CentOS Errata and Security Advisory 2014:X012 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
6d3e7f3a8d393ffae6de4839da785c7102552c7880907b068d0869798cdd50fb libvirt-0.10.2.8-8.el6.centos.alt.x86_64.rpm
902819490821d9f6759d6e610317f1b1675856f4de47725ce01ed3fdb6c1e1b2 libvirt-client-0.10.2.8-8.el6.centos.alt.x86_64.rpm
1d9e492c4b4f78a67be4d149f1108faccccfb29be52cb40a8c348d644658cce7 libvirt-daemon-0.10.2.8-8.el6.centos.alt.x86_64.rpm
59860e8ebbdeacefc798830e0636756bf41fb67d3f106a1975ad8e6e927e4039 libvirt-daemon-config-network-0.10.2.8-8.el6.centos.alt.x86_64.rpm
35a87cdb65f857287354c9032f761e7d0c6cad3d4cf86202de6644c00eaea405 libvirt-daemon-config-nwfilter-0.10.2.8-8.el6.centos.alt.x86_64.rpm
0eb8be5a15cedd823cb8c1b2da525adb7d7a3d16a02db70620f64381c7297135 libvirt-daemon-driver-interface-0.10.2.8-8.el6.centos.alt.x86_64.rpm
8d2b45c5c63dd30194ede6c25b09771b62a1d592a6015465d87205e25de778f8 libvirt-daemon-driver-libxl-0.10.2.8-8.el6.centos.alt.x86_64.rpm
a09fce98bd35c27af511a97e99bee636b05fbb63ccf435f8449793e27a017e22 libvirt-daemon-driver-lxc-0.10.2.8-8.el6.centos.alt.x86_64.rpm
c23c059fb09bcb488ba7fead18d25bbd8927509842c256e7ee24f303c8d274fd libvirt-daemon-driver-network-0.10.2.8-8.el6.centos.alt.x86_64.rpm
e09d8ef08dcaecf7d385ec6c033380449d9f79ce75ed3dbe2eaffc2f7dc21899 libvirt-daemon-driver-nodedev-0.10.2.8-8.el6.centos.alt.x86_64.rpm
f10d0f38bdf90f6495fa8cb6a5b5d618099ff6ff1ea44122c05efda10834b0ea libvirt-daemon-driver-nwfilter-0.10.2.8-8.el6.centos.alt.x86_64.rpm
1d1f9dcee7aabdaa279c625e56c438c00cafa835196f6a40bd8aeec29f404d6b libvirt-daemon-driver-qemu-0.10.2.8-8.el6.centos.alt.x86_64.rpm
79369b437127406c419f68dfe2672775b03e4350cce7027f83c06f3e3c2e13a7 libvirt-daemon-driver-secret-0.10.2.8-8.el6.centos.alt.x86_64.rpm
ff7ee9a3143860d0be2f38ff7009027b266ac924188558a9b278fe86925a5994 libvirt-daemon-driver-storage-0.10.2.8-8.el6.centos.alt.x86_64.rpm
538c5d84925dea50dae206cb0ac076b2857c4786fa765a6d8026e2667780d33c libvirt-daemon-driver-xen-0.10.2.8-8.el6.centos.alt.x86_64.rpm
57d5eefe9d908d3b72019294df425952c32b64de334d35e03cfc65bd8ace4df5 libvirt-daemon-kvm-0.10.2.8-8.el6.centos.alt.x86_64.rpm
4b06fd1ce1718e0ba1cd64623c691bb29fe5be4cce77b2667449d69df8be76c6 libvirt-daemon-lxc-0.10.2.8-8.el6.centos.alt.x86_64.rpm
79cad5f6987a4a639eef61284847f3d676c4eaa0986d0c85973e2b77a82bc25b libvirt-daemon-xen-0.10.2.8-8.el6.centos.alt.x86_64.rpm
fbb04fb9dae9d3645cf736e14de32011b5d8786490944edad532abc7522921ac libvirt-debuginfo-0.10.2.8-8.el6.centos.alt.x86_64.rpm
d0a516d2b9043548d998cac2b6dd46f73c420d18c79680219c2db1b3b9063ceb libvirt-devel-0.10.2.8-8.el6.centos.alt.x86_64.rpm
2313676451f52684f8fef627a0062cad04c6a00f523bec3c7d13c0c1067e55a0 libvirt-docs-0.10.2.8-8.el6.centos.alt.x86_64.rpm
625f53461d147e76f1a6b1f879e745af321333a42ebc035343e19fb401abf34b libvirt-lock-sanlock-0.10.2.8-8.el6.centos.alt.x86_64.rpm
4b5c5b760888e3cdb9fb5a5ae98af91751becae8647d4f3f1ecf4b82445da2a5 libvirt-python-0.10.2.8-8.el6.centos.alt.x86_64.rpm
-----------------------------
Source:
-----------------------------
