LFS-6.5 Released

Hi,

The Linux From Scratch community is pleased to announce the release of
LFS Version 6.5. This release includes numerous changes from LFS-6.4
(including updates to Linux-2.6.30.2, GCC-4.4.1, and Glibc-2.10.1) and
security fixes. It also includes editorial work on the explanatory material
throughout the book, improving both the clarity and accuracy of the text.

You can read the book online[0], or download to read locally [1].

Please direct any comments about this release to the LFS development team
at lfs-dev <at> linuxfromscratch.org. Please note that registration for the
lfs-dev mailing list is required to avoid junk email.

Regards,

Matt.

[0] http://www.linuxfromscratch.org/lfs/view/6.5/
[1] http://www.linuxfromscratch.org/lfs/downloads/6.5/

--

-- 
http://linuxfromscratch.org/mailman/listinfo/lfs-announce
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

LFS-6.5-RC2 released

Hi,

The Linux From Scratch community is pleased to announce the release of
LFS Version 6.5 Release Candidate 2. This release includes numerous
changes from LFS-6.4 (including updates to Linux-2.6.30.2, GCC-4.4.1,
and Glibc-2.10.1) and security fixes. It also includes editorial work on
the explanatory material throughout the book, improving both the clarity
and accuracy of the text.

You can read the book online[0], or download to read locally [1].

It is our intention to release LFS-6.5 final within 1 week.  Please
direct any comments about this release to the LFS development team at
lfs-dev <at> linuxfromscratch.org. Please note that registration for the
lfs-dev mailing list is required to avoid junk email.

[0] http://www.linuxfromscratch.org/lfs/view/6.5-rc2/
[1] http://www.linuxfromscratch.org/lfs/downloads/6.5-rc2/

Regards,

Matt.

--

-- 
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

LFS-6.5-RC1 released

Hi,

The Linux From Scratch community is pleased to announce the release of
LFS Version 6.5 Release Candidate 1. This release includes numerous
changes from LFS-6.4 (including updates to Linux-2.6.30.1, GCC-4.4.0,
Glibc-2.10.1) and security fixes. It also includes editorial work on the
explanatory material throughout the book, improving both the clarity and
accuracy of the text.

You can read the book online[0], or download to read locally [1].

It is our intention to release LFS-6.5 final within 2 weeks.  Please
direct any comments about this release to the LFS development team at
lfs-dev <at> linuxfromscratch.org. Please note that registration for the
lfs-dev mailing list is required to avoid junk email.

[0] http://www.linuxfromscratch.org/lfs/view/6.5-rc1/
[1] http://www.linuxfromscratch.org/lfs/downloads/6.5-rc1/

Regards,

Matt.

--

-- 
http://linuxfromscratch.org/mailman/listinfo/lfs-announce
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

(2008032901 - LFS) Introduction

Hello all  :)

I just joined these lists so thought I would introduce myself.  I am 
Adrian from England and am learning Linux.  I am an IT contractor and 
currently do technical support (M$).  I have two computers, one to use 
for everyday things and another one to use for my LFS system.

I am sure I will have many questions and hope to be able to offer help 
at times so don't wan to make this a one-way thing :)

Bye for now and happy hacking :)

A.
--

-- 
http://linuxfromscratch.org/mailman/listinfo/lfs-chat
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

X.Org security vulnerability

<http://lists.freedesktop.org/archives/xorg/2006-May/015136.html>:

"A client of the X server using the X render extension is able to
send requests that will cause a buffer overflow in the server side of
the extension. This overflow can be exploited by an authorized client
to execute malicious code inside the X server, which is generally
running with root privileges. [...] X.Org 6.8.0 and later versions are
vulnerable". Patches are available.
--

-- 
http://linuxfromscratch.org/mailman/listinfo/lfs-security
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

Subscription required to post

As a stop-gap measure to curb the current spam, this list has been made
subscriber only. 

-- 
Archaic

Want control, education, and security from your operating system?
Hardened Linux From Scratch
http://www.linuxfromscratch.org/hlfs

--

-- 
http://linuxfromscratch.org/mailman/listinfo/lfs-security
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

Tar vulnerability

The problem:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300

Gentoo's fix (untested by me):
http://mirror.phy.olemiss.edu/mirror/gentoo-portage/app-arch/tar/files/tar-CVE-2006-0300.patch

-- 
Archaic

Want control, education, and security from your operating system?
Hardened Linux From Scratch
http://www.linuxfromscratch.org/hlfs

--

-- 
http://linuxfromscratch.org/mailman/listinfo/lfs-security
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

Sendmail vulnerability

There is a serious security problem in all versions of Sendmail prior
to 8.13.6. There is a patch to fix some old releases. Upgrading to
8.13.6 is highly recommended. See:

http://www.sendmail.org/
http://www.sendmail.org/8.13.6.html

-- 
Randy

rmlscsi: [bogomips 1003.28] [GNU ld version 2.16.1] [gcc (GCC) 4.0.3]
[GNU C Library stable release version 2.3.6] [Linux 2.6.14.3 i686]
18:43:00 up 3 days, 7:20, 6 users, load average: 1.24, 1.18, 0.85
--

-- 
http://linuxfromscratch.org/mailman/listinfo/lfs-security
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

Fwd: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0

----- Forwarded message from Daniel Stone <daniel <at> fooishbar.org> -----

To: xorg <at> lists.freedesktop.org
From: Daniel Stone <daniel <at> fooishbar.org>
Date: Mon, 20 Mar 2006 16:00:58 +0200
Cc: vendor-sec <at> lst.de, bugtraq <at> securityfocus.com
User-Agent: Mutt/1.5.11
Subject: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0

X.Org Security Advisory, March 20th 2006
Local privilege escalation in X.Org server 1.0.0 and later; X11R6.9.0
and X11R7.0
CVE-ID: CVE-2006-0745

Overview:

During the analysis of results from the Coverity code review of X.Org,
we discovered a flaw in the server that allows local users to execute
arbitrary code with root privileges, or cause a denial of service by
overwriting files on the system, again with root privileges.

Vulnerability details:

When parsing arguments, the server takes care to check that only root
can pass the options -modulepath, which determines the location to load
many modules providing server functionality from, and -logfile, which
determines the location of the logfile.  Normally, these locations
cannot be changed by unprivileged users.

This test was changed to test the effective UID as well as the real UID

Security fixes for unzip

Hi,

the attached patch fixes two security issues in unzip (taken from
Ubuntu).  Please apply and add to the book.

<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2475>
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4667>

Bye,
Oliver
-- 
It's practically impossible to look at a   /\   #198843 @ http://counter.li.org
penguin and feel angry.     -- Joe Moore   \/   http://www.linuxfromscratch.org

NP: Queensrÿche - One and Only

Submitted By: Oliver Brakmann <obrakmann <at> gmx.net>
Date: 2006-02-26
Initial Package Version: Unzip 5.52
Upstream Status: Unknown
Origin: Ubuntu patch to unzip <http://archive.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-3ubuntu2.2.diff.gz>
Description: Fixes CVE-2005-2475 and CVE-2005-4667

--- unzip-5.52.orig/unix/unix.c
+++ unzip-5.52/unix/unix.c
@@ -1042,6 +1042,16 @@
     ush z_uidgid[2];
     int have_uidgid_flg;

OpenSSH 4.3p1 released

OpenSSH 4.3p1 has recently been released. Besides several bug fixes one
security bug has been addressed. The announcement is available at
<http://marc.theaimsgroup.com/?l=openbsd-announce&m=113893053104991&w=2>.

Tim
--

-- 
http://linuxfromscratch.org/mailman/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page