openSUSE Security June 2008

security@lists.opensuse.org

16 participants
9 discussions

[opensuse-security] rpmdb: malloc: Cannot allocate memory: 4278
by Christian Boltz 01 Jul '08

01 Jul '08

Hello, I have a 10.2 system that refuses to install updates :-( zypper aborts with the message rpmdb: malloc: Cannot allocate memory: 4278 and YOU also simply crashes. Any ideas what could cause this? (Google was not helpful when searching for the error message...) RAM and disk space should not be an issue: # df -h Dateisystem Größe Benut Verf Ben% Eingehängt auf /dev/md0 5,0G 1,5G 3,3G 31% / udev 1006M 128K 1006M 1% /dev /dev/sda2 114M 8,6M 100M 8% /boot /dev/sdb2 114M 34M 75M 31% /boot2 /dev/md2 5,0G 545M 4,2G 12% /var /dev/md4 254G 1,5G 240G 1% /home # free -m total used free shared buffers cached Mem: 2011 1673 338 0 55 1173 -/+ buffers/cache: 444 1567 Swap: 0 0 0 I also tried rpm --rebuilddb, which didn't change anything. Log files on request - I'm not sure which one would be useful in this case. Interestingly, this happens only on one system. Some other machines with nearly identical configuration work well... Here's the full transcript: # zypper up Restoring system sources... Parsing metadata for update-10.2... Parsing metadata for inst-source... Parsing metadata for non-oss... Parsing metadata for home-cboltz... Parsing RPM database... Summary: <install> [S1:0][atom]php5-hash-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-gettext-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-mcrypt-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-ctype-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-pear-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-openssl-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-xmlreader-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-bcmath-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-bz2-5.2.6-0.2.x86_64 <install> [S1:0][atom]apache2-mod_php5-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-zlib-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-mysql-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-tokenizer-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-pdo-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-sockets-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-devel-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-dom-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-suhosin-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-iconv-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-xmlwriter-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-curl-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-mhash-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-imap-5.2.6-0.2.x86_64 <install> [S1:0][patch]apache2-mod_php5-5379-0.noarch <install> [S1:0][atom]php5-gd-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-calendar-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-ftp-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-mbstring-5.2.6-0.2.x86_64 <install> [S1:0][atom]php5-sqlite-5.2.6-0.2.x86_64 <install> [S1:0][patch]kernel-5336-0.noarch <install> [S1:0][atom]php5-json-5.2.6-0.2.x86_64 <install> [S1:0][atom]kernel-default-2.6.18.8-0.10.x86_64 <uninstall> [S0:0][package]php5-iconv-5.2.5-18.1.x86_64 <uninstall> [S0:0][atom]php5-pdo-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-sysvmsg-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]kernel-iseries64-2.6.18.8-0.9.ppc <uninstall> [S0:0][atom]kernel-source-2.6.18.8-0.9.x86_64 <uninstall> [S0:0][patch]kernel-4987-0.noarch <uninstall> [S0:0][atom]kernel-ppc64-2.6.18.8-0.9.ppc <uninstall> [S0:0][atom]php5-sqlite-5.2.6-0.2.x86_64 <uninstall> [S0:0][package]php5-mysql-5.2.5-18.1.x86_64 <uninstall> [S0:0][atom]php5-imap-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-posix-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-json-5.2.6-0.2.x86_64 <uninstall> [S0:0][patch]apache2-mod_php5-5379-0.noarch <uninstall> [S0:0][atom]php5-xmlwriter-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-gd-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]kernel-kdump-2.6.18.8-0.9.x86_64 <uninstall> [S0:0][atom]php5-hash-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-bcmath-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-ldap-5.2.6-0.2.x86_64 <uninstall> [S0:0][package]php5-pdo-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-suhosin-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-xmlwriter-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-gd-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-ftp-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-ctype-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-mbstring-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-json-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-devel-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-hash-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-calendar-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-xmlreader-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]apache2-mod_php5-5.2.5-18.1.x86_64 <uninstall> [S0:0][atom]php5-bz2-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-sysvsem-5.2.6-0.2.x86_64 <uninstall> [S0:0][package]kernel-default-2.6.18.8-0.9.x86_64 <uninstall> [S0:0][atom]php5-zip-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]kernel-xen-2.6.18.8-0.9.x86_64 <uninstall> [S0:0][atom]php5-snmp-5.2.6-0.2.x86_64 <uninstall> [S0:0][package]php5-bcmath-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-gettext-5.2.5-18.1.x86_64 <uninstall> [S0:0][atom]kernel-xenpae-2.6.18.8-0.9.i586 <uninstall> [S0:0][atom]php5-ncurses-5.2.6-0.2.x86_64 <uninstall> [S0:0][package]php5-openssl-5.2.5-18.1.x86_64 <uninstall> [S0:0][atom]apache2-mod_php5-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-pear-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-mysql-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-curl-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-xmlrpc-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-pcntl-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-dba-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-gettext-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-tokenizer-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-shmop-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-dbase-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]kernel-syms-2.6.18.8-0.9.x86_64 <uninstall> [S0:0][atom]php5-ctype-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-wddx-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]kernel-bigsmp-2.6.18.8-0.9.i586 <uninstall> [S0:0][atom]php5-readline-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-tidy-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-openssl-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-ftp-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-sockets-5.2.6-0.2.x86_64 <uninstall> [S0:0][package]php5-dom-5.2.5-18.1.x86_64 <uninstall> [S0:0][atom]php5-soap-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-pgsql-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-zlib-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]kernel-default-2.6.18.8-0.9.x86_64 <uninstall> [S0:0][atom]php5-gmp-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-pspell-5.2.6-0.2.x86_64 <uninstall> [S0:0][package]php5-sockets-5.2.5-18.1.x86_64 <uninstall> [S0:0][atom]php5-xmlreader-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-suhosin-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-iconv-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-mhash-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-mbstring-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-sysvshm-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-calendar-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-devel-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-dom-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-mcrypt-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-exif-5.2.6-0.2.x86_64 <install> [S1:0][package]kernel-default-2.6.18.8-0.10.x86_64 <install> [S1:0][package]php5-mcrypt-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-openssl-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-zlib-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-ftp-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-iconv-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-xmlwriter-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-dom-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-sockets-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-ctype-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-devel-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-pear-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-suhosin-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-json-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-bz2-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-imap-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-bcmath-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-gettext-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-xmlreader-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-gd-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-mbstring-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-mhash-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-curl-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-pdo-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-calendar-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-mysql-5.2.6-0.2.x86_64 <install> [S1:0][package]apache2-mod_php5-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-hash-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-fastcgi-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-odbc-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-tokenizer-5.2.6-0.2.x86_64 <install> [S1:0][package]php5-sqlite-5.2.6-0.2.x86_64 <uninstall> [S0:0][atom]php5-xsl-5.2.6-0.2.x86_64 <uninstall> [S0:0][package]php5-zlib-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-imap-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-mhash-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-pear-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-bz2-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-mcrypt-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-tokenizer-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-sqlite-5.2.5-18.1.x86_64 <uninstall> [S0:0][package]php5-curl-5.2.5-18.1.x86_64 Continue? [y/n] y kernel patch license: This update can be used to install a new kernel. If you decide to use the kernel update, we recommend that you reboot your system upon completion of the YaST Online Update, as additional kernel modules may be needed which can only be loaded after the system is rebooted. In order to install this package, you must agree to terms of the above licencse. Continue? [y/n] y Downloading: [S1:0][package]kernel-default-2.6.18.8-0.10.x86_64, 17.7 M(84.8 M unpacked) rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 rpmdb: malloc: Cannot allocate memory: 4278 memory alloc (852924 bytes) returned NULL. Regards, Christian Boltz -- > Und jemand, der "NT" nutzt, ist kein Sysadmin, sondern ein > Reboot-Sklave. Und wenn er einen MCSE hat, dann ist er zertifizierter Bootmanager [Ralph Angenendt in dasr] --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

