similar to: Patching openssl rpms

Hi! I'm new to this list and i could not find a way to search through the already posted articles, so please forgive me if this subject has been discussed before. Our security scanner stumbled over the IMAPs server i've set up recently using dovecot on a RedHat Enterprise 64bit Server. The security scanner found an error regarding a new SSL security leak named "BEAST". The

Hi, how do I protect dovecot 1.2.17 against poodle? Br /Marc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 842 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://dovecot.org/pipermail/dovecot/attachments/20141019/b4152487/attachment-0001.sig>

I've set up a list of ciphers that excludes SSLv2 ciphers (and other weak ones) in the hope of preventing SSLv2 connections: ssl_cipher_list = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL : !eNULL : !3DES : @STRENGTH However, this doesn't prevent the SSLv2 connection being allowed as our Nessus scans show and I'm tasked with trying to plug that "hole". I see Dovecot2 had

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:21.openssl Security Advisory The FreeBSD Project Topic: Potential SSL 2.0 rollback Category: contrib Module: openssl Announced: 2005-10-11

# HG changeset patch # User Cristian Rodr?guez <crrodriguez at opensuse.org> # Date 1318533592 10800 # Node ID c15d6befe20082009cb40926afa208ab4b684818 # Parent 962df5d9413a4a0fcc68aacc1df0dca7a44a0240 Use SSL_MODE_RELEASE_BUFFERS if available to keep memory usage low. diff -r 962df5d9413a -r c15d6befe200 src/login-common/ssl-proxy-openssl.c --- a/src/login-common/ssl-proxy-openssl.c Wed

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:21.openssl Security Advisory The FreeBSD Project Topic: Potential SSL 2.0 rollback Category: contrib Module: openssl Announced: 2005-10-11

Using OpenSSL, is there a preferred/recommended rate of rekeying an encrypted stream of data? Does OpenSSL handle this for developers behind the scenes? Does it even need to be rekeyed? Thanks in advance. -sc -- Sean Chittenden -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 202 bytes Desc: not available

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

CentOS Errata and Security Advisory 2010:0162 Important Upstream details at : http://rhn.redhat.com/errata/RHSA-2010-0162.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 10bb4db12fd8d412cf416446a125fe0d openssl-0.9.8e-12.el5_4.6.i686.rpm 8dbfb00478d3eb5fdc34e07f2d47ea30 openssl-0.9.8e-12.el5_4.6.x86_64.rpm

CentOS Errata and Security Advisory 2010:0162 Important Upstream details at : http://rhn.redhat.com/errata/RHSA-2010-0162.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 68d724bc8d07b615f33072fa7d6b0084 openssl-0.9.8e-12.el5_4.6.i386.rpm 599ca9bf58a230f3049a7dedd2fc2f92 openssl-0.9.8e-12.el5_4.6.i686.rpm

Hi all, As I reported earlier (with a typo in the work [BUG]) client certification validation *does not* work even if you do everything exactly according to all documentation and attempts at helpful advice. I have seen this issue with both startssl.com and self-signed certificates, and based on what I've seen from searching the web, this is a problem that has gotten little attention because

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

> Thanks all point about security, I''ll do as follows. > I thought that the point was the following two. > > > 1. Storage place of encrypted password > Should I store it in /etc/xen/passwd ? > Or, should I wait for DB of Xen that will be released in > the future? The xend life cycle management patches were posted by Alistair a couple of months back.

I have encountered a situation where I would like to use tftp-hpa to retrieve a file that resides within an absolute path containing a ':' character. Ala, "tftp foobar -c get C:2/tftpdir/myfile". Since the tftp client automatically converts the host:file syntax, I get an error "tftp: C: Unknown host". I made a chage to the tftp client code to add a literal mode (-l),

I notice that the certificate /etc/pki/tls/certs/ca-bundle.crt on my CentOS-5.5 system expired on 7 Jan 2010, although the openssl-0.9.8e-12.el5_4.6 package was updated in March. What is the point of this certificate? -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

Hi, We're seeing this at the moment. It's quite a beefy box and we can't see any reason why cups is running so high: 4 x Intel(R) Xeon(R) CPU E5345 @ 2.33GHz rpm -q cups cups-1.3.7-11.el5_4.6 rpm -q samba3 samba3-3.5.2-43.el5 Samba is from sernet and is running with an OpenLDAP backend in full domain mode with about 100 users and about 12 printers. top - 14:28:21 up

Hi, I'm currently at CentOS 5.8. I'm using openssl version openssl-0.9.8e-22.el5. The following vulnerability was reported by a Nessus security scan: "SSL/ TLS Renegotion Handshakes MiTm Plaintext Data Injection" As per following link, Redhat has introduced openssl-0.9.8m which fixes this specific issue:

Seeing ''SSL_read'' errors being logged by puppetmaster. Anyone know what causes these or how to correct? They''re sporadic, not happening all the time or on all puppet runs. /var/log/puppet/masterhttp.log [2011-07-25 10:00:10] ERROR OpenSSL::SSL::SSLError: SSL_read:: internal error /var/log/messages Jul 25 10:00:10 cmd-box puppet-master[22572]: SSL_read:: internal error

My screen saver crash both in gnome and kde X windows when open the screen saver. I guess that some package needed is not installed. I reinstall the gnome-screen but it still crashs. How can I check which package is not installed? -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hi, We want to upgrade both our servers to asterisk 1.8, the one from Romania and the one from Chicago, but for the moment I`m trying to install Asterisk 1.8 on a test machine running CentOS 5.5 with the kernel: Linux asterisk3 2.6.18-194.17.4.el5PAE #1 SMP Mon Oct 25 16:35:27 EDT 2010 i686 i686 i386 GNU/Linux . I`ve tried many things from the forums and mailing lists but none seemed to help me.