Recent Security vulnerability in Skype

classic Classic list List threaded Threaded
61 messages Options
1234
Reply | Threaded
Open this post in threaded view
|

Recent Security vulnerability in Skype

Daniel Robitaille
http://www.skype.com/security/SKYPE-SB-2005-003.txt

Skype recently issued that Security Vulnerability Bulletin affecting
all platform, including Linux.



--
Daniel Robitaille

--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder
Reply | Threaded
Open this post in threaded view
|

Re: Recent Security vulnerability in Skype

Jeroen van Splunder
On zo, 2005-11-06 at 11:40 -0800, Daniel Robitaille wrote:
> http://www.skype.com/security/SKYPE-SB-2005-003.txt
>
> Skype recently issued that Security Vulnerability Bulletin affecting
> all platform, including Linux.
Which is related to Ubuntu, because... ?


--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder
Reply | Threaded
Open this post in threaded view
|

Re: Recent Security vulnerability in Skype

Daniel Robitaille
On 11/6/05, Jeroen van Splunder <[hidden email]> wrote:
> On zo, 2005-11-06 at 11:40 -0800, Daniel Robitaille wrote:
> > http://www.skype.com/security/SKYPE-SB-2005-003.txt
> >
> > Skype recently issued that Security Vulnerability Bulletin affecting
> > all platform, including Linux.
> Which is related to Ubuntu, because... ?
>

because:

*) The Linux version of Skype runs on Ubuntu

*) quite a few Ubuntu users uses Skype, as seen by past emails on
various Ubuntu lists.

*) I suspect most of these users I haven't heard of that vulnerability

*)  and it was posted on the sounder list, a list described as
"Anything goes Ubuntu community chit-chat and discussion list"
(http://lists.ubuntu.com/mailman/listinfo/sounder)


--
Daniel Robitaille

--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder
Reply | Threaded
Open this post in threaded view
|

Re: Recent Security vulnerability in Skype

John-68
In reply to this post by Jeroen van Splunder
Jeroen van Splunder wrote:

> On zo, 2005-11-06 at 11:40 -0800, Daniel Robitaille wrote:
>
>>http://www.skype.com/security/SKYPE-SB-2005-003.txt
>>
>>Skype recently issued that Security Vulnerability Bulletin affecting
>>all platform, including Linux.
>
> Which is related to Ubuntu, because... ?
>
>

Ubuntians use Skype. I think Skyp should be invited to post relevant
security alerts to the appropriate Ubuntu list.

What would be handy is a generic Linux list which people such as Skyp
can send there alerts to, and which gets forwarded to the relevant lists
for Ubuntu, Red Hat, SuSe, Debian, Gento etc.

I'm sure that many more Linux users subscribe to their distro's list,
than to those (maybe) run by Sun (eg Java), UBM (Eg Java), Real, Skype,
especially where the software is free.


--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder
Reply | Threaded
Open this post in threaded view
|

Re: Recent Security vulnerability in Skype

Dennis Kaarsemaker
On ma, 2005-11-07 at 06:35 +0800, John wrote:
> What would be handy is a generic Linux list which people such as Skyp
> can send there alerts to, and which gets forwarded to the relevant
> lists for Ubuntu, Red Hat, SuSe, Debian, Gento etc.

You mean things like:
* http://cve.mitre.org/
* http://securityfocus.com/archive/1
* https://lists.grok.org.uk/mailman/listinfo/full-disclosure
* http://www.frsirt.com/

--
Dennis K.
  - Linux for human beings: http://www.ubuntulinux.org
  - Linux voor normale mensen: http://www.ubuntulinux.nl

--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Recent Security vulnerability in Skype

Quim Gil
What would be *really* handy is that Skype goes GPL and has a supported
package in Main - so we get the security update in just one click.

If this is too complex, then it would be handy that a free-as-in-speech
VoIP software like http://www.openwengo.com/ could run softly on Breezy,
have a package at least in Universe and be used by Ubuntu developers and
the rest of us.

En/na Dennis Kaarsemaker ha escrit:
> On ma, 2005-11-07 at 06:35 +0800, John wrote:
>
>>What would be handy is a generic Linux list which people such as Skyp

--
Quim Gil      http://interactors.coop | http://desdeamericaconamor.org

--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Recent Security vulnerability in Skype

Dennis Kaarsemaker
On ma, 2005-11-07 at 00:10 +0100, Quim Gil wrote:
> What would be *really* handy is that Skype goes GPL and has a supported
> package in Main - so we get the security update in just one click.
>
> If this is too complex, then it would be handy that a free-as-in-speech
> VoIP software like http://www.openwengo.com/ could run softly on Breezy,
> have a package at least in Universe and be used by Ubuntu developers and
> the rest of us.

There exist plans for at least sip software in Dapper. (btw: no need to
CC me, I read the list)
--
Dennis K.
  - Linux for human beings: http://www.ubuntulinux.org
  - Linux voor normale mensen: http://www.ubuntulinux.nl

--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Recent Security vulnerability in Skype

John-68
In reply to this post by Dennis Kaarsemaker
Dennis Kaarsemaker wrote:
> On ma, 2005-11-07 at 06:35 +0800, John wrote:
>
>>What would be handy is a generic Linux list which people such as Skyp
>>can send there alerts to, and which gets forwarded to the relevant
                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>>lists for Ubuntu, Red Hat, SuSe, Debian, Gento etc.
>
>
> You mean things like:
> * http://cve.mitre.org/
> * http://securityfocus.com/archive/1
> * https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> * http://www.frsirt.com/
>
>

AFAIK none of those gets forwarded to any of the lists I follow. We need
a notification when a fix is available.

--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder
Reply | Threaded
Open this post in threaded view
|

Re: Recent Security vulnerability in Skype

Daniel Robitaille
In reply to this post by Quim Gil
> If this is too complex, then it would be handy that a free-as-in-speech
> VoIP software like http://www.openwengo.com/ could run softly on Breezy,
> have a package at least in Universe and be used by Ubuntu developers and
> the rest of us.

it seems they are providing a .deb file tested on Sarge and Kubuntu.
Is it usable?


--
Daniel Robitaille

--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder
Reply | Threaded
Open this post in threaded view
|

Re: Recent Security vulnerability in Skype

Daniel Robitaille
In reply to this post by Quim Gil
> What would be *really* handy is that Skype goes GPL and has a supported
> package in Main - so we get the security update in just one click.
>

Sadly, | just have the nagging feeling that EBay didn't buy Skype for
2.6 bil$ with the plan of  releasing it with a GPL license.


--
Daniel Robitaille

--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder
Reply | Threaded
Open this post in threaded view
|

Re: Recent Security vulnerability in Skype

Quim Gil


En/na Daniel Robitaille ha escrit:
> Sadly, | just have the nagging feeling that EBay didn't buy Skype for
> 2.6 bil$ with the plan of  releasing it with a GPL license.

So you grasp the irony of my comment. :)

For integrity and coherence we should bet on 100% free VoIP applications
as we do with browsers, messaging services, P2P filesharing tools and
CMS's. Starting with the tools we use ourselves.

I speak for myself: I have a Skype launcher in my pannel and I use it
often. But I don't feel comfortable about this, as if I would use Opera,
a MSN clone, Kazaa or Movable Type. I never succeeded configuring
GnomeMeeting (and finding friends to talk with that had succeded
configuring it). I heard about sip when it was in alphbeta stage and I
thought I would wait. Recently I knew about Wengo but still haven't tried...

I would have tried the three free options if I would have got them as
Ubuntu packages working out of the box. They are not yet ready (?) so I
stay with Skype. I'm happy to hear that plans for Dapper are underway.

About Wengo and Ubuntu, what is interesting is that they are developing
and testing the .deb package against Ubuntu. Apparently their .deb
package worked with (Kubuntu?) Hoary but not so well with Breezy (I just
repeat what I've sen in forums, didn't try myself). It seems the problem
for the GNOME-based Ubuntu is that they use Qt libraries.

