[CentOS] CentOS-announce Digest, Vol 116, Issue 2

Thu Oct 2 12:00:01 UTC 2014
centos-announce-request at centos.org <centos-announce-request at centos.org>

Send CentOS-announce mailing list submissions to
	centos-announce at centos.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
	centos-announce-request at centos.org

You can reach the person managing the list at
	centos-announce-owner at centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CESA-2014:X010 Moderate xen Xen4CentOS Security	Update
      (Johnny Hughes)
   2. CESA-2014:X011 Moderate kernel Xen4CentOS	Security Update
      (Johnny Hughes)
   3. CESA-2014:X012 Moderate libvirt Xen4CentOS	Security Update
      (Johnny Hughes)
   4. CESA-2014:X013 Important xen Xen4CentOS Security	Update
      (Johnny Hughes)
   5. CEBA-2014:1334 CentOS 7 xz FASTTRACK BugFix Update (Johnny Hughes)


----------------------------------------------------------------------

Message: 1
Date: Wed, 1 Oct 2014 12:07:48 +0000
From: Johnny Hughes <johnny at centos.org>
To: centos-announce at centos.org
Subject: [CentOS-announce] CESA-2014:X010 Moderate xen Xen4CentOS
	Security	Update
Message-ID: <20141001120748.GA5455 at n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii

CentOS Errata and Security Advisory 2014:X010 (Xen4CentOS)

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

-----------------------------
X86_64
-----------------------------

f5a30e6c7c17a391dfc218cce2c2ca52dba4bf61d6c2d664faecda673d72fdea xen-4.2.5-33.el6.centos.alt.x86_64.rpm
993a2d96e1444b4ead48ddb2e04c0dbd96e0ddeffd388c81ef5496c5edc627cc xen-debuginfo-4.2.5-33.el6.centos.alt.x86_64.rpm
8ea623bd210e4b01e99de1e13a12bfad209238feaed9c540ea2fe84d0c09dbaf xen-devel-4.2.5-33.el6.centos.alt.x86_64.rpm
29f2053460161edb3a93e1f4902a817196b9de9ed800e73ca26ac5a8c9aa1946 xen-doc-4.2.5-33.el6.centos.alt.x86_64.rpm
b194d1ef94332bd3ee4d5e60190764e244809e270ab0ad506128cdd57ded09f6 xen-hypervisor-4.2.5-33.el6.centos.alt.x86_64.rpm
2d89359ac8ad6b9f853cd9e55b0c6ce6bb740295273157689544f8a4eeacbcf0 xen-libs-4.2.5-33.el6.centos.alt.x86_64.rpm
bca6d03a749e531fce006d571847ab2077e2283c0350012f3e2135e26c3a38b3 xen-licenses-4.2.5-33.el6.centos.alt.x86_64.rpm
13ccd1ba3d1af1a68e63c930663bd7afe2b3c635dba58183c076f9c3cd6c3a5a xen-ocaml-4.2.5-33.el6.centos.alt.x86_64.rpm
fbb2c5d49177333b0f8fb578ad38de824cba1dc2a2de2364ad1763bb20ab25c9 xen-ocaml-devel-4.2.5-33.el6.centos.alt.x86_64.rpm
2683887a4c4a1f98e0b9479d9587ab5ec7d0ea382538fea4be8c5a92f12c6f61 xen-runtime-4.2.5-33.el6.centos.alt.x86_64.rpm

-----------------------------
Source:
-----------------------------

f11fbc39bf07f06834fc05e81d3f3b4d916dc5a1ee5aaec6d048041d62cd5aae xen-4.2.5-33.el6.centos.alt.src.rpm

=====================================================

xen Changelog info from the SPEC file:

* Fri Sep 26 2014 Johnny Hughes <johnny at centos.org> -  4.2.5-33.el6.centos
- upgrade to upstream Xen version 4.2.5
- removed patches that are already part of 4.2.5
- Added Patch205 (XSA-97, CVE-2014-5146,CVE-2014-5149)
- Added Patch206 (XSA-104, CVE-2014-7154)
- Added Patch207 (XSA-105, CVE-2014-7155)
- Added Patch208 (XSA-106, CVE-2014-7156) 

=====================================================
The following informaion is available for Xen 4.2.5 from XenProject.org:

http://bit.ly/1mABNPg

=====================================================

The following Release info is available from the Xen site regarding XSAs:

http://xenbits.xen.org/xsa/advisory-97.html
http://xenbits.xen.org/xsa/advisory-104.html
http://xenbits.xen.org/xsa/advisory-105.html
http://xenbits.xen.org/xsa/advisory-106.html

