[CentOS] CentOS-announce Digest, Vol 82, Issue 7

-- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos@irc.freenode.net ------------------------------ Message: 2 Date: Mon, 12 Dec 2011 11:24:24 +0000 From: Johnny Hughes johnny@centos.org Subject: [CentOS-announce] CEBA-2011:1535 CentOS 5 x86_64 sos Update To: centos-announce@centos.org Message-ID: 20111212112424.GA6925@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2011:1535 Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1535.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 95167d3a8c507005d52afef139d3eebc sos-1.7-9.54.el5_7.1.noarch.rpm Source: 41f32c5c29d3ce6e241802730cd663b6 sos-1.7-9.54.el5_7.1.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos@irc.freenode.net ------------------------------ Message: 3 Date: Mon, 12 Dec 2011 06:39:04 -0600 From: Johnny Hughes johnny@centos.org Subject: [CentOS-announce] Using sha256sum instead of md5sum for package checksums To: CentOS-Announce centos-announce@centos.org Message-ID: 4EE5F5E8.4060207@centos.org Content-Type: text/plain; charset="iso-8859-1" There are known Collision Attacks for the MD5SUM method of hashing, so it is possible to modify a file and make it have the same MD5SUM as another file. See this link for details on Collision Attacks: http://en.wikipedia.org/wiki/Collision_attack Recommendation from the US-CERT concerning MD5SUM hashes: http://www.kb.cert.org/vuls/id/836068 Based on the above information, the CentOS team will be using sha256sum (sha-2) and not md5sum to generate future hashes for posting on our e-mail announcements to the CentOS Announce Mailing List. Thanks, Johnny Hughes The CentOS Project