Sunday, March 31, 2013

[Mageia-announce] Mageia 3 beta 4 partially released

Hi there

We have released beta 4 but only classical installer isos. Live isos will be uploaded as soon as current work is done.

http://blog.mageia.org/en/2013/03/31/mageia-3-beta-4-is-waiting-for-your-tests/

As usual we need your feedbacks!

Enjoy!

Friday, March 29, 2013

[announce] NYC*BUG Upcoming

Announces now *only* go to this announce list.

****

April 3, 645 PM - Location: Suspenders

MIPS on OpenBSD, Brian Callahan

Everyone knows the BSDs provide a stable, feature-rich Operating System
for the big name and "in the news" CPUs. What you may not know is that
you can expect an equally excellent experience on the lesser-known CPUs.

This talk will provide an in-depth look at the Loongson CPU, a mips64el
CPU, on OpenBSD. We'll explore its history on OpenBSD and its support
for third-party software through OpenBSD's excellent ports system. We'll
examine the unique challenges that come with ports and packages on
lesser-used CPUs. Finally, we'll discuss the future of MIPS support,
including embedded MIPS.

About the speaker:

Brian is a graduate student at Monmouth University studying
Anthropology. He is an OpenBSD developer, working primarily on mips64el
(Loongson) ports.

****

The May 1 meeting will feature Brian Coca on Anisble.

Have a meeting idea to discuss? Ping us at admin@ to open the discussion.

****

Did you go to AsiaBSDCon (http://2013.asiabsdcon.org/) in March? If so,
be prepared to give the next meeting a quick summary.

****

BSDCan (www.bsdcan.org/2013/) is May 17-18 in Ottawa, Canada. If you're
going, feel free to use talk@ to coordinate travel or face-to-face
meetings. There's always a good number of NYC*BUG attendees, and we
strongly encourage you to attend this annual conference. And it's a
great opportunity to take the BSD Certification exam.
_______________________________________________
announce mailing list
announce@lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/announce

mchange-commons and c3p0 licence change notification

The mchange-commons and c3p0 packages have changed from:

LGPLv2

to a dual licence:

LGPLv2 or EPL

--
Mat Booth
http://fedoraproject.org/get-fedora
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel-announce

[USN-1783-1] Bind vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRVZEIAAoJEGVp2FWnRL6TtncQALdkCquirToRsMgb4M8coV93
BDiVQjX21pH/3XPTnHA/+gObYuun8lpZaC0hkisZY5W7Gj4V4e4fdA8mrjrFr+Tw
QWLFgfEL13N4/zD5hRqDEdPtzjPq+S5ea+pB0CI3tXeboGe0QibYPsadfwLeAEB8
KyHbTEn5I6Br2IW25YP08Zd94uSI4CbyxjFkHpxElR7jbXJaYuXcXM9mBfTkQfMo
iUkBG6Wn9vADWNAR/tDTlF/xnEmu6ap+zC3sa6aub7HFbDnC2dhtqq8sfL6G32Tr
kDGspByhYX/0Ct+3FG5S0Zn0Z7KfR9AcERNZaeY53WBT7fk0ZRunepJN0hzYWY2K
IIyeuL5EnBoXEe7pyL9/KhuEukespZHtTigWzbpLaXJC//hsqDxuUHPpLOkN6frA
CFCN3fYNh8hptJEB0onW4xrInP8U8HoaEePMl+E+5iQVRfvFP72lPotxljssnXwV
nk2/tMgfW2RtJSfW3lMSuVc6OjQUFGC2D5oRMsdeGD957SRKOOQhbCFKo4OBZvH1
LA7IFj6K8W0mkc6mjQbYNpqTSXL9R9QmzU5+b7U34VOHkakS6qoX/crwoTrbxt7b
MVe4X4AJqMH4Xzbj2KuTJhWexAjJtIpxk+ntfBXzPXnaqBs8CBN5WVoWGvy6KL68
M8yxaRT+iUnz0g7y5SDR
=OLjJ
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1783-1
March 29, 2013

bind9 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS

Summary:

Bind could be made to consume memory or crash if it received specially
crafted network traffic.

Software Description:
- bind9: Internet Domain Name Server

Details:

Matthew Horsfall discovered that Bind incorrectly handled regular
expression checking. A remote attacker could use this flaw to cause Bind to
consume an excessive amount of memory, possibly resulting in a denial of
service. This issue was corrected by disabling RDATA regular expression
syntax checking.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
bind9 1:9.8.1.dfsg.P1-4.2ubuntu3.2
libdns81 1:9.8.1.dfsg.P1-4.2ubuntu3.2

Ubuntu 12.04 LTS:
bind9 1:9.8.1.dfsg.P1-4ubuntu0.6
libdns81 1:9.8.1.dfsg.P1-4ubuntu0.6

Ubuntu 11.10:
bind9 1:9.7.3.dfsg-1ubuntu4.6
libdns69 1:9.7.3.dfsg-1ubuntu4.6

Ubuntu 10.04 LTS:
bind9 1:9.7.0.dfsg.P1-1ubuntu0.9
libdns64 1:9.7.0.dfsg.P1-1ubuntu0.9

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1783-1
CVE-2013-2266

Package Information:
https://launchpad.net/ubuntu/+source/bind9/1:9.8.1.dfsg.P1-4.2ubuntu3.2
https://launchpad.net/ubuntu/+source/bind9/1:9.8.1.dfsg.P1-4ubuntu0.6
https://launchpad.net/ubuntu/+source/bind9/1:9.7.3.dfsg-1ubuntu4.6
https://launchpad.net/ubuntu/+source/bind9/1:9.7.0.dfsg.P1-1ubuntu0.9

Ubuntu 10.04 (Lucid Lynx) Desktop reaches End of Life on May 9 2013

Ubuntu announced its 10.04 (Lucid Lynx) release almost 3 years ago,
on April 29, 2010. As with the earlier LTS releases, Ubuntu committed
to ongoing security and critical fixes for a period of 3 years on the
desktop. The support period is now nearing its end and Ubuntu 10.04
Desktop will reach end of life on Thursday, May 9th. At that time,
Ubuntu Security Notices will no longer include information or updated
packages for Ubuntu 10.04 Desktop. Ubuntu 10.04 Server continues to
be supported for another 2 years.

The supported upgrade path from Ubuntu 10.04 is via Ubuntu 12.04.
Instructions and caveats for the upgrade may be found at
https://help.ubuntu.com/community/PreciseUpgrades. Ubuntu 12.04
continues to be actively supported with security updates and
select high-impact bug fixes. All announcements of official security
updates for Ubuntu releases are sent to the ubuntu-security-announce
mailing list, information about which may be found at
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce.

Since its launch in October 2004 Ubuntu has become one of the most
highly regarded Linux distributions with millions of users in homes,
schools, businesses and governments around the world. Ubuntu is Open
Source software, costs nothing to download, and users are free to
customise or alter their software in order to meet their needs.

On behalf of the Ubuntu Release Team,

Adam Conrad

--
ubuntu-announce mailing list
ubuntu-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-announce

Ubuntu 8.04 (Hardy Heron) reaches End of Life on May 9 2013

Ubuntu announced its 8.04 (Hardy Heron) release almost 5 years ago,
on April 24, 2008. As with the earlier LTS releases, Ubuntu committed
to ongoing security and critical fixes for a period of 5 years. The
support period is now nearing its end and Ubuntu 8.04 will reach end
of life on Thursday, May 9th. At that time, Ubuntu Security Notices
will no longer include information or updated packages for Ubuntu 8.04.

The supported upgrade path from Ubuntu 8.04 is via Ubuntu 10.04.
Users are encouraged to evaluate and upgrade to our latest 12.04 LTS
release via 10.04. Instructions and caveats for the upgrades may be
found at https://help.ubuntu.com/community/LucidUpgrades and
https://help.ubuntu.com/community/PreciseUpgrades. Ubuntu 10.04 and
12.04 continue to be actively supported with security updates and
select high-impact bug fixes. All announcements of official security
updates for Ubuntu releases are sent to the ubuntu-security-announce
mailing list, information about which may be found at
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce.

Since its launch in October 2004 Ubuntu has become one of the most
highly regarded Linux distributions with millions of users in homes,
schools, businesses and governments around the world. Ubuntu is Open
Source software, costs nothing to download, and users are free to
customise or alter their software in order to meet their needs.

On behalf of the Ubuntu Release Team,

Adam Conrad

--
ubuntu-announce mailing list
ubuntu-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-announce

Ubuntu 11.10 (Oneiric Ocelot) reaches End of Life on May 9 2013

Ubuntu announced its 11.10 (Oneiric Ocelot) release almost 18 months
ago, on October 13, 2011. As with the earlier releases, Ubuntu
committed to ongoing security and critical fixes for a period of 18
months. The support period is now nearing its end and Ubuntu 11.10
will reach end of life on Thursday, May 9th. At that time, Ubuntu
Security Notices will no longer include information or updated
packages for Ubuntu 11.10.

The supported upgrade path from Ubuntu 11.10 is via Ubuntu 12.04.
Instructions and caveats for the upgrade may be found at
https://help.ubuntu.com/community/PreciseUpgrades. Ubuntu 12.04
continues to be actively supported with security updates and
select high-impact bug fixes. All announcements of official security
updates for Ubuntu releases are sent to the ubuntu-security-announce
mailing list, information about which may be found at
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce.

Since its launch in October 2004 Ubuntu has become one of the most
highly regarded Linux distributions with millions of users in homes,
schools, businesses and governments around the world. Ubuntu is Open
Source software, costs nothing to download, and users are free to
customise or alter their software in order to meet their needs.

On behalf of the Ubuntu Release Team,

Adam Conrad

--
ubuntu-announce mailing list
ubuntu-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-announce

Ubuntu 8.04 (Hardy Heron) reaches End of Life on May 9 2013

Ubuntu announced its 8.04 (Hardy Heron) release almost 5 years ago,
on April 24, 2008. As with the earlier LTS releases, Ubuntu committed
to ongoing security and critical fixes for a period of 5 years. The
support period is now nearing its end and Ubuntu 8.04 will reach end
of life on Thursday, May 9th. At that time, Ubuntu Security Notices
will no longer include information or updated packages for Ubuntu 8.04.

The supported upgrade path from Ubuntu 8.04 is via Ubuntu 10.04.
Users are encouraged to evaluate and upgrade to our latest 12.04 LTS
release via 10.04. Instructions and caveats for the upgrades may be
found at https://help.ubuntu.com/community/LucidUpgrades and
https://help.ubuntu.com/community/PreciseUpgrades. Ubuntu 10.04 and
12.04 continue to be actively supported with security updates and
select high-impact bug fixes. All announcements of official security
updates for Ubuntu releases are sent to the ubuntu-security-announce
mailing list, information about which may be found at
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce.

Since its launch in October 2004 Ubuntu has become one of the most
highly regarded Linux distributions with millions of users in homes,
schools, businesses and governments around the world. Ubuntu is Open
Source software, costs nothing to download, and users are free to
customise or alter their software in order to meet their needs.

On behalf of the Ubuntu Release Team,

Adam Conrad

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Ubuntu 10.04 (Lucid Lynx) Desktop reaches End of Life on May 9 2013

Ubuntu announced its 10.04 (Lucid Lynx) release almost 3 years ago,
on April 29, 2010. As with the earlier LTS releases, Ubuntu committed
to ongoing security and critical fixes for a period of 3 years on the
desktop. The support period is now nearing its end and Ubuntu 10.04
Desktop will reach end of life on Thursday, May 9th. At that time,
Ubuntu Security Notices will no longer include information or updated
packages for Ubuntu 10.04 Desktop. Ubuntu 10.04 Server continues to
be supported for another 2 years.

The supported upgrade path from Ubuntu 10.04 is via Ubuntu 12.04.
Instructions and caveats for the upgrade may be found at
https://help.ubuntu.com/community/PreciseUpgrades. Ubuntu 12.04
continues to be actively supported with security updates and
select high-impact bug fixes. All announcements of official security
updates for Ubuntu releases are sent to the ubuntu-security-announce
mailing list, information about which may be found at
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce.

Since its launch in October 2004 Ubuntu has become one of the most
highly regarded Linux distributions with millions of users in homes,
schools, businesses and governments around the world. Ubuntu is Open
Source software, costs nothing to download, and users are free to
customise or alter their software in order to meet their needs.

On behalf of the Ubuntu Release Team,

Adam Conrad

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Ubuntu 11.10 (Oneiric Ocelot) reaches End of Life on May 9 2013

Ubuntu announced its 11.10 (Oneiric Ocelot) release almost 18 months
ago, on October 13, 2011. As with the earlier releases, Ubuntu
committed to ongoing security and critical fixes for a period of 18
months. The support period is now nearing its end and Ubuntu 11.10
will reach end of life on Thursday, May 9th. At that time, Ubuntu
Security Notices will no longer include information or updated
packages for Ubuntu 11.10.

The supported upgrade path from Ubuntu 11.10 is via Ubuntu 12.04.
Instructions and caveats for the upgrade may be found at
https://help.ubuntu.com/community/PreciseUpgrades. Ubuntu 12.04
continues to be actively supported with security updates and
select high-impact bug fixes. All announcements of official security
updates for Ubuntu releases are sent to the ubuntu-security-announce
mailing list, information about which may be found at
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce.

Since its launch in October 2004 Ubuntu has become one of the most
highly regarded Linux distributions with millions of users in homes,
schools, businesses and governments around the world. Ubuntu is Open
Source software, costs nothing to download, and users are free to
customise or alter their software in order to meet their needs.

On behalf of the Ubuntu Release Team,

Adam Conrad

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Thursday, March 28, 2013

[CentOS-announce] CESA-2013:0689 Important CentOS 6 bind Update

CentOS Errata and Security Advisory 2013:0689 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0689.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
7fc8986003f534ddd06038b6bb8d964936ae4f54d77d1a5dc82884eb3adb6e93 bind-9.8.2-0.17.rc1.el6_4.4.i686.rpm
3b54ec24dbd6fc7c8e4bcd06108db9e0806bd70c2820571bc5b94353f72863fd bind-chroot-9.8.2-0.17.rc1.el6_4.4.i686.rpm
9184ddc07f88468a6790fea719631faf2609d5cf2ac3c4c172dc02985c3573af bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm
17b559f44e2f08b046b603884ad79ef730e29e7d4b08c3c4c4ce75df152176f2 bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm
2e0df9c026015936388bd86faabaf097889a90055f0c9fd4676e97bdff521078 bind-sdb-9.8.2-0.17.rc1.el6_4.4.i686.rpm
da2b841d3cdbbdb9f87e54e0936a7978c2237d80d7c3e78ac84c6b4e731abfcd bind-utils-9.8.2-0.17.rc1.el6_4.4.i686.rpm

x86_64:
5e6775a1bb0dfd3e130deec98b9ea3ff645f1feb378cf8604df6a10de26a6e0b bind-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm
603502fd0ad6435921bb1d067f935e2f583ccefcb77a4f4854befe7a86388c60 bind-chroot-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm
9184ddc07f88468a6790fea719631faf2609d5cf2ac3c4c172dc02985c3573af bind-devel-9.8.2-0.17.rc1.el6_4.4.i686.rpm
27e0ef453dd6a9f0186bddef6948ae40ec324d26aaeeaef296b97184e17235c7 bind-devel-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm
17b559f44e2f08b046b603884ad79ef730e29e7d4b08c3c4c4ce75df152176f2 bind-libs-9.8.2-0.17.rc1.el6_4.4.i686.rpm
160f95883fab038a8d6abc0386a5bd72b2c73921ee1e7cf946ea4c2c287d1d89 bind-libs-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm
c3217d931429c09c7b13b4f5adcfc818e94370be538de24baf9f482c19d63623 bind-sdb-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm
fee7dca53a94e5db7ef476569cf5175442a550c317477a7e0d784e7d1efdd209 bind-utils-9.8.2-0.17.rc1.el6_4.4.x86_64.rpm

Source:
edece99dd18f10e5fa72f7ded608c842ae56da1e17df8f503d07e00f470f073d bind-9.8.2-0.17.rc1.el6_4.4.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2013:0690 Important CentOS 5 bind97 Update

CentOS Errata and Security Advisory 2013:0690 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0690.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
42079863147d415c4ba6e04364762964bc422df93ae6dd8c3db177b5974775ff bind97-9.7.0-17.P2.el5_9.1.i386.rpm
8b92ac3a40c297fcc49e8c68acfa63b59476976dfdf77b6e1b96dad252301b6f bind97-chroot-9.7.0-17.P2.el5_9.1.i386.rpm
bc949ba766120d1afd36b0011abef24dedf4c8a1495dd65fa1624ab0270c970c bind97-devel-9.7.0-17.P2.el5_9.1.i386.rpm
f946b80f0a1b0a7e7ac3d36b1d52ac86eb86cb19d140f6f6a66b4d83882a1dfb bind97-libs-9.7.0-17.P2.el5_9.1.i386.rpm
80855bc857e8891efdc99c18e0845be3e6dbc55e76fa12b8c60655843a1a5f37 bind97-utils-9.7.0-17.P2.el5_9.1.i386.rpm

x86_64:
b2892bd9869b16158951dbc387cec469af74ca9ed549d80ae21b95342da91662 bind97-9.7.0-17.P2.el5_9.1.x86_64.rpm
5db4729f775229f984f9fa6a5132b2bc3ebd2151b2c5545ee0b9fd9d45ba4189 bind97-chroot-9.7.0-17.P2.el5_9.1.x86_64.rpm
bc949ba766120d1afd36b0011abef24dedf4c8a1495dd65fa1624ab0270c970c bind97-devel-9.7.0-17.P2.el5_9.1.i386.rpm
527e53e13a9eb7248e0b0336c549141d095c3b13e2035b130d47e99f7868b47d bind97-devel-9.7.0-17.P2.el5_9.1.x86_64.rpm
f946b80f0a1b0a7e7ac3d36b1d52ac86eb86cb19d140f6f6a66b4d83882a1dfb bind97-libs-9.7.0-17.P2.el5_9.1.i386.rpm
fb3909c52a321f0261b6617b4e5d66c6fa07c3f52870f9330280603006856c73 bind97-libs-9.7.0-17.P2.el5_9.1.x86_64.rpm
64051a5297427ebfe8f7d7075a0a51edf805651e10d6cc43c6d286167e7dc140 bind97-utils-9.7.0-17.P2.el5_9.1.x86_64.rpm

Source:
b2dbca781e4e513a6b1852f5d6e44c7513c4507390949486e9a6b1bffaed959c bind97-9.7.0-17.P2.el5_9.1.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

Re: [SCIENTIFIC-LINUX-ANNOUNCE] Transitioning ftp1.scientificlinux.org April 2, 2013

On 03/28/2013 02:00 PM, Pat Riehecky wrote:

Hello,

On April 2, 2013 ftp1.scientificlinux.org will be transitioned to new hardware.  We expect this change to be completely transparent with no down time.

This change should result in increased reliability and improved performance.

This is the next step of the update to the Scientific Linux distribution servers outlined at HEPiX Beijing 2012.

Thanks!

For those of you that asked, thanks for pointing out the ambiguity.

Yes we will be updating the http and ftp services on this host.  It functions as both an ftp and http source for yum updates as well as ISO downloads.

The services should not be negatively impacted.

Pat

--   Pat Riehecky    Scientific Linux developer  http://www.scientificlinux.org/

Transitioning ftp1.scientificlinux.org April 2, 2013

Hello,

On April 2, 2013 ftp1.scientificlinux.org will be transitioned to new hardware.  We expect this change to be completely transparent with no down time.

This change should result in increased reliability and improved performance.

This is the next step of the update to the Scientific Linux distribution servers outlined at HEPiX Beijing 2012.

Thanks!

Scientific Linux 6.4 is officially released for i686/x86_64

Scientific Linux 6.4 i386/x86_64 Mar 28, 2013

As a reminder, the SL6x repo always points to the most recent release. The
SL6x repo has been updated to SL6.4 at this time.

Users of the Scientific Linux 6x repo should run yum clean expire-cache
This should allow yum to notice the updated metadata within the 6x repo.

Mirror sites are encouraged to synchronize their mirrors at this time.

You can read the full release notes at:

http://ftp.scientificlinux.org/linux/scientific/6.4/x86_64/os/sl-release-notes-6.4.html
-------------------------------------------------------------------------------------------------------------------

Download

http://ftp.scientificlinux.org/linux/scientific/6.4/
http://ftp1.scientificlinux.org/linux/scientific/6.4/
ftp://ftp.scientificlinux.org/linux/scientific/6.4/

ISO Download area
i686:

http://ftp.scientificlinux.org/linux/scientific/6.4/i386/iso/
http://ftp.scientificlinux.org/linux/scientific/6.4/i386/iso/readme

x86_64:

http://ftp.scientificlinux.org/linux/scientific/6.4/x86_64/iso/
http://ftp.scientificlinux.org/linux/scientific/6.4/x86_64/iso/readme

Mirror List

http://www.scientificlinux.org/download/mirrors

-------------------------------------------------------------------------------------------------------------------

Major Differences from SL6.3

As always we encourage you to read the official release notes:
http://ftp.scientificlinux.org/linux/scientific/6.4/x86_64/os/sl-release-notes-6.4.html

OpenAFS
OpenAFS kernel module package has changed. With SL6.0 we started
packaging the OpenAFS client's kernel module according to the guidelines
from TUV's Driver Update Program.

Due to unanticipated changes with the 6.3 kernel, we've had to revisit
the process. With the 6.4 release, we modified the packaging to provide a
dedicated build of the module for each minor SL release, instead of one
kernel module (kmod) for all SL6 kernels. Since the EL kernel ABI is
supposed to be kept stable within a minor release, this should avoid the
problems some SL users experienced.

For those updating their system using yum, this change should be
completely transparent.

yum-conf-sl6x
This is now installed by default. You may remove it to return to the
historical behavior.

yum-conf-sl-other
This now features an entry for 'sl-addons' repo. For more information on
sl-addons please view the README file within the addons repo itself.

xorg-x11-server
Features a new ABI, this was a security errata so it should be available
to earlier releases.

matahari
Upstream has discontinued the matahari packages

-------------------------------------------------------------------------------------------------------------------


Mailing Lists

scientific-linux-users@fnal.gov - Users of Scientific Linux supporting
each other
scientific-linux-devel@fnal.gov - Development of Scientific Linux
scientific-linux-announce@fnal.gov - Announcements concerning Scientific
Linux
scientific-linux-errata@fnal.gov - Announcements about Security Errata
scientific-linux-mirrors@fnal.gov - Announcements about Scientific Linux
related to mirroring


--
Pat Riehecky

Scientific Linux developer
http://www.scientificlinux.org/

[USN-1782-1] libxml2 vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRVFJUAAoJEGVp2FWnRL6TITgQAJJrYTWZ5N5W7pkGkxZUqvAl
TaKQSG8nHp5w1vVM+hga4JoZ7bZdeDOpb4Jpdv2m6k4KHJgm8T23g6LkD6TYxzK4
MzvJQ4rTAOUo53ZI9eQaxDms2GTQPiuCkrH0bo4lKRKz175iXOH+DxcCVx7kpSE+
g4mnH/Kf5fNSVfnszhEZrrU4kZPP/vZQDwT+yyIc67ZOUfhhV0rTDnH5XMLYOxEF
Q38wSMwtwLjD06cqJHUwWyT0bPx+Sd3qjBN5IkqGdtokY/1NMrIRkiNzkWBY+Xvp
YcbTupHRIRc3bEx45EGOjPCR8eLa6KCaErhSGZUGOqyIytATdrPMS9xDrIcr4EwL
sTKAO/hYy/W+m7sJuJE0bxyBJgpVEl54TJHJT/N3o1CYuDwWi/PnUsRoB9WnhA9+
duDcdM8KEXvAaqx5DiolvK+wDs5yim1ICMWWsAxs7+Gz8Pdu3t1BeQQOztx3Bl8L
mdDxStPOYe1hZsXQnj1eYRYUgHa0xz75UX3r//VE8iRJY3QkYqLBu9YFTgsRzOM1
dqWsVDSPSxUVKidQhS2vhxJf+4ReTqCCOb2BkYaKCp8Au0NgWURJsGN4vXf1HFSu
HH2TwzdBtkPe6SKZ5xuhY710PvCSSdtYM9sf8GrIxcIhzFUQKgREBjkv9lo6rlme
gu22/gkXJ6mRTsmE4sKW
=0NfU
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1782-1
March 28, 2013

libxml2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

libxml2 could be made to hang if it received specially crafted input.

Software Description:
- libxml2: GNOME XML library

Details:

It was discovered that libxml2 incorrectly handled XML entity expansion.
An attacker could use this flaw to cause libxml2 to consume large amounts
of resources, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
libxml2 2.8.0+dfsg1-5ubuntu2.2

Ubuntu 12.04 LTS:
libxml2 2.7.8.dfsg-5.1ubuntu4.4

Ubuntu 11.10:
libxml2 2.7.8.dfsg-4ubuntu0.6

Ubuntu 10.04 LTS:
libxml2 2.7.6.dfsg-1ubuntu1.8

Ubuntu 8.04 LTS:
libxml2 2.6.31.dfsg-2ubuntu1.12

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1782-1
CVE-2013-0338

Package Information:
https://launchpad.net/ubuntu/+source/libxml2/2.8.0+dfsg1-5ubuntu2.2
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-5.1ubuntu4.4
https://launchpad.net/ubuntu/+source/libxml2/2.7.8.dfsg-4ubuntu0.6
https://launchpad.net/ubuntu/+source/libxml2/2.7.6.dfsg-1ubuntu1.8
https://launchpad.net/ubuntu/+source/libxml2/2.6.31.dfsg-2ubuntu1.12

[FreeBSD-Announce] EuroBSDcon 2013: Call for Proposals

EuroBSDcon 2013: September 26-29 in Malta
=========================================

EuroBSDcon is the European technical conference for users and developers
of BSD-based systems. The conference will take place Thursday, September
26 through Sunday, September 29 at the Hilton in St. Julian's, Malta
(tutorials on Thursday and Friday, talks on Saturday and Sunday).

Call for Proposals
------------------

The EuroBSDcon program committee is inviting BSD developers and users to
submit innovative and original talk proposals not previously presented
at other European conferences.

Topics of interest to the conference include, but are not limited to
applications, architecture, implementation, performance and security of
BSD-based operating systems, as well as topics concerning the economic
or organizational aspects of BSD use.

Presentations are expected to be 45 minutes and are to be delivered in
English.

Call for Tutorial Proposals
---------------------------

The EuroBSDcon program committee is also inviting qualified
practitioners in their field to submit proposals for half or full day
tutorials on topics relevant to development, implementation and use of
BSD-based systems.

Half-day tutorials are expected to be 2.5 to 3 hours and full-day
tutorials 5 to 6 hours. Tutorials are to be held in English.

Submissions
-----------

Proposals should be sent by email to <submission@eurobsdcon.org>. They
should contain a short and concise text description in about 100 words.
The submission should also include a short CV of the speaker and an
estimate of the expected travel expenses. Please submit each proposal as
a separate email.

Important dates
---------------

The EuroBSDcon program committee is accepting talk and tutorial
proposals until Monday, May 25 2013. Other important dates will be
announced soon at the conference website http://2013.EuroBSDcon.org/.

--
Beat Gätzi | FreeBSD Committer
beat@FreeBSD.org | http://www.FreeBSD.org
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"

Wednesday, March 27, 2013

[CentOS-announce] CESA-2013:0687 Moderate CentOS 6 pixman Update

CentOS Errata and Security Advisory 2013:0687 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0687.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
0f9e4f5ae1ebfd5e5bc2795621784a9c7371dabbfd961c12fada1076b98bc4e9 pixman-0.26.2-5.el6_4.i686.rpm
e0d916a60cc92f986df77adf7ebaa436447fd0eeebad2575e3dafe6951213e41 pixman-devel-0.26.2-5.el6_4.i686.rpm

x86_64:
0f9e4f5ae1ebfd5e5bc2795621784a9c7371dabbfd961c12fada1076b98bc4e9 pixman-0.26.2-5.el6_4.i686.rpm
77d5656e9868ee915d1bc8e06b89faf28dd1b3872d8ea3ef86f5eb7fbd66a9d2 pixman-0.26.2-5.el6_4.x86_64.rpm
e0d916a60cc92f986df77adf7ebaa436447fd0eeebad2575e3dafe6951213e41 pixman-devel-0.26.2-5.el6_4.i686.rpm
63338bdf43d7c1df0ff0662102f95654c6cf3b42b697fe2928c6633d3194c1eb pixman-devel-0.26.2-5.el6_4.x86_64.rpm

Source:
2dd2dfaf867c7093e510cc034237eeb6fddd11690d7f5cee0f48788e2532bf5d pixman-0.26.2-5.el6_4.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

koji cert renewal reminder

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQIcBAEBCgAGBQJRUyQ9AAoJEEs3sNgP+7tetBwQANypn+gpM1HdYwYabhliZKmq
5Q/KmZw/FqqFDSGdDuqyP6oruVOyt18AtXqZSV2BIpOLjDm3YF/Pv0LSvYPcArng
atLWR5gLQgilPbIjl4CDDkqzJO5dgi4z5aM0jKV/3Hf1ryPbLNdXFO6dcbE8/Uzn
lHxmDi+9RW03nne8IwK9wdyohYdvx3auRjThtteM4TDbw10KCCfuGwLRrG5OUkuw
vjjexijwvoWWjZTRTjbawiW0VaWGiew64Ch7mCZ2BcWemuN1iUDcu1wOAWrlv4EW
oTYfw2OvQrMkbLkhAUFiEoHG08OsEIKYDwpEMjrGZgiLpqRXRubTTuq0pEnpdT5c
mVhmq94GDuMQC1oexR048ioLUoyhqMPCGX2Vblh/emEaSpu1qdC7Xx+kAXZhannq
ijM8z7sF9zgalBYX2TzTicbkxCScE/vSt540SMgKeNiHBK2szG0UaCVqxWXRqE0m
0ec6OFeHFce2tsFFwLsrFQqzPkM+PMUAi4c+dscVVufwGmu9U4eJY0p9zJqjPSsg
XMP7xwrXIl8u1MD4NMAPxhPjgEudpGRoQjHtCSrs5VgSwTVqwSSvkMPntKN4knx9
7FQNhEEiDXUn9so6/xD4yFmzMuqfqukm94TQLdh7w7RW21kKUKtdSGvbGSA5RZru
N5Kxq4F29BswIx0ElyaE
=9WLX
-----END PGP SIGNATURE-----
Greetings.

This email is a reminder of some information around koji certs.

- koji certs are good for 6 months, then you must get a new one. You
should use the 'fedora-packager-setup' or 'fedora-cert' command line
tools to do so, you can no longer use the web interface to download
one directly.

- You can check when your cert expires by running 'fedora-cert -v'

- You can only have one valid cert at a time. If you need to use it on
multiple machines you should copy that cert to them, if you get a new
cert the previous one is automatically revoked.

- Your cert is stored in ~/.fedora.cert

kevin

[FreeBSD-Announce] FreeBSD Foundation Soliciting the Submission of Project Proposals

The FreeBSD Foundation is soliciting the submission of project
proposals for funded development grants. Proposals may be related to
any of the major subsystems or infrastructure within the FreeBSD
operating system, and will be evaluated based on desirability,
technical merit, and cost-effectiveness.

Key dates for this proposal solicitation:

Call for proposals: 27th March 2013
Deadline for submissions: 26th April 2013
Notifcation of accepted proposals: 17th May 2013

Proposals must include the following:

* A detailed description of what is being proposed, how it will
benefit the FreeBSD Project, and why the work is needed.
* A timeline and costing for the project.
* One or more people that will act as technical reviewers for the work.

Proposals are open to all developers, including non-FreeBSD
committers, but developers without access to commit to the source tree
must provide details about how the completion guidelines will be
achieved.

For details on the proposal submission process see:
http://www.freebsdfoundation.org/documents/Project%20Proposal%20Procedures%202013.shtml

The FreeBSD Foundation

_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"

Tuesday, March 26, 2013

[CentOS-announce] CESA-2013:0685 Moderate CentOS 6 perl Update

CentOS Errata and Security Advisory 2013:0685 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0685.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
4693ce1309c88397a4defc5c0f1c114ee7f8feea8f23f7c38fc9e600c4ff972e perl-5.10.1-130.el6_4.i686.rpm
b882fdb4c014e0bf01754b6a6eff1166321aae9d9788c0a52f85183245927867 perl-Archive-Extract-0.38-130.el6_4.i686.rpm
b86aad3a0a434fdb283f4a12e41c5621d8fd64bcf6abfb4580e414e6be812a14 perl-Archive-Tar-1.58-130.el6_4.i686.rpm
d47070bb3276156dbe5db27c8c0963e52bc4acedbc3230621b94c4fa580eb048 perl-CGI-3.51-130.el6_4.i686.rpm
37af3256e77fb643e54784db44004d898421b5da7c5f901773eb9e6bc3858ce5 perl-Compress-Raw-Bzip2-2.020-130.el6_4.i686.rpm
cf353f79b44e8d6926cb70c9960623ce3b94c54a15651c73cfe7fb96abd5df16 perl-Compress-Raw-Zlib-2.020-130.el6_4.i686.rpm
f03f401b2bdaab18e5f42c659fc6a00ff850d431b49a67dc5fa954fe9131f929 perl-Compress-Zlib-2.020-130.el6_4.i686.rpm
6c9314a5fed158c222a2b5ba3821fa5aa64574d993f8c1c50a1370e48ca307f3 perl-core-5.10.1-130.el6_4.i686.rpm
3c6a02f034617fc3fe254a2107031368cef65ff4f9ab8122fbc5656b13d73d64 perl-CPAN-1.9402-130.el6_4.i686.rpm
fa1ee1cf77e9f2016fd5b92ed6629651d4feb3a0a79a81383898290f50480502 perl-CPANPLUS-0.88-130.el6_4.i686.rpm
1de9b8954d67907cd816d872df71acf1c0d244cd00ab51307f2d561da8d66437 perl-devel-5.10.1-130.el6_4.i686.rpm
64a4942ca9873830382d5fe19256b8e671f4fec1676f7de7d0c6229d846554bb perl-Digest-SHA-5.47-130.el6_4.i686.rpm
9e89bbbc36687eb3c531a88680fc51a52bd69ff7a2855d45ca534bf2d8cf44b4 perl-ExtUtils-CBuilder-0.27-130.el6_4.i686.rpm
e10afa6f9036664e1fae0354ff5df43ab4a70a321e7c67aecf0571e42693e96e perl-ExtUtils-Embed-1.28-130.el6_4.i686.rpm
93d053153a05a95e625bc95f8da79f6498a58072a1c40db59adf1d2154647c80 perl-ExtUtils-MakeMaker-6.55-130.el6_4.i686.rpm
bd717ad55e095d9deb1dde6f3015f4fc43fb763e3fc709c183ebcdb2a8c14d94 perl-ExtUtils-ParseXS-2.2003.0-130.el6_4.i686.rpm
872dab6fd0d9b4f9778fb227eb2cd7ba7046b5ade7e3b6503a4d38f269bc2c01 perl-File-Fetch-0.26-130.el6_4.i686.rpm
b4ccf0881579ec62c7094454da74ae14af33ad3b2bfb0d310490afc82b9f4818 perl-IO-Compress-Base-2.020-130.el6_4.i686.rpm
30681e26a519c14aca7f48d154379665883bfd1e19bf7002711c60a58fd194bb perl-IO-Compress-Bzip2-2.020-130.el6_4.i686.rpm
23ba31dc5b6d2e8c19474af5fffc6c1d0602b2d17a5126e36b6e168547e313cf perl-IO-Compress-Zlib-2.020-130.el6_4.i686.rpm
2f3cf5c512da71f38275fee510f669e2ef6118a9bcaddd4c32c6d8ad232c5734 perl-IO-Zlib-1.09-130.el6_4.i686.rpm
ea36721e27c0717fb663f598be40bb17d1c8928dbb52e97883f960c654ec50d8 perl-IPC-Cmd-0.56-130.el6_4.i686.rpm
1bde62d33617138d6a3c5697eef715d458d1bb3d589aebc3c3c22efd11bd8c32 perl-libs-5.10.1-130.el6_4.i686.rpm
64835742c7f3cff0b6fb20ec68a3ba91b663d5017819e5118f3d7329fd37d22a perl-Locale-Maketext-Simple-0.18-130.el6_4.i686.rpm
0ff088c810b8eb7e21cb7ab673eb7bdf2a3a942f461121f1901c59f561ffe665 perl-Log-Message-0.02-130.el6_4.i686.rpm
9c7416be7534f162c11f87278a1f06662957f137e7bb98cb33dbd0e426e88d7b perl-Log-Message-Simple-0.04-130.el6_4.i686.rpm
dc56cc93897f3f656b8fe3cd24ab635ff68170f7866b96f9bde327ba2dff4d7a perl-Module-Build-0.3500-130.el6_4.i686.rpm
1d3510c1ffd152710a9c608f17b37f12cbe09224ce63ffcd2cc6cc316b8cc1a6 perl-Module-CoreList-2.18-130.el6_4.i686.rpm
8aa35b7217e0d240e7569aa7e0c9c78250f6fd2a1ca7bd5f6602ed74c3383bc3 perl-Module-Load-0.16-130.el6_4.i686.rpm
70150b4e7effd460c377b94b31e3a46ca46ad0c0a9118dce2f88c2ae055202e3 perl-Module-Load-Conditional-0.30-130.el6_4.i686.rpm
4447149f2f489fb5fb0fe919c0fbfde3328df554618da93abfd8cee74a351726 perl-Module-Loaded-0.02-130.el6_4.i686.rpm
b5430d39b65601ae47d0c3fb55d6d0dc53b6b6fe2547dbc7e84cc6167c6dc0a8 perl-Module-Pluggable-3.90-130.el6_4.i686.rpm
37b53b5a87e8557731a737ea2836f4a088d8d8bc79a42f7c5e6455d539c187aa perl-Object-Accessor-0.34-130.el6_4.i686.rpm
5bced84fd961821e600c2658dfd4682b1dc70c5ca8e1af4f4d3c53968172f540 perl-Package-Constants-0.02-130.el6_4.i686.rpm
f4105e9e81cc9744f9131e688a7a6546277ee6fbfd3693b74002d92c5b60002a perl-Params-Check-0.26-130.el6_4.i686.rpm
0e6ea306033bdf09b7ccfcc6786f7a151798d3ad168985d58c8bbb962e7d8f73 perl-parent-0.221-130.el6_4.i686.rpm
b55eea363d08c76ae2c6d92105147d9291ec8d5eada6a5a2f5f33e3621ab1278 perl-Parse-CPAN-Meta-1.40-130.el6_4.i686.rpm
6475faaa37482c0af01bc1f3892c9437a4a44a8e13d42ccc2c046555e23c8f45 perl-Pod-Escapes-1.04-130.el6_4.i686.rpm
27e74340b010984e0b576ba353b7dff54f3bc5b04c4c49366b219216aaebfbc5 perl-Pod-Simple-3.13-130.el6_4.i686.rpm
78a27cc875fd8cf31f3104939f0ccafc7352cd8b7ef4431d7fafe6ea69dd4cee perl-suidperl-5.10.1-130.el6_4.i686.rpm
a14445781538bc5f5eabfa96bb2ff67a8694ef7cfdb2377632777697ca35a409 perl-Term-UI-0.20-130.el6_4.i686.rpm
8fdda785891d0b5997d811e638b594b2c33dd85a3891045272d38ff387f217be perl-Test-Harness-3.17-130.el6_4.i686.rpm
dac8a8b4384cc7e8260ba52196752c682f275e4c290c1e17c0436a96db172535 perl-Test-Simple-0.92-130.el6_4.i686.rpm
141219e4abee540ed693320500ae136bf5fcba6506026735d2199e64c3598bfe perl-Time-HiRes-1.9721-130.el6_4.i686.rpm
1d9e38a518801f9cfa10200ab8e90a8680ea1c8a4d154d992cac7bea0d4d95df perl-Time-Piece-1.15-130.el6_4.i686.rpm
27a9ea79d3326c291c707e11de67380cee9d2608027e071a0bfce8150389f633 perl-version-0.77-130.el6_4.i686.rpm

