Re: [CentOS-docs] Contribute to the Wiki
Hello Akemi, I want to give support to CentOs user with any kind of issue, hence please suggest me what should I do for that. And also one thing I am new here so can suggest me the workflow. Gajanan On Fri, Dec 19, 2014 at 12:43 AM, Akemi Yagi amy...@gmail.com wrote: On Wed, Dec 17, 2014 at 3:49 AM, Gajanan Kankal grkan...@gmail.com wrote: Hello, I am new here and wants to contributes and my area of expertise as follow. GajananKankal System admin, Networking, Authentication, Anaconda and shells Pune (India) Thank you, Regards, Gajanan Thank you for the offer to contribute. Do you have any particular pages in mind to start with? Akemi ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-announce] CESA-2014:2023 Moderate CentOS 7 glibc Security Update
CentOS Errata and Security Advisory 2014:2023 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-2023.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 6dd25ccaf1f9d06ca9da4f515916d2afb1a2aab9527ba5340dbe14f18cf4b86c glibc-2.17-55.el7_0.3.i686.rpm e8daa909b6c2b4b6cc5565f84b8b881524c533adbfe962a4fe077d75b5977841 glibc-2.17-55.el7_0.3.x86_64.rpm 7738dd89e4b58c59dfe9e47ea04fd3ec40e583370bdda83f6f59cd5b09c4fd87 glibc-common-2.17-55.el7_0.3.x86_64.rpm 715d929c131541e17d12845e09689e2fff7cc123cd0d5b3de0bb5532862ab213 glibc-devel-2.17-55.el7_0.3.i686.rpm 9d39f3c916237fecf8407b1d39a2b5fd5e762cd94f1d65d02996ca54ebcd0454 glibc-devel-2.17-55.el7_0.3.x86_64.rpm 916f461547801dc1b762ecf755de264f0658ef5c837a3f2ef6936c3d3bf63afd glibc-headers-2.17-55.el7_0.3.x86_64.rpm 77b9a62ca495e1cc8b58df4905bf56b54ce26f4b0b1020b1ad8dacdaf30562b8 glibc-static-2.17-55.el7_0.3.i686.rpm 773fbf04671daacd4bdb5faa04f8d33ead963e3722ae3ec8748434230518f7dc glibc-static-2.17-55.el7_0.3.x86_64.rpm 126c340881e9d1e412be815e3dd5d82f2ad8afaec3a64bea08073f4695b0d94e glibc-utils-2.17-55.el7_0.3.x86_64.rpm deb39b89130b67cfedc8aaf1c523682088ae5afd169d4dd20f04790c3849e265 nscd-2.17-55.el7_0.3.x86_64.rpm Source: ef01d54770aaadf87479258e8e16bd8d9e117dd83eb9f9dccf8190379240f39a glibc-2.17-55.el7_0.3.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2014:2024 Important CentOS 7 ntp Security Update
CentOS Errata and Security Advisory 2014:2024 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-2024.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: eb1f37503849be8074e2fe9cc96c16b8f4043f9e63d5c22770a93393f0d3fd25 ntp-4.2.6p5-19.el7.centos.x86_64.rpm 3fbe5561138599a1b6c0d1f87e63d3c50852c30854ab7ee0f9f0b1f13797b87e ntpdate-4.2.6p5-19.el7.centos.x86_64.rpm 41dcf9b65721d05b684aa126b239f318233584a9f699237886536b75affc5b4a ntp-doc-4.2.6p5-19.el7.centos.noarch.rpm 7a45a9a20e6c3c1ab4d793967efe50e82ce7ef1c6f7259596766cb41eac65f8b ntp-perl-4.2.6p5-19.el7.centos.noarch.rpm 7f5f51553c687deaa9fb148f872c285a48bf99811f9e43651c62762ba0449510 sntp-4.2.6p5-19.el7.centos.x86_64.rpm Source: 96b24731ac00a500ce36c8d15d5cefc22cfb915caebe49a3d7f23ef0b487af09 ntp-4.2.6p5-19.el7.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2014:2025 Important CentOS 5 ntp Security Update
CentOS Errata and Security Advisory 2014:2025 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-2025.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 1f950686ddfeed8a83ab5d34fe7b0005dcf3901a60b191bbe89a76e7a299035c ntp-4.2.2p1-18.el5.centos.i386.rpm x86_64: a1fe8ccc0ae9cc1e9147039c3e02cd8697750e783b0c3b7f29522ce29800b630 ntp-4.2.2p1-18.el5.centos.x86_64.rpm Source: 40a26d1615ec22494f45e082e2a0cb351fab45b67cafd7d91c4401a0310cf15d ntp-4.2.2p1-18.el5.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2014:2024 Important CentOS 6 ntp Security Update
CentOS Errata and Security Advisory 2014:2024 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-2024.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: a386cc5cd78c66c94db33898c131b317f459c79b060ce3ab7579b12e3a743ce3 ntp-4.2.6p5-2.el6.centos.i686.rpm 3e93b6653bf3b41012409bc769680971b291ad8535a0494826d8b73d0dc8ddaf ntpdate-4.2.6p5-2.el6.centos.i686.rpm ba3b3063ee0b6a7b88f4ca857ee903768344d8d2a255b13efb8ab0ae9b3886e3 ntp-doc-4.2.6p5-2.el6.centos.noarch.rpm a4d20f5db9d88a3c58a67774865be4a517037b0d4705014595c1c13ed61c9085 ntp-perl-4.2.6p5-2.el6.centos.i686.rpm x86_64: 000c102af0592fd232ec9272532b936d578c1a393fd300579b86f2787812657a ntp-4.2.6p5-2.el6.centos.x86_64.rpm 4a78c7a0ebd6597665a5a9167d9bbaf9b2715db79c3479e5aed2fe225a70e6fb ntpdate-4.2.6p5-2.el6.centos.x86_64.rpm ba3b3063ee0b6a7b88f4ca857ee903768344d8d2a255b13efb8ab0ae9b3886e3 ntp-doc-4.2.6p5-2.el6.centos.noarch.rpm 5c043bcfebf3e0fc5150ef4543a656fa8926f7cc3cc5ffc287ed6dbd73540b18 ntp-perl-4.2.6p5-2.el6.centos.x86_64.rpm Source: b7a1a28cd91d2c10e52128ffab56ff14c83edcc8d143e5980d14e792ac804a40 ntp-4.2.6p5-2.el6.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS] CentOS-announce Digest, Vol 118, Issue 12
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CESA-2014:2008 Important CentOS 5 kernel Security Update (Johnny Hughes) 2. CEBA-2014:2015 CentOS 6 cpufrequtils FASTTRACKBugFix Update (Johnny Hughes) 3. CEBA-2014:2014 CentOS 7 golang BugFix Update (Johnny Hughes) 4. CESA-2014:2010 Important CentOS 7 kernel Security Update (Johnny Hughes) 5. CEBA-2014:2018 CentOS 6 java-1.7.0-openjdk BugFix Update (Johnny Hughes) 6. CESA-2014:2021 Important CentOS 6 jasper Security Update (Johnny Hughes) 7. CESA-2014:2021 Important CentOS 7 jasper Security Update (Johnny Hughes) -- Message: 1 Date: Thu, 18 Dec 2014 13:03:54 + From: Johnny Hughes joh...@centos.org To: centos-annou...@centos.org Subject: [CentOS-announce] CESA-2014:2008 Important CentOS 5 kernel SecurityUpdate Message-ID: 20141218130354.ga21...@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2014:2008 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-2008.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 6ba562e82b41d226a94ff5bf3a1eeea2d60c47e34c5cb4a7c87f959b89e78df8 kernel-2.6.18-400.1.1.el5.i686.rpm 9c05cfd09dc56aa8e06b7bb8c596d149b2994766a02ce5881858962b15bdc84d kernel-debug-2.6.18-400.1.1.el5.i686.rpm 09cc14c2a30495bc8d8fe6d9656e1661f2cb68423f77cc016625d98cdb9ecd57 kernel-debug-devel-2.6.18-400.1.1.el5.i686.rpm c84b6b08f6a661343d899c3f047e463c558f7caa4148ae04066fccdf6ca96581 kernel-devel-2.6.18-400.1.1.el5.i686.rpm 25bdff4730524a18f666f3fccd091fd8d8de6d51e56ec1b27c23411b1b653a00 kernel-doc-2.6.18-400.1.1.el5.noarch.rpm e6ff8a06d6371c0d44aae8ec54de407cbe234316ad190d841df9f3203f655442 kernel-headers-2.6.18-400.1.1.el5.i386.rpm 23edc72733314d31fd61e0a0892073fbe4f29bae731ab5a0ed58a359ad45fc28 kernel-PAE-2.6.18-400.1.1.el5.i686.rpm f4c9e8de45147a96051357edf89b98b3ba942b5d7d08cf4a834b833cdd6aa214 kernel-PAE-devel-2.6.18-400.1.1.el5.i686.rpm 923028c0a3f24ed84758f1aea10fb2f1d3f1fc686baf463da3d48133317b6479 kernel-xen-2.6.18-400.1.1.el5.i686.rpm cacf645ea5c0be63abf933721ba877f8c9ed1b496710e65070f2129f53520257 kernel-xen-devel-2.6.18-400.1.1.el5.i686.rpm x86_64: 2f6f7228f60089bafb29dd49d0fd07b5669925f5df09721b82b7b32d2a6db27f kernel-2.6.18-400.1.1.el5.x86_64.rpm b9f2265e4a3fc43f47c2e0f005ad9b93c0201774afa6d903cbb303a4158f6d37 kernel-debug-2.6.18-400.1.1.el5.x86_64.rpm 5b53d6eb09bb9b5a4d12c8be501804479a65400fbe7eb4d8eb3bab2ca3ddb45b kernel-debug-devel-2.6.18-400.1.1.el5.x86_64.rpm 92f571237b00f39557a950b91dc16bf84873c137d7dbcdb16d984f22b470 kernel-devel-2.6.18-400.1.1.el5.x86_64.rpm 25bdff4730524a18f666f3fccd091fd8d8de6d51e56ec1b27c23411b1b653a00 kernel-doc-2.6.18-400.1.1.el5.noarch.rpm ce820b2df729875eacfedd36213e78089d35b499e87de95039a3a88f97d80b3f kernel-headers-2.6.18-400.1.1.el5.x86_64.rpm 8d1ae83a187d2ab25acd247a40eba378515579ba7026e61091c473a83acb5f07 kernel-xen-2.6.18-400.1.1.el5.x86_64.rpm 5fc23d80833f8575776d0d949d1c09d671a951c288b4b48f4c401fddfc00a225 kernel-xen-devel-2.6.18-400.1.1.el5.x86_64.rpm Source: 180a7d0379b99dd938203ef79ba3c2f3b345eee70b9fdb6d5ad6dc49bedc7a3c kernel-2.6.18-400.1.1.el5.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- Message: 2 Date: Thu, 18 Dec 2014 13:53:36 + From: Johnny Hughes joh...@centos.org To: centos-annou...@centos.org Subject: [CentOS-announce] CEBA-2014:2015 CentOS 6 cpufrequtils FASTTRACK BugFix Update Message-ID: 20141218135336.ga18...@n04.lon1.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2014:2015 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-2015.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: f34f074b540b76b0d1ac971866a940eb61d0538aa47d2d85b2776b3bb0ce1d7f cpufrequtils-007-8.el6.i686.rpm 79914ff6eb2a9e45ba38c2c0a32d05ee70f2f7f62bc90e5d079df8b27b9749b1 cpufrequtils-devel-007-8.el6.i686.rpm x86_64: f34f074b540b76b0d1ac971866a940eb61d0538aa47d2d85b2776b3bb0ce1d7f cpufrequtils-007-8.el6.i686.rpm 8238fb5f828e2d3dfe2d9f808c86ac62f55215d2f1ad550b54282dbdd5f35876 cpufrequtils-007-8.el6.x86_64.rpm
Re: [CentOS] Asymmetric encryption for very large tar file
From: Kai Schaetzl mailli...@conactive.com I would rather work on single files or tars on directory basis. Using a single big file creates a very large single point of failure. Or use an encrypted file system (of course, also a single point of failure, but probably better handling). Afio is supposed to have better error handling than tar, and other nice options like pgp. JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Asymmetric encryption for very large tar file
Hello, Thanks for all feedback I got. I am pretty sure that if I used ³openssl enc² method, it is able to handle large file over 250g size perfectly. I think openssl installed on the system is capable of doing large file support. However, when using ³openssl smime², it is not able to. Apparently it¹s smime method limitations, not the openssl. Other than smime and enc, what other methods can I use for large file support that would use the asymmetric public/private keys? - xinhuan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] WARNING: No module xenblk found for kernel
On 12/20/2014 07:02 AM, Dave Stevens wrote: $ rpm -q kernel kernel-xen kernel-2.6.18-371.11.1.el5 kernel-2.6.18-371.12.1.el5 kernel-2.6.18-398.el5 kernel-2.6.18-400.el5 kernel-2.6.18-400.1.1.el5 kernel-xen-2.6.18-371.11.1.el5 kernel-xen-2.6.18-371.12.1.el5 kernel-xen-2.6.18-398.el5 kernel-xen-2.6.18-400.el5 kernel-xen-2.6.18-400.1.1.el5 It is as I suspected, you've been installing both kernel and kernel-sen the entire time. paste the contents of /etc/grub.conf and then I can give you a proper answer about what to do. Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to configure xguest Firefox home page
This is actually an old problem with pulseaudio processes no dying properly on exit. I think if you remove the exclusive flag from /etc/security/sepermit.conf This will work in all situations. The exclussive flag is there to make sure two different users can not login at the same time. On 12/09/2014 03:53 AM, Nux! wrote: Somewhat offtopic, watch out for xguest; it can create problems. I.e. if you logout from xguest you can't log back in, you need to reboot. HTH Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: David McGuffey davidmcguf...@verizion.net To: CentOS mailing list centos@centos.org Sent: Tuesday, 9 December, 2014 02:12:23 Subject: [CentOS] How to configure xguest Firefox home page I've installed CentOS 6.6 on a workstation at a local non-profit as a kiosk machine. I used xguest. Works great, except now the customer wants the Firefox homepage to be one pointing to a particular site. Doesn't seem to be much documentation on how to make minor changes to the account. Lots of SELinux guidance, but nothing about default home page, etc. Dave ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to configure xguest Firefox home page
On 12/09/2014 02:39 PM, James B. Byrne wrote: On Mon, December 8, 2014 21:12, David McGuffey wrote: I've installed CentOS 6.6 on a workstation at a local non-profit as a kiosk machine. I used xguest. Works great, except now the customer wants the Firefox homepage to be one pointing to a particular site. Doesn't seem to be much documentation on how to make minor changes to the account. Lots of SELinux guidance, but nothing about default home page, etc. Dave See: /usr/lib/firefox/firefox.cfg Add: lockPref(browser.startup.homepage, http://www.example.com/path/); Google: FireFox Kiosk You can setup default configuration for the tmpfs account in /etc/skel. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Asymmetric encryption for very large tar file
On Wed, Dec 17, 2014 at 12:14 PM, Xinhuan Zheng xzh...@christianbook.com wrote: Hello CentOS list, I have a requirement that I need to use encryption technology to encrypt very large tar file on a daily basis. The tar file is over 250G size and those are data backup. Every night the server generated a 250G data backup and it¹s tar¹ed into one tarball file. I want to encrypt this big tarball file. So far I have tried two technologies with no success. 1) generating RSA 2048 public/private key pair via ³openssl req -x509 -nodes -newkey rsa:2048 -keyout private.pem -out public.pem² command and uses the public key to encrypt the big tar file. The encryption command I used is openssl smime -encrypt -aes256 -in backup.tar -binary -outform DEM -out backup.tar.ssl public.pem². The resulting backup.tar.ssl file is only 2G then encryption process stops there and refuse to do more. Cannot get around 2G. 2) generating GPG public/private key pair via ³gpg ‹gen-key² then encrypt with gpg -e -u backup -r backup² backup.tar². However, the gpg encryption stops at file size 50G and refuse to do more and the gpg process took over 48 hours. The server is very capable. It¹s 8 CPU Intel 2.33 GHz 16G RAM installing latest RHEL 5.11. Thought CentOS 5 is pretty much compatible in release with RHEL 5. I have searched google and found out a technique that utilizes the symmetric encryption. Then it needs to generate a symmetric key every day and uses public/private key pair to encrypt the symmetric key. However the drawback is that we don¹t know how to manage the symmetric key securely. We can¹t leave the un-encrypted symmetric key there on the server but we have to use the un-encrypted symmetric key for encryption process. Plus we¹ll need to manage the symmetric encryption key, public and private key pair 3 things securely. Has anyone had experience on managing the asymmetric encryption for very large file and what¹s the best practice for that? Thanks. - xinhuan GPG is really what you want to be using for this. OpenSSL is a general toolkit that provide a lot of good functions, but you need to cobble some things together yourself. GPG is meant to handle all of the other parts of dealing with files. I will expand on what someone else mentioned -- asymmetric encryption is not meant for, and has very poor performance for encrypting data, and also has a lot of limitations. The correct way to handle this is to create a symmetric key and use that to encrypt the data, then use asymmetric encryption to encrypt only the symmetric key. GPG takes care of this all internally, so that's what you should be using. ❧ Brian Mathis @orev ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Asymmetric encryption for very large tar file
On Fri, Dec 19, 2014 at 2:40 PM, Brian Mathis brian.mathis+cen...@betteradmin.com wrote: GPG is really what you want to be using for this. OpenSSL is a general toolkit that provide a lot of good functions, but you need to cobble some things together yourself. GPG is meant to handle all of the other parts of dealing with files. I will expand on what someone else mentioned -- asymmetric encryption is not meant for, and has very poor performance for encrypting data, and also has a lot of limitations. The correct way to handle this is to create a symmetric key and use that to encrypt the data, then use asymmetric encryption to encrypt only the symmetric key. GPG takes care of this all internally, so that's what you should be using. Will GPG use the intel aes hardware acceleration - in the version available for Centos5? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Asymmetric encryption for very large tar file
On Fri, Dec 19, 2014 at 3:48 PM, Les Mikesell lesmikes...@gmail.com wrote: On Fri, Dec 19, 2014 at 2:40 PM, Brian Mathis brian.mathis+cen...@betteradmin.com wrote: GPG is really what you want to be using for this. OpenSSL is a general toolkit that provide a lot of good functions, but you need to cobble some things together yourself. GPG is meant to handle all of the other parts of dealing with files. I will expand on what someone else mentioned -- asymmetric encryption is not meant for, and has very poor performance for encrypting data, and also has a lot of limitations. The correct way to handle this is to create a symmetric key and use that to encrypt the data, then use asymmetric encryption to encrypt only the symmetric key. GPG takes care of this all internally, so that's what you should be using. Will GPG use the intel aes hardware acceleration - in the version available for Centos5? -- Les Mikesell It doesn't appear to be available for any program running on CentOS 5. https://www.centos.org/forums/viewtopic.php?t=17713 ❧ Brian Mathis @orev ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Asymmetric encryption for very large tar file
On 12/19/2014 1:22 PM, Brian Mathis wrote: It doesn't appear to be available for any program running on CentOS 5. https://www.centos.org/forums/viewtopic.php?t=17713 that article is only talking about openssl... openssh, gpg, and others use their own crypto implementations. not centos/rhel specific, but.. Intel claims OpenSSL v1.0 has direct support, 0.9.8k+ has support via a patch. -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] NTP Vulnerability?
I just saw this: https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01 which includes this: A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process. All NTP4 releases before 4.2.8 are vulnerable. This vulnerability is resolved with NTP-stable4.2.8 on December 19, 2014. I guess no one has had time to respond yet. Wonder if I should shut down my external NTP services as a precaution? --Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTP Vulnerability?
https://access.redhat.com/security/cve/CVE-2014-9295 2014-12-20 4:42 GMT+02:00 listmail listm...@entertech.com: I just saw this: https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01 which includes this: A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process. All NTP4 releases before 4.2.8 are vulnerable. This vulnerability is resolved with NTP-stable4.2.8 on December 19, 2014. I guess no one has had time to respond yet. Wonder if I should shut down my external NTP services as a precaution? --Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTP Vulnerability?
fixed in: https://rhn.redhat.com/errata/RHSA-2014-2025.html https://rhn.redhat.com/errata/RHSA-2014-2024.html maybe it's soon in centos too.. 2014-12-20 4:42 GMT+02:00 listmail listm...@entertech.com: I just saw this: https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01 which includes this: A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process. All NTP4 releases before 4.2.8 are vulnerable. This vulnerability is resolved with NTP-stable4.2.8 on December 19, 2014. I guess no one has had time to respond yet. Wonder if I should shut down my external NTP services as a precaution? --Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTP Vulnerability?
C7 - http://lists.centos.org/pipermail/centos-announce/2014-December/020850.html C6 - http://lists.centos.org/pipermail/centos-announce/2014-December/020852.html C5 - http://lists.centos.org/pipermail/centos-announce/2014-December/020851.html On 20/12/14 14:04, Eero Volotinen wrote: fixed in: https://rhn.redhat.com/errata/RHSA-2014-2025.html https://rhn.redhat.com/errata/RHSA-2014-2024.html maybe it's soon in centos too.. 2014-12-20 4:42 GMT+02:00 listmail listm...@entertech.com: I just saw this: https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01 which includes this: A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process. All NTP4 releases before 4.2.8 are vulnerable. This vulnerability is resolved with NTP-stable4.2.8 on December 19, 2014. I guess no one has had time to respond yet. Wonder if I should shut down my external NTP services as a precaution? --Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTP Vulnerability?
On 20.12.2014 03:42, listmail wrote: I just saw this: https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01 which includes this: A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process. All NTP4 releases before 4.2.8 are vulnerable. This vulnerability is resolved with NTP-stable4.2.8 on December 19, 2014. I guess no one has had time to respond yet. Wonder if I should shut down my external NTP services as a precaution? From the description in the Red Hat advisory and this link http://www.kb.cert.org/vuls/id/852879 it seems the buffer overflow issues can only be exploitet with specific authentication settings that are not part of the default configuration or am I interpreting this wrong? Regards, Dennis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] I can't see some of my onwn e-mails ...
On 12/17/14 23:56, Keith Keller wrote: On 2014-12-18, Mark LaPierre wrote: You could also address the email to yourself on a different mail server than the one your sending it from. I send to the list on gmail and address a copy to myself on AOL. That won't help indicate whether your post made it to the list or not. You'd need to be subscribed to the list from both addresses, and not cc: yourself. But then you'd get two copies of every message, which seems wasteful to me; it seems easier just to check the web archives for the few posts most of us make. (If all you want is a copy of your mail, you don't need to go through this process.) OT: on a handful of Mailman lists, for some reason the SMTP server was slow delivering mail to my mailbox. But responses show up in the web archives pretty much right away. So for some questions I had I would bounce on the archives to see responses more quickly (it would seldom but sometimes be hours between the post hitting the archives and hitting my mailbox). --keith I'm sorry, I must have misunderstood the OP. Set your mail preferences to send an acknowledgment of your posting. That message will not get helpfully deleted. Then you will know that your posting has made it to the list and, if you followed my first suggestion, you will have a copy of your posting on your other mail account that you can move to your CentOS mail box with a rule. It's clunky as all get out but it works. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos