Red Hat Enterprise Linux: Updated rhs-hadoop-install packages are now available for Red Hat Storage 3 for
Red Hat Common.
Monthly Archives: March 2015
RHEA-2015:0761-1: Red Hat Storage Server 3 Hadoop plug-in enhancement update
Red Hat Enterprise Linux: Updated rhs-hadoop-install package that adds many
enhancements and fix multiple bugs are now available for Red Hat Storage 3.
RHBA-2015:0760-1: authconfig bug fix update
Red Hat Enterprise Linux: Updated authconfig packages that fix two bugs are now available for Red Hat
Enterprise Linux 6.
Google to Publish Research on Browser Ad Injectors
Google is preparing to release new research on the prevalence of ad injectors, the often-unwanted browser extensions that inject ads onto Web pages, and the numbers will show just how widespread and problematic the software is. Ad injectors belong to that great, amorphous pile of applications that aren’t necessarily classed as malware but exhibit behavior that is […]
USN-2551-1: Apache Standard Taglibs vulnerability
Ubuntu Security Notice USN-2551-1
30th March, 2015
jakarta-taglibs-standard vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
Summary
Apache Standard Taglibs loaded external XML entities.
Software description
- jakarta-taglibs-standard
– Implementation of JSP Standard Tag Library (JSTL)
Details
David Jorm discovered that the Apache Standard Taglibs incorrectly handled
external XML entities. A remote attacker could possibly use this issue to
execute arbitrary code or perform other external XML entity attacks.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
-
libjakarta-taglibs-standard-java
1.1.2-2ubuntu1.14.10.1
-
libjstl1.1-java
1.1.2-2ubuntu1.14.10.1
- Ubuntu 14.04 LTS:
-
libjakarta-taglibs-standard-java
1.1.2-2ubuntu1.14.04.1
-
libjstl1.1-java
1.1.2-2ubuntu1.14.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
Fedora 22 Security Update: libtasn1-4.4-1.fc22
Fedora 20 Security Update: libtasn1-3.8-3.fc20
Fedora 21 Security Update: libtasn1-4.4-1.fc21
Release for CentOS Linux 7 (1503 ) on x86_64
We would like to announce the general availability of CentOS Linux 7 (1503) for 64 bit x86 compatible machines. This is the second major release for CentOS-7 and is tagged as 1503. This build is derived from Red Hat Enterprise Linux 7.1 As always, read through the Release Notes at : http://wiki.centos.org/Manuals/ReleaseNotes/CentOS7 - these notes contain important information about the release and details about some of the content inside the release from the CentOS QA team. These notes are updated constantly to include issues and incorporate feedback from the users. ---------- Updates, Sources, and DebugInfos This merges in all base, updates, and CR (continuous release) components released in the month of March 2015. If you have been using the CR repos on your previous CentOS Linux 7 install, you already have all the components used to compose this new release. As with all CentOS Linux 7 components, this release was built from sources hosted at git.centos.org. In addition, SRPMs that are a byproduct of the build (and also considered critical in the code and buildsys process) are being published to match every binary RPM we release. Sources will be available from vault.centos.org in their own dedicated directories to match the corresponding binary RPMs. Since there is far less traffic to the CentOS source RPMs compared with the binary RPMs, we are not putting this content on the main mirror network. If users wish to mirror this content they can do so using the reposync command available in the yum-utils package. All CentOS source RPMs are signed with the same key used to sign their binary counterparts. Developers and end users looking at inspecting and contributing patches to the CentOS Linux distro will find the code hosted at git.centos.org far simpler to work against. Details on how to best consume those are documented along with a quick start at : http://wiki.centos.org/Sources Debuginfo packages are also being signed and pushed. Yum configs shipped in the new release file will have all the context required for debuginfo to be available on every CentOS Linux install. This release supersedes all previously released content for CentOS Linux 7, and therefore we highly encourage all users to upgrade their machines. Information on different upgrade strategies and how to handle stale content is included in the Release Notes. For the CentOS-7 build and release process we adopted a very open process. The output of the entire buildsystem is made available, as it is built, at http://buildlogs.centos.org/ - we hope to continue with that process for the life of CentOS Linux 7, and hope to attempt bringing CentOS-5 and CentOS-6 builds into the same system. ---------- Release file handling This release splits the /etc/centos-release from /etc/redhat-release to better indicate the relationship between the two distributions. There are also changes to the /etc/os-release file to incorporate changes needed by the new abrt stack. ---------- Download In order to conserve donor bandwidth, and to make it possible to get the mirror content sync'd out as soon as possible, we recommend using torrents to get your initial installer images: Details on the images are available on the mirrors at http://mirror.centos.org/centos/7/isos/x86_64/0_README.txt - that file clearly highlights the difference in the images, and when one might be more suitable than the others. The sizes, sha256 sums and torrents for the ISO files: * CentOS-7-x86_64-Minimal-1503.iso Size: 591396864 Torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-1503.torrent sha256sum: 0b8482dc7e3076749f7fd914487ec6280539d3ba1f10c5b73c94b632f987f011 * CentOS-7-x86_64-DVD-1503.iso Size: 4236247040 Torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-DVD-1503.torrent sha256sum: 1817a1689b3c646a6473c93012e06307c6b659000ccffd188a3f4d0a0b531ba9 * CentOS-7-x86_64-Everything-1503.iso Size: 7517241344 Torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-Everything-1503.torrent sha256sum: 3cef58a3a03aff3ea194e63fdc95f03548b292e6f57e4a931a8d5453a6697661 * CentOS-7-x86_64-LiveGNOME-1503.iso Size: 1124073472 Torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-LiveGNOME-1503.torrent sha256sum: 2cfc9fab2edb0be51b75ee63528b61cad79489129d2aad1713eeed1b4117ab47 * CentOS-7-x86_64-LiveKDE-1503.iso Size: 1310720000 Torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-LiveKDE-1503.torrent sha256sum: 6b2cd1c30092e9a141a458d40d0fcba74207b6c80e4f68dc7f800fbe1d7bae1b * CentOS-7-x86_64-LiveCD-1503.iso Size: 729808896 Torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-LiveCD-1503.torrent sha256sum: 96ee805573d0617ee11704e7973b55387adef13c6efdc82d50d287dba00dfaf1 * CentOS-7-x86_64-NetInstall-1503.iso Size: 377487360 Torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-NetInstall-1503.torrent sha256sum: 498bb78789ddc7973fe14358822eb1b48521bbaca91c17bd132c7f8c903d79b3 The iso files are also available for direct download from http://mirror.centos.org/centos/7/isos/x86_64 * CentOS 7 1503 Docker Container: ' docker pull centos' will now give you the 1503 container image. You can see the official CentOS Linuxcontainer tags at : https://registry.hub.docker.com/_/centos/ ---------- Special Interest Groups The CentOS Linux distribution is built, managed, and released by the CentOS Core SIG. In addition, we also have the following SIGs that are doing an amazing job expanding and building on the base Linux platform: * Cloud SIG < at > http://wiki.centos.org/SpecialInterestGroup/Cloud is working to deliver various cloud controller infrastructure including OpenStack. They have a fully functional, feature complete RDO stack now available for testing with CentOS Linux 7 at http://buildlogs.centos.org/centos/7/cloud/openstack-rdo/ * Cloud Instance SIG < at > http://wiki.centos.org/SpecialInterestGroup/CloudInstance aims to deliver VM images for use in various cloud and virtualised ecosystems including AWS (https://aws.amazon.com/marketplace/seller-profile?id=16cb8b03-256e-4dde-8f34-1b0f377efe89) and Docker ( https://registry.hub.docker.com/_/centos/ ) * Virtualization SIG < at > http://wiki.centos.org/SpecialInterestGroup/Virtualization includes upstream virtualization and hypervisor related projects including Xen http://www.xenproject.org ), oVirt ( http://www.ovirt.org/ ), and Docker ( http://docker.io ). They also work to build and release support tools around these virtualization technologies. * Storage SIG < at > http://wiki.centos.org/SpecialInterestGroup/Storage includes the Gluster Project ( http://www.gluster.org/ ), Ceph (http://ceph.com ), OpenAFS ( http://www.openafs.org ) and the SCST project ( http://scst.sourceforge.net/ ). Gluster builds for CentOS, that track upstream community code are available for testing now at http://buildlogs.centos.org/centos/7/storage/gluster/ * Software Collections SIG < at > http://wiki.centos.org/SpecialInterestGroup/SCLo is working on documenting and then delivering software collections built for newer versions of in-distro content. Their aim is to deliver a community and contributor friendly mechanism for SCL's in an easy to consume format. * Atomic SIG < at > http://wiki.centos.org/SpecialInterestGroup/Atomic is working on building, maintaining, and delivering a CentOS Atomic host ( http://projectatomic.io ). Testing and development builds including AWS EC2 instances and Vagrant boxes are now available at http://wiki.centos.org/SpecialInterestGroup/Atomic/Download In addition to these, the CentOS Artwork and CentOS Promo SIGs help with promo content and helping organise Dojos around the world. SIGs are a great way for people to come together and deliver content around a specific area into the wider CentOS ecosystem and we welcome groups to come together with low barriers to entry and plenty of resources to offer the groups. Details on the process can be found at http://wiki.centos.org/SpecialInterestGroup ---------- Dojo We try and organise Dojos in various parts of the world as a one day event, to bring together people who use CentOS and others who are keen to learn about CentOS. The day's focus is on sharing technical knowledge and success stories. It's also a great place to meet and talk about upcoming technologies and learn how others are using them on CentOS Linux. In the coming months we hope to host events in London, Bangalore,Sweden, Germany, Spain, and in many parts of the USA. If you would like to help organise a Dojo, do drop by the centos-promo list at http://lists.centos.org/mailman/listinfo/centos-promo ---------- Getting Help The CentOS ecosystem is sustained by community driven help and guidance. The best place to start for new users is at http://wiki.centos.org/GettingHelp ---------- Contributors This release was made possible due to the hard work of many people, foremost on that list are the Red Hat Engineers for producing a great distribution, without them CentOS Linux would look very different. We are also looking for people to get involved with the QA process in CentOS, if you would like to join this please introduce yourself on the centos-devel list (http://lists.centos.org/mailman/listinfo/centos-devel ). ---------- Thanks I would also like to thank our donors and sponsors for their continued support for the project. And to everyone who contributed with ideas, code, test feedback, and promoting CentOS Linux into the ecosystem. Enjoy!
Release for CentOS Linux 7 (1503 ) on x86_64
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We would like to announce the general availability of CentOS Linux 7 (1503) for 64 bit x86 compatible machines. This is the second major release for CentOS-7 and is tagged as 1503. This build is derived from Red Hat Enterprise Linux 7.1 As always, read through the Release Notes at : http://wiki.centos.org/Manuals/ReleaseNotes/CentOS7 - these notes contain important information about the release and details about some of the content inside the release from the CentOS QA team. These notes are updated constantly to include issues and incorporate feedback from the users. - ---------- Updates, Sources, and DebugInfos This merges in all base, updates, and CR (continuous release) components released in the month of March 2015. If you have been using the CR repos on your previous CentOS Linux 7 install, you already have all the components used to compose this new release. As with all CentOS Linux 7 components, this release was built from sources hosted at git.centos.org. In addition, SRPMs that are a byproduct of the build (and also considered critical in the code and buildsys process) are being published to match every binary RPM we release. Sources will be available from vault.centos.org in their own dedicated directories to match the corresponding binary RPMs. Since there is far less traffic to the CentOS source RPMs compared with the binary RPMs, we are not putting this content on the main mirror network. If users wish to mirror this content they can do so using the reposync command available in the yum-utils package. All CentOS source RPMs are signed with the same key used to sign their binary counterparts. Developers and end users looking at inspecting and contributing patches to the CentOS Linux distro will find the code hosted at git.centos.org far simpler to work against. Details on how to best consume those are documented along with a quick start at : http://wiki.centos.org/Sources Debuginfo packages are also being signed and pushed. Yum configs shipped in the new release file will have all the context required for debuginfo to be available on every CentOS Linux install. This release supersedes all previously released content for CentOS Linux 7, and therefore we highly encourage all users to upgrade their machines. Information on different upgrade strategies and how to handle stale content is included in the Release Notes. For the CentOS-7 build and release process we adopted a very open process. The output of the entire buildsystem is made available, as it is built, at http://buildlogs.centos.org/ - we hope to continue with that process for the life of CentOS Linux 7, and hope to attempt bringing CentOS-5 and CentOS-6 builds into the same system. - ---------- Release file handling This release splits the /etc/centos-release from /etc/redhat-release to better indicate the relationship between the two distributions. There are also changes to the /etc/os-release file to incorporate changes needed by the new abrt stack. - ---------- Download In order to conserve donor bandwidth, and to make it possible to get the mirror content sync'd out as soon as possible, we recommend using torrents to get your initial installer images: Details on the images are available on the mirrors at http://mirror.centos.org/centos/7/isos/x86_64/0_README.txt - that file clearly highlights the difference in the images, and when one might be more suitable than the others. The sizes, sha256 sums and torrents for the ISO files: * CentOS-7-x86_64-Minimal-1503.iso Size: 591396864 Torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-15 03.torrent sha256sum: 0b8482dc7e3076749f7fd914487ec6280539d3ba1f10c5b73c94b632f987f011 * CentOS-7-x86_64-DVD-1503.iso Size: 4236247040 Torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-DVD-1503.t orrent sha256sum: 1817a1689b3c646a6473c93012e06307c6b659000ccffd188a3f4d0a0b531ba9 * CentOS-7-x86_64-Everything-1503.iso Size: 7517241344 Torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-Everything - -1503.torrent sha256sum: 3cef58a3a03aff3ea194e63fdc95f03548b292e6f57e4a931a8d5453a6697661 * CentOS-7-x86_64-LiveGNOME-1503.iso Size: 1124073472 Torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-LiveGNOME- 1503.torrent sha256sum: 2cfc9fab2edb0be51b75ee63528b61cad79489129d2aad1713eeed1b4117ab47 * CentOS-7-x86_64-LiveKDE-1503.iso Size: 1310720000 Torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-LiveKDE-15 03.torrent sha256sum: 6b2cd1c30092e9a141a458d40d0fcba74207b6c80e4f68dc7f800fbe1d7bae1b * CentOS-7-x86_64-LiveCD-1503.iso Size: 729808896 Torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-LiveCD-150 3.torrent sha256sum: 96ee805573d0617ee11704e7973b55387adef13c6efdc82d50d287dba00dfaf1 * CentOS-7-x86_64-NetInstall-1503.iso Size: 377487360 Torrent: http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-NetInstall - -1503.torrent sha256sum: 498bb78789ddc7973fe14358822eb1b48521bbaca91c17bd132c7f8c903d79b3 The iso files are also available for direct download from http://mirror.centos.org/centos/7/isos/x86_64 * CentOS 7 1503 Docker Container: ' docker pull centos' will now give you the 1503 container image. You can see the official CentOS Linux container tags at : https://registry.hub.docker.com/_/centos/ - ---------- Special Interest Groups The CentOS Linux distribution is built, managed, and released by the CentOS Core SIG. In addition, we also have the following SIGs that are doing an amazing job expanding and building on the base Linux platform: * Cloud SIG < at > http://wiki.centos.org/SpecialInterestGroup/Cloud is working to deliver various cloud controller infrastructure including OpenStack. They have a fully functional, feature complete RDO stack now available for testing with CentOS Linux 7 at http://buildlogs.centos.org/centos/7/cloud/openstack-rdo/ * Cloud Instance SIG < at > http://wiki.centos.org/SpecialInterestGroup/CloudInstance aims to deliver VM images for use in various cloud and virtualised ecosystems including AWS ( https://aws.amazon.com/marketplace/seller-profile?id=16cb8b03-256e-4dde- 8f34-1b0f377efe89 ) and Docker ( https://registry.hub.docker.com/_/centos/ ) * Virtualization SIG < at > http://wiki.centos.org/SpecialInterestGroup/Virtualization includes upstream virtualization and hypervisor related projects including Xen ( http://www.xenproject.org ), oVirt ( http://www.ovirt.org/ ), and Docker ( http://docker.io ). They also work to build and release support tools around these virtualization technologies. * Storage SIG < at > http://wiki.centos.org/SpecialInterestGroup/Storage includes the Gluster Project ( http://www.gluster.org/ ), Ceph ( http://ceph.com ), OpenAFS ( http://www.openafs.org ) and the SCST project ( http://scst.sourceforge.net/ ). Gluster builds for CentOS, that track upstream community code are available for testing now at http://buildlogs.centos.org/centos/7/storage/gluster/ * Software Collections SIG < at > http://wiki.centos.org/SpecialInterestGroup/SCLo is working on documenting and then delivering software collections built for newer versions of in-distro content. Their aim is to deliver a community and contributor friendly mechanism for SCL's in an easy to consume format. * Atomic SIG < at > http://wiki.centos.org/SpecialInterestGroup/Atomic is working on building, maintaining, and delivering a CentOS Atomic host ( http://projectatomic.io ). Testing and development builds including AWS EC2 instances and Vagrant boxes are now available at http://wiki.centos.org/SpecialInterestGroup/Atomic/Download In addition to these, the CentOS Artwork and CentOS Promo SIGs help with promo content and helping organise Dojos around the world. SIGs are a great way for people to come together and deliver content around a specific area into the wider CentOS ecosystem and we welcome groups to come together with low barriers to entry and plenty of resources to offer the groups. Details on the process can be found at http://wiki.centos.org/SpecialInterestGroup - ---------- Dojo We try and organise Dojos in various parts of the world as a one day event, to bring together people who use CentOS and others who are keen to learn about CentOS. The day's focus is on sharing technical knowledge and success stories. It's also a great place to meet and talk about upcoming technologies and learn how others are using them on CentOS Linux. In the coming months we hope to host events in London, Bangalore, Sweden, Germany, Spain, and in many parts of the USA. If you would like to help organise a Dojo, do drop by the centos-promo list at http://lists.centos.org/mailman/listinfo/centos-promo - ---------- Getting Help The CentOS ecosystem is sustained by community driven help and guidance. The best place to start for new users is at http://wiki.centos.org/GettingHelp - ---------- Contributors This release was made possible due to the hard work of many people, foremost on that list are the Red Hat Engineers for producing a great distribution, without them CentOS Linux would look very different. We are also looking for people to get involved with the QA process in CentOS, if you would like to join this please introduce yourself on the centos-devel list ( http://lists.centos.org/mailman/listinfo/centos-devel ). - ---------- Thanks I would also like to thank our donors and sponsors for their continued support for the project. And to everyone who contributed with ideas, code, test feedback, and promoting CentOS Linux into the ecosystem. Enjoy! - -- Karanbir Singh, Project Lead, The CentOS Project +44-207-0094455 | http://www.centos.org/ | twitter.com/CentOS -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iQEcBAEBAgAGBQJVGsvBAAoJEI3Oi2Mx7xbt1xAH/0ZoWz65f/O8URzsleO4DaiD Wy8YMWaPVTlLDnik7EukYSueT1bE9ziB3DxycQJVXz8HTABdjNugN6Ouy83bCY2a 17t6F0VGY0ZRZe6Uqv8rb2xiFnFR/ssy9s921vJVcpzaSLgKl2/D5ed1aSsLaxLw CdpYcC7t/8xbkpnCtoyQ2nko0Jzj8fYPr8wCUKTgnf0BXyXYYcuNsi+J6HKzlExc KXHuvLDjXCjOVi4X7BLbn2F5N7bwBcmjYWC/hX1oAlD2uvbbNg/+mDbAu9QtWmeC RthUq5uwpA05i9MvyMU5/ODS1NpIg3f+JybPLTp9zaFU6hXmJSvOR679wZbFdUc= =Z60w -----END PGP SIGNATURE-----