EasyLinux Ubuntu

Hallo Liste

Wenn ich meinen Laptop aus dem Suspend-to-Ram oder Suspend-to-Disk hole,
funktioniert weder das Modem noch die Netzwerkkarte im Cardbusschacht.
Die Netzwerkkarte kann ich dann mit /etc/init.d/networking restart neu
in Betrieb nehmen. Gibt es so einen Befehl auch für das Modem?

Schöne Pfingsten wünscht allen
Moni

-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : signature.asc
Dateityp : application/pgp-signature
Dateigröße : 252 bytes
Beschreibung: OpenPGP digital signature
URL : http://www.easylinux.de/pipermail/ubuntu/attachments/20080511/697c2c2d/signature.pgp

Hi,

ich habe Ubuntu und möchte eine firewall installieren.

Ich weiss, ich weiss, ich brauche keine .....

Ich brauche doch eine. Nicht für den eingehenden Verkehr, sondern für
den ausgehenden.

Nur als Beispiel:
Ich habe ein kostenpflichtiges Bildbearbeitungsprogramm installiert. Ich
vermute, dass dieses Programm regelmäßig Kontakt mit seinem "Herrn"
aufnimmt.

Dies, und so ähnliche Sachen will ich verhindern.

Mit iptables habe ich mich schon beschäftigt, aber irgendwie ist mir das
zu kompliziert. (Da müsste ich ja mal richtig nachdenken (;-))

Ich will - ufw - nehmen. Das wird auf der Kommandozeile administriert
und scheint einfach zu sein.

Ich habe vor, folgende Regeln aufzustellen:

1. Alles verboten !
2. HTTP, ftp, POP3, SMTP (jeweils mit Ports) erlaubt !

Jeder "Ausbruchsversuch" - auf einem anderen Port - müsste doch damit
scheitern und der "Übeltäter" steht in der log-Datei.

Oder liege ich da falsch ???

Gruss

Roland

----- Forwarded message from Daniel Leidert -----

From: Daniel Leidert
Subject: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable
random number generator
To: User german
Date: Tue, 13 May 2008 19:54:30 +0200
Organization: TU Dresden
X-Mailer: Evolution 2.22.1.1

Hallo,

Für die deutschsprachigen Nutzer, hier eine Information aus der
Security-Ecke [1], die für einige Nutzer sicherlich von Interesse ist.
Mit dem Update des openssl-Pakets ist es leider nicht getan.

Im Kern [2]:

Durch einen Programmierfehler in einem Debian-spezifischen Patch
arbeitete der Zufallszahlengenerator in OpenSSL seit
Paketversion 0.9.8c-1 vorhersagbar, wodurch auch "kryptografisches
Schlüsselmaterial" vorhersagbar wurde. Das schließt SSH-, OpenVPN-
und DNSSEC-Schlüssel, Schlüsselmaterial für X.509 Zertifikate und
Session-Schlüssel für SSL/TLS-Verbindungen ein. Schlüssel, die
mit GnuPG oder GNUTLS erzeugt wurden, gelten nicht als anfällig.

Damit ist jedes Schlüsselmaterial (s.o.), das mit einer verwundbaren
Version erstellt wurde (für Etch bis Paketversion 0.9.8c-4etch3, für
Lenny/Sid bis 0.9.8g-9) potentiell unsicher und es wird dringend
empfohlen, das gesamte Material (Schlüssel/Zertifikate) neu zu erzeugen.

Ein kleines Perl-Skript



(OpenPGP-Signatur)

soll/kann helfen, verwundbares Material aufzuspüren.

Weiterhin müssen alle DSA-Schlüssel, die auf verwundbaren Systemen zum
Signieren oder Authentifizieren benutzt wurden, als kompromittiert
angesehen werden.

Wie gesagt: Das Projekt empfiehlt jedem, verwundbares oder
möglicherweise kompromittiertes Schlüsselmaterial neu zu erzeugen.

PS: Nicht wundern, wenn der SSH-Zugang zu Maschinen des Debian-Projects
(inkl. Alioth) im Moment nicht funktioniert [3].

[1] http://lists.debian.org/debian-security-announce/2008/msg00152.html
[2] Falls jemand mit dieser Materie besser vertraut ist, könnte er bitte
die Mail komplett übersetzen?
[3] http://lists.debian.org/debian-infrastructure-announce/2008/05/msg00000.html

MfG Daniel

Folgend die originale Mail:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - ------------------------------------------------------------------------
> Debian Security Advisory DSA-1571-1 security[bei]debian[punkt]org
> http://www.debian.org/security/ Florian Weimer
> May 13, 2008 http://www.debian.org/security/faq
> - ------------------------------------------------------------------------
>
> Package : openssl
> Vulnerability : predictable random number generator
> Problem type : remote
> Debian-specific: yes
> CVE Id(s) : CVE-2008-0166
>
> Luciano Bello discovered that the random number generator in Debian's
> openssl package is predictable. This is caused by an incorrect
> Debian-specific change to the openssl package (CVE-2008-0166). As a
> result, cryptographic key material may be guessable.
>
> This is a Debian-specific vulnerability which does not affect other
> operating systems which are not based on Debian. However, other systems
> can be indirectly affected if weak keys are imported into them.
>
> It is strongly recommended that all cryptographic key material which has
> been generated by OpenSSL versions starting with 0.9.8c-1 on Debian
> systems is recreated from scratch. Furthermore, all DSA keys ever used
> on affected Debian systems for signing or authentication purposes should
> be considered compromised; the Digital Signature Algorithm relies on a
> secret random value used during signature generation.
>
> The first vulnerable version, 0.9.8c-1, was uploaded to the unstable
> distribution on 2006-09-17, and has since propagated to the testing and
> current stable (etch) distributions. The old stable distribution
> (sarge) is not affected.
>
> Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key
> material for use in X.509 certificates and session keys used in SSL/TLS
> connections. Keys generated with GnuPG or GNUTLS are not affected,
> though.
>
> A detector for known weak key material will be published at:
>
>
>
> (OpenPGP signature)
>
> Instructions how to implement key rollover for various packages will be
> published at:
>
>
>
> This web site will be continously updated to reflect new and updated
> instructions on key rollovers for packages using SSL certificates.
> Popular packages not affected will also be listed.
>
> In addition to this critical change, two other vulnerabilities have been
> fixed in the openssl package which were originally scheduled for release
> with the next etch point release: OpenSSL's DTLS (Datagram TLS,
> basically "SSL over UDP") implementation did not actually implement the
> DTLS specification, but a potentially much weaker protocol, and
> contained a vulnerability permitting arbitrary code execution
> (CVE-2007-4995). A side channel attack in the integer multiplication
> routines is also addressed (CVE-2007-3108).
>
> For the stable distribution (etch), these problems have been fixed in
> version 0.9.8c-4etch3.
>
> For the unstable distribution (sid) and the testing distribution
> (lenny), these problems have been fixed in version 0.9.8g-9.
>
> We recommend that you upgrade your openssl package and subsequently
> regenerate any cryptographic material, as outlined above.
>
> Upgrade instructions
> - --------------------
>
> wget url
> will fetch the file for you
> dpkg -i file.deb
> will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
> will update the internal database
> apt-get upgrade
> will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian GNU/Linux 4.0 alias etch
> - -------------------------------
>
> Source archives:
>
> http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3.dsc
> Size/MD5 checksum: 1099 5e60a893c9c3258669845b0a56d9d9d6
> http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c.orig.tar.gz
> Size/MD5 checksum: 3313857 78454bec556bcb4c45129428a766c886
> http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3.diff.gz
> Size/MD5 checksum: 55320 f0e457d6459255da86f388dcf695ee20
