LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 02-09-2013, 09:36 PM   #1
tallship
Member
 
Registered: Jul 2003
Location: On the Beaches of Super Sunny Southern San Clemente, California USA
Distribution: Slackware - duh!
Posts: 520
Blog Entries: 3

Rep: Reputation: 112Reputation: 112
Question Odd Email from Slackware.com...


I received a rather odd email from slackware.com a couple of hours ago.

What was odd wasn't the content, as it appeared to be an almost standard Slackware security notification regarding OpenSSL, but rather, that the message came from root@slackware.com w/no subject line instead of slackware-security@slackware.com.

Here's a snippet of what I got.

Code:
Received: from connie.slackware.com (localhost [127.0.0.1])
	by connie.slackware.com (8.14.3/8.14.3) with ESMTP id r19N3w2a019179
	for <slackware-security@slackware.com>; Sat, 9 Feb 2013 15:03:58 -0800
Received: from localhost (security@localhost)
	by connie.slackware.com (8.14.3/8.14.3/Submit) with ESMTP id r19N3wti019176
	for <slackware-security@slackware.com>; Sat, 9 Feb 2013 15:03:58 -0800
Date: Sat, 9 Feb 2013 15:03:57 -0800 (PST)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security]  openssl (SSA:2013-040-01)
Message-ID: <alpine.LNX.2.02.1302091503400.19166@connie.slackware.com>
User-Agent: Alpine 2.02 (LNX 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="960504934-503621985-1360451038=:19166"

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--960504934-503621985-1360451038=:19166
Content-Type: TEXT/PLAIN; charset=ISO-8859-15
Content-Transfer-Encoding: 8BIT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  openssl (SSA:2013-040-01)

New openssl packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix security issues.


Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1d-i486-1_slack14.0.txz:  Upgraded.
    Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
  This addresses the flaw in CBC record processing discovered by
  Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
  at: http://www.isg.rhul.ac.uk/tls/
Well, regardless, I got it and have therefore almost finished upgrading OpenSSL on most of the Slackware boxes I maintain.

That's the most important part.

I just thought it was odd to receive the notification in such a manner, but you gotta love Pine (er... Alpine I guess LOL)


Last edited by tallship; 02-09-2013 at 09:41 PM. Reason: maek pritty
 
Old 02-09-2013, 11:15 PM   #2
Lufbery
Senior Member
 
Registered: Aug 2006
Location: Harrisburg, PA
Distribution: Slackware 64 14.0
Posts: 1,139
Blog Entries: 29

Rep: Reputation: 119Reputation: 119
I got it too. I also thought it was odd. Oh well, we've all messed up e-mail subject lines in our time.
 
Old 02-09-2013, 11:22 PM   #3
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 836

Rep: Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620
I got it too. After examining it, it looks as if the presence of a few characters with umlauts caused alpine to wrap it as multipart MIME, and after that the mailing list scripts choked on it and mangled it enough that the signature doesn't verify. The one posted on slackware.com is good in the sense that the GPG sig on that one will verify.

Sorry about that. Perhaps it should be mailed again from something else. I'm pretty sure it would go through correctly.
 
Old 02-09-2013, 11:34 PM   #4
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 836

Rep: Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620Reputation: 1620
Unfortunately "pretty sure" didn't cut it. I sent it again, this time with mailx. It looks better, but still fails GPG. I'll be looking for a solution (if nothing else, I can avoid non-ASCII characters), but meanwhile if you're not sure this it real you can check the copy posted on slackware.com.

Hmmm, wish I'd said that in the second mail. :/
 
Old 02-09-2013, 11:39 PM   #5
tallship
Member
 
Registered: Jul 2003
Location: On the Beaches of Super Sunny Southern San Clemente, California USA
Distribution: Slackware - duh!
Posts: 520
Blog Entries: 3

Original Poster
Rep: Reputation: 112Reputation: 112
Thumbs up

No Problem here Pat

The first thing I do anyway when I get these is run to slackpkg and your changelogs where I decide upon my next course of action
 
Old 02-10-2013, 03:33 AM   #6
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 151Reputation: 151
I received both emails - no problem caused since I run a mirror for the boxes I maintain and I wait for the mirror to get the updated software anyway.
 
Old 02-10-2013, 05:05 AM   #7
FeyFre
Member
 
Registered: Jun 2010
Location: Ukraine, Vinnitsa
Distribution: Slackware
Posts: 305

Rep: Reputation: 22
The second attempt also failed:
Quote:
Received: from connie.slackware.com (localhost [127.0.0.1])
by connie.slackware.com (8.14.3/8.14.3) with ESMTP id r1A5Tc54000843
for <slackware-security@slackware.com>; Sat, 9 Feb 2013 21:29:38 -0800
Received: (from security@localhost)
by connie.slackware.com (8.14.3/8.14.3/Submit) id r1A5Tcrn000841
for slackware-security@slackware.com; Sat, 9 Feb 2013 21:29:38 -0800
From: Slackware Security Team <security@slackware.com>
Message-Id: <201302100529.r1A5Tcrn000841@connie.slackware.com>
Date: Sat, 09 Feb 2013 21:29:38 -0800
To: slackware-security@slackware.com
Subject: [slackware-security] openssl (SSA:2013-040-01)
User-Agent: Heirloom mailx 12.3 7/15/07
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit


Hi folks! The last attempt at mailing this was converted by Alpine when it
saw some ISO-8859 characters, mangling the headers and causing the GPG
signature to fail. Hopefully this try will work.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssl (SSA:2013-040-01)
 
Old 02-10-2013, 05:12 AM   #8
ponce
Senior Member
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 2,314

Rep: Reputation: 816Reputation: 816Reputation: 816Reputation: 816Reputation: 816Reputation: 816Reputation: 816
Picky Gmail ლ(ಠ益ಠლ) filtered them to spam here

Last edited by ponce; 02-10-2013 at 05:19 AM.
 
Old 02-10-2013, 05:40 AM   #9
FeyFre
Member
 
Registered: Jun 2010
Location: Ukraine, Vinnitsa
Distribution: Slackware
Posts: 305

Rep: Reputation: 22
@ponce, yes, here to. It because headers are broken.
 
Old 02-10-2013, 05:51 AM   #10
kite
Member
 
Registered: Aug 2003
Location: Shenzhen, China
Distribution: Slackware
Posts: 296

Rep: Reputation: 47
Quote:
Originally Posted by ponce View Post
Picky Gmail ლ(ಠ益ಠლ) filtered them to spam here
Same here.
 
Old 02-10-2013, 09:23 AM   #11
willysr
Senior Member
 
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 2,345

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378
I emptied the SPAM just before i read the email LOL
 
Old 02-10-2013, 03:11 PM   #12
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 138Reputation: 138
It arrived here without subject line too.
 
Old 02-16-2013, 07:16 PM   #13
tallship
Member
 
Registered: Jul 2003
Location: On the Beaches of Super Sunny Southern San Clemente, California USA
Distribution: Slackware - duh!
Posts: 520
Blog Entries: 3

Original Poster
Rep: Reputation: 112Reputation: 112
Thumbs down

Quote:
Originally Posted by ponce View Post
Picky Gmail ლ(ಠ益ಠლ) filtered them to spam here
Perhaps yet another reason to reconsider the use of DEA providers?

Kindest regards,

.
 
  


Reply

Tags
openssl, slackpkg, slackware-security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Odd claim in Lavabit's pitch for their encrypted email service Peufelon General 9 06-15-2011 09:05 AM
Slackware 11 and the use of an odd kernel ve1drg Slackware - Installation 6 03-30-2007 10:32 AM
Odd email every day namit Linux - Software 4 12-20-2005 04:12 AM
Odd Slackware Installation Problem slackeast Slackware - Installation 3 06-07-2005 06:48 AM
ODD! Cygwin - cat tr outputs email message from ealier in the day?!?!?!?! chingasman Linux - General 0 02-27-2003 05:25 PM


All times are GMT -5. The time now is 09:03 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration