Monthly Archives: June 2015

Redhat

RHSA-2015:1066-2: Important: php54 security and bug fix update

Red Hat Enterprise Linux: Updated php54 collection packages that fix multiple security issues and
several bugs are now available as part of Red Hat Software Collections 2.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

[Updated 5 June 2015]
This advisory has been updated to list previously unlisted security issues
corrected in this update, including CVE-2015-3330 that has been rated as
having Important security impact. Consequently, the overall impact of this
advisory has been changed to Important. No changes have been made to the
packages.
CVE-2014-8142, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-1351, CVE-2015-2301, CVE-2015-2305, CVE-2015-2348, CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-4147, CVE-2015-4148

Security

Red Hat Security Advisory 2015-1072-01

Red Hat Security Advisory 2015-1072-01 – OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. Note: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits.

Security

Debian Security Advisory 3278-1

Debian Linux Security Advisory 3278-1 – An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module mod_jk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them.

CentOS

CentOS-7 (1503) beta candidate for i686 platforms

The CentOS Project is pleased to announce the public beta release of
CentOS Linux 7 (1503) for i686 compatible hardware.

Known issues:

============

1.  The GNOME desktop logout and exit functions do not work as long as
exit confirmation is set, see CentOS Bug:

http://bugs.centos.org/view.php?id=8834

2.  If installing on a QEMU (kvm) i386 VM, you must modify the VM cpu to
use "copy host cpu", see CentOS Bug:

http://bugs.centos.org/view.php?id=8748

3.  If using the LiveGnome install media,  the rescue kernel is set as
default booting kernel, see CentOS Bug:

http://bugs.centos.org/view.php?id=8846

Installation
============

Install media is available here:
http://buildlogs.centos.org/centos/7/isos/i386/

The boot iso for network installs is also available here:
http://buildlogs.centos.org/centos/7/os/i386/images/


Please report any bugs at http://bugs.centos.org/ and please specify the
i386 (or i686) architecture in the bug report.

--
Johnny Hughes
The CentOS Project | http://www.centos.org
CentOS

Release 1505 of CentOS Linux 7 Rolling ISO BasedMedia

The CentOS Project is pleased to announce general availability of the
1505 rolling build iso install based media for CentOS Linux 7.

The rolling builds are a point in time snapshot of a given CentOS
version including all updates on mirror.centos.org.  This includes all
all security, bugfix, enhancement and general updates for CentOS Linux,
in this case they include updates up to and including May 28th, 2015.

Machines installed from this media will have all these updates
pre-included and will look no different when compared with machines
installed with older media that have been yum updated to the same point
in time. All rpm/yum repositories remain on mirror.centos.org with no
changes in either layout or content.

The following ISOs are available here:

http://buildlogs.centos.org/rolling/7/isos/x86_64/

File: CentOS-7-x86_64-DVD-1505-01.iso
Sha256sum:
70c510b8ae7e742ef12e9378ef49a919361e4f891f8f4ad92b03209f2cbb3638

File: CentOS-7-x86_64-Everything-1505-01.iso
Sha256sum:
1b117390a908467723f166ee22aa300bd4b55c57f05bc37eb58fb6bf3331295e

File: CentOS-7-x86_64-LiveCD-1505-01.iso
Sha256sum:
2310f7d28ed10a9a19d3690378a6f523c666a5ad3bfd428cc2a1f6b7438cc560

File: CentOS-7-x86_64-LiveGNOME-1505-01.iso
Sha256sum:
76a9c62c363cd90d0c8235400498829dfad9fc9bbae85916b26d2346300b649f

File: CentOS-7-x86_64-LiveKDE-1505-01.iso
Sha256sum:
b48e8d2798767674f9993929d6899ca8f2f0cb0f420251e5184b3cd047403399

File: CentOS-7-x86_64-Minimal-1505-01.iso
Sha256sum:
d9d394dcfa40a73cf0cfad9ebc70b54fcdd29861694791a5b678c57368087306

Symlinks are provided that will always map to the latest released
builds, as follows ( including their current mapping )
http://buildlogs.centos.org/rolling/7/isos/x86_64/CentOS-7-x86_64-DVD.iso
- -> CentOS-7-x86_64-DVD-1505-01.iso
http://buildlogs.centos.org/rolling/7/isos/x86_64/CentOS-7-x86_64-Everything.iso
- -> CentOS-7-x86_64-Everything-1505-01.iso
http://buildlogs.centos.org/rolling/7/isos/x86_64/CentOS-7-x86_64-Minimal.iso
- -> CentOS-7-x86_64-Minimal-1505-01.iso

These symlinks will be updated to point at the latest tested and
released media and make for a good target in automation that requires
CentOS Linux media.

- ----------
For more information and comments please join us on the centos-devel
mailing list ( http://lists.centos.org/ )

Enjoy!

- -- 
Johnny Hughes
The CentOS Project