centos-announce-request at centos.org
2011-Dec-12 17:00 UTC
[CentOS] CentOS-announce Digest, Vol 82, Issue 7
Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CEBA-2011:1535 CentOS 5 i386 sos Update (Johnny Hughes) 2. CEBA-2011:1535 CentOS 5 x86_64 sos Update (Johnny Hughes) 3. Using sha256sum instead of md5sum for package checksums (Johnny Hughes) ---------------------------------------------------------------------- Message: 1 Date: Mon, 12 Dec 2011 11:24:24 +0000 From: Johnny Hughes <johnny at centos.org> Subject: [CentOS-announce] CEBA-2011:1535 CentOS 5 i386 sos Update To: centos-announce at centos.org Message-ID: <20111212112424.GA6908 at chakra.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2011:1535 Upstream details at : rhn.redhat.com/errata/RHBA-2011-1535.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 95167d3a8c507005d52afef139d3eebc sos-1.7-9.54.el5_7.1.noarch.rpm Source: 41f32c5c29d3ce6e241802730cd663b6 sos-1.7-9.54.el5_7.1.src.rpm -- Johnny Hughes CentOS Project { centos.org } irc: hughesjr, #centos at irc.freenode.net ------------------------------ Message: 2 Date: Mon, 12 Dec 2011 11:24:24 +0000 From: Johnny Hughes <johnny at centos.org> Subject: [CentOS-announce] CEBA-2011:1535 CentOS 5 x86_64 sos Update To: centos-announce at centos.org Message-ID: <20111212112424.GA6925 at chakra.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2011:1535 Upstream details at : rhn.redhat.com/errata/RHBA-2011-1535.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 95167d3a8c507005d52afef139d3eebc sos-1.7-9.54.el5_7.1.noarch.rpm Source: 41f32c5c29d3ce6e241802730cd663b6 sos-1.7-9.54.el5_7.1.src.rpm -- Johnny Hughes CentOS Project { centos.org } irc: hughesjr, #centos at irc.freenode.net ------------------------------ Message: 3 Date: Mon, 12 Dec 2011 06:39:04 -0600 From: Johnny Hughes <johnny at centos.org> Subject: [CentOS-announce] Using sha256sum instead of md5sum for package checksums To: CentOS-Announce <centos-announce at centos.org> Message-ID: <4EE5F5E8.4060207 at centos.org> Content-Type: text/plain; charset="iso-8859-1" There are known Collision Attacks for the MD5SUM method of hashing, so it is possible to modify a file and make it have the same MD5SUM as another file. See this link for details on Collision Attacks: en.wikipedia.org/wiki/Collision_attack Recommendation from the US-CERT concerning MD5SUM hashes: kb.cert.org/vuls/id/836068 Based on the above information, the CentOS team will be using sha256sum (sha-2) and not md5sum to generate future hashes for posting on our e-mail announcements to the CentOS Announce Mailing List. Thanks, Johnny Hughes The CentOS Project -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature Url : lists.centos.org/pipermail/centos-announce/attachments/20111212/2d12f149/attachment-0001.bin ------------------------------ _______________________________________________ CentOS-announce mailing list CentOS-announce at centos.org lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 82, Issue 7 **********************************************