Displaying 20 results from an estimated 4000 matches similar to: "Latest sudo update for 5.8 breaks postgresql"
2012 Aug 07
0
CESA-2012:1149 Moderate CentOS 5 sudo Update
CentOS Errata and Security Advisory 2012:1149 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1149.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
32b76b54cccf6b649ee0a0f88725f2a97a7d8642b10bcb1d7df94be0c177ee32 sudo-1.7.2p1-14.el5_8.2.i386.rpm
x86_64:
2012 Jul 12
3
php-pear missing from 5.8 (i386) metadata?
Hi,
# yum install php-pear
<snip>
No package php-pear available.
Nothing to do
This is on CentOS 5.8 (i386). The package is available for both archs on
the two mirrors I checked. I also tried a
# yum clean headers
# yum clean metadata
# yum clean dbcache
to no avail. Am I missing something or is it the metadata?
Regards,
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
2017 Feb 09
5
Checksums for git repo content?
Hello John,
On Thu, 2017-02-09 at 16:33 +0000, John Hodrien wrote:
> On Thu, 9 Feb 2017, Leonard den Ottolander wrote:
>
> > How about my request for checksums in the git repo?
>
> What checksums would you actually want in git?
SRPMS are signed which allows the integrity of the contents to be
checked. Such an integrity check is missing from the git repo.
Either a checksum
2013 Oct 14
3
How's 5.10 coming along?
Hello team,
Just wondering how the build of 5.10 is coming along. Is there a
resource that informs us on these matters? Thanks!
Regards,
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
2016 Oct 19
4
SSH Weak Ciphers
On 10/19/2016 11:34 AM, Leonard den Ottolander wrote:
> Hello Gordon,
>
*snip*
>
> Personally I would be more concerned whether or not to enable ECDSA
> algorithms (https://blog.cr.yp.to/20140323-ecdsa.html).
>
> Regards,
> Leonard.
>
For web server ECDSA certs is currently a concern because the only
curves with popular support across browsers have parameters that were
2015 Sep 03
3
virt-install message regarding Spice and TLS
On Wed, Sep 2, 2015 at 1:59 PM, Leonard den Ottolander <
leonard at den.ottolander.nl> wrote:
> Hello Mike,
>
> On Wed, 2015-09-02 at 13:05 -0400, Mike - st257 wrote:
> > I've been through the virt-install manpage a few times now to no avail.
> > What is wrong with my syntax here (seen below)?
>
> > ~]# virt-install --connect qemu:///system -n blahhost
2011 Apr 17
4
glibc-2.5-58.el5_6.2.i686 broken?
Hi,
I woke up Saturday morning unable to boot my freshly upgraded 5.6 with
grub hanging at "GRUB". After getting the boot loader fixed I
experienced crashes in evolution. Downgrading glibc to 2.5-58 seems to
fix these issues. Anyone else seeing this?
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
2012 Mar 16
3
A difference between allocated and available memory in Xen virtual guest
Hello,
I have allocated 4 GB memory for a guest instance on the Xen hypervisor.
But within the instance there is only 2 GB memory available. See the details,
the guest is named pr-idm:
# Allocated memory on the hypervisor
[root@pr-hyp xen]# xm list
Name ID Mem(MiB) VCPUs State Time(s)
Domain-0 0 3846 8 r-----
2017 Feb 15
3
Serious attack vector on pkcheck ignored by Red Hat
Hello Johnny,
On Wed, 2017-02-15 at 09:47 -0600, Johnny Hughes wrote:
> 2. They already have shell access on the machine in question and they
> can already run anything in that shell that they can run via what you
> are pointing out.
No, assuming noexec /home mounts all they can run is system binaries.
> 3. If they have access to a zeroday issue that give them root .. they
>
2011 Apr 17
2
Heads up: Bugged update xorg-x11-server-utils-7.1-5.el5_6.1 upcoming
Hi,
Reading
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=30939&forum=37 I noticed a warning about an upcoming bugged update xorg-x11-server-utils-7.1-5.el5_6.1
I would advise everyone to add
exclude=xorg-x11-server-utils-7.1-5.el5_6.1
to their updates repo config.
Regards,
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
2017 Feb 09
4
Serious attack vector on pkcheck ignored by Red Hat
On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote:
> Escalation *requires* attacking a program in a security context other
> than your own.
Not necessarily. Suppose the adversary is aware of a root
exploit/privilege escalation in a random library. Then the heap spraying
allows this attacker to easily trigger this exploit because he is able
to initialize the entire contents of the
2016 Oct 19
2
SSH Weak Ciphers
On 10/19/2016 08:30 AM, Leonard den Ottolander wrote:
> Where did you get the idea that AES (~ Rijndael) is a weak cipher?
It's not the cipher, but the mode. CBC has several known weaknesses in
TLS, and is frequently regarded as potentially insecure as a result.
https://www.openssl.org/~bodo/tls-cbc.txt
2016 Oct 18
7
SSH Weak Ciphers
Hi,
In a recent security review some systems I manage were flagged due to
supporting "weak" ciphers, specifically the ones listed below. So first
question is are people generally modifying the list of ciphers supported by
the ssh client and sshd?
On CentOS 6 currently it looks like if I remove all the ciphers they are
concerned about then I am left with Ciphers
2012 Aug 18
2
6.3 missing updates and packages
Hi,
The fact that apparently the last tigervnc update from upstream was
missed triggered me to check for missing updates and packages in 6.3.
Here are my results. Sorry for any false positives that might have crept
in, but note that some of the 6_x updates actually are updates and not a
parsing error. And perhaps an occasional false positive due to having to
compare upstream SRPMS vs downstream
2017 Jan 27
4
Notes on openssh configuration
Hello list,
To my astonishment the openssh versions on both C6 and C7 will by
default negotiate an MD5 HMAC.
C6 client, C7 server:
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
C7 client & server:
debug2: mac_setup: setup hmac-md5-etm at openssh.com
debug1:
2016 Dec 14
2
spec file frustration (rant)
Hello Jonathan,
On Wed, 2016-12-14 at 15:03 -0500, Jonathan Billings wrote:
> On Wed, Dec 14, 2016 at 07:29:19PM +0100, Leonard den Ottolander wrote:
> > > get_sources.sh
> >
> > The name suggests this is what we need (or do we??) If only I could find
> > that script anywhere...
>
> Johnny said it at the beginning of his email. I'll paste it again so
2017 Feb 02
2
Serious attack vector on pkcheck ignored by Red Hat
On Thu, 2017-02-02 at 06:40 -0800, John R Pierce wrote:
> On 2/2/2017 6:22 AM, Leonard den Ottolander wrote:
> > However, the fact that the binary in the example is setuid is orthogonal
> > to the fact that heap spraying is a very serious attack vector.
>
> without privilege escalation, what does it attack ?
pkcheck might not be directly vulnerable. However, pkexec is.
2016 Oct 17
3
SELinux context not applied
Hi,
I tried to apply a security context on a directory with the following
commands:
[root@ local]# semanage fcontext -a -t httpd_sys_rw_content_t "netdot(/.*)?"
[root@ local]# restorecon -R netdot/
When I list the contexts, it is part of the list....
[root@ local]# semanage fcontext -l | grep netdot
./netdot(/.*)? all files
2014 Oct 30
3
Corrupt selinux-policy-targeted-3.7.19-260.el6.noarch.rpm
Hi,
Updating selinux-policy-targeted to 3.7.19-260 fails. The archive seems
corrupt. Got another copy from
http://mirror.centos.org/centos/6/os/x86_64/Packages/ which also fails:
# rpm -Fv selinux-policy-targeted-3.7.19-260.el6.noarch.rpm
Preparing packages for installation...
selinux-policy-targeted-3.7.19-260.el6
warning: /etc/selinux/targeted/contexts/customizable_types saved
as
2015 Oct 26
2
Crash in gnome-terminal on New Profile
Hi,
Anyone else seeing this? C7 Gnome Desktop, opened a gnome-terminal,
click File -> New Profile and gnome-terminal-server gets killed.
Regards,
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research