[CentOS] CVE-2014-4043 posix_spawn_file_actions_addopen
Hi, Is there an ETA on when CVE-2014-4043 for glibc will be fixed in centos. I see the upstream vendor version glibc-2.20 has this fix supposedly, but I don't see this specific fix in the centos glibc changelogs. I've compiled the test code for this bug and as of glibc-2.17.77 the test reports the bug is present. Preferably we'd like this fix on centos6.6 as we can't move to 7.0 yet. Thanks, -->Pat ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] L1TF in CentOS
Hi, I've applied the latest kernel upticks of kernel and microcode_ctl for L1TF. Just rpm updates and rebooted, no further changes. kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm microcode_ctl-1.17-33.3.el6_10.x86_64.rpm L1TF has several mitigations. So far I can see that only this one is applied. # cat /sys/devices/system/cpu/vulnerabilities/l1tf Mitigation: PTE Inversion Is this the definitive check? I'm trying to confirm the L1Data Cache flush isn't enabled. It's ok if only this PTE Inversion is applied for me, I just need to be sure, because when I read this url from Redhat, it says 2 of the 3 mitigations are enabled by default, but I see only 1: https://access.redhat.com/security/vulnerabilities/L1TF "/All mitigations are enabled by default with the exception of disabling Hyper-Threading, which customers must take explicit manual steps to turn off./" Also, I haven't been able to find clarity on what mitigations need to be applied to VMs, which ones to VM servers, which to kvm instances and kvm servers, and if containers and container servers need any special treatment. Thanks! -->Pat ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] looking for rpms in CentOS 8
Hi, I can't find 3 rpms (for now, maybe more later) in centos 8, which are available for centos 7 and 6. perl-Crypt-SSLeay perl-Data-Validate-IP ndisc6 Any ideas why these aren't in the repos yet? I'm using these repos below and I've browsed repos searching for these. # dnf repolist ... repo idrepo namestatus AppStream CentOS-8 - AppStream 5,089 BaseOS CentOS-8 - Base 2,843 Stream-AppStream CentOS-Stream - AppStream4,629 Stream-BaseOS CentOS-Stream - Base 2,326 Stream-extras CentOS-Stream - Extras 3 cr CentOS-8 - cr6,338 *epel Extra Packages for Enterprise Linux 8 - x86_64 3,732 extras CentOS-8 - Extras3 Plus, I just want to say thanks for the entire CentOS team and community, you do a lot of work that is critical, and is highly appreciated! -->Pat - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] looking for rpms in CentOS 8
On 12/28/19 2:29 PM, Orion Poplawski wrote: On 12/27/19 11:51 AM, Patrick Rael wrote: Hi, I can't find 3 rpms (for now, maybe more later) in centos 8, which are available for centos 7 and 6. perl-Crypt-SSLeay See https://bugzilla.redhat.com/show_bug.cgi?id=1744782 Apparently it's been superseded by perl-Net-SSLeay. Thanks, it looks like we may not need this one anymore, just had a stale dependency for it. perl-Data-Validate-IP I don't even see this in EL7 proper - https://pkgs.org/download/perl-Data-Validate-IP We must have got it from rpmfusion or some place outside of the main centos repos. I guess the answer is probably go there to get it again, but it's not there yet either. Probably the best answer is build it ourselves from source. Here's a link I found. http://repo.openfusion.net/srpms/perl-Data-Validate-IP-0.27-1.of.el7.src.rpm ndisc6 It's been requested in EPEL: https://bugzilla.redhat.com/show_bug.cgi?id=1779134 but no response yet. Eagerly awaiting this. We might use the build steps from that url and build our own until it's supported. Any ideas why these aren't in the repos yet? I'm using these repos below and I've browsed repos searching for these. All of the above was found by fairly straightforward google and bugzilla searches. Thanks! ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] openssl Security Update for CentOS 6.7 ETA
Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7. Thanks! -->Pat ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openssl Security Update for CentOS 6.7 ETA
On 05/11/2016 09:45 AM, Steve Snyder wrote: On Wednesday, May 11, 2016 11:20am, "Patrick Rael" said: Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7. Thanks! Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless CentOS does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL update. Is there an ETA on CentOS v6.8?Days? Weeks? Months? (years?) I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7. I thought security updates would be available on 6.7 for many more years. Best regards! -- Patrick Rael Contractor, Lumeta Corporation Network Situational Awareness Phone: 703-298-3276 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] openssl Security Update for CentOS 6.7 ETA
On 05/11/2016 11:24 AM, m.r...@5-cent.us wrote: Patrick Rael wrote: On 05/11/2016 09:45 AM, Steve Snyder wrote: On Wednesday, May 11, 2016 11:20am, "Patrick Rael" said: Hi, Is there an ETA on the openssl security update (CVE-2016-0799) for CentOS 6.7?I saw the openssl update for CentOS 7 on 5/9, eagerly awaiting the same for 6.7. Looks like Red Hat pushed it to RHEL v6.8, released yesterday. Unless CentOS does a special back-port we'll have to wait for CentOS v6.8 to get the OpenSSL update. Is there an ETA on CentOS v6.8?Days? Weeks? Months? (years?) I just need to predict when CVE-2016-0799 will be fixed for CentOS 6.7. I thought security updates would be available on 6.7 for many more years. Please - it was *just* released, and the build team is presumably already on it. Hopefully, upstream hasn't screwed with their build environment again. At any rate, when upstream did, it took our build team about a month to get builds working again; if they haven't, then I'd hope for a few weeks. PLEASEPLEASEPLEASEPLEASE people, *don't* turn this into a 5k posts a day arguing over whether the build team is lazy, or 75% of them "ANYTHING NEW?! HOW SOON?! Give them some bloody time, children. It's a job of work, as the old saying goes. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Thanks! You developers do a mountain of work, it's really appreciated greatly! -->Pat -- -- Patrick Rael Contractor, Lumeta Corporation Network Situational Awareness Phone: 703-298-3276 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
