CEBA-2017:1728 CentOS 6 ksh BugFix Update

The following information has been provided by the centos announce mailing list.

CentOS Errata and Bugfix Advisory 2017:1728

Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-1728.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
a63c7dc235dc20a6cef8b6bff6d10f6d381ac1e04a974d00f9c1ef7b46cc6845  ksh-20120801-35.el6_9.i686.rpm

x86_64:
0bef7d82534c6f5711bb1c10dee7df9a3c6c93e042907e2b1cf54f63cd384a43  ksh-20120801-35.el6_9.x86_64.rpm

Source:
e784dc6b5c41be4544539fec38ccb9b278930f8e29a4f425653002123ca75b4b  ksh-20120801-35.el6_9.src.rpm

CEBA-2017:1725 CentOS 6 iscsi-initiator-utils BugFix Update

The following information has been provided by the centos announce mailing list.

CentOS Errata and Bugfix Advisory 2017:1725

Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-1725.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
bb20f5019d41d5a7e53b75e8955288aa082ec9c50f924e762ccbe8a96623154b  iscsi-initiator-utils-6.2.0.873-27.el6_9.i686.rpm
7e8a7902df11baea3e2c5094a5eb2a2c7e9b2d0bdb6c03d08fdabaf1d116f63d  iscsi-initiator-utils-devel-6.2.0.873-27.el6_9.i686.rpm

x86_64:
865b4b9655f3b47c1482b32be23a4ffccbb89e65152e4d5ec7da5c7e3f461d5c  iscsi-initiator-utils-6.2.0.873-27.el6_9.x86_64.rpm
bd94ce8f14c0155273cbe62a33689b611898d290526f36c0361ff6b16d827963  iscsi-initiator-utils-devel-6.2.0.873-27.el6_9.x86_64.rpm

Source:
b1c85647ee0fc61a7ddeedea58b96fabef6e629d19eb1666da80e2a8e40ad4fe  iscsi-initiator-utils-6.2.0.873-27.el6_9.src.rpm

CEBA-2017:1729 CentOS 6 createrepo BugFix Update

The following information has been provided by the centos announce mailing list.

CentOS Errata and Bugfix Advisory 2017:1729

Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-1729.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
92e8887e8fd36d1539ed10f50f62f4136e38b691f3c71ea115ec682cf986ffae  createrepo-0.9.9-27.el6_9.noarch.rpm

x86_64:
92e8887e8fd36d1539ed10f50f62f4136e38b691f3c71ea115ec682cf986ffae  createrepo-0.9.9-27.el6_9.noarch.rpm

Source:
17b476a54cc8e033e4c8137a6db04e937e261776eb0513245485dda7d6d4f224  createrepo-0.9.9-27.el6_9.src.rpm

CEBA-2017:1726 CentOS 6 procps BugFix Update

The following information has been provided by the centos announce mailing list.

CentOS Errata and Bugfix Advisory 2017:1726

Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-1726.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
173c28bbd1d2b0e220b583e149d8147fa8087a2ee90943d12d96a3740f32cb94  procps-3.2.8-45.el6_9.1.i686.rpm
48293353c4a931b0c5b812209b75b49ab126868e7292a64fd9cc76e03eb0adcd  procps-devel-3.2.8-45.el6_9.1.i686.rpm

x86_64:
173c28bbd1d2b0e220b583e149d8147fa8087a2ee90943d12d96a3740f32cb94  procps-3.2.8-45.el6_9.1.i686.rpm
c7ccee19812a0c0a66625e854f6a42984b4c0339c322c22d84f557468aa38dee  procps-3.2.8-45.el6_9.1.x86_64.rpm
48293353c4a931b0c5b812209b75b49ab126868e7292a64fd9cc76e03eb0adcd  procps-devel-3.2.8-45.el6_9.1.i686.rpm
37d754536a33cf0bf38ad8e857e4cb9a2fee6c1e93f224f703a2d560c42644f5  procps-devel-3.2.8-45.el6_9.1.x86_64.rpm

Source:
4f301ec41df4f7fa1376e78f247465b287f7876d87fa2b541dfda73f4416862e  procps-3.2.8-45.el6_9.1.src.rpm

CESA-2017:1723 Important CentOS 6 kernel Security Update

The following information has been provided by the centos announce mailing list.

CentOS Errata and Security Advisory 2017:1723 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-1723.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
927051b28b0e44d5e74a1a4d367a7a874cd9b225cff8c22fcbc1baf59b99a41b  kernel-2.6.32-696.6.3.el6.i686.rpm
b12d1db312fa2114674a8389513ede10b44a1dbd1d477fec7764fa49d019540b  kernel-abi-whitelists-2.6.32-696.6.3.el6.noarch.rpm
4a9d7e578ddcd4039fccff04883053576d0d845b20e73517beb2d8a41b0abaff  kernel-debug-2.6.32-696.6.3.el6.i686.rpm
0a64aa22d439d1114f150bbea646d3932558add4031c6b6d1971db7c81daec3b  kernel-debug-devel-2.6.32-696.6.3.el6.i686.rpm
54fc45f0f2f82f800b58d18af9b0b12a25f45a5a7483a838dadef2b20d21c997  kernel-devel-2.6.32-696.6.3.el6.i686.rpm
f847aa59c929e26250fdc56eb0b37c167d627c32c6255c23966d95d759ea632c  kernel-doc-2.6.32-696.6.3.el6.noarch.rpm
d889b3822dc0a67be6a32d01f17d1741cc06e1e116306bcd12b3021f7337d5c8  kernel-firmware-2.6.32-696.6.3.el6.noarch.rpm
9783d4146223947e04b25c4ed6c7926a448dc9c4cc8d4bc5671cc46ca05543ec  kernel-headers-2.6.32-696.6.3.el6.i686.rpm
40f26470af2a241ff316166197d6e54ca01c1bb63961956cdfe7fd1447d0ffbb  perf-2.6.32-696.6.3.el6.i686.rpm
4d6cfaf0769194f06a86892f4c980cca76f27e60ad9623154598a6da2d5f15ce  python-perf-2.6.32-696.6.3.el6.i686.rpm

x86_64:
97eb16ae9a62a515d17e62dfb11bb3bbbf1afa4a3f1616689a3f1deac2320b21  kernel-2.6.32-696.6.3.el6.x86_64.rpm
b12d1db312fa2114674a8389513ede10b44a1dbd1d477fec7764fa49d019540b  kernel-abi-whitelists-2.6.32-696.6.3.el6.noarch.rpm
1f9275bedff135b04398d23c9c00122670a1576bbb19b18ec4fee29bc55888e1  kernel-debug-2.6.32-696.6.3.el6.x86_64.rpm
0a64aa22d439d1114f150bbea646d3932558add4031c6b6d1971db7c81daec3b  kernel-debug-devel-2.6.32-696.6.3.el6.i686.rpm
50f63fd19118a0bc7c013fe54d08e03258117a64774c7e77e3ce005a5d6f556c  kernel-debug-devel-2.6.32-696.6.3.el6.x86_64.rpm
1f6688b4bdf3c738aeeee138fc2aec5b07a88c825935a85f00b559f9d6788969  kernel-devel-2.6.32-696.6.3.el6.x86_64.rpm
f847aa59c929e26250fdc56eb0b37c167d627c32c6255c23966d95d759ea632c  kernel-doc-2.6.32-696.6.3.el6.noarch.rpm
d889b3822dc0a67be6a32d01f17d1741cc06e1e116306bcd12b3021f7337d5c8  kernel-firmware-2.6.32-696.6.3.el6.noarch.rpm
6f30972fd2421b4c3daad28236677edc3fc168bcc20cd68914b8803866e5bb05  kernel-headers-2.6.32-696.6.3.el6.x86_64.rpm
7a188c0dddf900bdd7a18b5ea644f6571d552ac6f6cc7155d3d5192092e6f033  perf-2.6.32-696.6.3.el6.x86_64.rpm
0745755abfe88532049b9ada543cbe1163415d2421f6ac65ef50e41c8b131d1a  python-perf-2.6.32-696.6.3.el6.x86_64.rpm

Source:
41b009f706b5b1c2a342858e349f177bac6ec86b423fb7907528a224585384a9  kernel-2.6.32-696.6.3.el6.src.rpm

CESA-2017:1721 Moderate CentOS 6 httpd Security Update

The following information has been provided by the centos announce mailing list.

CentOS Errata and Security Advisory 2017:1721 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-1721.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
d67958d7dfee6ea10ce3c5316dd69c36272a4e3484412d4a188277c8de69dfb4  httpd-2.2.15-60.el6.centos.4.i686.rpm
2485c99b0ab99176f9ad64f968a7c8a7c08491c368d6fc73480a9ea992472a97  httpd-devel-2.2.15-60.el6.centos.4.i686.rpm
260beddfb87916985f7e55cc9d45e0265d8eda006ee8158083194d3220b53478  httpd-manual-2.2.15-60.el6.centos.4.noarch.rpm
a8f81b5f6b15a904333e629b75bcd0d6cd414c32792ece82686ff1d465d510b6  httpd-tools-2.2.15-60.el6.centos.4.i686.rpm
6c8454aec313335dcb390a92a5764f91ade08e059c953d8f07d8dfa3eb7f59f3  mod_ssl-2.2.15-60.el6.centos.4.i686.rpm

x86_64:
7b10e1b00cebb3e6304e396297bac8dc746412036bda4d55eb29f4c5aabd0ea5  httpd-2.2.15-60.el6.centos.4.x86_64.rpm
2485c99b0ab99176f9ad64f968a7c8a7c08491c368d6fc73480a9ea992472a97  httpd-devel-2.2.15-60.el6.centos.4.i686.rpm
7b3829f2d1e5927214553715a7e9153f966874608157e88ea82fe56d550dbdf1  httpd-devel-2.2.15-60.el6.centos.4.x86_64.rpm
260beddfb87916985f7e55cc9d45e0265d8eda006ee8158083194d3220b53478  httpd-manual-2.2.15-60.el6.centos.4.noarch.rpm
90191f093fc7ed347e2468b2bedcc5d7dc3494b5a1815a0c830ece6d6ebd0da7  httpd-tools-2.2.15-60.el6.centos.4.x86_64.rpm
3ffce948b51b86b69701b0d2daf9586b0d94a018fc2a045463be77d3bbb72831  mod_ssl-2.2.15-60.el6.centos.4.x86_64.rpm

Source:
27cd33d1b5c21503407b0fbcd1e30df8c4a712e00181a3411d76f9012d25e388  httpd-2.2.15-60.el6.centos.4.src.rpm

CEBA-2017:1722 CentOS 6 cloud-init BugFix Update

The following information has been provided by the centos announce mailing list.

CentOS Errata and Bugfix Advisory 2017:1722

Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-1722.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
331686a582aa27ec0d35a0049014faeb7286ad1cd9904c70d571604a35eaa1ad  cloud-init-0.7.5-8.el6.centos.i686.rpm

x86_64:
4ae9d1c89fc35a43d4ce377bdf7fc6ad5c80ce4a08d0bea0f7134e6f84c11582  cloud-init-0.7.5-8.el6.centos.x86_64.rpm

Source:
71cefe8ff6acf44ca059a2efaa3ab5f5e549a6dc8d81e407ea593e6994449393  cloud-init-0.7.5-8.el6.centos.src.rpm

CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2

The following information has been provided by the HTTPD announce mailing list.

CVE-2017-9789: Read after free in mod_http2.c

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.4.26

Description:
When under stress, closing many connections, the HTTP/2
handling code would sometimes access memory after it has
been freed, resulting in potentially erratic behaviour.

Mitigation:
2.4.26 users of mod_http2 should upgrade to 2.4.27.

Credit:
The Apache HTTP Server security team would like to thank Robert Święcki
for reporting this issue.

References:
https://httpd.apache.org/security_report.html

CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest

The following information has been provided by the HTTPD announce mailing list.

CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
all versions through 2.2.33 and 2.4.26

Description:
The value placeholder in [Proxy-]Authorization headers
of type ‘Digest’ was not initialized or reset
before or between successive key=value assignments.
by mod_auth_digest
Providing an initial key with no ‘=’ assignment
could reflect the stale value of uninitialized pool
memory used by the prior request, leading to leakage
of potentially confidential information, and a segfault

Mitigation:
All users of httpd should upgrade to 2.4.27 (or minimally
2.2.34, which will receive no further security releases.)
Alternately, the administrator could configure httpd to
reject requests with a header matching a complex regular
expression identifing where = character does not occur
in the first key=value pair, as in the following syntax;
[Proxy-]Authorization: Digest key[,key=value]

Credit:
The Apache HTTP Server security team would like to thank Robert Święcki
for reporting this issue.

References:
https://httpd.apache.org/security_report.html

MariaDB 10.2.7 now available

The following information has been provided by the mariadb announce mailing list.

The MariaDB project is pleased to announce the immediate availability
of MariaDB 10.2.7. This is a stable (GA) release. See the Release
Notes and Changelogs for details.

– – Links  – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

MariaDB 10.2.7
– Release Notes: https://mariadb.com/kb/en/mdb-1027-rn/
– Changelog:     https://mariadb.com/kb/en/mdb-1027-cl/
– Downloads:     https://downloads.mariadb.org/mariadb/10.2.7

About MariaDB 10.2:
https://mariadb.com/kb/en/what-is-mariadb-102/

APT and YUM Repository Configuration Generator:
https://downloads.mariadb.org/mariadb/repositories/

– – MariaDB Webinars – – – – – – – – – – – – – – – – – – – – – – – – –

There are several upcoming MariaDB-focused webinars and many
previously held ones available to watch on an on-demand basis at:

https://mariadb.com/news-events/webinars

– – MariaDB Books  – – – – – – – – – – – – – – – – – – – – – – – – – –

There is an ever-growing library of MariaDB books available to help
you get the most out of MariaDB. See the MariaDB Books page for
details and links:

https://mariadb.com/kb/en/mariadb/books/

– – User Feedback plugin – – – – – – – – – – – – – – – – – – – – – – –

MariaDB includes a User Feedback plugin. This plugin is disabled by
default. If enabled, it submits basic, completely anonymous MariaDB
usage information. This information is used by the developers to
track trends in MariaDB usage to better guide development efforts.

If you would like to help make MariaDB better, please add
“feedback=ON” to your my.cnf or my.ini file!

See http://mariadb.com/kb/en/user-feedback-plugin for more
information.

– – Quality  – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

The project always strives for quality, but in reality, nothing is
perfect. Please take time to report any issues you encounter at:

http://mariadb.org/jira

– – Support MariaDB  – – – – – – – – – – – – – – – – – – – – – – – – –

If you would like to contribute to the MariaDB Foundation, please see
the “contributing” and “donations” pages. We also have merchandise
available in a cafepress store. All proceeds go to support the
MariaDB Foundation.

https://mariadb.com/kb/en/contributing

https://mariadb.org/donate/

We hope you enjoy MariaDB!


MariaDB
Website – http://mariadb.org
Twitter – http://twitter.com/mariadbfdn
http://twitter.com/mariadb
Google+ – http://google.com/+mariadb
Facebook – http://fb.com/MariaDB.dbms
Knowledge Base – http://mariadb.com/kb

FreeBSD Security Advisory FreeBSD-SA-17:05.heimdal

The following information has been provided by the FREEBSD SECURITY mailing list.

=============================================================================
FreeBSD-SA-17:05.heimdal                                    Security Advisory
The FreeBSD Project

Topic:          heimdal KDC-REP service name validation vulnerability

Category:       contrib
Module:         heimdal
Announced:      2017-07-12
Affects:        All supported versions of FreeBSD.
Corrected:      2017-07-12 07:26:07 UTC (stable/11, 11.1-PRERELEASE)
2017-07-12 08:07:16 UTC (releng/11.1, 11.1-RC2-p1)
2017-07-12 08:07:16 UTC (releng/11.1, 11.1-RC1-p1)
2017-07-12 07:26:07 UTC (stable/11, 11.1-BETA3-p1)
2017-07-12 08:07:36 UTC (releng/11.0, 11.0-RELEASE-p11)
2017-07-12 07:26:07 UTC (stable/10, 10.3-STABLE)
2017-07-12 15:16:01 UTC (releng/10.3, 10.3-RELEASE-p20)
CVE Name:       CVE-2017-11103

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.

I.   Background

Heimdal implements the Kerberos 5 network authentication protocols.
The Kerberos protocol uses “tickets” to authenticate a client to a
service.

A Key Distribution Center (KDC) is trusted by all principals registered
in that administrative “realm” to store a secret key in confidence, of
which, the proof of knowledge is used to verify the authenticity of a
principal.

II.  Problem Description

There is a programming error in the Heimdal implementation that used an
unauthenticated, plain-text version of the KDC-REP service name found
in a ticket.