x86_64:
36c531eca77fa85b20d0bffe21f86c76915d63e89ecb4d96b3511cf7faca7e89 perl-5.10.1-130.el6_4.x86_64.rpm
45e505782ed2b8205f8acb7a737fc04132895b820e7e22f657ee5f514aa27916 perl-Archive-Extract-0.38-130.el6_4.x86_64.rpm
b8b503c45b65d72fb99c8b3b53b49caa921979348ca260ad8fba23bbcf69d2e6 perl-Archive-Tar-1.58-130.el6_4.x86_64.rpm
fdfd2fad24871d4162b789acd0bc14ed3697fcc79a469bcb56752c1da6af16cb perl-CGI-3.51-130.el6_4.x86_64.rpm
9f56ff33e6350beef0679fb62296822d634b9fa6f6e0f029f6c90d2b3e299a7f perl-Compress-Raw-Bzip2-2.020-130.el6_4.x86_64.rpm
27d8883d0dc0f45cee22d857d225d5b3dafef8e85231c4475871213de99a9bdb perl-Compress-Raw-Zlib-2.020-130.el6_4.x86_64.rpm
29fbef313e60dbb6c31a7c0bb26fc43ccf6dd254892c5581b183cc6f9b02b8be perl-Compress-Zlib-2.020-130.el6_4.x86_64.rpm
c99f961edbfd7b0f955b09ddeb13ed99f290bfddbc8da951d8d2527cf18092f5 perl-core-5.10.1-130.el6_4.x86_64.rpm
ee3038896ce7f1153527be3892eb8c08fd69d8d2738a442363ac74822c455324 perl-CPAN-1.9402-130.el6_4.x86_64.rpm
033f4490a136e3e996c566ff9f85de2be97a0fca7bd6bbacf62d82074c265e0c perl-CPANPLUS-0.88-130.el6_4.x86_64.rpm
1de9b8954d67907cd816d872df71acf1c0d244cd00ab51307f2d561da8d66437 perl-devel-5.10.1-130.el6_4.i686.rpm
a041102efbf47df9dfbd315e90f728caa03607a7b370b92e68dc8e397db76dc8 perl-devel-5.10.1-130.el6_4.x86_64.rpm
aede63944a52ee9903491c20036bd2654301f0ede1bf7e9a68d7cf7bbcdd29ee perl-Digest-SHA-5.47-130.el6_4.x86_64.rpm
933b10cb25ce6d17eb586bde50e73d97040ce5c25f6a98800e40a2787361604d perl-ExtUtils-CBuilder-0.27-130.el6_4.x86_64.rpm
c5870150204b9aec369703207f22f6bae434c4ba6f288de8c38e0246b4760116 perl-ExtUtils-Embed-1.28-130.el6_4.x86_64.rpm
fafc6656e8edd7db8d33a5f229a3df6e2d0a336f8e8495b079b6db5f24bd5550 perl-ExtUtils-MakeMaker-6.55-130.el6_4.x86_64.rpm
26c3291a3ccaaf178d9c5d6aba0d6be7df770da88f13047435389f74abb9155d perl-ExtUtils-ParseXS-2.2003.0-130.el6_4.x86_64.rpm
c7219a1eda6d20d32a945c017b93424db60a23bbb6d4ab37f07518107cc3b895 perl-File-Fetch-0.26-130.el6_4.x86_64.rpm
2a39620ced144c31d76a5784f43cd877f5b43be902a3b4999e26a4710147db0e perl-IO-Compress-Base-2.020-130.el6_4.x86_64.rpm
ca54d0a5dc5ac96cc64aa8e2faf38c89903ae727502737ae8ea43b3ee0e3920a perl-IO-Compress-Bzip2-2.020-130.el6_4.x86_64.rpm
34c7385a1503dc7909c5e40b6a224ed97fc1e196d278eaad986f83fa75c4ec90 perl-IO-Compress-Zlib-2.020-130.el6_4.x86_64.rpm
efa1d7f0f8284ab84c93f7193e1d50e9a9101606b7825f7a6794db271e37593d perl-IO-Zlib-1.09-130.el6_4.x86_64.rpm
2ede10b3befaefa83a3ac46e36f14cead053c98bc87c00d1797b063b8a181358 perl-IPC-Cmd-0.56-130.el6_4.x86_64.rpm
1bde62d33617138d6a3c5697eef715d458d1bb3d589aebc3c3c22efd11bd8c32 perl-libs-5.10.1-130.el6_4.i686.rpm
0b7c5e1ca14ad574a3f5cab3aeb5a3183e7b6a8c3ae47ecad6ec78f238adf28d perl-libs-5.10.1-130.el6_4.x86_64.rpm
44fc82af1845c5cb99534f595b4df8b1fa069db0793ea3625253d644a32e9991 perl-Locale-Maketext-Simple-0.18-130.el6_4.x86_64.rpm
ed2410fa5133a4fa610c17c706ca31a24d9900c54632d319a5e1cc274eaddecb perl-Log-Message-0.02-130.el6_4.x86_64.rpm
a88725f78c429332407495184bd871beed3f9056292516153dec184d2189467b perl-Log-Message-Simple-0.04-130.el6_4.x86_64.rpm
145e8a5182e8498df055ef209a00991a84a18359f010447323b21f38835fd56d perl-Module-Build-0.3500-130.el6_4.x86_64.rpm
3b881f45bc9cec5ed64f823f11a9a38c1fe052c944d522a19e2458cee08ccf75 perl-Module-CoreList-2.18-130.el6_4.x86_64.rpm
be8e1d0610ec0680b44c56a421633ed4f0e1e91719e206e0cf3f2d7b8b9daf2e perl-Module-Load-0.16-130.el6_4.x86_64.rpm
451055dd412ec3a483e0423438f5ac95af1e9d1697f235cec20c8ba6e776929d perl-Module-Load-Conditional-0.30-130.el6_4.x86_64.rpm
6213146df9c3eeb0f9c13cb0f0e7df05dd80a13adeb8a86ae683cfd1bfda5392 perl-Module-Loaded-0.02-130.el6_4.x86_64.rpm
64761093acd289efba7fb4bb3c3461d30f626a96e4d53a05f704addd49fa2647 perl-Module-Pluggable-3.90-130.el6_4.x86_64.rpm
1ef50cad298cd4592d87992ec9cef16557be5af225cd9c8119935a67ae894e7f perl-Object-Accessor-0.34-130.el6_4.x86_64.rpm
bd54e84fc4eac4bcda3fac025794273a7b5daf1273a8b5c7f7e57581e4eddae9 perl-Package-Constants-0.02-130.el6_4.x86_64.rpm
ef64338aa793b1d19beaea5527a1b47bd36839b3c0f2ea351832b3213dea9721 perl-Params-Check-0.26-130.el6_4.x86_64.rpm
d0daba7655d647effc9091e6da9adba7d38fe6406f8e0b979bad6554ddbe39a3 perl-parent-0.221-130.el6_4.x86_64.rpm
96003bfbdc042911283d8cf04c59e9650d65817d65ddd2c8294bfc9f16f3b32d perl-Parse-CPAN-Meta-1.40-130.el6_4.x86_64.rpm
8e3742027adfad111a6f71ee88de7eddeb3993aa206c8f74459c1a4c2956bb3c perl-Pod-Escapes-1.04-130.el6_4.x86_64.rpm
d2569717ed6b83cdd904bd1b076a58401ab219c62f0c6a7ca9af4763652e404a perl-Pod-Simple-3.13-130.el6_4.x86_64.rpm
f05e7bc5045d7b393444df5d0a085ec77fed867f1945a5bbcdc11374e44faa55 perl-suidperl-5.10.1-130.el6_4.x86_64.rpm
abe32553e49c9bcb329dfc662fc383fe3c168173a296ae73db2437d5fa55113c perl-Term-UI-0.20-130.el6_4.x86_64.rpm
564a0fda4e41f20a1b9165dede88060b23544cabcfd4643977bbf284f4a3fc05 perl-Test-Harness-3.17-130.el6_4.x86_64.rpm
6369aa236466bc8b226915bab30116225b6b91d4ad55f7c4c62cfdd18dea2dba perl-Test-Simple-0.92-130.el6_4.x86_64.rpm
8453614f059cb1ca92bd1fdc172fa4342895887896bcca1042fab871e8efc71a perl-Time-HiRes-1.9721-130.el6_4.x86_64.rpm
c1c6db49b29013525eb84fabb9a80cc9c6abd333431c3add68433477bad9e891 perl-Time-Piece-1.15-130.el6_4.x86_64.rpm
1e4fbb47d084a8dce46d95f12a0d3fce85416040d87170023baaf8bf83d250be perl-version-0.77-130.el6_4.x86_64.rpm

Source:
4aeb1b9c6a196bd1dcbe64d52426bd191b4747e696f6b29de10ee553564e1b20 perl-5.10.1-130.el6_4.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2013:0685 Moderate CentOS 5 perl Update

CentOS Errata and Security Advisory 2013:0685 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0685.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
f932d1b4e665b8c27a16fc2234d0f506058fc006ad1f1449d364d5586c5ab678 perl-5.8.8-40.el5_9.i386.rpm
089798f46a3e3a764c84b04a43c4121fb3d01837b246300a1e0168aa325d4c9f perl-suidperl-5.8.8-40.el5_9.i386.rpm

x86_64:
e4da70ebed49403e02325827073f0cfaa1bfd5e1aa4d9a098884e814578aceb9 perl-5.8.8-40.el5_9.x86_64.rpm
d6ff3694dc3e4b922f7c72988ea4763e07dd200a3748c4ce8a59d157bc166b24 perl-suidperl-5.8.8-40.el5_9.x86_64.rpm

Source:
820918b4e9e204a8105779fa35854592b5986f31ad518f5d181d135b77c5eae4 perl-5.8.8-40.el5_9.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[USN-1781-1] Linux kernel (OMAP4) vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRUbYZAAoJEAUvNnAY1cPYrSQP/2W2eWVuUzIStIda+V5jnO8E
bFKeFF8N7CIcW71NeuaobcVzOTzGHTFi1v6HikN0oop7qVIaGu47rwGmLY8GZJl1
qxOGo2UqVnMzmiR3lAGD8PlHbsaHELKyyMYiQHewVGaxOltdpApc+siSux1fOD6S
1LthB0wH/trLrBaJR6m5H9eM5bNg9VYTXrLBQ/GC0NU6X3IjzzIhJy0M1WlLx1mK
1dy2bHO11BUe+1U8d90nnuwWjAoI5i9bi9GXfN/SimYXr1CpkqubvW4k9m9HHRN3
z90N/vjIO2RVYd4i1y9Mh25W9hRm8B9j1HR0Ld5w712WZa35+LqmhdjxgmqCCjfS
I5LzNbZffSDeLcM9WL4uY3Z5kUZK6MOQh1x/cKmCExugsY69gq5dvf9Qb3MDi4YW
o/nozxBqboPWtqYvqpUlqXt0h3cxNor/1XdxYZJ+UwAnbI9nqq7Gi6x7lBrb3VUE
2MRvwv9ug6F/IhU7FJ1rHiFVWSlzSbk5vVSzU+bGlruqNcA5+SC++qa+tT8CA2Qb
uflJI7Gk+L5iJwJRZK5y25UjhphB4pP6pQVoPQE+wqUIXEb2YF4d4DBb1ZPZsnTU
7aUu45gJPjustrJovbHFL/ptY7pJSb3Y2drRl6HeoMweuG7xvbPQbxSXiJRRrauh
hIFSaq0UDz6z7ROyJ80M
=xfkt
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1781-1
March 26, 2013

linux-ti-omap4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-ti-omap4: Linux kernel for OMAP4

Details:

Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's
Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged
guest OS user could exploit this flaw to cause a denial of service (crash
the system) or gain guest OS privilege. (CVE-2013-0228)

A flaw was reported in the permission checks done by the Linux kernel for
/dev/cpu/*/msr. A local root user with all capabilities dropped could
exploit this flaw to execute code with full root capabilities.
(CVE-2013-0268)

A flaw was discovered in the Linux kernel's vhost driver used to accelerate
guest networking in KVM based virtual machines. A privileged guest user
could exploit this flaw to crash the host system. (CVE-2013-0311)

A flaw was discovered in the Extended Verification Module (EVM) of the
Linux kernel. An unprivileged local user code exploit this flaw to cause a
denial of service (system crash). (CVE-2013-0313)

An information leak was discovered in the Linux kernel's Bluetooth stack
when HIDP (Human Interface Device Protocol) support is enabled. A local
unprivileged user could exploit this flaw to cause an information leak from
the kernel. (CVE-2013-0349)

A flaw was discovered in the Edgeort USB serial converter driver when the
device is disconnected while it is in use. A local user could exploit this
flaw to cause a denial of service (system crash). (CVE-2013-1774)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
linux-image-3.2.0-1427-omap4 3.2.0-1427.36

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-1781-1
CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0313,
CVE-2013-0349, CVE-2013-1774

Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1427.36

[CentOS-announce] CEBA-2013:0684 CentOS 6 virt-viewer Update

CentOS Errata and Bugfix Advisory 2013:0684

Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0684.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
2a347c6baaed520eb84a192cbd607c174328d70150f5a7ba788463ea75c85a7f virt-viewer-0.5.2-18.el6_4.2.i686.rpm

x86_64:
aa759e60722292d4ae82dbb140846e8c773a720e63a41400f4bb5dec282ac6fd virt-viewer-0.5.2-18.el6_4.2.x86_64.rpm

Source:
37f1f0442ee41fabb719bc09d94ecb19609b033f82b76b018b1fb0d1f3d369f9 virt-viewer-0.5.2-18.el6_4.2.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

Monday, March 25, 2013

[CentOS-announce] CESA-2013:0683 Moderate CentOS 5 axis Update

CentOS Errata and Security Advisory 2013:0683 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0683.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
b6235d3a74e62c9c9a29709d6c08f929887057c0556a3e5f1485d8133fb4160b axis-1.2.1-2jpp.7.el5_9.i386.rpm
2186648502e1e67ba6ee53360191cf3e03811d8c36f2ddf1843e654b77e29842 axis-javadoc-1.2.1-2jpp.7.el5_9.i386.rpm
7022df95b8fb6e03d8db13309257ddebe59ea1ceeebd290cfdc81fea67eb86cf axis-manual-1.2.1-2jpp.7.el5_9.i386.rpm

x86_64:
681e19cc4c4a716f2973476e64cb7d8224de668eaf00eff68e1b58eec31cb378 axis-1.2.1-2jpp.7.el5_9.x86_64.rpm
a12becca6c282eb2c00f0600a1d11fee227f8639c1d3ea9e6b2397a325002725 axis-javadoc-1.2.1-2jpp.7.el5_9.x86_64.rpm
a2d033d830bdc598b8c71c92931c8703f8473444a8f0f33d2d900c944f65c09a axis-manual-1.2.1-2jpp.7.el5_9.x86_64.rpm

Source:
4a1d19a94f2718aeb962dec15086b5ef12d9422111f25a0336daa67bacf964ec axis-1.2.1-2jpp.7.el5_9.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[arch-announce] MariaDB replaces MySQL in repositories

Bartłomiej Piotrowski wrote:

MariaDB is now officially our default implementation of MySQL. MariaDB is
[almost][1] a drop in replacement, so an upgrade should be possible with minimum
hassle. However, due to remaining compatibility concerns, an automatic replace
is not done.

