On 03/07/2016 12:14 PM, James Washington wrote:
> Hey all,
>
> Sorry to jump in here but out of curiosity, has the patch actually been back
> ported to earlier versions of OpenSSL regarding the recent DROWN attack? I've
> checked the RPM change log and nothing's been mentioned relating to
>
On 03/07/2016 10:14 AM, James Washington wrote:
Hey all,
Sorry to jump in here but out of curiosity, has the patch actually been back
ported to earlier versions of OpenSSL regarding the recent DROWN attack? I've
checked the RPM change log and nothing's been mentioned relating to
Hey all,
Sorry to jump in here but out of curiosity, has the patch actually been back
ported to earlier versions of OpenSSL regarding the recent DROWN attack? I've
checked the RPM change log and nothing's been mentioned relating to
CVE-2016-0800 (I think that was the CVE number). Or is this
On 03/03/2016 02:58 PM, Mark Milhollan wrote:
> On Wed, 2 Mar 2016, Johnny Hughes wrote:
>> On 03/02/2016 10:42 AM, Mark Milhollan wrote:
>
>>> I wish --security was functional
>
>>> I hope that the lack is not due to
>>> the assumed use resulting in it being ignored.
>>
>> That is not the
On Wed, 2 Mar 2016, Johnny Hughes wrote:
>On 03/02/2016 10:42 AM, Mark Milhollan wrote:
>>I wish --security was functional
>>I hope that the lack is not due to
>>the assumed use resulting in it being ignored.
>
>That is not the reason,
>We do not have enough space on donated mirrors
Surely
Am 02.03.2016 um 17:42 schrieb Mark Milhollan :
> I understand that some people might be trying to cherry-pick their
> updates and the assertion that doing so is not supported. But that is
> not the only way in which --security can be used and it is a bit boring
> to
On 03/02/2016 10:42 AM, Mark Milhollan wrote:
> I understand that some people might be trying to cherry-pick their
> updates and the assertion that doing so is not supported. But that is
> not the only way in which --security can be used and it is a bit boring
> to continually see whining
I understand that some people might be trying to cherry-pick their
updates and the assertion that doing so is not supported. But that is
not the only way in which --security can be used and it is a bit boring
to continually see whining about the assumptive use.
For me it is about scheduling
On Wed, March 2, 2016 9:57 am, Chris Adams wrote:
> Once upon a time, Valeri Galtsev said:
>> We are talking here CentOS and RHEL Linux. yum is an abbreviation of:
>> "Yellowdog Update Manager". It was originally created by YellowDog Linux
>> project for their Linux
Once upon a time, Valeri Galtsev said:
> We are talking here CentOS and RHEL Linux. yum is an abbreviation of:
> "Yellowdog Update Manager". It was originally created by YellowDog Linux
> project for their Linux distribution.
Actually, yum is Yellowdog Updater,
One more voice on this: we actually run the yum security plugin, several
times a week, and it does report things... and almost all our systems are
CentOS.
When I see something in there, just as when I see an announcement where
there are updates marked important, and esp. critical, we roll them
On Wed, March 2, 2016 5:24 am, Anthony K wrote:
> On Tue, 2016-03-01 at 21:58 -0600, Johnny Hughes wrote:
>> On 03/01/2016 09:41 PM, Johnny Hughes wrote:
>> > BUt the security plugins do not work for CentOS and they never have,
>> > Peter is correct, you need to run yum update or call out the
On Wed, 2016-03-02 at 07:33 -0600, Johnny Hughes wrote:
> Hopefully this makes sense.
>
> You can instead just look at this:
>
> https://lists.centos.org/pipermail/centos-announce/
>
> (or subscribe to the CentOS announce mailing list to get emails)
>
> Both of those places will tell you when
On 03/02/2016 05:24 AM, Anthony K wrote:
> On Tue, 2016-03-01 at 21:58 -0600, Johnny Hughes wrote:
>> On 03/01/2016 09:41 PM, Johnny Hughes wrote:
>>> BUt the security plugins do not work for CentOS and they never have,
>>> Peter is correct, you need to run yum update or call out the specific
>>>
On 03/02/2016 03:24 AM, Anthony K wrote:
On Tue, 2016-03-01 at 21:58 -0600, Johnny Hughes wrote:
On 03/01/2016 09:41 PM, Johnny Hughes wrote:
BUt the security plugins do not work for CentOS and they never have,
Peter is correct, you need to run yum update or call out the specific
packages you
On 2 March 2016 at 11:24, Anthony K wrote:
> On Tue, 2016-03-01 at 21:58 -0600, Johnny Hughes wrote:
> > On 03/01/2016 09:41 PM, Johnny Hughes wrote:
> > > BUt the security plugins do not work for CentOS and they never have,
> > > Peter is correct, you need to run yum update
On Tue, 2016-03-01 at 21:58 -0600, Johnny Hughes wrote:
> On 03/01/2016 09:41 PM, Johnny Hughes wrote:
> > BUt the security plugins do not work for CentOS and they never have,
> > Peter is correct, you need to run yum update or call out the specific
> > packages you want updated.
> >
I totally
On 03/01/2016 09:41 PM, Johnny Hughes wrote:
> On 03/01/2016 09:17 PM, Peter wrote:
>> On 02/03/16 15:57, Anthony K wrote:
>>> This command output is odd:
>>>
>>> yum update --security
>>> ...
>>> No packages needed for security; 118 packages available
>> ...
>>> Why does yum not consider this
On 03/01/2016 09:17 PM, Peter wrote:
> On 02/03/16 15:57, Anthony K wrote:
>> This command output is odd:
>>
>> yum update --security
>> ...
>> No packages needed for security; 118 packages available
> ...
>> Why does yum not consider this CESA a security update?
>
> Cherry-picking updates is not
On 02/03/16 15:57, Anthony K wrote:
> This command output is odd:
>
> yum update --security
> ...
> No packages needed for security; 118 packages available
...
> Why does yum not consider this CESA a security update?
Cherry-picking updates is not supported by CentOS, this is because each
package
This command output is odd:
yum update --security
...
No packages needed for security; 118 packages available
However, this command says there's an OpenSSL update:
yum update openssl
...
---> Package openssl-libs.x86_64 1:1.0.1e-51.el7_2.2 will be updated
---> Package openssl-libs.x86_64
21 matches
Mail list logo