openSUSE-SU-2017:2604-1: important: Security update for spice

openSUSE Security Update: Security update for spice
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2604-1
Rating: important
References: #1046779
Cross-References: CVE-2017-7506
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for spice fixes the following security issues:

– CVE-2017-7506: Fixed an out-of-bounds memory access when processing
specially crafted messages from authenticated attacker to the spice
server resulting into crash and/or server memory leak (bsc#1046779).

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1110=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE Leap 42.3 (x86_64):

libspice-server-devel-0.12.8-3.1
libspice-server1-0.12.8-3.1
libspice-server1-debuginfo-0.12.8-3.1
spice-debugsource-0.12.8-3.1

References:

https://www.suse.com/security/cve/CVE-2017-7506.html
https://bugzilla.suse.com/1046779


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

CESA-2017:2832 Important CentOS 6 nss Security Update

CentOS Errata and Security Advisory 2017:2832 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2832

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
56099ae34645fa89d00010fe614df83a79a1925be3830dcbb67e9b00b38894a9 nss-3.28.4-4.el6_9.i686.rpm
025a8491a6c1e927bc9662eb305f6482240491f389e90ed0e7ab835344d95c96 nss-devel-3.28.4-4.el6_9.i686.rpm
0f3a6773e86d60fcb4bcda3aaa1fba7428440bdd81aa3bd926faebf3ff72dca9 nss-pkcs11-devel-3.28.4-4.el6_9.i686.rpm
3dd0702db2d70534d11377ae3f8624f7775671d3118a1b4780b5ff9bcbb7e91c nss-sysinit-3.28.4-4.el6_9.i686.rpm
2f80dcab9ee5602fb3764cbbceef4d14c4e720d3a680f930c00db47a1871c2b6 nss-tools-3.28.4-4.el6_9.i686.rpm

x86_64:
56099ae34645fa89d00010fe614df83a79a1925be3830dcbb67e9b00b38894a9 nss-3.28.4-4.el6_9.i686.rpm
9443be70c900ba4987de5f794275c757aafadfe2f6f0445cd296857c371caa0b nss-3.28.4-4.el6_9.x86_64.rpm
025a8491a6c1e927bc9662eb305f6482240491f389e90ed0e7ab835344d95c96 nss-devel-3.28.4-4.el6_9.i686.rpm
615d1ebd1932ec30b3f94a50140646848036aa273d0d80593bc23817dd40b252 nss-devel-3.28.4-4.el6_9.x86_64.rpm
0f3a6773e86d60fcb4bcda3aaa1fba7428440bdd81aa3bd926faebf3ff72dca9 nss-pkcs11-devel-3.28.4-4.el6_9.i686.rpm
4ed35c5d70b8699c1e4cfb545718a7e06c009b3acfbf7282bc468a84dd62b6a8 nss-pkcs11-devel-3.28.4-4.el6_9.x86_64.rpm
3ba7c3ccb98ffb6545175105f6023c11fdb59c7e64a03e93662ea54e8e5b4bfa nss-sysinit-3.28.4-4.el6_9.x86_64.rpm
ad77a286969f96d8edf181d2489ec6dff094a91ceb7fe3da27b75e5492340c80 nss-tools-3.28.4-4.el6_9.x86_64.rpm

Source:
2679e522de097abe0fd65de3ab24fdf9d1e5b5ec71f677b601dafc9d45b9b53e nss-3.28.4-4.el6_9.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

CESA-2017:2831 Critical CentOS 6 firefox Security Update

CentOS Errata and Security Advisory 2017:2831 Critical

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2831

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
212c25531aad7cec6beca513117f0670480cd67b006eac0daeb242bf8fc73805 firefox-52.4.0-1.el6.centos.i686.rpm

x86_64:
212c25531aad7cec6beca513117f0670480cd67b006eac0daeb242bf8fc73805 firefox-52.4.0-1.el6.centos.i686.rpm
052aac090689b63de266e303cad69eb2a39a39c21e06a813562390904315a6e5 firefox-52.4.0-1.el6.centos.x86_64.rpm

Source:
f990185e5803de42e5351d31c276001677afaa4120bcb9b3f6d11190267805e1 firefox-52.4.0-1.el6.centos.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

CESA-2017:2831 Critical CentOS 7 firefox Security Update

CentOS Errata and Security Advisory 2017:2831 Critical

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2831

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
c50ba8648e3b2c32b65ed9d0a6718e34a19fb2180cd113f473a6b6eb5e87900b firefox-52.4.0-1.el7.centos.i686.rpm
29bdc5ec8e8155854d7ac2605fdacb15ad40bcb8728825c4b1531b0e5da3df67 firefox-52.4.0-1.el7.centos.x86_64.rpm

Source:
fba2da970bd16d5519beed16bc239ee8dcc3c4298217af7a2ba390c36e69a01a firefox-52.4.0-1.el7.centos.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

CESA-2017:2832 Important CentOS 7 nss Security Update

CentOS Errata and Security Advisory 2017:2832 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2832

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
5b9f01457f88d0b6b4f442b2f7c4d5318962b9a3321ee79fee9d9f541513d439 nss-3.28.4-12.el7_4.i686.rpm
8443f61e40876db42ec1e5ea0fcb45cb2d0cc2647752a5e2ae03939d3ff08628 nss-3.28.4-12.el7_4.x86_64.rpm
3431721d1a3876799351c45b6923d123c69847ccdea17de5d82151412c979c33 nss-devel-3.28.4-12.el7_4.i686.rpm
1116f9a4e85302f4b85fc4511153e2623841c22b6a733d9b061331be46c5022d nss-devel-3.28.4-12.el7_4.x86_64.rpm
c16e3a00b15df077d56996572a16482593795c0e798a3e879af186a7987ea93f nss-pkcs11-devel-3.28.4-12.el7_4.i686.rpm
a8998872a428c177201f6db49c3f24472eb78729ebb1a15731440739a2155da1 nss-pkcs11-devel-3.28.4-12.el7_4.x86_64.rpm
de14017234abf879caf5843aacc732719dbde7e033d824b57224bd34f55b73ae nss-sysinit-3.28.4-12.el7_4.x86_64.rpm
66b4b4bb2a679ddfe0471a33774aa1c0f17388a04b319056cb9dd3ed5060f230 nss-tools-3.28.4-12.el7_4.x86_64.rpm

Source:
6725abae2df7fbc35d33545095c51e4e3bfc559fc323b73bf07d19f06e062bee nss-3.28.4-12.el7_4.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

