openSUSE Security June 2007

security@lists.opensuse.org

5 participants
4 discussions

[opensuse-security] LUKS and its master key
by Jochen+opensuse-security＠Hayek.name 12 Dec '07

12 Dec '07

I found LUKS recently through SUSE Linux 10.3, and the other night a read an article in c't 2006/11. I can't seriously appreciate the technical internals, as I'm not too compentent there. Anyway: Kudos to Clemens Fruhwirth! But I am not really sure, whether I can trust, what I read in that article regarding the master key, spefically that the master key can be read from the LUKS volume by the sys admin without any difficulties. Does that really mean, that as soon as somebody gains control over my computer with a mounted LUKS encrypted (external) disc and he also manages to gain root priviliges, that he can retrieve the necessary information, to mount that disc himself with LUKS-means again?!? I mean without me passing the keys to him. If that is seriously so, I think I will have to find myself another disc encryption toolset, as I cannot tolerate, that intruders can deal with my personal data without my explicit permission and support. Whether those intruders have governmental permissions, I don't f...ing care. I appreciate your serious comments. J. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

6 11

[opensuse-security] Can vmware network interfaces be controlled through susefirewall?
by Carlos E. R. 23 Jun '07

23 Jun '07

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (I'm new to vmware) vmware server created two interfaces, vmnet1 and vmnet8 - the task of each one I have not clear -. The thing is, the hosted system (virtual machine) does have network access (I told it to use Nat), but I don't really know how, and whether it is protected by the firewall. Of course, if there is a nice, easy to read, howto, just tell me :-) - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGfPrYtTMYHG2NR9URAoRuAJ4nJ3yrjs3UpqJLMJRwZEqdqABbywCeIhG+ gMr9AyJMG/WCqb182jY6pz0= =k+Hr -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

1 0

[opensuse-security] Re: [suse-security-announce] SUSE Security Summary Report SUSE-SR:2007:012
by Frank Steiner 20 Jun '07

20 Jun '07

Hi, Marcus Meissner wrote >____________________________________________________________________ > > 2) Pending Vulnerabilities, Solutions, and Work-Arounds > > - Kernel Update > > We are currently preparing a kernel update for SUSE Linux Enterprise Server 9, > Novell Linux Desktop 9, SUSE Linux 10.0 and 10.2 to roll out fixes for > current security problems. It is scheduled to be be released in the week of > June 11. now that the SLES9 kernels were just release I read this again an wonder if it's correct that are no updates planned for SuSE 10.1 (meaning SLES10,too) while they are planned for 10.0 and 10.2? cu, Frank -- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr. 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: +49 89 2180-99-4049 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. * --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

3 11

[opensuse-security] Samba vulnerabilities and SuSE 9.3
by JM Bromley 19 Jun '07

19 Jun '07

Hi, I read in a recent thread that bug-fix updates for SuSE LINUX 9.3 stopped on 15th April 2007. Does anyone know if this includes security fixes? Specifically the latest samba vulnerability (SUSE-SA:2007:031) did not list "SUSE LINUX 9.3" under affected products. Is this because it really is invulnerable, or because security fixes for this distribution have stopped? The latest version of samba for this distribution is 3.0.13-1.6 and the security advisories on the samba.org site list at least some of the issues as affecting versions 3.0.0 through to 3.0.25rc3, which suggests it might be vulnerable... Thanks J Bromley --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

2 1

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security June 2007