LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   Odd Email from Slackware.com... (http://www.linuxquestions.org/questions/slackware-14/odd-email-from-slackware-com-4175449360/)

tallship 02-09-2013 09:36 PM

Odd Email from Slackware.com...
 
I received a rather odd email from slackware.com a couple of hours ago.

What was odd wasn't the content, as it appeared to be an almost standard Slackware security notification regarding OpenSSL, but rather, that the message came from root@slackware.com w/no subject line instead of slackware-security@slackware.com.

Here's a snippet of what I got.

Code:

Received: from connie.slackware.com (localhost [127.0.0.1])
        by connie.slackware.com (8.14.3/8.14.3) with ESMTP id r19N3w2a019179
        for <slackware-security@slackware.com>; Sat, 9 Feb 2013 15:03:58 -0800
Received: from localhost (security@localhost)
        by connie.slackware.com (8.14.3/8.14.3/Submit) with ESMTP id r19N3wti019176
        for <slackware-security@slackware.com>; Sat, 9 Feb 2013 15:03:58 -0800
Date: Sat, 9 Feb 2013 15:03:57 -0800 (PST)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security]  openssl (SSA:2013-040-01)
Message-ID: <alpine.LNX.2.02.1302091503400.19166@connie.slackware.com>
User-Agent: Alpine 2.02 (LNX 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="960504934-503621985-1360451038=:19166"

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--960504934-503621985-1360451038=:19166
Content-Type: TEXT/PLAIN; charset=ISO-8859-15
Content-Transfer-Encoding: 8BIT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  openssl (SSA:2013-040-01)

New openssl packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1d-i486-1_slack14.0.txz:  Upgraded.
    Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
  This addresses the flaw in CBC record processing discovered by
  Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
  at: http://www.isg.rhul.ac.uk/tls/

Well, regardless, I got it and have therefore almost finished upgrading OpenSSL on most of the Slackware boxes I maintain.

That's the most important part.

I just thought it was odd to receive the notification in such a manner, but you gotta love Pine (er... Alpine I guess LOL)

:hattip:

Lufbery 02-09-2013 11:15 PM

I got it too. I also thought it was odd. Oh well, we've all messed up e-mail subject lines in our time. :)

volkerdi 02-09-2013 11:22 PM

I got it too. ;) After examining it, it looks as if the presence of a few characters with umlauts caused alpine to wrap it as multipart MIME, and after that the mailing list scripts choked on it and mangled it enough that the signature doesn't verify. The one posted on slackware.com is good in the sense that the GPG sig on that one will verify.

Sorry about that. Perhaps it should be mailed again from something else. I'm pretty sure it would go through correctly.

volkerdi 02-09-2013 11:34 PM

Unfortunately "pretty sure" didn't cut it. I sent it again, this time with mailx. It looks better, but still fails GPG. I'll be looking for a solution (if nothing else, I can avoid non-ASCII characters), but meanwhile if you're not sure this it real you can check the copy posted on slackware.com.

Hmmm, wish I'd said that in the second mail. :/

tallship 02-09-2013 11:39 PM

No Problem here Pat :)

The first thing I do anyway when I get these is run to slackpkg and your changelogs where I decide upon my next course of action ;)

gilead 02-10-2013 03:33 AM

I received both emails - no problem caused since I run a mirror for the boxes I maintain and I wait for the mirror to get the updated software anyway.

FeyFre 02-10-2013 05:05 AM

The second attempt also failed:
Quote:

Received: from connie.slackware.com (localhost [127.0.0.1])
by connie.slackware.com (8.14.3/8.14.3) with ESMTP id r1A5Tc54000843
for <slackware-security@slackware.com>; Sat, 9 Feb 2013 21:29:38 -0800
Received: (from security@localhost)
by connie.slackware.com (8.14.3/8.14.3/Submit) id r1A5Tcrn000841
for slackware-security@slackware.com; Sat, 9 Feb 2013 21:29:38 -0800
From: Slackware Security Team <security@slackware.com>
Message-Id: <201302100529.r1A5Tcrn000841@connie.slackware.com>
Date: Sat, 09 Feb 2013 21:29:38 -0800
To: slackware-security@slackware.com
Subject: [slackware-security] openssl (SSA:2013-040-01)
User-Agent: Heirloom mailx 12.3 7/15/07
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit


Hi folks! The last attempt at mailing this was converted by Alpine when it
saw some ISO-8859 characters, mangling the headers and causing the GPG
signature to fail. Hopefully this try will work.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssl (SSA:2013-040-01)

ponce 02-10-2013 05:12 AM

Picky Gmail ლ(ಠ益ಠლ) filtered them to spam here

FeyFre 02-10-2013 05:40 AM

@ponce, yes, here to. It because headers are broken.

kite 02-10-2013 05:51 AM

Quote:

Originally Posted by ponce (Post 4888195)
Picky Gmail ლ(ಠ益ಠლ) filtered them to spam here

Same here.

willysr 02-10-2013 09:23 AM

I emptied the SPAM just before i read the email LOL

NyteOwl 02-10-2013 03:11 PM

It arrived here without subject line too.

tallship 02-16-2013 07:16 PM

Quote:

Originally Posted by ponce (Post 4888195)
Picky Gmail ლ(ಠ益ಠლ) filtered them to spam here

Perhaps yet another reason to reconsider the use of DEA providers?

Kindest regards,

.


All times are GMT -5. The time now is 07:26 PM.