[CentOS] CentOS-announce Digest, Vol 82, Issue 7

Mon Dec 12 17:00:03 UTC 2011
centos-announce-request at centos.org <centos-announce-request at centos.org>

Send CentOS-announce mailing list submissions to
	centos-announce at centos.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
	centos-announce-request at centos.org

You can reach the person managing the list at
	centos-announce-owner at centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CEBA-2011:1535  CentOS 5 i386 sos Update (Johnny Hughes)
   2. CEBA-2011:1535  CentOS 5 x86_64 sos Update (Johnny Hughes)
   3. Using sha256sum instead of md5sum for package	checksums
      (Johnny Hughes)


----------------------------------------------------------------------

Message: 1
Date: Mon, 12 Dec 2011 11:24:24 +0000
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CEBA-2011:1535  CentOS 5 i386 sos Update
To: centos-announce at centos.org
Message-ID: <20111212112424.GA6908 at chakra.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2011:1535 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1535.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

i386:
95167d3a8c507005d52afef139d3eebc  sos-1.7-9.54.el5_7.1.noarch.rpm

Source:
41f32c5c29d3ce6e241802730cd663b6  sos-1.7-9.54.el5_7.1.src.rpm


-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net



------------------------------

Message: 2
Date: Mon, 12 Dec 2011 11:24:24 +0000
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CEBA-2011:1535  CentOS 5 x86_64 sos Update
To: centos-announce at centos.org
Message-ID: <20111212112424.GA6925 at chakra.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2011:1535 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1535.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

x86_64:
95167d3a8c507005d52afef139d3eebc  sos-1.7-9.54.el5_7.1.noarch.rpm

Source:
41f32c5c29d3ce6e241802730cd663b6  sos-1.7-9.54.el5_7.1.src.rpm


-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net



------------------------------

Message: 3
Date: Mon, 12 Dec 2011 06:39:04 -0600
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] Using sha256sum instead of md5sum for
	package	checksums
To: CentOS-Announce <centos-announce at centos.org>
Message-ID: <4EE5F5E8.4060207 at centos.org>
Content-Type: text/plain; charset="iso-8859-1"

There are known Collision Attacks for the MD5SUM method of hashing, so
it is possible to modify a file and make it have the same MD5SUM as
another file.  See this link for details on Collision Attacks:

http://en.wikipedia.org/wiki/Collision_attack

Recommendation from the US-CERT concerning MD5SUM hashes:

http://www.kb.cert.org/vuls/id/836068

Based on the above information, the CentOS team will be using sha256sum
(sha-2) and not md5sum to generate future hashes for posting on our
e-mail announcements to the CentOS Announce Mailing List.

Thanks,
Johnny Hughes
The CentOS Project

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : http://lists.centos.org/pipermail/centos-announce/attachments/20111212/2d12f149/attachment-0001.bin 

------------------------------

_______________________________________________
CentOS-announce mailing list
CentOS-announce at centos.org
http://lists.centos.org/mailman/listinfo/centos-announce


End of CentOS-announce Digest, Vol 82, Issue 7
**********************************************