It is recommended for all users to upgrade. MySQL will be dropped from the
repositories to the AUR in a month.

Users who want to switch will need to install `mariadb`, `libmariadbclient` or
`mariadb-clients` and execute `mysql_upgrade` in order to migrate their systems.

Migration example:


# systemctl stop mysqld

# pacman -S mariadb libmariadbclient mariadb-clients

# systemctl start mysqld

# mysql_upgrade -p


`percona-server` is another MySQL fork available in [community]. It should be
closer to Oracle MySQL Enterprise, but is missing the new features included in
MariaDB.

Together with `mysql 5.5.30-7` in [extra], all packages depending on it have
been rebuilt against their MariaDB counterparts. Other package maintainers
should move their dependencies to the MariaDB packages.

More information can be found on our [mailing list][2].

[1]: https://kb.askmonty.org/en/mariadb-vs-mysql-compatibility/

[2]: https://mailman.archlinux.org/pipermail/arch-dev-
public/2013-February/024478.html

URL: https://www.archlinux.org/news/mariadb-replaces-mysql-in-repositories/
_______________________________________________
arch-announce mailing list
arch-announce@archlinux.org
https://mailman.archlinux.org/mailman/listinfo/arch-announce

[USN-1780-1] Ruby vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRUI52AAoJEGVp2FWnRL6TDI8QAIMMtt4x0NzhXNnIt+J0BOmJ
RjDUqpmiK2fSzIeLbJU0oGpAFIJsViB4ZiPPL3wzuvKsKtz34qXxbxZ6jDeGoE1x
WqTER5ur+F1W/m9fXPVbPfXw8gMnY3KYv1ao8JQ3KcEEfZwufF+HZrcrUWCf315M
O0Z5aggHL1kboBoFt68RdxidghyZ79P3o0PpkImW5WKv3vPX+u7G2H9BCNw+Tnt5
J44Wlekr9MpGyb7bAhHekWtIHTmiKdSApZ4S5SsFdJBZgTSNfk6N7GR2eZdJEiRU
Gz2ch4F5koGobrK6C0PfLStb5boTC0Tn6ZLkr7pfABDoKXK1TppSkcETIt0Y2DUY
6jllJAYwEaUuvLJVk2Ob6RCuxdPPBAG4nhU0XJSvLESdQgZ9ShLMt/r4evRFg+qj
DZ9ZJ7LceH4LwzRNfXPFMdRyYsbFV2VO0Ii1HZVTx1S61MTWg0+OqVzN7O/txW79
l4Hp4wzrEI0vjRfARXhNY26lsox9fT8XlCahEpEBXarBTh+yILBcj5riK1id7FAp
XpLoQgZ/cKiN6qE/naLoUnRn7Jzi/rtXAqHiJ/kYYJhlVZtFFkWk9XHKMWEg1KhB
FhTi3Vjv73k45w6YTRAsSvEXLnS5hGilfB43a1S8p3lDJGdtAN/iQmsTXA8OBcwO
+fcNpTfZgvPsqnJThVa+
=aWhX
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1780-1
March 25, 2013

ruby1.8, ruby1.9.1 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS

Summary:

Ruby could be made to hang if it received specially crafted input.

Software Description:
- ruby1.8: Object-oriented scripting language
- ruby1.9.1: Object-oriented scripting language

Details:

Ben Murphy discovered that the Ruby REXML library incorrectly handled XML
entity expansion. An attacker could use this flaw to cause Ruby to consume
large amounts of memory, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
libruby1.8 1.8.7.358-4ubuntu0.2
libruby1.9.1 1.9.3.194-1ubuntu1.4
ruby1.8 1.8.7.358-4ubuntu0.2
ruby1.9.1 1.9.3.194-1ubuntu1.4

Ubuntu 12.04 LTS:
libruby1.8 1.8.7.352-2ubuntu1.2
libruby1.9.1 1.9.3.0-1ubuntu2.6
ruby1.8 1.8.7.352-2ubuntu1.2
ruby1.9.1 1.9.3.0-1ubuntu2.6

Ubuntu 11.10:
libruby1.8 1.8.7.352-2ubuntu0.3
ruby1.8 1.8.7.352-2ubuntu0.3

Ubuntu 10.04 LTS:
libruby1.8 1.8.7.249-2ubuntu0.3
ruby1.8 1.8.7.249-2ubuntu0.3

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1780-1
CVE-2013-1821

Package Information:
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-4ubuntu0.2
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-1ubuntu1.4
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu1.2
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.0-1ubuntu2.6
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu0.3
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.249-2ubuntu0.3

[CentOS-announce] CEBA-2013:0678 CentOS 5 cman Update

CentOS Errata and Bugfix Advisory 2013:0678

Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0678.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
4a7f784bba1c838388c37e4ef955b10997d0a43fb15028d2a241fbcd1b007f9c cman-2.0.115-109.el5.1.i386.rpm
9686f73d8e6c5fd31bb4417c00801309b707818810000c1f4deb007f3a8bb73d cman-devel-2.0.115-109.el5.1.i386.rpm

x86_64:
318d1de1b537d49ce45bd4408564aa1d8100345341b03cbcdfa486afa0d76709 cman-2.0.115-109.el5.1.x86_64.rpm
9686f73d8e6c5fd31bb4417c00801309b707818810000c1f4deb007f3a8bb73d cman-devel-2.0.115-109.el5.1.i386.rpm
d0e7f5d640a9e6321e7a88a2abe060562e0aa81a3980a3bf224fdc2238b09cee cman-devel-2.0.115-109.el5.1.x86_64.rpm

Source:
204fd4a6bd56f0319a9ebe8182e7301787f0f9efb901c17f37835b60c2df942c cman-2.0.115-109.el5.1.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[USN-1779-1] GNOME Online Accounts vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRUFxrAAoJEGVp2FWnRL6T3B8QALnWR5/vIPXyIl3J5uSFtDJa
YxPovqSkcJAQrwgnEKw7+FqlJko6KAhmizxOoVKXTpxiZyKpR9xZHs/O9nUaqgRP
7CKNdU/hh2Yon4XglH28D9Anc0jo3/58cyPZdTqgiculKUHKcvn7q6rC9MCXlz1X
+v4TzN/tLY3hk7ijOvaiUaZWodT3lmfP6QBLFhyqMWDnbiabi5uk0OZx9EuqWWk6
TcpkP3erID0Zw4Uj1rX2xBSCsX70dUi3YSZ5FHHmW2tQR6/QMh/6Nrjnkwak8CE7
vK85UL9vhXbPUr9+mM20GLxGXWcGI++EbQXEa0812H2Pg41MkBu9NWD5zt+UqERN
haIPu/LNAX4NzSJRktORb83yeXtcOnfSY5ZFKNjkpbbr5k5YIgNVnR7/lW2Z1qlE
RrWbE5wcsq4lTHiK26bRelCwtoJJmAI2ulrPCyMmO7Wos/heeqnerOFM3vGJ/1HD
9oSXOAKsFQEndp9eB2F40J9pdjT0lNpswRmb8awnCbHD7WJ5iJmiatEEsh9+bBxV
UmK9/QzENsNOouR5Y1KkvhL+/D/HfMljRMxdUd2d/ymFQppEPzy43WBsBZm7E6xQ
avVZJ7d7avJxgxt/ztpPUch/+1aNiak88dgpW3JtmGqCoMIi+CDPccV5JPsjOpwc
xPPYdOIVCC+QwG6uPl0+
=XPff
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1779-1
March 25, 2013

gnome-online-accounts vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10

Summary:

GNOME Online Accounts could be made to expose sensitive information over
the network.

Software Description:
- gnome-online-accounts: GNOME Online Accounts

Details:

It was discovered that GNOME Online Accounts did not properly check SSL
certificates when configuring online accounts. If a remote attacker were
able to perform a man-in-the-middle attack, this flaw could be exploited to
alter or compromise credentials and confidential information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
gnome-online-accounts 3.6.0-0ubuntu1.1
libgoa-1.0-0 3.6.0-0ubuntu1.1

Ubuntu 12.04 LTS:
gnome-online-accounts 3.4.0-0ubuntu1.1
libgoa-1.0-0 3.4.0-0ubuntu1.1

Ubuntu 11.10:
gnome-online-accounts 3.2.1-0ubuntu1.1
libgoa-1.0-0 3.2.1-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1779-1
CVE-2013-0240, CVE-2013-1799

Package Information:

https://launchpad.net/ubuntu/+source/gnome-online-accounts/3.6.0-0ubuntu1.1

https://launchpad.net/ubuntu/+source/gnome-online-accounts/3.4.0-0ubuntu1.1

https://launchpad.net/ubuntu/+source/gnome-online-accounts/3.2.1-0ubuntu1.1

[USN-1732-3] OpenSSL vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRUFTxAAoJEGVp2FWnRL6TXjIQAJ1sjAz75G0newiX8veEeeOR
UjyHP32Q668ZkYJH4S1e5VdMJfYz+l3GBYTQ1sEZcVJOlLJYiYu88nVcNM1T3icn
VrOaxUEP+IAGGf4b+huCPyNbQajRl/0mX27Nq2wFWvgdp5+7Q1wkASQQBiIS0PsZ
vIKiqPZRvYTWCqvDp5nS1W7rkXAL5xKG9SCWOV1qxpyKZ+dsu7uhjwqaZYUNtQem
tiwG+nqlRmsy8bbNCEn+PyXvqQmYD3//Ny/ekTPLeJX8JjACRr6Dzb4Az/DDeW31
9pZxc05VMazOS3g7pzDxw4ze1QoQsgqlqPFyi5Do4hTHPoyjul8g6F5mZWdbOHjF
X1MI+7mXkViaaTyRj6aHAtuHKIKgn/58R86W5tiUCklDOA7p8EGGwcLbhLTA/M3H
hjSDraw46b47C0Es7zSR0+G8UxtT9615N6CWR29qHU/58c725gR68OpvYteP/y9C
OrpCAeQlQc9PvkImAC3sYnsR7Zo5h0WVW550PkRwhTsDqu4qw1bmPrNAvfvXdfNO
XL+1gHC37q9R6EANrBzLasfxFLiZs2w3U8xTNoFo+MfjLQEHhfNqr66VTt0Vh5XR
N8UfgpXoaAQrl0bBI7e0D6zRdb/uRIjZf5eDHpOGyAP7ccUZhsZKpE3dAafeBvF3
sX20yi1YCeIK0E53Ay+N
=6M7f
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1732-3
March 25, 2013

openssl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0169 and
CVE-2012-2686 was reverted in USN-1732-2 because of a regression. This
update restores the security fix, and includes an extra fix from upstream
to address the AES-NI regression. We apologize for the inconvenience.

