[CentOS] CentOS-announce Digest, Vol 133, Issue 3

2016-03-09 Thread centos-announce-request 
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CESA-2016:0346 Important CentOS 7 postgresql  Security Update
  (Johnny Hughes)
   2. CESA-2016:0370 Critical CentOS 7 nss-util Security Update
  (Johnny Hughes)
   3. CESA-2016:0372 Important CentOS 7 openssl098e Security Update
  (Johnny Hughes)
   4. CESA-2016:0372 Important CentOS 6 openssl098e Security Update
  (Johnny Hughes)
   5. CESA-2016:0370 Critical CentOS 6 nss-util Security Update
  (Johnny Hughes)
   6. CESA-2016:0371 Critical CentOS 5 nss Security Update
  (Johnny Hughes)
   7. CESA-2016:0373 Critical CentOS 7 firefox Security Update
  (Johnny Hughes)


--

Message: 1
Date: Wed, 2 Mar 2016 18:06:35 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CESA-2016:0346 Important CentOS 7
postgresql  Security Update
Message-ID: <20160302180635.ga4...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Security Advisory 2016:0346 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0346.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
5c458f42b2ef11fcc4b62d7f69c7dc1e033957c471387d65a6d49c0d7df6f128  
postgresql-9.2.15-1.el7_2.i686.rpm
2434cedad6cd2fd921d499c57864e69e8db4ec7166d0f390c055074d50ddd2a7  
postgresql-9.2.15-1.el7_2.x86_64.rpm
f7484385c8df8fa144de7fea6e3fb64f657a3325608e3d25dd5d6e68f32fa7ea  
postgresql-contrib-9.2.15-1.el7_2.x86_64.rpm
1eeabfd3110ad851ad61b68271e2594d2807241617e395427a83f89f1e662d6f  
postgresql-devel-9.2.15-1.el7_2.i686.rpm
62790ddfbb18ad771af372509b674b62284d8d47c390dc397269f71c9fef8df3  
postgresql-devel-9.2.15-1.el7_2.x86_64.rpm
0e787b99e9fddde0900c8dbf2014025ec8ce1c578c684e5ce51c532b52f1abb4  
postgresql-docs-9.2.15-1.el7_2.x86_64.rpm
51c0e1cc0983e2139d11ea212f23f1ce60b6ed25a071743f360515688898aaa5  
postgresql-libs-9.2.15-1.el7_2.i686.rpm
53f4bed4816944cdfd1b896ad6933c799f3429b221d2146d91d462e5c608fae3  
postgresql-libs-9.2.15-1.el7_2.x86_64.rpm
2c9e04943c318f89e8c94d8104e01cbeb1c9dcbf868dee434c3e65505384cb03  
postgresql-plperl-9.2.15-1.el7_2.x86_64.rpm
36021f26db1f2addf89e15707348cc611b34f0b9fe385df77e1f50994c978fa6  
postgresql-plpython-9.2.15-1.el7_2.x86_64.rpm
a9d8728e1b5a7c34ce94b1c339c3017691da43458afcec07f6be207c96877795  
postgresql-pltcl-9.2.15-1.el7_2.x86_64.rpm
5be958fcca92e4b44dcfcae4f50bb16c05386c06b31ddcd36b5cf6c4ffd01af4  
postgresql-server-9.2.15-1.el7_2.x86_64.rpm
8afce69552067b932036be540522b0db2d4c245cedb1fad8eb4762b02586a83d  
postgresql-test-9.2.15-1.el7_2.x86_64.rpm
1e7aa4a53e7cee01fdd305e69bc2e7927f85d97682dd925b3adb0b12e75a9872  
postgresql-upgrade-9.2.15-1.el7_2.x86_64.rpm

Source:
2e7e14805236939e21dd3bb2b293c205206c7cb76c0beb42317a4073aeb9aab0  
postgresql-9.2.15-1.el7_2.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS



--

Message: 2
Date: Wed, 9 Mar 2016 05:48:05 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CESA-2016:0370 Critical CentOS 7 nss-util
Security Update
Message-ID: <20160309054805.ga38...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Security Advisory 2016:0370 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0370.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
0f0313279ff6dad0387f6505d1cda9096841a183240176b72be161cd79693deb  
nss-util-3.19.1-9.el7_2.i686.rpm
5f0014c0514627b0532cf9d1d6eb1fcc0bdd648c9f93f8582b3b24fd292316df  
nss-util-3.19.1-9.el7_2.x86_64.rpm
f213e755dcf945a2604d44f798ebc8625905bc75c80e57cc1acf8d0c9548169c  
nss-util-devel-3.19.1-9.el7_2.i686.rpm
444a889281c6fd4d06e15f401cead9199490410bfb11b9718b9945ba1f1c55fc  
nss-util-devel-3.19.1-9.el7_2.x86_64.rpm

Source:
9d23e31396ba2ab09ce6033abffd7821adbd04d8130c24893c30c605dd49  
nss-util-3.19.1-9.el7_2.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS



--

Message: 3
Date: Wed, 9 Mar 2016 05:48:23 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CESA-2016:0372 Important CentOS 7
openssl098e

Re: [CentOS] how to force outbound ssh through one network card

2016-03-09 Thread Marcelo Ricardo Leitner 

Em 09-03-2016 01:54, John R Pierce escreveu:

On 3/8/2016 8:47 PM, Clint Dilks wrote:

Here is documentation that may help
http://lartc.org/howto/lartc.rpdb.multiple-links.html  but as John
mentions
it is painful to get right.



sadly, that document is like 15 years old, and hasn't been updated. the
basics are still valid, but things like how to integrate that with RHEL
startup scripts?  nada, you're on your own.


That's actually beyond that document scope.

Anyway, /usr/share/initscripts-*/sysconfig.txt has the info you need to 
integrate those comments on RHEL. Like, for the ip rule commands:


/etc/sysconfig/network-scripts/rule-
/etc/sysconfig/network-scripts/rule6-

  Contains lines that specify additional routing rules that should be added
  when the associated interface is brought up.

  Each non-comment line is used directly as an argument to "/sbin/ip 
rule add"

  or "/sbin/ip -6 rule add" for rule6 files.


YMMV if you want to use NetworkManager/firewalld, of course.

  Marcelo


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] 32 bit programs and libraries on a 64 bit architecture

2016-03-09 Thread g 

greetings.

today i attempted to update update for the nss-util. i selected the
x86_64, clicked apply, error message popped up showing a conflict
because the i686 was also installed.

opened yumex to see what i686 was installed and found a bunch of i686.

because system is a dual core 64 bit, i decided to remove all i686
packages, programs first, then lib files.

during reboot, thought hit that there may be some i686 packages that
should have been left in. maybe for wine.

this is same system that due to fresh install problems, i installed
via 64 bit live dvd.

in "closing the gate after the horses have left the corral", i am
asking is what i did good or bad.

tia.


-- 
peace out.

If Bill Gates got a dime for every time Windows crashes...
 ...oh, wait. He does. THAT explains it!
-+-
in a world with out fences, who needs gates.

CentOS GNU/Linux 6.7

tc,hago.

g
.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] [OT] security bug with firefox and add-on

2016-03-09 Thread g 

greets.

tho this is off-topic for this list, it is still a bug that centos users
along with all users of firefox should be aware of.

due to nature of bug and what is involved, i believe it safer to not go
into great details in an open list. never know which 'hats' are subscribed
to support list. :-D

so my question is just who should i inform of problem?

mozilla.org? author of add-on? cve.mitre.org? all 3?

tia.


-- 
peace out.

If Bill Gates got a dime for every time Windows crashes...
 ...oh, wait. He does. THAT explains it!
-+-
in a world with out fences, who needs gates.

CentOS GNU/Linux 6.7

tc,hago.

g
.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] security bug with firefox and add-on

2016-03-09 Thread Mike - st257 
On Wed, Mar 9, 2016 at 1:38 PM, g  wrote:

>
> greets.
>
> tho this is off-topic for this list, it is still a bug that centos users
> along with all users of firefox should be aware of.
>

What version of CentOS and Firefox?


>
> due to nature of bug and what is involved, i believe it safer to not go
> into great details in an open list. never know which 'hats' are subscribed
> to support list. :-D
>
> so my question is just who should i inform of problem?
>
> mozilla.org? author of add-on? cve.mitre.org? all 3?
>

Author of the add-on would be my first stop.

If it turns out to be a larger bug affecting more than just that add-on,
hopefully the add-on author will run it up the chain to Mozilla.


>
> tia.
>
>
> --
> peace out.
>
> If Bill Gates got a dime for every time Windows crashes...
>  ...oh, wait. He does. THAT explains it!
> -+-
> in a world with out fences, who needs gates.
>
> CentOS GNU/Linux 6.7
>
> tc,hago.
>
> g
> .
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



-- 
---~~.~~---
Mike
//  SilverTip257  //
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] security bug with firefox and add-on

2016-03-09 Thread g 


On 03/09/16 12:46, Mike - st257 wrote:
>> On Wed, Mar 9, 2016 at 1:38 PM, g  wrote:
<<>>

> What version of CentOS and Firefox?
>
--

centos 6.7, firefox 38.6.1.

<<>>

>> so my question is just who should i inform of problem?
>>
>> mozilla.org? author of add-on? cve.mitre.org? all 3?
>
> Author of the add-on would be my first stop.
>
> If it turns out to be a larger bug affecting more than just that add-on,
> hopefully the add-on author will run it up the chain to Mozilla.
>
--

reason in bring this up is if a hacker hacks someone's system and has
knowledge of bug, he most likely will have disassembled add-on and knows
what he needs to know to cause serious problems.

at first, i thought author. after posting and more thought time, authors
tend to be too lax in testing and slow in fixing.

as for mozilla.org, their attitude has become 'not fixable, upgrade to
later version', which in many cases is not doable.

with cve.mitre.org, they just might issue a 'CESA' to remove add-on and
reinstall firefox, do not use add-on until bug is fixed.


-- 
peace out.

If Bill Gates got a dime for every time Windows crashes...
 ...oh, wait. He does. THAT explains it!
-+-
in a world with out fences, who needs gates.

CentOS GNU/Linux 6.7

tc,hago.

g
.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] security bug with firefox and add-on

2016-03-09 Thread Ned Slider 



On 09/03/16 19:11, g wrote:



On 03/09/16 12:46, Mike - st257 wrote:

On Wed, Mar 9, 2016 at 1:38 PM, g  wrote:

<<>>


What version of CentOS and Firefox?


--

centos 6.7, firefox 38.6.1.


Does it affect the latest version of Firefox just released:

firefox-38.7.0-1.el6_7

Is the bug in Firefox or the add-on.

If the bug is in Firefox, then I would report it to Red Hat. CentOS will 
not fix bugs, security or otherwise, as the policy is to rebuild RHEL, 
bugs and all.




<<>>


so my question is just who should i inform of problem?

mozilla.org? author of add-on? cve.mitre.org? all 3?


Author of the add-on would be my first stop.

If it turns out to be a larger bug affecting more than just that add-on,
hopefully the add-on author will run it up the chain to Mozilla.


--

reason in bring this up is if a hacker hacks someone's system and has
knowledge of bug, he most likely will have disassembled add-on and knows
what he needs to know to cause serious problems.

at first, i thought author. after posting and more thought time, authors
tend to be too lax in testing and slow in fixing.

as for mozilla.org, their attitude has become 'not fixable, upgrade to
later version', which in many cases is not doable.

with cve.mitre.org, they just might issue a 'CESA' to remove add-on and
reinstall firefox, do not use add-on until bug is fixed.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 32 bit programs and libraries on a 64 bit architecture

2016-03-09 Thread Gordon Messmer 

On 03/09/2016 10:12 AM, g wrote:

in "closing the gate after the horses have left the corral", i am
asking is what i did good or bad.


If you try to run a program and it doesn't run, then removing i686 might 
have been bad.  Wine is definitely one that will pull in a long list of 
i686 dependencies.


Generally what I recommend is this:  If you install a package that you 
then decide you don't want, use "yum history undo" or "yum history 
rollback" to remove that package.  Otherwise, just upgrade and don't 
look for things to remove.  The amount of disk space used by packages 
you don't actively use is measured in cents.  Your time is worth far more.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 32 bit programs and libraries on a 64 bit architecture

2016-03-09 Thread John R Pierce 

On 3/9/2016 1:20 PM, Gordon Messmer wrote:

On 03/09/2016 10:12 AM, g wrote:

in "closing the gate after the horses have left the corral", i am
asking is what i did good or bad.


If you try to run a program and it doesn't run, then removing i686 
might have been bad.  Wine is definitely one that will pull in a long 
list of i686 dependencies.


Generally what I recommend is this:  If you install a package that you 
then decide you don't want, use "yum history undo" or "yum history 
rollback" to remove that package.  Otherwise, just upgrade and don't 
look for things to remove.  The amount of disk space used by packages 
you don't actively use is measured in cents. Your time is worth far more. 



A minor(?) downside of too many unneeded packages is how much time yum 
update takes.




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to force outbound ssh through one network card

2016-03-09 Thread Kahlil Hodgson 
I did this once more than 10 years ago. If I was to do it again, I would
probably get shorewall to do most of the heavy lifting:

http://shorewall.net/MultiISP.html
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 32 bit programs and libraries on a 64 bit architecture

2016-03-09 Thread g 


On 03/09/16 15:20, Gordon Messmer wrote:
> On 03/09/2016 10:12 AM, g wrote:
>> in "closing the gate after the horses have left the corral", i am
>> asking is what i did good or bad.
>
> If you try to run a program and it doesn't run, then removing i686 might 
> have been bad.  Wine is definitely one that will pull in a long list of 
> i686 dependencies.
>
--

ok. i am rounding up the horses now. ;-)

reinstalled all the wine i686. i have only used wine about 5 times from
day of it's 'birth', but at least i now have 32 bit back if i ever need it.

> Generally what I recommend is this:  If you install a package that you 
> then decide you don't want, use "yum history undo" or "yum history 
> rollback" to remove that package.  Otherwise, just upgrade and don't 
> look for things to remove.  The amount of disk space used by packages 
> you don't actively use is measured in cents.  Your time is worth far more.
>
--

for this one, went back over 'man yum', found;

  history
The history command allows the user to view what has happened in
past transactions (assuming the history_record config. option is
set). You can use  info/list/packages-list/packages-info/summary
to  view what happened, undo/redo/rollback to act on that infor-
mation and new to start a new history file.

to check that history was enabled, ran 'grep' in /etc and /etc/yum/*, all
i found is;

  yum]$ sudo grep history *
  [sudo] password for geo:
  aliases.conf:h  history
  aliases.conf:hi history info
  aliases.conf:hl history list
  aliases.conf:hs history summary
  aliases.conf:hp history package-list

  yum]$ sudo grep record *
  grep: pluginconf.d: Is a directory
  grep: protected.d: Is a directory
  grep: vars: Is a directory

nothing to enable history_record. ran 'yum history', history showed
usage 7 thru 26, so no problem. should have done that to start with.

as for drive space, diff before and after removal was about 200M in a
14.7GB partition. so no, no advantage, other than a lot of the i686 was
also x86_64.

reason all this came about was trying to update the x86_64 nss-util and
yumex complained about the i686 nss-util.

as for rest, like you say, i will find out what i686 i need when i run
various progs.

another day in my life has been blessed with more learning and a bit
wiser.

Gordon, thank you for replying and your advice. much appreciated.


-- 
peace out.

If Bill Gates got a dime for every time Windows crashes...
 ...oh, wait. He does. THAT explains it!
-+-
in a world with out fences, who needs gates.

CentOS GNU/Linux 6.7

tc,hago.

g
.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 32 bit programs and libraries on a 64 bit architecture

2016-03-09 Thread g 


On 03/09/16 15:33, John R Pierce wrote:
<<<>>>

> A minor(?) downside of too many unneeded packages is how much time yum 
> update takes.
>
--

very true. except i do now believe that most of what i took out is what
i put back when i installed wine 32 bit. :-D


-- 
peace out.

If Bill Gates got a dime for every time Windows crashes...
 ...oh, wait. He does. THAT explains it!
-+-
in a world with out fences, who needs gates.

CentOS GNU/Linux 6.7

tc,hago.

g
.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] security bug with firefox and add-on

2016-03-09 Thread g 


On 03/09/16 14:28, Ned Slider wrote:
> On 09/03/16 19:11, g wrote:
<<<>>>

> Does it affect the latest version of Firefox just released:
>
> firefox-38.7.0-1.el6_7
>
> Is the bug in Firefox or the add-on.
>
> If the bug is in Firefox, then I would report it to Red Hat. CentOS will 
> not fix bugs, security or otherwise, as the policy is to rebuild RHEL, 
> bugs and all.
>
--

as it now stands with firefox 38.7.0, bug is still there.

because of what is happening, it _is_ the add-on.

checked mozilla site to see who author is. he is a mozilla program
developer. which does not surprise me.

after giving much thought to bug and what could result, i am sending
notice to RHEL, mozilla and CVE.

if bug is not fixed within a very few days, i just might inform some
of the computer news people and just for fun of it, Homeland Security.

why Homeland Security? simple, there are most likely a lot of .gov
officials using firefox on their oos computers. and we all know how
easy it is to get into oos. ((GBWG))


-- 
peace out.

If Bill Gates got a dime for every time Windows crashes...
 ...oh, wait. He does. THAT explains it!
-+-
in a world with out fences, who needs gates.

CentOS GNU/Linux 6.7

tc,hago.

g
.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] security bug with firefox and add-on

2016-03-09 Thread Richard 


> Date: Wednesday, March 09, 2016 17:30:57 -0600
> From: g 
> 
> On 03/09/16 14:28, Ned Slider wrote:
>> On 09/03/16 19:11, g wrote:
> <<<>>>
> 
>> Does it affect the latest version of Firefox just released:
>> 
>> firefox-38.7.0-1.el6_7
>> 
>> Is the bug in Firefox or the add-on.
>> 
>> If the bug is in Firefox, then I would report it to Red Hat.
>> CentOS will  not fix bugs, security or otherwise, as the policy is
>> to rebuild RHEL,  bugs and all.
>> 
> as it now stands with firefox 38.7.0, bug is still there.
> 
> because of what is happening, it _is_ the add-on.
> 
> checked mozilla site to see who author is. he is a mozilla program
> developer. which does not surprise me.
> 
> after giving much thought to bug and what could result, i am sending
> notice to RHEL, mozilla and CVE.
> 
> if bug is not fixed within a very few days, i just might inform some
> of the computer news people and just for fun of it, Homeland
> Security.
> 
> why Homeland Security? simple, there are most likely a lot of .gov
> officials using firefox on their oos computers. and we all know how
> easy it is to get into oos. ((GBWG))


The CERT policy for public disclosure is 45 days after the initial
report (to the vendor).

   

Make certain you report the issue to the right person. In the case of
a FF add-on, the author and probably Mozilla. RH doesn't distribute
FF add-ons so they aren't primary on something like this, especially
if the bug isn't OS/RHEL specific.

You might want to check to see if it's still an issue with the
current FF (45), which can be gotten from their release site:

   

The linux packages can be unpacked and run from user space, so you
don't impact your your system installed release.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to force outbound ssh through one network card

2016-03-09 Thread Greg Ennis 


I did this once more than 10 years ago. If I was to do it again, I would
probably get shorewall to do most of the heavy lifting:

-

Hey, thanks everyone for your help...  I thought this would be easy with
iptables, but looks like I have some fun experimental work ahead of
me  :)

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos