Re: [CentOS] log4j cve
Zitat von Steve Meier : Hello Steve, Am 2021-12-14 14:14, schrieb Steve Clark: This is the standard version that comes with CentOS 7 and is the latest available as of a yum update just now. log4j-1.2.17-16.el7_4.noarch yes, that's correct, but it is abandoned nonetheless. According to the RPM's change log, Red Hat backported a fix for CVE-2017-5645. They have not done this for CVE-2019-17571 it seems. I would be very surprised if they'd do so now. Kind regards, Steve ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Tools alle Links ohne Prüfung auf Inhalt und Qualität https://log4shell.huntress.com/ (Quelle Sven Kuhnert) https://therecord.media/log4j-zero-day-gets-security-fix-just-as-scans-for-vulnerable-systems-ramp-up/ Anwendung BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-12 2129 UTC · GitHub https://logging.apache.org/log4j/2.x/security.html Presse https://www.heise.de/news/Log4j-2-16-0-verbessert-Schutz-vor-Log4Shell-Luecke-6294053.html https://www.golem.de/news/log4j-luecke-warum-log4shell-so-gefaehrlich-ist-und-was-nicht-hilft-2112-161757-4.html Hinweis: In den Kommentaren zu den Artikeln finden sich Einschätzungen und Hinweise neuste Artikel oben https://www.heise.de/ratgeber/Schutz-vor-schwerwiegender-Log4j-Luecke-was-jetzt-hilft-und-was-nicht-6292961.html https://www.golem.de/news/log4shell-bsi-vergibt-hoechste-warnstufe-fuer-log4j-luecke-2112-161734.html https://www.spiegel.de/netzwelt/web/log4j-luecke-bundesbehoerden-von-schwerer-it-schwachstelle-betroffen-a-6cb889d2-ba8d-48f8-a27a-f923bf11b563 https://www.spiegel.de/netzwelt/web/log4-j-schwachstelle-ja-leute-die-scheisse-brennt-lichterloh-a-760bd03d-42d2-409c-a8d2-d5b13a9150fd https://www.spiegel.de/netzwelt/web/bundesbehoerde-warnt-vor-schwachstelle-in-weit-verbreiteter-software-a-55bc413b-2e01-446c-8ee6-5fabfee3b0f2 fachliche Quellen https://www.heise.de/news/Kritische-Zero-Day-Luecke-in-log4j-gefaehrdet-zahlreiche-Server-und-Apps-6291653.html https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2021/12/warnmeldung_cb-k21-1264.html?nn=520170 https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-549032-10F2.pdf?__blob=publicationFile&v=3 Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation | CISA Java-Schwachstelle Log4Shell – Was passiert ist und was zu tun ist – Sophos News Log4Shell explained – how it works, why you need to know, and how to fix it – Naked Security (sophos.com) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] log4j cve
Zitat von Ralf Prengel : Tools alle Links ohne Prüfung auf Inhalt und Qualität https://log4shell.huntress.com/ (Quelle Sven Kuhnert) https://therecord.media/log4j-zero-day-gets-security-fix-just-as-scans-for-vulnerable-systems-ramp-up/ Sorry, cut & paste error. Ralf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT:: Multiple PHP versions
On Tue, 2021-12-14 at 19:18 -0800, Kenneth Porter wrote: > > You might find that someone has packaged the version you desire in > the Yes, but you have to think about it's maintainance status, be it a SCL or packages in COPR or elsewhere. If it's unmaintained you might not want to use it, especially if Software weaknesses might be exploited remotely. Regarding the php SCLs by RedHat (which were rebuilt by a CentOS Sig): You will not get security updates for php < 7.3. Best Regards, Markus ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT:: Multiple PHP versions
On Wed, Dec 15, 2021 at 02:31:20PM +0100, Markus Falb wrote: > Yes, but you have to think about it's maintainance status, be it a SCL > or packages in COPR or elsewhere. If it's unmaintained you might not > want to use it, especially if Software weaknesses might be exploited > remotely. Take a look at Remi Collet's https://rpms.remirepo.net/. He is the maintainer for the Fedora packages and the SCLs, and very passionate about PHP. As I understand it, he is providing security updates for the 7.4 SCL available from there through the end of next year (when upstream PHP drops support). -- Matthew Miller Fedora Project Leader ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Qemu - enabling "bridge mode" for primary physical interface for VMs
Once upon a time, Lists said: > Thank you, I'll be trying this on a spare machine here before I try it in > production. Carefully reading the directions, although I see where bridge-br0 > is created, I don't see where bridge-slave-em1 is defined? This part: > > # Make a connection for the physical ethernet em1 to be part of the bridge > > nmcli con add type ethernet ifname em1 master bridge-br0 does it. If you don't specify a connection name, NM names a new bridge member connection profile as "bridge-slave-". -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] network bound disk encryption bond interface not working
hi,
running 8.5 I cannot get to automatically unlock the luks container on a
dell poweredge 740.
This is the setup. The clevis client has bound a tang server:
# clevis luks list -d /dev/sdb2
1: tang '{"url":"http://10.x.x.200"}'
This sdb2 is the boot device.
dracut config:
kernel_cmdline="bond=bond0:eno1,eno2:mode=4,miimon=100
ip=10.xx.x.1::10.xx.x.254:255.255.255.0::bond0:none "
omit_dracutmodules+="ifcfg"
After a reboot, I see that the tang server receives a post from this ip,
and sends a 200 back:
16:45:02.247838 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
TCP (6), length 60)
10.xx.x.200.80 > 10.xx.x.1.46374: Flags [S.], cksum 0x391b
(incorrect -> 0x0686), seq 2182485757, ack 3195393805, win 28960,
options [mss 1460,sackOK,TS val 329378980 ecr 3156670178,nop,wscale
7], length 0
16:45:02.248057 IP (tos 0x0, ttl 63, id 8950, offset 0, flags [DF],
proto TCP (6), length 52)
10.xx.x.1.46374 > 10.xx.x.200.80: Flags [.], cksum 0xa58d
(correct), ack 1, win 229, options [nop,nop,TS val 3156670178 ecr
329378980], length 0
16:45:02.248191 IP (tos 0x0, ttl 63, id 8951, offset 0, flags [DF],
proto TCP (6), length 448)
10.xx.xx.1.46374 > 10.xx.x.200.80: Flags [P.], cksum 0x134d
(correct), seq 1:397, ack 1, win 229, options [nop,nop,TS val
3156670178 ecr 329378980], length 396: HTTP, length: 396
POST /rec/BMZ0nj7Ecn79Au8t24041JoChXk HTTP/1.1
Host: 10.xx.x.200
User-Agent: curl/7.61.1
Accept: */*
Content-Type: application/jwk+json
Content-Length: 230
{"alg":"ECMR","crv":"P-521","kty":"EC","x":"ARUMMnBG_wm8o3KuHk9qnEPbft1M7SMSlHkFHiSD0dDZSegvIZARe8U1V6lsaYZGSJ8mPBvI-NlUUc4yrdF3naaz","y":"ANQwwFFAEzl6UWiDrv37Pr8yTuWdwlDwq_QR0Q9TNP34_fsJAZ-y3oJv0uIoat6KLhPylWTjAY_jJIblOzWhQZpW"}
16:45:02.248215 IP (tos 0x0, ttl 64, id 58644, offset 0, flags [DF],
proto TCP (6), length 52)
10.xxx.xx.200.80 > 10.xx.x.1.46374: Flags [.], cksum 0x3913
(incorrect -> 0xa3fb), ack 397, win 235, options [nop,nop,TS val
329378980 ecr 3156670178], length 0
16:45:02.282326 IP (tos 0x0, ttl 64, id 58645, offset 0, flags [DF],
proto TCP (6), length 69)
10.xx.x.200.80 > 10.x.x.1.46374: Flags [P.], cksum 0x3924
(incorrect -> 0xe3fa), seq 1:18, ack 397, win 235, options [nop,nop,TS
val 329379014 ecr 3156670178], length 17: HTTP, length: 17
HTTP/1.1 200 OK
So basically, it should unlock, but it's not unlocking.
Does anyone have experience with bond interfaces and nbde on 8/9?
TIA.
--
regards,
Natxo
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
