November 2014 - openSUSE Security - openSUSE Mailing Lists

[opensuse-security] Charity Work
by luv2charitys＠gmail.com 29 Nov '14

29 Nov '14

Hello,this is Mr Paul N,i sent you an email on charity work but i am yet to hear fom you,do reply with this code CHA-2015 to my email address paulcharity(a)qq.com i Look forward to hearing from you this time,God bless Brother Paul -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

1 0

[opensuse-security] less probably unsafe with LESSOPEN/LESSCLOSE variables
by lists＠notatla.org.uk 24 Nov '14

24 Nov '14

Seen on the full-disclosure list from lcamtuf http://seclists.org/fulldisclosure/2014/Nov/74 > At this point, my best advice would be for users to unset LESSOPEN and > LESSCLOSE if set by their distros. They are set in /etc/profile in OpenSuSE. -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

1 0

[opensuse-security] yup repositories for SLE 12?
by Frank Steiner 17 Nov '14

17 Nov '14

Hi, anyone knows if it is possible to mirror the SLE 12 channels with curl (i.e. yup)? Obviously, the "expected" URLs like https://nu.novell.com/repo/$RCE/SLES12-GA-Updates/sle-12-x86_64/ do not exist, and I read that SLE 12 updates are no longer served by the NCC but the new SCC. Is there a way to mirror from the SCC, too? cu, Frank -- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr. 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: +49 89 2180-99-4049 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. * -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

2 11

[opensuse-security] Susefirewall limit connections
by Otto Rodusek 16 Nov '14

16 Nov '14

Hi ListMates, I have a large number of attacks on my customer's ports (10022, 5901, 5904) running OpenSuse 13.1 x64. Basically I would like the firewall to allow no more than 5 attempts per 60 second period (or 1 attempt per 12 seconds), after which I would like the firewall to PERMENANTLY LOCK out the attempting IP. I'm not sure whether this can be done via the SuseFirewall or whether I need to write a script to do it. I have tried a couple methods with the following script BUT I still get several (thousands) attempts in my firewall logs. Any suggestions? Thanks and best regards. Otto. ---------Start of bash script----------- #!/bin/bash #####command to use IPT=/usr/sbin/iptables #####Max connection in seconds SECONDS=60 #####Max connections per IP BLOCKCOUNT=5 #####default action can be DROP or REJECT DACTION="DROP" #####default port to monitor (if not input) PORT=10022 if [ $# = 1 ] then PORT=$1 fi #####method 1 $IPT -A INPUT -p tcp --dport ${PORT} -m state --state NEW -m recent --set --name rule${PORT} $IPT -A INPUT -p tcp --dport ${PORT} -m state --state NEW -m recent --update --name rule${PORT} \ --seconds ${SECONDS} --hitcount ${BLOCKCOUNT} -j ${DACTION} #####method 2 #$IPT -A INPUT -p tcp --dport ${PORT} -m state --state NEW -m recent --set # #$IPT -A INPUT -p tcp --dport ${PORT} -m state --state NEW -m recent --rcheck \ # --seconds ${SECONDS} --hitcount ${BLOCKCOUNT} -j REJECT --reject-with icmp-port-unreachable ---------End of bash script----------- -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

2 2

[opensuse-security] openSUSE 13.1 updates notified but not available
by Eoin Kirwan 14 Nov '14

14 Nov '14

Hello list, None of the updates for openSUSE 13.1 (32-bit) posted to the opensuse-updates list since Monday evening, at least for packages I have installed, are available via YaST or Apper. Currently this stands at wget, tnftp, libserf, ImageMagick, libreoffice, and fribidi updates outstanding. The last successful updates I got were timezone and telnet, which were notified to the list on Monday morning. Have these updates not been published, or is there some repo problem perhaps? openSUSE-SU-2014:1380-1: moderate: update for wget openSUSE-SU-2014:1383-1: moderate: tnftp: Prevent command exection openSUSE-SU-2014:1395-1: moderate: libserf: Disable SSLv2 and SSLv3. openSUSE-SU-2014:1396-1: moderate: Security update for ImageMagick openSUSE-SU-2014:1412-1: moderate: Security update for libreoffice openSUSE-RU-2014:1418-1: moderate: fribidi: bugfix update With kind regards, Eoin -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

2 3

[opensuse-security] pcsc-lite and polkit rules in openSUSE 13.2
by Michael Ströder 14 Nov '14

14 Nov '14

HI! After upgrading to openSUSE 13.2 accessing my USB CCID card reader though pcscd does not work anymore. Seems that polkit rules are needed for this new pcscd version (access as root does work). After doing some reading I've tried to create file /usr/share/polkit-1/rules.d/org.debian.pcsc-lite.packagekit.rules (see below) but it does not work. Any clue? Ciao, Michael. ----------------- snip ----------------- polkit.addRule(function(action, subject) { if ( action.id == "org.debian.pcsc-lite.access_pcsc" && subject.active == true && subject.local == true && subject.isInGroup("scard") ) { return polkit.Result.YES; } }); polkit.addRule(function(action, subject) { if ( action.id == "org.debian.pcsc-lite.access_card" && subject.active == true && subject.local == true && subject.isInGroup("scard") ) { return polkit.Result.YES; } });

2 3

[opensuse-security] Where to get mod_security2 missing mlogc binary?
by Keith Roberts 11 Nov '14

11 Nov '14

Hi all. We’re running 13.1 at work and I’m tasked with setting up remote audit logging. I intend to use ModSecurity2 as it can do concurrent logging to a remote box using mlogc: http://www.jwall.org/web/audit/console/index.jsp However I cannot see the mlogc binary in the default 13.1 suse package for apache2-mod_security2. Can anyone tell me where I can get this missing binary from please? Kind Regards, Keith Roberts-- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

2 1

[opensuse-security] AA profile for Libre Office
by pinguin74 10 Nov '14

10 Nov '14

Hi there, has anyone already created an AppArmor profile for Libre Office? Before starting from scratch would be nice to look at a existing profile for LO! Thanks

1 0

[opensuse-security] AW: [security-announce] SUSE-SU-2014:1361-1: important: Security update for OpenSSL
by hans.paffrath＠stadt-koeln.de 06 Nov '14

06 Nov '14

Hello, yesterday, you pronounced a patch for sle11 openssl1. SUSE-SU-2014:1357-1 When I asked you, if we would need the poodle workaround any longer after installing this patch, you answerd: yes, because the patch was only for a special product. Now, what about this patch: it seemed to me, that it includes the poodle leak. Do we - after installing it - still need the workaround as described here: https://www.suse.com/support/kb/doc.php?id=7015773 Thanks. Mit freundlichem Gruß Hans Paffrath Stadt Köln - Der Oberbürgermeister Amt für Informationsverarbeitung Willy-Brandt-Platz 3 50679 Köln Telefon: 0221/221-26085 Telefax: 0221/221-22845 E-Mail: hans.paffrath(a)stadt-koeln.de Internet: www.stadt-koeln.de -----Ursprüngliche Nachricht----- Von: opensuse-security(a)opensuse.org [mailto:opensuse-security@opensuse.org] Gesendet: Mittwoch, 5. November 2014 23:05 An: opensuse-security-announce(a)opensuse.org Betreff: [security-announce] SUSE-SU-2014:1361-1: important: Security update for OpenSSL SUSE Security Update: Security update for OpenSSL ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:1361-1 Rating: important References: #892403 #901223 #901277 Cross-References: CVE-2014-3566 CVE-2014-3567 CVE-2014-3568 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This OpenSSL update fixes the following issues: * Session Ticket Memory Leak (CVE-2014-3567) * Build option no-ssl3 is incomplete (CVE-2014-3568) * Add support for TLS_FALLBACK_SCSV to mitigate CVE-2014-3566 (POODLE) Security Issues: * CVE-2014-3567 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567> * CVE-2014-3566 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566> * CVE-2014-3568 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568> Indications: Everybody should update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-libopenssl-devel-9915 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-libopenssl-devel-9915 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-libopenssl-devel-9915 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-libopenssl-devel-9915 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl-devel-0.9.8j-0.66.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): libopenssl0_9_8-0.9.8j-0.66.1 libopenssl0_9_8-hmac-0.9.8j-0.66.1 openssl-0.9.8j-0.66.1 openssl-doc-0.9.8j-0.66.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.66.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.66.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): libopenssl0_9_8-0.9.8j-0.66.1 libopenssl0_9_8-hmac-0.9.8j-0.66.1 openssl-0.9.8j-0.66.1 openssl-doc-0.9.8j-0.66.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libopenssl0_9_8-32bit-0.9.8j-0.66.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.66.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libopenssl0_9_8-x86-0.9.8j-0.66.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libopenssl0_9_8-0.9.8j-0.66.1 openssl-0.9.8j-0.66.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libopenssl0_9_8-32bit-0.9.8j-0.66.1 References: http://support.novell.com/security/cve/CVE-2014-3566.html http://support.novell.com/security/cve/CVE-2014-3567.html http://support.novell.com/security/cve/CVE-2014-3568.html https://bugzilla.suse.com/show_bug.cgi?id=892403 https://bugzilla.suse.com/show_bug.cgi?id=901223 https://bugzilla.suse.com/show_bug.cgi?id=901277 http://download.suse.com/patch/finder/?keywords=e15c3470343095d331f7120ec69… -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org -- To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org

3 2

[opensuse-security] apache2 -DFOREGROUND blocks access to Unix Domain socket
by Michael Ströder 05 Nov '14

05 Nov '14

HI! Sorry, I'm pretty new to systemd issues. I have a FastCGI process invoked by Apache's mod_fcgid which runs just fine since years. It opens a LDAPI (LDAP over IPC) connection which also used to work just fine. But not with the startup via systemd (openSUSE 13.1). The process can open normal LDAP connections via TCP but not to a Unix Domain Socket. Yes, I've checked all ownership/permissions and there's no AppArmor or SELinux active. I've tracked down this to: When starting like this it does not work: /usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k start But leaving away -DFOREGROUND it does work: /usr/sbin/start_apache2 -DSYSTEMD -k start Unfortunately naively hunking out -DFOREGROUND from /usr/lib/systemd/system/apache2.service does also not work. Any clue? Many thanks in advance. Ciao, Michael.

2 1