Hi,
for otrs I need this config:
(https://build.opensuse.org/package/show?package=otrs&project=network%3Aotrs…)
%defattr(0644,%{name},www,0775)
%dir /opt/%{name}/var/article
%dir /opt/%{name}/var/log
%dir /opt/%{name}/var/tmp
but obs is complaining: permissions-directory-setuid-bit
and I should contact security(a)suse.de
Here I am :)
Is this acceptable ?
Kind Regards
Chris
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security+help(a)opensuse.org
Hi,
during some package updates from a 11.4-x86_64 system, I noticed some
digest verification errors, but only in security related packages:
Retrieving: libcares2-1.7.4-29.1.x86_64.rpm [done]
Digest verification failed for libcares2-1.7.4-29.1.x86_64.rpm. Expected
7a98495e2080a92d3ff0b7e59972c318b8788d7d9f69efc07ad6e261369224c6, found
a051c3bcf760baf230b975a4c4f5814a4c112e98b57ae281655bd8bd282c94fb.
Retrieving: libssh2-1-1.2.7-12.1.x86_64.rpm [done]
Digest verification failed for libssh2-1-1.2.7-12.1.x86_64.rpm. Expected
e8cc318266c32b7820efb858244282562605848b91eeef18ba37180400eb7cf4, found
b0b1beacfcbcd84f161a8ad39633bfe6eb597b303df6210a2a23f99b72653059.
Retrieving: libcurl4-7.21.7-60.1.x86_64.rpm [done (230.1 KiB/s)]
Digest verification failed for libcurl4-7.21.7-60.1.x86_64.rpm. Expected
3cd167cab18efa90062b43e5afb696dd650c2c62098fa752461bdbda7289e510, found
88d094b4b5f50dc402fd17258a21f74e39bd616d26e2296298254ea4b2364575.
Continue? [yes/no] (no): y
Invalid answer 'y'. Enter 'y' for 'yes' or 'n' for 'no' if nothing else
works for you. [yes/no] (no):
Failed to provide Package libcurl4-7.21.7-60.1. Do you want to retry
retrieval?
[download.opensuse.org-python|
http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE…]
Can't provide file './x86_64/libcurl4-7.21.7-60.1.x86_64.rpm' from
repository 'download.opensuse.org-python'
History:
- libcurl4-7.21.7-60.1.x86_64.rpm has wrong checksum
Abort, retry, ignore? [a/r/i] (a): i
As being shown in the last paragraph, they all came from
devel:languages:python.
Is that something to be concerned about or is the repo under attack?
TIA,
Pete
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security+help(a)opensuse.org
We failed a pci-dss compliance test because the version of openSSH for 11.3
doesn't have the fix for CVE-2011-0539. In fact, there hasn't been any update
to openSSH for 11.3 since Jun 2010.
I can see that the fix is in the version in factory. The change log has:
- Update to 5.8p1
* Fix vulnerability in legacy certificate signing introduced in
OpenSSH-5.6 and found by Mateusz Kocielski.
which looks like the fix for CVE-2011-0539.
Two questions:
1/ Is there any reason why this fix hasn't been ported to 11.3?
2/ Any reason why I might have problems taking the factory source and building
it for myself?
Paul
--
Paul Reeves
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security+help(a)opensuse.org