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net



------------------------------

Message: 2
Date: Wed, 1 Oct 2014 12:08:01 +0000
From: Johnny Hughes <johnny at centos.org>
To: centos-announce at centos.org
Subject: [CentOS-announce] CESA-2014:X011 Moderate kernel Xen4CentOS
	Security Update
Message-ID: <20141001120801.GA5470 at n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii

CentOS Errata and Security Advisory 2014:X011 (Xen4CentOS)

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

-----------------------------
X86_64
-----------------------------

0ca23e081ddc488aa22b357fd2ad46b26526424f4613f5af7254bcbdcbcf1474 e1000e-2.5.4-3.10.55.2.el6.centos.alt.x86_64.rpm
2699989af4721eaef6615cda9fc3eaa92335e8e9f07bd635f50d0aa69ab6e7bf kernel-3.10.55-11.el6.centos.alt.x86_64.rpm
7339e016f40eb353feee27ff95ab9636f18b0a27087248da5e7bccd5d76dc69c kernel-devel-3.10.55-11.el6.centos.alt.x86_64.rpm
88759f4fa62f62469864d4c4c634903fe8731fb3e4ad93b0091b8aaad47c8493 kernel-doc-3.10.55-11.el6.centos.alt.noarch.rpm
fc3fcb15f42a98e7c20fc0ed71deaf44f289cebc6b4c69f8f216aad5860ee3d4 kernel-firmware-3.10.55-11.el6.centos.alt.noarch.rpm
f3719c6d0cbf6b9d2c28667de1ed5e067317d4835877c486cb10231c41af5b8c kernel-headers-3.10.55-11.el6.centos.alt.x86_64.rpm
a5f0586ce5ac4c26904ea21a3e5ffe166ca2014dfde0fbf940cdd3aa5f3c1fd6 perf-3.10.55-11.el6.centos.alt.x86_64.rpm

-----------------------------
Source:
-----------------------------

c6441ca87bfca69505b42b82d126e3b51db25361895e15215658fe15765bff13 e1000e-2.5.4-3.10.55.2.el6.centos.alt.src.rpm
fe4226dea73a76754332118ff7bca149f2303f7421dd3908b5e0d906eccb0b38 kernel-3.10.55-11.el6.centos.alt.src.rpm

=====================================================

Kernel Changelog info from the SPEC file:

* Fri Sep 24 2014 Johnny Hughes <johnny at centos.org> - 3.10.55-11
- upgraded to upstream 3.10.55


e1000e Changelog info from the SPEC file:

* Fri Sep 26 2014 Johnny Hughes <johnny at centos.org> - 2.5.4-3.10.55.2.el6.centos.alt
- build against version 3.10.55 kernel


=====================================================

The following kernel changelogs are available from kernel.org since the previous kernel:

https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.44
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.46
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.47
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.48
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.49
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.50
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.51
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.52
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.53
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.54
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.55

=====================================================

The following security issues are addressed in this update:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0181
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0206
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3534 *
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3601
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4014
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4171
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4508

* Applicable to s390 arch only, NA for x86_64

=====================================================

NOTE: You must run /usr/bin/grub-bootxen.sh to update the file
      /boot/grub/grub.conf (or you must update that file manually)
      to boot the new kernel on a dom0 xen machine.  See for info:
      http://wiki.centos.org/HowTos/Xen/Xen4QuickStart
 
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net


------------------------------

Message: 3
Date: Wed, 1 Oct 2014 12:08:15 +0000
From: Johnny Hughes <johnny at centos.org>
To: centos-announce at centos.org
Subject: [CentOS-announce] CESA-2014:X012 Moderate libvirt Xen4CentOS
	Security Update
Message-ID: <20141001120815.GA5476 at n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii

CentOS Errata and Security Advisory 2014:X012 (Xen4CentOS)

