> Q3) Does this indicate that only the latest CentOS (minor) release can
> be considered "secure" or "patched"?
Yes. Security errata for previous Enterprise Linux minor releases are
a Red Hat product called Extended Update Support (EUS) [0]. CentOS
doesn't build EUS updates. CentOS point releas
Am 05.08.20 um 17:55 schrieb Johnny Hughes:
On 8/5/20 10:45 AM, cen...@niob.at wrote:
On 05/08/2020 16:49, Johnny Hughes wrote:
On 8/5/20 1:05 AM, cen...@niob.at wrote:
On 04/08/2020 23:50, Jon Pruente wrote:
On Tue, Aug 4, 2020 at 11:34 AM wrote:
Q5) If the answer to the last question is
On 05/08/2020 17:55, Johnny Hughes wrote:
Having said all this: maybe there is some deeper problem here, because
of that pattern of missing announce e-mails that correspond with
packages that differ in the final version number with respect to the
upstream package. Or is this just a coincidence?
On 8/5/20 10:45 AM, cen...@niob.at wrote:
> On 05/08/2020 16:49, Johnny Hughes wrote:
>> On 8/5/20 1:05 AM, cen...@niob.at wrote:
>>> On 04/08/2020 23:50, Jon Pruente wrote:
On Tue, Aug 4, 2020 at 11:34 AM wrote:
> Q5) If the answer to the last question is "no": shouldn't there be
>>
On 05/08/2020 16:49, Johnny Hughes wrote:
On 8/5/20 1:05 AM, cen...@niob.at wrote:
On 04/08/2020 23:50, Jon Pruente wrote:
On Tue, Aug 4, 2020 at 11:34 AM wrote:
Q5) If the answer to the last question is "no": shouldn't there be such
a resource?
CentOS doesn't publish security errata. If y
On 8/5/20 1:05 AM, cen...@niob.at wrote:
> On 04/08/2020 23:50, Jon Pruente wrote:
>> On Tue, Aug 4, 2020 at 11:34 AM wrote:
>>
>>> Q5) If the answer to the last question is "no": shouldn't there be such
>>> a resource?
>>>
>> CentOS doesn't publish security errata. If you need it then you should
On 04/08/2020 23:50, Jon Pruente wrote:
On Tue, Aug 4, 2020 at 11:34 AM wrote:
Q5) If the answer to the last question is "no": shouldn't there be such
a resource?
CentOS doesn't publish security errata. If you need it then you should
either buy RHEL, or deal with putting together your own se
On Tue, Aug 4, 2020 at 11:34 AM wrote:
> Q5) If the answer to the last question is "no": shouldn't there be such
> a resource?
>
CentOS doesn't publish security errata. If you need it then you should
either buy RHEL, or deal with putting together your own set up with
something like http://cefs.st
Dear List,
I have spent some time playing around with oscap and the RHEL OVAL feed
(https://www.redhat.com/security/data/oval/v2/RHEL8/, also check Chapter
16 of the RHEL 8 Design Guide). Because I could not find an existing
OVAL file for CentOS, I downloaded one of the RHEL8 files and managed
On 04/30/2015 03:38 AM, Venkateswara Rao Dokku wrote:
> Hi,
>
> I have php 5.4.16 php in my centos 7 machine & when I searched over
> internet I could see it is effected by some vulenrabilities. So I wanted to
> upgrade my PHP to 5.6.x, but did not find procedure for it.
>
> When I tried yum up
Hi,
I have php 5.4.16 php in my centos 7 machine & when I searched over
internet I could see it is effected by some vulenrabilities. So I wanted to
upgrade my PHP to 5.6.x, but did not find procedure for it.
When I tried yum upgrade php, it says "no packages marked for update"
Can you please giv
On 04/27/2015 04:09 AM, Venkateswara Rao Dokku wrote:
> Thanks for the replies. The tool that we used for testing the security
> vulnerability is "Nessus".
>
> I have glibc version 2.17-78.el7, I saw that CVE-2015-0235 (Ghost) is fixed
> in this version and I want to apply patch for the vulnerbail
On Mon, April 27, 2015 12:01 pm, Jonathan Billings wrote:
> On Mon, Apr 27, 2015 at 02:39:30PM +0530, Venkateswara Rao Dokku wrote:
>> Thanks for the replies. The tool that we used for testing the security
>> vulnerability is "Nessus".
>>
>> I have glibc version 2.17-78.el7, I saw that CVE-2015-02
On 04/27/2015 02:09 AM, Venkateswara Rao Dokku wrote:
Can you please help me in finding the right
version that has fixes for these?
Start by accessing Red Hat's CVE database:
https://access.redhat.com/security/cve/
If errata have been published for a CVE entry, they will be listed along
with
On Mon, Apr 27, 2015 at 02:39:30PM +0530, Venkateswara Rao Dokku wrote:
> Thanks for the replies. The tool that we used for testing the security
> vulnerability is "Nessus".
>
> I have glibc version 2.17-78.el7, I saw that CVE-2015-0235 (Ghost) is fixed
> in this version and I want to apply patch
Thanks for the replies. The tool that we used for testing the security
vulnerability is "Nessus".
I have glibc version 2.17-78.el7, I saw that CVE-2015-0235 (Ghost) is fixed
in this version and I want to apply patch for the vulnerbailities
CVE-2015-1472 & CVE-2015-1473. Can you please help me in f
John R Pierce wrote:
> On 4/24/2015 12:14 PM, Alexander Dalloz wrote:
>> Am 24.04.2015 um 11:21 schrieb Venkateswara Rao Dokku:
>>> I was using CentOS 7 and when I ran some custom commercial security
>>> scan on
>>> my machine, I found about 122 vulnerabilities.
>>
>> That's why those scans are was
On 4/24/2015 12:14 PM, Alexander Dalloz wrote:
Am 24.04.2015 um 11:21 schrieb Venkateswara Rao Dokku:
I was using CentOS 7 and when I ran some custom commercial security
scan on
my machine, I found about 122 vulnerabilities.
That's why those scans are wasted money. From a security management
Am 24.04.2015 um 11:21 schrieb Venkateswara Rao Dokku:
I was using CentOS 7 and when I ran some custom commercial security scan on
my machine, I found about 122 vulnerabilities.
That's why those scans are wasted money. From a security management
point of view they neither help you nor your man
On 04/24/2015 04:21 AM, Venkateswara Rao Dokku wrote:
> Hi,
>
> I was using CentOS 7 and when I ran some custom commercial security scan on
> my machine, I found about 122 vulnerabilities.
>
> Can you help me on how to get security upgrades on top of my existing
> CentOS?
>
> # cat /etc/redhat-r
2015-04-24 15:31 GMT+03:00 Jim Perrin :
>
>
> On 04/24/2015 04:21 AM, Venkateswara Rao Dokku wrote:
> > Hi,
> >
> > I was using CentOS 7 and when I ran some custom commercial security scan
> on
> > my machine, I found about 122 vulnerabilities.
> >
> > Can you help me on how to get security upgrad
On 04/24/2015 04:21 AM, Venkateswara Rao Dokku wrote:
> Hi,
>
> I was using CentOS 7 and when I ran some custom commercial security scan on
> my machine, I found about 122 vulnerabilities.
>
> Can you help me on how to get security upgrades on top of my existing
> CentOS?
The short answer: 'yu
2015-04-24 12:21 GMT+03:00 Venkateswara Rao Dokku :
> Hi,
>
> I was using CentOS 7 and when I ran some custom commercial security scan on
> my machine, I found about 122 vulnerabilities.
>
> Can you help me on how to get security upgrades on top of my existing
> CentOS?
>
> # cat /etc/redhat-relea
Hi,
I was using CentOS 7 and when I ran some custom commercial security scan on
my machine, I found about 122 vulnerabilities.
Can you help me on how to get security upgrades on top of my existing
CentOS?
# cat /etc/redhat-release
CentOS Linux release 7.1.1503 (Core)
Thanks for the help.
--
T
On Sun, Jun 08, 2014 at 02:18:24PM +0300, Eero Volotinen wrote:
>
> Thanks, is rss feed also available?
Not as far as I am aware.
John
--
Everything happens for a reason. And that reason is normally physics.
- Anonymous
pgpW_rt3bexKt.pgp
De
2014-06-07 13:23 GMT+03:00 John R. Dennison :
> On Sat, Jun 07, 2014 at 01:14:30PM +0300, Eero Volotinen wrote:
> > Hi,
> >
> > Is there way to subscribe centos security alerts via email?
>
> There is the centos-announce mailing list. Security announcements are
> tagged with CESA so it should be
On Sat, Jun 07, 2014 at 01:14:30PM +0300, Eero Volotinen wrote:
> Hi,
>
> Is there way to subscribe centos security alerts via email?
There is the centos-announce mailing list. Security announcements are
tagged with CESA so it should be easy to filter for your needs.
http://wiki.centos.org/Gett
Hi,
Is there way to subscribe centos security alerts via email?
like:
http://lwn.net/Alerts/CentOS/
--
Eero
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Al writes:
> Any suggestions on what to run on a centos box to verify that the
> server isn't compromised or being sniffed? Thanks!
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
This is very handy
I remember I sent weeks ago next email to other guy with same doubts:
Hello,
just if it helps, please find below these lines the steps I have used to
analyze several suspicious machines in some customers, to check if they
have been compromised or not:
* Chrootkit && rkhunter -> To search for k
On Feb 18, 2012 10:41 PM, "Al" wrote:
>
>
> On Feb 18, 2012, at 9:34 PM, Les Bell wrote:
>
> >
> > Al wrote:
> >
> >>>
> > Any suggestions on what to run on a centos box to verify that the
> > server isn't compromised or being sniffed? Thanks!
> > <<
> >
> > For "isn't compromised", you need a h
On Feb 18, 2012, at 9:34 PM, Les Bell wrote:
>
> Al wrote:
>
>>>
> Any suggestions on what to run on a centos box to verify that the
> server isn't compromised or being sniffed? Thanks!
> <<
>
> For "isn't compromised", you need a host integrity verification
> system like
> Tripwire or AIDE (
Al wrote:
>>
Any suggestions on what to run on a centos box to verify that the
server isn't compromised or being sniffed? Thanks!
<<
For "isn't compromised", you need a host integrity verification system like
Tripwire or AIDE (which is in the base repo). Expect to have to tweak the
config to c
On Feb 18, 2012, at 9:07 PM, Donkey Hottie wrote:
> 19.2.2012 3:38, Al kirjoitti:
>> Any suggestions on what to run on a centos box to verify that the
>> server isn't compromised or being sniffed? Thanks!
>
> rkhunter comes to my mind.
Thanks for the suggestion, any others?
19.2.2012 3:38, Al kirjoitti:
> Any suggestions on what to run on a centos box to verify that the
> server isn't compromised or being sniffed? Thanks!
rkhunter comes to my mind.
--
Don't hate yourself in the morning -- sleep till noon.
___
CentOS
Any suggestions on what to run on a centos box to verify that the
server isn't compromised or being sniffed? Thanks!
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
On 01/22/2010 06:37 PM, m.r...@5-cent.us wrote:
>> Hi all!
>>
>> I was scanning my servers with nmap, ( i have installed ssh), and the
>> result gave me this:
>>
>> 22/tcp open ssh
>> sshv1: Server Supports SSHv1
>
> Yes. Turn off sshv1 in the configuration file.
>
> mark
>
http://wiki.c
> Hi all!
>
> I was scanning my servers with nmap, ( i have installed ssh), and the
> result gave me this:
>
> 22/tcp open ssh
> sshv1: Server Supports SSHv1
Yes. Turn off sshv1 in the configuration file.
mark
___
CentOS mailing list
CentOS@cen
Hi all!
I was scanning my servers with nmap, ( i have installed ssh), and the result
gave me this:
22/tcp open ssh
sshv1: Server Supports SSHv1
ssh-keyhost: 1024 ea:7e:77:b7:a1:78:18:70:6c:46:ee:a0:dd:08:0e:74 (RSA1)
1024
ba:d0:8a:44:16:fc:7c:7a:38:24:2e:72:06:fe:99:56 (DSA)
1024
ff:43:15:7
On Wed, 17 Jun 2009, Joshua Bahnsen wrote:
> I don't want to cause any trouble here, but what does this
> have to do with generating advisory information that is
> provided by the vendor?
... if you won't acknowledge the landmines, you get blown
up, eventually, I hear
> I believe this fe
> -Original Message-
> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
> Behalf Of R P Herrold
> Sent: Wednesday, June 17, 2009 5:37 PM
> To: CentOS mailing list
> Subject: [CentOS] CentOS security advisories
>
> On Wed, 17 Jun 2009, Joshua
On Wed, 17 Jun 2009, Joshua Bahnsen wrote:
> I assume you mean this?
> http://www.redhat.com/legal/legal_statement.html
That is an assumption you make, all right --- that page does
not state it is exhaustive, however ...
> What I mean is, is there a specific Red Hat web page that
> defines wha
list
Subject: Re: [CentOS] CentOS security advisories
What I mean is, is there a specific Red Hat web page that defines what is
acceptable and what is not?
Joshua Bahnsen
-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of
Joshua Bahnsen
Sent
mailing list
Subject: Re: [CentOS] CentOS security advisories
What exactly do you mean by "breaching the rhn aup's"?
Joshua Bahnsen
-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of
Karanbir Singh
Sent: Wednesday, June 17,
What exactly do you mean by "breaching the rhn aup's"?
Joshua Bahnsen
-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of
Karanbir Singh
Sent: Wednesday, June 17, 2009 3:59 PM
To: CentOS mailing list
Subject: Re: [CentOS]
Joshua Bahnsen wrote:
> I believe that's where I am seeing the biggest discrepancy. Has there been
> any discussion to put the advisory data in an updateinfo.xml form for use
> with the yum-security plugin?
yes, its come up a few times, there has been some work done on it as
well, however there
To: centos@centos.org
Subject: Re: [CentOS] CentOS security advisories
On 06/17/2009 09:56 AM, Ralph Angenendt wrote:
> "Historical Reasons", probably. All RHSAs should be there, RHBAs just
> haven't been announced for 4 - there's no other appalling reason I could
> th
> The tricky situation is also for the updates when a new iso set is
> released, eg 5.2 -> 5.3, upstream tend to publish a report for each
> package that is out there, we havent done that 'traditionally'. Given
> time and resources, I am sure we can revisit that, if anyone is really
> intereste
On 06/17/2009 09:56 AM, Ralph Angenendt wrote:
> "Historical Reasons", probably. All RHSAs should be there, RHBAs just
> haven't been announced for 4 - there's no other appalling reason I could
> think of at the moment :)
with the new process's going in - that should change.
> I'm not sure about
Joshua Bahnsen wrote:
> That's really my question. Is there any particular reason why not all
> Red Hat advisories (RHEA, RHBA and RHSA) have a CentOS counterpart? Is
> this due to time constraints, demand, or some other legal reason?
Ah.
"Historical Reasons", probably. All RHSAs should be there,
n.com
Lumension | 15880 N. Greenway-Hayden Loop Suite 100 | Scottsdale, AZ 85260
-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of
Ralph Angenendt
Sent: Tuesday, June 16, 2009 2:28 AM
To: centos@centos.org
Subject: Re: [CentOS] C
Joshua Bahnsen wrote:
> I have been looking at the security advisories provided here:
>
> http://lists.centos.org/pipermail/centos-announce/
>
> It appears that there is not a 1:1 correlation between advisories
> listed here and advisories listed by Red Hat:
>
> https://rhn.redhat.com/errata
>
I have been looking at the security advisories provided here:
http://lists.centos.org/pipermail/centos-announce/
It appears that there is not a 1:1 correlation between advisories listed here
and advisories listed by Red Hat:
https://rhn.redhat.com/errata
Is there a specific reason for this? Al
53 matches
Mail list logo