4 5

[opensuse-security] openSUSE 10.3 SuSEfirewall2 script help
by Adsquaired 29 Jun '08

29 Jun '08

I have been tasked with replacing an old Linux firewall. The person that built the firewall used Iptables. I want to use the SuSEfirewall2 script. I can't change the requirement or the infrastructure because of existing services. I'm having some difficulties with the SuSEfirewall2 script. I can't seem to get traffic forwarded from the DMZ side to the internal network. Here is my layout and requirements. The new server has three interfaces and the OS is OpenSUSE 10.3. The external interface has a public IP address assigned to it. The internal interface connects to a private subnet where there are hosted services and a few employees (QA Lab). The other interface which I am labeling the DMZ is connected to another private network. This is the main employee network. The QA lab hosts a secure IMAP server, a public web server, four other web servers (accessible only to employees) and a public SMTP server. The QA employees need to have full unrestricted access to the Internet. The regular employees (DMZ) will not be allowed to use this firewall as their gateway, therefore they are restricted from using the DMZ interface to get to the Internet. The employees in front of this interface should only be allowed to access the four web servers and mail server. The key here is that services living on the on the employee network make calls to the web servers on the internal network using different ports. For example, http requests to port 83 on the DMZ interface will need to be redirected to port 80 on the internal web server. FYI. This is where I sit and access to the Firewall for administration purposes. The QALAB does not get access to the firewall. [This is what it would look like in IPTABLES] -A PREROUTING -s 10.2.2.0/255.0.0.0 -d 10.2.2.10 -i eth2 -p tcp -m tcp --dport 83 -j DNAT --to-destination 192.168.2.150:80 -A PREROUTING -s 10.2.2.0/255.0.0.0 -d 10.2.2.10 -i eth2 -p tcp -m tcp --dport 82 -j DNAT --to-destination 192.168.2.150:80 -A PREROUTING -s 10.2.2.0/255.0.0.0 -d 10.2.2.10 -i eth2 -p tcp -m tcp --dport 81 -j DNAT --to-destination 192.168.2.30:80 -A PREROUTING -s 10.2.2.0/255.0.0.0 -d 10.2.2.10 -i eth2 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.2.20:80 -A PREROUTING -s 10.2.2.0/255.0.0.0 -d 10.2.2.10 -i eth2 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.2.20:25 Additionally, there is an SSL VPN connection and IPSEC traffic but that is for another post. My main problem is getting to the lab webservice from the DMZ interface. Here is what I have configured in the SuSEfirewall2 script. [Interfaces] FW_DEV_EXT='any eth5' FW_DEV_INT='eth4' FW_DEV_DMZ='eth1' FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="zone:ext" [NAT lab Internet requests only] FW_MASQ_NETS="192.168.2.0/24" FW_PROTECT_FROM_INT="yes" [The only service listening on the external interface] FW_SERVICES_EXT_TCP="SSLVPNPORT" [Admin SSH access to the firewall from the DMZ netowrk] FW_SERVICES_DMZ_TCP="someSSHport" [Used for VPN] FW_FORWARD="192.168.20.0/24,192.168.2.0/24 192.168.2.0/24,192.168.20.0/24" [Allow Access from the Internet] FW_FORWARD_MASQ="0/0,192.168.2.20,tcp,80 0/0,192.168.2.30,tcp,80 0/0,192.168.2.150,tcp,80 0/0,192.168.2.20,tcp,25 0/0,192.168.2.20,tcp,995" I tried using FW_FORWARD_MASQ to open connections from the DMS to Internal but the firewall log shows the connections being dropped. How do I allow (without using IPTABLES commands in the custom script) the services in the DMZ to access the web services on the internal network (using redirection). I also tried FW_REDIRECT="" but I do not have open ports on the DMZ side of the firewall. Everything should be forwarded through. Thanks --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

2 1

[opensuse-security] Still need help with SSL certs for IMAP/Postfix
by Jim Flanagan 26 Jun '08

26 Jun '08

Greetings all, I'm still having problems getting SSL to work with Cyrus IMAP and Postfix. I had SSL working fine for IMAP on Suse 10.0. This got broken after I upgraded this install to Opensuse 10.3. I think this has something to do with /etc/ssl not being changed during the upgrade due to previous changes or certs I added there earlier on for 10.0. I'm not sure this is the problem but I'm starting to suspect this may be the issue. I'm not sure how to track this down. I had (have) a cert in /etc/ssl/certs/imap.pem that was working with 10.0. In order to resolve this problem I tried setting up TLS for both IMAP and smtp auth for Postfix, but could not get that working either, but suspected I had the wrong cert incantation. So I tried making certs using a different how-to, I made a CA request that generated mailkey.pem and mailreq.pem. Then I ran this to sign the file myself openssl ca -out mail_signed_cert.pem -infiles mailreq.pem which returned the following errors..... Using configuration from /etc/ssl/openssl.cnf Error opening CA private key ./demoCA/private/cakey.pem 5712:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('./demoCA/private/cakey.pem','r') 5712:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354: unable to load CA private key I do have a file /etc/ssl/openssl.cnf but not sure where to go from here. I sure could use some help with this. Jim --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

1 0

[opensuse-security] Clamd in 10.3 is outdated.
by Carlos E. R. 16 Jun '08

16 Jun '08

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I see this in my warn log: Jun 10 23:11:38 nimrodel freshclam[9428]: Your ClamAV installation is OUTDATED! Jun 10 23:11:38 nimrodel freshclam[9428]: Local version: 0.93 Recommended version: 0.93.1 Jun 10 23:11:41 nimrodel freshclam[9428]: Your ClamAV installation is OUTDATED! Jun 10 23:11:41 nimrodel freshclam[9428]: Current functionality level = 29, recommended = 31 Will there be an official update through YOU? - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFITwMstTMYHG2NR9URArZtAJ9NBxWEGBwp5ENI8jDtsxITFQvMwQCfcRIS RHxWyQlhT2OQ70R1oDcpAII= =6Dvx -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

