NYLXS - Free Software Events

Thu Nov 21 23:35:00 2024

EVENTS

FREE
SOFTWARE
INSTITUTE

POLITICS

JOBS

MEMBERS'
CORNER

MAILING
LIST

NYLXS Members have a lot to say and share but we don't keep many secrets. Join the Hangout Mailing List and say your peice.

DATE 2006-05-01

HANGOUT

2024-11-21 | 2024-10-21 | 2024-09-21 | 2024-08-21 | 2024-07-21 | 2024-06-21 | 2024-05-21 | 2024-04-21 | 2024-03-21 | 2024-02-21 | 2024-01-21 | 2023-12-21 | 2023-11-21 | 2023-10-21 | 2023-09-21 | 2023-08-21 | 2023-07-21 | 2023-06-21 | 2023-05-21 | 2023-04-21 | 2023-03-21 | 2023-02-21 | 2023-01-21 | 2022-12-21 | 2022-11-21 | 2022-10-21 | 2022-09-21 | 2022-08-21 | 2022-07-21 | 2022-06-21 | 2022-05-21 | 2022-04-21 | 2022-03-21 | 2022-02-21 | 2022-01-21 | 2021-12-21 | 2021-11-21 | 2021-10-21 | 2021-09-21 | 2021-08-21 | 2021-07-21 | 2021-06-21 | 2021-05-21 | 2021-04-21 | 2021-03-21 | 2021-02-21 | 2021-01-21 | 2020-12-21 | 2020-11-21 | 2020-10-21 | 2020-09-21 | 2020-08-21 | 2020-07-21 | 2020-06-21 | 2020-05-21 | 2020-04-21 | 2020-03-21 | 2020-02-21 | 2020-01-21 | 2019-12-21 | 2019-11-21 | 2019-10-21 | 2019-09-21 | 2019-08-21 | 2019-07-21 | 2019-06-21 | 2019-05-21 | 2019-04-21 | 2019-03-21 | 2019-02-21 | 2019-01-21 | 2018-12-21 | 2018-11-21 | 2018-10-21 | 2018-09-21 | 2018-08-21 | 2018-07-21 | 2018-06-21 | 2018-05-21 | 2018-04-21 | 2018-03-21 | 2018-02-21 | 2018-01-21 | 2017-12-21 | 2017-11-21 | 2017-10-21 | 2017-09-21 | 2017-08-21 | 2017-07-21 | 2017-06-21 | 2017-05-21 | 2017-04-21 | 2017-03-21 | 2017-02-21 | 2017-01-21 | 2016-12-21 | 2016-11-21 | 2016-10-21 | 2016-09-21 | 2016-08-21 | 2016-07-21 | 2016-06-21 | 2016-05-21 | 2016-04-21 | 2016-03-21 | 2016-02-21 | 2016-01-21 | 2015-12-21 | 2015-11-21 | 2015-10-21 | 2015-09-21 | 2015-08-21 | 2015-07-21 | 2015-06-21 | 2015-05-21 | 2015-04-21 | 2015-03-21 | 2015-02-21 | 2015-01-21 | 2014-12-21 | 2014-11-21 | 2014-10-21 | 2014-09-21 | 2014-08-21 | 2014-07-21 | 2014-06-21 | 2014-05-21 | 2014-04-21 | 2014-03-21 | 2014-02-21 | 2014-01-21 | 2013-12-21 | 2013-11-21 | 2013-10-21 | 2013-09-21 | 2013-08-21 | 2013-07-21 | 2013-06-21 | 2013-05-21 | 2013-04-21 | 2013-03-21 | 2013-02-21 | 2013-01-21 | 2012-12-21 | 2012-11-21 | 2012-10-21 | 2012-09-21 | 2012-08-21 | 2012-07-21 | 2012-06-21 | 2012-05-21 | 2012-04-21 | 2012-03-21 | 2012-02-21 | 2012-01-21 | 2011-12-21 | 2011-11-21 | 2011-10-21 | 2011-09-21 | 2011-08-21 | 2011-07-21 | 2011-06-21 | 2011-05-21 | 2011-04-21 | 2011-03-21 | 2011-02-21 | 2011-01-21 | 2010-12-21 | 2010-11-21 | 2010-10-21 | 2010-09-21 | 2010-08-21 | 2010-07-21 | 2010-06-21 | 2010-05-21 | 2010-04-21 | 2010-03-21 | 2010-02-21 | 2010-01-21 | 2009-12-21 | 2009-11-21 | 2009-10-21 | 2009-09-21 | 2009-08-21 | 2009-07-21 | 2009-06-21 | 2009-05-21 | 2009-04-21 | 2009-03-21 | 2009-02-21 | 2009-01-21 | 2008-12-21 | 2008-11-21 | 2008-10-21 | 2008-09-21 | 2008-08-21 | 2008-07-21 | 2008-06-21 | 2008-05-21 | 2008-04-21 | 2008-03-21 | 2008-02-21 | 2008-01-21 | 2007-12-21 | 2007-11-21 | 2007-10-21 | 2007-09-21 | 2007-08-21 | 2007-07-21 | 2007-06-21 | 2007-05-21 | 2007-04-21 | 2007-03-21 | 2007-02-21 | 2007-01-21 | 2006-12-21 | 2006-11-21 | 2006-10-21 | 2006-09-21 | 2006-08-21 | 2006-07-21 | 2006-06-21 | 2006-05-21 | 2006-04-21 | 2006-03-21 | 2006-02-21 | 2006-01-21 | 2005-12-21 | 2005-11-21 | 2005-10-21 | 2005-09-21 | 2005-08-21 | 2005-07-21 | 2005-06-21 | 2005-05-21 | 2005-04-21 | 2005-03-21 | 2005-02-21 | 2005-01-21 | 2004-12-21 | 2004-11-21 | 2004-10-21 | 2004-09-21 | 2004-08-21 | 2004-07-21 | 2004-06-21 | 2004-05-21 | 2004-04-21 | 2004-03-21 | 2004-02-21 | 2004-01-21 | 2003-12-21 | 2003-11-21 | 2003-10-21 | 2003-09-21 | 2003-08-21 | 2003-07-21 | 2003-06-21 | 2003-05-21 | 2003-04-21 | 2003-03-21 | 2003-02-21 | 2003-01-21 | 2002-12-21 | 2002-11-21 | 2002-10-21 | 2002-09-21 | 2002-08-21 | 2002-07-21 | 2002-06-21 | 2002-05-21 | 2002-04-21 | 2002-03-21 | 2002-02-21 | 2002-01-21 | 2001-12-21 | 2001-11-21 | 2001-10-21 | 2001-09-21 | 2001-08-21 | 2001-07-21 | 2001-06-21 | 2001-05-21 | 2001-04-21 | 2001-03-21 | 2001-02-21 | 2001-01-21 | 2000-12-21 | 2000-11-21 | 2000-10-21 | 2000-09-21 | 2000-08-21 | 2000-07-21 | 2000-06-21 | 2000-05-21 | 2000-04-21 | 2000-03-21 | 2000-02-21 | 2000-01-21 | 1999-12-21

Key: Value:

MESSAGE

DATE	2006-05-03
FROM	Ruben Safir
SUBJECT	Subject: [NYLXS - HANGOUT] [Fwd: [suse-security-announce] SUSE Security Announcement:
-----Forwarded Message----- > From: Ludwig Nussel > To: suse-security-announce-at-suse.com > Subject: [suse-security-announce] SUSE Security Announcement: xorg-x11-server (SUSE-SA:2006:023) > Date: Wed, 03 May 2006 12:45:34 +0200 > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ______________________________________________________________________________ > > SUSE Security Announcement > > Package: xorg-x11-server > Announcement ID: SUSE-SA:2006:023 > Date: Wed, 03 May 2006 10:00:00 +0000 > Affected Products: SUSE LINUX 10.0 > SUSE LINUX 9.3 > SUSE LINUX 9.2 > Vulnerability Type: local privilege escalation > Severity (1-10): 7 > SUSE Default Package: yes > Cross-References: CVE-2006-1526 > > Content of This Advisory: > 1) Security Vulnerability Resolved: > Buffer overflow in the X.Org X11 server > Problem Description > 2) Solution or Work-Around > 3) Special Instructions and Notes > 4) Package Location and Checksums > 5) Pending Vulnerabilities, Solutions, and Work-Arounds: > - See SUSE Security Summary Report > 6) Authenticity Verification and Additional Information > > ______________________________________________________________________________ > > 1) Problem Description and Brief Discussion > > Miscalculation of a buffer size in the X Render extension of the > X.Org X11 server could potentially be exploited by users to cause a > buffer overflow and run code with elevated privileges. > > 2) Solution or Work-Around > > There is no known workaround, please install the update packages. > > 3) Special Instructions and Notes > > Please restart the X server by logging out or rebooting after the update. > > 4) Package Location and Checksums > > The preferred method for installing security updates is to use the YaST > Online Update (YOU) tool. YOU detects which updates are required and > automatically performs the necessary steps to verify and install them. > Alternatively, download the update packages for your distribution manually > and verify their integrity by the methods listed in Section 6 of this > announcement. Then install the packages using the command > > rpm -Fhv > > to apply the update, replacing with the filename of the > downloaded RPM package. > > > x86 Platform: > > SUSE LINUX 10.0: > ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xorg-x11-server-6.8.2-100.5.i586.rpm > 44c3b8dcb2b6a402d76364fd1d93494c > > SUSE LINUX 9.3: > ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/xorg-x11-server-6.8.2-30.5.i586.rpm > f741187e9f45443f6da22f6c581eb2a9 > > SUSE LINUX 9.2: > ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/xorg-x11-server-6.8.1-15.10.i586.rpm > 4809ccda14af35911d03d58cca61d734 > > Power PC Platform: > > SUSE LINUX 10.0: > ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/xorg-x11-server-6.8.2-100.5.ppc.rpm > 0cb1e49e97ad623163649b8dd7052032 > > x86-64 Platform: > > SUSE LINUX 10.0: > ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xorg-x11-server-6.8.2-100.5.x86_64.rpm > fc09f74f782b734692934b74cf7f0da5 > > SUSE LINUX 9.3: > ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/xorg-x11-server-6.8.2-30.5.x86_64.rpm > 1ee01c4d810ebf997caf767390ca1743 > > SUSE LINUX 9.2: > ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/xorg-x11-server-6.8.1-15.10.x86_64.rpm > db7c539b47dd0cbd0d190a5c587a2d09 > > ______________________________________________________________________________ > > 5) Pending Vulnerabilities, Solutions, and Work-Arounds: > > - See SUSE Security Summary Report > > > ______________________________________________________________________________ > > 6) Authenticity Verification and Additional Information > > - Announcement authenticity verification: > > SUSE security announcements are published via mailing lists and on Web > sites. The authenticity and integrity of a SUSE security announcement is > guaranteed by a cryptographic signature in each announcement. All SUSE > security announcements are published with a valid signature. > > To verify the signature of the announcement, save it as text into a file > and run the command > > gpg --verify > > replacing with the name of the file where you saved the > announcement. The output for a valid signature looks like: > > gpg: Signature made using RSA key ID 3D25D3D9 > gpg: Good signature from "SuSE Security Team " > > where is replaced by the date the document was signed. > > If the security team's key is not contained in your key ring, you can > import it from the first installation CD. To import the key, use the > command > > gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc > > - Package authenticity verification: > > SUSE update packages are available on many mirror FTP servers all over the > world. While this service is considered valuable and important to the free > and open source software community, the authenticity and the integrity of > a package needs to be verified to ensure that it has not been tampered > with. > > There are two verification methods that can be used independently from > each other to prove the authenticity of a downloaded file or RPM package: > > 1) Using the internal gpg signatures of the rpm package > 2) MD5 checksums as provided in this announcement > > 1) The internal rpm package signatures provide an easy way to verify the > authenticity of an RPM package. Use the command > > rpm -v --checksig > > to verify the signature of the package, replacing with the > filename of the RPM package downloaded. The package is unmodified if it > contains a valid signature from build-at-suse.de with the key ID 9C800ACA. > > This key is automatically imported into the RPM database (on > RPMv4-based distributions) and the gpg key ring of 'root' during > installation. You can also find it on the first installation CD and at > the end of this announcement. > > 2) If you need an alternative means of verification, use the md5sum > command to verify the authenticity of the packages. Execute the command > > md5sum > > after you downloaded the file from a SUSE FTP server or its mirrors. > Then compare the resulting md5sum with the one that is listed in the > SUSE security announcement. Because the announcement containing the > checksums is cryptographically signed (by security-at-suse.de), the > checksums show proof of the authenticity of the package if the > signature of the announcement is valid. Note that the md5 sums > published in the SUSE Security Announcements are valid for the > respective packages only. Newer versions of these packages cannot be > verified. > > - SUSE runs two security mailing lists to which any interested party may > subscribe: > > suse-security-at-suse.com > - General Linux and SUSE security discussion. > All SUSE security announcements are sent to this list. > To subscribe, send an e-mail to > . > > suse-security-announce-at-suse.com > - SUSE's announce-only mailing list. > Only SUSE's security announcements are sent to this list. > To subscribe, send an e-mail to > . > > For general information or the frequently asked questions (FAQ), > send mail to or > . > > ===================================================================== > SUSE's security contact is or . > The public key is listed below. > ===================================================================== > ______________________________________________________________________________ > > The information in this advisory may be distributed or reproduced, > provided that the advisory is not modified in any way. In particular, the > clear text signature should show proof of the authenticity of the text. > > SUSE Linux Products GmbH provides no warranties of any kind whatsoever > with respect to the information contained in this security advisory. > > Type Bits/KeyID Date User ID > pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team > pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key > > - -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: GnuPG v1.4.2 (GNU/Linux) > > mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA > BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz > JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh > 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U > P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ > cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg > VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b > yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 > tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ > xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 > Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo > choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI > BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u > v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ > x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 > Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq > MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 > saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o > L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU > F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS > FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW > tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It > Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF > AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ > 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk > YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP > +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR > 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U > 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S > cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh > ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB > UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo > AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n > KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi > BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro > nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg > KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx > yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn > B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV > wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh > UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF > 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 > D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu > zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd > 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi > a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 > CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp > 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE > t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG > B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw > rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt > IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL > rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H > RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa > g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA > CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO > =ypVs > - -----END PGP PUBLIC KEY BLOCK----- > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (GNU/Linux) > > iQEVAwUBRFhvFXey5gA9JdPZAQJE3Qf+M5Hu3VW1Tq3dgEx7rJ+54glqEIeSEX+k > xKPJ1BzYlFrNLQgIcduBHYR+e8NgXtt+KgxHzVcm65dnLDbkoNBUGbfhMGaq6yNJ > H4s/dlFY3nLLNrY4mhlhw8VyqoCNiKAefC1Zh9QHSvViigUW7rILahFMWjn6HHi+ > agLDFjdIUbR4rG45AVhHvq52NCQNMUJ4z046G2c6hd/MLPT/B9RQdSTZZah/WoX/ > rZoczRTpfkbdCJNRutga7tlM54nM0SKQ81dHH+u7jbFkg5SWb/Th4ThAMOxXU65u > LCQAdFw2Q6u12kZB4L/uNkLqBuo8QsoknwSOIgmwsaVV3FjVaTBRWA== > =QyGf > -----END PGP SIGNATURE-----