Full Disclosure mailing list archives
Re: Operating Systems Security, 'Microsoft Security, baby steps'
From: "Daniele Muscetta" <daniele () muscetta com>
Date: Thu, 18 Mar 2004 11:18:51 +0100 (CET)
Todd Burroughs said:
Kudos to SuSE, keep up the good work! We're getting nervous with the Novell thing, but keep security first.
Yeah..... tell Novell, indeed: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968352.htm for their propreitary Groupwise Webmail interface I have been waiting for MONTHS for this fix.... it has been in BETA for months now, looks like forever.... and it says: [...] This patch also addresses OpenSSL security vulnerabilities described in CERT® Advisories CAN-2003-0543 (VU#255484), CAN-2003-0544 (VU#380864), VU#686224, and VU#732952 [...] ....which is not yesterday's bug. But a much older one. It's kept very quiet though. Any other distro/vendor has had it fixed for ages now. I believe that the known exploits for linux/unix don't work on Netware so they think it is safe to take that long to fix it..... Yeah, this BETA fix is there.... but: [...] Groupwise 6.5 WebAccess SP2 Field Test File revision E. This patch should be used to verify bug fixes prior to the official release of GroupWise 6.5 Support Pack 2. Fixes in this FTF are not guaranteed to be included in the shipping release of Groupwise 6.5 SP2. [...] So.... is one supposed to install it or not ? Good that SuSE *still* works indipendently enough. Daniele _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Operating Systems Security, "Microsoft Security, baby steps" Todd Burroughs (Mar 18)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Florian Weimer (Mar 18)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Mark J Cox (Mar 18)
- Re: Operating Systems Security, 'Microsoft Security, baby steps' Daniele Muscetta (Mar 18)
- RE: [inbox] Operating Systems Security, "Microsoft Security, baby steps" Curt Purdy (Mar 18)
- <Possible follow-ups>
- RE: Operating Systems Security, "Microsoft Security, baby steps" Schmehl, Paul L (Mar 18)
- RE: Operating Systems Security, "Microsoft Security, baby steps" Todd Burroughs (Mar 18)
- RE: Operating Systems Security, "Microsoft Security, baby steps" Luke Scharf (Mar 19)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Nico Golde (Mar 19)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Ben Laurie (Mar 22)
- When do exploits get used? Paul Schmehl (Mar 22)
- Re: When do exploits get used? Luke Scharf (Mar 22)
- Re: When do exploits get used? Jay Beale (Mar 22)
- Re: When do exploits get used? Luke Scharf (Mar 22)
- RE: Operating Systems Security, "Microsoft Security, baby steps" Todd Burroughs (Mar 18)
- Re: Operating Systems Security, "Microsoft Security, baby steps" Florian Weimer (Mar 18)