5 9

[opensuse-security] ISO Signatures
by Benji Weber 15 Jun '08

15 Jun '08

Greetings, Could you please publish signatures for the 11.0 ISOs at release? I believe they were never published for 10.3, I never got a reply to my question on the subject[0]. I hope it does not take someone distributing a CD image with a goatse bootloader and the same md5sum for this to be done. __ [0] http://lists.opensuse.org/opensuse-security/2007-10/msg00001.html -- Benjamin Weber --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

4 6

Re: [opensuse-security] OpenVPN Bridging setup on SUSE Linux
by Terje J. Hanssen 11 Jun '08

11 Jun '08

Jonathon Robison wrote: > Be aware that the default firewall in opensuse interferes with > openvpn. I haven't nailed down exactly what line yet, but in mine, > even though I had all appropriate routes added and ports open, nobody > could browse the samba shares (or get a browse list from the WINS > server) until I dropped all rules and established only the necessary > openvpn rules. > I've got OpenVPN to run preliminatry in ROUTE mode on my openSUSE 10.3 workstation so far by copying most of the config files used on Win2kTS to openSUSE /etc/openvpn. Existing client certificates also work. But I hope someone can throw more "practical light" on the following listed items: OpenVPN and Firewall: During initial testing I disabled the SuseFW2 on my workstation. With YaST2 I've allowed the OpenVPN port 119x for TCP and UDP to the external zone. The OpenVPN BRIDGING document http://openvpn.net/index.php/documentation/miscellaneous/ethernet-bridging.… tells that the following additional entries should be set in the firewall: iptables -A INPUT -i tap0 -j ACCEPT iptables -A INPUT -i br0 -j ACCEPT iptables -A FORWARD -i br0 -j ACCEPT How can this be set in SuseFW2, preferably with YaST2? After the OpenVPN rpm installation there is also a longer samle firewall config file located as /usr/share/doc/packages/openvpn/sample-config-files/firewall.sh Does anybody know if this sample OpenVPN-aware firewall script will work for SuseFirewall, possibly how it may be customized to work? Autostart OpenVPN during boot: After the OpenVPN rpm installation there is available a script /etc/init.d/openvpn OpenVPN does not start automatic during boot. I can start openvpn from /etc/openvpn with openvpn server.conf Another installed script document /usr/share/doc/packages/openvpn/suse/openvpn.init tells that OpenVPN can started and stoped by the /etc/init.d init script with service openvpn start service openvpn stop This works. I'm unsure if this openvpn.init file should be copied to /etc/rc.d/init.d/openvpn as mentioned and possible how to use the YaST runlevel editor. There is also a third sample-script after the installation /usr/share/doc/packages/openvpn/sample-scripts/openvpn.init I'm unsure if this document has only relevance for Redhat and other chkconfig-based systems. Lastly, so far, I'm unsure what the purpose is with and possibly what to do with the /usr/share/doc/packages/openvpn/sample-config-files/xinetd-client-config /usr/share/doc/packages/openvpn/sample-config-files/xinetd-server-config The server file tells it should be renamed to openvpn or similar and copied to /etc/xinet.d xinet.d can then be made aware of this file by restarting it or sending it a SIGHUP signal. Thanks, Terje J Hanssen --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

1 0

[opensuse-security] OpenVPN Bridging setup on SUSE Linux
by Terje J. Hanssen 09 Jun '08

09 Jun '08

Hi List, From before I have a OpenVPN server running in route mode on a Win2kTS server on a SO network (a single network, no subnetting), with working client connections from both Windows and Linux external clients. With a new production SLES10/OES2 server, I wish to setup OpenVPN in Bridge mode on this new server to reach the whole network instead. First however, I wish to test this setup on a openSUSE 10.3 workstation, until the OpenVPN Bridge works. My hope is that existing client certifates and by modifying the config files generated on Windows also can be used for OpenVPN server on Suse Linux. Documentation: On openvpn.net there a general Linux OpenVPN Howto and a Ethernet Bridging documents. After installing the openvpn-2.0.9-44 and bridge-utils-1.2-53 packages on openSUSE, there is also some documentations and sample files located in /usr/share/doc/packages/openvpn and /usr/share/doc/packages/bridge-utils. I wonder if there may exist additional useful Suse Linux specific documents (cool tips, quick start guide) for this setup job, which also includes neccessary Firewall setup (port, tap0 and br0)? As I'm not proficient neihter with OpenVPN nor the Firewall, all hints or issues to be aware of are welcome to get this painless working ;) Rgds, Terje J. Hanssen --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

