Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7? I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7.
Thanks! -->Pat
On Wednesday, May 11, 2016 11:20am, "Patrick Rael" prael@lumeta.com said:
Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7? I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7.
Thanks!
Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless CentOS does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL update.
On Wed, 11 May 2016, Steve Snyder wrote:
On Wednesday, May 11, 2016 11:20am, "Patrick Rael" prael@lumeta.com said:
Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7? I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7.
Thanks!
Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless CentOS does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL update.
Or, if you have the CR repo installed, you should get it a lot quicker.
Gilbert
******************************************************************************* Gilbert Sebenste ******** (My opinions only!) ****** *******************************************************************************
On 05/11/2016 09:45 AM, Steve Snyder wrote:
On Wednesday, May 11, 2016 11:20am, "Patrick Rael" prael@lumeta.com said:
Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7? I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7.
Thanks!
Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless CentOS does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL update.
Is there an ETA on CentOS v6.8? Days? Weeks? Months? (years?) I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7. I thought security updates would be available on 6.7 for many more years.
Best regards!
Patrick Rael wrote:
On 05/11/2016 09:45 AM, Steve Snyder wrote:
On Wednesday, May 11, 2016 11:20am, "Patrick Rael" prael@lumeta.com said:
Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7? I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7.
Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless CentOS does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL update.
Is there an ETA on CentOS v6.8? Days? Weeks? Months? (years?) I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7. I thought security updates would be available on 6.7 for many more years.
Please - it was *just* released, and the build team is presumably already on it. Hopefully, upstream hasn't screwed with their build environment again.
At any rate, when upstream did, it took our build team about a month to get builds working again; if they haven't, then I'd hope for a few weeks.
PLEASEPLEASEPLEASEPLEASE people, *don't* turn this into a 5k posts a day arguing over whether the build team is lazy, or 75% of them "ANYTHING NEW?! HOW SOON?!!!!!!!!!
Give them some bloody time, children. It's a job of work, as the old saying goes.
mark
Date: Wednesday, May 11, 2016 13:24:43 -0400 From: m.roth@5-cent.us
Patrick Rael wrote:
On 05/11/2016 09:45 AM, Steve Snyder wrote:
On Wednesday, May 11, 2016 11:20am, "Patrick Rael" prael@lumeta.com said:
Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7? I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7.
Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless CentOS does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL update.
Is there an ETA on CentOS v6.8? Days? Weeks? Months? (years?) I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7. I thought security updates would be available on 6.7 for many more years.
Please - it was *just* released, and the build team is presumably already on it. Hopefully, upstream hasn't screwed with their build environment again.
At any rate, when upstream did, it took our build team about a month to get builds working again; if they haven't, then I'd hope for a few weeks.
PLEASEPLEASEPLEASEPLEASE people, *don't* turn this into a 5k posts a day arguing over whether the build team is lazy, or 75% of them "ANYTHING NEW?! HOW SOON?!!!!!!!!!
Give them some bloody time, children. It's a job of work, as the old saying goes.
Security updates will be available for rhel/centos 6 for many years (november 2020 I believe). 6.7 is simply a point-in-time snapshot which is not explicitly supported once the next point release has come out.
I thought security updates would be available on 6.7 for many more years.
When there are cusp security issues like this the security update sometimes comes out ahead of the rest of the new point release via the fasttrack or CR repositories.
On 05/11/2016 11:24 AM, m.roth@5-cent.us wrote:
Patrick Rael wrote:
On 05/11/2016 09:45 AM, Steve Snyder wrote:
On Wednesday, May 11, 2016 11:20am, "Patrick Rael" prael@lumeta.com said:
Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7? I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7.
Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless CentOS does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL update.
Is there an ETA on CentOS v6.8? Days? Weeks? Months? (years?) I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7. I thought security updates would be available on 6.7 for many more years.
Please - it was *just* released, and the build team is presumably already on it. Hopefully, upstream hasn't screwed with their build environment again.
At any rate, when upstream did, it took our build team about a month to get builds working again; if they haven't, then I'd hope for a few weeks.
PLEASEPLEASEPLEASEPLEASE people, *don't* turn this into a 5k posts a day arguing over whether the build team is lazy, or 75% of them "ANYTHING NEW?! HOW SOON?!!!!!!!!!
Give them some bloody time, children. It's a job of work, as the old saying goes.
mark
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Thanks! You developers do a mountain of work, it's really appreciated greatly!
-->Pat ----------
On 05/11/2016 11:44 AM, Patrick Rael wrote:
On 05/11/2016 09:45 AM, Steve Snyder wrote:
On Wednesday, May 11, 2016 11:20am, "Patrick Rael" prael@lumeta.com said:
Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7? I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7.
Thanks!
Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless CentOS does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL update.
Is there an ETA on CentOS v6.8? Days? Weeks? Months? (years?) I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7. I thought security updates would be available on 6.7 for many more years.
Because Red Hat built that against 6.8 and not 6.7, I have to do the same.
I expect that the CR rpms for os/ and that openssl update will be released in the next 2-3 days.
Thanks, Johnny Hughes
Johnny Hughes wrote:
On 05/11/2016 11:44 AM, Patrick Rael wrote:
On 05/11/2016 09:45 AM, Steve Snyder wrote:
On Wednesday, May 11, 2016 11:20am, "Patrick Rael" prael@lumeta.com said:
Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7? I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7.
Thanks!
Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless CentOS does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL update.
Is there an ETA on CentOS v6.8? Days? Weeks? Months? (years?) I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7. I thought security updates would be available on 6.7 for many more years.
Because Red Hat built that against 6.8 and not 6.7, I have to do the same.
I expect that the CR rpms for os/ and that openssl update will be released in the next 2-3 days.
Thanks,
No, thank *you*, Johnny, for all the work you do... and, as I've offered before, if we're ever in the same metro area, I'd be happy to buy you a drink for it all.
mark
On Wed, 11 May 2016 09:20:54 -0600 Patrick Rael prael@lumeta.com wrote:
Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7? I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7.
The fix/RHSA is here: https://rhn.redhat.com/errata/RHSA-2016-0996.html
But as Steve pointed out it's part of 6.8 (hence the current unavailability).
/Peter K
-
Gilbert Sebenste -
Johnny Hughes -
m.roth@5-cent.us -
Patrick Rael -
Peter Kjellström -
Richard -
Steve Snyder