Discuss

discuss@lists.centos.org

1 participants
34732 discussions

3Ware Escalade 9500S controller question
by Shawn M. Jones 09 Sep '04

09 Sep '04

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings folks, I'm currently redoing my home server as one of the hard drives in my RAID-1 array went down and I'm going to replace the lot of it with a 3Ware Escalade 9500S RAID capable card and four Seagate 200GB SATA drives. These drives are supposedly the coolest and quietest SATA drives available (better than the Maxtors I had anyway) and the capacity upgrade on the server is worth the $$$ at this point. I'm planning on running them in RAID-5 for maximum disk space and performance. Are there any 3Ware Escalade/SATA issues I should be aware of when building this new server utilizing CentOS-3? The card was supposedly supported under RH9, so I figured RHEL3 (or clones) would be fine. Thanks in advance for the feedback, - --Shawn - -- - -- Shawn M. Jones <smj(a)littleprojects.org> http://www.littleprojects.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBP9K3gaOAAb5cjIkRArVLAJ90/xrq4j8qsu8oAj6vaJlBS5pUAQCggH3a fUKM52EQlz/BzR9q5dLKrvQ= =RfLF -----END PGP SIGNATURE-----

1 0

new gaim packages? (RHSA-2004:400-01)
by Ajay Sharma 09 Sep '04

09 Sep '04

has this package been rebuilt? I didn't see an announcement for it. --Ajay, who's not bitchin', just wondering... -------- Original Message -------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated gaim package fixes security issues Advisory ID: RHSA-2004:400-01 Issue date: 2004-09-07 Updated on: 2004-09-07 Product: Red Hat Enterprise Linux Obsoletes: RHSA-2004:033 CVE Names: CAN-2004-0500 CAN-2004-0754 CAN-2004-0784 CAN-2004-0785 - --------------------------------------------------------------------- 1. Summary: An updated gaim package that fixes several security issues is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Gaim is an instant messenger client that can handle multiple protocols. Buffer overflow bugs were found in the Gaim MSN protocol handler. In order to exploit these bugs, an attacker would have to perform a man in the middle attack between the MSN server and the vulnerable Gaim client. Such an attack could allow arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0500 to this issue. Buffer overflow bugs have been found in the Gaim URL decoder, local hostname resolver, and the RTF message parser. It is possible that a remote attacker could send carefully crafted data to a vulnerable client and lead to a crash or arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0785 to this issue. A shell escape bug has been found in the Gaim smiley theme file installation. When a user installs a smiley theme, which is contained within a tar file, the unarchiving of the data is done in an unsafe manner. An attacker could create a malicious smiley theme that would execute arbitrary commands if the theme was installed by the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0784 to this issue. An integer overflow bug has been found in the Gaim Groupware message receiver. It is possible that if a user connects to a malicious server, an attacker could send carefully crafted data which could lead to arbitrary code execution on the victims machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0754 to this issue. Users of Gaim are advised to upgrade to this updated package which contains Gaim version 0.82 and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 126842 - CAN-2004-0500 Gaim MSN protocol vulnerabilities 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gaim-0.82.1-0.RHEL3.src… 4daa55a0489b9eb37c079c8d5f5b6b59 gaim-0.82.1-0.RHEL3.src.rpm i386: 16a0c2078927b793b9186eeb83e93be0 gaim-0.82.1-0.RHEL3.i386.rpm ia64: 9f88b162909aafb41bca2ad76c5faf45 gaim-0.82.1-0.RHEL3.ia64.rpm ppc: 7f37d28cb2c1e5b9c87807afff904147 gaim-0.82.1-0.RHEL3.ppc.rpm s390: 892285056f0b54a4b460ac2bb37a9fd2 gaim-0.82.1-0.RHEL3.s390.rpm s390x: b123c085ecb9ec973266b7b68c410c9c gaim-0.82.1-0.RHEL3.s390x.rpm x86_64: 9091ab5c18b428e8cf933e2a0767fb77 gaim-0.82.1-0.RHEL3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gaim-0.82.1-0.RHEL… 4daa55a0489b9eb37c079c8d5f5b6b59 gaim-0.82.1-0.RHEL3.src.rpm i386: 16a0c2078927b793b9186eeb83e93be0 gaim-0.82.1-0.RHEL3.i386.rpm x86_64: 9091ab5c18b428e8cf933e2a0767fb77 gaim-0.82.1-0.RHEL3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gaim-0.82.1-0.RHEL3.src… 4daa55a0489b9eb37c079c8d5f5b6b59 gaim-0.82.1-0.RHEL3.src.rpm i386: 16a0c2078927b793b9186eeb83e93be0 gaim-0.82.1-0.RHEL3.i386.rpm ia64: 9f88b162909aafb41bca2ad76c5faf45 gaim-0.82.1-0.RHEL3.ia64.rpm x86_64: 9091ab5c18b428e8cf933e2a0767fb77 gaim-0.82.1-0.RHEL3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gaim-0.82.1-0.RHEL3.src… 4daa55a0489b9eb37c079c8d5f5b6b59 gaim-0.82.1-0.RHEL3.src.rpm i386: 16a0c2078927b793b9186eeb83e93be0 gaim-0.82.1-0.RHEL3.i386.rpm ia64: 9f88b162909aafb41bca2ad76c5faf45 gaim-0.82.1-0.RHEL3.ia64.rpm x86_64: 9091ab5c18b428e8cf933e2a0767fb77 gaim-0.82.1-0.RHEL3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 7. References: http://gaim.sourceforge.net/security/?id=0 http://gaim.sourceforge.net/security/?id=1 http://gaim.sourceforge.net/security/?id=2 http://gaim.sourceforge.net/security/?id=3 http://gaim.sourceforge.net/security/?id=4 http://gaim.sourceforge.net/security/?id=5 http://gaim.sourceforge.net/security/?id=6 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0500 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0754 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0785 8. Contact: The Red Hat security contact is <secalert(a)redhat.com>. More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBPdaDXlSAg2UNWIIRAizBAJ9orm7H7CHW/hEba9bxTrHZTNQQpwCeKGjX FinUptKP9j4PQpFUEbHXvRI= =7Hnj -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list Enterprise-watch-list(a)redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list -- --------------------- Satyajot (Ajay) Sharma REVShare Corp System Administrator

4 5

re:[Centos] php-snmp
by Dan 09 Sep '04

09 Sep '04

I took a look at the spec file and there was nothing about snmp commented out. So did a search for a spec file for EL3 and found one which had the snmp module set to build. Looked it over and copied what sections refer to snmp. When I add the line: %file snmp -f files.snmp I get the error-> Could not open %file /usr/src/redhat/BUILD/php-4.3.2/files.snmp: No such file or directory If I remove this line, I get an error about an upackaged file that is called snmp.o Reading up I found that if you receive the second error you need to add the %file line for the file that is missing and that is what I did in the first place. I have never built my own rpm before so I am new to this. Any help would be appreciated. Here is a link to the spec file http://traffic.wonderwave.net/php.spec Dan On Tue, 2004-09-07 at 09:50, Dag Wieers wrote: > On Tue, 7 Sep 2004, John Newbigin wrote: > > > I have build php-snmp & php-oci8 for CentOS-2 but I assume you are referring > > to CentOS-3.1 > > > > The CentOS-2 version is available under centos-2/extras/i386/ on the centos > > mirror. > > If you can send me the SPEC files, I can look into providing these for > el2.1 and el3 (i386, x86_64) > > Kind regards, > -- dag wieers, dag(a)wieers.com, http://dag.wieers.com/ -- > [Any errors in spelling, tact or fact are transmission errors]

