Re: [CentOS] Fwd: Pre-announcement of an ISC DHCP security issue scheduled for disclosure 26 May 2021
> On 07.06.21 12:02, Simon Matter wrote: >>> On 31.05.21 12:57, cen...@niob.at wrote: Am 22/05/2021 um 06:15 schrieb Kenneth Porter: > > Forwarded Message > Subject: Pre-announcement of an ISC DHCP security issue scheduled > for disclosure 26 May 2021 > Date: Fri, 21 May 2021 11:44:19 -0800 > From: Michael McNally > To: dhcp-annou...@lists.isc.org > > > > Hello, dhcp-announce list subscribers, > > It has been a while since our last post to this list. > > Since the last time we posted news of a new release of ISC DHCP, > Internet Systems Consortium has adopted a practice of pre-announcing > expected security disclosures in order to give operators who use our > products a little advance warning and planning time. > > For that reason, I am writing you today to let you know that a > vulnerability > in ISC DHCP will be publicly announced next week on Wednesday, 26 May > 2021. > > Further details about that vulnerability will be publicly disclosed > next > week, and new releases of ISC DHCP that correct the vulnerability > will > be > made available at that time. It is our hope that this > pre-announcement > will > aid DHCP operators in preparing for that disclosure when it occurs. > The released announcement: https://kb.isc.org/docs/cve-2021-25217 Any updates on this? From the announcement I take it that the version used in C7 (4.2.5) is likely affected - yet there was no update. Disclaimer: I did not check if upstream has released anything and I did not check if the preconditions for the crash case are met by the current package. Nevertheless, the "loosing a lease" case is bad enough... >>> >>> >>> https://access.redhat.com/security/cve/cve-2021-25217 >> >> I'm wondering why this bug is still unfixed in EL[6-8] for more than a >> week now while it is mentioned as being a security issue? Since the >> fixing >> patch is just a view lines I'm surprised why it's delayed? >> > > > Maybe because it depends on more the one other ticket ... > > https://bugzilla.redhat.com/show_bug.cgi?id=1963258 Not really, I think. They usually create BZs for every distribution affected to track them separately, but it seems to be always the same trivial fix: https://bugzilla.redhat.com/attachment.cgi?id=1786774=diff or https://bugzilla.redhat.com/attachment.cgi?id=1786775=diff That's why my question, what do we NOT know? Simon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS-docs] [centos/centos.org] branch master updated (bf4508b -> 051b053)
This is an automated email from the git hooks/post-receive script. rbowen pushed a change to branch master in repository centos/centos.org. from bf4508b Removed another unresponsive sponsor and disappeared node add 051b053 C8 2105 release No new revisions were added by this update. Summary of changes: _includes/centos-news.html | 19 ++- 1 file changed, 10 insertions(+), 9 deletions(-) -- To stop receiving notification emails like this one, please contact the administrator of this repository. ___ CentOS-docs mailing list CentOS-docs@centos.org https://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS] Fwd: Pre-announcement of an ISC DHCP security issue scheduled for disclosure 26 May 2021
On 07.06.21 12:02, Simon Matter wrote: On 31.05.21 12:57, cen...@niob.at wrote: Am 22/05/2021 um 06:15 schrieb Kenneth Porter: Forwarded Message Subject: Pre-announcement of an ISC DHCP security issue scheduled for disclosure 26 May 2021 Date: Fri, 21 May 2021 11:44:19 -0800 From: Michael McNally To: dhcp-annou...@lists.isc.org Hello, dhcp-announce list subscribers, It has been a while since our last post to this list. Since the last time we posted news of a new release of ISC DHCP, Internet Systems Consortium has adopted a practice of pre-announcing expected security disclosures in order to give operators who use our products a little advance warning and planning time. For that reason, I am writing you today to let you know that a vulnerability in ISC DHCP will be publicly announced next week on Wednesday, 26 May 2021. Further details about that vulnerability will be publicly disclosed next week, and new releases of ISC DHCP that correct the vulnerability will be made available at that time. It is our hope that this pre-announcement will aid DHCP operators in preparing for that disclosure when it occurs. The released announcement: https://kb.isc.org/docs/cve-2021-25217 Any updates on this? From the announcement I take it that the version used in C7 (4.2.5) is likely affected - yet there was no update. Disclaimer: I did not check if upstream has released anything and I did not check if the preconditions for the crash case are met by the current package. Nevertheless, the "loosing a lease" case is bad enough... https://access.redhat.com/security/cve/cve-2021-25217 I'm wondering why this bug is still unfixed in EL[6-8] for more than a week now while it is mentioned as being a security issue? Since the fixing patch is just a view lines I'm surprised why it's delayed? Maybe because it depends on more the one other ticket ... https://bugzilla.redhat.com/show_bug.cgi?id=1963258 -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Static configuration: prevent /etc/resolv.conf from being overwritten on first reboot
