Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CESA-2014:X001 Moderate Xen4CentOS libvirt Security Update (Johnny Hughes) 2. CESA-2014:X002 Moderate Xen4CentOS xen Security Update (Johnny Hughes) 3. CESA-2014:X003 Moderate Xen4CentOS kernel Security Update (Johnny Hughes) ---------------------------------------------------------------------- Message: 1 Date: Sat, 25 Jan 2014 01:16:59 +0000 From: Johnny Hughes <johnny at centos.org> Subject: [CentOS-announce] CESA-2014:X001 Moderate Xen4CentOS libvirt Security Update To: CentOS-announce at centos.org Message-ID: <20140125011659.GA61199 at n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2014:X001 (Xen4CentOS) The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) ----------------------------- X86_64 ----------------------------- dca0d401b7ac56172c4a004a412a4de308644d03c5cfd544a73aaf3675ca3e6b ibvirt-0.10.2.8-6.el6.centos.alt.x86_64.rpm b0266f915ecc3a46c14716162f1c19b98746627f0c8f1d08dba62fc75083741b ibvirt-client-0.10.2.8-6.el6.centos.alt.x86_64.rpm 827d90006f7052b850aaad10b8b94c76cf85672a2e50db2de6b87ee28f9962f9 ibvirt-daemon-0.10.2.8-6.el6.centos.alt.x86_64.rpm ff2350eb0ce8910d109a238a6d3309e4485b20713b79200330a9eb12bc116326 ibvirt-daemon-config-network-0.10.2.8-6.el6.centos.alt.x86_64.rpm c591f292a8ada637b3da039d538b3a3b5304fd0f540d32d4224732972b010559 ibvirt-daemon-config-nwfilter-0.10.2.8-6.el6.centos.alt.x86_64.rpm a8cb8f4b78d3ab68f0576d7d9c3d6eebde14e620dae8753b7cfc9432f427b110 ibvirt-daemon-driver-interface-0.10.2.8-6.el6.centos.alt.x86_64.rpm 5a41e5dc21b670397d65b4ec8bdfc758784d80a4b297eb146ae94d28513d0460 ibvirt-daemon-driver-libxl-0.10.2.8-6.el6.centos.alt.x86_64.rpm 71e2da6d10eeaf5c0d388daf3214f2c4b72bbffbba95554d2a2deb4156ab10ea ibvirt-daemon-driver-lxc-0.10.2.8-6.el6.centos.alt.x86_64.rpm 7a307f03fe71dd04dcfc01cea69e84e3dd3936e76ab9ce56813d3ef3b4452f0b ibvirt-daemon-driver-network-0.10.2.8-6.el6.centos.alt.x86_64.rpm 483068ddc0838612b6a64f6c0c0c555795112ae8af6bcc42e66ee72467d902f2 ibvirt-daemon-driver-nodedev-0.10.2.8-6.el6.centos.alt.x86_64.rpm 2edf56a7d69070ee601649c33826710492e8e01025e9a7723583c831658f10e5 ibvirt-daemon-driver-nwfilter-0.10.2.8-6.el6.centos.alt.x86_64.rpm a8ad61584a26c9c90b07aebabfd543ce0605463befacd0cbaa33078fc4b17623 ibvirt-daemon-driver-qemu-0.10.2.8-6.el6.centos.alt.x86_64.rpm b4f90cc79411a9da849111f66f58ea79872a2cb5cc21094460ac23dc9fa5419c ibvirt-daemon-driver-secret-0.10.2.8-6.el6.centos.alt.x86_64.rpm 9d2d993f9c81d622064a5444a888eb7b7c62f7f6e4a8241a22f68714ab117aee ibvirt-daemon-driver-storage-0.10.2.8-6.el6.centos.alt.x86_64.rpm aa6ab8f17ed98961d4d170754a8fc63284533624a838121f789d2e31f9cdbdb9 ibvirt-daemon-driver-xen-0.10.2.8-6.el6.centos.alt.x86_64.rpm cf67135cc854eb275606fb22bbf4a832b33765c0420afb5bc5097dd28371768f ibvirt-daemon-kvm-0.10.2.8-6.el6.centos.alt.x86_64.rpm e8795915b4320f32b32b7cd1e3b470665943f54f2f0626c4ddad4ed6bbd14cf0 ibvirt-daemon-lxc-0.10.2.8-6.el6.centos.alt.x86_64.rpm adeaf6b9a3224fbd94b3a309d4ea8ee04bdd9459b0ea0cda535e4d75b65a4a55 ibvirt-daemon-xen-0.10.2.8-6.el6.centos.alt.x86_64.rpm ef2c0e42f8fbd670a902c6de484da919c3d9aae428aab3e1c2a202cbf516065b ibvirt-debuginfo-0.10.2.8-6.el6.centos.alt.x86_64.rpm a2412290d48d386ff1873198aca2b8ef186d9564b6835430d94d655b3eb48dce ibvirt-devel-0.10.2.8-6.el6.centos.alt.x86_64.rpm 2847aa70b0fe7a34aeabdafd6352a7ef0cd35a621741d4944557948d25860eac ibvirt-docs-0.10.2.8-6.el6.centos.alt.x86_64.rpm f870254cc46117fe473effbb7faa8a6a879bf4a641a71e903b6291b4656cf3b6 libvirt-lock-sanlock-0.10.2.8-6.el6.centos.alt.x86_64.rpm 25efcbeaad0c1d1e021871ffa494f3e5569864fd2c08f6d69de3c5416abb2b82 libvirt-python-0.10.2.8-6.el6.centos.alt.x86_64.rpm ----------------------------- Source: ----------------------------- 97c6cbee46e5b3c332f6fe80fb1bdecc9a47eabe9276ddfba987d251097a0e43 ibvirt-0.10.2.8-6.el6.centos.alt.src.rpm ===================================================== libvirt Changelog info from the SPEC file: * Fri Jan 24 2014 Johnny Hughes <johnny at centos.org> 0.10.2.8-6.el6.centos.alt - applied patches 407 to 415 from the libvirt git tree for the 0.10.2-maint branch - CVE-2013-6458 is addressed in this patch - one of the patches (xen4.3 event handler) needed to be slightly modified due to the custom patches provided by xen.org (patches 200-207). ===================================================== The following Security issues are addressed in this release: https://access.redhat.com/security/cve/CVE-2013-6458 -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos at irc.freenode.net ------------------------------ Message: 2 Date: Sat, 25 Jan 2014 01:17:18 +0000 From: Johnny Hughes <johnny at centos.org> Subject: [CentOS-announce] CESA-2014:X002 Moderate Xen4CentOS xen Security Update To: CentOS-announce at centos.org Message-ID: <20140125011718.GA61213 at n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2014:X002 (Xen4CentOS) The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) ----------------------------- X86_64 ----------------------------- be67f02a8f9eb6193ce790bf21048b2e6e2e17256ec8d236278d6b38a41af47a xen-4.2.3-27.el6.centos.alt.x86_64.rpm b1bf1a31411d6fe6712973bd41373912655461f771a30e5919a5f7cdd9f13256 xen-debuginfo-4.2.3-27.el6.centos.alt.x86_64.rpm 1c524d0c15ba8ce443a0839bd3a66ec6c9ede64872f5237023589cc9bd02da1c xen-devel-4.2.3-27.el6.centos.alt.x86_64.rpm a25cbaed182a55871916c665b97263965e2f91f20bc67fb7ddbe96a024e5cd02 xen-doc-4.2.3-27.el6.centos.alt.x86_64.rpm f13f4e568ed0221a4ce0596e3ec5a632098b3994bc7e62f769d27dea16bbd8e3 xen-hypervisor-4.2.3-27.el6.centos.alt.x86_64.rpm 78cb370bc54deac65c686ae8808ecfe85279be95f27cd65dad9c2ad59515cdfe xen-libs-4.2.3-27.el6.centos.alt.x86_64.rpm 2ebe2761b680ba920c49796d35ccf630e17d50f69351b922f5cd3e619cf87629 xen-licenses-4.2.3-27.el6.centos.alt.x86_64.rpm d46714cc9e43b09c2d3a0121c1b6f4b0cc6e03bbe8eee88be619bfe95b05ffc9 xen-ocaml-4.2.3-27.el6.centos.alt.x86_64.rpm b68aa9c107d583c34e3c0f02e7828b2d223b5553052ec752b56dc3e030781045 xen-ocaml-devel-4.2.3-27.el6.centos.alt.x86_64.rpm 4382aa889a5c3a15690bfb9d11505564f1d1c7aa6d9b5e58378db0a33694d034 xen-runtime-4.2.3-27.el6.centos.alt.x86_64.rpm ----------------------------- Source: ----------------------------- e1b405ee597b55626b399e7ccb87f524c5c1be21690f0f0707e16d0378a9a4f0 xen-4.2.3-27.el6.centos.alt.src.rpm ===================================================== xen Changelog info from the SPEC file: * Fri Jan 24 2014 Johnny Hughes <johnny at centos.org> - 4.2.3-27.el6.centos - Roll in patches 151 and 152 for the following XSAs: XSA-83 (CVE-2014-1642) and XSA-87 (CVE-2014-1666) ===================================================== The following XSA info is available from the Xen site http://xenbits.xen.org/xsa/advisory-82.html http://xenbits.xen.org/xsa/advisory-87.html -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos at irc.freenode.net ------------------------------ Message: 3 Date: Sat, 25 Jan 2014 01:17:33 +0000 From: Johnny Hughes <johnny at centos.org> Subject: [CentOS-announce] CESA-2014:X003 Moderate Xen4CentOS kernel Security Update To: CentOS-announce at centos.org Message-ID: <20140125011733.GA61219 at n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2014:X003 (Xen4CentOS) The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) ----------------------------- X86_64 ----------------------------- 885234e7bead8d78e914780e3264f74e4058c4d0211934da4a4d28e3e405f51d e1000e-2.5.4-3.10.27.2.el6.centos.alt.x86_64.rpm 7c41b049043145c401915d77d61221163c5dc6438bf061211bd587ddb2267a86 kernel-3.10.27-11.el6.centos.alt.x86_64.rpm be3b2a9f0e50148b22072418b6c4b84bdc3a7c21ab48e8ca0e4d036565532e14 kernel-devel-3.10.27-11.el6.centos.alt.x86_64.rpm 0dda48c96293eb27d7e61247a0b5c4b62f02f50074237b1c1e57cbe77410655a kernel-doc-3.10.27-11.el6.centos.alt.noarch.rpm 9e9aa71ae2ff05491e78785a45e7ddaa8ea703416522bcebd9a47b10a4d71aee kernel-firmware-3.10.27-11.el6.centos.alt.noarch.rpm b6417227b1d496436f7c7c990025f31027a9761289fb1372eec64da8d8531e24 kernel-headers-3.10.27-11.el6.centos.alt.x86_64.rpm 64e9fcc80b0adcb964817f44613dc38d3921c78b3ffa2d3141486b1f6b057562 perf-3.10.27-11.el6.centos.alt.x86_64.rpm ----------------------------- Source: ----------------------------- 5ba6ace33dbebe60964af7d3351913f66d0a445f4c4c94250e00876f6778603f e1000e-2.5.4-3.10.27.2.el6.centos.alt.src.rpm 6b691e8914f2d1744082d8a1275630b1d0fae8468a18f04b9119413331e51db1 kernel-3.10.27-11.el6.centos.alt.src.rpm ===================================================== Kernel Changelog info from the SPEC file: * Fri Jan 24 2014 Johnny Hughes <johnny at centos.org> 3.10.27-11 - upgrade to upstream 3.10.27 - addresses CVE-2013-4579 e1000e Changelog info from the SPEC file: * Fri Jan 24 2014 Johnny Hughes <johnny at centos.org> - 2.5.4-3.10.27.2.el6.centos.alt - build against version 2.10.27 kernel ===================================================== The following kernel changelogs are available from kernel.org since the previous kernel: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.27 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.26 ===================================================== The following security issues are addressed in this update: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4579 ===================================================== NOTE: You must run /usr/bin/grub-bootxen.sh to update the file /boot/grub/grub.conf (or you must update that file manually) to boot the new kernel on a dom0 xen machine. See for info: http://wiki.centos.org/HowTos/Xen/Xen4QuickStart -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos at irc.freenode.net ------------------------------ _______________________________________________ CentOS-announce mailing list CentOS-announce at centos.org http://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 107, Issue 13 ************************************************