CentOS Errata and Security Advisory 2015:0766 Critical
Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0766.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
beaac586f844c81489edecdef29f700d6463b2781a6cce2c335bb21eb39c871a firefox-31.6.0-2.el5.centos.i386.rpm
x86_64:
beaac586f844c81489edecdef29f700d6463b2781a6cce2c335bb21eb39c871a firefox-31.6.0-2.el5.centos.i386.rpm
b3b0a4830df3143e8de64f822b28aae25117a56cbdf9911770d4bd2b5980b16d firefox-31.6.0-2.el5.centos.x86_64.rpm
Source:
562625fd007c32f416a37cfccf50e9c206aed8810b0759728f140f4ae67cee01 firefox-31.6.0-2.el5.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos(a)irc.freenode.net
--- Important Update to CentOS Linux 7 1503 release ---
In order to better communicate the upstream code relationship, we
changed the way we handle /etc/centos-release and /etc/redhat-release in
CentOS Linux 7. However, a fallout of this change was that some config
management and automation tools were unable to parse the version id
properly. We felt this problem had a wide enough impact that it deserved
immediate action to resolve. And, to address this issue, we have
immediately issued updates for the 'centos-release' package and are
working to deliver an install time solution in the next few hours.
Our recommendation for authors of these tools is to consider using the
/etc/os-release file as the source of metadata; by design this file is
set up to export script consumable content that defines the environment.
Furthermore the os-release file can be easily extended to suit site
specific requirements.
To verify you have the currect centos-release file, running 'file
/etc/redhat-release' should return '/etc/redhat-release: symbolic link
to `centos-release`'
In case you have made local edits to these files, there will be no
change and your edits would have been preserved through this update cycle.
--- Details
What are we doing
- We have issued the updated centos-release into centos/7/updates/; this
file has Release marked as el7.centos.2.8; everyone running a 'yum
update' will get this new content automatically.
- We have updated the base os/ repos with the new centos-release so all
network driven installs (nfs, pxe, netinstall, http, ftp) will deliver
the right content right from the start, facilitating automation and
config management tools to function right away.
- New ISOS for the following media have been rebuilt and are currently
syncing out, note the 01 at the end of the filename, this indicates it
is a subsequent release. Once these images are widely available, we will
remove the older ones. Details on how we hope to run this are available
in the mirror section below. Media types impacted:
* DVD :: new file CentOS-7-x86_64-DVD-1503-01.iso
sha256: 85bcf62462fb678adc0cec159bf8b39ab5515404bc3828c432f743a1b0b30157
torrent:
http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-DVD-1503-01.t…
* Everything :: new file: CentOS-7-x86_64-Everything-1503-01.iso
sha256: 8c3f66efb4f9a42456893c658676dc78fe12b3a7eabca4f187de4855d4305cc7
torrent:
http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-Everything-15…
* Minimal :: new file: CentOS-7-x86_64-Minimal-1503-01.iso
sha256: 7cf1ac8da13f54d6be41e3ccf228dc5bb35792f515642755ff4780d5714d4278
torrent:
http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-1503-…
Media types not impacted, and therefore not reissued:
* NetInstall
* Live CD
* Live GNOME
* Live KDE
- The CentOS Linux 1503 Cloud and Docker images will also be rebuilt and
refreshed.
Impact to users:
- This issue does not impact most users. Only people who run automation
software that parses /etc/redhat-release would be affected, if they had
run yum update on their machines between 17:00 UTC to 22:30 UTC on 31st
March 2015.
- If you already have a CentOS-7 install, and are yum updating to the
new release, you might need to run one further yum update, but will see
no impact from this issue. Content needed to mitigate this issue is
already in the updates/ repos on mirror.centos.org
- If you have an existing CentOS-7 install, and had been consuming
content from the CR/ repo then you too will have no impact, but might
need to run yum update once again. Content needed to mitigate this issue
is already in the updates/ repo on mirror.centos.org
- If you have already run a fresh install and have a new CentOS Linux 7
install, you will need to run yum update to get the new centos-release file.
- People currently running downloads will need to restart their
downloads as new torrent files are issued. The older stale torrent files
will be removed.
--- Mirror Activity and process
Step-1: We have created new images via 'cp -al' to duplicate the
existing images to their new names. This will allow the new content to
rsync straight into place, with a very small delta. We estimated this
will reduce the overall rsync network traffic down by almost 98% for new
isos. This action was done at 22:30 UTC hrs on 31st Mar. A large bulk of
the public mirrors would now have this in place.
Step-2: New iso images for DVD, Everything and Minimal are dropped into
the right place, and we let the mirror network sync up; this typically
takes a few days, but with the step-1 action being complete, we feel
this step-2 action should complete within 3 to 4 hrs. This action will
be executed from our side by 02:00 UTC; At this point we will also have
new torrent files to match these new isos. The initial torrents will
stop running to be replaced with the new ones.
Step-3: Once the mirror network is stable, we will remove the original
ISO files and update all documentation to reflect the changes. These
changes will spread across all the www.centos.org, wiki.centos.org and
announcement contents.
--- Future Actions
Into the near future, we are going to try and bring onboard as many of
these automation tools as possible into the CentOS QA cycles to ensure
that we always maintain compatibility with them. We will also look at
expanding the QA effort to include a large number of people from a more
diverse set of roles.
As the first step towards this, I hope to run a public retrospective on
this release cycle, and I welcome all feedback towards that. My aim is
to have a report on that posted within the month of April 2015.
One of the most important things for us, in the CentOS Project, is to
ensure that all content is tested and sanitised so as to never break an
existing install or an existing workflow. This time we tripped up, but I
hope we were able to rectify this rapidly enough that it does not cause
too much trouble for our sysadmin friends.
--
Karanbir Singh, Project Lead, The CentOS Project
+44-207-009 4455 | http://www.centos.org/ | twitter.com/CentOS