LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

September 2011

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS September 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: {OT} Saga with certificates continues : "Hackers steal SSL certificates for CIA, MI6, Mossad"
From:	Connie Sieh <[log in to unmask]>
Reply To:	Connie Sieh <[log in to unmask]>
Date:	Wed, 7 Sep 2011 10:14:44 -0500
Content-Type:	TEXT/PLAIN
Parts/Attachments:	TEXT/PLAIN (76 lines)

On Wed, 7 Sep 2011, Dr Andrew C Aitchison wrote:

>  This message is in MIME format.  The first part should be readable text,
>  while the remaining parts are likely unreadable without MIME-aware tools.
>
> --1870876696-1143114093-1315381521=:22438
> Content-Type: TEXT/PLAIN; charset=ISO-8859-15; format=flowed
> Content-Transfer-Encoding: QUOTED-PRINTABLE
>
> On Tue, 6 Sep 2011, Pat Riehecky wrote:
>
>> On 09/06/2011 07:19 AM, Frank Lanitz wrote:
>>> Am 06.09.2011 06:38, schrieb Franchisseur Robert:
>>>> -- Le (On) 2011-09-06 +0200 =E0 (at) 00:53:39 Andreas Petzold =E9crivit=
> =20
>>>> (wrote): --
>>>> =20
>>>>> On Tuesday, September 06, 2011 00:26:22 Valerii D. wrote:
>>>>>> <snip>
>>>>>> =20
>>>>>> Yes. And the distribution is still the browser 3. 6. 2 without securi=
> ty
>>>>>> updates. And with a certificate from DigiNotar.
>>>>> TUV released the errata a week ago, so we can expect to see patched rp=
> ms=20
>>>>> from
>>>>> SL soon. In the meantime you can just delete the Diginotar CA from FF.
>>>>>
>>>>         You can't ! It seems it was deleted but if you re-open :
>>>>
>>>>         Edit -->  Preferences -->  Advanced -->  Encryption -->  View=
> =20
>>>> certificats -->  Authorities
>>>>
>>>>         it is still there !
>>>> =20
>>>> =20
>>> Don't delete them, just mark them as not trustworthy. This will help.
>>> =20
>>> =20
>>> Cheers,
>>> Frank
>>> =20
>>> P.S. Aren't the certifactes distributes within the ca-package which have
>>> at least been updated for 6.x?
>>
>> Hello,
>>
>> It looks like the errata pushed out on 9/1 and 9/2 should take care of th=
> is=20
>> automatically.
>>
>> http://listserv.fnal.gov/scripts/wa.exe?A2=3Dind1109&L=3Dscientific-linux=
> -errata&P=3D337
>> http://listserv.fnal.gov/scripts/wa.exe?A2=3Dind1109&L=3Dscientific-linux=
> -errata&P=3D1002
>
> RedHat have released firefox-3.6.22 and xulrunner-1.9.2.22
> =09https://rhn.redhat.com/errata/RHSA-2011-1268.html
> and thunderbird 1.5.0.12-43-el4 / 2.0.0.24-25.el5 / 3.1.14-1.el6_1
> =09https://rhn.redhat.com/errata/RHSA-2011-1267.html
>
> thus the firefox and thunderbird errata pushed last week are not=20
> considered sufficient by TUV.

Expect updated ones shortly.

-Connie Sieh

>
> --=20
> Dr. Andrew C. Aitchison=09=09Computer Officer, DPMMS, Cambridge
> [log in to unmask]http://www.dpmms.cam.ac.uk/~werdna
> --1870876696-1143114093-1315381521=:22438--
>

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV