[CentOS-announce] Koji/CBS infra and sslv3/Poodle important notification
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, As most of you already know, there is an important SSLv3 vulnerability (CVE-2014-3566 - see https://access.redhat.com/articles/1232123) , known as Poodle. While it's easy to disable SSLv3 in the allowed Protocols at the server level (for example SSLProtocol All -SSLv2 -SSLv3 for apache), some clients are still defaulting to SSLv3, and Koji does that. We currently have disabled SSLv3 on our cbs.centos.org koji instance, so if you're a cbs/koji user, please adapt your local koji package (local fix !) At the moment, there is no available upstream package, but the following patch has been tested by Fedora people too (and credits go to https://lists.fedoraproject.org/pipermail/infrastructure/2014-October/014976.html) = - --- SSLCommon.py.orig 2014-10-15 11:42:54.747082029 +0200 +++ SSLCommon.py2014-10-15 11:44:08.215257590 +0200 @@ -37,7 +37,8 @@ if f and not os.access(f, os.R_OK): raise StandardError, %s does not exist or is not readable % f - -ctx = SSL.Context(SSL.SSLv3_METHOD) # SSLv3 only +#ctx = SSL.Context(SSL.SSLv3_METHOD) # SSLv3 only +ctx = SSL.Context(SSL.TLSv1_METHOD) # TLSv1 only ctx.use_certificate_file(key_and_cert) ctx.use_privatekey_file(key_and_cert) ctx.load_client_ca(ca_cert) @@ -45,7 +46,8 @@ verify = SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT ctx.set_verify(verify, our_verify) ctx.set_verify_depth(10) - -ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_TLSv1) +#ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_TLSv1) +ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_TLSv1 | SSL.OP_NO_SSLv3) return ctx = We'll keep you informed about possible upstream koji packages that would default to at least TLSv1 If you encounter a problem, feel free to drop into #centos-devel channel on irc.freenode.net and have a chat with us on behalf of the Infra team, - -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlQ+TUUACgkQnVkHo1a+xU4JyQCfefp2h7yRdmljBqRc+M76jPTf z7wAn3dOkaNPNfEnV0pxWDFX7BDDqKuY =lxsg -END PGP SIGNATURE- ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2014:1633 Important CentOS 5 java-1.7.0-openjdk Security Update
CentOS Errata and Security Advisory 2014:1633 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1633.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: cda53101232eb6cd5602ef8753a3e211a2009ea72e6a428d6cd5a0ac53ec4ae9 java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el5_11.i386.rpm 1f3b95aeb134a6e4bb5a4c21fab7dd29bb39045b49ec17805d3cc92f94d5e2ac java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el5_11.i386.rpm c36d94ab305e34ee6fbf0426b38ddfc311961469840b0e285d15c079da0f2452 java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el5_11.i386.rpm 450a1b7c215204619f677b0b8f1ec34f69bee537fced59bd46b3d8b112635479 java-1.7.0-openjdk-javadoc-1.7.0.71-2.5.3.1.el5_11.i386.rpm ff09dcdba9b572eda5bd338bf5b28aed10e8c2fc558597262da814e236813ff1 java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el5_11.i386.rpm x86_64: 6052c5e61bbec143e623c9a91c2cce72f9f7f3aadbf924fc29b4555de0992501 java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el5_11.x86_64.rpm 04537efd65f66d22657111f675d0da2597a8690a7d648a2b5e71a04d21646d79 java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el5_11.x86_64.rpm 52081c3a681a0bbe48c3eff1f0e38e9b40fb13ac1f4bc49209fc4e8c58faffbc java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el5_11.x86_64.rpm d60ec241efd0a10052570ca64736c54d754a79f4470ffb4e6a6aa6477d545bf5 java-1.7.0-openjdk-javadoc-1.7.0.71-2.5.3.1.el5_11.x86_64.rpm 9297219ee7607057e537e1c7742f1821b61c15b8b6ec62af79cb741984eb0ab9 java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el5_11.x86_64.rpm Source: ed1eb38a7f79e0943f24bc846766a3186ec0bb1d38e17cb5ce7bef094ea9fc62 java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el5_11.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2014:1634 Important CentOS 5 java-1.6.0-openjdk Security Update
CentOS Errata and Security Advisory 2014:1634 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1634.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 661ee4730f4b847a6759206f27d39ea88e796f5f75326a8e8b6a50c8534d0c50 java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el5_11.i386.rpm 2e0b2410b3fb71b755e5425d8fdac9ce8cc32a16e9d5fdad7fe7de1b6fe69684 java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el5_11.i386.rpm 8cd100f0e593436a38106a1eb418d4015f7efda3ce22cd47bd2ff31c6dcff9b9 java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el5_11.i386.rpm c28a3885d6f74565bc890487d860e2ca144d9ab3480b514c49262ed5e597f54a java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el5_11.i386.rpm a631d1939042978f2aa4cf19899e35b6ff09c4decc439d471270871ef9105d1b java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el5_11.i386.rpm x86_64: 08570abc3fa70ee0eb250bde4c3a7679b9f00acbf968c63d2308e30cb5713a83 java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm af80d8b7b6e438c5a7bafab1f848c453bad845b01afbf10a83261b2707847342 java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm e53c299c6b906b6e126d599a88cdab2d9fd8e6209e1b5ab955c8aef42d4be1d1 java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm 2b0ff42033c13fe5b819463e68ee2818a5caa1ae7f73e9a15f8414bdca458980 java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm 8fb298b92315736751045c40c818c96e25da8bd1c2db6755e1e725a9abf5 java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el5_11.x86_64.rpm Source: ed6c6e06e2aebf5e17428ea9a88a6e64fae6c1dc92cc464daad06cca96e90c9f java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el5_11.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2014:1639 CentOS 5 net-snmp BugFix Update
CentOS Errata and Bugfix Advisory 2014:1639 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1639.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: b70149570ae2995abb99608eed92879d7a858eb2cfca30bd1df788fac005143d net-snmp-5.3.2.2-25.el5_11.i386.rpm a309f1be7154379823dbb4dcad793a426860d57a9063a9071c6c4fc25d86f8da net-snmp-devel-5.3.2.2-25.el5_11.i386.rpm 16daccea483c63520a2665dd6b8f5b6b9e5ca7a3d990109b8389fd8a7f17b5b4 net-snmp-libs-5.3.2.2-25.el5_11.i386.rpm 011f4a8144dac538d55631f98c1a4db05f9316dc5c1bc63dbd3affc81b07e655 net-snmp-perl-5.3.2.2-25.el5_11.i386.rpm 557ebacc5f44df2073603b637603c92ff8f6576d2fa0352a644aa2f785169e2d net-snmp-utils-5.3.2.2-25.el5_11.i386.rpm x86_64: b18f5a065751910d91b014c2b57e8e4a1156eb19cf008a938640ba7f7be00b7e net-snmp-5.3.2.2-25.el5_11.x86_64.rpm a309f1be7154379823dbb4dcad793a426860d57a9063a9071c6c4fc25d86f8da net-snmp-devel-5.3.2.2-25.el5_11.i386.rpm 61850313ddb00551779bdda13504f64c1c976d19587c9a4dfb579b041d1600cf net-snmp-devel-5.3.2.2-25.el5_11.x86_64.rpm 16daccea483c63520a2665dd6b8f5b6b9e5ca7a3d990109b8389fd8a7f17b5b4 net-snmp-libs-5.3.2.2-25.el5_11.i386.rpm 96c97bea6d12840f8c5634d6310c1271778c521194d7f1341f78072f8c0a739c net-snmp-libs-5.3.2.2-25.el5_11.x86_64.rpm 075c93c0d56e59b7ed95cb8891b20517a6f0b1e35fed6ff59189345db6e31702 net-snmp-perl-5.3.2.2-25.el5_11.x86_64.rpm d82127347b7a456a59e73b896c11e557a04f55c9132ab67921e5168e65a7f902 net-snmp-utils-5.3.2.2-25.el5_11.x86_64.rpm Source: 9fa4c80c2a48f0197074d61efb65fa96a19528029ce279cf6a675a99e92a4ad7 net-snmp-5.3.2.2-25.el5_11.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2014:1635 Critical CentOS 5 firefox Security Update
CentOS Errata and Security Advisory 2014:1635 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1635.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 9df05ee668d515f3ece37ee2e4cf518ffef8d1c52de35a0c59743ef9cf574cd7 firefox-31.2.0-3.el5.centos.i386.rpm x86_64: 9df05ee668d515f3ece37ee2e4cf518ffef8d1c52de35a0c59743ef9cf574cd7 firefox-31.2.0-3.el5.centos.i386.rpm fbd203f1998e1dee8e25010a1d4fa29b4b5321d20db4125b985b03a8592346ff firefox-31.2.0-3.el5.centos.x86_64.rpm Source: f5201abc4f86e806a1fcb6f85333b750203339111f506ffb2641beb02c3693f4 firefox-31.2.0-3.el5.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2014:1642 CentOS 5 rsync BugFix Update
CentOS Errata and Bugfix Advisory 2014:1642 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1642.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 1cbecc8922d43a0adcccd726e5803e76175f2fcca868baa94977f23a0882d983 rsync-3.0.6-6.el5_11.i386.rpm x86_64: aa673131601130f8ac144a0047914df78daf1296a424fd7ba9b0dbe61a4276df rsync-3.0.6-6.el5_11.x86_64.rpm Source: 12ce50da9141459819c943b7ac95dff36fb8cc9f42b50842ece6bbe0cb574b73 rsync-3.0.6-6.el5_11.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2014:1635 Critical CentOS 7 firefox Security Update
CentOS Errata and Security Advisory 2014:1635 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1635.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: b5bf77e58f0df4d4838bf72de18af77fc1299c64b944717b9be8023af642b2c7 firefox-31.2.0-3.el7.centos.i686.rpm f067bcd3d034b5878519cdc52befe29d493a8bbe19d64cc3ebf774f179a0b6e6 firefox-31.2.0-3.el7.centos.x86_64.rpm 5c28de4b7be9d9762646c2b99d80d2a4d42dd5b2787169cf48e919d93920d629 xulrunner-31.2.0-1.el7.centos.i686.rpm f7333789ff7a8c662e0f8e9a1f54c6ed508ee9fdd2fa98762492b076af18dd50 xulrunner-31.2.0-1.el7.centos.x86_64.rpm db657d67fc48d4a27bf50596a26cd35df82b06ec2d1f10004c94964c00ce3002 xulrunner-devel-31.2.0-1.el7.centos.i686.rpm 9045ff98c6fff3dab5a7fa9a73a3bcd05608a3723f83070e72e78fe6124c2202 xulrunner-devel-31.2.0-1.el7.centos.x86_64.rpm Source: cd172114374d6f81aae6c1dd22d1bb00cbd2a2244b0a7e726a09ed20459de604 firefox-31.2.0-3.el7.centos.src.rpm c24e3e31ba4b610cb3e291e28905b4f11f59bc10f2e55ad0a9dd9324d013b43f xulrunner-31.2.0-1.el7.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2014:1634 Important CentOS 7 java-1.6.0-openjdk Security Update
CentOS Errata and Security Advisory 2014:1634 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1634.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 235d58e6756e5bd6c033aa98373311e4706a7bc2ce5e717e08fd09b5f1bc2e4f java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm f747489a1afff1f19a0abc503ce4bd271dba6d7a501b0a9af068a34296d6ce42 java-1.6.0-openjdk-demo-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm 290565d69afedfa4f198bb61702f3b09b8b1e4c976c07c060266eaf316992d79 java-1.6.0-openjdk-devel-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm 2567dd401a1752ad2ec3740d87abff5a98e20ddf8c3a55eacc32b6ba08c47c12 java-1.6.0-openjdk-javadoc-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm ca6278bb38d570c2cedeab68beced1a75b0818a59787e9110fd84da407d9f464 java-1.6.0-openjdk-src-1.6.0.33-1.13.5.0.el7_0.x86_64.rpm Source: 4fea1ba7337b0ba553c05103d411b1062082412e012acff2fddbb4c91d360ec9 java-1.6.0-openjdk-1.6.0.33-1.13.5.0.el7_0.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2014:1620 Important CentOS 7 java-1.7.0-openjdk Security Update
CentOS Errata and Security Advisory 2014:1620 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1620.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 002dee0a0bdf11e376d99fb4ad2971f31dfe1204b1154419344244fce83238d8 java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm 19420477ed938598934e8bb3edb856e12b52a1078987ea3ae5851257e548ec0e java-1.7.0-openjdk-accessibility-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm ec749fb28d1434a785046cb4ac367523ed1be0472384b2e1b8b90125188dac7a java-1.7.0-openjdk-demo-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm 528cf0637d50f83eb14f14852e350dac8bc13981817d630e8ffc0c27f27f6f28 java-1.7.0-openjdk-devel-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm fd1b2a97c9b87dc283db7503bfbb2ed3f312133f864f1af4a86f1c5928c4b83e java-1.7.0-openjdk-headless-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm 8de25453d7898c7ce00cefb1fc4b4ade295507b1c157848c4d826a66968fbaf2 java-1.7.0-openjdk-javadoc-1.7.0.71-2.5.3.1.el7_0.noarch.rpm b9d91f7b9e069cf942bf96d8e30e538a9ac03a8537d9182868d778e3a05aed1c java-1.7.0-openjdk-src-1.7.0.71-2.5.3.1.el7_0.x86_64.rpm Source: a2e80b7c19c2ccad896649a93ea1d97a3a722a245c34973acc0941deb1e16a83 java-1.7.0-openjdk-1.7.0.71-2.5.3.1.el7_0.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2014:1644 CentOS 7 NetworkManager BugFix Update
CentOS Errata and Bugfix Advisory 2014:1644 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1644.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 0faba288ae5c4ec1456111ec15ba5d5465a306e89c09f47a4d42d4cc259a819b NetworkManager-0.9.9.1-28.git20140326.4dba720.el7_0.2.i686.rpm 01f764b740ed30440b0a1e1ce4f7725784a4c0337751680139be2ea7f10791f9 NetworkManager-0.9.9.1-28.git20140326.4dba720.el7_0.2.x86_64.rpm 2decea343a51a0c01a3f2d11b2da5ea065b2134a0584934092870548b891c0cd NetworkManager-config-server-0.9.9.1-28.git20140326.4dba720.el7_0.2.x86_64.rpm 9d85a20af75a715ca5e7cb9b413b8c37093baed8509441a769313d3853b8 NetworkManager-devel-0.9.9.1-28.git20140326.4dba720.el7_0.2.i686.rpm 3c82ec2e5c9a85e97f2797e2e33711c3a71f76a5383c79b64ad70fe5b45a93f6 NetworkManager-devel-0.9.9.1-28.git20140326.4dba720.el7_0.2.x86_64.rpm 67a5061a195b8b34999fc9d4b9794b93a7febfaab6244e1f6a50a44f2d361e64 NetworkManager-glib-0.9.9.1-28.git20140326.4dba720.el7_0.2.i686.rpm 9940e56de28f1a477f8ec66c5ca2449fb0c67f00fce4438c4a677f3b2c105f55 NetworkManager-glib-0.9.9.1-28.git20140326.4dba720.el7_0.2.x86_64.rpm 6bcd1bfa5901a0287d5cf6d6cab51c711738210b1dc09741a80185935abd74b2 NetworkManager-glib-devel-0.9.9.1-28.git20140326.4dba720.el7_0.2.i686.rpm aaa9bb756d63a60c4f5dd066a40de58be9f11e805319344d452227e796a6e4f8 NetworkManager-glib-devel-0.9.9.1-28.git20140326.4dba720.el7_0.2.x86_64.rpm b0c6ad674d946fea1c4a58ebffe0017202f7ba331f098b297ee51866840fc3f8 NetworkManager-tui-0.9.9.1-28.git20140326.4dba720.el7_0.2.x86_64.rpm Source: 995cd42d84588a77c6e0f976829cfe62b97d7b08e979cc7d75e8e2b2e13e006e NetworkManager-0.9.9.1-28.git20140326.4dba720.el7_0.2.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2014:1647 Important CentOS 5 thunderbird Security Update
CentOS Errata and Security Advisory 2014:1647 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1647.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: bc59af1c3aa2950614736db2e2e1e1596eb77228a98ac4a83fec2735e6a58257 thunderbird-31.2.0-2.el5.centos.i386.rpm x86_64: b3065ffa9bbe359d2b810a2c7ac3eb702966e4c37cb638b69229019965584992 thunderbird-31.2.0-2.el5.centos.x86_64.rpm Source: 0c0305b9aedc7ced272157b8582dfa756f4db974dc4d5bdb394b02a0fe489cb0 thunderbird-31.2.0-2.el5.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce