similar to: RHSA-2019:1467 not fixed in centos

On 6/19/19 9:28 AM, Johnny Hughes wrote: > On 6/19/19 1:52 AM, Andrew Colin Kissa via CentOS wrote: >> Hi >> >> It seems the fix for CVE-2019-9636 has slipped through the cracks as >> the SRPM has not been rebuilt and made available for CentOS 6. >> >> https://access.redhat.com/security/cve/cve-2019-9636 >>

On 6/19/19 1:52 AM, Andrew Colin Kissa via CentOS wrote: > Hi > > It seems the fix for CVE-2019-9636 has slipped through the cracks as > the SRPM has not been rebuilt and made available for CentOS 6. > > https://access.redhat.com/security/cve/cve-2019-9636 > https://access.redhat.com/errata/RHSA-2019:1467 This actually failed to build .. working on it now. --------------

Johnny Hughes wrote: > On 6/19/19 9:28 AM, Johnny Hughes wrote: >> On 6/19/19 1:52 AM, Andrew Colin Kissa via CentOS wrote: >>> >>> It seems the fix for CVE-2019-9636 has slipped through the cracks as >>> the SRPM has not been rebuilt and made available for CentOS 6. >>> >>> https://access.redhat.com/security/cve/cve-2019-9636 >>>

> On 19 Jun 2019, at 16:53, mark <m.roth at 5-cent.us> wrote: > > I see this in the build log, right about the end: > > RPM build errors: > File not found: > /builddir/build/BUILDROOT/python-2.6.6-68.el6_10.x86_64/usr/lib64/python2.6/lib-dynload/ossaudiodev.so > File not found: >

On 6/20/19 1:04 AM, Andrew Colin Kissa via CentOS wrote: > > >> On 19 Jun 2019, at 16:53, mark <m.roth at 5-cent.us> wrote: >> >> I see this in the build log, right about the end: >> >> RPM build errors: >> File not found: >> /builddir/build/BUILDROOT/python-2.6.6-68.el6_10.x86_64/usr/lib64/python2.6/lib-dynload/ossaudiodev.so >>

Any word on this update for CentOS 6? This one seems pretty bad if it's a remote exploit. -- Matt Phelps System Administrator, Computation Facility Harvard - Smithsonian Center for Astrophysics mphelps at cfa.harvard.edu, http://www.cfa.harvard.edu ---------- Forwarded message ---------- From: Red Hat Errata Notifications <errata at redhat.com> Date: Tue, Jan 10, 2017 at 5:19 PM

has this package been rebuilt? I didn't see an announcement for it. --Ajay, who's not bitchin', just wondering... -------- Original Message -------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated gaim package fixes security issues Advisory

Hi there, it seems like the rh-ruby24-ruby sclo has not been rebuilt yet :-? https://access.redhat.com/errata/RHSA-2019:1150 Kind Regards, basti

On 07/05/2018 06:13 AM, Johnny Hughes wrote: > On 07/04/2018 06:35 PM, me at tdiehl.org wrote: >> On Wed, 4 Jul 2018, Phil Wyett wrote: >>> >>> On Wed, 2018-07-04 at 16:06 -0400, me at tdiehl.org wrote: >>>> Hi, >>>> >>>> Where can I find the srpm for >>>> centos-release-6-10.el6.centos.12.3.x86_64? >>>>

I saw libxml2 have a security update on https://rhn.redhat.com/errata/RHSA-2012-1288.html. But centos only update libxml2 for centos 5., it also affect centos6. Centos already update ppid(RHSA-2012:1269), looks like libxml(RHSA-2012:1288) skiped.... Any explanation?

CentOS team: has the CentOS kernel update come out yet that addresses what upstream sent out the email this morning RHSA-2013:0223-1, which mentions a bugfix for a deadlock when oom-killer's invoked? mark

Hi, I'm working on a RHSA tracking tool, named Sarah. It allows you to build a local RHSA database of different RHEL releases and then allows you to verify systems for compliance (and lists applicable RHSA and required packages). But before releasing my prototype, I would like to know what requirements people have. How they would be using such a tool and what for reports they need to

Apologies if i missed this on the list but is there a fix for this available to 6.0? https://rhn.redhat.com/errata/RHSA-2011-1245.html thanks

Hi CentOS developers - I?ve been happily using CentOS for several years now, so thanks for all the good work. In the last week, however, I noticed that while the items in RHSA-2015:1443 has shown up as updates (and announced on centos-announce), the analogous update for CentOS 6, RHSA-2015:1471 (according to https://access.redhat.com/security/cve/CVE-2015-4620), doesn?t seem to be there. Is

I normally just let the daily announce post to this list show what is available for updates, but there is a CVE (CVE-2015-7547) that needs a bit more attention which will be on today's announce list of updates. We released a new glibc yesterday for CentOS-6 and CentOS-7 .. it is VERY important that all users update to these versions: This update is rated as Critical by Red Hat, meaning that

> Am 08.04.2019 um 17:49 schrieb Johnny Hughes <johnny at centos.org>: > > On 4/3/19 1:53 PM, Leon Fauster via CentOS wrote: >> It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1]. >> >> Does the SIG has plans to update these rpms for EL6? >> >> [1] https://httpd.apache.org/security/vulnerabilities_24.html >> > >

hi centos community, as many of you probably have been following along, a few days ago CVE 2017-1000117 <https://bugzilla.redhat.com/show_bug.cgi?id=1480386> was identified and redhat was prompt to release patches to fedora 25/26. I haven't seen any chatter thus far from CentOS, so was wondering if anyone knew the status of the patches landing in CentOS, and more specifically, for

https://bugzilla.mindrot.org/show_bug.cgi?id=1467 Summary: SFTP stalls Classification: Unclassified Product: Portable OpenSSH Version: 5.0p1 Platform: Other OS/Version: Other Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: sconeu

I have a docker image based off centos:7 with java-11-openjdk-devel. It appears that the current java-11-openjdk-devel available in the CentOS 7 Yum repo is 1:11.0.7.10-4.el7_8 11.0.7 is reported to have some high vulnerabilities RHSA-2020:2969 that are fixed in 11.0.8, but 11.0.8 is not available for CentOS 7. 1. Is there a 11.0.8 update for java-11-openjdk-devel available for CentOS 7? 2. Is

Hi folks, On April 11th 2019 RedHat has responded to httpd: privilege escalation from modules scripts (CVE-2019-0211) mod_auth_mellon: authentication bypass in ECP flow (CVE-2019-3878) building a patched Apache http24 version for Software Collections - https://access.redhat.com/errata/RHSA-2019:0746 When can we expect this will be done for the SCL CentOS 7? Regards, Vesselin