On 10/31/2014 06:53 AM, Johnny Hughes wrote:
CentOS Errata and Security Advisory 2014:1764 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1764.html
Note to CentOS 5 users. RedHat does not plan to release a fixed wget for EL5. You can mitigate this vulnerability by adding the following line to the bottom of /etc/wgetrc: retr-symlinks=on
Doing so will basically accomplish exactly the same thing that this update does.
Peter
On Thu, Oct 30, 2014 at 12:31 PM, Peter peter@pajamian.dhs.org wrote:
On 10/31/2014 06:53 AM, Johnny Hughes wrote:
CentOS Errata and Security Advisory 2014:1764 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1764.html
Note to CentOS 5 users. RedHat does not plan to release a fixed wget for EL5. You can mitigate this vulnerability by adding the following line to the bottom of /etc/wgetrc: retr-symlinks=on
Doing so will basically accomplish exactly the same thing that this update does.
Peter
Thanks for the heads up. Much appreciated. I'll just post a link relevant to this:
https://bugzilla.redhat.com/show_bug.cgi?id=1139181#c17
I was a bit surprised to learn that security updates labelled 'moderate' are no longer published for EL5.
Akemi
Am 30.10.2014 um 21:20 schrieb Akemi Yagi amyagi@gmail.com:
On Thu, Oct 30, 2014 at 12:31 PM, Peter peter@pajamian.dhs.org wrote:
On 10/31/2014 06:53 AM, Johnny Hughes wrote:
CentOS Errata and Security Advisory 2014:1764 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1764.html
Note to CentOS 5 users. RedHat does not plan to release a fixed wget for EL5. You can mitigate this vulnerability by adding the following line to the bottom of /etc/wgetrc: retr-symlinks=on
Doing so will basically accomplish exactly the same thing that this update does.
Peter
Thanks for the heads up. Much appreciated. I'll just post a link relevant to this:
https://bugzilla.redhat.com/show_bug.cgi?id=1139181#c17
I was a bit surprised to learn that security updates labelled 'moderate' are no longer published for EL5.
oh, that means effectively only 6-7 years "fully supported".
-- LF
31.10.2014 13:24, Leon Fauster wrote:
Am 30.10.2014 um 21:20 schrieb Akemi Yagi amyagi@gmail.com:
On Thu, Oct 30, 2014 at 12:31 PM, Peter peter@pajamian.dhs.org wrote:
On 10/31/2014 06:53 AM, Johnny Hughes wrote:
CentOS Errata and Security Advisory 2014:1764 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1764.html
Note to CentOS 5 users. RedHat does not plan to release a fixed wget for EL5. You can mitigate this vulnerability by adding the following line to the bottom of /etc/wgetrc: retr-symlinks=on
Doing so will basically accomplish exactly the same thing that this update does.
Peter
Thanks for the heads up. Much appreciated. I'll just post a link relevant to this:
https://bugzilla.redhat.com/show_bug.cgi?id=1139181#c17
I was a bit surprised to learn that security updates labelled 'moderate' are no longer published for EL5.
oh, that means effectively only 6-7 years "fully supported".
People would be grateful if CentOS developers have built an updated version of wget in centosplus repository.
On Fri, Oct 31, 2014 at 02:16:27PM +0300, Andrey Z. wrote:
People would be grateful if CentOS developers have built an updated version of wget in centosplus repository.
While I am personally a little irritated that this isn't being addressed by Red Hat the fact is that the workaround is trivial - just add
retr-symlinks=on
in /etc/wgetrc; which is effectively what the patch for CentOS-6 and -7 does.
John
-
Akemi Yagi -
Andrey Z. -
John R. Dennison -
Leon Fauster -
Peter