Re: [CentOS] OpenSSL Update - not a security update???

On 03/07/2016 12:14 PM, James Washington wrote: > Hey all, > > Sorry to jump in here but out of curiosity, has the patch actually been back > ported to earlier versions of OpenSSL regarding the recent DROWN attack? I've > checked the RPM change log and nothing's been mentioned relating to >

Re: [CentOS] OpenSSL Update - not a security update???

On 03/07/2016 10:14 AM, James Washington wrote: Hey all, Sorry to jump in here but out of curiosity, has the patch actually been back ported to earlier versions of OpenSSL regarding the recent DROWN attack? I've checked the RPM change log and nothing's been mentioned relating to

Re: [CentOS] OpenSSL Update - not a security update???

Hey all, Sorry to jump in here but out of curiosity, has the patch actually been back ported to earlier versions of OpenSSL regarding the recent DROWN attack? I've checked the RPM change log and nothing's been mentioned relating to CVE-2016-0800 (I think that was the CVE number). Or is this

Re: [CentOS] OpenSSL Update - not a security update???

On 03/03/2016 02:58 PM, Mark Milhollan wrote: > On Wed, 2 Mar 2016, Johnny Hughes wrote: >> On 03/02/2016 10:42 AM, Mark Milhollan wrote: > >>> I wish --security was functional > >>> I hope that the lack is not due to >>> the assumed use resulting in it being ignored. >> >> That is not the

Re: [CentOS] OpenSSL Update - not a security update???

On Wed, 2 Mar 2016, Johnny Hughes wrote: >On 03/02/2016 10:42 AM, Mark Milhollan wrote: >>I wish --security was functional >>I hope that the lack is not due to >>the assumed use resulting in it being ignored. > >That is not the reason, >We do not have enough space on donated mirrors Surely

Re: [CentOS] OpenSSL Update - not a security update???

Am 02.03.2016 um 17:42 schrieb Mark Milhollan : > I understand that some people might be trying to cherry-pick their > updates and the assertion that doing so is not supported. But that is > not the only way in which --security can be used and it is a bit boring > to

Re: [CentOS] OpenSSL Update - not a security update???

On 03/02/2016 10:42 AM, Mark Milhollan wrote: > I understand that some people might be trying to cherry-pick their > updates and the assertion that doing so is not supported. But that is > not the only way in which --security can be used and it is a bit boring > to continually see whining

Re: [CentOS] OpenSSL Update - not a security update???

I understand that some people might be trying to cherry-pick their updates and the assertion that doing so is not supported. But that is not the only way in which --security can be used and it is a bit boring to continually see whining about the assumptive use. For me it is about scheduling

Re: [CentOS] OpenSSL Update - not a security update???

On Wed, March 2, 2016 9:57 am, Chris Adams wrote: > Once upon a time, Valeri Galtsev said: >> We are talking here CentOS and RHEL Linux. yum is an abbreviation of: >> "Yellowdog Update Manager". It was originally created by YellowDog Linux >> project for their Linux

Re: [CentOS] OpenSSL Update - not a security update???

Once upon a time, Valeri Galtsev said: > We are talking here CentOS and RHEL Linux. yum is an abbreviation of: > "Yellowdog Update Manager". It was originally created by YellowDog Linux > project for their Linux distribution. Actually, yum is Yellowdog Updater,

Re: [CentOS] OpenSSL Update - not a security update???

One more voice on this: we actually run the yum security plugin, several times a week, and it does report things... and almost all our systems are CentOS. When I see something in there, just as when I see an announcement where there are updates marked important, and esp. critical, we roll them

Re: [CentOS] OpenSSL Update - not a security update???

On Wed, March 2, 2016 5:24 am, Anthony K wrote: > On Tue, 2016-03-01 at 21:58 -0600, Johnny Hughes wrote: >> On 03/01/2016 09:41 PM, Johnny Hughes wrote: >> > BUt the security plugins do not work for CentOS and they never have, >> > Peter is correct, you need to run yum update or call out the

Re: [CentOS] OpenSSL Update - not a security update???

On Wed, 2016-03-02 at 07:33 -0600, Johnny Hughes wrote: > Hopefully this makes sense. > > You can instead just look at this: > > https://lists.centos.org/pipermail/centos-announce/ > > (or subscribe to the CentOS announce mailing list to get emails) > > Both of those places will tell you when

Re: [CentOS] OpenSSL Update - not a security update???

On 03/02/2016 05:24 AM, Anthony K wrote: > On Tue, 2016-03-01 at 21:58 -0600, Johnny Hughes wrote: >> On 03/01/2016 09:41 PM, Johnny Hughes wrote: >>> BUt the security plugins do not work for CentOS and they never have, >>> Peter is correct, you need to run yum update or call out the specific >>>

Re: [CentOS] OpenSSL Update - not a security update???

On 03/02/2016 03:24 AM, Anthony K wrote: On Tue, 2016-03-01 at 21:58 -0600, Johnny Hughes wrote: On 03/01/2016 09:41 PM, Johnny Hughes wrote: BUt the security plugins do not work for CentOS and they never have, Peter is correct, you need to run yum update or call out the specific packages you

Re: [CentOS] OpenSSL Update - not a security update???

On 2 March 2016 at 11:24, Anthony K wrote: > On Tue, 2016-03-01 at 21:58 -0600, Johnny Hughes wrote: > > On 03/01/2016 09:41 PM, Johnny Hughes wrote: > > > BUt the security plugins do not work for CentOS and they never have, > > > Peter is correct, you need to run yum update

Re: [CentOS] OpenSSL Update - not a security update???

On Tue, 2016-03-01 at 21:58 -0600, Johnny Hughes wrote: > On 03/01/2016 09:41 PM, Johnny Hughes wrote: > > BUt the security plugins do not work for CentOS and they never have, > > Peter is correct, you need to run yum update or call out the specific > > packages you want updated. > > I totally

Re: [CentOS] OpenSSL Update - not a security update???

On 03/01/2016 09:41 PM, Johnny Hughes wrote: > On 03/01/2016 09:17 PM, Peter wrote: >> On 02/03/16 15:57, Anthony K wrote: >>> This command output is odd: >>> >>> yum update --security >>> ... >>> No packages needed for security; 118 packages available >> ... >>> Why does yum not consider this

Re: [CentOS] OpenSSL Update - not a security update???

On 03/01/2016 09:17 PM, Peter wrote: > On 02/03/16 15:57, Anthony K wrote: >> This command output is odd: >> >> yum update --security >> ... >> No packages needed for security; 118 packages available > ... >> Why does yum not consider this CESA a security update? > > Cherry-picking updates is not

Re: [CentOS] OpenSSL Update - not a security update???

On 02/03/16 15:57, Anthony K wrote: > This command output is odd: > > yum update --security > ... > No packages needed for security; 118 packages available ... > Why does yum not consider this CESA a security update? Cherry-picking updates is not supported by CentOS, this is because each package

[CentOS] OpenSSL Update - not a security update???

This command output is odd: yum update --security ... No packages needed for security; 118 packages available However, this command says there's an OpenSSL update: yum update openssl ... ---> Package openssl-libs.x86_64 1:1.0.1e-51.el7_2.2 will be updated ---> Package openssl-libs.x86_64