Original advisory details:

Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly
handled certain crafted CBC data when used with AES-NI. A remote attacker
could use this issue to cause OpenSSL to crash, resulting in a denial of
service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10.
(CVE-2012-2686)
Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as
used
in OpenSSL was vulnerable to a timing side-channel attack known as the
"Lucky Thirteen" issue. A remote attacker could use this issue to perform
plaintext-recovery attacks via analysis of timing data. (CVE-2013-0169)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
libssl1.0.0 1.0.1c-3ubuntu2.3

Ubuntu 12.04 LTS:
libssl1.0.0 1.0.1-4ubuntu5.8

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1732-3
http://www.ubuntu.com/usn/usn-1732-1
CVE-2013-0169

Package Information:
https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.3
https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.8

Friday, March 22, 2013

[USN-1778-1] Linux kernel (OMAP4) vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRTOuoAAoJEAUvNnAY1cPYGvgQALC0OkNJvxAH+0JCJkjZ5xB1
KRvRNReFSPPivcOcMWLA/7SJJRSNGL1nDtA2MdLbdY+WrMB4uoFSVB3xIS3EWrRb
LTlaqvjSfQ5RImaCaOr3JLgeouA3CHo22uDs7qnqHizvjLJZZ9wvx61Z0vgFb0mR
V/fzGJdyqDZrwsr1VAKpj5yYsVtnWo1n9q0ln/81ianjKYbUqPuGSO5UVPA47o4d
vYQF3+Kx799p36ctHc4FEkOa6tvu8yrDKIUN5kqgKHMdPQWLnPpbPPezg/c4A/Oa
77s1kRpYSGj87LPyY1RvuEWt35eNRpOJcMQoXCC/NgNrjOySGetbLqS3yhN80Y2G
WfTYunfzzSUxDZS8lTknLMfAwtIRGLbvLJ6TmMO49EpmQVoYDo9s59Ga/F+qRMJZ
Al01fQuGVhfB3ilUVgmIX2NIqzOgw3X5sQeXuJRKbzjNe4liG3p+hrUsXpFlOFzL
5r3gtlnfZOyzkI3tE5okrk5Yt9OSoqyM+dsmgZ/rLOTKGC8KNbYZT7KrNa4R7HXn
t/ObQ6kuU7Q+NalrSrqUH1C9bsefpNdMNebv67J7aUVBZn6fnm3YxpM9oByzvQIa
6LOfrNl3i5qUdFec6903g9ghtoD27k5Ynvqp9RcL5uKn4crvUm9KyI6uChJItGzL
pIL/0UZyFdmSyMnVJ5Pq
=fljB
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1778-1
March 22, 2013

linux-ti-omap4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-ti-omap4: Linux kernel for OMAP4

Details:

Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's
Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged
guest OS user could exploit this flaw to cause a denial of service (crash
the system) or gain guest OS privilege. (CVE-2013-0228)

A flaw was reported in the permission checks done by the Linux kernel for
/dev/cpu/*/msr. A local root user with all capabilities dropped could
exploit this flaw to execute code with full root capabilities.
(CVE-2013-0268)

A flaw was discovered in the Linux kernel's vhost driver used to accelerate
guest networking in KVM based virtual machines. A privileged guest user
could exploit this flaw to crash the host system. (CVE-2013-0311)

An information leak was discovered in the Linux kernel's Bluetooth stack
when HIDP (Human Interface Device Protocol) support is enabled. A local
unprivileged user could exploit this flaw to cause an information leak from
the kernel. (CVE-2013-0349)

A flaw was discovered on the Linux kernel's VFAT filesystem driver when a
disk is mounted with the utf8 option (this is the default on Ubuntu). On a
system where disks/images can be auto-mounted or a FAT filesystem is
mounted an unprivileged user can exploit the flaw to gain root privileges.
(CVE-2013-1773)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
linux-image-3.0.0-1222-omap4 3.0.0-1222.36

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-1778-1
CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349,
CVE-2013-1773

Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.0.0-1222.36

[USN-1776-1] Linux kernel (EC2) vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRTOhyAAoJEAUvNnAY1cPYubgP/iHxw/GvRKQnrViGTKxQL0OT
D+Nv8KnFGhjmP/0RxP5dh1ukiijU8k+CeHVuwqGrusKaOA1q2keDxIiV6XsosWn5
FFZrze+XnUthR1P6wYk99PWk+IhF/W9I8SUtE1iJ4k37ppFgeGB/aF9uQ3exHa+O
l5MBZAw87/lak00RzJKjhMuwcbcs8/WGN+V6niBdNejonLjjhdQXZTZYvqRhBYJp
gbZOT3Rpn61MzdN/pl9tTqAuHTmLrXTHWeY5BLIKgtrYzu9h42CEALnMcy1B1fr6
FvdpVI79QCz9EdBtRqrshDtD5PjO9o1/U3G+xVGL2m9M98YTUgIv6nUwNOt3OG41
K8mtqE7nryaEN/XRJWjnWMbrmpbT2Pdqp9kKXozpLBwG+8GCAI9eL4ReqYOR57UO
mpSjtp1zF0T1wCmwE/1DSiSaEo5pGlpAY2nSz5UEcArjVF468Ltder6CNu5IU53v
vORoXen+n3RlqWlysOc/L4G/H5Ey4ZFGFLA82STUb60SeseBTboUaVVbsOoDZcNr
PARdMdn5U057ixVhpLKAIJdZ4pj3rPttJpqa57QQQsU/ZSC7brCsc13MthYbDWqA
YlHM4f0zpwrlUfAtZKtQWpnJzKfqsbHBi+GMpxcw0OEKGvutaD4wR8+ssQQ+yRBY
MjQMReiuq75dJ2bAQ5E/
=v0LS
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1776-1
March 22, 2013

linux-ec2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux-ec2: Linux kernel for EC2

Details:

A flaw was reported in the permission checks done by the Linux kernel for
/dev/cpu/*/msr. A local root user with all capabilities dropped could
exploit this flaw to execute code with full root capabilities.
(CVE-2013-0268)

A flaw was discovered in the Linux kernels handling of memory ranges with
PROT_NONE when transparent hugepages are in use. An unprivileged local user
could exploit this flaw to cause a denial of service (crash the system).
(CVE-2013-0309)

A flaw was discovered on the Linux kernel's VFAT filesystem driver when a
disk is mounted with the utf8 option (this is the default on Ubuntu). On a
system where disks/images can be auto-mounted or a FAT filesystem is
mounted an unprivileged user can exploit the flaw to gain root privileges.
(CVE-2013-1773)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
linux-image-2.6.32-351-ec2 2.6.32-351.62

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-1776-1
CVE-2013-0268, CVE-2013-0309, CVE-2013-1773

Package Information:
https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-351.62

[USN-1775-1] Linux kernel vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRTObhAAoJEAUvNnAY1cPYuD0QAKLo9AD/y2eCFRxIZlUuHQF2
oWwXEekS0oDWkjv4fZw4zdns24aLZLv9UD6vKXmGrUyf3tTlPR4mfWjx3U6+mbRl
UpYD8aQcmPE/McfJCObZ2/FxYrfB4WEDPUuINANf5PnW0ggpwPEgVzNTqVPv7hHE
+Je7YHz37aDhHhuzVIMisbdcQxC/KdFfl8pn6ksfdKk5ofOH9Xnfe1quXhfcAVyc
XPCE+6xw5kDIiYslribor8+xfy0LdJ02uy9DSxvXMWhE4cIjXJ+SIxTdyoAMA4QU
WpMDXfusqOP8ZkUbSIh0o2wus8oPt8Ge32s5+hzvo2IMj2YD4oxbx4v8s+2av6Hc
RU0W4cR+U4DZfMcc3C/htd5Qn9Iocxgi8jgFrYsXfgzb1sB7PC8HBWKkMx48x13+
XwAuqitNtLqCStbGmTfIpwUZia26wgALN5hNfMvER/elNoZGkxdtMYAoW3SVcXq1
bH4D6bI732GCQgWc1mwEkxtMz6NMSrZLHCPf4NKl14OjVhDP/smQ7Wyw8L3AfGMY
Si2S2iRwysF4Lp/8GtL2BqYnaXO0196WJapL/V/WqrGEWCLX6RfP7Az+LQ9CXYGI
3xh3/DQZ1FPAKBP1CQVS518WJCAf8+9INX7vcmTZgSsMvM5MfXeqQib+dQzYvXkQ
n06H+6W+bwzuX5qtLCaY
=Gv3r
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1775-1
March 22, 2013

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

A flaw was reported in the permission checks done by the Linux kernel for
/dev/cpu/*/msr. A local root user with all capabilities dropped could
exploit this flaw to execute code with full root capabilities.
(CVE-2013-0268)

A flaw was discovered in the Linux kernels handling of memory ranges with
PROT_NONE when transparent hugepages are in use. An unprivileged local user
could exploit this flaw to cause a denial of service (crash the system).
(CVE-2013-0309)

A flaw was discovered on the Linux kernel's VFAT filesystem driver when a
disk is mounted with the utf8 option (this is the default on Ubuntu). On a
system where disks/images can be auto-mounted or a FAT filesystem is
mounted an unprivileged user can exploit the flaw to gain root privileges.
(CVE-2013-1773)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
linux-image-2.6.32-46-386 2.6.32-46.105
linux-image-2.6.32-46-generic 2.6.32-46.105
linux-image-2.6.32-46-generic-pae 2.6.32-46.105
linux-image-2.6.32-46-ia64 2.6.32-46.105
linux-image-2.6.32-46-lpia 2.6.32-46.105
linux-image-2.6.32-46-powerpc 2.6.32-46.105
linux-image-2.6.32-46-powerpc-smp 2.6.32-46.105
linux-image-2.6.32-46-powerpc64-smp 2.6.32-46.105
linux-image-2.6.32-46-preempt 2.6.32-46.105
linux-image-2.6.32-46-server 2.6.32-46.105
linux-image-2.6.32-46-sparc64 2.6.32-46.105
linux-image-2.6.32-46-sparc64-smp 2.6.32-46.105
linux-image-2.6.32-46-versatile 2.6.32-46.105
linux-image-2.6.32-46-virtual 2.6.32-46.105

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References:
http://www.ubuntu.com/usn/usn-1775-1
CVE-2013-0268, CVE-2013-0309, CVE-2013-1773

Package Information:
https://launchpad.net/ubuntu/+source/linux/2.6.32-46.105

[CentOS-announce] CEEA-2013:0674 CentOS 6 tzdata Update

CentOS Errata and Enhancement Advisory 2013:0674

Upstream details at : https://rhn.redhat.com/errata/RHEA-2013-0674.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
5d9ee77be4c1ee9778c819a082458869aaad6d4613092127b76f65f8878d76c3 tzdata-2013b-1.el6.noarch.rpm
ae49a41c6f95a9ae76a97027bd1a04264881bbbd5e8d782323e5add4eef9fa3f tzdata-java-2013b-1.el6.noarch.rpm

x86_64:
5d9ee77be4c1ee9778c819a082458869aaad6d4613092127b76f65f8878d76c3 tzdata-2013b-1.el6.noarch.rpm
ae49a41c6f95a9ae76a97027bd1a04264881bbbd5e8d782323e5add4eef9fa3f tzdata-java-2013b-1.el6.noarch.rpm

Source:
289dcd9845ad9aff7f693f7d216ffc40f3b788b8c358157250a277e9a75eca02 tzdata-2013b-1.el6.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEEA-2013:0674 CentOS 5 tzdata Update

CentOS Errata and Enhancement Advisory 2013:0674

Upstream details at : https://rhn.redhat.com/errata/RHEA-2013-0674.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
435ae45a48d892eacda1abf3ed117156f354d41a1c896ce3632ea4e2557300d0 tzdata-2013b-1.el5.i386.rpm
980dab577b3a69c609412a349b7d690388d26d353f3bd0ff1cdb239e006d3854 tzdata-java-2013b-1.el5.i386.rpm

x86_64:
e0e942a9f3778363eca8d0bf06a7f088ab68984a24db49f5af9f4a44c6ca845a tzdata-2013b-1.el5.x86_64.rpm
5b5b46b53b597cfad585423065b292cc315d03c65aaa4ca73d1bf273b6c291e3 tzdata-java-2013b-1.el5.x86_64.rpm

Source:
dcfe8ea539ab8266fcdaff08d233c49d0c7ece5257beddf3af5c3ab422a6f362 tzdata-2013b-1.el5.src.rpm



--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

Thursday, March 21, 2013

Re: Announce: OpenSSH 6.2 release

Apologies for the repost. This version has the correct SHA1 sums for the
release.

------

Changes since OpenSSH 6.1
=========================

This release introduces a number of new features:

Features:

* ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption in
SSH protocol 2. The new cipher is available as aes128-gcm@openssh.com
and aes256-gcm@openssh.com. It uses an identical packet format to the
AES-GCM mode specified in RFC 5647, but uses simpler and different
selection rules during key exchange.

* ssh(1)/sshd(8): Added support for encrypt-then-mac (EtM) MAC modes
for SSH protocol 2. These modes alter the packet format and compute
the MAC over the packet length and encrypted packet rather than over
the plaintext data. These modes are considered more secure and are
used by default when available.

* ssh(1)/sshd(8): Added support for the UMAC-128 MAC as
"umac-128@openssh.com" and "umac-128-etm@openssh.com". The latter
being an encrypt-then-mac mode.

* sshd(8): Added support for multiple required authentication in SSH
protocol 2 via an AuthenticationMethods option. This option lists
one or more comma-separated lists of authentication method names.
Successful completion of all the methods in any list is required for
authentication to complete. This allows, for example, requiring a
user having to authenticate via public key or GSSAPI before they
are offered password authentication.

* sshd(8)/ssh-keygen(1): Added support for Key Revocation Lists
(KRLs), a compact binary format to represent lists of revoked keys
and certificates that take as little as one bit per certificate when
revoking by serial number. KRLs may be generated using ssh-keygen(1)
and are loaded into sshd(8) via the existing RevokedKeys sshd_config
option.

* ssh(1): IdentitiesOnly now applies to keys obtained from a
PKCS11Provider. This allows control of which keys are offered from
tokens using IdentityFile.

* sshd(8): sshd_config(5)'s AllowTcpForwarding now accepts "local"
and "remote" in addition to its previous "yes"/"no" keywords to allow
the server to specify whether just local or remote TCP forwarding is
enabled.

* sshd(8): Added a sshd_config(5) option AuthorizedKeysCommand to
support fetching authorized_keys from a command in addition to (or
instead of) from the filesystem. The command is run under an account
specified by an AuthorizedKeysCommandUser sshd_config(5) option.

* sftp-server(8): Now supports a -d option to allow the starting
directory to be something other than the user's home directory.

* ssh-keygen(1): Now allows fingerprinting of keys hosted in PKCS#11
tokens using "ssh-keygen -lD pkcs11_provider".

* ssh(1): When SSH protocol 2 only is selected (the default), ssh(1)
now immediately sends its SSH protocol banner to the server without
waiting to receive the server's banner, saving time when connecting.

* ssh(1): Added ~v and ~V escape sequences to raise and lower the
logging level respectively.

* ssh(1): Made the escape command help (~?) context sensitive so that
only commands that will work in the current session are shown.

* ssh-keygen(1): When deleting host lines from known_hosts using
"ssh-keygen -R host", ssh-keygen(1) now prints details of which lines
were removed.

Bugfixes:

* ssh(1): Force a clean shutdown of ControlMaster client sessions when
the ~. escape sequence is used. This means that ~. should now work in
mux clients even if the server is no longer responding.

* ssh(1): Correctly detect errors during local TCP forward setup in
multiplexed clients. bz#2055

* ssh-add(1): Made deleting explicit keys "ssh-add -d" symmetric with
adding keys with respect to certificates. It now tries to delete the
corresponding certificate and respects the -k option to allow deleting
of the key only.

* sftp(1): Fix a number of parsing and command-editing bugs, including
bz#1956

* ssh(1): When muxmaster is run with -N, ensured that it shuts down
gracefully when a client sends it "-O stop" rather than hanging around.
bz#1985

* ssh-keygen(1): When screening moduli candidates, append to the file
rather than overwriting to allow resumption. bz#1957

* ssh(1): Record "Received disconnect" messages at ERROR rather than
INFO priority. bz#2057.

* ssh(1): Loudly warn if explicitly-provided private key is unreadable.
bz#1981

Portable OpenSSH:

* sshd(8): The Linux seccomp-filter sandbox is now supported on ARM
platforms where the kernel supports it.

* sshd(8): The seccomp-filter sandbox will not be enabled if the system
headers support it at compile time, regardless of whether it can be
enabled then. If the run-time system does not support seccomp-filter,
sshd will fall back to the rlimit pseudo-sandbox.

* ssh(1): Don't link in the Kerberos libraries. They aren't necessary
on the client, just on sshd(8). bz#2072

* Fix GSSAPI linking on Solaris, which uses a differently-named GSSAPI
library. bz#2073

* Fix compilation on systems with openssl-1.0.0-fips.

* Fix a number of errors in the RPM spec files.

Checksums:
==========

- SHA1 (openssh-6.2.tar.gz) = b3f6cd774d345f22f6d0038cc9464cce131a0676
- SHA1 (openssh-6.2p1.tar.gz) = 8824708c617cc781b2bb29fa20bd905fd3d2a43d

Reporting Bugs:
===============

- Please read http://www.openssh.com/report.html
Security bugs should be reported directly to openssh@openssh.com

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
Ben Lindstrom.

Announce: OpenSSH 6.2 released

Changes since OpenSSH 6.1
=========================

This release introduces a number of new features:

Features:

* ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption in
SSH protocol 2. The new cipher is available as aes128-gcm@openssh.com
and aes256-gcm@openssh.com. It uses an identical packet format to the
AES-GCM mode specified in RFC 5647, but uses simpler and different
selection rules during key exchange.

* ssh(1)/sshd(8): Added support for encrypt-then-mac (EtM) MAC modes
for SSH protocol 2. These modes alter the packet format and compute
the MAC over the packet length and encrypted packet rather than over
the plaintext data. These modes are considered more secure and are
used by default when available.

* ssh(1)/sshd(8): Added support for the UMAC-128 MAC as
"umac-128@openssh.com" and "umac-128-etm@openssh.com". The latter
being an encrypt-then-mac mode.

* sshd(8): Added support for multiple required authentication in SSH
protocol 2 via an AuthenticationMethods option. This option lists
one or more comma-separated lists of authentication method names.
Successful completion of all the methods in any list is required for
authentication to complete. This allows, for example, requiring a
user having to authenticate via public key or GSSAPI before they
are offered password authentication.

* sshd(8)/ssh-keygen(1): Added support for Key Revocation Lists
(KRLs), a compact binary format to represent lists of revoked keys
and certificates that take as little as one bit per certificate when
revoking by serial number. KRLs may be generated using ssh-keygen(1)
and are loaded into sshd(8) via the existing RevokedKeys sshd_config
option.

* ssh(1): IdentitiesOnly now applies to keys obtained from a
PKCS11Provider. This allows control of which keys are offered from
tokens using IdentityFile.

* sshd(8): sshd_config(5)'s AllowTcpForwarding now accepts "local"
and "remote" in addition to its previous "yes"/"no" keywords to allow
the server to specify whether just local or remote TCP forwarding is
enabled.

* sshd(8): Added a sshd_config(5) option AuthorizedKeysCommand to
support fetching authorized_keys from a command in addition to (or
instead of) from the filesystem. The command is run under an account
specified by an AuthorizedKeysCommandUser sshd_config(5) option.

* sftp-server(8): Now supports a -d option to allow the starting
directory to be something other than the user's home directory.

* ssh-keygen(1): Now allows fingerprinting of keys hosted in PKCS#11
tokens using "ssh-keygen -lD pkcs11_provider".

* ssh(1): When SSH protocol 2 only is selected (the default), ssh(1)
now immediately sends its SSH protocol banner to the server without
waiting to receive the server's banner, saving time when connecting.

* ssh(1): Added ~v and ~V escape sequences to raise and lower the
logging level respectively.

* ssh(1): Made the escape command help (~?) context sensitive so that
only commands that will work in the current session are shown.

* ssh-keygen(1): When deleting host lines from known_hosts using
"ssh-keygen -R host", ssh-keygen(1) now prints details of which lines
were removed.

Bugfixes:

* ssh(1): Force a clean shutdown of ControlMaster client sessions when
the ~. escape sequence is used. This means that ~. should now work in
mux clients even if the server is no longer responding.

* ssh(1): Correctly detect errors during local TCP forward setup in
multiplexed clients. bz#2055

* ssh-add(1): Made deleting explicit keys "ssh-add -d" symmetric with
adding keys with respect to certificates. It now tries to delete the
corresponding certificate and respects the -k option to allow deleting
of the key only.

* sftp(1): Fix a number of parsing and command-editing bugs, including
bz#1956

* ssh(1): When muxmaster is run with -N, ensured that it shuts down
gracefully when a client sends it "-O stop" rather than hanging around.
bz#1985

* ssh-keygen(1): When screening moduli candidates, append to the file
rather than overwriting to allow resumption. bz#1957

* ssh(1): Record "Received disconnect" messages at ERROR rather than
INFO priority. bz#2057.

* ssh(1): Loudly warn if explicitly-provided private key is unreadable.
bz#1981

Portable OpenSSH:

* sshd(8): The Linux seccomp-filter sandbox is now supported on ARM
platforms where the kernel supports it.

* sshd(8): The seccomp-filter sandbox will not be enabled if the system
headers support it at compile time, regardless of whether it can be
enabled then. If the run-time system does not support seccomp-filter,
sshd will fall back to the rlimit pseudo-sandbox.

* ssh(1): Don't link in the Kerberos libraries. They aren't necessary
on the client, just on sshd(8). bz#2072

* Fix GSSAPI linking on Solaris, which uses a differently-named GSSAPI
library. bz#2073

* Fix compilation on systems with openssl-1.0.0-fips.

* Fix a number of errors in the RPM spec files.

Checksums:
==========

- SHA1 (openssh-6.2.tar.gz) = XXX
- SHA1 (openssh-6.2p1.tar.gz) = XXX

Reporting Bugs:
===============

- Please read http://www.openssh.com/report.html
Security bugs should be reported directly to openssh@openssh.com

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
Ben Lindstrom.