lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2114.213.132.174.59.1079605131.squirrel@lupetto.mine.nu>
From: daniele at muscetta.com (Daniele Muscetta)
Subject: Operating Systems Security, 'Microsoft Security, baby steps'

Todd Burroughs said:
> Kudos to SuSE, keep up the good work!  We're getting nervous with the
> Novell thing, but keep security first.


Yeah..... tell Novell, indeed:

http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968352.htm

for their propreitary Groupwise Webmail interface I have been waiting for
MONTHS for this fix.... it has been in BETA for months now, looks like
forever.... and it says:
[...] This patch also addresses OpenSSL security vulnerabilities described
in CERT? Advisories CAN-2003-0543 (VU#255484), CAN-2003-0544 (VU#380864),
VU#686224, and VU#732952 [...]
....which is not yesterday's bug. But a much older one.
It's kept very quiet though. Any other distro/vendor has had it fixed for
ages now.
I believe that the known exploits for linux/unix don't work on Netware so
they think it is safe to take that long to fix it.....
Yeah, this BETA fix is there.... but:
[...] Groupwise 6.5 WebAccess SP2 Field Test File revision E. This patch
should be used to verify bug fixes prior to the official release of
GroupWise 6.5 Support Pack 2. Fixes in this FTF are not guaranteed to be
included in the shipping release of Groupwise 6.5 SP2. [...]
So.... is one supposed to install it or not ?

Good that SuSE *still* works indipendently enough.

Daniele




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