similar to: New glibc for CentOS-6 and CentOS-7 and CVE-2015-7547

On 17/02/16 13:01, Johnny Hughes wrote: > I normally just let the daily announce post to this list show what > is available for updates, but there is a CVE (CVE-2015-7547) that > needs a bit more attention which will be on today's announce list > of updates. > > We released a new glibc yesterday for CentOS-6 and CentOS-7 .. it > is VERY important that all users update to

On 2/17/2016 8:01 AM, Johnny Hughes wrote: > I normally just let the daily announce post to this list show what is > available for updates, but there is a CVE (CVE-2015-7547) that needs a > bit more attention which will be on today's announce list of updates. > > We released a new glibc yesterday for CentOS-6 and CentOS-7 .. it is > VERY important that all users update to

On 02/17/2016 07:08 AM, Michael H wrote: > On 17/02/16 13:01, Johnny Hughes wrote: >> I normally just let the daily announce post to this list show what >> is available for updates, but there is a CVE (CVE-2015-7547) that >> needs a bit more attention which will be on today's announce list >> of updates. >> >> We released a new glibc yesterday for

My C7 system has mariadb 5.5.37, installed from the Centos repository. The latest version (with a security update is 5.5.39). Mariadb.org has its own repositories, but they don't list Centos 7 as an option. Is anyone using the repository for Centos 6 with Centos 7? See

Saw this on the Exim List:- From: Tony Finch <dot--at-- at dotat.at> Subject: [exim] CVE-2015-0235 - glibc gethostbyname remotely exploitable via exim Date: Tue, 27 Jan 2015 17:33:45 +0000 "The Exim mail server is exploitable remotely if configured to perform extra security checks on the HELO and EHLO commands ("helo_verify_hosts" or "helo_try_verify_hosts"

Hi I'd like to know if the present version of Bind in CentOS 6 (bind-9.8.2-0.47.rc1.el6_8.1.x86_64) is vulerable to CVE-2016-2776. According to https://www.isc.org/downloads/, version 9.8.x is End-of-Life (EOL) as of Sep 2014. Regards ian

Hi, I was using CentOS 7 and when I ran some custom commercial security scan on my machine, I found about 122 vulnerabilities. Can you help me on how to get security upgrades on top of my existing CentOS? # cat /etc/redhat-release CentOS Linux release 7.1.1503 (Core) Thanks for the help. -- Thanks & Regards, Venkateswara Rao Dokku.

I just saw this: https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01 which includes this: " A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process. All NTP4 releases before 4.2.8 are vulnerable." "This vulnerability is resolved with NTP-stable4.2.8

Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7? I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7. Thanks! -->Pat

On Tue, January 27, 2015 1:58 pm, Peter Lawler wrote: > On 28/01/15 04:47, Always Learning wrote: >> >> Saw this on the Exim List:- >> > <SNIP> >> >> I use Exim on C5 and C6 - should I be worried about Exim on C6 ? >> > > upstream references: > https://rhn.redhat.com/errata/RHSA-2015-0092.html When I read this I read that it is fixed in

On Sat, 22 Oct 2016, Valeri Galtsev wrote: > On Sat, October 22, 2016 7:49 pm, Valeri Galtsev wrote: >> Dear All, >> >> I guess, we all have to urgently apply workaround, following, say, this: >> >> https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ >> >> At least those of us who still have important multi user

Hello, we are using 3.4.3 from Gitco.de on 64bit Centos 5.8 and we have PV guests 64bit. According to described security bug we are in danger. What do you suggest? Wait for gitco update or build xen own with patch? Br Peter

On Thu, Mar 9, 2017 at 9:55 AM, Johnny Hughes <johnny at centos.org> wrote: > On 03/09/2017 07:35 AM, Phelps, Matthew wrote: > > On Wed, Mar 8, 2017 at 6:22 PM, Yamaban <foerster at lisas.de> wrote: > > > >> On Wed, 8 Mar 2017 16:56, Johnny Hughes <johnny at ...> wrote: > >> > >>> On 03/08/2017 09:39 AM, Phelps, Matthew wrote: >

Being as a Windows geek tho, I consider Linux as a more powerful server operating system than Windows. When I saw OS comparison at http://www.microsoft.com/windowsserver/compare/linux/server-security.mspx I was shocked! Showed it to a friend and he felt like being brainwashed :D lol. What do you fellows think about this? Thanks. -------------- next part -------------- An HTML attachment was

Does mitigation of the so-called BADLOCK CVE (CVE-2016-2118) for Samba 3.x imply an upgrade to a non-vulnerable version of the tdb library? If so, can someone point me to any documentation on the tdb vulnerability? Thanks, Sam

Hi, I have a question about this vulnerability. Could someone please help me which packages i should upgrade in Centos 6 to fix this vulnerability? I don't want to perform upgrade of whole system with "yum upgrade". -- Best Regards, *Alexander Danilov*

Any word on this update for CentOS 6? This one seems pretty bad if it's a remote exploit. -- Matt Phelps System Administrator, Computation Facility Harvard - Smithsonian Center for Astrophysics mphelps at cfa.harvard.edu, http://www.cfa.harvard.edu ---------- Forwarded message ---------- From: Red Hat Errata Notifications <errata at redhat.com> Date: Tue, Jan 10, 2017 at 5:19 PM

On Tue, Oct 25, 2016 at 2:18 PM, <m.roth at 5-cent.us> wrote: > My manager just told me that upstream has released a patched kernel for 7: > > CentOS package kernel-3.10.0-327.36.3.el7.x86_64.rpm > see http://rhn.redhat.com/errata/RHSA-2016-2098.html > > I'm hoping Johnny can get us that, hopefully before the end of the week. > > mark > >

I'm trying to find out if a particular RedHat patch has been ported to CentOS yet. In particular, this vulnerability: CVE-2011-3607 According to this: https://rhn.redhat.com/errata/RHSA-2012-0323.html it has been patched as of httpd-2.2.3-63.el5_8.1.x86_64.rpm Now, in the latest CentOS repository, I find httpd-2.2.3-63.el5.centos.1.x86_64.rpm Is this the same (or later) release? I suspect

Can anyone inform me as to whether or not Java on CentOS-6.6 still has SSLv3 enabled? And if it does then how is it disabled? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1