Send CentOS-announce mailing list submissions to centos-announce@centos.org

To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request@centos.org

You can reach the person managing the list at centos-announce-owner@centos.org

When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..."

Today's Topics:

1. New CentOS Atomic Release and Kubernetes System Containers Now Available (Jason Brooks) 2. CESA-2017:2456 Critical CentOS 6 firefox Security Update (Johnny Hughes) 3. CESA-2017:2424 Critical CentOS 6 java-1.7.0-openjdk Security Update (Johnny Hughes) 4. CESA-2017:2478 Critical CentOS 6 httpd Security Update (Johnny Hughes)

----------------------------------------------------------------------

Message: 1 Date: Fri, 11 Aug 2017 11:53:14 -0700 From: Jason Brooks jbrooks@redhat.com To: "The CentOS developers mailing list." centos-devel@centos.org, atomic-devel atomic-devel@projectatomic.io, atomic-announce@projectatomic.io, centos-announce@centos.org Subject: [CentOS-announce] New CentOS Atomic Release and Kubernetes System Containers Now Available Message-ID: CAF=rfpDokA6CUrO2W0aY3gEuOpJ384ThhH-6fwJxwf6OueAg_Q@mail.gmail.com Content-Type: text/plain; charset="UTF-8"

Last week, the CentOS Atomic SIG released an updated version (https://wiki.centos.org/SpecialInterestGroup/Atomic/Download) of CentOS Atomic Host (7.1707), a lean operating system designed to run Docker containers, built from standard CentOS 7 RPMs, and tracking the component versions included in Red Hat Enterprise Linux Atomic Host.

The release, which came as part of the monthly CentOS release stream, was a modest one, including only a single glibc bugfix update (https://lists.centos.org/pipermail/centos-announce/2017-July/022505.html). The next Atomic Host release will be based on the RHEL 7.4 source code (https://seven.centos.org/2017/08/centos-linux-7-1708-based-on-rhel-7-4-sourc...) and will include support for overlayfs container storage, among other enhancements.

Outside of the Atomic Host itself, the SIG has updated its Kubernetes container images to be usable as system containers (http://www.projectatomic.io/blog/2016/09/intro-to-system-containers/). What's more, in addition to the Kubernetes 1.5.x-based containers that derive from RHEL, the Atomic SIG is now producing packages and containers that provide the current 1.7.x version of Kubernetes.

## Containerized Master

The downstream release of CentOS Atomic Host ships without the kubernetes-master package built into the image. You can install the master kubernetes components (apiserver, scheduler, and controller-manager) as system containers, using the following commands:

# atomic install --system --system-package=no --name kube-apiserver registry.centos.org/centos/kubernetes-apiserver:latest

# atomic install --system --system-package=no --name kube-scheduler registry.centos.org/centos/kubernetes-scheduler:latest

# atomic install --system --system-package=no --name kube-controller-manager registry.centos.org/centos/kubernetes-controller-manager:latest

## Kubernetes 1.7.x

The CentOS Virt SIG is now producing Kubernetes 1.7.x rpms, available through this yum repo (https://github.com/CentOS/CentOS-Dockerfiles/blob/master/kubernetes-sig/mast...). The Atomic SIG is maintaining system containers based on these rpms that can be installed as as follows:

### on your master

# atomic install --system --system-package=no --name kube-apiserver registry.centos.org/centos/kubernetes-sig-apiserver:latest

# atomic install --system --system-package=no --name kube-scheduler registry.centos.org/centos/kubernetes-sig-scheduler:latest

# atomic install --system --system-package=no --name kube-controller-manager registry.centos.org/centos/kubernetes-sig-controller-manager:latest

### on your node(s)

# atomic install --system --system-package=no --name kubelet registry.centos.org/centos/kubernetes-sig-kubelet:latest

# atomic install --system --system-package=no --name kube-proxy registry.centos.org/centos/kubernetes-sig-proxy:latest

Both the 1.5.x and 1.7.x sets of containers have been tested with the kubernetes ansible scripts (https://github.com/kubernetes/contrib/tree/master/ansible) provided in the upstream contrib repository, and function as drop-in replacements for the installed rpms. If you prefer to run Kubernetes from installed rpms, you can layer the master components onto your Atomic Host image using rpm-ostree package layering with the command: `atomic host install kubernetes-master`.

The containers referenced in these systemd service files are built in and hosted from the CentOS Community Container Pipeline (https://wiki.centos.org/ContainerPipeline), based on Dockerfiles from the CentOS-Dockerfiles repository (https://github.com/CentOS/CentOS-Dockerfiles/tree/master/kubernetes).

## Download CentOS Atomic Host

CentOS Atomic Host is available as a VirtualBox or libvirt-formatted Vagrant box, or as an installable ISO, qcow2 or Amazon Machine image. For links to media, see the CentOS wiki (https://wiki.centos.org/SpecialInterestGroup/Atomic/Download).

## Upgrading

If you're running a previous version of CentOS Atomic Host, you can upgrade to the current image by running the following command:

$ sudo atomic host upgrade

## Release Cycle

The CentOS Atomic Host image follows the upstream Red Hat Enterprise Linux Atomic Host cadence. After sources are released, they're rebuilt and included in new images. After the images are tested by the SIG and deemed ready, we announce them.

## Getting Involved

CentOS Atomic Host is produced by the CentOS Atomic SIG (http://wiki.centos.org/SpecialInterestGroup/Atomic), based on upstream work from Project Atomic (http://www.projectatomic.io/). If you'd like to work on testing images, help with packaging, documentation -- join us!

The SIG meets weekly on Thursdays at 16:00 UTC in the #centos-devel channel, and you'll often find us in #atomic and/or #centos-devel if you have questions. You can also join the atomic-devel (https://lists.projectatomic.io/mailman/listinfo/atomic-devel) mailing list if you'd like to discuss the direction of Project Atomic, its components, or have other questions.

## Getting Help

If you run into any problems with the images or components, feel free to ask on the centos-devel (http://lists.centos.org/mailman/listinfo/centos-devel) mailing list.

Have questions about using Atomic? See the atomic (https://lists.projectatomic.io/mailman/listinfo/atomic) mailing list or find us in the #atomic channel on Freenode.

------------------------------

Message: 2 Date: Tue, 15 Aug 2017 20:20:53 +0000 From: Johnny Hughes johnny@centos.org To: centos-announce@centos.org Subject: [CentOS-announce] CESA-2017:2456 Critical CentOS 6 firefox Security Update Message-ID: 20170815202053.GA55144@n04.lon1.karan.org Content-Type: text/plain; charset=us-ascii

CentOS Errata and Security Advisory 2017:2456 Critical

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2456

The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )

i386: f29636840b84fd6d5a4a102d02a19c569a3c8e5bb122fffab931a57fdaf87ae8 firefox-52.3.0-3.el6.centos.i686.rpm

x86_64: f29636840b84fd6d5a4a102d02a19c569a3c8e5bb122fffab931a57fdaf87ae8 firefox-52.3.0-3.el6.centos.i686.rpm fa94722eb61a41e0c0c12c31dab803aeb3387e9ba83ad52a305dc1880d5764b8 firefox-52.3.0-3.el6.centos.x86_64.rpm

Source: 85eb85c49ccac809e5eb899b3680735e5ba1521c378866ccfa98982462801152 firefox-52.3.0-3.el6.centos.src.rpm