openSUSE Security July 2011

security@lists.opensuse.org

5 participants
3 discussions

[opensuse-security] otrs and permissions file
by Christian 24 Apr '12

24 Apr '12

Hi, for otrs I need this config: (https://build.opensuse.org/package/show?package=otrs&project=network%3Aotrs…) %defattr(0644,%{name},www,0775) %dir /opt/%{name}/var/article %dir /opt/%{name}/var/log %dir /opt/%{name}/var/tmp but obs is complaining: permissions-directory-setuid-bit and I should contact security(a)suse.de Here I am :) Is this acceptable ? Kind Regards Chris -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

2 6

[opensuse-security] strange digest verification errors
by Hans-Peter Jansen 18 Jul '11

18 Jul '11

Hi, during some package updates from a 11.4-x86_64 system, I noticed some digest verification errors, but only in security related packages: Retrieving: libcares2-1.7.4-29.1.x86_64.rpm [done] Digest verification failed for libcares2-1.7.4-29.1.x86_64.rpm. Expected 7a98495e2080a92d3ff0b7e59972c318b8788d7d9f69efc07ad6e261369224c6, found a051c3bcf760baf230b975a4c4f5814a4c112e98b57ae281655bd8bd282c94fb. Retrieving: libssh2-1-1.2.7-12.1.x86_64.rpm [done] Digest verification failed for libssh2-1-1.2.7-12.1.x86_64.rpm. Expected e8cc318266c32b7820efb858244282562605848b91eeef18ba37180400eb7cf4, found b0b1beacfcbcd84f161a8ad39633bfe6eb597b303df6210a2a23f99b72653059. Retrieving: libcurl4-7.21.7-60.1.x86_64.rpm [done (230.1 KiB/s)] Digest verification failed for libcurl4-7.21.7-60.1.x86_64.rpm. Expected 3cd167cab18efa90062b43e5afb696dd650c2c62098fa752461bdbda7289e510, found 88d094b4b5f50dc402fd17258a21f74e39bd616d26e2296298254ea4b2364575. Continue? [yes/no] (no): y Invalid answer 'y'. Enter 'y' for 'yes' or 'n' for 'no' if nothing else works for you. [yes/no] (no): Failed to provide Package libcurl4-7.21.7-60.1. Do you want to retry retrieval? [download.opensuse.org-python| http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE…] Can't provide file './x86_64/libcurl4-7.21.7-60.1.x86_64.rpm' from repository 'download.opensuse.org-python' History: - libcurl4-7.21.7-60.1.x86_64.rpm has wrong checksum Abort, retry, ignore? [a/r/i] (a): i As being shown in the last paragraph, they all came from devel:languages:python. Is that something to be concerned about or is the repo under attack? TIA, Pete -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

2 2

[opensuse-security] openSSH, 11.3 and CVE-2011-0539
by paul 18 Jul '11

18 Jul '11

We failed a pci-dss compliance test because the version of openSSH for 11.3 doesn't have the fix for CVE-2011-0539. In fact, there hasn't been any update to openSSH for 11.3 since Jun 2010. I can see that the fix is in the version in factory. The change log has: - Update to 5.8p1 * Fix vulnerability in legacy certificate signing introduced in OpenSSH-5.6 and found by Mateusz Kocielski. which looks like the fix for CVE-2011-0539. Two questions: 1/ Is there any reason why this fix hasn't been ported to 11.3? 2/ Any reason why I might have problems taking the factory source and building it for myself? Paul -- Paul Reeves -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security+help(a)opensuse.org

4 5

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security July 2011