User: Password:
|
|
Subscribe / Log in / New account

Security

SSH: passwords or keys?

By Jake Edge
January 13, 2010

A recent discussion on the OpenSSH developers mailing list (openssh-unix-dev) debated the relative merits of passwords versus keys as ssh authentication methods. While password authentication has fallen out of favor over the last few years, there are still situations where it makes more sense than key-based authentication. As with many security decisions, the right choice is largely dependent on the threat model one is defending against.

Through no fault of its own, ssh is probably one of the most used (or abused) mechanisms for system compromise. Repeated brute force password-guessing attacks are a common "script kiddie" activity, which is why many administrators have turned off password authentication entirely. That means that users must have keys installed on hosts they need to access, leaving open another avenue of attack: the corresponding private keys.

When sshd is configured to disallow password authentication (via the PasswordAuthentication no directive in sshd_config), the server will no longer allow the traditional username/password pair to be used to authenticate a user. Instead, the user must generate a public/private key pair on each host that is to be used to access the sshd host (or one pair that gets shared among various client hosts—generally a bad practice). The public key gets installed in the user's authorized_keys file on the server and authentication is handled directly between the ssh client and server.

But what protects the private key? Depending on the user, and their level of security consciousness, protection could range from directory and file permissions on the private key file to a password that encrypts the private key. For password-protected keys, that means that the user must enter the password to decrypt the private key before the ssh client can use it to authenticate with the server. Since many users like key-based authentication because it doesn't require passwords, this extra level of key security can be annoying—and often gets omitted. That leaves private keys potentially accessible on the client system.

Davi Diaz wanted to know how to detect password-less keys on the server side so that authentications from those clients could be rejected. But, as Aris Adamantiadis and others pointed out, there is no way for the ssh server to know:

Using password-protected keys, the decryption of the private key is done on client side (to protect the confidentiality of the key), and there is nothing in the SSH protocol which could stop the behavior of accepting "less secure keys because they were stored in clear".

While password authentication has its downsides, there are some advantages to it as Mark Janssen noted: "while keys are better [than] passwords, it's impossible to enforce passphrase quality on keys, while it is possible to enforce some quality on passwords." Passwords can also be aged, so that they must be changed with some frequency. Because account passwords are under the control of the server administrator, unlike most private key passwords, an administrator can enforce strict requirements on them.

But, unlike passwords, private keys generally aren't used in multiple places, nor are they transmitted anywhere. It is a common, if insecure, practice for humans to use the same password on their LWN account that they do to log in with ssh to some other system. So, once a password is cracked or captured, it can often be used to gain access elsewhere.

There are also ways that compromising a single private key can lead to the compromise of multiple systems, however. If a password-less private key can be accessed—via the compromise of a client system or the theft of a laptop for example—an attacker can access any systems that have authorized that key. A single compromised private key will often allow an attacker access to multiple systems, either directly using the compromised key or by hopping to new systems that have their own password-less private keys. One particularly ugly scenario is for root to have authorized keys that allow a regular user on one system to automatically authenticate as root on the other. That is one good reason to disallow all root logins via ssh (PermitRootLogin no in sshd_config).

So, it would seem that disallowing password authentication for ssh and requiring users to password protect their private keys would go a long way towards eliminating compromises via ssh. There aren't any technological means to force passwords on private keys, but an administrator must either trust their users or disable their access. As Daniel Kahn Gillmor said:

If you're worried that your users might leave an unprotected key lying around, you should *also* be worried that those same users might send their password via e-mail (even if it's just "to themselves as a reminder"), or write it in a cleartext file on their computer, reuse it for their amazon account, for their blog, etc.

At some level, you have to trust your users if they're going to use your system. And have good backups, easy recovery, and regular user education about good practices, of course ;)

On the other hand, requiring both keys and passwords would be even more secure. If the key was also password-protected—with a different password of course—that would make it stronger still. But the usual security/convenience tradeoff applies. That much protection will certainly annoy users, so it may only be necessary for the most sensitive systems.

There are many things that must be considered when making security decisions: the sensitivity of the data, the trustworthiness of the users, the threats being defended against, and so on. One of the things that makes security so difficult is that there is no "one size fits all" solution, each situation is different. The various authentication choices for ssh, and their relative strengths and weaknesses, just bear that out.