1 0

[opensuse-security] Question about SUSE-SA:2008:021
by Jeff VanDeRyt 03 Jun '08

03 Jun '08

Hi, I have a question about the security updates for Apache 2 which are detailed in SUSE-SA:2008:021, and how it relates to SLES 9 and OES on SLES9. The Security Announcement lists 7 CVE numbers and includes links to updates for updates to Apache and Apache 2 on SLES9 (http://support.novell.com/techcenter/psdb/484f33da03a9e3e4632f40254c4a96a3.… and http://support.novell.com/techcenter/psdb/2c87b234552522821a81df2a63d03f8c.…). However, these pages do not list all 7 CVE numbers as being addressed. Specifically the Apache 2 page does not include CVE-2007-6421 and CVE-2007-6422 (both listed as affecting Apache 2 only). Does this mean Apache 2 on SLES 9 is not affected by CVE-2007-6421 and CVE-2007-6422? Tangentially related, what about CVE-2007-6420 and 2007-6423? They are included in original SecruityAlert from SecurityReason (http://securityreason.com/securityalert/48) which included CVE-2007-6421 and CVE-2007-6422. Thanks, Jeff Marcus Meissner said the following on 4/4/08 10:29 AM: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ______________________________________________________________________________ > > SUSE Security Announcement > > Package: apache2,apache > Announcement ID: SUSE-SA:2008:021 > Date: Fri, 04 Apr 2008 16:00:00 +0000 > Affected Products: SUSE LINUX 10.1 > openSUSE 10.2 > openSUSE 10.3 > SUSE SLES 9 > Novell Linux Desktop 9 SDK > Novell Linux Desktop 9 > Open Enterprise Server > Novell Linux POS 9 > SLE SDK 10 SP1 > SUSE Linux Enterprise Server 10 SP1 > Vulnerability Type: cross site scripting > Severity (1-10): 6 > SUSE Default Package: yes > Cross-References: CVE-2006-3918, CVE-2007-5000, CVE-2007-6203 > CVE-2007-6388, CVE-2007-6421, CVE-2007-6422 > CVE-2008-0005 > > Content of This Advisory: > 1) Security Vulnerability Resolved: > Apache security update > Problem Description > 2) Solution or Work-Around > 3) Special Instructions and Notes > 4) Package Location and Checksums > 5) Pending Vulnerabilities, Solutions, and Work-Arounds: > See SUSE Security Summary Report. > 6) Authenticity Verification and Additional Information > > ______________________________________________________________________________ > > 1) Problem Description and Brief Discussion > > Various minor bugs have been fixed in the Apache 1 and > Apache 2 web servers and released as a roll-up update. > > Security problems that were fixed include: > > - cross site scripting problem when processing the 'Expect' header > (CVE-2006-3918) (Apache 1 only) > > - cross site scripting problem in mod_imap (CVE-2007-5000) > (Apache 1 and 2) > > - cross site scripting problem in mod_status (CVE-2007-6388) > (Apache 1 and 2) > > - cross site scripting problem in the ftp proxy module (CVE-2008-0005) > (Apache 1 and 2) > > - cross site scripting problem in the error page for status code 413 > (CVE-2007-6203) (Apache 2) > > - cross site scripting problem in mod_proxy_balancer > (CVE-2007-6421) (Apache 2) > > - A flaw in mod_proxy_balancer allowed attackers to crash apache > (CVE-2007-6422) (Apache 2) > > 2) Solution or Work-Around > > There is no known workaround, please install the update packages. > > 3) Special Instructions and Notes > > Please close and restart all running instances of Apache after the update. > > 4) Package Location and Checksums > > The preferred method for installing security updates is to use the YaST > Online Update (YOU) tool. YOU detects which updates are required and > automatically performs the necessary steps to verify and install them. > Alternatively, download the update packages for your distribution manually > and verify their integrity by the methods listed in Section 6 of this > announcement. Then install the packages using the command > > rpm -Fhv <file.rpm> > > to apply the update, replacing <file.rpm> with the filename of the > downloaded RPM package. > > > x86 Platform: > > openSUSE 10.2: > ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-2.2.3-24.i586.rpm > f03e4b8274d7152b45efd72e7cde61b5 > ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-devel-2.2.3-24.i58… > ef8e006c4acfea843329bf2fc12b79fd > ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-doc-2.2.3-24.i586.… > 51ecfcb9bb6d8c8f08efc97d70b8abbe > ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-example-pages-2.2.… > ce37cfd168b627b540e957da18e5ec8f > ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-prefork-2.2.3-24.i… > 0484c1e9d00bd24b5152c562da9ba047 > ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/apache2-worker-2.2.3-24.i5… > b19e229f483a737b25f2aa53c190f92a > > SUSE LINUX 10.1: > ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-2.2.3-16.17.3.i586… > 06c0701d4bd315fb0f644b4fb30d8a95 > ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-devel-2.2.3-16.17.… > 45718ef5161e3544321676e3dd8eca64 > ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-doc-2.2.3-16.17.3.… > 65bdf31d9f940c0b96f7732d0eaf9e0b > ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-example-pages-2.2.… > f8e44ce88c837172d82871bebb06ffd4 > ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-prefork-2.2.3-16.1… > 526d93881e73786ee7f00ef21936ddd0 > ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-worker-2.2.3-16.17… > 1b42cc7478d521000b6566bec22d4109 > > openSUSE 10.3: > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-2.2.… > 2922d4f0980462aa93cc93f74001f7c8 > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-deve… > e80c2f655b566a82ebe3a0d8b95b365e > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-doc-… > a0f13f91c739c7e8deed206136d710ae > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-exam… > 5970a02072fa94016f9317641c66bbf5 > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-pref… > 5b74451cf3b6d4c82da35b3a20cd6e4a > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-util… > fecb129d6f984f502f4b96e6e74a1a4e > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/apache2-work… > d5f5ff376fbe11104ee244b5fbbb3e06 > > Power PC Platform: > > openSUSE 10.3: > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-2.2.4… > a2f1e111c2f22510e37c5c6aa31644c7 > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-devel… > 992fe3cb04a01a3f20ef149f22ad8dec > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-doc-2… > 4a1c3ecbd61659cae402818e36c6c849 > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-examp… > 2fd3d31bea6ac3a624816f96418c8abb > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-prefo… > a6b81c7bba5e2ee49132c4e9b04849ba > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-utils… > d23423196ff4f33d6f3aafe42a2edb88 > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/apache2-worke… > 98eae0b512e9758763725ecf48e87154 > > openSUSE 10.2: > ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-2.2.3-24.ppc.rpm > 01639c47e83d965858231060b99f163a > ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-devel-2.2.3-24.ppc.