2 1

Re: [Centos] migrating RH9 to CentOS-3
by John Newbigin 09 Sep '04

09 Sep '04

Rick Graves wrote: > John, > > I think the error that I encountered earlier this week > was because I am now blocked from accessing the main > CentOS mirror. > > At any rate, today I tried a different mirror, and at > least yum would run. > > I am still on the RH9 X install. > > I tried yum update, and got this: > > Resolving dependencies > .......Unable to satisfy dependencies > Package mozilla-psm needs mozilla = 37:1.4-3.0.18, > this is not available. > Package mozilla-psm needs mozilla-nss = 37:1.4-3.0.18, > this is not available. > > Can you shed anly light on this? There will be cases which need special handling. I think mozilla-psm is now included in the core mozilla package. If the new mozilla does not have the correct tags to tell yum that mozilla-psm can be removed then you have have to remove it manually beforehand. These are the kinds of tasks which we need documented. I was also thinking, it might be possible to create dummy packages which provide these kinds of dependencies so you can add the dummy module to your yum.conf and then it will be more automatic. There are others on the list that know more about yum than me and might have some ideas. John. > > Thanks, > > Rick > > > > > --- John Newbigin <jn(a)it.swin.edu.au> wrote: > > >>Rick Graves wrote: >> >> >>>John, >>> >>>I took another look at your migration page. I >> >>have >> >>>two questions. >>> >>>1) It seems the errata support only applies to >> >>moving >> >>>from RHEL3 to CentOS-3 -- correct? >> >>And RHEL2.1 to CentOS-2. >> >>>2) The Live Update option does not apply to moving >> >>off >> >>>RedHat 9, but does apply to moving off RedHat 7.2? >> >> >>Live update from RH9 -> CentOS-3.1 should work. See >>this page for details: >> > > http://www.webhostingtalk.com/showthread.php?s=&threadid=276534 > >>>I think I will try a Live Update on my test bench >> >>RH 9 >> >>>system. >>> >>>As you pointed out before, there is no big rush. >> >>On >> >>>the other hand, the value of this information >> >>dimishes >> >>>over time, as there is no point in making the >>>information available after everyone on the planet >> >>has >> >>>upgraded from the RedHat versions to something >> >>else. >>True. >> >>>Looking at your migration page again made me >> >>realize >> >>>that the Live Update option is high risk. >> >>Obviously, >> >>>someone who cares about they systems would choose >> >>Live >> >>>Update as a last choice. Clean new install on >> >>extra >> >>>hardware seems to be the best way to go. >> >>Indeed, but I have some old boxes running 7.2 which >>I have not got round >>to upgrading yet. If the procedure was as easy as >>running a single >>shell script I might be more inclined to update it. >> >>Did you look at my updated web page? (it was only >>updated yesterday). I >>have also started a diagram to show the distro >>family tree. Feedback is >>welcome. You will need >>http://www.gnome.org/projects/dia/ to view it. >> >>John. >> >> >>>Thanks, >>> >>>Rick >>> >>>--- John Newbigin <jn(a)it.swin.edu.au> wrote: >>> >>> >>> >>>>Rick Graves wrote: >>>> >>>> >>>> >>>>>John, >>>>> >>>>>I did not hear back from you right away. Maybe >>>> >>>>doing >>>> >>>> >>>>>all the combinations is too big a job for one >>>> >>>>person. >>>> >>>> >>>>>It might work if we split them up. >>>> >>>>Details of each procedure should be split up but >> >>we >> >>>>need somewhere to >>>>collect all the info. I don't think we need to >> >>rush >> >>>>it. >>>> >>>>I started a web page to collect my ideas >>>> >>> >>> > http://uranus.it.swin.edu.au/~jn/linux/centos-2/migration.htm > >>>>Obviously it is just a start. I thinking a semi >>>>intelligent 'wizard' >>>>where you select your current OS and either >>>>acceptable upgrade methods >>>>OR target OS and it will spit out the procedure. >>>> >>>>Each procedure could have a forum where people can >>>>contribute feedback, >>>>like they do with the php manual. >>>> >>>>I think a plan of attack is to collect information >>>>while we wait for the >>>>new web site to appear. Hopefully that will >>>>minimize duplication of effort. >>>> >>>> >>>> >>>> >>>>>I could do these two: >>>>> >>>>>RedHat 9 -> reinstall CentOS-3.1 >>>>>RedHat 9 -> live update to CentOS-3.1 >>>> >>>>I think this will be a popular procedure so it >> >>would >> >>>>be good to have >>>>this well documented. I know there is some >>>>information on this already >>>>though I have not tried it out. >>>> >>>>Another thing I might have a play with is a family >>>>tree. That might >>>>help people see the differences between versions. >>>> >>>>John. >>>> >>>> >>>>>I am volunteering for these because I already >> >>have >> >>>>>RedHat 9 and CentOS-3.1 CD's. >>>>> >>>>>The only rub is on Saturday I go on vacation, and >>>> >>>>at >>>> >>>> >>>>>the end of August I will be back to where I have >>>> >>>>my >>>> >>>> >>>>>computer junk. I could do those two in early >>>>>September. >>>>> >>>>>Any other volunteers for any of the other >>>>>combinations? >>>>> >>>>>My offer to work it all into the web site still >>>>>stands. >>>>> >>>>>Rick >>>>> >>>>> >>>>> >>>>>--- Rick Graves <gravesricharde(a)yahoo.com> wrote: >>>>> >>>>> >>>>> >>>>> >>>>>>Date: Thu, 12 Aug 2004 06:13:59 -0700 (PDT) >>>>>>From: Rick Graves <gravesricharde(a)yahoo.com> >>>>>>Subject: Re: migration center >>>>>>To: centos(a)caosity.org >>>>>> >>>>>>John, >>>>>> >>>>>>Would you like to take a first crack at the text >>>> >>>>for >>>> >>>> >>>>>>the migration center? You could then run it by >>>> >>>>this >>>> >>>> >>>>>>group. >>>>>> >>>>>>If we get something that is good enough not to >> >>get >> >>>>>>shot down here, I will work it into the web >> >>site. >> >>>>>>If we decide to go with separate sites, the text >>>>>>could >>>>>>just be copied over, so there would be no wasted >>>>>>effort. >>>>>> >>>>>>Rick >>>>>> >>>>>>--- centos-request(a)caosity.org wrote: >>>>>> >>>>>>Message: 8 >>>>>>Date: Thu, 12 Aug 2004 09:28:57 +1000 >>>>>>From: John Newbigin <jn(a)it.swin.edu.au> >>>>>>To: centos(a)caosity.org >>>>>>Subject: Re: [Centos] suggestions for CentOS >>>>>> >>>>>> >>>>>>... >>>>>> >>>>>>I think another thing we should have is a >> > === message truncated === > > > -- John Newbigin - Computer Systems Officer School of Information Technology Swinburne University of Technology Melbourne, Australia http://www.it.swin.edu.au/staff/jnewbigin

1 0

Maintainers and security updates
by Michael Rock 09 Sep '04

09 Sep '04

Hi, can someone tell how many are behind maintaining the site and converting security and regular RHEL fixes for Centos-3? I see the last round of security updates for RHEL were turned out in a day which is impressive. Trying to get an idea if Centos has alot of community support and being maintained by more than one person. I am not confident enough yet in building my own updates. I am another RH 7.1/8.0 admin that labored over the decision to go with Fedora Legacy 6 months for these servers only to find mailings to stop without any notice. Since it seemed awfully quiet for a time I checked their website and found support suspended for these version due to lack of community involvement. So doing a little more investigating this time to see if the community is really into the project before settling down with a solution. thx __________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail

6 7

Updates? Last samba package from RedHat? Cd images for update 3?
by Alex Georgiev 08 Sep '04

08 Sep '04

Dear Centos-3 Maintainers, there are several new (september) packages from redhat for RHEL3 especially https://rhn.redhat.com/errata/RHBA-2004-430.html (samba 3.0.6). Perhaps these new packages are not security updates, but .... I am having problems printing in current samba-3.0.4-6.3E which I believe shall be resolved with the new samba. Do you guys intend to rebuild last redhat updates, or I should do it on my own? Also, do you intend to make new CD images with the new RHEL update 3? This will make installing centos on SATA machines possible! Thank you very much for your efforts and work. Best regards, A. Georgiev

3 2

Centos3.1-U3 ETA ?
by Beau Henderson 08 Sep '04

08 Sep '04

Just curious, haven't seen much discussion on this or anything in the news page. Is U3 being built yet ? Might we expect to see a test release sometime soon ? -- Beau Henderson JustManaged.com - Affordable Linux Administration & Security Services.

2 1

CentOS-2 errata
by John Newbigin 07 Sep '04

07 Sep '04

The following errata for CentOS-2 have been built and uploaded the the centos mirror: RHSA-2004:440-01 An updated lha package fixes security vulnerability Files available: lha-1.00-17.3.i386.rpm More details are available from the RedHat web site at https://rhn.redhat.com/errata/rh21as-errata.html The easy way to make sure you are up to date with all the latest patches is to run: # yum update -- John Newbigin - Computer Systems Officer School of Information Technology Swinburne University of Technology Melbourne, Australia http://www.it.swin.edu.au/staff/jnewbigin

1 0

CentOS-2 errata
by John Newbigin 07 Sep '04

07 Sep '04

The following errata for CentOS-2 have been built and uploaded the the centos mirror: RHSA-2004:408-01 Updated mod_ssl package fixes minor vulnerability Files available: mod_ssl-2.8.12-6.i386.rpm More details are available from the RedHat web site at https://rhn.redhat.com/errata/rh21as-errata.html The easy way to make sure you are up to date with all the latest patches is to run: # yum update -- John Newbigin - Computer Systems Officer School of Information Technology Swinburne University of Technology Melbourne, Australia http://www.it.swin.edu.au/staff/jnewbigin

1 0

php-snmp
by Dan 07 Sep '04

07 Sep '04

Hello list. Anyone have a php rpm with snmp enabled or a php-nsmp rpm? I need to build some php pages and would like to use the snmp function that are built in. If there is another way to enable it by not using one of these rpm's that would be great too. TIA Dan

3 3

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss