similar to: Centos and CVE-2017-1000117

> Date: Thursday, August 17, 2017 00:13:58 +0200 > From: Alexander Dalloz <ad+lists at uni-x.org> > > Am 16.08.2017 um 16:29 schrieb Herbert Chang: >> hi centos community, >> >> as many of you probably have been following along, a few days ago >> CVE 2017-1000117 >> <https://bugzilla.redhat.com/show_bug.cgi?id=1480386> was >> identified

Am 16.08.2017 um 16:29 schrieb Herbert Chang: > hi centos community, > > as many of you probably have been following along, a few days ago CVE > 2017-1000117 <https://bugzilla.redhat.com/show_bug.cgi?id=1480386> was > identified and redhat was prompt to release patches to fedora 25/26. I > haven't seen any chatter thus far from CentOS, so was wondering if anyone >

On August 19, 2017 10:12:27 AM CDT, Alexander Dalloz <ad+lists at uni-x.org> wrote: >Am 19.08.2017 um 14:45 schrieb Richard: >> I've seen the announcement and update(s) for centos-6 >> (CESA-2017:2485), but I don't find anything for centos-7 yet. It >> looks like RH announced them both at about the same time wednesday >> and the update for centos-6 came out

Am 19.08.2017 um 14:45 schrieb Richard: > I've seen the announcement and update(s) for centos-6 > (CESA-2017:2485), but I don't find anything for centos-7 yet. It > looks like RH announced them both at about the same time wednesday > and the update for centos-6 came out thursday. Is there some reason > that the update(s) for -7 haven't been pushed out? Updates for

I normally just let the daily announce post to this list show what is available for updates, but there is a CVE (CVE-2015-7547) that needs a bit more attention which will be on today's announce list of updates. We released a new glibc yesterday for CentOS-6 and CentOS-7 .. it is VERY important that all users update to these versions: This update is rated as Critical by Red Hat, meaning that

Saw this on the Exim List:- From: Tony Finch <dot--at-- at dotat.at> Subject: [exim] CVE-2015-0235 - glibc gethostbyname remotely exploitable via exim Date: Tue, 27 Jan 2015 17:33:45 +0000 "The Exim mail server is exploitable remotely if configured to perform extra security checks on the HELO and EHLO commands ("helo_verify_hosts" or "helo_try_verify_hosts"

Hi, I have a question about this vulnerability. Could someone please help me which packages i should upgrade in Centos 6 to fix this vulnerability? I don't want to perform upgrade of whole system with "yum upgrade". -- Best Regards, *Alexander Danilov*

Does mitigation of the so-called BADLOCK CVE (CVE-2016-2118) for Samba 3.x imply an upgrade to a non-vulnerable version of the tdb library? If so, can someone point me to any documentation on the tdb vulnerability? Thanks, Sam

Hello, will there be updates for these CVEs for CentOS 6? Thanks, Walter

On Sat, 22 Oct 2016, Valeri Galtsev wrote: > On Sat, October 22, 2016 7:49 pm, Valeri Galtsev wrote: >> Dear All, >> >> I guess, we all have to urgently apply workaround, following, say, this: >> >> https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ >> >> At least those of us who still have important multi user

> Am 08.04.2019 um 17:49 schrieb Johnny Hughes <johnny at centos.org>: > > On 4/3/19 1:53 PM, Leon Fauster via CentOS wrote: >> It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1]. >> >> Does the SIG has plans to update these rpms for EL6? >> >> [1] https://httpd.apache.org/security/vulnerabilities_24.html >> > >

Hi Team, Please let me know the severity of CVE-2017-2619 and CVE-2017-7494. Arjit Kumar

I have a brand new in stall of samba4 on a FreeBSD 10 machine and I am getting these messages on the console practically all the time. I have actually disabled load printer list in globals but it does not seem to make any difference, I am not intending to use it as a printserver at all, just for files, it is to replace a system which is quite old and running out of space Jul 11 20:24:25

Hi folks, On April 11th 2019 RedHat has responded to httpd: privilege escalation from modules scripts (CVE-2019-0211) mod_auth_mellon: authentication bypass in ECP flow (CVE-2019-3878) building a patched Apache http24 version for Software Collections - https://access.redhat.com/errata/RHSA-2019:0746 When can we expect this will be done for the SCL CentOS 7? Regards, Vesselin

On Tue, January 27, 2015 1:58 pm, Peter Lawler wrote: > On 28/01/15 04:47, Always Learning wrote: >> >> Saw this on the Exim List:- >> > <SNIP> >> >> I use Exim on C5 and C6 - should I be worried about Exim on C6 ? >> > > upstream references: > https://rhn.redhat.com/errata/RHSA-2015-0092.html When I read this I read that it is fixed in

Dear All, I guess, we all have to urgently apply workaround, following, say, this: https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ At least those of us who still have important multi user machines running Linux. (Yes, me too, I do have a couple, thank goodness, the rest are already not ;-) Have a productive weekend, everybody. Valeri

Hi We have the one server SAMBA 4.3.11-ubuntu in Active Directory mode with some Windows Clients The Ubuntu repository not update samba package (last version is 4.3.11). Please, how am i can fix the CVE-2017-7494 (Remote code execution from a writable share) in my SAMBA server? Should option 'nt pipe support = no' will influence how SAMBA_AD works? Anderson Hoffmann

On Tue, Oct 25, 2016 at 2:18 PM, <m.roth at 5-cent.us> wrote: > My manager just told me that upstream has released a patched kernel for 7: > > CentOS package kernel-3.10.0-327.36.3.el7.x86_64.rpm > see http://rhn.redhat.com/errata/RHSA-2016-2098.html > > I'm hoping Johnny can get us that, hopefully before the end of the week. > > mark > >

One of our FreeBSD boxes has a SCSI controller and disk, which showed problems earlier this week. There was a lot of of chatter from the SCSI driver in /var/log/messages and to the console. However, the console is unattended and we only discovered the problem subsequently because /var/log/console.log didn't show any of the chatter. console.log is otherwise working, and very helpful (e.g. it

Source: xen Version: 4.8.1~pre.2017.01.23-1 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerability was published for xen. CVE-2017-7228[0]: | An issue (known as XSA-212) was discovered in Xen, with fixes available | for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix | introduced an insufficient check on XENMEM_exchange input,