On 6/7/21 1:32 AM, Nicolas Kovacs wrote: # Generated by NetworkManager ... Q: how can I prevent /etc/resolv.conf from being overwritten on the initial reboot? Edit /etc/NetworkManager/NetworkManager.conf: [main] dns=none ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Static configuration: prevent /etc/resolv.conf from being overwritten on first reboot
Nicolas Kovacs wrote: > > Q: how can I prevent /etc/resolv.conf from being overwritten on the initial > reboot? I vaguely remember having to kill some process before editing it, but > unfortunately I don't remember which one. One way to do this is to create the file /etc/dhcp/dhclient-enter-hooks that contains: make_resolv_conf(){ : } Or, add the line 'PEERDNS=no' to the matching /etc/sysconfig/network-scripts/ifcfg- file James Pearson ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fwd: Pre-announcement of an ISC DHCP security issue scheduled for disclosure 26 May 2021
> On 31.05.21 12:57, cen...@niob.at wrote: >> Am 22/05/2021 um 06:15 schrieb Kenneth Porter: >>> >>> Forwarded Message >>> Subject: Pre-announcement of an ISC DHCP security issue scheduled >>> for disclosure 26 May 2021 >>> Date: Fri, 21 May 2021 11:44:19 -0800 >>> From: Michael McNally >>> To: dhcp-annou...@lists.isc.org >>> >>> >>> >>> Hello, dhcp-announce list subscribers, >>> >>> It has been a while since our last post to this list. >>> >>> Since the last time we posted news of a new release of ISC DHCP, >>> Internet Systems Consortium has adopted a practice of pre-announcing >>> expected security disclosures in order to give operators who use our >>> products a little advance warning and planning time. >>> >>> For that reason, I am writing you today to let you know that a >>> vulnerability >>> in ISC DHCP will be publicly announced next week on Wednesday, 26 May >>> 2021. >>> >>> Further details about that vulnerability will be publicly disclosed >>> next >>> week, and new releases of ISC DHCP that correct the vulnerability will >>> be >>> made available at that time. It is our hope that this pre-announcement >>> will >>> aid DHCP operators in preparing for that disclosure when it occurs. >>> >> The released announcement: https://kb.isc.org/docs/cve-2021-25217 >> >> Any updates on this? From the announcement I take it that the version >> used in C7 (4.2.5) is likely affected - yet there was no update. >> >> Disclaimer: I did not check if upstream has released anything and I did >> not check if the preconditions for the crash case are met by the current >> package. Nevertheless, the "loosing a lease" case is bad enough... >> > > > https://access.redhat.com/security/cve/cve-2021-25217 I'm wondering why this bug is still unfixed in EL[6-8] for more than a week now while it is mentioned as being a security issue? Since the fixing patch is just a view lines I'm surprised why it's delayed? Regards, Simon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Static configuration: prevent /etc/resolv.conf from being overwritten on first reboot
Hi, Here's something that's puzzling me. Starting from a minimal installation of CentOS 7, network configuration is DHCP. I'm launching nmtui to define a static configuration. I'm providing the IP address as well as the gateway, but no DNS server. I'm quitting nmtui and I'm editing /etc/resolv.conf to provide my DNS server: # /etc/resolv.conf nameserver 192.168.0.254 I reboot my server, and I don't know why, but my /etc/resolv.conf has been overwritten: # Generated by NetworkManager So I edit this file again: # /etc/resolv.conf nameserver 192.168.0.254 And starting from here, it works, meaning /etc/resolv.conf is not overwritten on subsequent reboots. Q: how can I prevent /etc/resolv.conf from being overwritten on the initial reboot? I vaguely remember having to kill some process before editing it, but unfortunately I don't remember which one. Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 Mob. : 06 51 80 12 12 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos