openSUSE Security August 2005

security@lists.opensuse.org

51 participants
39 discussions

Re: [suse-security] #@$% SUSE !!!
by Philippe Vogel 02 Sep '05

02 Sep '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Taras Prokopenko schrieb: > Thanks, i've bookmarked this page. > > P.S. Yes, it's my fault. I've upgraded from Red Hat 9, and it was > pretty interesting that plaintext passwords are not accepted in > suse's imap, and i have 70 mail users, which start to call me )... WTF? Is it that problem to solve and convert 70 user's passwords? There is always a way to do this by script (that's the way I normally do). > We have slow inet connection, only 256kbits for about 100 machines, > and downloading all .src.rpm with dependencies (not included in > DVD) then building this chain... ARGGHH. That's your problem, but if it last a little bit longer it's not the reason to call SuSE team names. > Not trolling, but ... Well now it's all done, no problems. Before you write this way better choose the way the nettiquette describes. Kind questions get kind answers (maybe some will give for simple questions bad answers as they don't know everybody starts from scratch ...). Bad questions and name-calling ends up in a flamewar or in worst case in an unsuscription from a list. It's always depends on what you make of it. Philippe - -- Diese Nachricht ist digital signiert und enth?lt weder Siegel noch Unterschrift! Die unaufgeforderte Zusendung einer Werbemail an Privatleute verst??t gegen §1 UWG und 823 I BGB (Beschlu? des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der ?bermittelten pers?nlichen Daten sowie deren Weitergabe an Dritte ist ausdr?cklich untersagt! - -- Diese Nachricht ist digital signiert und enth?lt weder Siegel noch Unterschrift! Die unaufgeforderte Zusendung einer Werbemail an Privatleute verst??t gegen §1 UWG und 823 I BGB (Beschlu? des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der ?bermittelten pers?nlichen Daten sowie deren Weitergabe an Dritte ist ausdr?cklich untersagt! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQD1AwUBQxL/oENg1DRVIGjBAQJOPwb/eAJh4SbQJHmp4ADpwdA9acmnsANCnhW6 F+nEpMV7Yvs/9Ms6Rzs/EiU9zGTfOKuTgJK+Wb75vhWgC1/C7RjffE+vHkJQixDm +HxfWnGCBtY9QvcuY4JXMDSSQa2qh85et1eDpxb9h4e3n0bKDdpBqPWxM11h0oKm V9ne9RVBNU/G5SY46oRid+r4Je5df/nS36JZexvmiD8x08N5PmBcLbGo9S3bi2ng dFafEnhiJoCHgeBDnrKPDgpP2Td/CsAuEQ4EmtrtP7M7OjleSqsKqoPho7R5aCYl S9i3SbbRN2o= =MaB/ -----END PGP SIGNATURE-----

2 1

fuck SUSE !!!
by suse-list 01 Sep '05

01 Sep '05

WHY THE HELL imap-2004c-3.i586.rpm BUILT WITHOUT SSLTYPE=UNIX FOR PLAINTEX AUTH IN NON-SSL MODE!!! WHY THE HELL DVD NOT CONTAINS ALL FOR BUILD? WHY NO MESS IN REL.NOTES FUCK YOU ALL!

8 7

problems with pcre functions after php update
by Andy Spiers 31 Aug '05

31 Aug '05

Hi, We've just applied the updated packages from the security announcement SUSE-SA:2005:049 that came out about 2 hours ago and we're seeing errors in PCRE functions in a PHP application that was working fine before. Is anyone else having the same problems? Here's an example of the error generated: PHP Warning: preg_match: internal pcre_fullinfo() error -3 in /srv/www/htdocs/netcat/modules/stats/function.inc.php on line 28 Here's line 28 from the file mentioned - it looks perfectly fine to me: if (preg_match("/(netscape|mozilla|links|lynx|opera|msie|konqueror)/i",$HTTP_USER_AGENT)) { Looking on google gives me the impression that many people have seen this bug and unfortunately the PHP team's answer seems to be "use the internal/included PCRE library and not the system one". Do the guys from SuSE or anyone else have any comments on this or ideas on how to solve it? For the moment I've rolled back to the old versions of the RPMs. Best regards, Andy Spiers

4 6

lamers.just lamers.
by suse-list 31 Aug '05

31 Aug '05

break my php-apps. anyway!...

1 0

kernel 2.6.13 with kernel task optimization
by Philippe Vogel 30 Aug '05

30 Aug '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! Will there be updates to kernel 2.6.13 for recent and older (till 9.0) distributions? There are several new improvements in data throughput and for real-time processes within the newest kernel. Reguards Philippe - -- Diese Nachricht ist digital signiert und enthält weder Siegel noch Unterschrift! Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQD1AwUBQxMSikNg1DRVIGjBAQLWcQb/dIROYp9IT0YVDDq7OiMw8fEWmNr93ZXw OAkp3CW5uKtDSPIu9lGykyXYVgh52hmrQBJj2eV02kxeKF3ZXFwEtmiuv5TbHly5 4hEzzPGQV+YsAm+YcNeowYm/IFKjnGsnxkQk+2D53v2pnOplRy329PrQvJXa5JWo rPVkPQ350Ij/YvY//K/1Bp2bE1mbAKeJxw8Fact/h+NDd95e5ifQ6cUuIZtDHraa NMzqPLagJ/Kj4x8bKglU0yjBYHBDEPyamZUkL+hbnyT+kHHshVduus5l8mre9y7L 8O/xjLxCsXk= =cgji -----END PGP SIGNATURE-----