III. Impact

An attacker who has control of the network between a client and the
service it talks to will be able to impersonate the service, allowing
a successful man-in-the-middle (MITM) attack that circumvents the mutual
authentication.

IV.  Workaround

No workaround is available, but only Kerberos enabled clients are
affected.

V.   Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.

A reboot is recommended.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

A reboot is recommended.

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/SA-17:05/heimdal.patch
# fetch https://security.FreeBSD.org/patches/SA-17:05/heimdal.patch.asc
# gpg –verify heimdal.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

Restart all daemons that use the library, or reboot the system.

VI.  Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path                                                      Revision
– ————————————————————————-
stable/10/                                                        r320907
releng/10.3/                                                      r320915
stable/11/                                                        r320907
releng/11.0/                                                      r320911
releng/11.1/                                                      r320910
– ————————————————————————-

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN –summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

<URL:https://www.orpheus-lyre.info/>

<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-17:05.heimdal.asc>
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.1.21 (FreeBSD)

iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAllmPXgACgkQ7Wfs1l3P
audcIhAAz/QvL+4RPmTUvCLi8apSyHUCIlgiazrip0k77AQ19k9iLljJJijZu/ol
4f4VPmBh2iAiBsxvALvhljIEQnj4ApeAQrkqzY8ims/4SPJlYw0mBzchAnaJ8MzK
6UbQLWtqfhK67GXnjxXOtUa8LXno4GgOaeaFYYtf3Px0QHoJlMgQ6u1F5upReBur
Ux5PGm3aRnjz124ZyW23wdAlZ5I8Y+hWcRQkyfTkFajIBrSjG+VIz2cRbvu1su9N
nwCbxFpDt+6qeatmIsfSj7RFcpyYwMwZJXgMcVc0nVR59XhYyya/4GVYu/3mLNpx
hDgKoyHiM6olVkB+9mvRi07fjs333fHcRM3z6UeJtGHkCkdCMgm3vElkvi+ubenH
vpCrJApOr/qklT/mqlpRuVJ/nlEa/ueyaP4zyi8ts7gM/0Hue+zelHRt7XsfAK6n
pwwZqIrZQHq7sxyhaZxgCUb56wc8+O1cxXZK6qSE3DeoE5YYPSqcm5a5tZtLbxI+
e4Bt/DtonZfxS/UEiuSgrg8LAiYAakBh45rmSsMKvz5+fRN+ecPKyMCI//R7uI/c
7sSQnT7A3WC3yHDZDvcYs0XrKNWvv28lZZGM/aVxrPGAiOunijMgORZw4fkoeCFO
MmcpIFvJ3LDmkngwmvZjj4gF6Wpw6Lav4zYQWG8NG1sjdciCUkw=
=QQ1C

Zabbix 3.4.0alpha1 released

The following information has been provided by the zabbix announce mailing list.

Greetings!

Zabbix Team is pleased to announce the availability of Zabbix 3.4.0alpha1, first alpha of Zabbix 3.4.

Complete Release Notes:

Zabbix 3.4.0alpha1: https://www.zabbix.com/rn3.4.0alpha1

Download: https://www.zabbix.com/download

Kind regards,
Alexei Vladishev,
Zabbix Product Manager, CEO
——————————————————————————
Check out the vibrant tech community on one of the world’s most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Zabbix-announce mailing list
Zabbix-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/zabbix-announce

Apache HTTP Server 2.2.34 Released

The following information has been provided by the HTTPD announce mailing list.

The Apache Software Foundation and the Apache HTTP Server Project
announce the release of version 2.2.34 of the Apache HTTP Server
(“Apache”), the final maintenance release of the 2.2 series. No
further 2.2 releases are anticipated. This version of Apache is
principally a security and bug fix maintenance release.

We consider the current Apache HTTP Server 2.4 release to be the best
version of Apache available, and encourage every user of 2.2 and all
prior versions to upgrade. This final 2.2 release is offered for those
unable to upgrade at this moment.

Take note that Apache Web Server Project will provide no future release
of the 2.2.x series, although some security patches may be published
through December of 2017. These will be collected at the URL;

http://www.apache.org/dist/httpd/patches/apply_to_2.2.34/

No further maintenance patches of 2.2.x will be published. Users are
strongly encouraged to promptly complete their transitions to the
2.4.x flavor of httpd to receive any future benefit from the user
community or the Apache HTTP Server project developers.

For further details about the currently supported release, see:

http://www.apache.org/dist/httpd/Announcement2.4.txt

Apache HTTP Server 2.4 and 2.2.34 are available for download from:

http://httpd.apache.org/download.cgi

Please see the CHANGES_2.2 file, linked from the download page, for a
full list of changes. A condensed list, CHANGES_2.2.34 includes only
those changes introduced since the prior 2.2 release. A summary of all
of the security vulnerabilities addressed in this and earlier releases
is available:

http://httpd.apache.org/security/vulnerabilities_22.html

Note that the Apache HTTP Server project will discontinue evaluations
and corresponding advisories to this resource effective January, 2018.

This release includes the Apache Portable Runtime (APR) version 1.5.2
and APR Utility Library (APR-util) version 1.5.4, bundled with the tar
and zip distributions. The APR libraries libapr and libaprutil (and
on Win32, libapriconv version 1.2.1) must all be updated to ensure
binary compatibility and address many known security and platform bugs.
APR version 1.5 and APR-util version 1.5 represent minor version upgrades
from earlier httpd 2.2 source distributions.

Note this package also includes very stale and known-vulnerable versions
of the Expat [http://expat.sourceforge.net/] and PCRE [http://www.pcre.org/]
packages. Users are strongly encouraged to first install the most recent
versions of these components (of PCRE 8.x, not PCRE2 10.x at this time.)

This release builds on and extends the Apache 2.0 API and is superceeded
by the Apache 2.4 API. Modules written for Apache 2.2 will need to be
recompiled in order to run with Apache 2.4, and most will require minimal
or no source code changes.

Apache HTTP Server 2.4.27 Released

The following information has been provided by the HTTPD announce mailing list.

 

Apache HTTP Server 2.4.27 Released

July 11, 2017

The Apache Software Foundation and the Apache HTTP Server Project
are pleased to announce the release of version 2.4.27 of the Apache
HTTP Server (“Apache”).  This version of Apache is our latest GA
release of the new generation 2.4.x branch of Apache HTTPD and
represents fifteen years of innovation by the project, and is
recommended over all previous releases. This release of Apache is
a security, feature, and bug fix release. Users are encouraged
to upgrade as soon as possible.

We consider this release to be the best version of Apache available, and
encourage users of all prior versions to upgrade.

Apache HTTP Server 2.4.27 is available for download from:

http://httpd.apache.org/download.cgi

Apache 2.4 offers numerous enhancements, improvements, and performance
boosts over the 2.2 codebase.  For an overview of new features
introduced since 2.4 please see:

http://httpd.apache.org/docs/trunk/new_features_2_4.html

Please see the CHANGES_2.4 file, linked from the download page, for a
full list of changes. A condensed list, CHANGES_2.4.27 includes only
those changes introduced since the prior 2.4 release.  A summary of all
of the security vulnerabilities addressed in this and earlier releases
is available:

http://httpd.apache.org/security/vulnerabilities_24.html

Of particular note in this release are 3 COMPATIBILITY items:

o HTTP/2 will not be negotiated when using the Prefork MPM
o FastCGI compatibility with PHP-FPM is fixed
o mod_lua no longer exports the undocumented and unsupported
‘apr_table’ variable.

This release requires the Apache Portable Runtime (APR), minimum
version 1.5.x, and APR-Util, minimum version 1.5.x. Some features may
require the 1.6.x version of both APR and APR-Util. The APR libraries
must be upgraded for all features of httpd to operate correctly.

This release builds on and extends the Apache 2.2 API.  Modules written
for Apache 2.2 will need to be recompiled in order to run with Apache
2.4, and require minimal or no source code changes.

http://svn.apache.org/repos/asf/httpd/httpd/trunk/VERSIONING

When upgrading or installing this version of Apache, please bear in mind
that if you intend to use Apache with one of the threaded MPMs (other
than the Prefork MPM), you must ensure that any modules you will be
using (and the libraries they depend on) are thread-safe.

Please note that Apache Web Server Project will only provide maintenance
releases of the 2.2.x flavor through June of 2017, and will provide some
security patches beyond this date through at least December of 2017.
Minimal maintenance patches of 2.2.x are expected throughout this period,
and users are strongly encouraged to promptly complete their transitions
to the the 2.4.x flavor of httpd to benefit from a much larger assortment
of minor security and bug fixes as well as new features.

MariaDB 10.1.25 now available

The following information has been provided by the mariadb announce mailing list.

 

The MariaDB project is pleased to announce the immediate availability
of MariaDB 10.1.25, MariaDB Connector/J 2.0.3, and MariaDB
Connector/J 1.6.2. See the Release Notes and Changelogs for details.

– – Links  – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

MariaDB 10.1.25
– Release Notes: https://mariadb.com/kb/en/mdb-10125-rn/
– Changelog:     https://mariadb.com/kb/en/mdb-10125-cl/
– Downloads:     https://downloads.mariadb.org/mariadb/10.1.25

About MariaDB 10.1:
https://mariadb.com/kb/en/what-is-mariadb-101/

APT and YUM Repository Configuration Generator:
https://downloads.mariadb.org/mariadb/repositories/

MariaDB Connector/J 2.0.3
– Release Notes: https://mariadb.com/kb/en/mcj-203-rn/
– Changelog:     https://mariadb.com/kb/en/mcj-203-cl/
– Downloads:     https://downloads.mariadb.org/connector-java/2.0.3/

About MariaDB Connector/J:
https://mariadb.com/kb/en/about-mariadb-connector-j/

MariaDB Connector/J 1.6.2
– Release Notes: https://mariadb.com/kb/en/mcj-162-rn/
– Changelog:     https://mariadb.com/kb/en/mcj-162-cl/
– Downloads:     https://downloads.mariadb.org/connector-java/1.6.2/

About MariaDB Connector/J:
https://mariadb.com/kb/en/about-mariadb-connector-j/

– – MariaDB Webinars – – – – – – – – – – – – – – – – – – – – – – – – –

There are several upcoming MariaDB-focused webinars and many
previously held ones available to watch on an on-demand basis at:

https://mariadb.com/news-events/webinars

– – MariaDB Books  – – – – – – – – – – – – – – – – – – – – – – – – – –

There is an ever-growing library of MariaDB books available to help
you get the most out of MariaDB. See the MariaDB Books page for
details and links:

https://mariadb.com/kb/en/mariadb/books/

– – User Feedback plugin – – – – – – – – – – – – – – – – – – – – – – –

MariaDB includes a User Feedback plugin. This plugin is disabled by
default. If enabled, it submits basic, completely anonymous MariaDB
usage information. This information is used by the developers to
track trends in MariaDB usage to better guide development efforts.

If you would like to help make MariaDB better, please add
“feedback=ON” to your my.cnf or my.ini file!

See http://mariadb.com/kb/en/user-feedback-plugin for more
information.

– – Quality  – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

The project always strives for quality, but in reality, nothing is
perfect. Please take time to report any issues you encounter at:

http://mariadb.org/jira

– – Support MariaDB  – – – – – – – – – – – – – – – – – – – – – – – – –

If you would like to contribute to the MariaDB Foundation, please see
the “contributing” and “donations” pages. We also have merchandise
available in a cafepress store. All proceeds go to support the
MariaDB Foundation.

https://mariadb.com/kb/en/contributing

https://mariadb.org/donate/

We hope you enjoy MariaDB!


MariaDB
Website – http://mariadb.org
Twitter – http://twitter.com/mariadbfdn
http://twitter.com/mariadb
Google+ – http://google.com/+mariadb
Facebook – http://fb.com/MariaDB.dbms
Knowledge Base – http://mariadb.com/kb

Changing the Time Zone on CentOS 7.x

All time zone related fuctions make use of the timedatectl command.

To display existing time zone execute the following command:

timedatectl status

To get a list of available time zones:

timedatectl list-timezones

To change the time zone:

timedatectl set-timezone UTC <Or a timezone listed in the available timezone list>

Dovecot v2.2.31 released

The following information has been provided by the Dovecot-news mailing list.

https://dovecot.org/releases/2.2/dovecot-2.2.31.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.31.tar.gz.sig

This should be a great and stable release for the summer 🙂 v2.2.32 is planned for the end of August. Hopefully soon afterwards we can get back to v2.3.

* LMTP: Removed “(Dovecot)” from added Received headers. Some
installations want to hide it, and there’s not really any good reason
for anyone to have it.

+ Add ssl_alt_cert and ssl_alt_key settings to add support for
having both RSA and ECDSA certificates.
+ dsync/imapc, pop3-migration plugin: Strip trailing whitespace from
headers when matching mails. This helps with migrations from Zimbra.
+ acl: Add acl_globals_only setting to disable looking up
per-mailbox dovecot-acl files.
+ Parse invalid message addresses better. This mainly affects the
generated IMAP ENVELOPE replies.
– v2.2.30 wasn’t fixing corrupted dovecot.index.cache files properly.
It could have deleted wrong mail’s cache or assert-crashed.
– v2.2.30 mail-crypt-acl plugin was assert-crashing
– v2.2.30 welcome plugin wasn’t working
– Various fixes to handling mailbox listing. Especially related to
handling nonexistent autocreated/autosubscribed mailboxes and ACLs.
– Global ACL file was parsed as if it was local ACL file. This caused
some of the ACL rule interactions to not work exactly as intended.
– auth: forward_* fields didn’t work properly: Only the first forward
field was working, and only if the first passdb lookup succeeded.
– Using mail_sort_max_read_count sometimes caused “Broken sort-*
indexes, resetting” errors.
– Using mail_sort_max_read_count may have caused very high CPU usage.
– Message address parsing could have crashed on invalid input.
– imapc_features=fetch-headers wasn’t always working correctly and
caused the full header to be fetched.
– imapc: Various bugfixes related to connection failure handling.
– quota=imapc sent unnecessary FETCH RFC822.SIZE to server when
expunging mails.
– quota=count: quota_warning = -storage=.. was never executed
– quota=count: Add support for “ns” parameter
– dsync: Fix incremental syncing for mails that don’t have Date or
Message-ID headers.
– imap: Fix hang when client sends pipelined SEARCH +
EXPUNGE/CLOSE/LOGOUT.
– oauth2: Token validation didn’t accept empty server responses.
– imap: NOTIFY command has been almost completely broken since the
beginning. I guess nobody has been trying to use it.

Released Pigeonhole v0.4.19 for Dovecot v2.2.31

The following information has been provided by the Dovecot-news mailing list.

Hello Dovecot users,

Here’s the definitive 0.4.19 release. There is one additional fix.

Changelog v0.4.19:

* This release adjusts Pigeonhole to several changes in the Dovecot API,
making it depend on Dovecot v2.2.31. Previous versions of Pigeonhole
will produce compile warnings with the recent Dovecot releases (but
still work ok).
– Fixed bug in handling of implicit keep in some cases. Implicit
side-effects, such as assigned flags, were not always applied
correctly. This is in essence a very old bug, but it was exposed by
recent changes.
– include extension: Fixed segfault that (sometimes) occurred when the
global script location was left unconfigured.

The release is available as follows:

https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.19.tar.gz
https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.19.tar.gz.sig

Refer to http://pigeonhole.dovecot.org and the Dovecot v2.x wiki for
more information. Have fun testing this release and don’t hesitate to
notify me when there are any problems.

Varnish Cache 4.1.7 released

The following information has been provided by the varnish-announce mailing list.

Dear Varnish community

We have now made available version 4.1.7, and it can be found here:

https://repo.varnish-cache.org/source/varnish-4.1.7.tar.gz

Packages will be made available in the official repositories today.

The long standing issue 1746 (see
https://github.com/varnishcache/varnish-cache/issues/1764) has been
fixed in the 4.1 branch, and this fix will change how Varnish behaves in
certain circumstances.

Before 4.1.7-beta1, the nuke_limit parameter was ignored, so a varnish
instance could nuke any number of objects to make room for a new big
object. From 4.1.7-beta1, only a limited number of object will be
nuked before Varnish gives up and decides there is no room for the new
object.

The default nuke_limit is 10, and this number is high enough to not
affect most users. However, if you want to make sure that the
behavior is not changed when upgrading, you should set the value much
higher.

FortiTester 3.0.0

FortiTester 3.0.0 B0005 and release notes are available for download from the Support site : https://support.fortinet.com

This concerns the following models:

  • FTS_2000D_HWID_01, FTS_3000E_HWID_01, FTS_VM_HWID_01

Source: Fortinet Firmware