[CentOS] CentOS-announce Digest, Vol 107, Issue 13

Sat Jan 25 12:00:05 UTC 2014
centos-announce-request at centos.org <centos-announce-request at centos.org>

Send CentOS-announce mailing list submissions to
	centos-announce at centos.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
	centos-announce-request at centos.org

You can reach the person managing the list at
	centos-announce-owner at centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CESA-2014:X001 Moderate Xen4CentOS libvirt	Security Update
      (Johnny Hughes)
   2. CESA-2014:X002 Moderate Xen4CentOS xen Security	Update
      (Johnny Hughes)
   3. CESA-2014:X003 Moderate Xen4CentOS kernel	Security Update
      (Johnny Hughes)


----------------------------------------------------------------------

Message: 1
Date: Sat, 25 Jan 2014 01:16:59 +0000
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2014:X001 Moderate Xen4CentOS libvirt
	Security Update
To: CentOS-announce at centos.org
Message-ID: <20140125011659.GA61199 at n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii

CentOS Errata and Security Advisory 2014:X001 (Xen4CentOS)

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

-----------------------------
X86_64
-----------------------------

dca0d401b7ac56172c4a004a412a4de308644d03c5cfd544a73aaf3675ca3e6b ibvirt-0.10.2.8-6.el6.centos.alt.x86_64.rpm
b0266f915ecc3a46c14716162f1c19b98746627f0c8f1d08dba62fc75083741b ibvirt-client-0.10.2.8-6.el6.centos.alt.x86_64.rpm
827d90006f7052b850aaad10b8b94c76cf85672a2e50db2de6b87ee28f9962f9 ibvirt-daemon-0.10.2.8-6.el6.centos.alt.x86_64.rpm
ff2350eb0ce8910d109a238a6d3309e4485b20713b79200330a9eb12bc116326 ibvirt-daemon-config-network-0.10.2.8-6.el6.centos.alt.x86_64.rpm
c591f292a8ada637b3da039d538b3a3b5304fd0f540d32d4224732972b010559 ibvirt-daemon-config-nwfilter-0.10.2.8-6.el6.centos.alt.x86_64.rpm
a8cb8f4b78d3ab68f0576d7d9c3d6eebde14e620dae8753b7cfc9432f427b110 ibvirt-daemon-driver-interface-0.10.2.8-6.el6.centos.alt.x86_64.rpm
5a41e5dc21b670397d65b4ec8bdfc758784d80a4b297eb146ae94d28513d0460 ibvirt-daemon-driver-libxl-0.10.2.8-6.el6.centos.alt.x86_64.rpm
71e2da6d10eeaf5c0d388daf3214f2c4b72bbffbba95554d2a2deb4156ab10ea ibvirt-daemon-driver-lxc-0.10.2.8-6.el6.centos.alt.x86_64.rpm
7a307f03fe71dd04dcfc01cea69e84e3dd3936e76ab9ce56813d3ef3b4452f0b ibvirt-daemon-driver-network-0.10.2.8-6.el6.centos.alt.x86_64.rpm
483068ddc0838612b6a64f6c0c0c555795112ae8af6bcc42e66ee72467d902f2 ibvirt-daemon-driver-nodedev-0.10.2.8-6.el6.centos.alt.x86_64.rpm
2edf56a7d69070ee601649c33826710492e8e01025e9a7723583c831658f10e5 ibvirt-daemon-driver-nwfilter-0.10.2.8-6.el6.centos.alt.x86_64.rpm
a8ad61584a26c9c90b07aebabfd543ce0605463befacd0cbaa33078fc4b17623 ibvirt-daemon-driver-qemu-0.10.2.8-6.el6.centos.alt.x86_64.rpm
b4f90cc79411a9da849111f66f58ea79872a2cb5cc21094460ac23dc9fa5419c ibvirt-daemon-driver-secret-0.10.2.8-6.el6.centos.alt.x86_64.rpm
9d2d993f9c81d622064a5444a888eb7b7c62f7f6e4a8241a22f68714ab117aee ibvirt-daemon-driver-storage-0.10.2.8-6.el6.centos.alt.x86_64.rpm
aa6ab8f17ed98961d4d170754a8fc63284533624a838121f789d2e31f9cdbdb9 ibvirt-daemon-driver-xen-0.10.2.8-6.el6.centos.alt.x86_64.rpm
cf67135cc854eb275606fb22bbf4a832b33765c0420afb5bc5097dd28371768f ibvirt-daemon-kvm-0.10.2.8-6.el6.centos.alt.x86_64.rpm
e8795915b4320f32b32b7cd1e3b470665943f54f2f0626c4ddad4ed6bbd14cf0 ibvirt-daemon-lxc-0.10.2.8-6.el6.centos.alt.x86_64.rpm
adeaf6b9a3224fbd94b3a309d4ea8ee04bdd9459b0ea0cda535e4d75b65a4a55 ibvirt-daemon-xen-0.10.2.8-6.el6.centos.alt.x86_64.rpm
ef2c0e42f8fbd670a902c6de484da919c3d9aae428aab3e1c2a202cbf516065b ibvirt-debuginfo-0.10.2.8-6.el6.centos.alt.x86_64.rpm
a2412290d48d386ff1873198aca2b8ef186d9564b6835430d94d655b3eb48dce ibvirt-devel-0.10.2.8-6.el6.centos.alt.x86_64.rpm
2847aa70b0fe7a34aeabdafd6352a7ef0cd35a621741d4944557948d25860eac ibvirt-docs-0.10.2.8-6.el6.centos.alt.x86_64.rpm
f870254cc46117fe473effbb7faa8a6a879bf4a641a71e903b6291b4656cf3b6 libvirt-lock-sanlock-0.10.2.8-6.el6.centos.alt.x86_64.rpm
25efcbeaad0c1d1e021871ffa494f3e5569864fd2c08f6d69de3c5416abb2b82 libvirt-python-0.10.2.8-6.el6.centos.alt.x86_64.rpm

-----------------------------
Source:
-----------------------------

97c6cbee46e5b3c332f6fe80fb1bdecc9a47eabe9276ddfba987d251097a0e43 ibvirt-0.10.2.8-6.el6.centos.alt.src.rpm

=====================================================

libvirt Changelog info from the SPEC file:

* Fri Jan 24 2014 Johnny Hughes <johnny at centos.org>  0.10.2.8-6.el6.centos.alt
- applied patches 407 to 415 from the libvirt git tree for the 0.10.2-maint
  branch
- CVE-2013-6458 is addressed in this patch
- one of the patches (xen4.3 event handler) needed to be slightly modified
  due to the custom patches provided by xen.org (patches 200-207).

=====================================================

The following Security issues are addressed in this release:

https://access.redhat.com/security/cve/CVE-2013-6458

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net



------------------------------

Message: 2
Date: Sat, 25 Jan 2014 01:17:18 +0000
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2014:X002 Moderate Xen4CentOS xen
	Security	Update
To: CentOS-announce at centos.org
Message-ID: <20140125011718.GA61213 at n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii

CentOS Errata and Security Advisory 2014:X002 (Xen4CentOS)

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

-----------------------------
X86_64
-----------------------------

be67f02a8f9eb6193ce790bf21048b2e6e2e17256ec8d236278d6b38a41af47a xen-4.2.3-27.el6.centos.alt.x86_64.rpm
b1bf1a31411d6fe6712973bd41373912655461f771a30e5919a5f7cdd9f13256 xen-debuginfo-4.2.3-27.el6.centos.alt.x86_64.rpm
1c524d0c15ba8ce443a0839bd3a66ec6c9ede64872f5237023589cc9bd02da1c xen-devel-4.2.3-27.el6.centos.alt.x86_64.rpm
a25cbaed182a55871916c665b97263965e2f91f20bc67fb7ddbe96a024e5cd02 xen-doc-4.2.3-27.el6.centos.alt.x86_64.rpm
f13f4e568ed0221a4ce0596e3ec5a632098b3994bc7e62f769d27dea16bbd8e3 xen-hypervisor-4.2.3-27.el6.centos.alt.x86_64.rpm
78cb370bc54deac65c686ae8808ecfe85279be95f27cd65dad9c2ad59515cdfe xen-libs-4.2.3-27.el6.centos.alt.x86_64.rpm
2ebe2761b680ba920c49796d35ccf630e17d50f69351b922f5cd3e619cf87629 xen-licenses-4.2.3-27.el6.centos.alt.x86_64.rpm
d46714cc9e43b09c2d3a0121c1b6f4b0cc6e03bbe8eee88be619bfe95b05ffc9 xen-ocaml-4.2.3-27.el6.centos.alt.x86_64.rpm
b68aa9c107d583c34e3c0f02e7828b2d223b5553052ec752b56dc3e030781045 xen-ocaml-devel-4.2.3-27.el6.centos.alt.x86_64.rpm
4382aa889a5c3a15690bfb9d11505564f1d1c7aa6d9b5e58378db0a33694d034 xen-runtime-4.2.3-27.el6.centos.alt.x86_64.rpm

-----------------------------
Source:
-----------------------------

e1b405ee597b55626b399e7ccb87f524c5c1be21690f0f0707e16d0378a9a4f0 xen-4.2.3-27.el6.centos.alt.src.rpm

=====================================================

xen Changelog info from the SPEC file:

* Fri Jan 24 2014 Johnny Hughes <johnny at centos.org> - 4.2.3-27.el6.centos
- Roll in patches 151 and 152 for the following XSAs:
  XSA-83 (CVE-2014-1642) and XSA-87 (CVE-2014-1666)


=====================================================

The following XSA info is available from the Xen site 

http://xenbits.xen.org/xsa/advisory-82.html
http://xenbits.xen.org/xsa/advisory-87.html
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net



------------------------------

Message: 3
Date: Sat, 25 Jan 2014 01:17:33 +0000
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2014:X003 Moderate Xen4CentOS kernel
	Security Update
To: CentOS-announce at centos.org
Message-ID: <20140125011733.GA61219 at n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii

CentOS Errata and Security Advisory 2014:X003 (Xen4CentOS)

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

-----------------------------
X86_64
-----------------------------

885234e7bead8d78e914780e3264f74e4058c4d0211934da4a4d28e3e405f51d e1000e-2.5.4-3.10.27.2.el6.centos.alt.x86_64.rpm
7c41b049043145c401915d77d61221163c5dc6438bf061211bd587ddb2267a86 kernel-3.10.27-11.el6.centos.alt.x86_64.rpm
be3b2a9f0e50148b22072418b6c4b84bdc3a7c21ab48e8ca0e4d036565532e14 kernel-devel-3.10.27-11.el6.centos.alt.x86_64.rpm
0dda48c96293eb27d7e61247a0b5c4b62f02f50074237b1c1e57cbe77410655a kernel-doc-3.10.27-11.el6.centos.alt.noarch.rpm
9e9aa71ae2ff05491e78785a45e7ddaa8ea703416522bcebd9a47b10a4d71aee kernel-firmware-3.10.27-11.el6.centos.alt.noarch.rpm
b6417227b1d496436f7c7c990025f31027a9761289fb1372eec64da8d8531e24 kernel-headers-3.10.27-11.el6.centos.alt.x86_64.rpm
64e9fcc80b0adcb964817f44613dc38d3921c78b3ffa2d3141486b1f6b057562 perf-3.10.27-11.el6.centos.alt.x86_64.rpm


-----------------------------
Source:
-----------------------------

5ba6ace33dbebe60964af7d3351913f66d0a445f4c4c94250e00876f6778603f e1000e-2.5.4-3.10.27.2.el6.centos.alt.src.rpm
6b691e8914f2d1744082d8a1275630b1d0fae8468a18f04b9119413331e51db1 kernel-3.10.27-11.el6.centos.alt.src.rpm

=====================================================

Kernel Changelog info from the SPEC file:

* Fri Jan 24 2014 Johnny Hughes <johnny at centos.org> 3.10.27-11
- upgrade to upstream 3.10.27
- addresses CVE-2013-4579

e1000e Changelog info from the SPEC file:

* Fri Jan 24 2014 Johnny Hughes <johnny at centos.org> - 2.5.4-3.10.27.2.el6.centos.alt
- build against version 2.10.27 kernel

=====================================================

The following kernel changelogs are available from kernel.org since the previous kernel:

https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.27
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.26

=====================================================

The following security issues are addressed in this update:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4579

=====================================================

NOTE: You must run /usr/bin/grub-bootxen.sh to update the file
      /boot/grub/grub.conf (or you must update that file manually)
      to boot the new kernel on a dom0 xen machine.  See for info:
      http://wiki.centos.org/HowTos/Xen/Xen4QuickStart
 
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net



------------------------------

_______________________________________________
CentOS-announce mailing list
CentOS-announce at centos.org
http://lists.centos.org/mailman/listinfo/centos-announce


End of CentOS-announce Digest, Vol 107, Issue 13
************************************************