… > f0c506948d4662ccf850c3ef784aeb10 > ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-doc-2.2.3-24.ppc.rpm > 7720848272448f257a9d8a5492d59119 > ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-example-pages-2.2.3… > bb9a072748358dbd84e9a496a634aa3a > ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-prefork-2.2.3-24.pp… > 4cab7f565ef9b5ba23c5158b7fa16245 > ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/apache2-worker-2.2.3-24.ppc… > 71774427d3c37bf7dc3dfbdd475a3499 > > SUSE LINUX 10.1: > ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-2.2.3-16.17.3.ppc.r… > f2a8afbab90fbd03ea8f197a5ce8f65e > ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-devel-2.2.3-16.17.3… > 44f8fe684f1eab3f9a6ebb65087de90b > ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-doc-2.2.3-16.17.3.p… > 1fe8f99590d355d60ed4cd653b23a6d7 > ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-example-pages-2.2.3… > 2270c3c1dbddf55952d12c00e5e69217 > ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-prefork-2.2.3-16.17… > 81b0ded89d7109bd790081d7e734b780 > ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-worker-2.2.3-16.17.… > d13888fba051f3d508ee8baeca99bf96 > > x86-64 Platform: > > openSUSE 10.2: > ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-2.2.3-24.x86_64.… > cb086d72cfa22d69ffb77401a3873b27 > ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-devel-2.2.3-24.x… > b13ea6a67a114d197e0f97cf83fb1712 > ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-doc-2.2.3-24.x86… > 6721aef0cdabf944ffdc7917bafa22db > ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-example-pages-2.… > 475b95ef58b8078af54e6e0051d340c4 > ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-prefork-2.2.3-24… > 66683396a06e14ab0a6fafd3af1c1cd3 > ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/apache2-worker-2.2.3-24.… > 260c25e62faf98def97d7f227d931545 > > SUSE LINUX 10.1: > ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-2.2.3-16.17.3.x8… > 391a67b5fbcd657e2ecfba1a459057b2 > ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-devel-2.2.3-16.1… > e78d919d97960714f0bdff45cf984b70 > ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-doc-2.2.3-16.17.… > 52ee6e668465921cedb8ec6db723180b > ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-example-pages-2.… > 8400d2e78b1c2edc522c65a1b099f396 > ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-prefork-2.2.3-16… > 17eef4da8eb3dd2eccace560d7a14e0e > ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-worker-2.2.3-16.… > da7b31c3508caf37b650e9cf47359098 > > openSUSE 10.3: > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-2.… > 9ff3ba6a589b6e79f603828937c5c126 > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-de… > 56b23bc76fbfb0bc0d98b11c63daaf36 > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-do… > 55ce8aaf6bc7c097999a93efe99da704 > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-ex… > 1c2d0b400948e83773ba08127ba7fa82 > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-pr… > 537ef6542894bf7ad0bdc72ea9e73be7 > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-ut… > a9d11f6df973e9e71889acfd36ec49c3 > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/apache2-wo… > a51618285183cd0b97075be8436ea697 > > Sources: > > openSUSE 10.3: > http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/apache2-2.2.4… > 9ac4cf97f58360c61b17b177a72df991 > > openSUSE 10.2: > ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/apache2-2.2.3-24.src.rpm > 10a8ee22535b31519d2ba876c31d5271 > > SUSE LINUX 10.1: > ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/apache2-2.2.3-16.17.3.src.r… > 66e2fed2bd179c17fed7b931900ef0dc > > Our maintenance customers are notified individually. The packages are > offered for installation from the maintenance web: > > Open Enterprise Server > http://support.novell.com/techcenter/psdb/484f33da03a9e3e4632f40254c4a96a3.… > http://support.novell.com/techcenter/psdb/2c87b234552522821a81df2a63d03f8c.… > > Novell Linux POS 9 > http://support.novell.com/techcenter/psdb/484f33da03a9e3e4632f40254c4a96a3.… > http://support.novell.com/techcenter/psdb/2c87b234552522821a81df2a63d03f8c.… > > Novell Linux Desktop 9 > http://support.novell.com/techcenter/psdb/2c87b234552522821a81df2a63d03f8c.… > > Novell Linux Desktop 9 SDK > http://support.novell.com/techcenter/psdb/484f33da03a9e3e4632f40254c4a96a3.… > http://support.novell.com/techcenter/psdb/2c87b234552522821a81df2a63d03f8c.… > > SUSE SLES 9 > http://support.novell.com/techcenter/psdb/484f33da03a9e3e4632f40254c4a96a3.… > http://support.novell.com/techcenter/psdb/2c87b234552522821a81df2a63d03f8c.… > > SUSE Linux Enterprise Server 10 SP1 > http://support.novell.com/techcenter/psdb/652745fced1c4af0216a2f3d8430a472.… > > SLE SDK 10 SP1 > http://support.novell.com/techcenter/psdb/652745fced1c4af0216a2f3d8430a472.… > > ______________________________________________________________________________ > > 5) Pending Vulnerabilities, Solutions, and Work-Arounds: > > See SUSE Security Summary Report. > ______________________________________________________________________________ > > 6) Authenticity Verification and Additional Information > > - Announcement authenticity verification: > > SUSE security announcements are published via mailing lists and on Web > sites. The authenticity and integrity of a SUSE security announcement is > guaranteed by a cryptographic signature in each announcement. All SUSE > security announcements are published with a valid signature. > > To verify the signature of the announcement, save it as text into a file > and run the command > > gpg --verify <file> > > replacing <file> with the name of the file where you saved the > announcement. The output for a valid signature looks like: > > gpg: Signature made <DATE> using RSA key ID 3D25D3D9 > gpg: Good signature from "SuSE Security Team <security(a)suse.de>" > > where <DATE> is replaced by the date the document was signed. > > If the security team's key is not contained in your key ring, you can > import it from the first installation CD. To import the key, use the > command > > gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc > > - Package authenticity verification: > > SUSE update packages are available on many mirror FTP servers all over the > world. While this service is considered valuable and important to the free > and open source software community, the authenticity and the integrity of > a package needs to be verified to ensure that it has not been tampered > with. > > There are two verification methods that can be used independently from > each other to prove the authenticity of a downloaded file or RPM package: > > 