similar to: EL5 Security Policy for the final 3 years

> Am 08.04.2019 um 17:49 schrieb Johnny Hughes <johnny at centos.org>: > > On 4/3/19 1:53 PM, Leon Fauster via CentOS wrote: >> It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1]. >> >> Does the SIG has plans to update these rpms for EL6? >> >> [1] https://httpd.apache.org/security/vulnerabilities_24.html >> > >

It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1]. Does the SIG has plans to update these rpms for EL6? [1] https://httpd.apache.org/security/vulnerabilities_24.html -- Thanks, LF

On 4/3/19 1:53 PM, Leon Fauster via CentOS wrote: > It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1]. > > Does the SIG has plans to update these rpms for EL6? > > [1] https://httpd.apache.org/security/vulnerabilities_24.html > https://access.redhat.com/security/cve/cve-2019-0211 That says SCLs are affected .. BUT .. they do not yet have a plan. The

On 29/12/14 01:52, Always Learning wrote: > > On Thu, 2014-12-18 at 10:30 -0600, Les Mikesell wrote: > >> .............. The design changes are done in Fedora, by >> people who apparently never liked unix or consistency, not the people >> using Red Hat or CentOS that already have things working that they >> would like to keep working the same way across upgrades.

This is the notification of the End of Life (EOL) for CentOS 4. The 7-year enterprise lifetime of CentOS-4 ends now. CentOS-4 has been copied to the CentOS Vault. The last released tree is available here: http://vault.centos.org/4.9/ All architectures of CentOS-4 (i386, x86_64, ppc, s390, and s390x) are impacted. Support for the CentOS-4 Cluster Server and the CentOS-4 Global File Server

Hi, I'm working on a RHSA tracking tool, named Sarah. It allows you to build a local RHSA database of different RHEL releases and then allows you to verify systems for compliance (and lists applicable RHSA and required packages). But before releasing my prototype, I would like to know what requirements people have. How they would be using such a tool and what for reports they need to

I have been looking at the security advisories provided here: http://lists.centos.org/pipermail/centos-announce/ It appears that there is not a 1:1 correlation between advisories listed here and advisories listed by Red Hat: https://rhn.redhat.com/errata Is there a specific reason for this? Also, is there an alternate location to find all Errata information for CentOS? Joshua Bahnsen

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

Hi! I have noticed, that our mirror has this package bash-3.2-33.el5_11.4.x86_64.rpm, but a lot of other mirror still have bash-3.2-33.el5_10.4.x86_64.rpm. Since bash-3.2-33.el5_11.4.x86_64.rpm was issued on 26-Sep-2014 04:28, could this be the product of slower mirror update cycles? Regards, Mitja -- -- Mitja Miheli? ARNES, Tehnolo?ki park 18, p.p. 7, SI-1001 Ljubljana, Slovenia tel: +386

Quick Q: while running my A.M. update today, I see several updates that I haven't seen announced yet. The one concerning me is glibc. I killed the update since it glibc is so central to a system. Is it safe to install? If so, I presume I'll want to update it first and then the rest of the system? TIA for any information. -- Bill

Folks, I've build a tiny repo to provide GIMP 2.3.15 (and 2.3.14 as a possible fallback) for EL5. GIMP 2.3.15 is the last version of GIMP that builds with no errors with the GTK+ version that ships with EL. 2.3.15 is "almost GIMP 2.4", as 2.3.19 was the last development release prior to 2.4.0. To the extent of my knowledge, Akkana Peck wrote the first edition of her book on GIMP

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:03.cpio Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities cpio Category: contrib Module: contrib_cpio Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:24.libarchive Security Advisory The FreeBSD Project Topic: Infinite loop in corrupt archives handling in libarchive(3) Category: core Module:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:08.openssl Security Advisory The FreeBSD Project Topic: Buffer overflow in OpenSSL SSL_get_shared_ciphers() Category: contrib Module: openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:08.openssl Security Advisory The FreeBSD Project Topic: Buffer overflow in OpenSSL SSL_get_shared_ciphers() Category: contrib Module: openssl

Source: xen Severity: grave Tags: security Multiple vulnerabilities are unfixed in xen: CVE-2015-5307: http://xenbits.xen.org/xsa/advisory-156.html CVE-2016-3960 http://xenbits.xen.org/xsa/advisory-173.html CVE-2016-3159 / CVE-2016-3158 http://xenbits.xen.org/xsa/advisory-172.html CVE-2016-2271 http://xenbits.xen.org/xsa/advisory-170.html CVE-2016-2270

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The new kernel-2.6.18-128.7.1.el5.i686 kernel breaks audio support on my onboard audio on an AMD Solo motherboard. 00:07.5 Multimedia audio controller: Advanced Micro Devices [AMD] AMD-8111 AC97 Audio (rev 03) After upgrading to the new kernel from kernel-2.6.18-128.4.1.el5.i686, I quickly noticed audio not working in Flash in firefox, then after

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:23.openssl Security Advisory The FreeBSD Project Topic: Multiple problems in crypto(3) Category: contrib Module: openssl Announced:

Hi Team, We are looking for Security Release Version / patch for "CVE-2018-14628<https://attachments.samba.org/attachment.cgi?id=14477>". The above CVE says : All versions of Samba from 4.0.0 onwards are vulnerable to an information leak (compared with the established behaviour of Microsoft's Active Directory) when Samba is an Active Directory Domain Controller. A patch

Hi, FYI - don't sue me for posting this here - I know, everyone who needs this info *should* have it already, but maybe not ;-) Kind regards, B. Courtin -- OpenSSL Security Advisory [30 July 2002] This advisory consists of two independent advisories, merged, and is an official OpenSSL advisory. Advisory 1 ========== A.L. Digital Ltd and The Bunker (http://www.thebunker.net/) are