announce May 2008

announce@lists.centos.org

6 participants
68 discussions

CESA-2008:0271-01: Important CentOS 2 i386 libvorbis security update
by John Newbigin 16 May '08

16 May '08

The following errata for CentOS-2 have been built and uploaded to the centos mirror: RHSA-2008:0271-01 Important: libvorbis security update Files available: libvorbis-1.0rc2-9.el2.i386.rpm libvorbis-devel-1.0rc2-9.el2.i386.rpm More details are available from the RedHat web site at https://rhn.redhat.com/errata/rh21as-errata.html The easy way to make sure you are up to date with all the latest patches is to run: # yum update -- John Newbigin ITS Senior Analyst / Programmer Faculty of Information and Communication Technologies Swinburne University of Technology Melbourne, Australia http://www.ict.swin.edu.au/staff/jnewbigin

1 0

CESA-2008:0194 Important CentOS 5 x86_64 xen Update
by Karanbir Singh 16 May '08

16 May '08

CentOS Errata and Security Advisory 2008:0194 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0194.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: c7f5f0b8fc0ded6a071c537ab490edff xen-3.0.3-41.el5_1.5.x86_64.rpm af6fb05cfebd799f9071cc3e83f561c1 xen-devel-3.0.3-41.el5_1.5.i386.rpm 3b697c6fdc46dbd2e939da6a334c9220 xen-devel-3.0.3-41.el5_1.5.x86_64.rpm bc77d399eb72833ed5ca4dcfffe599e0 xen-libs-3.0.3-41.el5_1.5.i386.rpm 9662e7449f8a764cc022f6110a8def5a xen-libs-3.0.3-41.el5_1.5.x86_64.rpm Source: 32a42dbc51a00c12719ae6c5405439b1 xen-3.0.3-41.el5_1.5.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos(a)irc.freenode.net

1 0

CESA-2008:0194 Important CentOS 5 i386 xen Update
by Karanbir Singh 16 May '08

16 May '08

CentOS Errata and Security Advisory 2008:0194 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0194.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 895491c081517cb49e65fdcc73b11291 xen-3.0.3-41.el5_1.5.i386.rpm fca59354c0adf82110f6b647681aea80 xen-devel-3.0.3-41.el5_1.5.i386.rpm 574f651c259c429ceddc4b8ef2d8eb95 xen-libs-3.0.3-41.el5_1.5.i386.rpm Source: 32a42dbc51a00c12719ae6c5405439b1 xen-3.0.3-41.el5_1.5.src.rpm -- Karanbir Singh CentOS Project { http://www.centos.org/ } irc: z00dax, #centos(a)irc.freenode.net

1 0

Impact of the Debian OpenSSL vulnerability
by Daniel de Kok 15 May '08

15 May '08

A severe vulnerability was found in the random number generator (RNG) of the Debian OpenSSL package, starting with version 0.9.8c-1 (and similar packages in derived distributions such as Ubuntu). While this bug is not present in the OpenSSL packages provided by CentOS, it may still affect CentOS users. The bug barred the OpenSSL random number generator from gaining enough entropy required for generating unpredicatable keys. In fact it appearss that the only source for entropy was the process ID of the process generating a key, which is chosen from a very small range and is predictable. As such, all keys generated using the Debian OpenSSL library should be considered compromized. Programs that use OpenSSL include OpenSSH and OpenVPN. Note that GnuPG and GNU TLS do not use OpenSSL, so they are not affected. This vulnerability can affect CentOS machines through the use of keys that were generated with the OpenSSL package from Debian. For instance, if a user uses OpenSSH public key authentication to log on to a CentOS server, and this user generated the key pair with a vulnerable OpenSSL library, the server is at heavy risk because the key can be reproduced easily. Additionally, all (good) DSA keys that were ever used on a vulnerable Debian machine for signing or authentication should also be considered compromized due to a known attack on DSA keys. As a result of this bug, everyone should audit *every* key or cerficicate that was generated with OpenSSL, to trace its origin and make sure that it was not generated with a vulnerable Debian OpenSSL package. Or in the case of DSA keys care should be taken that they were not generated or used on a system with a vulnerable OpenSSL package. Keys that are potentially compromised should be replaced with strong keys. The Debian Wiki[2] has a preliminary list of affected application. A tool to detect potentially weak keys is also provided, but it contains an incomplete list of affected keys and can give false positives. The Metasploit project provides a full list of weak keys in various configurations[3]. Questions on how this may affect CentOS users should be directed to the CentOS users list. List subscription information is available from: http://lists.centos.org/mailman/listinfo/centos With kind regards, The CentOS Team [1] http://www.debian.org/security/2008/dsa-1571 [2] http://wiki.debian.org/SSLkeys [3] http://metasploit.com/users/hdm/tools/debian-openssl/

1 0

CESA-2008:0270 Important CentOS 4 i386 libvorbis Update
by Johnny Hughes 15 May '08

15 May '08

CentOS Errata and Security Advisory 2008:0270 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0270.html The following updated files have been uploaded and are currently syncing to the mirrors: i386: libvorbis-1.1.0-3.el4_6.1.i386.rpm libvorbis-devel-1.1.0-3.el4_6.1.i386.rpm src: libvorbis-1.1.0-3.el4_6.1.src.rpm

1 0

CESA-2008:0270 Important CentOS 4 x86_64 libvorbis Update
by Johnny Hughes 15 May '08

15 May '08

CentOS Errata and Security Advisory 2008:0270 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2008-0270.html The following updated files have been uploaded and are currently syncing to the mirrors: x86_64: libvorbis-1.1.0-3.el4_6.1.i386.rpm libvorbis-1.1.0-3.el4_6.1.x86_64.rpm libvorbis-devel-1.1.0-3.el4_6.1.x86_64.rpm src: libvorbis-1.1.0-3.el4_6.1.src.rpm

1 0

CESA-2008:0270 Important CentOS 3 x86_64 libvorbis - security update
by Tru Huynh 14 May '08

14 May '08

CentOS Errata and Security Advisory CESA-2008:0270 libvorbis security update for CentOS 3 x86_64: https://rhn.redhat.com/errata/RHSA-2008-0270.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/libvorbis-1.0-10.el3.i386.rpm updates/x86_64/RPMS/libvorbis-1.0-10.el3.x86_64.rpm updates/x86_64/RPMS/libvorbis-devel-1.0-10.el3.x86_64.rpm source: updates/SRPMS/libvorbis-1.0-10.el3.src.rpm You may update your CentOS-3 x86_64 installations by running the command: yum update libvorbis\* Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B

1 0

CESA-2008:0270 Important CentOS 3 i386 libvorbis - security update
by Tru Huynh 14 May '08

14 May '08

CentOS Errata and Security Advisory CESA-2008:0270 libvorbis security update for CentOS 3 i386: https://rhn.redhat.com/errata/RHSA-2008-0270.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/libvorbis-1.0-10.el3.i386.rpm updates/i386/RPMS/libvorbis-devel-1.0-10.el3.i386.rpm source: updates/SRPMS/libvorbis-1.0-10.el3.src.rpm You may update your CentOS-3 i386 installations by running the command: yum update libvorbis\* Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B

1 0

CESA-2008:0262 Important CentOS 4 s390(x) gpdf - security update
by Pasi Pirhonen 11 May '08

11 May '08

CentOS Errata and Security Advisory 2008:0262 https://rhn.redhat.com/errata/RHSA-2008-0262.html The following updated files have been uploaded and are currently syncing to the mirrors: s390: updates/s390/RPMS/gpdf-2.8.2-7.7.2.s390.rpm s390x: updates/s390x/RPMS/gpdf-2.8.2-7.7.2.s390x.rpm -- Pasi Pirhonen - upi(a)iki.fi - http://pasi.pirhonen.eu/ Top-postings silently ignored

1 0

CESA-2008:0224 Moderate CentOS 4 s390(x) thunderbird - security update
by Pasi Pirhonen 11 May '08

11 May '08

CentOS Errata and Security Advisory 2008:0224 https://rhn.redhat.com/errata/RHSA-2008-0224.html The following updated files have been uploaded and are currently syncing to the mirrors: s390: updates/s390/RPMS/thunderbird-1.5.0.12-11.el4.centos.s390.rpm s390x: updates/s390x/RPMS/thunderbird-1.5.0.12-11.el4.centos.s390x.rpm -- Pasi Pirhonen - upi(a)iki.fi - http://pasi.pirhonen.eu/ Top-postings silently ignored

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

announce May 2008