cgi?id=2075 Bug ID: 2075 Summary: [PATCH] Enable key pair generation on a PCKS#11 device Classification: Unclassified Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component:

Some systems like to have a CA supply short-lived certificates to ssh clients. The basic idea is that servers enable certificate authentication, clients authenticate to the CA out of band, and the CA issues client certificates that are valid for a short enough time that users don't want to manually drop them into ~/.ssh or otherwise think about them. There are a handful of commercial