Re: Heads up - Anaconda 22.17 will enforce 'good' passwords
On Sat, Jan 31, 2015 at 09:21:45PM -0500, Richard Ryniker wrote: > Recapitiulation: > > A security problem was recognized because the ssh daemon is enabled by > default on Fedora systems: with a weak root password, a remote attacker > might easily obtain unlimited access. > > The direct solution would seem to be a change to the ssh daemon to > prohibit root login in its default configuration, but allow > post-installation change to sshd to permit this where it is desirable. Coming from a FreeBSD background, where that is the default, that makes more sense to me, admittedly, just one person's opinion. It's actually more likely to stop this theoretical newcomer from leaving their system open. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: Heads up - Anaconda 22.17 will enforce 'good' passwords
Recapitiulation: A security problem was recognized because the ssh daemon is enabled by default on Fedora systems: with a weak root password, a remote attacker might easily obtain unlimited access. The direct solution would seem to be a change to the ssh daemon to prohibit root login in its default configuration, but allow post-installation change to sshd to permit this where it is desirable. An indirect solution was implemented to require a strong root password during Fedora installation. This avoids the default vulnerability, but upset people (especially testers who frequently install Fedora) that consider it makes additional work necessary to configure a system the way they want it. Ultimately, this indirect solution is weak. Users are likely to supply an acceptable root password during installation, then change it to what they desire after installation. This could re-open the vulnerability, which was not understood by a casual user. -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Fedora 20 updates-testing report
The following Fedora 20 Security updates need testing: Age URL 120 https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20 73 https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20 72 https://admin.fedoraproject.org/updates/FEDORA-2014-15489/rubygem-sprockets-2.8.2-5.fc20 50 https://admin.fedoraproject.org/updates/FEDORA-2014-16494/mutt-1.5.23-4.fc20 49 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20 49 https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20 44 https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2.fc20 40 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 37 https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.fc20 35 https://admin.fedoraproject.org/updates/FEDORA-2014-17641/dokuwiki-0-0.23.20140929b.fc20 19 https://admin.fedoraproject.org/updates/FEDORA-2015-0577/strongswan-5.2.2-1.fc20 17 https://admin.fedoraproject.org/updates/FEDORA-2015-0633/chicken-4.9.0.1-3.fc20 14 https://admin.fedoraproject.org/updates/FEDORA-2015-0773/arc-5.21p-5.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.35.rc3.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2015-1007/dump-0.4-0.24.b44.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1151/rubygem-passenger-4.0.53-3.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1085/puppetlabs-stdlib-4.5.1-1.20150121git7a91f20.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1101/php-5.5.21-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1133/seamonkey-2.32-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1162/community-mysql-5.5.41-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1125/mingw-jasper-1.900.1-26.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1159/jasper-1.900.1-28.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.3-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-1176/privoxy-3.0.23-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-1191/vorbis-tools-1.4.0-13.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-1294/qpid-cpp-0.30-7.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1439/websvn-2.3.3-8.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1354/firefox-35.0.1-3.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1364/mantis-1.2.19-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1263/maradns-2.0.11-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1497/kernel-3.18.5-100.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1510/pigz-2.3.3-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 11 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.35.rc3.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-0959/redhat-rpm-config-9.1.0-55.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2015-1033/sddm-0.10.0-3.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1095/perl-Filter-1.54-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.3-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1159/jasper-1.900.1-28.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2015-1214/hwdata-0.274-2.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-1285/polkit-0.112-7.fc20.1 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1425/perl-Getopt-Long-2.43-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1434/perl-Pod-Simple-3.29-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1448/koji-1.9.0-10.fc20.gitcd45e886 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1384/cairo-1.14.0-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1423/amor-14.12.1-1.fc20,ark-14.12.1-1.fc20,audiocd-kio-14.12.1-1.fc20,blinken-14.12.1-1.fc20,cantor-14.12.1-1.fc20,dragon-14.12.1-1.fc20,filelight-14.12.1-1.fc20,jovie-14.12.1-2.fc20,juk-14.12.1-1.fc20,kaccessible-14.12.1-1.fc20,kalzium-14.12.1-1.fc20,kamera-14.12.1-1.fc20,kanagram-4.14.3-3.fc20,kbruch-14.12.1-1.fc20,kcalc-14.12.1-1.fc20,kcharselect-14.12.1-1.fc20,kcolorchooser-14.12.1-1.fc20,kcron-14.12.1-2.fc20,kdeartwork-14.12.1-1.fc20,kde-baseapps-14.12.1-1.fc20,kde-base-artwork-14.12.1-1.fc20,kdegraphics-mobipocket-14.12.1-1.fc20,kdegraphics-strigi-analyzer-14.12.1-1.fc20,kdegraphics-thumbnailers-14.12.1-1.fc20,kdelibs-4.14.4-2.fc20,kdenetwork-filesharing-14.12.1-1.fc20,kdenetwork-strigi-analyzers-14.12.1-1.fc20,kdepim-4.14.4-2.fc20,kdepimlibs-4.14.4-1.fc20,kdepim-runtime-4.14.4-1.fc20,kdeplasma-addons-4.14.3-3.fc20,kde-runtime
Fedora 21 updates-testing report
The following Fedora 21 Security updates need testing: Age URL 73 https://admin.fedoraproject.org/updates/FEDORA-2014-15342/rubygem-actionpack-4.1.5-2.fc21 72 https://admin.fedoraproject.org/updates/FEDORA-2014-15413/rubygem-sprockets-2.12.1-3.fc21 50 https://admin.fedoraproject.org/updates/FEDORA-2014-16782/mutt-1.5.23-7.fc21 49 https://admin.fedoraproject.org/updates/FEDORA-2014-16833/asterisk-11.14.2-1.fc21 44 https://admin.fedoraproject.org/updates/FEDORA-2014-17195/httpd-2.4.10-15.fc21 40 https://admin.fedoraproject.org/updates/FEDORA-2014-17139/aeskulap-0.2.2-0.20beta1.fc21,orthanc-0.8.5-2.fc21,dcmtk-3.6.1-1.fc21 37 https://admin.fedoraproject.org/updates/FEDORA-2014-17567/mapserver-6.2.2-1.fc21 35 https://admin.fedoraproject.org/updates/FEDORA-2014-17635/dokuwiki-0-0.23.20140929b.fc21 24 https://admin.fedoraproject.org/updates/FEDORA-2015-0264/gcab-0.4-7.fc21 19 https://admin.fedoraproject.org/updates/FEDORA-2015-0594/strongswan-5.2.2-1.fc21 17 https://admin.fedoraproject.org/updates/FEDORA-2015-0620/chicken-4.9.0.1-3.fc21 14 https://admin.fedoraproject.org/updates/FEDORA-2015-0754/arc-5.21p-5.fc21 11 https://admin.fedoraproject.org/updates/FEDORA-2015-0938/android-tools-20141219git8393e50-2.fc21 10 https://admin.fedoraproject.org/updates/FEDORA-2015-1023/dump-0.4-0.24.b44.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1066/seamonkey-2.32-1.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1058/php-5.6.5-1.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1068/mingw-jasper-1.900.1-26.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1062/jasper-1.900.1-30.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1129/qpid-cpp-0.30-7.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1161/puppetlabs-stdlib-4.5.1-1.20150121git7a91f20.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2015-1225/privoxy-3.0.23-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1419/mantis-1.2.19-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1467/openstack-glance-2014.1.3-4.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1465/websvn-2.3.3-8.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1198/maradns-2.0.11-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1488/pigz-2.3.3-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1505/kernel-3.18.5-200.fc21 The following Fedora 21 Critical Path updates have yet to be approved: Age URL 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1091/perl-Filter-1.54-1.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1079/perl-Encode-2.68-1.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1087/network-manager-applet-0.9.10.1-2.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1152/imlib2-1.4.6-3.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-1062/jasper-1.900.1-30.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2015-1254/rygel-0.24.3-1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-1297/polkit-0.112-7.fc21.1 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1456/perl-Getopt-Long-2.43-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1454/perl-Pod-Simple-3.29-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1436/koji-1.9.0-10.fc21.gitcd45e886 1 https://admin.fedoraproject.org/updates/FEDORA-2015-1407/cairo-1.14.0-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1488/pigz-2.3.3-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1507/nspr-4.10.8-1.fc21,nss-util-3.17.4-1.fc21,nss-softokn-3.17.4-1.fc21,nss-3.17.4-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1504/lvm2-2.02.116-3.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1480/libgpg-error-1.17-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-1509/selinux-policy-3.13.1-105.1.fc21 The following builds have been pushed to Fedora 21 updates-testing biblesync-1.1.2-1.fc21 coin-or-Ipopt-3.12.0-1.fc21 dovecot-2.2.15-2.fc21 doxygen-1.8.9.1-1.fc21 freeradius-client-1.1.7-3.fc21 gap-pkg-atlasrep-1.5.0-2.fc21 gap-pkg-browse-1.8.6-2.fc21 gap-pkg-ctbllib-1.2.2-3.fc21 gap-pkg-io-4.4.4-1.fc21 gap-pkg-sonata-2.6-4.fc21 gap-pkg-spinsym-1.5-1.fc21 gap-pkg-tomlib-1.2.5-3.fc21 glite-px-proxyrenewal-1.3.36-2.fc21 iotop-0.6-5.fc21 isdn4k-utils-3.2-99.fc21 kernel-3.18.5-200.fc21 libgpg-error-1.17-2.fc21 lvm2-2.02.116-3.fc21 maradns-2.0.11-1.fc21 mingw-gnutls-3.3.12-1.fc21 nodejs-dependency-lister-1.0.2-1.fc21 nodejs-read-all-stream-1.0.2-1.fc21 nspr-4.10.8-1.fc21 nss-3.17.4-1.fc21 nss-softokn-3.17.4-1.fc21 nss-util-3.17.4-1.fc21 oath-toolkit-2.4.1-9.fc21 pcsc-tools-1.4.23-1.fc21 php-aw
