Re: [CentOS] [CentOS-announce] CESA-2014:1764 Moderate CentOS 6 wget Security Update
On Fri, Oct 31, 2014 at 02:16:27PM +0300, Andrey Z. wrote: > People would be grateful if CentOS developers have built an updated > version of wget in centosplus repository. While I am personally a little irritated that this isn't being addressed by Red Hat the fact is that the workaround is trivial - just add retr-symlinks=on in /etc/wgetrc; which is effectively what the patch for CentOS-6 and -7 does. John -- It has to be said, we must all own up that without Les Paul, generations of flash little punks like us would be in jail or cleaning toilets. This man, by his genius, made the road that we still travel today. I don't know how he did it, but I'm so grateful he did. -- Stones guitarist Keith Richards pgp0rwYgHtqPS.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CentOS-announce] CESA-2014:1764 Moderate CentOS 6 wget Security Update
31.10.2014 13:24, Leon Fauster wrote: Am 30.10.2014 um 21:20 schrieb Akemi Yagi : On Thu, Oct 30, 2014 at 12:31 PM, Peter wrote: On 10/31/2014 06:53 AM, Johnny Hughes wrote: CentOS Errata and Security Advisory 2014:1764 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1764.html Note to CentOS 5 users. RedHat does not plan to release a fixed wget for EL5. You can mitigate this vulnerability by adding the following line to the bottom of /etc/wgetrc: retr-symlinks=on Doing so will basically accomplish exactly the same thing that this update does. Peter Thanks for the heads up. Much appreciated. I'll just post a link relevant to this: https://bugzilla.redhat.com/show_bug.cgi?id=1139181#c17 I was a bit surprised to learn that security updates labelled 'moderate' are no longer published for EL5. oh, that means effectively only 6-7 years "fully supported". People would be grateful if CentOS developers have built an updated version of wget in centosplus repository. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CentOS-announce] CESA-2014:1764 Moderate CentOS 6 wget Security Update
Am 30.10.2014 um 21:20 schrieb Akemi Yagi : > On Thu, Oct 30, 2014 at 12:31 PM, Peter wrote: >> On 10/31/2014 06:53 AM, Johnny Hughes wrote: >>> >>> CentOS Errata and Security Advisory 2014:1764 Moderate >>> >>> Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1764.html >> >> Note to CentOS 5 users. RedHat does not plan to release a fixed wget >> for EL5. You can mitigate this vulnerability by adding the following >> line to the bottom of /etc/wgetrc: >> retr-symlinks=on >> >> Doing so will basically accomplish exactly the same thing that this >> update does. >> >> Peter > > Thanks for the heads up. Much appreciated. I'll just post a link > relevant to this: > > https://bugzilla.redhat.com/show_bug.cgi?id=1139181#c17 > > I was a bit surprised to learn that security updates labelled > 'moderate' are no longer published for EL5. oh, that means effectively only 6-7 years "fully supported". -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CentOS-announce] CESA-2014:1764 Moderate CentOS 6 wget Security Update
On Thu, Oct 30, 2014 at 12:31 PM, Peter wrote: > On 10/31/2014 06:53 AM, Johnny Hughes wrote: >> >> CentOS Errata and Security Advisory 2014:1764 Moderate >> >> Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1764.html > > Note to CentOS 5 users. RedHat does not plan to release a fixed wget > for EL5. You can mitigate this vulnerability by adding the following > line to the bottom of /etc/wgetrc: > retr-symlinks=on > > Doing so will basically accomplish exactly the same thing that this > update does. > > Peter Thanks for the heads up. Much appreciated. I'll just post a link relevant to this: https://bugzilla.redhat.com/show_bug.cgi?id=1139181#c17 I was a bit surprised to learn that security updates labelled 'moderate' are no longer published for EL5. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CentOS-announce] CESA-2014:1764 Moderate CentOS 6 wget Security Update
On 10/31/2014 06:53 AM, Johnny Hughes wrote: > > CentOS Errata and Security Advisory 2014:1764 Moderate > > Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1764.html Note to CentOS 5 users. RedHat does not plan to release a fixed wget for EL5. You can mitigate this vulnerability by adding the following line to the bottom of /etc/wgetrc: retr-symlinks=on Doing so will basically accomplish exactly the same thing that this update does. Peter ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos