search for: advisories

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

CentOS 5 x86_64 was released Thu, 13 Apr 2007 00:36:44 UTC For software version control and 3rd party ease of use, the software released on the CentOS-5.0 ISOs mirrored the upstream EL 5.0 release ISOs (with the exceptions noted in the release notes). The following zero day updates (all the updates released between the EL5 upstream release date and the CentOS-5.0 release date) are also released

CentOS 5 i386 was released Thu, 13 Apr 2007 00:36:44 UTC For software version control and 3rd party ease of use, the software released on the CentOS-5.0 ISOs mirrored the upstream EL 5.0 release ISOs (with the exceptions noted in the release notes). The following zero day updates (all the updates released between the EL5 upstream release date and the CentOS-5.0 release date) are also released

Hi, I am missing the advisory for openssl at ftp://ftp.freebsd.org/CERT/ Background: For long time i used the the quickpatch utility at my workstation to notify me about issues and *how* to fix it. With the web based advisory this is not possible since the .asc file contains only the pgp signature (no more details). Regards, olli

...ught not to be controversial. Please send any final comments by the 28th of July (14 days from now). Unless there are objections, we will regard the process as formally in force from that date. Thanks, Ian. Changes from the previous draft: * The pre-disclosure list will get copies of public advisories and updated advisories, not just embargoed ones. * The list of entities on the pre-disclosure list will be made public. We should probably warn the existing members of the predisclosure list that the fact that their organisation is on the list will be published and give them a c...

Hi everybody ! I am encountering performance problem on my bridgehead DC. I have 19 DC (Debian Stretch / Samba 4.6.7 from Tranquil.it repo) and they all synchronized on a main bridgehead DC. This performance problem first appears when the bridgehead DC was on Debian Jessie and kernel was updated with meltdown/spectre patch from Debian (3.16.51-3+deb8u1) I added "nopti" option to grub

Hi, FYI - don't sue me for posting this here - I know, everyone who needs this info *should* have it already, but maybe not ;-) Kind regards, B. Courtin -- OpenSSL Security Advisory [30 July 2002] This advisory consists of two independent advisories, merged, and is an official OpenSSL advisory. Advisory 1 ========== A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are conducting a security review of OpenSSL, under the DARPA program CHATS. Vulnerabilities --------------- All four of these are potentially remotely exploitable. 1....

I have been looking at the security advisories provided here: http://lists.centos.org/pipermail/centos-announce/ It appears that there is not a 1:1 correlation between advisories listed here and advisories listed by Red Hat: https://rhn.redhat.com/errata Is there a specific reason for this? Also, is there an alternate location to find all E...

Hello.. I've noticed a delay between when the security advisories are sent and when the cvsup servers, ftp mirrors and web mirrors are updated. Is this delay on purpose to give the users some time to update/patch their system(s) before it hit pages like bugtraq, etc.. or is it just a caused by the delay between when the ftp/cvsup servers are synced? Best regard...

...(on ftp.freebsd.org), but not the 3.7.1 patches (which can be found on ftp2.freebsd.org). This could conceivably cause someone to miss a patch. Am i doing something wrong? If not, then this is just a little heads up. Perhaps it would be better to include ftp2.freebsd.org links in the security advisories. Hate to complain. The FreeBSD security team has done a great job, especially in the midst of this whole openssh mess. Nate Nielsen

...5.5-STABLE) 2006-12-06 09:16:41 UTC (RELENG_5_5, 5.5-RELEASE-p9) 2006-12-06 09:17:09 UTC (RELENG_4, 4.11-STABLE) 2006-12-06 09:18:02 UTC (RELENG_4_11, 4.11-RELEASE-p26) CVE Name: CVE-2006-6013 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. I. Background The firewire(4) driver provides support for IEEE 1394 ("FireWire") interfaces. This driver provides some of its functionali...

Source: xen Severity: grave Tags: security Multiple vulnerabilities are unfixed in xen: CVE-2015-5307: http://xenbits.xen.org/xsa/advisory-156.html CVE-2016-3960 http://xenbits.xen.org/xsa/advisory-173.html CVE-2016-3159 / CVE-2016-3158 http://xenbits.xen.org/xsa/advisory-172.html CVE-2016-2271 http://xenbits.xen.org/xsa/advisory-170.html CVE-2016-2270

My UPS failed and my server took an 'unscheduled outage' a few weeks ago. The only casualty appears to be a volume I used for backup. I usually maintain data on multiple hard disks, but in this case I errantly had some data (of marginal value) on this file system. At this point, the data is not worth enough for me to send the drive out for data recovery, but it's worth enough to

...loit scripts and code and any other relevant information. 4) We will attempt, as best we can, to provide an accurate high-level summary and severity level for each advisory, so that end users can quickly determine which vulnerabilities they need to be concerned about. 5) We will post our security advisories to (at least) these mailing lists: - asterisk-security - asterisk-announce - asterisk-users - asterisk-dev - VOIPSEC (voipsec@voipsa.org) - bugtraq (bugtraq@securityfocus.com) - full-disclosure (full-disclosure@lists.grok.co.uk) - vulnwatch (vulnwatch@vulnwatch.org) 6) We will post and ar...

...loit scripts and code and any other relevant information. 4) We will attempt, as best we can, to provide an accurate high-level summary and severity level for each advisory, so that end users can quickly determine which vulnerabilities they need to be concerned about. 5) We will post our security advisories to (at least) these mailing lists: - asterisk-security - asterisk-announce - asterisk-users - asterisk-dev - VOIPSEC (voipsec@voipsa.org) - bugtraq (bugtraq@securityfocus.com) - full-disclosure (full-disclosure@lists.grok.co.uk) - vulnwatch (vulnwatch@vulnwatch.org) 6) We will post and ar...

CentOS Errata and Security Advisory 2013:X013 (Xen4CentOS) The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) ----------------------------- X86_64 ----------------------------- f3725f9d29b2fd85d3c9568d979b7ea0f26e1844bb7474b8ef4de2e124bae9ff xen-4.2.3-25.el6.centos.alt.x86_64.rpm

Mapping stable-security to proposed-updates. Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 17 Aug 2014 10:39:32 +0300 Source: xen Binary: xen-docs-4.1 libxen-4.1 libxenstore3.0 libxen-dev xenstore-utils libxen-ocaml libxen-ocaml-dev xen-utils-common xen-utils-4.1 xen-hypervisor-4.1-amd64 xen-system-amd64 xen-hypervisor-4.1-i386 xen-system-i386 Architecture:

Accepted: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 17 Aug 2014 10:39:32 +0300 Source: xen Binary: xen-docs-4.1 libxen-4.1 libxenstore3.0 libxen-dev xenstore-utils libxen-ocaml libxen-ocaml-dev xen-utils-common xen-utils-4.1 xen-hypervisor-4.1-amd64 xen-system-amd64 xen-hypervisor-4.1-i386 xen-system-i386 Architecture: source all amd64 Version: 4.1.4-3+deb7u2

...their help in constructing the advisory, and Olaf Kirch of Caldera for notifying us of some of these problems and providing technical assistance and advice. ______________________________________________________________________ This document is available from: http://www.cert.org/advisories/CA-99-14-bind.html ______________________________________________________________________ CERT/CC Contact Information Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center...

Is there an archive of security advisories for Asterisk? We recently upgraded a customer from 1.2 to 1.4 and now they are asking for documentation of all security and bug related fixes. I know the advisories get published on this list but is there an easier way to find them than trying to search the list. -- Telecomunicaciones Abiertas...