1) Using the internal gpg signatures of the rpm package > 2) MD5 checksums as provided in this announcement > > 1) The internal rpm package signatures provide an easy way to verify the > authenticity of an RPM package. Use the command > > rpm -v --checksig <file.rpm> > > to verify the signature of the package, replacing <file.rpm> with the > filename of the RPM package downloaded. The package is unmodified if it > contains a valid signature from build(a)suse.de with the key ID 9C800ACA. > > This key is automatically imported into the RPM database (on > RPMv4-based distributions) and the gpg key ring of 'root' during > installation. You can also find it on the first installation CD and at > the end of this announcement. > > 2) If you need an alternative means of verification, use the md5sum > command to verify the authenticity of the packages. Execute the command > > md5sum <filename.rpm> > > after you downloaded the file from a SUSE FTP server or its mirrors. > Then compare the resulting md5sum with the one that is listed in the > SUSE security announcement. Because the announcement containing the > checksums is cryptographically signed (by security(a)suse.de), the > checksums show proof of the authenticity of the package if the > signature of the announcement is valid. Note that the md5 sums > published in the SUSE Security Announcements are valid for the > respective packages only. Newer versions of these packages cannot be > verified. > > - SUSE runs two security mailing lists to which any interested party may > subscribe: > > opensuse-security(a)opensuse.org > - General Linux and SUSE security discussion. > All SUSE security announcements are sent to this list. > To subscribe, send an e-mail to > <opensuse-security+subscribe(a)opensuse.org>. > > opensuse-security-announce(a)opensuse.org > - SUSE's announce-only mailing list. > Only SUSE's security announcements are sent to this list. > To subscribe, send an e-mail to > <opensuse-security-announce+subscribe(a)opensuse.org>. > > ===================================================================== > SUSE's security contact is <security(a)suse.com> or <security(a)suse.de>. > The <security(a)suse.de> public key is listed below. > ===================================================================== > ______________________________________________________________________________ > > The information in this advisory may be distributed or reproduced, > provided that the advisory is not modified in any way. In particular, the > clear text signature should show proof of the authenticity of the text. > > SUSE Linux Products GmbH provides no warranties of any kind whatsoever > with respect to the information contained in this security advisory. > > Type Bits/KeyID Date User ID > pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security(a)suse.de> > pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build(a)suse.de> > > - -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: GnuPG v1.4.2 (GNU/Linux) > > mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA > BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz > JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh > 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U > P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ > cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg > VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b > yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 > tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ > xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 > Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo > choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI > BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u > v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ > x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 > Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq > MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 > saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o > L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU > F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS > FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW > tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It > Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF > AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ > 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk > YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP > +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR > 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U > 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S > cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh > ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB > UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo > AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n > KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi > BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro > nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg > KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx > yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn > B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV > wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh > UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF > 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 > D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu > zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd > 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi > a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 > CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp > 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE > t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG > B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw > rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt > IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL > rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H > RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa > g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA > CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO > =ypVs > - -----END PGP PUBLIC KEY BLOCK----- > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.4-svn0 (GNU/Linux) > > iQEVAwUBR/Y7HXey5gA9JdPZAQLrCQf+Nem9XN40+NEZSxXuSnJZ+p5R8dde2Jig > ba+hLU1QxkS3dfkMrznEMHoaQoi0xT0sK0D0kk9j61Q/MdqbcQPKzsBJU9WUIGmY > LqIL9LGRhJt2dpvSFLfM1ddgZFrIXHjwz8iE22TYTr+VAVl6ZvDO83t8akWvbErw > T8ZntghD9STMRaUCFw9XL0yRKV9qDOnuPggco2h3Jc26FHRiXuM6xJoYehJRbn3i > xdJ4v6u5T1df25iKCS01V4of8JXbOst2DpJlSgXQjybBMf/L8pBwxCpgKyb41/3L > IFwyakCbPZso7vg9wPrZPmxi9HSnVgbjXTYIuwTIMSmx5MSxx2ovaw== > =+Mrh > -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

2 2

[opensuse-security] Older version of Adobe Flash Player was still installed after April upgrade :(
by Gar Ulbricht 01 Jun '08

01 Jun '08

Hi all, As you probably know, SANS last week reported a vulnerability in Adobe Flash Player versions 9.0.124.0 and older. Reference: <http://isc.sans.org/diary.html?storyid=4465> Two days later in a follow-up report,they amended their analysis to versions ___ earlier than ___ "9.0.124.0." <http://isc.sans.org/diary.html?storyid=4474> ("9.0.124.0" was released in April by Adobe.) In the follow-up story, they included a link to Adobe's site to test what version of Flash Player (if any) you have installed. <http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_15507> (I use "no-script" -- and as a policy I try not to go to any flash sites -- but sometimes I need to :( I tested my machine using the Adobe test page, and first got "9.0.124.0" -- which is what I expected. I then re-ran the test from a copy of their page which I had downloaded and got Version: "9.0.115.0" !!!!! Which is not so good and not what i expected. It turns out last Fall when I installed openSUSE-10.3 I installed from the openSUSE DVD, the rpm labled "flash-plugin-9.0.115.0-release -Adobe Flash Player 9.0." When the new patch came out for Adobe Flash in April, I installed the rpm labled: "flash-player-9.0.124.0-0.1 -- Macromedia Flash Plug-In," but that install did not remove the old rpm -- it was still there. So after reading the SAN's story, I removed the old rpm tonight using kpackage (after testing if it was needed) and as far as I can tell my "flash player is still working" and the Adobe test page tells me I have Flash Player 9.0.124.0 installed -- so life is good. Since most of you probably don't use Flash, this is probably not worth knowing, but in case you do use Flash, using YaST2 or kpackage you might want to check if you still have "flash-plugin-9.0.115.0-release -Adobe Flash Player 9.0 installed if you are running openSUSE-10.3. (Sorry I wrote such a long email -- but I wanted it to be clear what the issue was in my mind.) Hope this helps, HAND. -- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

5 6

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security June 2008