April 2010 - openSUSE Security - openSUSE Mailing Lists

[opensuse-security] SELinux and xace on opensuse 11.2
by Justin Mattock 14 Apr '10

14 Apr '10

This post is to let peoples know that I went and enabled xace on the xserver for opensuse 11.2, and am able to run in full enforcement mode. The packages are located at jmattock78(with the osc build project) The main packages you will need are(not vary many) glib2 Mesa and the xserver keep in mind I haven't really sent a request in since I havent really tested(an am unsure if somebody has already done this), In any case the packages are there if any body is interested in running xace. cheers, -- Justin P. Mattock -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

1 0

[opensuse-security] login-problem on OpenSuSE 11.1
by Ralf Ronneburger 12 Apr '10

12 Apr '10

Hi everyone, I have a login-problem on an OpenSuSE 11.1 machine (all updates installed). When I try to login via ssh I get: # ssh -vv XXX.XXX.XXX.XXX OpenSSH_5.1p1, OpenSSL 0.9.8h 28 May 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to XXX.XXX.XXX.XXX [XXX.XXX.XXX.XXX] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host Local login also does not work, after entering the username and pressing [Enter] the password-prompt does never appear. STRG + ALT + DEL does also not reboot the box. How could such a thing happen and what can I do to find out the source of this problem and to prevent it in the future? Greetings, Ralf -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

6 9

[opensuse-security] Re: [security-announce] SUSE Security Summary Report: SUSE-SR:2010:007 (fwd)
by Markus Gaugusch 09 Apr '10

09 Apr '10

Hi, The latest update of viewvc (viewvc-2240) does no longer work with CVS (on OpenSUSE 11.1). An Exception Has Occurred Python Traceback Traceback (most recent call last): File "/srv/viewvc/lib/viewvc.py", line 3765, in main request.run_viewvc() File "/srv/viewvc/lib/viewvc.py", line 399, in run_viewvc self.view_func(self) File "/srv/viewvc/lib/viewvc.py", line 1614, in view_directory row.log = format_log(file.log, cfg) File "/srv/viewvc/lib/viewvc.py", line 1014, in format_log s = htmlify(log[:cfg.options.short_log_len], cfg.options.buglink_base) TypeError: htmlify() takes exactly 1 argument (2 given) If I change line 1002 in viewvc.py from def htmlify(html): to def htmlify(html, buglink): it works again. regards, Markus PS: I've been notified, that this bug is already fixed at suse, so this is just a heads up for the other people here. Apparently it works on 11.2, but I can't verify it at the moment. On Mar 30, Sebastian Krahmer <krahmer(a)suse.de> wrote: > 1) Solved Security Vulnerabilities: > - viewvc > > - viewvc > Query forms didn't escape user provided input, therefore allowing > cross-site-scripting (XSS) attacks. > CVE-2010-0736 has been assigned to this issue. > Affected products: openSUSE 11.0-11.2 -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

1 0