similar to: FLASH NewsBites - Heartbleed Open SSL Vulnerability (fwd)

Do we know if dovecot is vulnerable to the heartbleed SSL problem? I'm running dovecot-2.0.9 and openssl-1.01, the latter being intrinsically vulnerable. An on-line tool says that my machine is not affected on port 993 but it would be nice to know for sure if we were vulnerable for a while. (Naturally I've blocked it anyway!). Thanks John

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Earlier in the day today, we were made aware of a serious issue in openssl as shipped in CentOS-6.5 ( including updates issued since CentOS-6.5 was released ); This issue is addressed in detail at http://heartbleed.com/ Upstream have not released a patched version of openssl, although we are reliably informed that there is quite a bit of effort

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Earlier in the day today, we were made aware of a serious issue in openssl as shipped in CentOS-6.5 ( including updates issued since CentOS-6.5 was released ); This issue is addressed in detail at http://heartbleed.com/ Upstream have not released a patched version of openssl, although we are reliably informed that there is quite a bit of effort

Subject: Heartbleed Toolkit | Secure, Detect, & Repair Date: Thu, 10 Apr 2014 18:12:16 -0400 From: Red Hat <email at engage.redhat.com> View in a Web Browser <http://app.engage.redhat.com/e/es.aspx?s=1795&e=352069&elq=852ad1748d834dbeac7f2adf6f4b1679> "Follow us on Twitter"

On Sun, January 11, 2015 7:29 pm, Keith Keller wrote: > On 2015-01-12, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: >> >> PS I guess I just mention it. I'm quite happy about CentOS (or RedHat if >> I >> look back). One day I realized how happy I am that I chose RedHat way >> back, - that was when all Debian (and its clones like Ubuntu,...) admins

Kostya, I took a quick stab at patching libFuzzer for Apple, but so far I'm thinking something else is incorrect. Patch is attached but when I went to reproduce the examples, the toy example went fine, but with PCRE and Heartbleed I noticed the coverage statistics were pretty poor, and didn't find anything. Admittedly I moved onto Heartbleed pretty quickly so PCRE probably isn't the

On Sun, January 11, 2015 8:29 pm, Eddie G. O'Connor Jr. wrote: > On 01/11/2015 09:24 PM, Valeri Galtsev wrote: >> On Sun, January 11, 2015 7:29 pm, Keith Keller wrote: >>> On 2015-01-12, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: >>>> PS I guess I just mention it. I'm quite happy about CentOS (or RedHat >>>> if >>>> I

On 01/11/2015 09:38 PM, Valeri Galtsev wrote: > On Sun, January 11, 2015 8:29 pm, Eddie G. O'Connor Jr. wrote: >> On 01/11/2015 09:24 PM, Valeri Galtsev wrote: >>> On Sun, January 11, 2015 7:29 pm, Keith Keller wrote: >>>> On 2015-01-12, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: >>>>> PS I guess I just mention it. I'm quite

On Mon, Feb 2, 2015 at 8:02 PM, Kahlil Hodgson <kahlil.hodgson at dealmax.com.au> wrote: > On 3 February 2015 at 13:34, PatrickD Garvey <patrickdgarveyt at gmail.com> wrote: >> Now how about some specific sources you personally used to learn your >> craft that we can use likewise? > > So many places it makes my brain hurt just thinking about it. Google > and

Hi all, Ok, been wanting to do this for a while, and I after the Heartbleed fiasco, the boss finally agreed to let me buy some real certs... Until now, we've been using self-signed certs with the following dovecot config: ssl = required ssl_cert = </etc/ssl/ourCerts/imap.pem ssl_key = </etc/ssl/ourCerts/imap_key.pem Now, I've created new keys/certs and the CSR, got the new

Hi all, The blog entry [1] suggest that one of the buildbots constantly fuzzes clang and clang-format. However, the actual bot [2] only tests the fuzzer itself over a well-known set of bugs in standard software (eg. Heartbleed [3] seems to be among them). Has there actually ever been a buildbot that fuzzes clang/LLVM itself? Another (obvious?) fuzzing candidate would be the LLVM's bitcode

2017-02-01 17:45 GMT+01:00 Mehdi Amini <mehdi.amini at apple.com>: > >> On Feb 1, 2017, at 8:34 AM, Michael Kruse via llvm-dev <llvm-dev at lists.llvm.org> wrote: >> >> Hi all, >> >> The blog entry [1] suggest that one of the buildbots constantly fuzzes >> clang and clang-format. However, the actual bot [2] only tests the >> fuzzer itself

Hello Everyone I'm looking into the best way to have locked version repos for my CentOS systems. The systems are all set up with Chef and have a couple different recopies/roles. I'd like to have locked version repos for each role with tested RPMs. Then perhaps quarterly apply any updates. It would be nice to have something showing which updates are available for these locked repos.

Hi All We have about 15 different asterisk boxes around the place and on my list has been automate deployment updates and keep a revision history. They are mostly not publicly accessible, and external SIP access is closely firewalled , so updates happen straight away when its something like heartbleed, but take a while to trust/test new releases. Our boxes are Ubuntu LTS - mostly 14.04 at

I know I'm slightly OT here, asking about RHEL, but since Centos is now a part of RH, I'm hoping I won't be summarily ejected. I've seen several articles that listed Centos 6.x as vulnerable, but DID NOT LIST RHEL 6. I'd think that if Centos 6.x is vulnerable, then so would RHEL 6.x, since Centos is made from RHEL sources. Does anyone know for sure either way? thanks! --

Hi All, I had some health issues for a few months and I barely recall dealing with Heartbleed ... it's all just a blur. Now I'm getting back up to speed, but I have a pair of CentOS 6.6 x86_64 + Virtualmin 4.13 GPL servers which no longer seem to be picking up available updates. 'yum check' ran for about 25 minutes this evening on one of them and returned nothing useful. rpm -qa

On Sun, January 11, 2015 5:16 pm, Keith Keller wrote: > On 2015-01-11, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: >> >> Indeed. Or another system altogether (sihg). I'm just extending your >> thought half a step farther ;-) > > Or going even farther, if you like CentOS but not systemd, do the work > to get CentOS working without it. Unhappy Debian

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

Hi All, I have a C6 (latest patches) physical machine that I use for network and server monitoring, predominantly over SNMP. It is on VLAN80. My network management interfaces on the switches are on VLAN50 with routing between the VLANs. I recently changed the router to a CISCO ASA 5505 (reasonably recent IOS version, certainly post HeartBleed), with the management interface on a higher

On 01/11/2015 09:24 PM, Valeri Galtsev wrote: > On Sun, January 11, 2015 7:29 pm, Keith Keller wrote: >> On 2015-01-12, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: >>> PS I guess I just mention it. I'm quite happy about CentOS (or RedHat if >>> I >>> look back). One day I realized how happy I am that I chose RedHat way >>> back, -