The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ldso

To: Debian Security <security@debian.org>
Subject: ldso
From: Daniel Ryde <ryde@tripnet.se>
Date: Sat, 13 Sep 1997 22:41:08 +0200 (CEST)
Delivered-to: security@debian.org
Resent-cc: recipient list not shown: ;
Resent-date: 14 Sep 1997 18:11:36 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"OH1BrD.A.2NC.WjCH0"@debian>
Resent-sender: debian-private-request@lists.debian.org

I miss information about some recent serious bugs that is or might be
fixed:

The ldso bug is not mentioned on the Debian security page.
This is a rather serious bug, which gives local root access.
There is a fixed version 1.8.12-1 in bo-updates (this is not the actual
security release but a followup).

The recent inn bug is not on the Debian security page.
This gives news privilige remotly.
There is a fixed version 1.5.1-4 in the bo-updates.
Another inn question is if it is the same version as inn 1.5.1sec2 on
ftp.isc.org/isc/inn? This version has several serious buffer overflow
fixes, and I can't find any information about that in the debian version.


I have also reported an bug in the ssh package which allows normal users
to open priveliged ports for listening, and may then forward this port
remotley to another machine. This is dangerous as a user can gather
passwords from services that might be disabled. This is fixed in a new ssh
version 1.2.21 on ftp.cs.hut.fi/pub/ssh.


Best Regards

Daniel Ryde, System Administrator
__________________________________________________________________________
Tripnet AB                Visit Address:      Telephone:  +46 31 7252500
Box 5071                  Avagen 42           Fasicmile:  +46 31 7252501
S-402 22 GOTEBORG         GOTEBORG            Email:      ryde@tripnet.se
Sweden                    Sweden


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Prev by Date: Re: Mail to {user}@debian.org bouncing.
Next by Date: Re: Tetris trademark infringement
Previous by thread: Re: Mail to {user}@debian.org bouncing.
Next by thread: What happens with mail to master?
Index(es):
- Date
- Thread