> Q3) Does this indicate that only the latest CentOS (minor) release can
> be considered "secure" or "patched"?
Yes. Security errata for previous Enterprise Linux minor releases are
a Red Hat product called Extended Update Support (EUS) [0]. CentOS
doesn't build EUS updates. CentOS point
Am 05.08.20 um 17:55 schrieb Johnny Hughes:
On 8/5/20 10:45 AM, cen...@niob.at wrote:
On 05/08/2020 16:49, Johnny Hughes wrote:
On 8/5/20 1:05 AM, cen...@niob.at wrote:
On 04/08/2020 23:50, Jon Pruente wrote:
On Tue, Aug 4, 2020 at 11:34 AM wrote:
Q5) If the answer to the last question is
On 05/08/2020 17:55, Johnny Hughes wrote:
Having said all this: maybe there is some deeper problem here, because
of that pattern of missing announce e-mails that correspond with
packages that differ in the final version number with respect to the
upstream package. Or is this just a
On 8/5/20 10:45 AM, cen...@niob.at wrote:
> On 05/08/2020 16:49, Johnny Hughes wrote:
>> On 8/5/20 1:05 AM, cen...@niob.at wrote:
>>> On 04/08/2020 23:50, Jon Pruente wrote:
On Tue, Aug 4, 2020 at 11:34 AM wrote:
> Q5) If the answer to the last question is "no": shouldn't there be
On 05/08/2020 16:49, Johnny Hughes wrote:
On 8/5/20 1:05 AM, cen...@niob.at wrote:
On 04/08/2020 23:50, Jon Pruente wrote:
On Tue, Aug 4, 2020 at 11:34 AM wrote:
Q5) If the answer to the last question is "no": shouldn't there be such
a resource?
CentOS doesn't publish security errata. If
On 8/5/20 1:05 AM, cen...@niob.at wrote:
> On 04/08/2020 23:50, Jon Pruente wrote:
>> On Tue, Aug 4, 2020 at 11:34 AM wrote:
>>
>>> Q5) If the answer to the last question is "no": shouldn't there be such
>>> a resource?
>>>
>> CentOS doesn't publish security errata. If you need it then you should
On 04/08/2020 23:50, Jon Pruente wrote:
On Tue, Aug 4, 2020 at 11:34 AM wrote:
Q5) If the answer to the last question is "no": shouldn't there be such
a resource?
CentOS doesn't publish security errata. If you need it then you should
either buy RHEL, or deal with putting together your own
On Tue, Aug 4, 2020 at 11:34 AM wrote:
> Q5) If the answer to the last question is "no": shouldn't there be such
> a resource?
>
CentOS doesn't publish security errata. If you need it then you should
either buy RHEL, or deal with putting together your own set up with
something like
Dear List,
I have spent some time playing around with oscap and the RHEL OVAL feed
(https://www.redhat.com/security/data/oval/v2/RHEL8/, also check Chapter
16 of the RHEL 8 Design Guide). Because I could not find an existing
OVAL file for CentOS, I downloaded one of the RHEL8 files and
Hi,
I have php 5.4.16 php in my centos 7 machine when I searched over
internet I could see it is effected by some vulenrabilities. So I wanted to
upgrade my PHP to 5.6.x, but did not find procedure for it.
When I tried yum upgrade php, it says no packages marked for update
Can you please give
On 04/30/2015 03:38 AM, Venkateswara Rao Dokku wrote:
Hi,
I have php 5.4.16 php in my centos 7 machine when I searched over
internet I could see it is effected by some vulenrabilities. So I wanted to
upgrade my PHP to 5.6.x, but did not find procedure for it.
When I tried yum upgrade
Thanks for the replies. The tool that we used for testing the security
vulnerability is Nessus.
I have glibc version 2.17-78.el7, I saw that CVE-2015-0235 (Ghost) is fixed
in this version and I want to apply patch for the vulnerbailities
CVE-2015-1472 CVE-2015-1473. Can you please help me in
On 04/27/2015 04:09 AM, Venkateswara Rao Dokku wrote:
Thanks for the replies. The tool that we used for testing the security
vulnerability is Nessus.
I have glibc version 2.17-78.el7, I saw that CVE-2015-0235 (Ghost) is fixed
in this version and I want to apply patch for the vulnerbailities
On Mon, Apr 27, 2015 at 02:39:30PM +0530, Venkateswara Rao Dokku wrote:
Thanks for the replies. The tool that we used for testing the security
vulnerability is Nessus.
I have glibc version 2.17-78.el7, I saw that CVE-2015-0235 (Ghost) is fixed
in this version and I want to apply patch for
On 04/27/2015 02:09 AM, Venkateswara Rao Dokku wrote:
Can you please help me in finding the right
version that has fixes for these?
Start by accessing Red Hat's CVE database:
https://access.redhat.com/security/cve/
If errata have been published for a CVE entry, they will be listed along
On Mon, April 27, 2015 12:01 pm, Jonathan Billings wrote:
On Mon, Apr 27, 2015 at 02:39:30PM +0530, Venkateswara Rao Dokku wrote:
Thanks for the replies. The tool that we used for testing the security
vulnerability is Nessus.
I have glibc version 2.17-78.el7, I saw that CVE-2015-0235 (Ghost)
Hi,
I was using CentOS 7 and when I ran some custom commercial security scan on
my machine, I found about 122 vulnerabilities.
Can you help me on how to get security upgrades on top of my existing
CentOS?
# cat /etc/redhat-release
CentOS Linux release 7.1.1503 (Core)
Thanks for the help.
--
2015-04-24 12:21 GMT+03:00 Venkateswara Rao Dokku dvrao@gmail.com:
Hi,
I was using CentOS 7 and when I ran some custom commercial security scan on
my machine, I found about 122 vulnerabilities.
Can you help me on how to get security upgrades on top of my existing
CentOS?
# cat
2015-04-24 15:31 GMT+03:00 Jim Perrin jper...@centos.org:
On 04/24/2015 04:21 AM, Venkateswara Rao Dokku wrote:
Hi,
I was using CentOS 7 and when I ran some custom commercial security scan
on
my machine, I found about 122 vulnerabilities.
Can you help me on how to get security
On 04/24/2015 04:21 AM, Venkateswara Rao Dokku wrote:
Hi,
I was using CentOS 7 and when I ran some custom commercial security scan on
my machine, I found about 122 vulnerabilities.
Can you help me on how to get security upgrades on top of my existing
CentOS?
# cat /etc/redhat-release
On 04/24/2015 04:21 AM, Venkateswara Rao Dokku wrote:
Hi,
I was using CentOS 7 and when I ran some custom commercial security scan on
my machine, I found about 122 vulnerabilities.
Can you help me on how to get security upgrades on top of my existing
CentOS?
The short answer: 'yum
Am 24.04.2015 um 11:21 schrieb Venkateswara Rao Dokku:
I was using CentOS 7 and when I ran some custom commercial security scan on
my machine, I found about 122 vulnerabilities.
That's why those scans are wasted money. From a security management
point of view they neither help you nor your
On 4/24/2015 12:14 PM, Alexander Dalloz wrote:
Am 24.04.2015 um 11:21 schrieb Venkateswara Rao Dokku:
I was using CentOS 7 and when I ran some custom commercial security
scan on
my machine, I found about 122 vulnerabilities.
That's why those scans are wasted money. From a security management
John R Pierce wrote:
On 4/24/2015 12:14 PM, Alexander Dalloz wrote:
Am 24.04.2015 um 11:21 schrieb Venkateswara Rao Dokku:
I was using CentOS 7 and when I ran some custom commercial security
scan on
my machine, I found about 122 vulnerabilities.
That's why those scans are wasted money. From
2014-06-07 13:23 GMT+03:00 John R. Dennison j...@gerdesas.com:
On Sat, Jun 07, 2014 at 01:14:30PM +0300, Eero Volotinen wrote:
Hi,
Is there way to subscribe centos security alerts via email?
There is the centos-announce mailing list. Security announcements are
tagged with CESA so it
On Sun, Jun 08, 2014 at 02:18:24PM +0300, Eero Volotinen wrote:
Thanks, is rss feed also available?
Not as far as I am aware.
John
--
Everything happens for a reason. And that reason is normally physics.
- Anonymous
pgpW_rt3bexKt.pgp
Hi,
Is there way to subscribe centos security alerts via email?
like:
http://lwn.net/Alerts/CentOS/
--
Eero
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
On Sat, Jun 07, 2014 at 01:14:30PM +0300, Eero Volotinen wrote:
Hi,
Is there way to subscribe centos security alerts via email?
There is the centos-announce mailing list. Security announcements are
tagged with CESA so it should be easy to filter for your needs.
I remember I sent weeks ago next email to other guy with same doubts:
Hello,
just if it helps, please find below these lines the steps I have used to
analyze several suspicious machines in some customers, to check if they
have been compromised or not:
* Chrootkit rkhunter - To search for
Al writes:
Any suggestions on what to run on a centos box to verify that the
server isn't compromised or being sniffed? Thanks!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
This is very handy,
Any suggestions on what to run on a centos box to verify that the
server isn't compromised or being sniffed? Thanks!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
19.2.2012 3:38, Al kirjoitti:
Any suggestions on what to run on a centos box to verify that the
server isn't compromised or being sniffed? Thanks!
rkhunter comes to my mind.
--
Don't hate yourself in the morning -- sleep till noon.
___
CentOS
On Feb 18, 2012, at 9:07 PM, Donkey Hottie wrote:
19.2.2012 3:38, Al kirjoitti:
Any suggestions on what to run on a centos box to verify that the
server isn't compromised or being sniffed? Thanks!
rkhunter comes to my mind.
Thanks for the suggestion, any others?
Al mailingl...@theflux.net wrote:
Any suggestions on what to run on a centos box to verify that the
server isn't compromised or being sniffed? Thanks!
For isn't compromised, you need a host integrity verification system like
Tripwire or AIDE (which is in the base repo). Expect to have to
On Feb 18, 2012, at 9:34 PM, Les Bell wrote:
Al mailingl...@theflux.net wrote:
Any suggestions on what to run on a centos box to verify that the
server isn't compromised or being sniffed? Thanks!
For isn't compromised, you need a host integrity verification
system like
Tripwire or
On Feb 18, 2012 10:41 PM, Al mailingl...@theflux.net wrote:
On Feb 18, 2012, at 9:34 PM, Les Bell wrote:
Al mailingl...@theflux.net wrote:
Any suggestions on what to run on a centos box to verify that the
server isn't compromised or being sniffed? Thanks!
For isn't
Hi all!
I was scanning my servers with nmap, ( i have installed ssh), and the result
gave me this:
22/tcp open ssh
sshv1: Server Supports SSHv1
ssh-keyhost: 1024 ea:7e:77:b7:a1:78:18:70:6c:46:ee:a0:dd:08:0e:74 (RSA1)
1024
ba:d0:8a:44:16:fc:7c:7a:38:24:2e:72:06:fe:99:56 (DSA)
1024
Hi all!
I was scanning my servers with nmap, ( i have installed ssh), and the
result gave me this:
22/tcp open ssh
sshv1: Server Supports SSHv1
Yes. Turn off sshv1 in the configuration file.
mark
___
CentOS mailing list
On 01/22/2010 06:37 PM, m.r...@5-cent.us wrote:
Hi all!
I was scanning my servers with nmap, ( i have installed ssh), and the
result gave me this:
22/tcp open ssh
sshv1: Server Supports SSHv1
Yes. Turn off sshv1 in the configuration file.
mark
Joshua Bahnsen wrote:
That's really my question. Is there any particular reason why not all
Red Hat advisories (RHEA, RHBA and RHSA) have a CentOS counterpart? Is
this due to time constraints, demand, or some other legal reason?
Ah.
Historical Reasons, probably. All RHSAs should be there,
On 06/17/2009 09:56 AM, Ralph Angenendt wrote:
Historical Reasons, probably. All RHSAs should be there, RHBAs just
haven't been announced for 4 - there's no other appalling reason I could
think of at the moment :)
with the new process's going in - that should change.
I'm not sure about
The tricky situation is also for the updates when a new iso set is
released, eg 5.2 - 5.3, upstream tend to publish a report for each
package that is out there, we havent done that 'traditionally'. Given
time and resources, I am sure we can revisit that, if anyone is really
interested.
To: centos@centos.org
Subject: Re: [CentOS] CentOS security advisories
On 06/17/2009 09:56 AM, Ralph Angenendt wrote:
Historical Reasons, probably. All RHSAs should be there, RHBAs just
haven't been announced for 4 - there's no other appalling reason I could
think of at the moment
Joshua Bahnsen wrote:
I believe that's where I am seeing the biggest discrepancy. Has there been
any discussion to put the advisory data in an updateinfo.xml form for use
with the yum-security plugin?
yes, its come up a few times, there has been some work done on it as
well, however there
What exactly do you mean by breaching the rhn aup's?
Joshua Bahnsen
-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of
Karanbir Singh
Sent: Wednesday, June 17, 2009 3:59 PM
To: CentOS mailing list
Subject: Re: [CentOS] CentOS security
mailing list
Subject: Re: [CentOS] CentOS security advisories
What exactly do you mean by breaching the rhn aup's?
Joshua Bahnsen
-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of
Karanbir Singh
Sent: Wednesday, June 17, 2009 3:59 PM
To: CentOS
list
Subject: Re: [CentOS] CentOS security advisories
What I mean is, is there a specific Red Hat web page that defines what is
acceptable and what is not?
Joshua Bahnsen
-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of
Joshua Bahnsen
Sent
On Wed, 17 Jun 2009, Joshua Bahnsen wrote:
I assume you mean this?
http://www.redhat.com/legal/legal_statement.html
That is an assumption you make, all right --- that page does
not state it is exhaustive, however ...
What I mean is, is there a specific Red Hat web page that
defines what
-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
Behalf Of R P Herrold
Sent: Wednesday, June 17, 2009 5:37 PM
To: CentOS mailing list
Subject: [CentOS] CentOS security advisories
On Wed, 17 Jun 2009, Joshua Bahnsen wrote:
I assume you
On Wed, 17 Jun 2009, Joshua Bahnsen wrote:
I don't want to cause any trouble here, but what does this
have to do with generating advisory information that is
provided by the vendor?
... if you won't acknowledge the landmines, you get blown
up, eventually, I hear
I believe this
Joshua Bahnsen wrote:
I have been looking at the security advisories provided here:
http://lists.centos.org/pipermail/centos-announce/
It appears that there is not a 1:1 correlation between advisories
listed here and advisories listed by Red Hat:
https://rhn.redhat.com/errata
Is
Lumension | 15880 N. Greenway-Hayden Loop Suite 100 | Scottsdale, AZ 85260
-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of
Ralph Angenendt
Sent: Tuesday, June 16, 2009 2:28 AM
To: centos@centos.org
Subject: Re: [CentOS] CentOS
I have been looking at the security advisories provided here:
http://lists.centos.org/pipermail/centos-announce/
It appears that there is not a 1:1 correlation between advisories listed here
and advisories listed by Red Hat:
https://rhn.redhat.com/errata
Is there a specific reason for this?
53 matches
Mail list logo
