LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

September 2011

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS September 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: {OT} Saga with certificates continues : "Hackers steal SSL certificates for CIA, MI6, Mossad"
From:	Connie Sieh <[log in to unmask]>
Reply To:	Connie Sieh <[log in to unmask]>
Date:	Thu, 8 Sep 2011 11:10:34 -0500
Content-Type:	TEXT/PLAIN
Parts/Attachments:	TEXT/PLAIN (84 lines)

On Wed, 7 Sep 2011, Connie Sieh wrote:

> On Wed, 7 Sep 2011, Dr Andrew C Aitchison wrote:
>
>>  This message is in MIME format.  The first part should be readable text,
>>  while the remaining parts are likely unreadable without MIME-aware tools.
>>
>> --1870876696-1143114093-1315381521=:22438
>> Content-Type: TEXT/PLAIN; charset=ISO-8859-15; format=flowed
>> Content-Transfer-Encoding: QUOTED-PRINTABLE
>>
>> On Tue, 6 Sep 2011, Pat Riehecky wrote:
>>
>>> On 09/06/2011 07:19 AM, Frank Lanitz wrote:
>>>> Am 06.09.2011 06:38, schrieb Franchisseur Robert:
>>>>> -- Le (On) 2011-09-06 +0200 =E0 (at) 00:53:39 Andreas Petzold =E9crivit=
>> =20
>>>>> (wrote): --
>>>>> =20
>>>>>> On Tuesday, September 06, 2011 00:26:22 Valerii D. wrote:
>>>>>>> <snip>
>>>>>>> =20
>>>>>>> Yes. And the distribution is still the browser 3. 6. 2 without securi=
>> ty
>>>>>>> updates. And with a certificate from DigiNotar.
>>>>>> TUV released the errata a week ago, so we can expect to see patched rp=
>> ms=20
>>>>>> from
>>>>>> SL soon. In the meantime you can just delete the Diginotar CA from FF.
>>>>>>
>>>>>         You can't ! It seems it was deleted but if you re-open :
>>>>>
>>>>>         Edit -->  Preferences -->  Advanced -->  Encryption -->  View=
>> =20
>>>>> certificats -->  Authorities
>>>>>
>>>>>         it is still there !
>>>>> =20
>>>>> =20
>>>> Don't delete them, just mark them as not trustworthy. This will help.
>>>> =20
>>>> =20
>>>> Cheers,
>>>> Frank
>>>> =20
>>>> P.S. Aren't the certifactes distributes within the ca-package which have
>>>> at least been updated for 6.x?
>>>
>>> Hello,
>>>
>>> It looks like the errata pushed out on 9/1 and 9/2 should take care of th=
>> is=20
>>> automatically.
>>>
>>> http://listserv.fnal.gov/scripts/wa.exe?A2=3Dind1109&L=3Dscientific-linux=
>> -errata&P=3D337
>>> http://listserv.fnal.gov/scripts/wa.exe?A2=3Dind1109&L=3Dscientific-linux=
>> -errata&P=3D1002
>>
>> RedHat have released firefox-3.6.22 and xulrunner-1.9.2.22
>> =09https://rhn.redhat.com/errata/RHSA-2011-1268.html
>> and thunderbird 1.5.0.12-43-el4 / 2.0.0.24-25.el5 / 3.1.14-1.el6_1
>> =09https://rhn.redhat.com/errata/RHSA-2011-1267.html
>>
>> thus the firefox and thunderbird errata pushed last week are not=20
>> considered sufficient by TUV.
>
> Expect updated ones shortly.
>
> -Connie Sieh
>
>>
>> --=20
>> Dr. Andrew C. Aitchison=09=09Computer Officer, DPMMS, Cambridge
>> [log in to unmask]http://www.dpmms.cam.ac.uk/~werdna
>> --1870876696-1143114093-1315381521=:22438--
>>
>

Updated firefox and thunderbird rpms are now available in the security 
errata area.

-Connie Sieh

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV