On 2016-09-26 18:10, opensuse-security(a)opensuse.org wrote:
> openSUSE Security Update: Security update for MozillaFirefox, mozilla-nss
> ______________________________________________________________________________
>
> Announcement ID: openSUSE-SU-2016:2386-1
> Rating: important
> References: #999701
> Cross-References: CVE-2016-2827 CVE-2016-5256 CVE-2016-5257
> CVE-2016-5270 CVE-2016-5271 CVE-2016-5272
> CVE-2016-5273 CVE-2016-5274 CVE-2016-5275
> CVE-2016-5276 CVE-2016-5277 CVE-2016-5278
> CVE-2016-5279 CVE-2016-5280 CVE-2016-5281
> CVE-2016-5282 CVE-2016-5283 CVE-2016-5284
>
> Affected Products:
> openSUSE 13.1
> ______________________________________________________________________________
>
> An update that fixes 18 vulnerabilities is now available.
I get an error Box:
+++.................
An error occurred while loading or saving
configuration information for [Firefox|thunderbird-bin]. Some
of your configuration settings may not work properly.
Details:
Configuration server couldn't be contacted: D-BUS error: The GConf daemon is currently shutting down.
Configuration server couldn't be contacted: D-BUS error: The GConf daemon is currently shutting down.
Configuration server couldn't be contacted: D-BUS error: The GConf daemon is currently shutting down.
Configuration server couldn't be contacted: D-BUS error: The GConf daemon is currently shutting down.
.................++-
The daemon is and was running.
FF also says:
+++.......................
Firefox is not currently set as your default browser. Would you like to
make it your default browser?
[V] Always perform this check when starting Firefox
.......................++-
Saying Yes does not work, it asks again the next time.
--
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 "Bottle" at Telcontar)
This is an abstraction for those folks who prefer to use the proprietary
AMD driver
It needs to be added to every profile for X11 apps.
It may be more convenient to copy the whole rule into abstractions/x to
avoid changing existing profiles. To be honest, this is, what I did when
I used fglrx.
Am 15.09.2016 um 08:41 schrieb jsegitz(a)suse.de:
> On Tue, Sep 13, 2016 at 07:17:34AM +0200, Malte Gell wrote:
>> why is the SUSE kernel built without CONFIG_RANDOMIZE_BASE?
>
> Have a look at
> http://bugzilla.suse.com/show_bug.cgi?id=998554
> we enabled it in Tumbleweed, so we can test it there.
Thanx, great!
I may test it with the Leap 42.1 kernel later this day/week.
Best regards
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org
Confining Firefox may be the most important thing you can do to improve
security on a desktop system....
As a basis I took some old profile from Ubuntu and added more
permissions to make it work.
This profile works very well. But it separates Thunderbird, you cannot
open mailto links with it. But in my mind, it is better to keep the data
of both apps separated. To avoid an attacker steal your email account
data and vice very.
Both, Firefox and Thunderbird want to load kernel modules.
I never looked, what kernel modules Firefox or TB need to load.
To me it´s a bit scary to allow them loading kernel modules.
I haven´t investigated this yet.
In this profile I allowed to access /sbin/modprobe.
The profile works with Leap 42.1 and its current Firefox.
Dear List,
GnuPG is a crucial security tool on any Linux system and its importance
may make it prone to attacks. Thus it´s wise to have an AA profile for it.
This AA profile for GnuPG supports the graphical pinentry programs and
it supports SmartCard use. It also works with the Thunderbird addon
Enigmail.
This profile may need additional permissions if you use GnuPG with other
mail clients besides Thunderbird. I only made it work for Thunderbird.
To me there is no reason to trust guest systems I run in VirtualBox,
especially software from the city of Redmond always enjoys my distrust.
Thus, I created an AA profile for VirtualBox.
BTW, all profiles I posted work with Leap 42.1, I use them daily.
The VirtualBox profile supports USB access if you install that guest USB
thing from Oracle.
This profile works fine for me with MS Windows 7 as guest OS.
If you use other guest OS, the profile *may* need adjustments.
It´s always good to confine your mail user agent.
This profile requires the GnuPG profile I sent some minutes ago.
It supports Enigmail with OpenPGP Smartcards.
This profile locks access to the local firefox folder. The advantage is,
in case of a security breach, the attacker cannot steal data from your
firefox profile. The disadvantage is, you cannot use emailto links from
within firefox with this profile.
If you want emailto links to work, change it yourself.
The /proc stuff could be confined better, was too lazy to make it a bit
more consistent...
Dear list,
this is my AA profile for /usr/bin/vlc, attached as .TXT file.
It has support for proprietary AMD Catalyst and nVidia drivers, supports
access to DVB devices. These proprietary drivers come with 2 sub-tools I
have not confined.
It may need more permissions for some KDE themes, but the profile will
always work, just the VLC GUI may not adjust to the system default.
Media players are often at risk and have serious security flaws, thus it
makes sense to have an AA profile for it.
It´s not pretty, but it works.
Hi there,
I wonder, when do I have to explicitly set the "network" rule?
VLC media player can connect well without setting the "network" item,
other programs need to have "network" set.
Why does VLC work without setting "network" and others don´t?
It seems programs can have network access without needing "network" be set?
Thanks
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org
Hi there,
why is the SUSE kernel built without CONFIG_RANDOMIZE_BASE?
Does it have any disadvantages if enabled?
Would it break any software or functions?
Thanks
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org