rawhide report: 20150131 changes
Compose started at Sat Jan 31 05:15:07 UTC 2015 Broken deps for i386 -- [Sprog] Sprog-0.14-27.fc20.noarch requires perl(:MODULE_COMPAT_5.18.0) [aeskulap] aeskulap-0.2.2-0.19beta1.fc22.i686 requires libofstd.so.3.6 aeskulap-0.2.2-0.19beta1.fc22.i686 requires liboflog.so.3.6 aeskulap-0.2.2-0.19beta1.fc22.i686 requires libijg8.so.3.6 aeskulap-0.2.2-0.19beta1.fc22.i686 requires libijg16.so.3.6 aeskulap-0.2.2-0.19beta1.fc22.i686 requires libijg12.so.3.6 aeskulap-0.2.2-0.19beta1.fc22.i686 requires libdcmnet.so.3.6 aeskulap-0.2.2-0.19beta1.fc22.i686 requires libdcmjpeg.so.3.6 aeskulap-0.2.2-0.19beta1.fc22.i686 requires libdcmimgle.so.3.6 aeskulap-0.2.2-0.19beta1.fc22.i686 requires libdcmimage.so.3.6 aeskulap-0.2.2-0.19beta1.fc22.i686 requires libdcmdata.so.3.6 [barman] barman-1.3.3-4.fc22.noarch requires python-dateutil < 0:2.0 [boswars] boswars-2.7-5.fc22.i686 requires libtolua++-5.1.so [bro] broccoli-2.3-1.fc22.i686 requires bro-2.3 python-broccoli-2.3-1.fc22.i686 requires bro-2.3 [cab] cab-0.1.9-12.fc22.i686 requires cabal-dev [dnssec-check] dnssec-check-1.14.0.1-4.fc20.i686 requires libval-threads.so.14 dnssec-check-1.14.0.1-4.fc20.i686 requires libsres.so.14 [fawkes] fawkes-lua-0.5.0-19.fc22.i686 requires libtolua++-5.1.so fawkes-plugin-katana-0.5.0-19.fc22.i686 requires libtolua++-5.1.so fawkes-plugin-pantilt-0.5.0-19.fc22.i686 requires libtolua++-5.1.so fawkes-plugin-roomba-0.5.0-19.fc22.i686 requires libtolua++-5.1.so fawkes-plugin-skiller-0.5.0-19.fc22.i686 requires libtolua++-5.1.so [gcc-python-plugin] gcc-python2-debug-plugin-0.13-2.fc22.i686 requires gcc = 0:4.9.2-1.fc22 gcc-python2-plugin-0.13-2.fc22.i686 requires gcc = 0:4.9.2-1.fc22 gcc-python3-debug-plugin-0.13-2.fc22.i686 requires gcc = 0:4.9.2-1.fc22 gcc-python3-plugin-0.13-2.fc22.i686 requires gcc = 0:4.9.2-1.fc22 [gitg] gitg-3.14.1-1.fc22.i686 requires libgit2.so.21 gitg-libs-3.14.1-1.fc22.i686 requires libgit2.so.21 [libhocr] libhocr-gtk-0.10.17-18.fc22.i686 requires python-imaging-sane [nifti2dicom] nifti2dicom-0.4.9-1.fc22.i686 requires libitksys-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libitkopenjpeg-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libitkdouble-conversion-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libitkNetlibSlatec-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libhdf5_hl.so.8 nifti2dicom-0.4.9-1.fc22.i686 requires libhdf5_cpp.so.8 nifti2dicom-0.4.9-1.fc22.i686 requires libhdf5.so.8 nifti2dicom-0.4.9-1.fc22.i686 requires libITKznz-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKniftiio-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKgiftiio-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKWatersheds-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKVtkGlue-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKVideoIO-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKVideoCore-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKVTK-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKVNLInstantiation-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKStatistics-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKSpatialObjects-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKReview-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKQuadEdgeMesh-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKPolynomials-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKPath-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKOptimizersv4-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKOptimizers-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKNrrdIO-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKMetaIO-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKMesh-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKLabelMap-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKKLMRegionGrowing-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKIOXML-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKIOVTK-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKIOTransformMatlab-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKIOTransformInsightLegacy-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKIOTransformHDF5-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKIOTransformBase-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKIOTIFF-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires libITKIOStimulate-4.6.so.1 nifti2dicom-0.4.9-1.fc22.i686 requires l