19d0268125091780a865cbdfed2dfb7142f75417742fe85db939cac49fb246e9 libvirt-0.10.2.8-8.el6.centos.alt.src.rpm
=====================================================
libvirt Changelog info from the SPEC file:
* Fri Sep 26 2014 Johnny Hughes <johnny< at >centos.org> 0.10.2.8-8.el6.centos.alt
- added in patches 417-420 from the 0.10.2-maint branch at libvirt.org
- patch 420 is for CVE-2014-3633
=====================================================
The following security issues are addressed in this update:
https://access.redhat.com/security/cve/CVE-2014-3633
=====================================================
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
CESA-2014:X013 Important xen Xen4CentOS SecurityUpdate
CentOS Errata and Security Advisory 2014:X013 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
7bdc9b1e50859e38f1a87d58c79b53d3fc428d102c3b7a1645c07e576927407c xen-4.2.5-34.el6.centos.alt.x86_64.rpm
ae27e1c510701c53459a61573a2f0cbcc06d543ddb995bcc35bc1f66f2e34298 xen-debuginfo-4.2.5-34.el6.centos.alt.x86_64.rpm
8a054f6de1d5c558546936bf90c0b4a9298a2b884c159018c1d4bfa14ac7c80d xen-devel-4.2.5-34.el6.centos.alt.x86_64.rpm
4363e339fa39e4b1b09d2beceb5d50e218dca4ef2a44520763f7eb7d73e8493a xen-doc-4.2.5-34.el6.centos.alt.x86_64.rpm
e84a36c1d483aedd758ebcb17a557748bc148b2685e4aa182888a171fa6952cc xen-hypervisor-4.2.5-34.el6.centos.alt.x86_64.rpm
b5cce0368cfa87df7744c81b0a3f76227a65d9aca27f8e27e0bd019e87e82103 xen-libs-4.2.5-34.el6.centos.alt.x86_64.rpm
4f3facba07e91ed5a1c5d1f2cc0db304d18ec9b09c18230e43ad73e82819a148 xen-licenses-4.2.5-34.el6.centos.alt.x86_64.rpm
6f6922cc7f842bc20652b8b8645bda61c14e62934113b4ed958527d045a1bbdb xen-ocaml-4.2.5-34.el6.centos.alt.x86_64.rpm
9513992c084c13f4050a09fc4fe83ec3ccdd8820ac999701205389cb3fdad5b6 xen-ocaml-devel-4.2.5-34.el6.centos.alt.x86_64.rpm
99faa9057ebd0d608971169c87f50038c7dfcceb540551f05a556ed16f873c56 xen-runtime-4.2.5-34.el6.centos.alt.x86_64.rpm
-----------------------------
Source:
-----------------------------
16de798571224461ea2dff22c1329f1299dc6b274d21471c299f510983894468 xen-4.2.5-34.el6.centos.alt.src.rpm
=====================================================
xen Changelog info from the SPEC file:
* Wed Oct 01 2014 Johnny Hughes <johnny< at >centos.org> - 4.2.5-34.el6.centos
- Roll in Patch209 (XSA-108, CVE-2014-7188)
=====================================================
The following Release info is available from the Xen site regarding XSAs:
http://xenbits.xen.org/xsa/advisory-108.html
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
CESA-2014:X010 Moderate xen Xen4CentOS SecurityUpdate
CentOS Errata and Security Advisory 2014:X010 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-----------------------------
X86_64
-----------------------------
f5a30e6c7c17a391dfc218cce2c2ca52dba4bf61d6c2d664faecda673d72fdea xen-4.2.5-33.el6.centos.alt.x86_64.rpm
993a2d96e1444b4ead48ddb2e04c0dbd96e0ddeffd388c81ef5496c5edc627cc xen-debuginfo-4.2.5-33.el6.centos.alt.x86_64.rpm
8ea623bd210e4b01e99de1e13a12bfad209238feaed9c540ea2fe84d0c09dbaf xen-devel-4.2.5-33.el6.centos.alt.x86_64.rpm
29f2053460161edb3a93e1f4902a817196b9de9ed800e73ca26ac5a8c9aa1946 xen-doc-4.2.5-33.el6.centos.alt.x86_64.rpm
b194d1ef94332bd3ee4d5e60190764e244809e270ab0ad506128cdd57ded09f6 xen-hypervisor-4.2.5-33.el6.centos.alt.x86_64.rpm
2d89359ac8ad6b9f853cd9e55b0c6ce6bb740295273157689544f8a4eeacbcf0 xen-libs-4.2.5-33.el6.centos.alt.x86_64.rpm
bca6d03a749e531fce006d571847ab2077e2283c0350012f3e2135e26c3a38b3 xen-licenses-4.2.5-33.el6.centos.alt.x86_64.rpm
13ccd1ba3d1af1a68e63c930663bd7afe2b3c635dba58183c076f9c3cd6c3a5a xen-ocaml-4.2.5-33.el6.centos.alt.x86_64.rpm
fbb2c5d49177333b0f8fb578ad38de824cba1dc2a2de2364ad1763bb20ab25c9 xen-ocaml-devel-4.2.5-33.el6.centos.alt.x86_64.rpm
2683887a4c4a1f98e0b9479d9587ab5ec7d0ea382538fea4be8c5a92f12c6f61 xen-runtime-4.2.5-33.el6.centos.alt.x86_64.rpm
-----------------------------
Source:
-----------------------------
f11fbc39bf07f06834fc05e81d3f3b4d916dc5a1ee5aaec6d048041d62cd5aae xen-4.2.5-33.el6.centos.alt.src.rpm
=====================================================
xen Changelog info from the SPEC file:
* Fri Sep 26 2014 Johnny Hughes <johnny< at >centos.org> - 4.2.5-33.el6.centos
- upgrade to upstream Xen version 4.2.5
- removed patches that are already part of 4.2.5
- Added Patch205 (XSA-97, CVE-2014-5146,CVE-2014-5149)
- Added Patch206 (XSA-104, CVE-2014-7154)
- Added Patch207 (XSA-105, CVE-2014-7155)
- Added Patch208 (XSA-106, CVE-2014-7156)
=====================================================
The following informaion is available for Xen 4.2.5 from XenProject.org:
http://bit.ly/1mABNPg
=====================================================
The following Release info is available from the Xen site regarding XSAs:
http://xenbits.xen.org/xsa/advisory-97.html
http://xenbits.xen.org/xsa/advisory-104.html
http://xenbits.xen.org/xsa/advisory-105.html
http://xenbits.xen.org/xsa/advisory-106.html
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
Schneider Electric Fixes Remotely Exploitable Flaw in 22 Different Products
There’s a remotely exploitable directory traversal vulnerability in more than 20 individual products from Schneider Electric that can enable an attacker to gain control of an affected machine.
HP Security Bulletin HPSBHF03119
HP Security Bulletin HPSBHF03119 – A potential security vulnerability has been identified with HP DreamColor Display running Bash Shell. This is the Bash Shell vulnerability known as “ShellShock” which could be exploited remotely to allow execution of code. NOTE: Only the Z27x model is vulnerable. Revision 1 of this advisory.
FreePBX Authentication Bypass / Account Creation
A remote attacker can bypass authentication and create a false FreePBX Administrator account, which will then let them perform any action on a FreePBX system as the FreePBX user (which is often ‘asterisk’ or ‘apache’). As of 2014/10/01 all versions of FreePBX are affected.
TestLink 1.9.11 SQL Injection
TestLink version 1.9.11 suffers from multiple remote SQL injection vulnerabilities.