Ubuntu 17.10 (Artful Aardvark) Final Beta released

VGhlIFVidW50dSB0ZWFtIGlzIHBsZWFzZWQgdG8gYW5ub3VuY2UgdGhlIGZpbmFsIGJldGEgcmVs
ZWFzZSBvZiB0aGUKVWJ1bnR1IDE3LjEwIERlc2t0b3AsIFNlcnZlciwgYW5kIENsb3VkIHByb2R1
Y3RzLgoKQ29kZW5hbWVkICJBcnRmdWwgQWFyZHZhcmsiLCAxNy4xMCBjb250aW51ZXMgVWJ1bnR1
J3MgcHJvdWQgdHJhZGl0aW9uCm9mIGludGVncmF0aW5nIHRoZSBsYXRlc3QgYW5kIGdyZWF0ZXN0
IG9wZW4gc291cmNlIHRlY2hub2xvZ2llcyBpbnRvIGEKaGlnaC1xdWFsaXR5LCBlYXN5LXRvLXVz
ZSBMaW51eCBkaXN0cmlidXRpb24uICBUaGUgdGVhbSBoYXMgYmVlbiBoYXJkCmF0IHdvcmsgdGhy
b3VnaCB0aGlzIGN5Y2xlLCBpbnRyb2R1Y2luZyBuZXcgZmVhdHVyZXMgYW5kIGZpeGluZyBidWdz
LgoKVGhpcyBiZXRhIHJlbGVhc2UgaW5jbHVkZXMgaW1hZ2VzIGZyb20gbm90IG9ubHkgdGhlIFVi
dW50dSBEZXNrdG9wLApTZXJ2ZXIsIGFuZCBDbG91ZCBwcm9kdWN0cywgYnV0IGFsc28gdGhlIEt1
YnVudHUsIEx1YnVudHUsIFVidW50dQpCdWRnaWUsIFVidW50dUt5bGluLCBVYnVudHUgTUFURSwg
VWJ1bnR1IFN0dWRpbywgYW5kIFh1YnVudHUgZmxhdm91cnMuCgpUaGUgYmV0YSBpbWFnZXMgYXJl
IGtub3duIHRvIGJlIHJlYXNvbmFibHkgZnJlZSBvZiBzaG93c3RvcHBlciBDRApidWlsZCBvciBp
bnN0YWxsZXIgYnVncywgd2hpbGUgcmVwcmVzZW50aW5nIGEgdmVyeSByZWNlbnQgc25hcHNob3Qg
b2YKMTcuMTAgdGhhdCBzaG91bGQgYmUgcmVwcmVzZW50YXRpdmUgb2YgdGhlIGZlYXR1cmVzIGlu
dGVuZGVkIHRvIHNoaXAKd2l0aCB0aGUgZmluYWwgcmVsZWFzZSBleHBlY3RlZCBvbiBPY3RvYmVy
IDE5dGgsIDIwMTcuICBXaXRoIHRoYXQKYmVpbmcgc2FpZCwgcmVtZW1iZXIgd2UgYXJlIHN0aWxs
IGluIGFjdGl2ZSBkZXZlbG9wbWVudCBzbyBiZSBzdXJlIHRvCmZhbWlsaWFyaXplIHdpdGggdGhl
IGN1cnJlbnRseSBrbm93biBpc3N1ZXMgYXMgbGlzdGVkIG9uIHRoZSBvZmZpY2lhbApyZWxlYXNl
IG5vdGVzIHBhZ2UuCgpVYnVudHUsIFVidW50dSBTZXJ2ZXIsIENsb3VkIEltYWdlczoKICBBcnRm
dWwgRmluYWwgQmV0YSBpbmNsdWRlcyB1cGRhdGVkIHZlcnNpb25zIG9mIG1vc3Qgb2Ygb3VyIGNv
cmUgc2V0CiAgb2YgcGFja2FnZXMsIGluY2x1ZGluZyBhIGN1cnJlbnQgNC4xMyBrZXJuZWwsIGFu
ZCBtdWNoIG1vcmUuCgogIFRvIHVwZ3JhZGUgdG8gVWJ1bnR1IDE3LjEwIEZpbmFsIEJldGEgZnJv
bSBVYnVudHUgMTcuMDQsIGZvbGxvdyB0aGVzZQogIGluc3RydWN0aW9uczoKCiAgaHR0cHM6Ly9o
ZWxwLnVidW50dS5jb20vY29tbXVuaXR5L0FydGZ1bFVwZ3JhZGVzCgogIFRoZSBVYnVudHUgMTcu
MTAgRmluYWwgQmV0YSBpbWFnZXMgY2FuIGJlIGRvd25sb2FkZWQgYXQ6CgogIGh0dHA6Ly9yZWxl
YXNlcy51YnVudHUuY29tLzE3LjEwLyAoVWJ1bnR1IGFuZCBVYnVudHUgU2VydmVyIG9uIHg4NikK
CiAgQWRkaXRpb25hbCBpbWFnZXMgY2FuIGJlIGZvdW5kIGF0IHRoZSBmb2xsb3dpbmcgbGlua3M6
CgogIGh0dHA6Ly9jbG91ZC1pbWFnZXMudWJ1bnR1LmNvbS9kYWlseS9zZXJ2ZXIvYXJ0ZnVsL2N1
cnJlbnQvIChDbG91ZCBJbWFnZXMpCiAgaHR0cDovL2NkaW1hZ2UudWJ1bnR1LmNvbS9yZWxlYXNl
cy8xNy4xMC9iZXRhLTIvIChOb24teDg2IFNlcnZlcikKICBodHRwOi8vY2RpbWFnZS51YnVudHUu
Y29tL25ldGJvb3QvMTcuMTAvIChOZXRib290KQoKICBBcyBmaXhlcyB3aWxsIGJlIGluY2x1ZGVk
IGluIG5ldyBpbWFnZXMgYmV0d2VlbiBub3cgYW5kIHJlbGVhc2UsIGFueQogIGRhaWx5IGNsb3Vk
IGltYWdlIGZyb20gdG9kYXkgb3IgbGF0ZXIgKGkuZS4gYSBzZXJpYWwgb2YgMjAxNzA5MjYgb3IK
ICBoaWdoZXIpIHNob3VsZCBiZSBjb25zaWRlcmVkIGEgYmV0YSBpbWFnZS4gIEJ1Z3MgZm91bmQg
c2hvdWxkIGJlIGZpbGVkCiAgYWdhaW5zdCB0aGUgYXBwcm9wcmlhdGUgcGFja2FnZXMgb3IsIGZh
aWxpbmcgdGhhdCwgdGhlIGNsb3VkLWltYWdlcwogIHByb2plY3QgaW4gTGF1bmNocGFkLgoKICBU
aGUgZnVsbCByZWxlYXNlIG5vdGVzIGZvciBVYnVudHUgMTcuMTAgRmluYWwgQmV0YSBjYW4gYmUg
Zm91bmQgYXQ6CgogIGh0dHBzOi8vd2lraS51YnVudHUuY29tL0FydGZ1bEFhcmR2YXJrL1JlbGVh
c2VOb3RlcwoKS3VidW50dToKICBLdWJ1bnR1IGlzIHRoZSBLREUgYmFzZWQgZmxhdm91ciBvZiBV
YnVudHUuIEl0IHVzZXMgdGhlIFBsYXNtYSBkZXNrdG9wCiAgYW5kIGluY2x1ZGVzIGEgd2lkZSBz
ZWxlY3Rpb24gb2YgdG9vbHMgZnJvbSB0aGUgS0RFIHByb2plY3QuCgogIFRoZSBGaW5hbCBCZXRh
IGltYWdlcyBjYW4gYmUgZG93bmxvYWRlZCBhdDoKICBodHRwOi8vY2RpbWFnZS51YnVudHUuY29t
L2t1YnVudHUvcmVsZWFzZXMvMTcuMTAvYmV0YS0yLwoKICBNb3JlIGluZm9ybWF0aW9uIG9uIEt1
YnVudHUgRmluYWwgQmV0YSBjYW4gYmUgZm91bmQgaGVyZToKICBodHRwczovL3dpa2kudWJ1bnR1
LmNvbS9BcnRmdWxBYXJkdmFyay9CZXRhMi9LdWJ1bnR1CgpMdWJ1bnR1OgogIEx1YnVudHUgaXMg
YSBmbGF2b3Igb2YgVWJ1bnR1IHRoYXQgdGFyZ2V0cyB0byBiZSBsaWdodGVyLCBsZXNzCiAgcmVz
b3VyY2UgaHVuZ3J5IGFuZCBtb3JlIGVuZXJneS1lZmZpY2llbnQgYnkgdXNpbmcgbGlnaHR3ZWln
aHQKICBhcHBsaWNhdGlvbnMgYW5kIExYREUsIFRoZSBMaWdodHdlaWdodCBYMTEgRGVza3RvcCBF
bnZpcm9ubWVudCwKICBhcyBpdHMgZGVmYXVsdCBHVUkuCgogIFRoZSBGaW5hbCBCZXRhIGltYWdl
cyBjYW4gYmUgZG93bmxvYWRlZCBhdDoKICBodHRwOi8vY2RpbWFnZS51YnVudHUuY29tL2x1YnVu
dHUvcmVsZWFzZXMvMTcuMTAvYmV0YS0yLwoKICBNb3JlIGluZm9ybWF0aW9uIG9uIEx1YnVudHUg
RmluYWwgQmV0YSBjYW4gYmUgZm91bmQgaGVyZToKICBodHRwczovL3dpa2kudWJ1bnR1LmNvbS9B
cnRmdWxBYXJkdmFyay9CZXRhMi9MdWJ1bnR1CgogIEFsc28gaW4gdGhpcyBtaWxlc3RvbmUgaXMg
THVidW50dSBOZXh0LCBhbiBleHBlcmltZW50YWwgZmxhdm9yIG9mCiAgVWJ1bnR1IGJhc2VkIG9u
IExYUXQgYW5kIGZvY3VzZWQgb24gcHJvdmlkaW5nIGEgbW9kZXJuLCBsaWdodHdlaWdodCwKICBR
dC1iYXNlZCBkaXN0cmlidXRpb24uCgogIFRoZSBMdWJ1bnR1IE5leHQgMTcuMTAgRmluYWwgQmV0
YSBpbWFnZXMgY2FuIGJlIGRvd25sb2FkZWQgZnJvbToKICBodHRwOi8vY2RpbWFnZS51YnVudHUu
Y29tL2x1YnVudHUtbmV4dC9yZWxlYXNlcy8xNy4xMC9iZXRhLTIvCgogIE1vcmUgaW5mb3JtYXRp
b24gYWJvdXQgTHVidW50dSBOZXh0IDE3LjEwIEFscGhhIDEgY2FuIGJlIGZvdW5kIGhlcmU6CiAg
aHR0cHM6Ly93aWtpLnVidW50dS5jb20vQXJ0ZnVsQWFyZHZhcmsvQmV0YTIvTHVidW50dU5leHQK
ClVidW50dSBCdWRnaWU6CiAgVWJ1bnR1IEJ1ZGdpZSBpcyBjb21tdW5pdHkgZGV2ZWxvcGVkIGRl
c2t0b3AsIGludGVncmF0aW5nIEJ1ZGdpZQogIERlc2t0b3AgRW52aXJvbm1lbnQgd2l0aCBVYnVu
dHUgYXQgaXRzIGNvcmUuCgogIFRoZSBGaW5hbCBCZXRhIGltYWdlcyBjYW4gYmUgZG93bmxvYWRl
ZCBhdDoKICBodHRwOi8vY2RpbWFnZS51YnVudHUuY29tL3VidW50dS1idWRnaWUvcmVsZWFzZXMv
MTcuMTAvYmV0YS0yLwoKICBNb3JlIGluZm9ybWF0aW9uIG9uIFVidW50dSBCdWRnaWUgRmluYWwg
QmV0YSBjYW4gYmUgZm91bmQgaGVyZToKICBodHRwczovL3VidW50dWJ1ZGdpZS5vcmcvYmxvZy8y
MDE3LzA5LzI1LzE3LTEwLXJlbGVhc2Utbm90ZXMKClVidW50dUt5bGluOgogIFVidW50dUt5bGlu
IGlzIGEgZmxhdm9yIG9mIFVidW50dSB0aGF0IGlzIG1vcmUgc3VpdGFibGUgZm9yIENoaW5lc2UK
ICB1c2Vycy4KCiAgVGhlIEZpbmFsIEJldGEgaW1hZ2VzIGNhbiBiZSBkb3dubG9hZGVkIGF0Ogog
IGh0dHA6Ly9jZGltYWdlLnVidW50dS5jb20vdWJ1bnR1a3lsaW4vcmVsZWFzZXMvMTcuMTAvYmV0
YS0yLwoKICBNb3JlIGluZm9ybWF0aW9uIG9uIFVidW50dUt5bGluIEZpbmFsIEJldGEgY2FuIGJl
IGZvdW5kIGhlcmU6CiAgaHR0cHM6Ly93aWtpLnVidW50dS5jb20vQXJ0ZnVsQWFyZHZhcmsvUmVs
ZWFzZU5vdGVzL1VidW50dUt5bGluCgpVYnVudHUgTUFURToKICBVYnVudHUgTUFURSBpcyBhIGZs
YXZvciBvZiBVYnVudHUgZmVhdHVyaW5nIHRoZSBNQVRFIGRlc2t0b3AKICBlbnZpcm9ubWVudC4K
CiAgVGhlIEZpbmFsIEJldGEgaW1hZ2VzIGNhbiBiZSBkb3dubG9hZGVkIGF0OgogIGh0dHA6Ly9j
ZGltYWdlLnVidW50dS5jb20vdWJ1bnR1LW1hdGUvcmVsZWFzZXMvMTcuMTAvYmV0YS0yLwoKICBN
b3JlIGluZm9ybWF0aW9uIG9uIFVidW50dU1BVEUgRmluYWwgQmV0YSBjYW4gYmUgZm91bmQgaGVy
ZToKICBodHRwczovL3VidW50dS1tYXRlLm9yZy9ibG9nL3VidW50dS1tYXRlLWFydGZ1bC1iZXRh
Mi8KClVidW50dSBTdHVkaW86CiAgVWJ1bnR1IFN0dWRpbyBpcyBhIGZsYXZvciBvZiBVYnVudHUg
dGhhdCBwcm92aWRlcyBhIGZ1bGwgcmFuZ2Ugb2YKICBtdWx0aW1lZGlhIGNvbnRlbnQgY3JlYXRp
b24gYXBwbGljYXRpb25zIGZvciBlYWNoIGtleSB3b3JrZmxvd3M6CiAgYXVkaW8sIGdyYXBoaWNz
LCB2aWRlbywgcGhvdG9ncmFwaHkgYW5kIHB1Ymxpc2hpbmcuCgogIFRoZSBGaW5hbCBCZXRhIGlt
YWdlcyBjYW4gYmUgZG93bmxvYWRlZCBhdDoKICBodHRwOi8vY2RpbWFnZS51YnVudHUuY29tL3Vi
dW50dXN0dWRpby9yZWxlYXNlcy8xNy4xMC9iZXRhLTIvCgogIE1vcmUgaW5mb3JtYXRpb24gYWJv
dXQgVWJ1bnR1IFN0dWRpbyBGaW5hbCBCZXRhIGNhbiBiZSBmb3VuZCBoZXJlOgogIGh0dHBzOi8v
d2lraS51YnVudHUuY29tL0FydGZ1bEFhcmR2YXJrL0JldGEyL1VidW50dVN0dWRpbwoKWHVidW50
dToKICBYdWJ1bnR1IGlzIGEgZmxhdm9yIG9mIFVidW50dSB0aGF0IGNvbWVzIHdpdGggWGZjZSwg
d2hpY2ggaXMgYSBzdGFibGUsCiAgbGlnaHQgYW5kIGNvbmZpZ3VyYWJsZSBkZXNrdG9wIGVudmly
b25tZW50LgoKICBUaGUgRmluYWwgQmV0YSBpbWFnZXMgY2FuIGJlIGRvd25sb2FkZWQgYXQ6CiAg
aHR0cDovL2NkaW1hZ2UudWJ1bnR1LmNvbS94dWJ1bnR1L3JlbGVhc2VzLzE3LjEwL2JldGEtMi8K
CiAgTW9yZSBpbm9ybWF0aW9uIGFib3V0IFh1YnVudHUgRmluYWwgQmV0YSBjYW4gYmUgZm91bmQg
aGVyZToKICBodHRwOi8vd2lraS54dWJ1bnR1Lm9yZy9yZWxlYXNlcy8xNy4xMC9yZWxlYXNlLW5v
dGVzCgpSZWd1bGFyIGRhaWx5IGltYWdlcyBmb3IgVWJ1bnR1LCBhbmQgYWxsIGZsYXZvdXJzLCBj
YW4gYmUgZm91bmQgYXQ6CiAgaHR0cDovL2NkaW1hZ2UudWJ1bnR1LmNvbQoKVWJ1bnR1IGlzIGEg
ZnVsbC1mZWF0dXJlZCBMaW51eCBkaXN0cmlidXRpb24gZm9yIGNsaWVudHMsIHNlcnZlcnMgYW5k
CmNsb3Vkcywgd2l0aCBhIGZhc3QgYW5kIGVhc3kgaW5zdGFsbGF0aW9uIGFuZCByZWd1bGFyIHJl
bGVhc2VzLiAgQQp0aWdodGx5LWludGVncmF0ZWQgc2VsZWN0aW9uIG9mIGV4Y2VsbGVudCBhcHBs
aWNhdGlvbnMgaXMgaW5jbHVkZWQsCmFuZCBhbiBpbmNyZWRpYmxlIHZhcmlldHkgb2YgYWRkLW9u
IHNvZnR3YXJlIGlzIGp1c3QgYSBmZXcgY2xpY2tzCmF3YXkuCgpQcm9mZXNzaW9uYWwgdGVjaG5p
Y2FsIHN1cHBvcnQgaXMgYXZhaWxhYmxlIGZyb20gQ2Fub25pY2FsIExpbWl0ZWQgYW5kCmh1bmRy
ZWRzIG9mIG90aGVyIGNvbXBhbmllcyBhcm91bmQgdGhlIHdvcmxkLiAgRm9yIG1vcmUgaW5mb3Jt
YXRpb24KYWJvdXQgc3VwcG9ydCwgdmlzaXQgaHR0cDovL3d3dy51YnVudHUuY29tL3N1cHBvcnQK
CklmIHlvdSB3b3VsZCBsaWtlIHRvIGhlbHAgc2hhcGUgVWJ1bnR1LCB0YWtlIGEgbG9vayBhdCB0
aGUgbGlzdCBvZgp3YXlzIHlvdSBjYW4gcGFydGljaXBhdGUgYXQ6Cmh0dHA6Ly93d3cudWJ1bnR1
LmNvbS9jb21tdW5pdHkvcGFydGljaXBhdGUKCllvdXIgY29tbWVudHMsIGJ1ZyByZXBvcnRzLCBw
YXRjaGVzIGFuZCBzdWdnZXN0aW9ucyByZWFsbHkgaGVscCB1cyB0bwppbXByb3ZlIHRoaXMgYW5k
IGZ1dHVyZSByZWxlYXNlcyBvZiBVYnVudHUuICAgSW5zdHJ1Y3Rpb25zIGNhbiBiZQpmb3VuZCBh
dDogaHR0cHM6Ly9oZWxwLnVidW50dS5jb20vY29tbXVuaXR5L1JlcG9ydGluZ0J1Z3MKCllvdSBj
YW4gZmluZCBvdXQgbW9yZSBhYm91dCBVYnVudHUgYW5kIGFib3V0IHRoaXMgYmV0YSByZWxlYXNl
IG9uIG91cgp3ZWJzaXRlLCBJUkMgY2hhbm5lbCBhbmQgd2lraS4KClRvIHNpZ24gdXAgZm9yIGZ1
dHVyZSBVYnVudHUgYW5ub3VuY2VtZW50cywgcGxlYXNlIHN1YnNjcmliZSB0bwpVYnVudHUncyB2
ZXJ5IGxvdyB2b2x1bWUgYW5ub3VuY2VtZW50IGxpc3QgYXQ6CgogIGh0dHA6Ly9saXN0cy51YnVu
dHUuY29tL21haWxtYW4vbGlzdGluZm8vdWJ1bnR1LWFubm91bmNlCgpPbiBiZWhhbGYgb2YgdGhl
IFVidW50dSBSZWxlYXNlIFRlYW0sCgotLSAKxYF1a2FzeiAnc2lsMjEwMCcgWmVtY3phawogRm91
bmRhdGlvbnMgVGVhbQogbHVrYXN6LnplbWN6YWtAY2Fub25pY2FsLmNvbQogd3d3LmNhbm9uaWNh
bC5jb20KCi0tIAp1YnVudHUtYW5ub3VuY2UgbWFpbGluZyBsaXN0CnVidW50dS1hbm5vdW5jZUBs
aXN0cy51YnVudHUuY29tCk1vZGlmeSBzZXR0aW5ncyBvciB1bnN1YnNjcmliZSBhdDogaHR0cHM6
Ly9saXN0cy51YnVudHUuY29tL21haWxtYW4vbGlzdGluZm8vdWJ1bnR1LWFubm91bmNlCg==

SUSE-SU-2017:2589-1: important: Security update for MozillaFirefox

SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2589-1
Rating: important
References: #1052829
Cross-References: CVE-2017-7753 CVE-2017-7779 CVE-2017-7782
CVE-2017-7784 CVE-2017-7785 CVE-2017-7786
CVE-2017-7787 CVE-2017-7791 CVE-2017-7792
CVE-2017-7798 CVE-2017-7800 CVE-2017-7801
CVE-2017-7802 CVE-2017-7803 CVE-2017-7804
CVE-2017-7807
Affected Products:
SUSE OpenStack Cloud 6
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for SAP 12-SP1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________

An update that fixes 16 vulnerabilities is now available.

Description:

This update for MozillaFirefox to ESR 52.3 fixes several issues.

These security issues were fixed:

– CVE-2017-7807 Domain hijacking through AppCache fallback (bsc#1052829)
– CVE-2017-7791 Spoofing following page navigation with data: protocol and
modal alerts (bsc#1052829)
– CVE-2017-7792 Buffer overflow viewing certificates with an extremely
long OID (bsc#1052829)
– CVE-2017-7782 WindowsDllDetourPatcher allocates memory without DEP
protections (bsc#1052829)
– CVE-2017-7787 Same-origin policy bypass with iframes through page
reloads (bsc#1052829)
– CVE-2017-7786 Buffer overflow while painting non-displayable SVG
(bsc#1052829)
– CVE-2017-7785 Buffer overflow manipulating ARIA attributes in DOM
(bsc#1052829)
– CVE-2017-7784 Use-after-free with image observers (bsc#1052829)
– CVE-2017-7753 Out-of-bounds read with cached style data and
pseudo-elements (bsc#1052829)
– CVE-2017-7798 XUL injection in the style editor in devtools (bsc#1052829)
– CVE-2017-7804 Memory protection bypass through WindowsDllDetourPatcher
(bsc#1052829)
– CVE-2017-7779 Memory safety bugs fixed in Firefox 55 and Firefox ESR
52.3 (bsc#1052829)
– CVE-2017-7800 Use-after-free in WebSockets during disconnection
(bsc#1052829)
– CVE-2017-7801 Use-after-free with marquee during window resizing
(bsc#1052829)
– CVE-2017-7802 Use-after-free resizing image elements (bsc#1052829)
– CVE-2017-7803 CSP containing ‘sandbox’ improperly applied (bsc#1052829)

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE OpenStack Cloud 6:

zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1603=1

– SUSE Linux Enterprise Software Development Kit 12-SP3:

zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1603=1

– SUSE Linux Enterprise Software Development Kit 12-SP2:

zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1603=1

– SUSE Linux Enterprise Server for SAP 12-SP1:

zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1603=1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1603=1

– SUSE Linux Enterprise Server 12-SP3:

zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1603=1

– SUSE Linux Enterprise Server 12-SP2:

zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1603=1

– SUSE Linux Enterprise Server 12-SP1-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1603=1

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1603=1

– SUSE Linux Enterprise Desktop 12-SP3:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1603=1

– SUSE Linux Enterprise Desktop 12-SP2:

zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1603=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE OpenStack Cloud 6 (x86_64):

MozillaFirefox-52.3.0esr-109.3.1
MozillaFirefox-debuginfo-52.3.0esr-109.3.1
MozillaFirefox-debugsource-52.3.0esr-109.3.1
MozillaFirefox-devel-52.3.0esr-109.3.1
MozillaFirefox-translations-52.3.0esr-109.3.1

– SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):

MozillaFirefox-debuginfo-52.3.0esr-109.3.1
MozillaFirefox-debugsource-52.3.0esr-109.3.1
MozillaFirefox-devel-52.3.0esr-109.3.1

– SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64):

MozillaFirefox-debuginfo-52.3.0esr-109.3.1
MozillaFirefox-debugsource-52.3.0esr-109.3.1
MozillaFirefox-devel-52.3.0esr-109.3.1

– SUSE Linux Enterprise Server for SAP 12-SP1 (ppc64le x86_64):

MozillaFirefox-52.3.0esr-109.3.1
MozillaFirefox-debuginfo-52.3.0esr-109.3.1
MozillaFirefox-debugsource-52.3.0esr-109.3.1
MozillaFirefox-devel-52.3.0esr-109.3.1
MozillaFirefox-translations-52.3.0esr-109.3.1

– SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

MozillaFirefox-52.3.0esr-109.3.1
MozillaFirefox-debuginfo-52.3.0esr-109.3.1
MozillaFirefox-debugsource-52.3.0esr-109.3.1
MozillaFirefox-translations-52.3.0esr-109.3.1

– SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

MozillaFirefox-52.3.0esr-109.3.1
MozillaFirefox-debuginfo-52.3.0esr-109.3.1
MozillaFirefox-debugsource-52.3.0esr-109.3.1
MozillaFirefox-translations-52.3.0esr-109.3.1

– SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64):

MozillaFirefox-52.3.0esr-109.3.1
MozillaFirefox-debuginfo-52.3.0esr-109.3.1
MozillaFirefox-debugsource-52.3.0esr-109.3.1
MozillaFirefox-translations-52.3.0esr-109.3.1

– SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64):

MozillaFirefox-52.3.0esr-109.3.1
MozillaFirefox-debuginfo-52.3.0esr-109.3.1
MozillaFirefox-debugsource-52.3.0esr-109.3.1
MozillaFirefox-devel-52.3.0esr-109.3.1
MozillaFirefox-translations-52.3.0esr-109.3.1

– SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64):

MozillaFirefox-52.3.0esr-109.3.1
MozillaFirefox-debuginfo-52.3.0esr-109.3.1
MozillaFirefox-debugsource-52.3.0esr-109.3.1
MozillaFirefox-devel-52.3.0esr-109.3.1
MozillaFirefox-translations-52.3.0esr-109.3.1

– SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

MozillaFirefox-52.3.0esr-109.3.1
MozillaFirefox-debuginfo-52.3.0esr-109.3.1
MozillaFirefox-debugsource-52.3.0esr-109.3.1
MozillaFirefox-translations-52.3.0esr-109.3.1

– SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

MozillaFirefox-52.3.0esr-109.3.1
MozillaFirefox-debuginfo-52.3.0esr-109.3.1
MozillaFirefox-debugsource-52.3.0esr-109.3.1
MozillaFirefox-translations-52.3.0esr-109.3.1

References:

https://www.suse.com/security/cve/CVE-2017-7753.html
https://www.suse.com/security/cve/CVE-2017-7779.html
https://www.suse.com/security/cve/CVE-2017-7782.html
https://www.suse.com/security/cve/CVE-2017-7784.html
https://www.suse.com/security/cve/CVE-2017-7785.html
https://www.suse.com/security/cve/CVE-2017-7786.html
https://www.suse.com/security/cve/CVE-2017-7787.html
https://www.suse.com/security/cve/CVE-2017-7791.html
https://www.suse.com/security/cve/CVE-2017-7792.html
https://www.suse.com/security/cve/CVE-2017-7798.html
https://www.suse.com/security/cve/CVE-2017-7800.html
https://www.suse.com/security/cve/CVE-2017-7801.html
https://www.suse.com/security/cve/CVE-2017-7802.html
https://www.suse.com/security/cve/CVE-2017-7803.html
https://www.suse.com/security/cve/CVE-2017-7804.html
https://www.suse.com/security/cve/CVE-2017-7807.html
https://bugzilla.suse.com/1052829


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Announcing the release of Gluster 3.12 on CentOS Linux 6 x86_64

–===============4707704617413160549==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol=”application/pgp-signature”; boundary=”nVMJ2NtxeReIH9PS”
Content-Disposition: inline

–nVMJ2NtxeReIH9PS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

I am happy to announce the General Availability of Gluster 3.12 for
CentOS 6 on x86_64. These packages are following the upstream Gluster
Community releases, and will receive monthly bugfix updates.

Gluster 3.12 is a Long-Term-Maintenance release, and will receive
updates for approximately 18 months. The difference between
Long-Term-Maintenance and Short-Term-Maintenance releases is explained
on the Gluster release schedule page:
https://www.gluster.org/community/release-schedule/

Users of CentOS 6 can now simply install Gluster 3.12 with only these two
commands:

# yum install centos-release-gluster
# yum install glusterfs-server

The centos-release-gluster package is delivered via CentOS Extras repos.
This contains all the metadata and dependency information, needed to
install Gluster 3.12. The actual package that will get installed is
centos-release-gluster312. Users of the now End-Of-Life
Short-Term-Maintenance Gluster 3.11 will automatically get the update to
Gluster 3.12, whereas users of Gluster 3.10 can stay on that
Long-Term-Maintenance release for an other six months.

Users of Gluster 3.8 will need to manually upgrade by uninstalling the
centos-release-gluster38 package, and replacing it with either the
Gluster 3.12 or 3.10 version. Additional details about the upgrade
process are linked in the announcement from the Gluster Community:
http://lists.gluster.org/pipermail/announce/2017-September/000082.html

We have a quickstart guide specifically built around the packages are
available, it makes for a good introduction to Gluster and will help get
you started in just a few simple steps, this quick start is available at
https://wiki.centos.org/SpecialInterestGroup/Storage/gluster-Quickstart

More details about the packages that the Gluster project provides in the
Storage SIG is available in the documentation:
https://wiki.centos.org/SpecialInterestGroup/Storage/Gluster

The centos-release-gluster* repositories offer additional packages that
enhance the usability of Gluster itself. Utilities and tools that were
working with previous versions of Gluster are expected to stay working
fine. If there are any problems, or requests for additional tools and
applications to be provided, just send us an email with your
suggestions. The current list of packages that is (planned to become)
available can be found here:
https://wiki.centos.org/SpecialInterestGroup/Storage/Gluster/Ecosystem-pkgs

We welcome all feedback, comments and contributions. You can get in
touch with the CentOS Storage SIG on the centos-devel mailing list
(https://lists.centos.org ) and with the Gluster developer and user
communities at https://www.gluster.org/mailman/listinfo , we are also
available on irc at #gluster on irc.freenode.net, and on twitter at
@gluster .

Cheers,
Niels de Vos
Storage SIG member & Gluster maintainer

–nVMJ2NtxeReIH9PS
Content-Type: application/pgp-signature; name=”signature.asc”

—–BEGIN PGP SIGNATURE—–

iQIcBAEBAgAGBQJZyi75AAoJECXo5AApwsWz6CwQAJz4XmQAw2XtzAaBdMz13+ng
LqYFTWjh6/kHr+zcKvSkA/iOZ/VKkl2wMXJX39JCBpHcZvLn4S1Zn01dcc8F6K+t
u15iiJieL1kPyg24KMV36+AvR6ROBgQgJ/I83gZnPpzDTpTxZmYr17oq20e5XdeX
Cs4xBAA7AwLeO1XW3etcrxjJz5apCYIzILQUKmx+v9ojQ1ywoT9hzVtSnuAgGgdq
26BSf1lHnD1Hyc7zZmGH4Nm4jYMvZFpQViNbmlgDJa07f+v4hJozf2OqymPFQCA4
R6gUzOlfaKEmVz3X4S6Rke6tlypCmNaSpGHAbgkwNdW7aTyWd5AJljMmsMHHalU7
mRDAHWjPMbP7G5OogQENhYjxHGM42U2AzhJztODhDNN2eSMQI6Tbt/GZ+LUsr604
lcMXrdztBpWeh4J/QDhldM1iEJfdQ4pXxo/eNiXrNFkAovhBIfBZH8rZ2Fcpidsl
8aoeLmjE4yloAopAqug0JOPa3OwVnMWFu7rg/4ypsXNLQWM8YV/eFvJAMmV6wgw/
obFOFhu0GnHrK//Ypf8mTZEX7i8xRRDY3qkkMcmwyB+kGbBqAs23bwtDeBt2dKsj
WoyXUMqpLq/+D81da3bTNhzjnWtmkTYhp6tugPXWoXGGK9Lzbz/u0SG+lO38HInT
Gl5ecZNLdaQ2Gnj9WlyZ
=Hoxi
—–END PGP SIGNATURE—–

–nVMJ2NtxeReIH9PS–

–===============4707704617413160549==
Content-Type: text/plain; charset=”us-ascii”
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

–===============4707704617413160549==–

CESA-2017:2795 Important CentOS 6 kernel Security Update

CentOS Errata and Security Advisory 2017:2795 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2795

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
0ece8515a2a820dd68805f034238d315dc9bf7a3bd8979ab908914fff523535f kernel-2.6.32-696.10.3.el6.i686.rpm
6c0a44700f042cfbd024f7b22852a63626cd2023582b7e9033d473159cf9fe30 kernel-abi-whitelists-2.6.32-696.10.3.el6.noarch.rpm
0ee646bb30bc95b465839b76203c4371aea05c36f9fdc1a12ff5f59d716333e5 kernel-debug-2.6.32-696.10.3.el6.i686.rpm
6257147fd5d9d5e36f6e2c50e992c72d661a07ccfd8ffc6b02ecc81cdbdbb9e5 kernel-debug-devel-2.6.32-696.10.3.el6.i686.rpm
9a9ea42cdd6b6ce5b7f62a4972f2aeaf2f990eff124aa88fbb559a423525e959 kernel-devel-2.6.32-696.10.3.el6.i686.rpm
55f6c6bd63dabafd17488a612514c98ae9b37ee61d0be089be6363d80c3b45db kernel-doc-2.6.32-696.10.3.el6.noarch.rpm
eb543c671ef9785795e3472c146c194a1b0cfbee829b0c7463f457b71f13dee2 kernel-firmware-2.6.32-696.10.3.el6.noarch.rpm
5454beb01c3d7cc4e6ccf7831ac0eb191ea2e44aaa53690c413fe44462c902b3 kernel-headers-2.6.32-696.10.3.el6.i686.rpm
9dfdf0318330bd2e6a082f0c2ffc0a52f4854ebd20da227462b03648294b7ace perf-2.6.32-696.10.3.el6.i686.rpm
083e8d2bfc51b686b8c7f263ce80f8df7ac02fb6f761d4881db2cf66b4651bd6 python-perf-2.6.32-696.10.3.el6.i686.rpm

x86_64:
06e870bb5d57fefe461086e03173b75b2fa3d26b0662c0ed218272be4f62d870 kernel-2.6.32-696.10.3.el6.x86_64.rpm
6c0a44700f042cfbd024f7b22852a63626cd2023582b7e9033d473159cf9fe30 kernel-abi-whitelists-2.6.32-696.10.3.el6.noarch.rpm
0f372b21085376d6ebe881c445d0d4852e0df7c53a57def067cc3e202e62d254 kernel-debug-2.6.32-696.10.3.el6.x86_64.rpm
6257147fd5d9d5e36f6e2c50e992c72d661a07ccfd8ffc6b02ecc81cdbdbb9e5 kernel-debug-devel-2.6.32-696.10.3.el6.i686.rpm
2ac733e53bb15e042ac8391fea5b47808bbb3608037b8fc914131a1802aa3ac3 kernel-debug-devel-2.6.32-696.10.3.el6.x86_64.rpm
d476497f262a01b016efde27d7cdc831c79bdbe1e0deb335e5d1f71f30b324e2 kernel-devel-2.6.32-696.10.3.el6.x86_64.rpm
55f6c6bd63dabafd17488a612514c98ae9b37ee61d0be089be6363d80c3b45db kernel-doc-2.6.32-696.10.3.el6.noarch.rpm
eb543c671ef9785795e3472c146c194a1b0cfbee829b0c7463f457b71f13dee2 kernel-firmware-2.6.32-696.10.3.el6.noarch.rpm
303b8df4e585d9954b566329a16f2abab68783d82ebe619b5beb08fbb7b97f3d kernel-headers-2.6.32-696.10.3.el6.x86_64.rpm
5dcd16fdfe201473d29a27074942fa1d385edf1f0e8c36cfaaec0c42e0da073d perf-2.6.32-696.10.3.el6.x86_64.rpm
6b60c2094c7628db2dfe430250829584e5e5ae958eeebef91b06effe3791de94 python-perf-2.6.32-696.10.3.el6.x86_64.rpm

Source:
6a35901d0c441f3bcfb438598e8658e497c406fab60c784a80b77c47d109c8e0 kernel-2.6.32-696.10.3.el6.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