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

-----------------------------
X86_64
-----------------------------

6d3e7f3a8d393ffae6de4839da785c7102552c7880907b068d0869798cdd50fb libvirt-0.10.2.8-8.el6.centos.alt.x86_64.rpm
902819490821d9f6759d6e610317f1b1675856f4de47725ce01ed3fdb6c1e1b2 libvirt-client-0.10.2.8-8.el6.centos.alt.x86_64.rpm
1d9e492c4b4f78a67be4d149f1108faccccfb29be52cb40a8c348d644658cce7 libvirt-daemon-0.10.2.8-8.el6.centos.alt.x86_64.rpm
59860e8ebbdeacefc798830e0636756bf41fb67d3f106a1975ad8e6e927e4039 libvirt-daemon-config-network-0.10.2.8-8.el6.centos.alt.x86_64.rpm
35a87cdb65f857287354c9032f761e7d0c6cad3d4cf86202de6644c00eaea405 libvirt-daemon-config-nwfilter-0.10.2.8-8.el6.centos.alt.x86_64.rpm
0eb8be5a15cedd823cb8c1b2da525adb7d7a3d16a02db70620f64381c7297135 libvirt-daemon-driver-interface-0.10.2.8-8.el6.centos.alt.x86_64.rpm
8d2b45c5c63dd30194ede6c25b09771b62a1d592a6015465d87205e25de778f8 libvirt-daemon-driver-libxl-0.10.2.8-8.el6.centos.alt.x86_64.rpm
a09fce98bd35c27af511a97e99bee636b05fbb63ccf435f8449793e27a017e22 libvirt-daemon-driver-lxc-0.10.2.8-8.el6.centos.alt.x86_64.rpm
c23c059fb09bcb488ba7fead18d25bbd8927509842c256e7ee24f303c8d274fd libvirt-daemon-driver-network-0.10.2.8-8.el6.centos.alt.x86_64.rpm
e09d8ef08dcaecf7d385ec6c033380449d9f79ce75ed3dbe2eaffc2f7dc21899 libvirt-daemon-driver-nodedev-0.10.2.8-8.el6.centos.alt.x86_64.rpm
f10d0f38bdf90f6495fa8cb6a5b5d618099ff6ff1ea44122c05efda10834b0ea libvirt-daemon-driver-nwfilter-0.10.2.8-8.el6.centos.alt.x86_64.rpm
1d1f9dcee7aabdaa279c625e56c438c00cafa835196f6a40bd8aeec29f404d6b libvirt-daemon-driver-qemu-0.10.2.8-8.el6.centos.alt.x86_64.rpm
79369b437127406c419f68dfe2672775b03e4350cce7027f83c06f3e3c2e13a7 libvirt-daemon-driver-secret-0.10.2.8-8.el6.centos.alt.x86_64.rpm
ff7ee9a3143860d0be2f38ff7009027b266ac924188558a9b278fe86925a5994 libvirt-daemon-driver-storage-0.10.2.8-8.el6.centos.alt.x86_64.rpm
538c5d84925dea50dae206cb0ac076b2857c4786fa765a6d8026e2667780d33c libvirt-daemon-driver-xen-0.10.2.8-8.el6.centos.alt.x86_64.rpm
57d5eefe9d908d3b72019294df425952c32b64de334d35e03cfc65bd8ace4df5 libvirt-daemon-kvm-0.10.2.8-8.el6.centos.alt.x86_64.rpm
4b06fd1ce1718e0ba1cd64623c691bb29fe5be4cce77b2667449d69df8be76c6 libvirt-daemon-lxc-0.10.2.8-8.el6.centos.alt.x86_64.rpm
79cad5f6987a4a639eef61284847f3d676c4eaa0986d0c85973e2b77a82bc25b libvirt-daemon-xen-0.10.2.8-8.el6.centos.alt.x86_64.rpm
fbb04fb9dae9d3645cf736e14de32011b5d8786490944edad532abc7522921ac libvirt-debuginfo-0.10.2.8-8.el6.centos.alt.x86_64.rpm
d0a516d2b9043548d998cac2b6dd46f73c420d18c79680219c2db1b3b9063ceb libvirt-devel-0.10.2.8-8.el6.centos.alt.x86_64.rpm
2313676451f52684f8fef627a0062cad04c6a00f523bec3c7d13c0c1067e55a0 libvirt-docs-0.10.2.8-8.el6.centos.alt.x86_64.rpm
625f53461d147e76f1a6b1f879e745af321333a42ebc035343e19fb401abf34b libvirt-lock-sanlock-0.10.2.8-8.el6.centos.alt.x86_64.rpm
4b5c5b760888e3cdb9fb5a5ae98af91751becae8647d4f3f1ecf4b82445da2a5 libvirt-python-0.10.2.8-8.el6.centos.alt.x86_64.rpm

-----------------------------
Source:
-----------------------------

19d0268125091780a865cbdfed2dfb7142f75417742fe85db939cac49fb246e9 libvirt-0.10.2.8-8.el6.centos.alt.src.rpm

=====================================================

libvirt Changelog info from the SPEC file:

* Fri Sep 26 2014 Johnny Hughes <johnny at centos.org> 0.10.2.8-8.el6.centos.alt
- added in patches 417-420 from the 0.10.2-maint branch at libvirt.org
- patch 420 is for CVE-2014-3633

=====================================================

The following security issues are addressed in this update:

https://access.redhat.com/security/cve/CVE-2014-3633

=====================================================

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net


------------------------------

Message: 4
Date: Wed, 1 Oct 2014 12:08:23 +0000
From: Johnny Hughes <johnny at centos.org>
To: centos-announce at centos.org
Subject: [CentOS-announce] CESA-2014:X013 Important xen Xen4CentOS
	Security	Update
Message-ID: <20141001120823.GA5482 at n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii

CentOS Errata and Security Advisory 2014:X013 (Xen4CentOS)

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

-----------------------------
X86_64
-----------------------------

7bdc9b1e50859e38f1a87d58c79b53d3fc428d102c3b7a1645c07e576927407c xen-4.2.5-34.el6.centos.alt.x86_64.rpm
ae27e1c510701c53459a61573a2f0cbcc06d543ddb995bcc35bc1f66f2e34298 xen-debuginfo-4.2.5-34.el6.centos.alt.x86_64.rpm
8a054f6de1d5c558546936bf90c0b4a9298a2b884c159018c1d4bfa14ac7c80d xen-devel-4.2.5-34.el6.centos.alt.x86_64.rpm
4363e339fa39e4b1b09d2beceb5d50e218dca4ef2a44520763f7eb7d73e8493a xen-doc-4.2.5-34.el6.centos.alt.x86_64.rpm
e84a36c1d483aedd758ebcb17a557748bc148b2685e4aa182888a171fa6952cc xen-hypervisor-4.2.5-34.el6.centos.alt.x86_64.rpm
b5cce0368cfa87df7744c81b0a3f76227a65d9aca27f8e27e0bd019e87e82103 xen-libs-4.2.5-34.el6.centos.alt.x86_64.rpm
4f3facba07e91ed5a1c5d1f2cc0db304d18ec9b09c18230e43ad73e82819a148 xen-licenses-4.2.5-34.el6.centos.alt.x86_64.rpm
6f6922cc7f842bc20652b8b8645bda61c14e62934113b4ed958527d045a1bbdb xen-ocaml-4.2.5-34.el6.centos.alt.x86_64.rpm
9513992c084c13f4050a09fc4fe83ec3ccdd8820ac999701205389cb3fdad5b6 xen-ocaml-devel-4.2.5-34.el6.centos.alt.x86_64.rpm
99faa9057ebd0d608971169c87f50038c7dfcceb540551f05a556ed16f873c56 xen-runtime-4.2.5-34.el6.centos.alt.x86_64.rpm

-----------------------------
Source:
-----------------------------

16de798571224461ea2dff22c1329f1299dc6b274d21471c299f510983894468 xen-4.2.5-34.el6.centos.alt.src.rpm

=====================================================

xen Changelog info from the SPEC file:

* Wed Oct 01 2014 Johnny Hughes <johnny at centos.org> - 4.2.5-34.el6.centos
- Roll in Patch209 (XSA-108, CVE-2014-7188)

=====================================================

The following Release info is available from the Xen site regarding XSAs:

http://xenbits.xen.org/xsa/advisory-108.html

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net



------------------------------

Message: 5
Date: Wed, 1 Oct 2014 13:26:23 +0000
From: Johnny Hughes <johnny at centos.org>
To: centos-announce at centos.org
Subject: [CentOS-announce] CEBA-2014:1334 CentOS 7 xz FASTTRACK BugFix
	Update
Message-ID: <20141001132623.GA25624 at n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2014:1334 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1334.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
a0079faa6e0cd1829fdd43da437d6673aa1e6f4f1310e8452c1f7cd7e29668e6  xz-5.1.2-9alpha.el7.x86_64.rpm
d4e97054a812beccffb9f5d81d8b05a9733dbcfd02708cf195deb49820595a6b  xz-compat-libs-5.1.2-9alpha.el7.i686.rpm
b455939a21d7df36de4666748e0b2f6f73ee77b99e9733d01f1a8c50ed58f79b  xz-compat-libs-5.1.2-9alpha.el7.x86_64.rpm
05dd562e539ede1cae01c7d936fd9d16f8047b021a951de42fef0109bbaf02b6  xz-devel-5.1.2-9alpha.el7.i686.rpm
9d040dba58abe0e5ef8789f7e55295ed835fff3bf5b32d03554e22e78fa77157  xz-devel-5.1.2-9alpha.el7.x86_64.rpm
83aebf197819eb248b5c2bbb96a61e511924e472360eb7dff6d39af740149ecb  xz-libs-5.1.2-9alpha.el7.i686.rpm
e778ea132c925e46d093c01ffbb37395d9f800da00b2a96973545b3edbe28352  xz-libs-5.1.2-9alpha.el7.x86_64.rpm
79be81ad52214b3a4ff33047c62330b8fce438adc1b819d9f45d77783034ea7c  xz-lzma-compat-5.1.2-9alpha.el7.x86_64.rpm

Source:
7865e0bfbe79a0df2504a4c2d35cc9dd1d546c952884cac149b5f2741bba4817  xz-5.1.2-9alpha.el7.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net



------------------------------

_______________________________________________
CentOS-announce mailing list
CentOS-announce at centos.org
http://lists.centos.org/mailman/listinfo/centos-announce


End of CentOS-announce Digest, Vol 116, Issue 2
***********************************************