-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
As most of you already know, there is an important SSLv3 vulnerability
(CVE-2014-3566 - see https://access.redhat.com/articles/1232123) ,
known as Poodle.
While it's easy to disable SSLv3 in the allowed Protocols at the
server level (for example SSLProtocol All -SSLv2 -SSLv3 for apache),
some clients are still defaulting to SSLv3, and Koji does that.
We currently have disabled SSLv3 on our cbs.centos.org koji instance,
so if you're a cbs/koji user, please adapt your local koji package
(local fix !)
At the moment, there is no available upstream package, but the
following patch has been tested by Fedora people too (and credits go
to
https://lists.fedoraproject.org/pipermail/infrastructure/2014-October/014976.html)
=====================================================
- --- SSLCommon.py.orig2014-10-15 11:42:54.747082029 +0200
+++ SSLCommon.py2014-10-15 11:44:08.215257590 +0200
< at >< at > -37,7 +37,8 < at >< at >
if f and not os.access(f, os.R_OK):
raise StandardError, "%s does not exist or is not
readable" % f
- - ctx = SSL.Context(SSL.SSLv3_METHOD) # SSLv3 only
+ #ctx = SSL.Context(SSL.SSLv3_METHOD) # SSLv3 only
+ ctx = SSL.Context(SSL.TLSv1_METHOD) # TLSv1 only
ctx.use_certificate_file(key_and_cert)
ctx.use_privatekey_file(key_and_cert)
ctx.load_client_ca(ca_cert)
< at >< at > -45,7 +46,8 < at >< at >
verify = SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT
ctx.set_verify(verify, our_verify)
ctx.set_verify_depth(10)
- - ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_TLSv1)
+ #ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_TLSv1)
+ ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_TLSv1 | SSL.OP_NO_SSLv3)
return ctx
=====================================================
We'll keep you informed about possible upstream koji packages that
would default to at least TLSv1
If you encounter a problem, feel free to drop into #centos-devel
channel on irc.freenode.net and have a chat with us
on behalf of the Infra team,
- --
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: < at >arrfab
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlQ+TUUACgkQnVkHo1a+xU4JyQCfefp2h7yRdmljBqRc+M76jPTf
z7wAn3dOkaNPNfEnV0pxWDFX7BDDqKuY
=lxsg
-----END PGP SIGNATURE-----
Category Archives: CentOS
CentOS
CESA-2014:1397 Important CentOS 7 rsyslogSecurity Update
CentOS Errata and Security Advisory 2014:1397 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1397.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 948575ad1feeb02cbe239668584e1b84268e3bec81215d02d5d06cea0b8f533c rsyslog-7.4.7-7.el7_0.x86_64.rpm c7e99647faec3af85a3d174a7aeac248a1d8d2c80410b6676049fe221188265a rsyslog-crypto-7.4.7-7.el7_0.x86_64.rpm 66be2ec9a2b8d0fa79960c38866ef7562ac59cde6717853eac0e140e320ffba0 rsyslog-doc-7.4.7-7.el7_0.x86_64.rpm 9a74dfc032f6946fa9bca1a8c7af4188c2a937ce04831ace8bb12bf84bd9e32c rsyslog-elasticsearch-7.4.7-7.el7_0.x86_64.rpm 805fb5b2aebd9a88028e496d49695918b8f4b5dc6d07b23babb4619b1c09a8b0 rsyslog-gnutls-7.4.7-7.el7_0.x86_64.rpm ef6c468d97fd791b0313a0755f8403355c5437b89aacf2a23c3e8e71d64883e8 rsyslog-gssapi-7.4.7-7.el7_0.x86_64.rpm 3ea324bf1b7274030b08eaf298345e31f462879ee2379756a32f13f505a59c97 rsyslog-libdbi-7.4.7-7.el7_0.x86_64.rpm 45ddb5e5d772077101b12edaea5282a6d17bdfb2b2bfd62c2f404fcf0782cdcd rsyslog-mmaudit-7.4.7-7.el7_0.x86_64.rpm 207a69be5ab3237c5fe6eba4811b6cadf6d7cd3a91af02cac1f2153c66257c9c rsyslog-mmjsonparse-7.4.7-7.el7_0.x86_64.rpm dfcff07a291887e0666402cf33a76399270dcb8f9ea1fbbf752951425207ff20 rsyslog-mmnormalize-7.4.7-7.el7_0.x86_64.rpm eedb2881ec82be8560681310fc6a7d67b6bbd6556bf45bf3a58b53b38c681f77 rsyslog-mmsnmptrapd-7.4.7-7.el7_0.x86_64.rpm 6fabf1ceff6963dfc1fd0f9f379c25e33ca913776270e9cd067414ca92470738 rsyslog-mysql-7.4.7-7.el7_0.x86_64.rpm d1e5dceec4084daa457a39cd2e60526ae5be249b695344a21be7ed8dea0add65 rsyslog-pgsql-7.4.7-7.el7_0.x86_64.rpm 5732b9cd681a759410d93815d77c42f039bb087907be8164055a7d5680039966 rsyslog-relp-7.4.7-7.el7_0.x86_64.rpm 57411118ac2fa283b397c3be55d7f21a222292656f14d656271ceaeaee494d28 rsyslog-snmp-7.4.7-7.el7_0.x86_64.rpm 771e03bb4a37817aa4e417f47a689b0712c115b4263d7df1079dee3376080028 rsyslog-udpspoof-7.4.7-7.el7_0.x86_64.rpm Source: 250ed2cfdecd54d606fe2a8c9139c7e0f634bf4a6d3fc2f32b1a198191fe5573 rsyslog-7.4.7-7.el7_0.src.rpm
CEEA-2014:1393 CentOS 6 be2iscsi EnhancementUpdate
CentOS Errata and Enhancement Advisory 2014:1393 Upstream details at : https://rhn.redhat.com/errata/RHEA-2014-1393.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: d0d7eaa262746e1760fd3d533b9fa82684ef87bb344b38422946f6b1b81c69c1 kmod-be2iscsi-10.2.273.0r-1.el6_5.i686.rpm x86_64: c066e98a14fc3db9b8237d19d3ffef9a62bcb8e063d6f996b166040f2a047bd2 kmod-be2iscsi-10.2.273.0r-1.el6_5.x86_64.rpm Source: 6d708190df4651c157dd173748290b83bb624071c37e0602540e04a72696d085 be2iscsi-10.2.273.0r-1.el6_5.src.rpm
CEBA-2014:1395 CentOS 6 ksh BugFix Update
CentOS Errata and Bugfix Advisory 2014:1395 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1395.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 1387ed663fe471b6b1b4c7ace450886b76d8513ca399fa407f91125cf5b6c765 ksh-20120801-10.el6_5.12.i686.rpm x86_64: 1376e7817bab4dd5b14a4bd2ec56e973d05fbc6367350ceb110a5e39163a7be9 ksh-20120801-10.el6_5.12.x86_64.rpm Source: 7c1fe6ed97a97af63f4810947c747fd9ec6017ba9dcd7104b6d0c9fe007833fc ksh-20120801-10.el6_5.12.src.rpm
CESA-2014:1255 Moderate CentOS 5 krb5 SecurityUpdate
CentOS Errata and Security Advisory 2014:1255 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1255.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: bdedf72c20131241fe22c3377a2687514bc15a1b0c8cfa0b2437d5c95ddca9f7 krb5-devel-1.6.1-80.el5_11.i386.rpm 9fffda97beadefb7c10e1db2aaf1d78e6d868a1b8fc72b2b0d985deb4b1eb0f3 krb5-libs-1.6.1-80.el5_11.i386.rpm 33edfc1b5fec4efceffc6d31eb5b049c9f325ea2e2ec5899bf72bdae8b528e32 krb5-server-1.6.1-80.el5_11.i386.rpm 92d20a98d3f3f7688b960edc2fbaec43991761dbebbd7e7a2c52ba79ba2f8a49 krb5-server-ldap-1.6.1-80.el5_11.i386.rpm b43c346face17ce142faf5be78ec3af611a9a946321720e24ef5e6b8b6d40683 krb5-workstation-1.6.1-80.el5_11.i386.rpm x86_64: bdedf72c20131241fe22c3377a2687514bc15a1b0c8cfa0b2437d5c95ddca9f7 krb5-devel-1.6.1-80.el5_11.i386.rpm 8299528ca4f6fb42a2d0eb2cf0e40d31c090af54344bc61c731bd123d0ff58d2 krb5-devel-1.6.1-80.el5_11.x86_64.rpm 9fffda97beadefb7c10e1db2aaf1d78e6d868a1b8fc72b2b0d985deb4b1eb0f3 krb5-libs-1.6.1-80.el5_11.i386.rpm fc2d06194339c7a5e1f860a4054ac4e1c18ea224464357c76a5265c5bf3af1e4 krb5-libs-1.6.1-80.el5_11.x86_64.rpm e89f87c8ad03fcdf36373d4f7bb1162abc7c551b9ed1de95721042ac2dc6dc39 krb5-server-1.6.1-80.el5_11.x86_64.rpm a868a052676af36fde1b3523696977459d012cfabe1cd5458b3b49fc7de668bd krb5-server-ldap-1.6.1-80.el5_11.x86_64.rpm 7126bc94f693ccdda6da0242d67ce2850492187155a921c3fe9892e40136f017 krb5-workstation-1.6.1-80.el5_11.x86_64.rpm Source: 1804a362842e1d343d6ec9805831cd475eee88236087d5078c2b8f85477a5f8b krb5-1.6.1-80.el5_11.src.rpm
Infra – CentOS Wiki instance migration
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We have to do some hardware/software maintenance on the machine actually hosting the Wiki service (http://wiki.centos.org). Instead of just taking the wiki instance down during that maintenance, we've decided to relocate it to a temporary host, proceed to maintenance, and then migrate it back to the previous node. Migration is scheduled for Friday October 10th, 11:00 am UTC time. You can convert to local time with $(date -d '2014-10-10 11:00 UTC') Migration will happen in several steps: 1 - we "freeze" the wiki on the actual node, transfer data, update the A record, restore the service on the temporary node (disruption ~ 30min) 2 - we proceed to the needed maintenance on first node (no disruption in service, but no estimated time) 3 - depending on time needed for step [2], and assuming we have no hardware issue, we proceed like step [1], but in reverse (so disruption ~30 minutes again) Thanks for your comprehending and patience. on behalf of the Infra team, - -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: < at >arrfab -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlQ2g0kACgkQnVkHo1a+xU4flACfc1IjPeHelBntwt4eNTd6SBvM wXAAnAqtOg4Ko4nqd0QVUfX7ZcQevD5K =v15z -----END PGP SIGNATURE-----
CEBA-2014:1368 CentOS 5 at BugFix Update
CentOS Errata and Bugfix Advisory 2014:1368 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1368.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 380ebf4be76ba9eded6f619366711e01537d705dacca24f7c5592a985bb8d6c2 at-3.1.8-84.el5_11.1.i386.rpm x86_64: ba03ad178a7e969747230ed905e4cdb79c4e67202ffbadc4a21fde7438747f98 at-3.1.8-84.el5_11.1.x86_64.rpm Source: fa016225f2927a0b81fe40dccc7511de0ad20b12f3a23a5a579f3da3d0c0101f at-3.1.8-84.el5_11.1.src.rpm
CEBA-2014:1363 CentOS 7 at BugFix Update
CentOS Errata and Bugfix Advisory 2014:1363 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1363.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 9dd4644ca7404cf3dddad613977b02ee4bca3f003dffda38bd97573b496effd3 at-3.1.13-17.el7_0.1.x86_64.rpm 711dac18746220c0ba7c8636587734a8686e4ff1703219ef0e82df01fadf4ac2 at-sysvinit-3.1.13-17.el7_0.1.x86_64.rpm Source: c25678308970744e2bd12c5429ae263d2ee6af1b3ea158f6a3d9c65e74cb2d92 at-3.1.13-17.el7_0.1.src.rpm
CEBA-2014:1362 CentOS 6 at BugFix Update
CentOS Errata and Bugfix Advisory 2014:1362 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1362.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 69ae958a1041c898d7f3ae4127f214ec542db0449626d420b911df9f30193e4f at-3.1.10-44.el6_5.2.i686.rpm x86_64: 7a409d370df858e752e940f8ce430717322e9e10f9d5e11afdd88b597b0f58bd at-3.1.10-44.el6_5.2.x86_64.rpm Source: fa069ec81e4a29c45e19b0f3398b2e65632e90c138da3cf7d313a3b0102f5476 at-3.1.10-44.el6_5.2.src.rpm
CEBA-2014:1360 CentOS 7 systemtap BugFix Update
CentOS Errata and Bugfix Advisory 2014:1360 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1360.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 752157afa4eaf26f375d0770eae0e64459a5ee65099ffd6637dd8f7a0fe0f314 systemtap-2.4-16.el7_0.x86_64.rpm 32ce393a347a22f77ab9f4104b3563d28b14410024fade48f8bad3cf742d3cbb systemtap-client-2.4-16.el7_0.x86_64.rpm 94bb463a14126080683814c00190fa58d3b97923d2c395e7b2bd17058f8d01ae systemtap-devel-2.4-16.el7_0.x86_64.rpm 64a63341f56beb92b2ff6955ad83b7b1e2d4cb13cc2f50fb5d41f09c1330390b systemtap-initscript-2.4-16.el7_0.x86_64.rpm f02d27d862fd7ccfd96f2072ca040bb2b53c9c6a2100877b62fbc464b430cca9 systemtap-runtime-2.4-16.el7_0.x86_64.rpm 692dc87534413f72404a1ada020c9bdc5871fc6f16a0c3a1b9c73be6ed307b9e systemtap-runtime-java-2.4-16.el7_0.x86_64.rpm 3974c52c4a7afdf927671bc6c2b48f68e1516ab9ceb736d476613adfa9416b9f systemtap-runtime-virtguest-2.4-16.el7_0.x86_64.rpm d265dd81b67777a388167491163eda8b8221b0db43209f9d2d8c308648a9594d systemtap-runtime-virthost-2.4-16.el7_0.x86_64.rpm 385003dcd54c036979dd21582972b7505b6cb96b1bf6dd04f8b96eb76bf59492 systemtap-sdt-devel-2.4-16.el7_0.i686.rpm 44e0cc71c7c51cdae03cc62266aa9c0d3416d8fc5dc8597672e19b0b6284f336 systemtap-sdt-devel-2.4-16.el7_0.x86_64.rpm 846266d46bc5905daa68acbcfc35371a1c57574592abcd37ad74ac59de17b23d systemtap-server-2.4-16.el7_0.x86_64.rpm 80b78c7c075ca8ed1624704fc418a2e316eb03283a6b3300aed3df160917b1ec systemtap-testsuite-2.4-16.el7_0.x86_64.rpm Source: 50dda4d433a7a80f4e1f49788a7fc221937aba4029b2f62d52e1c19d8ca8cbb5 systemtap-2.4-16.el7_0.src.rpm