OPNsense 17.7.4 released

RGVhciBhbGwsCgpBbm90aGVyIHdlZWssIGFub3RoZXIgdXBkYXRlLiAgTW9zdCBub3RhYmx5LCB0
aGUgVG9yIHBsdWdpbiBoYXMgYmVlbgpvZmZpY2lhbGx5IHJlbGVhc2VkLgoKTmV3IGltYWdlcyBm
aW5hbGx5IGZvbGxvdyBpbiAxNy43LjUgYW5kIHdlIGFyZSBoYXBweSB0byByZXBvcnQgdGhhdAp0
aGUgc2hhcmVkIGZvcndhcmRpbmcgYWRkaXRpb25zIGFyZSBhbHJlYWR5IHVwIGFuZCBydW5uaW5n
IG9uIHRoZQpGcmVlQlNEIDExLjEga2VybmVsIHdpdGggdHdvIG1ham9yIGltcHJvdmVtZW50czog
SVB2NiBzdXBwb3J0IGFuZAp0cnlmb3J3YXJkIGNvbXBhdGliaWxpdHkhICBUaGF0IG1lYW5zIDE4
LjEtQkVUQSBhbmQgYW4gYXNzb2NpYXRlZApwdWJsaWMgY2FsbCBmb3IgdGVzdGluZyBhcmUgbm90
IHRvbyBmYXIgb3V0IGF0IHRoaXMgcG9pbnQuCgpBbmQgaGVyZSBhcmUgdGhlIGZ1bGwgcGF0Y2gg
bm90ZXM6CgpvIHN5c3RlbTogcmVtb3ZlIHJldm9rZWQgY2VydGlmaWNhdGVzIGZyb20gbGlzdCBv
ZiBjZXJ0aWZpY2F0ZXMgdG8gcmV2b2tlCm8gZmlyZXdhbGw6IGFkZCBhZHZhbmNlZCBzZXR0aW5n
IHRvIGRpc2FibGUgaW50ZXJmYWNlIGdhdGV3YXkgcnVsZXMKbyBmaXJld2FsbDogaWdub3JlIGdh
dGV3YXkgd2VpZ2h0IG9mIHplcm8KbyBmaXJld2FsbDogYWRkIHJlcGx5LXRvIHNwZWNpZmljIGdh
dGV3YXkgaW4gcGx1Z2dhYmxlIHJ1bGVzCm8gZmlyZXdhbGw6IHN1cHBvcnQgYW5jaG9yIHF1aWNr
IGtleXdvcmQgaW4gcGx1Z2dhYmxlIHJ1bGVzCm8gaW50cnVzaW9uIGRldGVjdGlvbjogZG8gbm90
IGFsbG93IGludGVyZmFjZSBncm91cCBpbiBzZWxlY3Rpb24KbyBvcGVudnBuOiBucy1jZXJ0LXR5
cGUgYmVjb21lcyByZW1vdGUtY2VydC10bHMgaW4gY2xpZW50IGV4cG9ydApvIHdlYiBwcm94eTog
SUNBUCBleGNsdWRlIGxpc3QgKGNvbnRyaWJ1dGVkIGJ5IEFsZXhhbmRlciBTaHVyc2hhKQpvIG12
Yzogc3VwcG9ydCB2YWx1ZSBhdHRyaWJ1dGUgZm9yIG1vZGVsIG9wdGlvbiBkYXRhCm8gaW5zdGFs
bGVyOiBVRUZJIHBhcnRpdGlvbiBzaXplIGluY3JlYXNlZCB0byAyMDAgTUIKbyBpbnN0YWxsZXI6
IGFsd2F5cyBlcnJvciBvbiBwYXNzd29yZCBtaXNtYXRjaApvIHBsdWdpbnM6IG9zLWFjbWUtY2xp
ZW50IDEuMTFbMV0gKGNvbnRyaWJ1dGVkIGJ5IEZyYW5rIFdhbGwpCm8gcGx1Z2luczogb3MtYy1p
Y2FwIDEuMSBsb2dnaW5nIGFuZCB2aXJ1cyBzY2FuIHNldHRpbmdzIChjb250cmlidXRlZAogIGJ5
IE1pY2hhZWwgTXVlbnopCm8gcGx1Z2luczogb3MtdG9yIDEuMCAoY29udHJpYnV0ZWQgYnkgRmFi
aWFuIEZyYW56KQpvIHBsdWdpbnM6IG9zLXplcm90aWVyIDEuMi4wIGFsbG93cyBsb2NhbC5jb25m
IHNldHRpbmdzIChjb250cmlidXRlZAogIGJ5IERhdmlkIEhhcnJpZ2FuKQpvIHBvcnRzOiBsaWJu
Z2h0dHAyIDEuMjZbMl0KbyBwb3J0czogdW5ib3VuZCAxLjYuNlszXQpvIHBvcnRzOiBoeXBlcnNj
YW4gNC41LjJbNF0KbyBwb3J0czogcHktb3BlbnNzbCAxNy4zLjBbNV0KbyBwb3J0czogcHktY3J5
cHRvZ3JhcGh5IDIuMDNbNl0KCgpTdGF5IHNhZmUsCllvdXIgT1BOc2Vuc2UgdGVhbQoKLS0KWzFd
IGh0dHBzOi8vZ2l0aHViLmNvbS9vcG5zZW5zZS9wbHVnaW5zL3B1bGwvMjkwClsyXSBodHRwczov
L2dpdGh1Yi5jb20vbmdodHRwMi9uZ2h0dHAyL3JlbGVhc2VzL3RhZy92MS4yNi4wClszXSBodHRw
Oi8vd3d3LnVuYm91bmQubmV0L2Rvd25sb2FkLmh0bWwKWzRdIGh0dHBzOi8vZ2l0aHViLmNvbS8w
MW9yZy9oeXBlcnNjYW4vcmVsZWFzZXMKWzVdIGh0dHBzOi8vcHlvcGVuc3NsLm9yZy9lbi9zdGFi
bGUvY2hhbmdlbG9nLmh0bWwjaWQxCls2XSBodHRwczovL2NyeXB0b2dyYXBoeS5pby9lbi9sYXRl
c3QvY2hhbmdlbG9nLyN2Mi0wLTMKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX18KYW5ub3VuY2UgbWFpbGluZyBsaXN0CmFubm91bmNlQGxpc3RzLm9wbnNlbnNl
Lm9yZwpodHRwOi8vbGlzdHMub3Buc2Vuc2Uub3JnL2xpc3RpbmZvL2Fubm91bmNlCg==

Zabbix 3.4.2, 3.2.8, 3.0.11 and 2.2.20 released

Greetings!

Zabbix Team is pleased to announce the availability of Zabbix 3.4.2, 3.2.8, 3.0.11 and 2.2.20.

Complete Release Notes:

Zabbix 3.4.2: https://www.zabbix.com/rn3.4.2
Zabbix 3.2.8: https://www.zabbix.com/rn3.2.8
Zabbix 3.0.11: https://www.zabbix.com/rn3.0.11
Zabbix 2.2.20: https://www.zabbix.com/rn2.2.20

Download: https://www.zabbix.com/download

Kind regards,
Alexei Vladishev,
Zabbix Product Manager, CEO
——————————————————————————
Check out the vibrant tech community on one of the world’s most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Zabbix-announce mailing list
Zabbix-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/zabbix-announce

openSUSE-SU-2017:2567-1: important: Security update for openjpeg2

openSUSE Security Update: Security update for openjpeg2
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2567-1
Rating: important
References: #1002414 #1007739 #1007740 #1007741 #1007742
#1007743 #1007744 #1007747 #1014543 #1014975
#979907 #997857 #999817
Cross-References: CVE-2015-8871 CVE-2016-7163 CVE-2016-7445
CVE-2016-8332 CVE-2016-9112 CVE-2016-9113
CVE-2016-9114 CVE-2016-9115 CVE-2016-9116
CVE-2016-9117 CVE-2016-9118 CVE-2016-9572
CVE-2016-9573 CVE-2016-9580 CVE-2016-9581

Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

An update that fixes 15 vulnerabilities is now available.

Description:

This update for openjpeg2 fixes the following issues:

* CVE-2016-9114: NULL Pointer Access in function imagetopnm of
convert.c:1943(jp2) could lead to crash [bsc#1007740]
* CVE-2016-9115: Heap Buffer Overflow in function imagetotga of
convert.c(jp2) [bsc#1007741]
* CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer
overflow and infite loop [bsc#1014975]
* CVE-2016-9117: NULL Pointer Access in function imagetopnm of
convert.c(jp2):1289 [bsc#1007743]
* CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c
[bsc#1007744]
* CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523
[bsc#1007747]
* CVE-2016-9116: NULL Pointer Access in function imagetopnm of
convert.c:2226(jp2) [bsc#1007742]
* CVE-2016-9113: NULL point dereference in function imagetobmp of
convertbmp.c could lead to crash [bsc#1007739]
* CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could
lead to heap buffer overflow [bsc#1014543]
* CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to
code execution [bsc#1002414]
* CVE-2016-7445: Null pointer dereference in convert.c could lead to crash
[bsc#999817]
* CVE 2016-7163: Integer Overflow could lead to remote code execution
[bsc#997857]
* CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead
to denial of service [bsc#979907]

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2017-1090=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):

libopenjp2-7-2.1.0-5.1
libopenjp2-7-2.1.0-6.1
openjpeg2-2.1.0-5.1
openjpeg2-2.1.0-6.1
openjpeg2-devel-2.1.0-5.1
openjpeg2-devel-2.1.0-6.1

References:

https://www.suse.com/security/cve/CVE-2015-8871.html
https://www.suse.com/security/cve/CVE-2016-7163.html
https://www.suse.com/security/cve/CVE-2016-7445.html
https://www.suse.com/security/cve/CVE-2016-8332.html
https://www.suse.com/security/cve/CVE-2016-9112.html
https://www.suse.com/security/cve/CVE-2016-9113.html
https://www.suse.com/security/cve/CVE-2016-9114.html
https://www.suse.com/security/cve/CVE-2016-9115.html
https://www.suse.com/security/cve/CVE-2016-9116.html
https://www.suse.com/security/cve/CVE-2016-9117.html
https://www.suse.com/security/cve/CVE-2016-9118.html
https://www.suse.com/security/cve/CVE-2016-9572.html
https://www.suse.com/security/cve/CVE-2016-9573.html
https://www.suse.com/security/cve/CVE-2016-9580.html
https://www.suse.com/security/cve/CVE-2016-9581.html
https://bugzilla.suse.com/1002414
https://bugzilla.suse.com/1007739
https://bugzilla.suse.com/1007740
https://bugzilla.suse.com/1007741
https://bugzilla.suse.com/1007742
https://bugzilla.suse.com/1007743
https://bugzilla.suse.com/1007744
https://bugzilla.suse.com/1007747
https://bugzilla.suse.com/1014543
https://bugzilla.suse.com/1014975
https://bugzilla.suse.com/979907
https://bugzilla.suse.com/997857
https://bugzilla.suse.com/999817


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

New Check_MK stable release 1.2.8p26

Dear friends of Check_MK,

the new stable release 1.2.8p26 of Check_MK is ready for download.

This maintenance release for the current “oldstable” of Check_MK ships with
26 changes affecing all editions of Check_MK, 2 Enterprise Edition specific
changes and 0 Managed Service Edition specific changes.

The most important change is a security related fix (werk 5208) for the GUI.

Changes in all Check_MK Editions:

Core & Setup:
* 5038 FIX: Datasource programs: Prevent zombie processes in case of ti=
meouts…
* 5204 FIX: Host rename: Fixed broken rename of hosts in rrdcached jour=
nal…
* 5205 FIX: Host rename: Fixed broken renaming when new name uses dots.=
..

Checks & Agents:
* 5078 FIX: lnx_distro: Detects version and name of Check_MK Appliance =
correctly
* 5079 FIX: windows_tasks: Adapted man page; Some OK states were missing
* 5083 FIX: oracle_locks: Do not discover if data is incomplete…
* 5089 FIX: citrix_xenapp.ps1: Refactored; now uses powershell commands=
for Citrix environment instead of WMI objects which caused runtime errors
* 5091 FIX: Perfometer: Allow zero as maximal value; Fixed unsupported =
operand type for /: ‘float’ and ‘NoneType’
* 5093 FIX: dell_poweredge_temp: Fixed device levels handling if they a=
re empty
* 5095 FIX: “Round trip average” graph: Added warn and crit lines
* 5096 FIX: mk_oracle_crs: crs_stat command is deprecated since Oracle =
11gR2; Now the plugin handles that correctly
* 4804 FIX: brocade_fcport: Fix limiting discovered ports by operationa=
l and physical status…
* 5110 FIX: appdynamics_memory: Fixed crashing if max. available for he=
ap or non-heap memory is zero
* 5113 FIX: cifsmounts: Fixed wrong reported error message if user has =
not right permissions on mount point
* 5114 FIX: ps, ps.perf: Allow “/” in process name in manual checks
* 5115 FIX: zfs_arc_cache: Fixed wrong detected lines from agent output=
if they contain no counters, eg. ‘class =3D misc’
* 5120 FIX: ps, ps.perf: Fixed regex range introduced with werk 5114 wh=
ich allows “/” in process name in manual checks
* 5121 FIX: check_sql: Added error message if cx_Oracle module is not i=
nstalled
* 5014 FIX: df: Fixed error if dynamic levels should be set…
* 5125 FIX: brocade_mlx_power: Fixed wrong index usage which led to und=
etected power supplies
* 5278 FIX: check_mk_agent.linux: Fixed wrong detected sensors in state=
“State disasserted”
* 5279 FIX: qnap_disks: Just discover slots that are not empty
* 5281 FIX: apache_status: Fixed ignoring invalid lines
* 5282 FIX: hpux_tunables: Fixed discovering kernel tunables on HPUX 11=
.23
* 5016 FIX: hp_proliant_temp: Fixed crash if thresholds are set manuall=
y…

Multisite:
* 5208 SEC: Fix possibe information disclosure to unauthenticated users=

Changes in the Check_MK Enterprise Edition:

You can download Check_MK from our download page:
* http://mathias-kettner.de/check_mk_download.html

Please mail bug reports and qualified feedback to feedback@check-mk.org.
We greatly thank you for using Check_MK and wish you a successful monitorin=
g,

Your Check_MK Team

— =

Mathias Kettner GmbH
Kellerstra=DFe 29, 81667 M=FCnchen, Germany
Registergericht: Amtsgericht M=FCnchen, HRB 165902
Gesch=E4ftsf=FChrer: Mathias Kettner
http://mathias-kettner.de
Tel. +49 89 1890 435-0
Fax. +49 89 1890 435-29

_______________________________________________
Checkmk-announce mailing list
Checkmk-announce@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-announce

New Check_MK stable release 1.4.0p13

Dear friends of Check_MK,

the new stable release 1.4.0p13 of Check_MK is ready for download.

This maintenance release ships with 16 changes affecing all editions of Che=
ck_MK,
2 Enterprise Edition specific changes and 0 Managed Service Edition specifi=
c changes.

Changes in all Check_MK Editions:

WATO:
* 5295 FIX: Service discovery: Fixed permission handling regarding foreign =
changes if user just performs a service discovery
* 5229 FIX: Rename host: fixed exception when having more than 1024 users c=
onfigured

Reporting & availability:
* 3919 FIX: PDF: Improved handling of long words in text wrapping

Checks & agents:
* 5280 FIX: rds_licenses: Fixed missing includes
* 5279 FIX: qnap_disks: Just discover slots that are not empty
* 5287 FIX: postfix_mailq: Fixed parameter handling
* 5311 FIX: oracle_performance: Making sure that we use float instead of in=
teger for correct calculations
* 5283 FIX: megaraid_ldisks: Fixed error during discovery: UnboundLocalErro=
r: local variable ‘item’ referenced before assignment
* 5230 FIX: logwatch/logwatch.ec: fixed “no forwarding” option in rule “Log=
watch Event Console Forwarding”
* 5282 FIX: hpux_tunables: Fixed discovering kernel tunables on HPUX 11.23
* 5016 FIX: hp_proliant_temp: Fixed crash if thresholds are set manually
* 5221 FIX: esx_vsphere_hostsystem.cpu_usage, esx_vsphere_hostsystem.cpu_ut=
il_cluster: Fix min/max values in perfdata
* 5278 FIX: check_mk_agent.linux: Fixed wrong detected sensors in state “St=
ate disasserted”
* 5281 FIX: apache_status: Fixed ignoring invalid lines
* 5284 FIX: akcp_exp_humidity, akcp_sensor_humidity, allnet_ip_sensoric, ap=
c_humidity, etherbox, humidity.include, knuerr_rms_humidity, stulz_humidity=
, tinkerforge: Fixed wrong parameters
* 5034 FIX: Do not skip first entry in Windows eventlog

Changes in the Check_MK Enterprise Edition:

Checks & agents:
* 5222 FIX: mrpe: Fix compatibility of bakery ruleset when updating from 1.=
2.8*

Agent bakery:
* 5259 FIX: cmk-update-agent: Improving robustness in curl handling

Changes in the Check_MK Managed Service Edition:

NO CHANGES

You can download Check_MK from our download page:
* http://mathias-kettner.de/check_mk_download.html

Please mail bug reports and qualified feedback to feedback@check-mk.org.
We greatly thank you for using Check_MK and wish you a successful monitorin=
g,

Your Check_MK Team

— =

Mathias Kettner GmbH
Kellerstra=DFe 29, 81667 M=FCnchen, Germany
Registergericht: Amtsgericht M=FCnchen, HRB 165902
Gesch=E4ftsf=FChrer: Mathias Kettner
http://mathias-kettner.de
Tel. +49 89 1890 435-0
Fax. +49 89 1890 435-29

_______________________________________________
Checkmk-announce mailing list
Checkmk-announce@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-announce

Announcing the release of Gluster 3.12 on CentOS Linux 7 x86_64

–===============3844504086375956254==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol=”application/pgp-signature”; boundary=”SUOF0GtieIMvvwua”
Content-Disposition: inline

–SUOF0GtieIMvvwua
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

I am happy to announce the General Availability of Gluster 3.12 for
CentOS 7 on x86_64. These packages are following the upstream Gluster
Community releases, and will receive monthly bugfix updates.

Gluster 3.12 is a Long-Term-Maintenance release, and will receive
updates for approximately 18 months. The difference between
Long-Term-Maintenance and Short-Term-Maintenance releases is explained
on the Gluster release schedule page:
https://www.gluster.org/community/release-schedule/

Users of CentOS 7 can now simply install Gluster 3.12 with only these two
commands:

# yum install centos-release-gluster
# yum install glusterfs-server

The centos-release-gluster package is delivered via CentOS Extras repos.
This contains all the metadata and dependency information, needed to
install Gluster 3.12. The actual package that will get installed is
centos-release-gluster312. Users of the now End-Of-Life
Short-Term-Maintenance Gluster 3.11 will automatically get the update to
Gluster 3.12, whereas users of Gluster 3.10 can stay on that
Long-Term-Maintenance release for an other six months.

Users of Gluster 3.8 will need to manually upgrade by uninstalling the
centos-release-gluster38 package, and replacing it with either the
Gluster 3.12 or 3.10 version. Additional details about the upgrade
process are linked in the announcement from the Gluster Community:
http://lists.gluster.org/pipermail/announce/2017-September/000082.html

We have a quickstart guide specifically built around the packages are
available, it makes for a good introduction to Gluster and will help get
you started in just a few simple steps, this quick start is available at
https://wiki.centos.org/SpecialInterestGroup/Storage/gluster-Quickstart

More details about the packages that the Gluster project provides in the
Storage SIG is available in the documentation:
https://wiki.centos.org/SpecialInterestGroup/Storage/Gluster

The centos-release-gluster* repositories offer additional packages that
enhance the usability of Gluster itself. Utilities and tools that were
working with previous versions of Gluster are expected to stay working
fine. If there are any problems, or requests for additional tools and
applications to be provided, just send us an email with your
suggestions. The current list of packages that is (planned to become)
available can be found here:
https://wiki.centos.org/SpecialInterestGroup/Storage/Gluster/Ecosystem-pkgs

We welcome all feedback, comments and contributions. You can get in
touch with the CentOS Storage SIG on the centos-devel mailing list
(https://lists.centos.org ) and with the Gluster developer and user
communities at https://www.gluster.org/mailman/listinfo , we are also
available on irc at #gluster on irc.freenode.net, and on twitter at
@gluster .

Cheers,
Niels de Vos
Storage SIG member & Gluster maintainer

–SUOF0GtieIMvvwua
Content-Type: application/pgp-signature; name=”signature.asc”

—–BEGIN PGP SIGNATURE—–

iQIcBAEBAgAGBQJZyi7oAAoJECXo5AApwsWz7uAQANBANgzzGVctOqK188kSrjft
sf1wul5hDrOKeTOQ19BxXKB1zb42r0j6h1TG5/PLyfjVLjaHZZK39IMxYW40ggYj
TAedcfc2nduGK+NLAEL75TrtZvAj49LQFMqDzjMI4Ku1QzOTZCNzeU97T5Udl1/2
MO+hUziv7fRQl9wm9jIjUEtKMWDSDOrzo3IJvBvbse5FgiYa4okaZx22oOTbSUwM
Ee36V98hImVmzteFrdsHKIwNAhOR/3nSu2OCvnEwHgopw88G1iz3K7QBffsnYgrA
yUbnf7M/pr9eiHTF/K9rgB689vi2cj9qGsRlc2EXfNejpo5r6NiXBNnH4D034ym8
bWq0KDBccxN9aEaia4lBjnKnObmIthlwUs+KH2yr6gJ/6tSx5SVdv9ycXuWCXoyW
dm4zknoNzo22TfSgaguEjU7M1kyxbjOlAA32BB9+hr7dUQWuBB2w3kms0ow88Tym
j+0+FuJIMmYQ13sbkOKqVSXMuZqYXW7eUNKNkBZwz7MeUTi84vthHlSgxVqZ6f2O
4ibnpwhB+TrxWvbzegZde0qVtMIBzJ2nEUhOjyogDYk2rYdcBUP1EhJrEWrMHbd9
vc0iCrmWhzzwcEM5PNJQhUYrfHPSyX53XlWqP7T87/3JhLJpmG0tODVGEAcIUWH9
/XrX1TFRvMGFgQoQJwLn
=PG/1
—–END PGP SIGNATURE—–

–SUOF0GtieIMvvwua–

–===============3844504086375956254==
Content-Type: text/plain; charset=”us-ascii”
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

–===============3844504086375956254==–

CESA-2017:2790 Moderate CentOS 7 samba Security Update

CentOS Errata and Security Advisory 2017:2790 Moderate

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2790

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
caba3f119d5cba32ffe42a769b47aa29f5c3918b2700ce283bc5dcdf56d00a8d ctdb-4.6.2-11.el7_4.x86_64.rpm
a9700b09956c3485efa48b9b72f30dd7986958d4882f7edff777e1c7d8b0e6df ctdb-tests-4.6.2-11.el7_4.x86_64.rpm
c92bc7ea68e289579679bada2a31f9ac1ce8bde5956563614eef91dd84375107 libsmbclient-4.6.2-11.el7_4.i686.rpm
3d38741a74f33d2db9c2d60d304c34a903ceafdb67899f905ce6a823007752b3 libsmbclient-4.6.2-11.el7_4.x86_64.rpm
9343afcf2c447a68bb2bff445884b54466ccdb510614ce064ae0de3756b18666 libsmbclient-devel-4.6.2-11.el7_4.i686.rpm
a537f6b0386e918eca30418025f50dc3927c738edeff4136a5c2ae6e715fee0a libsmbclient-devel-4.6.2-11.el7_4.x86_64.rpm
7e5bc4580705aa15d99932b7c3f240d26a26ea19642ca167269cc9074862a28c libwbclient-4.6.2-11.el7_4.i686.rpm
50c946607f828ac721ac48be15992e9065de14312035cb2cb46036f6163e6404 libwbclient-4.6.2-11.el7_4.x86_64.rpm
6e6da2088bc3c3d27da2a96018b37b22f8b16fd9743fe820285ce20aab677dd7 libwbclient-devel-4.6.2-11.el7_4.i686.rpm
51e0edf6e01407e2bc2f9497cafd701024db85f9181b14984a950360b94a9e16 libwbclient-devel-4.6.2-11.el7_4.x86_64.rpm
ba47b501512978d111761ff19dab144507c97062c936373b303c83a0a7cbe4c9 samba-4.6.2-11.el7_4.x86_64.rpm
1ea2818d608caebd3aab9d9fc4dc41617c15b608ab7bac79fc342730588bd9b5 samba-client-4.6.2-11.el7_4.x86_64.rpm
6a64a3576fc40d1dc3f827bd20153491e2fdcf15dd3362e817d032c7432fc51b samba-client-libs-4.6.2-11.el7_4.i686.rpm
b218c017ffb84660bcf327f47a504c44ee042527f609ef1a43b8354d1a5116de samba-client-libs-4.6.2-11.el7_4.x86_64.rpm
c4422f65f1fe3716b765170afa36e4250fc3637421a3bfa3fb4c5a32b5727873 samba-common-4.6.2-11.el7_4.noarch.rpm
856e39494bb2207b6100ada647419c378b578f5e51882c64da3b3caf2224a6c0 samba-common-libs-4.6.2-11.el7_4.x86_64.rpm
ce205fac1766b8e47a6e0650a89806192b3ad4bc2660bced20ae0be9d92e2fb3 samba-common-tools-4.6.2-11.el7_4.x86_64.rpm
6d9ee1bc0fe413822f48daf29b9512dac4eddc146983637fbaa077f5f4280b86 samba-dc-4.6.2-11.el7_4.x86_64.rpm
2fa6a2ec3f02c6417dfaea930ad80e51b7675765610338d60d1bc5bc41c9e9ce samba-dc-libs-4.6.2-11.el7_4.x86_64.rpm
1ca2778392b20854f7393a708236b9f540de48858317453c4c2b604b9bc94fec samba-devel-4.6.2-11.el7_4.i686.rpm
08b878ef5c4aeaa5cbb12daf99c6fefe39df84b17fa5b94353ca7a7de7143bf5 samba-devel-4.6.2-11.el7_4.x86_64.rpm
c3e27385cecd6b7d78c38ae7fbb3693e547f0c4db7bae05b39ab8e6defbbb262 samba-krb5-printing-4.6.2-11.el7_4.x86_64.rpm
12841d68047b9038e53e21566b6ab00f9cdf8f8fd94e81c012a9376f62bc8999 samba-libs-4.6.2-11.el7_4.i686.rpm
1a04433b8a39dd670c149ecf0e0f83a39c3c0fb7d8bb9133a56fa1b2adf2f998 samba-libs-4.6.2-11.el7_4.x86_64.rpm
7ce137a14fb0b3bd7063a71630590dede4134c7e9197a4aa6e7f01af09f33bfb samba-pidl-4.6.2-11.el7_4.noarch.rpm
36ba02cfff0c5d04a576c645add308bce2ac730c4f10847eba52802f831ae0c6 samba-python-4.6.2-11.el7_4.x86_64.rpm
a4c456ba9f710f08a73a57acf0aaaf0dfb89c1d4c90ad7c18803936535a7a92d samba-test-4.6.2-11.el7_4.x86_64.rpm
b5c80a2c3bed6d70f7a97bf37aa5c8c4de1f05b039e29ad9da14bc3a6be16345 samba-test-libs-4.6.2-11.el7_4.i686.rpm
c73694995c0304dc02a6f6f7e84a6dae9faab941d83db8d9c268f073674775c7 samba-test-libs-4.6.2-11.el7_4.x86_64.rpm
762977f43d1bd19a0f21ca76748038a4139ed8f83a080dac98773f6c74273276 samba-vfs-glusterfs-4.6.2-11.el7_4.x86_64.rpm
f1551403f32e0e488f4ad71de0ea2ee50c53509851c41e33ed5ea310dcf82328 samba-winbind-4.6.2-11.el7_4.x86_64.rpm
c421ddee28dfb0c03ca00682a6609379615c856128558143a50fddf1c20d3565 samba-winbind-clients-4.6.2-11.el7_4.x86_64.rpm
842a4154f78bd7fd123ea3a463f0e3f7a72ffefd3147377b715b02fc73fcc113 samba-winbind-krb5-locator-4.6.2-11.el7_4.x86_64.rpm
aa6e74223be5ce46d48e9e279fc49bc4b01b7faae114b5a862db98876270bbc1 samba-winbind-modules-4.6.2-11.el7_4.i686.rpm
034e2a59161d188fb0f023a05d8ccd8815908fd83a1806c24c907b90c0dba62c samba-winbind-modules-4.6.2-11.el7_4.x86_64.rpm

Source:
f3c3cdfa0bd76ab38a298bf0f4f5a2e9e727312f23e1d010c95dc924c54a6057 samba-4.6.2-11.el7_4.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

SUSE-SU-2017:2541-1: important: Security update for xen

SUSE Security Update: Security update for xen
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2541-1
Rating: important
References: #1002573 #1027519 #1032598 #1037413 #1046637
#1047675 #1048920 #1049578 #1051787 #1051788
#1052686 #1056278 #1056281 #1056282
Cross-References: CVE-2017-10664 CVE-2017-10806 CVE-2017-11334
CVE-2017-11434 CVE-2017-12135 CVE-2017-12137
CVE-2017-12855 CVE-2017-14316 CVE-2017-14317
CVE-2017-14319
Affected Products:
SUSE Linux Enterprise Server for SAP 12
SUSE Linux Enterprise Server 12-LTSS
______________________________________________________________________________

An update that solves 10 vulnerabilities and has four fixes
is now available.

Description:

This update for xen fixes several issues.

These security issues were fixed:

– CVE-2017-12135: Unbounded recursion in grant table code allowed a
malicious guest to crash the host or potentially escalate
privileges/leak information (XSA-226, bsc#1051787).
– CVE-2017-12137: Incorrectly-aligned updates to pagetables allowed for
privilege escalation (XSA-227, bsc#1051788).
– CVE-2017-11334: The address_space_write_continue function in exec.c
allowed local guest OS privileged users to cause a denial of service
(out-of-bounds access and guest instance crash) by leveraging use of
qemu_map_ram_ptr to access guest ram block area (bsc#1048920).
– CVE-2017-11434: The dhcp_decode function in slirp/bootp.c allowed local
guest OS users to cause a denial of service (out-of-bounds read) via a
crafted DHCP
options string (bsc#1049578).
– CVE-2017-10806: Stack-based buffer overflow in hw/usb/redirect.c allowed
local guest OS users to cause a denial of service via vectors related to
logging debug messages (bsc#1047675).
– CVE-2017-10664: qemu-nbd did not ignore SIGPIPE, which allowed remote
attackers to cause a denial of service (daemon crash) by disconnecting
during a server-to-client reply attempt (bsc#1046637).
– CVE-2017-12855: Premature clearing of GTF_writing / GTF_reading lead to
potentially leaking sensitive information (XSA-230, bsc#1052686).
– CVE-2017-14316: Missing bound check in function `alloc_heap_pages` for
an internal array allowed attackers using crafted hypercalls to execute
arbitrary code within Xen (XSA-231, bsc#1056278)
– CVE-2017-14317: A race in cxenstored may have cause a double-free
allowind for DoS of the xenstored daemon (XSA-233, bsc#1056281).
– CVE-2017-14319: An error while handling grant mappings allowed malicious
or buggy x86 PV guest to escalate its privileges or crash the hypervisor
(XSA-234, bsc#1056282).

These non-security issues were fixed:

– bsc#1002573: Optimized LVM functions in block-dmmd block-dmmd
– bsc#1032598: Prevent removal of NVME devices
– bsc#1037413: Support for newer intel cpu’s, mwait-idle driver and skylake

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server for SAP 12:

zypper in -t patch SUSE-SLE-SAP-12-2017-1576=1

– SUSE Linux Enterprise Server 12-LTSS:

zypper in -t patch SUSE-SLE-SERVER-12-2017-1576=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server for SAP 12 (x86_64):

xen-4.4.4_22-22.51.2
xen-debugsource-4.4.4_22-22.51.2
xen-doc-html-4.4.4_22-22.51.2
xen-kmp-default-4.4.4_22_k3.12.61_52.89-22.51.2
xen-kmp-default-debuginfo-4.4.4_22_k3.12.61_52.89-22.51.2
xen-libs-32bit-4.4.4_22-22.51.2
xen-libs-4.4.4_22-22.51.2
xen-libs-debuginfo-32bit-4.4.4_22-22.51.2
xen-libs-debuginfo-4.4.4_22-22.51.2
xen-tools-4.4.4_22-22.51.2
xen-tools-debuginfo-4.4.4_22-22.51.2
xen-tools-domU-4.4.4_22-22.51.2
xen-tools-domU-debuginfo-4.4.4_22-22.51.2

– SUSE Linux Enterprise Server 12-LTSS (x86_64):

xen-4.4.4_22-22.51.2
xen-debugsource-4.4.4_22-22.51.2
xen-doc-html-4.4.4_22-22.51.2
xen-kmp-default-4.4.4_22_k3.12.61_52.89-22.51.2
xen-kmp-default-debuginfo-4.4.4_22_k3.12.61_52.89-22.51.2
xen-libs-32bit-4.4.4_22-22.51.2
xen-libs-4.4.4_22-22.51.2
xen-libs-debuginfo-32bit-4.4.4_22-22.51.2
xen-libs-debuginfo-4.4.4_22-22.51.2
xen-tools-4.4.4_22-22.51.2
xen-tools-debuginfo-4.4.4_22-22.51.2
xen-tools-domU-4.4.4_22-22.51.2
xen-tools-domU-debuginfo-4.4.4_22-22.51.2

References:

https://www.suse.com/security/cve/CVE-2017-10664.html
https://www.suse.com/security/cve/CVE-2017-10806.html
https://www.suse.com/security/cve/CVE-2017-11334.html
https://www.suse.com/security/cve/CVE-2017-11434.html
https://www.suse.com/security/cve/CVE-2017-12135.html
https://www.suse.com/security/cve/CVE-2017-12137.html
https://www.suse.com/security/cve/CVE-2017-12855.html
https://www.suse.com/security/cve/CVE-2017-14316.html
https://www.suse.com/security/cve/CVE-2017-14317.html
https://www.suse.com/security/cve/CVE-2017-14319.html
https://bugzilla.suse.com/1002573
https://bugzilla.suse.com/1027519
https://bugzilla.suse.com/1032598
https://bugzilla.suse.com/1037413
https://bugzilla.suse.com/1046637
https://bugzilla.suse.com/1047675
https://bugzilla.suse.com/1048920
https://bugzilla.suse.com/1049578
https://bugzilla.suse.com/1051787
https://bugzilla.suse.com/1051788
https://bugzilla.suse.com/1052686
https://bugzilla.suse.com/1056278
https://bugzilla.suse.com/1056281
https://bugzilla.suse.com/1056282


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

CESA-2017:2791 Moderate CentOS 6 samba4 Security Update

CentOS Errata and Security Advisory 2017:2791 Moderate

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2791

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
0a270c83eaef22cfabea69ded4a95070bb87f595fe66cf200ffe4cfb886f27e6 samba4-4.2.10-11.el6_9.i686.rpm
d5145f8a1b1dd5668b2ffec8921447c6d947073326bae3fffbc9cebae547906f samba4-client-4.2.10-11.el6_9.i686.rpm
9e240342d747556b022b22bbd34327b753eb5fe104aba3075500bea4ac8436d2 samba4-common-4.2.10-11.el6_9.i686.rpm
5cbc5c9c8bea3fdba922bca6c23619f1950019b72c13b63e13f78b7151362667 samba4-dc-4.2.10-11.el6_9.i686.rpm
70384e1bfad4f2303e9a0e507823a42911854720e1de7f6ffe056059e0fde032 samba4-dc-libs-4.2.10-11.el6_9.i686.rpm
496d1cd9ce4824ed385471ac894bc0ef37ac7e51fc871d89b6a3971738a36a99 samba4-devel-4.2.10-11.el6_9.i686.rpm
6e31f217fdffff580e8acbfb6f053e6eb6c9d10e9b986dead0f4ddc85665b2ff samba4-libs-4.2.10-11.el6_9.i686.rpm
20a8cee21b636d0e255eb01d5b453840c52df23b4fd2777d3c1416b4f1481344 samba4-pidl-4.2.10-11.el6_9.i686.rpm
f60934264e4e5a831f01dd92b9a782495fb35dc3f57ed8db5d50388753f331a2 samba4-python-4.2.10-11.el6_9.i686.rpm
216f56dcc8317d30d0c3da7f48702869e37bf81da1c7ad7489e0250b6d481d29 samba4-test-4.2.10-11.el6_9.i686.rpm
ce3b42f0270059a67a7af91f405d7c741c89a55a7ccbad61c91c791792c69a8f samba4-winbind-4.2.10-11.el6_9.i686.rpm
d50ece6fc48ccb9e14abca9d74e57303560438f4810b53a3c30cb4271fe98dde samba4-winbind-clients-4.2.10-11.el6_9.i686.rpm
88a6dc859113529dea26fa6af0fcbcbded39250444b80415a5e48762a568d566 samba4-winbind-krb5-locator-4.2.10-11.el6_9.i686.rpm

x86_64:
78ebbf2c71c71e788a98bb750b68a97bd0668e83b125bc5f150fedcefa73099d samba4-4.2.10-11.el6_9.x86_64.rpm
f69f361bc57623978aedabc20dde64ea87373c972dacee30462d8609dd47975f samba4-client-4.2.10-11.el6_9.x86_64.rpm
96367c12188a2f250fa60ed0a36df33a4a44e00b9e437f1a1518633152d6d962 samba4-common-4.2.10-11.el6_9.x86_64.rpm
e3ba5ac3a1cae4f8ad3d15ea312d74ae92c7e75fb8d0d1fc1944990d0c79e6f3 samba4-dc-4.2.10-11.el6_9.x86_64.rpm
f7ae4420d731756eb239e48b07b3348a89d3d26e6196d5c2df477549ed3a865c samba4-dc-libs-4.2.10-11.el6_9.x86_64.rpm
d568c1cb2aed2c1191bbff1b60277f526e1c7e8a5a7128fbc55dd454e0c66dc9 samba4-devel-4.2.10-11.el6_9.x86_64.rpm
a9b99ca9ee233be3ede674b4d5ad3eb1b52cf2205478051d3b23c3f60f010ed5 samba4-libs-4.2.10-11.el6_9.x86_64.rpm
1a49ee090c6e26f96dd0a221da1bbf254ed9bae453a6619bd3ff93fa703a81e0 samba4-pidl-4.2.10-11.el6_9.x86_64.rpm
ae13c7ba50e2b35d3292d57a85f9ab6ee9103a2f517ad5f324539912e4380b9d samba4-python-4.2.10-11.el6_9.x86_64.rpm
48d8d8f280736af98692a2bd3aa5a052a77239f7aee31df7eb78d4e09bf2db16 samba4-test-4.2.10-11.el6_9.x86_64.rpm
7a8112327b48b75fe320eeed72c0f00d6dc2b35db16f8d888422381b9703f4b6 samba4-winbind-4.2.10-11.el6_9.x86_64.rpm
5851315dd2b1aca5052ef4b1e4f85f37f9fc89d8e04046640f0d21b6f34528b8 samba4-winbind-clients-4.2.10-11.el6_9.x86_64.rpm
52f4e3bf71d1b34dc7a7b520e93959061175f607615e4c5d2271acbff9623232 samba4-winbind-krb5-locator-4.2.10-11.el6_9.x86_64.rpm

Source:
0273970d3e7fb1286539abea52dac10a54a8fcdc3d50cf1a6ed1f63a3c253e14 samba4-4.2.10-11.el6_9.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

SUSE-SU-2017:2548-1: important: Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:2548-1
Rating: important
References: #1057389
Cross-References: CVE-2017-1000251
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-EXTRA
SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive the
following security fixes:

– CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel was
vulnerable to a stack overflow while processing L2CAP configuration
responses, resulting in a potential remote code execution vulnerability.
[bnc#1057389]

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Software Development Kit 11-SP4:

zypper in -t patch sdksp4-kernel-source-13286=1

– SUSE Linux Enterprise Server 11-SP4:

zypper in -t patch slessp4-kernel-source-13286=1

– SUSE Linux Enterprise Server 11-EXTRA:

zypper in -t patch slexsp3-kernel-source-13286=1

– SUSE Linux Enterprise Debuginfo 11-SP4:

zypper in -t patch dbgsp4-kernel-source-13286=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Software Development Kit 11-SP4 (noarch):

kernel-docs-3.0.101-108.10.2

– SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

kernel-default-3.0.101-108.10.1
kernel-default-base-3.0.101-108.10.1
kernel-default-devel-3.0.101-108.10.1
kernel-source-3.0.101-108.10.1
kernel-syms-3.0.101-108.10.1
kernel-trace-3.0.101-108.10.1
kernel-trace-base-3.0.101-108.10.1
kernel-trace-devel-3.0.101-108.10.1

– SUSE Linux Enterprise Server 11-SP4 (i586 x86_64):

kernel-ec2-3.0.101-108.10.1
kernel-ec2-base-3.0.101-108.10.1
kernel-ec2-devel-3.0.101-108.10.1
kernel-xen-3.0.101-108.10.1
kernel-xen-base-3.0.101-108.10.1
kernel-xen-devel-3.0.101-108.10.1

– SUSE Linux Enterprise Server 11-SP4 (ppc64):

kernel-bigmem-3.0.101-108.10.1
kernel-bigmem-base-3.0.101-108.10.1
kernel-bigmem-devel-3.0.101-108.10.1
kernel-ppc64-3.0.101-108.10.1
kernel-ppc64-base-3.0.101-108.10.1
kernel-ppc64-devel-3.0.101-108.10.1

– SUSE Linux Enterprise Server 11-SP4 (s390x):

kernel-default-man-3.0.101-108.10.1

– SUSE Linux Enterprise Server 11-SP4 (i586):

kernel-pae-3.0.101-108.10.1
kernel-pae-base-3.0.101-108.10.1
kernel-pae-devel-3.0.101-108.10.1

– SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):

kernel-default-extra-3.0.101-108.10.1

– SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):

kernel-xen-extra-3.0.101-108.10.1

– SUSE Linux Enterprise Server 11-EXTRA (x86_64):

kernel-trace-extra-3.0.101-108.10.1

– SUSE Linux Enterprise Server 11-EXTRA (ppc64):

kernel-ppc64-extra-3.0.101-108.10.1

– SUSE Linux Enterprise Server 11-EXTRA (i586):

kernel-pae-extra-3.0.101-108.10.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

kernel-default-debuginfo-3.0.101-108.10.1
kernel-default-debugsource-3.0.101-108.10.1
kernel-trace-debuginfo-3.0.101-108.10.1
kernel-trace-debugsource-3.0.101-108.10.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 s390x x86_64):

kernel-default-devel-debuginfo-3.0.101-108.10.1
kernel-trace-devel-debuginfo-3.0.101-108.10.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):

kernel-ec2-debuginfo-3.0.101-108.10.1
kernel-ec2-debugsource-3.0.101-108.10.1
kernel-xen-debuginfo-3.0.101-108.10.1
kernel-xen-debugsource-3.0.101-108.10.1
kernel-xen-devel-debuginfo-3.0.101-108.10.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64):

kernel-bigmem-debuginfo-3.0.101-108.10.1
kernel-bigmem-debugsource-3.0.101-108.10.1
kernel-ppc64-debuginfo-3.0.101-108.10.1
kernel-ppc64-debugsource-3.0.101-108.10.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586):

kernel-pae-debuginfo-3.0.101-108.10.1
kernel-pae-debugsource-3.0.101-108.10.1
kernel-pae-devel-debuginfo-3.0.101-108.10.1

References:

https://www.suse.com/security/cve/CVE-2017-1000251.html
https://bugzilla.suse.com/1057389


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

CESA-2017:2788 Important CentOS 7 augeas Security Update

CentOS Errata and Security Advisory 2017:2788 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2788

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
1c8dd8681d9e50e46c9d92a0ac04434e524d82aee002f6930bf6a52c2f06b2fa augeas-1.4.0-2.el7_4.1.x86_64.rpm
2bc4b590eb8017d192784ff29e1d4e367824130ef4f4fc2c842bbc15f0f7d229 augeas-devel-1.4.0-2.el7_4.1.i686.rpm
352ce5c564d41e466564b77f45bd41e2e6041b2e5bc7d532498e5474c73cbd64 augeas-devel-1.4.0-2.el7_4.1.x86_64.rpm
11b173f9efe24886b450d91cc7c32f6708fa7aca0ccfae6a24e420eb753a9e9d augeas-libs-1.4.0-2.el7_4.1.i686.rpm
7db0f60d45ae77f05c0a8019d4695892718e957c59d400dc269726301f7885c6 augeas-libs-1.4.0-2.el7_4.1.x86_64.rpm

Source:
4351d831197d01d98d950e0989f6e9012f6890f3711e001d9a23471c8d5ec779 augeas-1.4.0-2.el7_4.1.src.rpm


Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce