The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Grrr... more stuff

To: security@debian.org, ron@caldera.com, adam@yggdrasil.com
Subject: Grrr... more stuff
From: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>
Date: Sun, 15 Dec 1996 14:19:56 -0500
Cc: cert@cert.org, auscert@auscert.au.org
Delivered-to: security@debian.org
Importance: low
Priority: non-urgent
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"0bIp5.0.CC.VD3jo"@master.debian.org>
Resent-reply-to: debian-private@lists.debian.org
Resent-sender: debian-private-request@lists.debian.org

Good afternoon,

	I don't know if this is just a slip or if the RedHat decided to stop
being the team player but this is the announcement they just came out with.
It looks like we need to urgently coordinate another couple of updates. I am
waiting for them to desribe what they fixed in doom and libc ( even thought
I do have a good idea about the libc - the resolver part was rather messed
up ). 
	Please respond with your plans as soon as possible.

Best wishes,
Alex


------- Forwarded Message

Return-Path: redhat-announce-list-request@redhat.com
Received: from mail2.redhat.com (mail2.redhat.com [199.183.24.247]) by bach.cis.temple.edu (8.7.6/8.7.3) with SMTP id NAA03662 for <alex@bach.cis.temple.edu>; Sun, 15 Dec 1996 13:29:40 -0500
Received: (qmail 29270 invoked by uid 501); 15 Dec 1996 18:12:43 -0000
Resent-Date: 15 Dec 1996 18:12:43 -0000
Resent-Cc: recipient list not shown: ;
MBOX-Line: From redhat-announce-list-request@redhat.com  Sun Dec 15 13:12:37 1996
Date: Sun, 15 Dec 1996 13:12:28 -0500 (EST)
From: Erik Troan <ewt@redhat.com>
Reply-To: redhat-list@redhat.com
To: redhat-announce-list@redhat.com
Subject: SECURITY: Security fixed for libc, doom, and sendmail
Message-ID: <Pine.LNX.3.93.961215130304.839A-100000@redhat.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Resent-Message-ID: <"vWcFu2.0.b67.K-3jo"@mail2.redhat.com>
Resent-From: redhat-announce-list@redhat.com
X-Mailing-List: <redhat-announce-list@redhat.com> archive/latest/360
X-Loop: redhat-announce-list@redhat.com
Precedence: list
Resent-Sender: redhat-announce-list-request@redhat.com
X-URL: http://www.redhat.com


There are known security problems with the sendmail, libc, and doom packages 
distributed with Red Hat 4.0. The libc problems might allow users root
access to a Red Hat system (though no exploits have been produced), 
the most recent sendmail problems allow users access to the sendmail group,
and the doom problem allows all users root access to a system.

These problems have been fixed in sendmail-8.8.4-1, libc-5.3.12-17, and
doom-1.8-7. Please upgrade these packages as soon as possible. The new
versions are available on ftp.redhat.com in /updates/4.0 and all of the
packages have been PGP signed with Red Hat's PGP key. Note that while all
of these packages are included on Red Hat Linux/Intel, the doom problem
is not present in Red Hat Linux/SPARC and neither the doom nor libc
problems affect Red Hat Linux/Alpha.

If you have direct internet access, you can upgrade to these versions with
the following commands:

i386:

rpm -Uvh ftp://ftp.redhat.com/updates/4.0/i386/doom-1.8-7.i386.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/i386/libc-5.3.12-17.i386.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/i386/libc-static-5.3.12-17.i386.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/i386/sendmail-8.8.4-1.i386.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/i386/sendmail-cf-8.8.4-1.i386.rpm

sparc:
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/sparc/libc-5.3.12-17.sparc.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/sparc/libc-static-5.3.12-17.sparc.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/sparc/sendmail-8.8.4-1.sparc.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/sparc/sendmail-cf-8.8.4-1.sparc.rpm

alpha:
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/axp/sendmail-8.8.4-1.axp.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/axp/sendmail-cf-8.8.4-1.axp.rpm

(I hope I got all of those right)

Erik

- -------------------------------------------------------------------------------
|       I told you I'm not very bright -- Sugar in "Some Like It Hot"         |
|      "RPM is the greatest thing since swap-space" - Bryan C. Andregg
|                                                                             |
|       Erik Troan   =   ewt@redhat.com     =    ewt@sunsite.unc.edu          |


- --
To unsubscribe:
mail -s unsubscribe redhat-announce-list-request@redhat.com < /dev/null


------- End of Forwarded Message


--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Follow-Ups:
- Re: Grrr... more stuff
  - From: Chris Fearnley <cjf@netaxs.com>

Prev by Date: Re: Debian 1.2 Installation
Next by Date: More on Red Hat announce
Previous by thread: Re: Debian 1.2 Installation
Next by thread: Re: Grrr... more stuff
Index(es):
- Date
- Thread