3 2

suse-firewall2 Question
by Ash 30 Aug '05

30 Aug '05

Hi, I have just upgraded form SuSE 9.2 -> 9.3 and the firewall GUI in YaST has changed. Is there a way I can use the OLD gui again? Well I guess if I can not then I will have to use a term shell again (Lazyness strikes back). Thanks all, Ash

1 0

Apache Update Failed
by suse＠karsites.net 29 Aug '05

29 Aug '05

Hi everyone. I'm running SuSE 9.2 pro. Just did an online update with fou4s. After re-booting my machine, Apache refused to start. Here is the error message. karsites:~ # /etc/init.d/apache2 start Starting httpd2 (prefork) Syntax error on line 24 of /etc/apache2/sysconfig.d/global.conf: CustomLog takes two or three arguments, a file name, a custom log format string or format name, and an optional "env=" clause (see docs) The command line was: /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf failed It appears the Apache is overwriting the /etc/sysconfig/apache2 config file. Fortunately, I had saved a copy, which I re-installed, and Apache started OK again. I thought that altered config files were not supposed to be touched by package updates? Kind Regards - Keith Roberts

1 0

Problems with ethernet channel bonding after last kernel update
by Markus Gaugusch 24 Aug '05

24 Aug '05

Hi, I have two SuSE 9.3 machines which started to produce the following errors after the latest kernel update: Aug 24 00:04:59 scotty kernel: e100: eth1: e100_watchdog: link down Aug 24 00:13:19 scotty kernel: e100: eth1: e100_watchdog: link down Aug 24 00:14:10 scotty kernel: bonding: bond0: link status definitely down for interface eth1, disabling it Aug 24 00:14:12 scotty kernel: e100: eth1: e100_watchdog: link up, 10Mbps, full-duplex Aug 24 00:14:12 scotty kernel: bonding: bond0: link status definitely up for interface eth1. Aug 24 00:19:46 scotty kernel: e100: eth1: e100_watchdog: link down Aug 24 00:27:33 scotty kernel: bonding: bond0: link status definitely down for interface eth1, disabling it Aug 24 00:27:35 scotty kernel: e100: eth1: e100_watchdog: link up, 100Mbps, full-duplex Aug 24 00:27:35 scotty kernel: bonding: bond0: link status definitely up for interface eth1. Aug 24 00:36:12 scotty kernel: e100: eth1: e100_watchdog: link down Aug 24 00:47:17 scotty kernel: e100: eth1: e100_watchdog: link down Aug 24 00:54:16 scotty kernel: bonding: bond0: link status definitely down for interface eth1, disabling it Aug 24 00:54:18 scotty kernel: e100: eth1: e100_watchdog: link up, 100Mbps, full-duplex (this goes all day long) The second machine was installed only a few days ago and has never used the original kernel in production, but the messages are the same. I'm sure that the switches are not guilty, because the configuration has worked for a long time before (we used SuSE 9.0 on the recently upgraded machine, also with the e100/bonding driver). The NICs are Intel Pro 1000 (eth0) and Intel e100 (eth1) in active backup mode (mode=1, miimon=100) in the shown machine and two Intel e100 in the second machine. The first machine has link failures only on eth1 and the second machine on both. So most probably, this is the e100 driver, but e100.c has not changed in the kernel source packages :-( Security Team: Any hints? Markus

1 0

Blocking an ip-address
by Chadley Wilson 22 Aug '05

22 Aug '05

Greetings, Is there away to block an ip-address completely with SuSEFirewall ? -- -- Chadley Wilson Production Line Superintendant Pinnacle Micro Manufacturers of Proline Computers ==================================== Exercise freedom, Use LINUX =====================================

3 2

disable boot.crypto
by miguel listas 21 Aug '05

21 Aug '05

Hi, i have some encrypted partitions in my system (suse 9.3, updated). My problem is that i must be at the keyboard when rebooting (or just booting up) the machine to enter the passphrase (or press the intro key to go on with the boot process) or just wait for the timeout. As the network is not available at this point (only lo interface is ready at that moment), i would like to disable the automatic mount during the boot process. I have tried to use 'noauto' option in the /etc/cryptotab file, to no success (doesnt make any difference): /dev/loop0 /dev/hdb11 /stuff reiserfs twofish256 acl,user_xattr,noauto /dev/loop1 /dev/hdc2 /waste2 reiserfs twofish256 acl,user_xattr,noauto /dev/loop2 /dev/hdc4 /waste4 ext3 twofish256 acl,user_xattr,noauto Is there an easy way to disable the boot.crypto script during the boot? Ive been unable to find the man page of cryptotab or any reference in the fstab man page. Thanks lots, -- Saludos, Miguel

3 2

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security August 2005