>
> alpha architecture (DEC Alpha)
>
> http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_alpha.deb
> Size/MD5 checksum: 1025954 d82f535b49f8c56aa2135f2fa52e7059
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_alpha.deb
> Size/MD5 checksum: 4558230 399adb0f2c7faa51065d4977a7f3b3c4
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_alpha.deb
> Size/MD5 checksum: 2620892 0e5efdec0a912c5ae56bb7c5d5d896c6
> http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_alpha.deb
> Size/MD5 checksum: 2561650 affe364ebcabc2aa33ae8b8c3f797b5e
> http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_alpha.udeb
> Size/MD5 checksum: 677172 5228d266c1fc742181239019dbad4c42
>
> amd64 architecture (AMD x86_64 (AMD64))
>
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_amd64.deb
> Size/MD5 checksum: 1654902 d8ad8dc51449cf6db938d2675789ab25
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_amd64.deb
> Size/MD5 checksum: 891102 2e97e35c44308a59857d2e640ddf141a
> http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_amd64.deb
> Size/MD5 checksum: 992248 82193ea11b0bc08c74a775039b855a05
> http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_amd64.deb
> Size/MD5 checksum: 2178610 fb7c53e5f157c43753db31885ff68420
> http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_amd64.udeb
> Size/MD5 checksum: 580250 7fb3d7fee129cc9a4fb21f5c471dfbab
>
> arm architecture (ARM)
>
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_arm.deb
> Size/MD5 checksum: 1537440 c5ab48e9bde49ba32648fb581b90ba18
> http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_arm.udeb
> Size/MD5 checksum: 516576 84385b137c731de3b86824c17affa9f3
> http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_arm.deb
> Size/MD5 checksum: 2049882 7ed60840eb3e6b26c6856dcaf5776b0c
> http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_arm.deb
> Size/MD5 checksum: 1011698 abfa887593089ac0f1cd4e31154897ee
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_arm.deb
> Size/MD5 checksum: 805912 a605625ea107252e9aebbc77902a63ed
>
> hppa architecture (HP PA RISC)
>
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_hppa.deb
> Size/MD5 checksum: 1585900 2cbe55764db351dc6c3c2d622aa90caf
> http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_hppa.deb
> Size/MD5 checksum: 2248328 664fb0992b786ce067a7d878056fc191
> http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_hppa.deb
> Size/MD5 checksum: 1030782 21f445c541d5e5b7c16de1db9ee9d681
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_hppa.deb
> Size/MD5 checksum: 945144 c1092f3bb94d920d0beaa372c9cab04e
> http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_hppa.udeb
> Size/MD5 checksum: 631132 76339119275786b5e80a7a1b4cd26b71
>
> i386 architecture (Intel ia32)
>
> http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_i386.deb
> Size/MD5 checksum: 2086512 eeef437fb87ad6687cd953d5951aa472
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_i386.deb
> Size/MD5 checksum: 5584696 6d364557c9d392bb90706e049860be66
> http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_i386.deb
> Size/MD5 checksum: 1000832 ed5668305f1e4b4e4a22fbd24514c758
> http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_i386.udeb
> Size/MD5 checksum: 554676 dbad0172c990359282884bac1d141034
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_i386.deb
> Size/MD5 checksum: 2717086 361fde071d18ccf93338134357ab1a61
>
> ia64 architecture (Intel ia64)
>
> http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_ia64.udeb
> Size/MD5 checksum: 801748 05b29fc674311bd31fe945036a08abd5
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_ia64.deb
> Size/MD5 checksum: 1192192 56be85aceb4e79e45f39c4546bfecf4f
> http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_ia64.deb
> Size/MD5 checksum: 2593418 f9edaea0a86c1a1cea391f890d7ee70f
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_ia64.deb
> Size/MD5 checksum: 1569418 4b2cb04d13efabdddddbd0f6d3cefd9b
> http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_ia64.deb
> Size/MD5 checksum: 1071156 e1f487c4310ad526c071f7483de4cd1a
>
> mips architecture (MIPS (Big Endian))
>
> http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_mips.deb
> Size/MD5 checksum: 1003816 f895a8bc714e9c373ee80f736b5af00b
> http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_mips.deb
> Size/MD5 checksum: 2262266 004484e816d4fe5ff03fe6d7df38d7b7
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_mips.deb
> Size/MD5 checksum: 1692606 e8273f5d123f892a81a155f14ba19b50
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_mips.deb
> Size/MD5 checksum: 875558 44074bce1cde4281c5abcf45817f429d
> http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_mips.udeb
> Size/MD5 checksum: 580130 b6b810d1c39164747e3ebc9df4903974
>
> mipsel architecture (MIPS (Little Endian))
>
> http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_mipsel.udeb
> Size/MD5 checksum: 566168 97963ca9b6ada94445fb25b3126655e9
> http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_mipsel.deb
> Size/MD5 checksum: 992712 41c2bbe984553d693f21c3ec349ea465
> http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_mipsel.deb
> Size/MD5 checksum: 2255558 3c63936cd511975291b4230bef1a2e3b
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_mipsel.deb
> Size/MD5 checksum: 860506 d580fbeed6efd734245ea7a7bed225bb
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_mipsel.deb
> Size/MD5 checksum: 1649300 3315d1406f995f5b6d2a4f958976a794
>
> powerpc architecture (PowerPC)
>
> http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_powerpc.deb
> Size/MD5 checksum: 1002022 b2749639425c3a8ac493e072cfffb358
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_powerpc.deb
> Size/MD5 checksum: 895460 e15fbbbbcfe17e82bacc07f6febd9707
> http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_powerpc.udeb
> Size/MD5 checksum: 585320 61488ea7f54b55a21f7147fe5bc3b0f0
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_powerpc.deb
> Size/MD5 checksum: 1728384 539ee1a3fe7d9b89034ebfe3c1091b6f
> http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_powerpc.deb
> Size/MD5 checksum: 2210792 82e9e27c6083a95c76c5817f9604178f
>
> s390 architecture (IBM S/390)
>
> http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_s390.udeb
> Size/MD5 checksum: 643008 4861c78ea63b6c3c08c22a0c5326d981
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_s390.deb
> Size/MD5 checksum: 1632976 01d289d460622382b59d07950305764f
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_s390.deb
> Size/MD5 checksum: 951404 d92bb390489bed0abff58f7a1ceade6b
> http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_s390.deb
> Size/MD5 checksum: 1014308 487c24f2af25797a857814af7c9c0d0b
> http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_s390.deb
> Size/MD5 checksum: 2193782 f1fe472c802e929a57bd8c8560bd3009
>
> sparc architecture (Sun SPARC/UltraSPARC)
>
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_sparc.deb
> Size/MD5 checksum: 4091340 970453ebfab8152c9c44ae210fbaa2a4
> http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_sparc.udeb
> Size/MD5 checksum: 539054 7be1258f74165c4b037e202d2048f8ce
> http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_sparc.deb
> Size/MD5 checksum: 1010536 6444d6cc6fd838c82716462aacd1cf84
> http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_sparc.deb
> Size/MD5 checksum: 2108000 ab0d0ccc72764a26b7767cace520b269
> http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_sparc.deb
> Size/MD5 checksum: 2126386 61ddc204ee650cdd0f2b56e358134e2b
>
>
> These files will probably be moved into the stable distribution on
> its next update.
>
> - ---------------------------------------------------------------------------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
> Mailing list: debian-security-announce[bei]lists.debian[punkt]org
> Package info: `apt-cache show ' and http://packages.debian.org/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iQEVAwUBSCmDjL97/wQC1SS+AQLZGgf8Dp7Rj1HmC4n0QowM9cRnzw24upFQ1bpq
> SbkU/NhkoLORcMnXsnVPL30bmtpXltjpWuKIuRGzudXBonXaZtX1N4rl9HDpN+gt
> AZJdxweSSmwQNyvOyPRKDVJ1w/YYiaJnSIDNks6NqSNYSEAb5L3bHBeHDTgLsWMW
> jYcF5GJSt8yG3GvA0FyFIPwJihr2YF/RmhpurGQf3XO6S94cDsdLtr/KOcdmdWze
> 39E+2h3L34HGIwVUgK9uY8Gv0DCPqhQZ4157CteFpQwQoKzFSxYApruCm4QcFxV+
> BxuB/M9M5tPWrX1slffG+q3YHK0mDnB9d2JqSwQ5TD9kxTiwEEY8sQ==
> =lX6B
> -----END PGP SIGNATURE-----
>
>

--
Haeufig gestellte Fragen und Antworten (FAQ):
http://www.de.debian.org/debian-user-german-FAQ/

Zum AUSTRAGEN schicken Sie eine Mail an debian-user-german-REQUEST[bei]lists.debian[punkt]org
mit dem Subject "unsubscribe". Probleme? Mail an listmaster[bei]lists.debian[punkt]org (engl)

----- End forwarded message -----

--
"Die Debatte um die informationelle Selbstbestimmung stammt aus der Zeit der
Volkszählung vor zwanzig Jahren. Heute würde doch jeder zugeben, dass die
Befürchtungen von damals hysterische Übertreibungen waren."
Wolfgang Schäuble
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : nicht verfügbar
Dateityp : application/pgp-signature
Dateigröße : 189 bytes
Beschreibung: Digital signature
URL : http://www.easylinux.de/pipermail/ubuntu/attachments/20080513/5e6629d2/attachment-0001.pgp

----- Forwarded message from Florian Weimer -----

From: Florian Weimer
Subject: [DSA 1576-1] New openssh packages fix predictable randomness
To: debian-security-announce[bei]lists.debian[punkt]org
Reply-To: debian-security[bei]lists.debian[punkt]org
Date: Wed, 14 May 2008 11:24:56 +0200
X-Spam-Status: No, score=-2.1 required=5.0 tests=AWL,BAYES_00,J_CHICKENPOX_43,
J_CHICKENPOX_55,J_CHICKENPOX_74,RCVD_IN_DNSWL_LOW,T_HAMFILTER,URICOUNTRY_US
autolearn=no version=3.2.3
X-Spam-Relay-Country: ** DE ** DE

------------------------------------------------------------------------
Debian Security Advisory DSA-1576-1 security[bei]debian[punkt]org
http://www.debian.org/security/ Florian Weimer
May 14, 2008 http://www.debian.org/security/faq
------------------------------------------------------------------------

Package : openssh
Vulnerability : predictable random number generator
Problem type : remote
Debian-specific: yes
CVE Id(s) : CVE-2008-0166

The recently announced vulnerability in Debian's openssl package
(DSA-1571-1, CVE-2008-0166) indirectly affects OpenSSH. As a result,
all user and host keys generated using broken versions of the openssl
package must be considered untrustworthy, even after the openssl update
has been applied.

1. Install the security updates

This update contains a dependency on the openssl update and will
automatically install a corrected version of the libss0.9.8 package,
and a new package openssh-blacklist.

Once the update is applied, weak user keys will be automatically
rejected where possible (though they cannot be detected in all
cases). If you are using such keys for user authentication, they
will immediately stop working and will need to be replaced (see
step 3).

OpenSSH host keys can be automatically regenerated when the OpenSSH
security update is applied. The update will prompt for confirmation
before taking this step.

2. Update OpenSSH known_hosts files

The regeneration of host keys will cause a warning to be displayed when
connecting to the system using SSH until the host key is updated in the
known_hosts file. The warning will look like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.

In this case, the host key has simply been changed, and you should update
the relevant known_hosts file as indicated in the error message.

It is recommended that you use a trustworthy channel to exchange the
server key. It is found in the file /etc/ssh/ssh_host_rsa_key.pub on
the server; it's fingerprint can be printed using the command:

ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub

In addition to user-specific known_hosts files, there may be a
system-wide known hosts file /etc/ssh/known_hosts. This is file is
used both by the ssh client and by sshd for the hosts.equiv
functionality. This file needs to be updated as well.

3. Check all OpenSSH user keys

The safest course of action is to regenerate all OpenSSH user keys,
except where it can be established to a high degree of certainty that the
key was generated on an unaffected system.

Check whether your key is affected by running the ssh-vulnkey tool, included
in the security update. By default, ssh-vulnkey will check the standard
location for user keys (~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity),
your authorized_keys file (~/.ssh/authorized_keys and
~/.ssh/authorized_keys2), and the system's host keys
(/etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key).

To check all your own keys, assuming they are in the standard
locations (~/.ssh/id_rsa, ~/.ssh/id_dsa, or ~/.ssh/identity):

ssh-vulnkey

To check all keys on your system:

sudo ssh-vulnkey -a

To check a key in a non-standard location:

ssh-vulnkey /path/to/key

If ssh-vulnkey says "Unknown (no blacklist information)", then it has no
information about whether that key is affected. In this case, you
can examine the modification time (mtime) of the file using "ls -l".
Keys generated before September 2006 are not affected. Keep in mind
that, although unlikely, backup procedures may have changed the file
date back in time (or the system clock may have been incorrectly
set).

If in doubt, generate a new key and remove the old one from any
servers.

4. Regenerate any affected user keys

OpenSSH keys used for user authentication must be manually regenerated,
including those which may have since been transferred to a different system
after being generated.

New keys can be generated using ssh-keygen, e.g.:

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 user@host

5. Update authorized_keys files (if necessary)

Once the user keys have been regenerated, the relevant public keys
must be propagated to any authorized_keys files (and authorized_keys2
files, if applicable) on remote systems. Be sure to delete the lines
containing old keys from those files..

In addition to countermeasures to mitigate the randomness vulnerability,
this OpenSSH update fixes several other vulnerabilities:

CVE-2008-1483:
Timo Juhani Lindfors discovered that, when using X11 forwarding, the
SSH client selects an X11 forwarding port without ensuring that it
can be bound on all address families. If the system is configured
with IPv6 (even if it does not have working IPv6 connectivity), this
could allow a local attacker on the remote server to hijack X11
forwarding.

CVE-2007-4752:
Jan Pechanec discovered that ssh fails back to creating a trusted X11
cookie if creating an untrusted cookie fails, potentially exposing
the local display to a malicious remote server when using X11
forwarding.

For the stable distribution (etch), these problems have been fixed in
version 4.3p2-9etch1. Currently, only a subset of all supported
architectures have been built; further updates will be provided when
they become available.

For the unstable distribution (sid) and the testing distribution
(lenny), these problems have been fixed in version 4.7p1-9.

We recommend that you upgrade your openssh packages and take the
measures indicated above.

Upgrade instructions
--------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
-------------------------------

Source archives:

http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch1.diff.gz
Size/MD5 checksum: 275168 920f559caa1c8c737b016c08df2bde05
http://security.debian.org/pool/updates/main/o/openssh-blacklist/openssh-blacklist_0.1.1.tar.gz
Size/MD5 checksum: 3694141 05eec6b473990bff4fc70921b232794b
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch1.dsc
Size/MD5 checksum: 1074 89930d72e9aff6b344efd35a130e4faa
http://security.debian.org/pool/updates/main/o/openssh-blacklist/openssh-blacklist_0.1.1.dsc
Size/MD5 checksum: 799 aeaa45e0bfbf7f966e3c7fca9181d99d
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2.orig.tar.gz
Size/MD5 checksum: 920186 239fc801443acaffd4c1f111948ee69c

Architecture independent packages:

http://security.debian.org/pool/updates/main/o/openssh-blacklist/openssh-blacklist_0.1.1_all.deb
Size/MD5 checksum: 2121928 fa1ba22d98f91f18b326ee1bfd31bcbb
http://security.debian.org/pool/updates/main/o/openssh/ssh_4.3p2-9etch1_all.deb
Size/MD5 checksum: 1060 44ec3f52add1876d7b2c1bd3fa3cdbfd
http://security.debian.org/pool/updates/main/o/openssh/ssh-krb5_4.3p2-9etch1_all.deb
Size/MD5 checksum: 92162 9ae37916a6dc269318aff1215b6638cf

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_alpha.udeb
Size/MD5 checksum: 198496 69fe6fc4002ec592e1756cee28ffd85b
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_alpha.deb
Size/MD5 checksum: 782120 e5746f3c12a52f72b75cffee8e1c3a6f
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_alpha.deb
Size/MD5 checksum: 100402 fda20ac6b68a6882534384e6ce4e6efd
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_alpha.udeb
Size/MD5 checksum: 213724 118390296bbf6d6d208d39a07895852e
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_alpha.deb
Size/MD5 checksum: 266518 be53eb9497ea993e0ae7db6a0a4dcd3a

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_amd64.udeb
Size/MD5 checksum: 183848 bd6c4123fe0e72f7565e455b25eb037c
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_amd64.deb
Size/MD5 checksum: 244406 f70bf398d91eb4b8fe27cc5b03548b16
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_amd64.udeb
Size/MD5 checksum: 171512 0b8afcf2b96ad97323152342e83dd3bf
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_amd64.deb
Size/MD5 checksum: 709734 556332c58aeee82628d35ebf71d15ac1
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_amd64.deb
Size/MD5 checksum: 99896 14d2f97314e7b4b6cb97540667d7f544

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_hppa.udeb
Size/MD5 checksum: 189608 5267dec18e00f3e88bd53b3adfe23e62
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_hppa.deb
Size/MD5 checksum: 100438 2ebd2edd75c440c062eaafab5a97b177
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_hppa.deb
Size/MD5 checksum: 250556 1ca2aa080853748ab343381d9f9ffc6b
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_hppa.udeb
Size/MD5 checksum: 198424 d99af9d81fe074f9b16928cae835ce56
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_hppa.deb
Size/MD5 checksum: 733664 e6abc3231e7d274a5a73321ea3761974

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_i386.deb
Size/MD5 checksum: 660432 16f0807e7871c23af0660e529837cb76
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_i386.deb
Size/MD5 checksum: 224178 aaedc883a11ba7273e5ddeb496a3488a
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_i386.deb
Size/MD5 checksum: 100000 fd41f726ff14b7f8ab0dfc1c6b43be2c
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_i386.udeb
Size/MD5 checksum: 162630 f197dbdfe7a92bd4992d8c77c76b4488
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_i386.udeb
Size/MD5 checksum: 154028 5df04dc7c5474b30e515047740bd0c38

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_ia64.udeb
Size/MD5 checksum: 269868 1646034b7db5a862ea17d0d6928900ff
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_ia64.deb
Size/MD5 checksum: 961594 394027253cbaeba863f07e7fee848dcb
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_ia64.deb
Size/MD5 checksum: 101280 f3e421145857106615ce19cb05508a7a
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_ia64.udeb
Size/MD5 checksum: 251840 24ba6fd53e10e754845fc4361257d0ff
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_ia64.deb
Size/MD5 checksum: 338256 4ff1206f8f3c618f7bfd406f88b38841

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_powerpc.deb
Size/MD5 checksum: 237040 b50b3e1ac8586eb55a5f06201dd3edf2
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_powerpc.udeb
Size/MD5 checksum: 173322 f1fa458555b787a2b7fc786da7974b91
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_powerpc.deb
Size/MD5 checksum: 700518 fd43ca106400be36545f31b955667e22
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_powerpc.deb
Size/MD5 checksum: 101080 a5005e3e3447f8eb75d99746a2704b8d
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_powerpc.udeb
Size/MD5 checksum: 168320 61848a42ed513d232fceea6eb335e315

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_sparc.deb
Size/MD5 checksum: 218132 ce7a2f44e51c2fe6df31ec567ce65d28
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_sparc.deb
Size/MD5 checksum: 99544 61cd81c98576feea92fb865856311b7d
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_sparc.deb
Size/MD5 checksum: 639770 6085da0b96f1e9ee87abec7206eb7ef8
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_sparc.udeb
Size/MD5 checksum: 166706 99368689bddbc70f98ef5f51aa19051a
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_sparc.udeb
Size/MD5 checksum: 158360 07bf438d8e0d3fd02ff37371ff8645d6

These files will probably be moved into the stable distribution on
its next update.

---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce[bei]lists.debian[punkt]org
Package info: `apt-cache show ' and http://packages.debian.org/

--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST[bei]lists.debian[punkt]org
with a subject of "unsubscribe". Trouble? Contact listmaster[bei]lists.debian[punkt]org

----- End forwarded message -----

--
"Wir brauchen also so etwas wie eine Datenverkehrsordnung, die ähnlich der
Straßenverkehrsordnung einen optimalen Verkehrsfluss gewährleistet."
Wolfgang Schäuble
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : nicht verfügbar
Dateityp : application/pgp-signature
Dateigröße : 189 bytes
Beschreibung: Digital signature
URL : http://www.easylinux.de/pipermail/ubuntu/attachments/20080514/d113e1fd/attachment.pgp

Hallo Liste,
nach dem Upgrade auf Hardy bekomme ich folgendes nicht in Griff.

Die automatische Anzeige dass Aktualisierungen da sind funktioniert
bei mir nicht.
Habe eben folgendes gemacht:

Manuell die Aktualisierungsverwaltung aufgerufen, da bekomme ich
gesagt dass mein System auf dem neuesten Stand ist.

Ich habe dann den Bottom "prüfen" aktiviert und bekomme danach
gemeldet das aktualisierungen vorhanden sind. Gleichzeitig geht in
der Taskleiste der "Benachrichtigunsstern " auf mit dem Hinweis das
Aktualisierungen da sind.

Danach konnte ich die aktualisierungen installieren.

Warum funktioniert die automatische Benachrichtigung nicht???

--
Bis die Tage mal...Frank
Quid pro quo
Diese Mail wurde mit Claws Mail Version 3.3.1 erstellt
UBUNTU LINUX Hardy 8.04