See http://dev.openwengo.com/trac/openwengo/trac.cgi/wiki/WengoPhoneNG

Ubuntu user(s) have reported here:
http://www.openwengo.com/support/forum/viewtopic.php?p=178#178

Xandros guy asking, "Debian specialist" mentioned:
http://www.openwengo.com/support/forum/viewtopic.php?t=19

Also Linux-related. About OSS/ALSA
http://www.openwengo.com/support/forum/viewtopic.php?t=101

Please help no-geek users like me quitting free but not libre
applications such as Skype.  :)

--
Quim Gil      http://interactors.coop | http://desdeamericaconamor.org

--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Recent Security vulnerability in Skype

Cefiar
On Monday 07 November 2005 15:58, Quim Gil wrote:
> About Wengo and Ubuntu, what is interesting is that they are developing
> and testing the .deb package against Ubuntu. Apparently their .deb
> package worked with (Kubuntu?) Hoary but not so well with Breezy (I just
> repeat what I've sen in forums, didn't try myself). It seems the problem
> for the GNOME-based Ubuntu is that they use Qt libraries.

This is probably the same issue that Skype has with installing on Breezy using
the debian packages. They depend on libqt3c102-mt, which no longer exists in
Breezy, which is a problem if you want to install it on a freshly installed
machine. It's nothing to do with Kubuntu as such, as you can happily install
the qt libs while having Gnome installed.

BTW: Skype actually have an apt repo for debian:
 deb http://download.skype.com/linux/repos/debian/ stable non-free

--
 Stuart Young - aka Cefiar - [hidden email]

--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder
Reply | Threaded
Open this post in threaded view
|

Re: Recent Security vulnerability in Skype

Jeroen van Splunder
In reply to this post by Daniel Robitaille
On zo, 2005-11-06 at 11:55 -0800, Daniel Robitaille wrote:

> On 11/6/05, Jeroen van Splunder <[hidden email]> wrote:
> > On zo, 2005-11-06 at 11:40 -0800, Daniel Robitaille wrote:
> > > http://www.skype.com/security/SKYPE-SB-2005-003.txt
> > >
> > > Skype recently issued that Security Vulnerability Bulletin affecting
> > > all platform, including Linux.
> > Which is related to Ubuntu, because... ?
> >
>
> because:
>
> *) The Linux version of Skype runs on Ubuntu
>
There are tons of applications which run on Ubuntu, or GNU/Linux in general.
> *) quite a few Ubuntu users uses Skype, as seen by past emails on
> various Ubuntu lists.
quite a few Ubuntu users use Firefox aswell. Should this list be flooded with security reports?
> *) I suspect most of these users I haven't heard of that vulnerability
>
They don't need to. A patched version will be downloaded from the
repositories.
> *)  and it was posted on the sounder list, a list described as
> "Anything goes Ubuntu community chit-chat and discussion list"
> (http://lists.ubuntu.com/mailman/listinfo/sounder)
>
Skype is actually a very non-Ubuntu application, because it is
proprietary software. Also, notice the word community before chit-chat.
Security bulletins != community


--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder
Reply | Threaded
Open this post in threaded view
|

Re: Recent Security vulnerability in Skype

Dennis Kaarsemaker
On ma, 2005-11-07 at 16:27 +0100, Jeroen van Splunder wrote:

> > *) I suspect most of these users I haven't heard of that vulnerability
> They don't need to. A patched version will be downloaded from the
> repositories.

No, skype is not in the repositories.

> > *)  and it was posted on the sounder list, a list described as
> > "Anything goes Ubuntu community chit-chat and discussion list"
> > (http://lists.ubuntu.com/mailman/listinfo/sounder)
> >
> Skype is actually a very non-Ubuntu application, because it is
> proprietary software. Also, notice the word community before chit-chat.
> Security bulletins != community

Notifying the community about an update is community...
--
Dennis K.
  - Linux for human beings: http://www.ubuntulinux.org
  - Linux voor normale mensen: http://www.ubuntulinux.nl

--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Recent Security vulnerability in Skype

ulrich steffens
In reply to this post by Jeroen van Splunder
Am Montag, den 07.11.2005, 16:27 +0100 schrieb Jeroen van Splunder:

> On zo, 2005-11-06 at 11:55 -0800, Daniel Robitaille wrote:
> > On 11/6/05, Jeroen van Splunder <[hidden email]> wrote:
> > > On zo, 2005-11-06 at 11:40 -0800, Daniel Robitaille wrote:
> > > > http://www.skype.com/security/SKYPE-SB-2005-003.txt
> > > >
> > > > Skype recently issued that Security Vulnerability Bulletin affecting
> > > > all platform, including Linux.
> > > Which is related to Ubuntu, because... ?
> > >
> >
> > because:
> >
> > *) The Linux version of Skype runs on Ubuntu
> >
> There are tons of applications which run on Ubuntu, or GNU/Linux in general.
> > *) quite a few Ubuntu users uses Skype, as seen by past emails on
> > various Ubuntu lists.
> quite a few Ubuntu users use Firefox aswell. Should this list be flooded with security reports?
> > *) I suspect most of these users I haven't heard of that vulnerability
> >
> They don't need to. A patched version will be downloaded from the
> repositories.
> > *)  and it was posted on the sounder list, a list described as
> > "Anything goes Ubuntu community chit-chat and discussion list"
> > (http://lists.ubuntu.com/mailman/listinfo/sounder)
> >
> Skype is actually a very non-Ubuntu application, because it is
> proprietary software. Also, notice the word community before chit-chat.
> Security bulletins != community
>
>
sorry if i missed something, but where is the point in arguing about the
quality/necessarity of the original post? i mean, it's not that he
wanted us to know about the current state of his ingrowing toenail.

but i guess this would have made a nice topic too here on SOUNDER :)

ulrich


--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder
Reply | Threaded
Open this post in threaded view
|

Re: Recent Security vulnerability in Skype

Daniel Robitaille
> sorry if i missed something, but where is the point in arguing about the
> quality/necessarity of the original post? i mean, it's not that he
> wanted us to know about the current state of his ingrowing toenail.

let me check down there......humm nothing to report about my toenails.

If there is any news on that front, I'll for sure post something, or not :)




--
Daniel Robitaille

--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder
Reply | Threaded
Open this post in threaded view
|

Re: Recent Security vulnerability in Skype

Daniel Robitaille
In reply to this post by Dennis Kaarsemaker
> > > *) I suspect most of these users I haven't heard of that vulnerability
> > They don't need to. A patched version will be downloaded from the
> > repositories.
>
> No, skype is not in the repositories.

I think he meant  the skype repository.  Something I didn't know
existed until this thread.   Must be a relatively new thing; last time
I tried Skype (which was a few months ago, I conceide), the only
repository available for Ubuntu users  was from a private individual
who was packaging skype himself.


--
Daniel Robitaille

--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder
Reply | Threaded
Open this post in threaded view
|

Re: Recent Security vulnerability in Skype

Dennis Kaarsemaker
On ma, 2005-11-07 at 08:57 -0800, Daniel Robitaille wrote:

> > > > *) I suspect most of these users I haven't heard of that vulnerability
> > > They don't need to. A patched version will be downloaded from the
> > > repositories.
> >
> > No, skype is not in the repositories.
>
> I think he meant  the skype repository.  Something I didn't know
> existed until this thread.   Must be a relatively new thing; last time
> I tried Skype (which was a few months ago, I conceide), the only
> repository available for Ubuntu users  was from a private individual
> who was packaging skype himself.
There is a .deb download link, not a repository...
--
Dennis K.
  - Linux for human beings: http://www.ubuntulinux.org
  - Linux voor normale mensen: http://www.ubuntulinux.nl

--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Recent Security vulnerability in Skype

Daniel Robitaille
> There is a .deb download link, not a repository...

seen in a previous email yesterday:

>> BTW: Skype actually have an apt repo for debian:
>> deb http://download.skype.com/linux/repos/debian/ stable non-free



--
Daniel Robitaille

--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder
Reply | Threaded
Open this post in threaded view
|

Re: Recent Security vulnerability in Skype

Dennis Kaarsemaker
On ma, 2005-11-07 at 09:17 -0800, Daniel Robitaille wrote:
> > There is a .deb download link, not a repository...
>
> seen in a previous email yesterday:
>
> >> BTW: Skype actually have an apt repo for debian:
> >> deb http://download.skype.com/linux/repos/debian/ stable non-free

Too bad that these won't work on breezy (dependency problems)..
--
Dennis K.
  - Linux for human beings: http://www.ubuntulinux.org
  - Linux voor normale mensen: http://www.ubuntulinux.nl

--
sounder mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/sounder

signature.asc (196 bytes) Download Attachment
1234