Comments (60 posted)

Brief items

BerliOS compromised

The BerliOS repository site has been compromised; indeed, it appears it has been compromised since 2005. What little information is available can be found from this (German) Heise article (Google translation) and a screen shot from the defaced site. According to the BerliOS system admin (a certain Jörg Schilling), no data has been tampered with, but those who have worked with or gotten code from BerliOS might want to be careful regardless.

Update: the Heise article is now available in English.

Comments (19 posted)

Google: a new approach to China

It may be a little off the LWN topic, but Google's a new approach to China is worth a read for anybody who hasn't yet seen it. It's a reminder of how important security practices are and what the risks of storing important data in "the cloud" can be. "Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties."

Comments (38 posted)

New vulnerabilities

DevIL: buffer overflow

Package(s):DevIL CVE #(s):CVE-2009-3994
Created:January 13, 2010 Updated:January 13, 2010
Description: The DevIL image processing library suffers from a buffer overflow vulnerability exploitable via a specially-crafted image file.
Alerts:
Fedora FEDORA-2009-13255 DevIL 2009-12-16
Fedora FEDORA-2009-13219 DevIL 2009-12-16

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox-3.5 CVE #(s):CVE-2009-3980 CVE-2009-3982 CVE-2009-3388 CVE-2009-3389
Created:January 8, 2010 Updated:December 3, 2013
Description: From the Ubuntu advisory:

Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3980, CVE-2009-3982)

David Keeler, Bob Clary, and Dan Kaminsky discovered several flaws in third party media libraries. If a user were tricked into opening a crafted media file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3388, CVE-2009-3389)

Alerts:
Gentoo 201312-04 libtheora 2013-12-02
Gentoo 201301-01 firefox 2013-01-07
Debian DSA-2045-1 libtheora 2010-05-11
SuSE SUSE-SR:2010:013 apache2-mod_php5/php5, bytefx-data-mysql/mono, flash-player, fuse, java-1_4_2-ibm, krb5, libcmpiutil/libvirt, libmozhelper-1_0-0/mozilla-xulrunner190, libopenssl-devel, libpng12-0, libpython2_6-1_0, libtheora, memcached, ncpfs, pango, puppet, python, seamonkey, te_ams, texlive 2010-06-14
SuSE SUSE-SR:2010:008 gnome-screensaver tomcat libtheora java-1_6_0-sun samba 2010-04-07
Mandriva MDVSA-2010:043 libtheora 2010-02-19
Ubuntu USN-878-1 firefox-3.5 2010-01-08

Comments (none posted)

firefox: denial of service

Package(s):firefox CVE #(s):CVE-2010-0220
Created:January 11, 2010 Updated:January 13, 2010
Description:

From the Mandriva advisory:

The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array (CVE-2010-0220).

Alerts:
Gentoo 201301-01 firefox 2013-01-07
Mandriva MDVSA-2010:000 firefox 2010-01-10

Comments (none posted)

gif2png: buffer overflows

Package(s):gif2png CVE #(s):
Created:January 13, 2010 Updated:November 22, 2010
Description: The gif2png utility suffers from buffer overflow vulnerabilities exploitable from the command line.
Alerts:
Fedora FEDORA-2010-0358 gif2png 2010-01-08
Fedora FEDORA-2010-0330 gif2png 2010-01-08

Comments (none posted)

horde3: cross-site scripting vulnerability

Package(s):horde3 CVE #(s):CVE-2009-3701
Created:January 7, 2010 Updated:April 1, 2010
Description: From the Debian alert:

It has been discovered that the horde3 administration interface is prone to cross-site scripting attacks due to the use of the PHP_SELF variable. This issue can only be exploited by authenticated administrators.

Alerts:
Fedora FEDORA-2010-5520 horde 2010-04-01
Fedora FEDORA-2010-5483 horde 2010-04-01
SuSE SUSE-SR:2010:004 moodle, xpdf, pdns-recursor, pango, horde, gnome-screensaver, fuse, gnutls, flash-player 2010-02-16
Debian DSA-1966-1 horde3 2010-01-07

Comments (none posted)

horde3: cross-site scripting vulnerability

Package(s):horde3 CVE #(s):CVE-2009-4363
Created:January 7, 2010 Updated:April 1, 2010
Description: From the Debian alert:

It has been discovered that horde3 is prone to several cross-site scripting attacks via crafted data:text/html values in HTML messages.

Alerts:
Fedora FEDORA-2010-5520 horde 2010-04-01
Fedora FEDORA-2010-5483 horde 2010-04-01
SuSE SUSE-SR:2010:004 moodle, xpdf, pdns-recursor, pango, horde, gnome-screensaver, fuse, gnutls, flash-player 2010-02-16
Debian DSA-1966-1 horde3 2010-01-07

Comments (none posted)

Kerberos: possible remote exploit

Package(s):krb5 CVE #(s):CVE-2009-4212
Created:January 13, 2010 Updated:January 19, 2010
Description: The Kerberos daemon does not properly handle invalid AES blocks; this vulnerability can be used to crash the service and, possibly, execute arbitrary code as root.
Alerts:
Gentoo 201201-13 mit-krb5 2012-01-23
SuSE SUSE-SA:2010:006 krb5 2010-01-19
CentOS CESA-2010:0029 krb5 2010-01-15
CentOS CESA-2010:0029 krb5 2010-01-15
Mandriva MDVSA-2010:006 krb5 2010-01-14
Fedora FEDORA-2010-0503 krb5 2010-01-14
Fedora FEDORA-2010-0515 krb5 2010-01-14
Debian DSA-1969-1 krb5 2010-01-12
CentOS CESA-2010:0029 krb5 2010-01-13
Red Hat RHSA-2010:0029-01 krb5 2010-01-12
Ubuntu USN-881-1 krb5 2010-01-12

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2009-4138
Created:January 7, 2010 Updated:August 17, 2010
Description: From the SuSE alert:

drivers/firewire/ohci.c in the Linux kernel when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field.

Alerts:
Red Hat RHSA-2010:0631-01 kernel-rt 2010-08-17
Ubuntu USN-894-1 linux, linux-source-2.6.15 2010-02-05
Debian DSA-2004-1 linux-2.6.24 2010-02-27
CentOS CESA-2010:0046 kernel 2010-01-20
Red Hat RHSA-2010:0046-01 kernel 2010-01-19
SuSE SUSE-SA:2010:005 kernel 2010-01-15
SuSE SUSE-SA:2010:012 kernel 2010-02-15
SuSE SUSE-SA:2010:001 kernel 2010-01-07

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2009-4306
Created:January 7, 2010 Updated:January 13, 2010
Description: From the SuSE alert:

Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel allows local users to cause a denial of service (filesystem corruption) via unknown vectors, a different vulnerability than CVE-2009-4131.

Alerts:
SuSE SUSE-SA:2010:001 kernel 2010-01-07

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2009-4307
Created:January 7, 2010 Updated:December 19, 2012
Description: From the SuSE alert:

The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value).

Alerts:
CentOS CESA-2012:1445 kernel 2012-11-13
Debian DSA-2443-1 linux-2.6 2012-03-26
Mandriva MDVSA-2011:029 kernel 2011-02-17
Red Hat RHSA-2010:0380-01 kernel 2010-04-27
Red Hat RHSA-2010:0178-02 kernel 2010-03-30
SuSE SUSE-SA:2010:005 kernel 2010-01-15
SuSE SUSE-SA:2010:001 kernel 2010-01-07

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2009-4308
Created:January 7, 2010 Updated:October 8, 2010
Description: From the SuSE alert:

The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal.

Alerts:
Mandriva MDVSA-2010:188 kernel 2010-09-23
Mandriva MDVSA-2010:198 kernel 2010-10-07
CentOS CESA-2010:0147 kernel 2010-03-18
Red Hat RHSA-2010:0147-01 kernel 2010-03-16
Ubuntu USN-894-1 linux, linux-source-2.6.15 2010-02-05
Debian DSA-2004-1 linux-2.6.24 2010-02-27
SuSE SUSE-SA:2010:005 kernel 2010-01-15
SuSE SUSE-SA:2010:012 kernel 2010-02-15
SuSE SUSE-SA:2010:001 kernel 2010-01-07

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-4567 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538
Created:January 8, 2010 Updated:July 5, 2011
Description: From the Red Hat advisory:

a flaw was found in the IPv6 Extension Header (EH) handling implementation in the Linux kernel. The skb->dst data structure was not properly validated in the ipv6_hop_jumbo() function. This could possibly lead to a remote denial of service. (CVE-2007-4567)

a flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. These flaws could also possibly be used to trigger a remote denial of service. (CVE-2009-4536, CVE-2009-4538)

a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. Receiving overly-long frames with network cards supported by this driver could possibly result in a remote denial of service. (CVE-2009-4537)

Alerts:
Oracle ELSA-2013-1645 kernel 2013-11-26
openSUSE openSUSE-SU-2013:0927-1 kernel 2013-06-10
SUSE SUSE-SU-2011:0737-1 kernel 2011-07-05
SUSE SUSE-SU-2011:0711-1 kernel 2011-06-29
Red Hat RHSA-2010:0882-01 kernel 2010-11-12
openSUSE openSUSE-SU-2010:0664-1 Linux 2010-09-23
SUSE SUSE-SA:2010:036 kernel 2010-09-01
MeeGo MeeGo-SA-10:01 kernel 2010-07-07
Debian DSA-2053-1 linux-2.6 2010-05-25
SuSE SUSE-SA:2010:023 kernel 2010-05-06
Red Hat RHSA-2010:0342-01 kernel 2010-04-06
openSUSE openSUSE-SU-2010:0397-1 Linux Kernel 2010-07-19
Mandriva MDVSA-2010:066 kernel 2010-03-24
CentOS CESA-2010:0146 kernel 2010-03-17
Red Hat RHSA-2010:0149-01 kernel 2010-03-16
Red Hat RHSA-2010:0148-01 kernel 2010-03-16
Red Hat RHSA-2010:0146-01 kernel 2010-03-16
SUSE SUSE-SA:2010:031 kernel 2010-07-20
Ubuntu USN-947-2 kernel 2010-06-04
Ubuntu USN-947-1 linux, linux-source-2.6.15 2010-06-03
SuSE SUSE-SA:2010:014 kernel 2010-03-03
SuSE SUSE-SA:2010:009 kernel 2010-02-05
Pardus 2010-25 kernel kernel-pae 2010-02-02
Red Hat RHSA-2010:0076-01 kernel 2010-02-02
SuSE SUSE-SA:2010:007 kernel 2010-01-22
Red Hat RHSA-2010:0041-01 kernel-rt 2010-01-21
Debian DSA-2004-1 linux-2.6.24 2010-02-27
Pardus 2010-35 kernel kernel-pae 2010-02-25
SuSE SUSE-SA:2010:013 kernel 2010-02-18
Fedora FEDORA-2010-1787 kernel 2010-02-12
SuSE SUSE-SA:2010:012 kernel 2010-02-15
Debian DSA-1996-1 linux-2.6 2010-02-12
Pardus 2010-28 kernel kernel-pae 2010-02-02
Red Hat RHSA-2010:0053-01 kernel 2010-01-19
CentOS CESA-2010:0020 kernel 2010-01-15
SuSE SUSE-SA:2010:005 kernel 2010-01-15
SuSE SUSE-SA:2010:010 kernel 2010-02-08
Red Hat RHSA-2010:0079-01 kernel 2010-02-02
CentOS CESA-2010:0019 kernel 2010-01-08
Red Hat RHSA-2010:0020-01 kernel 2010-01-07
Red Hat RHSA-2010:0019-01 kernel 2010-01-07
Debian DSA-2003-1 linux-2.6 2010-02-22
Red Hat RHSA-2010:0111-01 kernel 2010-02-16
Fedora FEDORA-2010-1500 kernel 2010-02-05
Ubuntu USN-894-1 linux, linux-source-2.6.15 2010-02-05
CentOS CESA-2010:0076 kernel 2010-02-04

Comments (none posted)

openttd: denial of services

Package(s):openttd CVE #(s):CVE-2009-4007
Created:January 13, 2010 Updated:January 13, 2010
Description: The OpenTTD server can be caused to crash by a remote attacker; version 0.7.5 fixes the bug.
Alerts:
Fedora FEDORA-2010-0144 openttd 2010-01-04
Fedora FEDORA-2010-0135 openttd 2010-01-04

Comments (none posted)

pdns-recursor: multiple vulnerabilities

Package(s):pdns-recursor CVE #(s):CVE-2009-4009 CVE-2009-4010
Created:January 7, 2010 Updated:February 16, 2010
Description: From the Red Hat bug report:

This Wednesday the release of the PowerDNS Recursor 3.1.7.2 will be made public, which fixes two important security issues, one of which is remotely exploitable. Given the critical nature of these vulnerabilities, we are trying to keep details confidential for a few more days.

Alerts:
Gentoo 201412-33 pdns-recursor 2014-12-22
Debian DSA-1968-2 pdns-recursor 2010-01-28
SuSE SUSE-SR:2010:004 moodle, xpdf, pdns-recursor, pango, horde, gnome-screensaver, fuse, gnutls, flash-player 2010-02-16
Debian DSA-1968-1 pdns-recursor 2010-01-08
Fedora FEDORA-2010-0228 pdns-recursor 2010-01-07
Fedora FEDORA-2010-0209 pdns-recursor 2010-01-07

Comments (none posted)

phpldapadmin: remote file inclusion

Package(s):phpldapadmin CVE #(s):CVE-2009-4427
Created:January 7, 2010 Updated:January 21, 2010
Description: From the Debian alert: It was discovered that phpLDAPadmin, a web based interface for administering LDAP servers, doesn't sanitize an internal variable, which allows remote attackers to include and execute arbitrary local files.
Alerts:
Mandriva MDVSA-2010:023 phpldapadmin 2010-01-21
Debian DSA-1965 phpldapadmin 2010-01-07

Comments (none posted)

pidgin: directory traversal

Package(s):pidgin CVE #(s):CVE-2010-0013
Created:January 12, 2010 Updated:April 29, 2010
Description: From the Mandriva advisory: Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.
Alerts:
Gentoo 201206-11 pidgin 2012-06-21
Mandriva MDVSA-2010:085 pidgin 2010-04-28
SuSE SUSE-SR:2010:006 2010-03-15
Slackware SSA:2010-024-03 pidgin 2010-01-25
Ubuntu USN-886-1 pidgin 2010-01-18
CentOS CESA-2010:0044 pidgin 2010-01-15
CentOS CESA-2010:0044 pidgin 2010-01-14
Red Hat RHSA-2010:0044-01 pidgin 2010-01-14
Fedora FEDORA-2010-1383 pidgin 2010-02-19
Fedora FEDORA-2010-0429 pidgin 2010-01-12
Fedora FEDORA-2010-0368 pidgin 2010-01-12
Mandriva MDVSA-2010:002 pidgin 2010-01-11
Mandriva MDVSA-2010:001 pidgin 2010-01-11

Comments (none posted)

sendmail: several vulnerabilities

Package(s):sendmail CVE #(s):CVE-2009-4565
Created:January 12, 2010 Updated:June 26, 2012
Description: From the Mandriva advisory: sendmail before 8.14.4 does not properly handle a '\0' (NUL) character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408
Alerts:
Gentoo 201206-30 sendmail 2012-06-25
Red Hat RHSA-2011:0262-01 sendmail 2011-02-16
Fedora FEDORA-2010-5399 sendmail 2010-03-30
Red Hat RHSA-2010:0237-05 sendmail 2010-03-30
rPath rPSA-2010-0022-1 sendmail 2010-03-15
Fedora FEDORA-2010-5470 sendmail 2010-03-30
SuSE SUSE-SR:2010:006 2010-03-15
Mandriva MDVSA-2010:003 sendmail 2010-01-11
Debian DSA-1985-1 sendmail 2010-01-31

Comments (none posted)

sssd: authentication bypass

Package(s):sssd CVE #(s):CVE-2010-0014
Created:January 13, 2010 Updated:January 13, 2010
Description: In some situations, sssd will accept any password as valid when Kerberos is unreachable.
Alerts:
Fedora FEDORA-2010-0451 sssd 2010-01-12
Fedora FEDORA-2010-0413 sssd 2010-01-12

Comments (none posted)

trac: multiple vulnerabilities

Package(s):trac CVE #(s):CVE-2009-4405
Created:January 13, 2010 Updated:January 13, 2010
Description: Versions of trac prior to 0.11.6 suffer from "multiple unspecified vulnerabilities" with "unknown impact and attack vectors."
Alerts:
Fedora FEDORA-2010-0007 trac 2010-01-02

Comments (none posted)

transmission: directory traversal

Package(s):transmission CVE #(s):CVE-2010-0012
Created:January 8, 2010 Updated:January 18, 2010
Description: From the Debian advisory: Dan Rosenberg discovered that Transmission, a lightweight client for the Bittorrent filesharing protocol performs insufficient sanitizing of file names specified in .torrent files. This could lead to the overwrite of local files with the privileges of the user running Transmission if the user is tricked into opening a malicious torrent file.
Alerts:
Mandriva MDVSA-2010:014 transmission 2010-01-18
Mandriva MDVSA-2010:013 transmission 2010-01-18
Fedora FEDORA-2010-0388 transmission 2010-01-12
Ubuntu USN-885-1 transmission 2010-01-14
Fedora FEDORA-2010-0197 transmission 2010-01-05
Debian DSA-1967-q transmission 2010-01-08

Comments (none posted)

Page editor: Jake Edge
Next page: Kernel development>>


Copyright © 2010, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds