openSUSE Security March 2013

security@lists.opensuse.org

6 participants
5 discussions

[opensuse-security] FW_MASQUERADE default behavior ?
by Juan Luis Baptiste 24 Apr '13

24 Apr '13

Hi, I'm trying to enable masquerading on a server to allow some internal hosts to access the internet. From reading the included EXAMPLES file and the documentation of SuSEfirewall2 I have setup the following variables: FW_DEV_EXT="eth0" FW_DEV_INT="eth1" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="192.168.10.0/24" But just setting FW_MASQUERADE="yes" will open up access to the internet to all of the internal network. For what I have read, this shouldn't be the correct behavior because then FW_MASQ_NETS wouldn't have much sense. For now, to be able to block access to the internet to the entire network I have to do it like this: FW_MASQ_NETS="!0/0 192.168.10.0/24" Then it works, access to all subnets is disallowed and then I allow the subnet I want. AFAIK this shouldn't be necessary, access to the internet shouldn't be allowed by default. I'm missing something ? this is on opensuse 12.1. Cheers, -- JLB -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

3 6

[opensuse-security] Restoration of Mobile Phone Deposit
by mobile_helpdesk_noreply＠tpg.com.au 14 Mar '13

14 Mar '13

Dear Customer, The balance of your Mobile Phone Deposit has dropped below $5.00, and we have initiated a debit of $16.29 to restore the balance to $20.00. Please refer to attached report with detailed status of your account. Thank you for using the TPG mobile phone service. Your customer ID is 6927039. TPG

1 0

[opensuse-security] Restoration of Mobile Phone Deposit
by mobile_helpdesk_noreply＠tpg.com.au 14 Mar '13

14 Mar '13

Dear Customer, The balance of your Mobile Phone Deposit has dropped below $5.00, and we have initiated a debit of $16.59 to restore the balance to $20.00. Please refer to attached report with detailed status of your account. Thank you for using the TPG mobile phone service. Your customer ID is 0443584. TPG

1 0

[opensuse-security] Re: openSUSE-SU-2013:0395-1: important: kernel: fixed local privilege escalation
by Joe Morris 09 Mar '13

09 Mar '13

On 03/06/2013 12:04 AM, opensuse-security(a)opensuse.org wrote: > openSUSE Security Update: kernel: fixed local privilege escalation > ______________________________________________________________________________ > > Announcement ID: openSUSE-SU-2013:0395-1 > Rating: important > References: #797175 #799209 #800280 #801178 #801782 #802153 > #804738 #805633 > Cross-References: CVE-2012-5374 CVE-2013-0160 CVE-2013-0216 > CVE-2013-0231 CVE-2013-1763 > Affected Products: > openSUSE 12.2 > ______________________________________________________________________________ > > An update that solves 5 vulnerabilities and has three fixes > is now available. > Why is this (and the latest couple of) updates not yet showing up in the update repository? This one is in 12.2-test, and the pidgin and libqt4 I don't yet see in any update repository. Just wondering what the problem is. I went ahead and downloaded the kernel update manually from 12.2-test and updated, but that seems at best a workaround. The announcement above says it is now available, but is it really? Joe -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

3 2

[opensuse-security] Christoph WAGNER ist außer Haus.
by Christoph WAGNER 07 Mar '13

07 Mar '13

Ich werde ab 06.03.2013 nicht im Büro sein. Ich kehre zurück am 08.03.2013. Ich werde Ihre Nachricht nach meiner Rückkehr beantworten. Die Rückmeldung bezieht sich auf ein Mail mit folgendem Thema: [security-announce] openSUSE-SU-2013:0405-1: important: pidgin: various security fixes ____________________________________________________________________________________________ Gesendet (c) GRZ/RACON Linz 2010 Agent 'Abwesenheit' Der Austausch von Nachrichten mit o.a. Absender via e-mail dient ausschließlich Informationszwecken. Rechtsgeschäftliche Erklärungen dürfen über dieses Medium nicht ausgetauscht werden. Correspondence with a.m. sender via e-mail is only for information purposes. This medium is not to be used for the exchange of legally-binding communications. -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

1 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

openSUSE Security March 2013