Neuer Inhalt: 24.06.2018 um 16:05 Uhr Unix Server - Server
 
  1. Server >
  2. Unix Server

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese
Anzeige

Unix Server


Suchen

DSA-4233 bouncycastle - security update

Unix Server vom 22.06.2018 um 02:00 Uhr | Quelle debian.org

It was discovered that the low-level interface to the RSA key pair generator of Bouncy Castle (a Java implementation of cryptographic algorithms) could perform less Miller-Rabin primality tests than expected.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4234 lava-server - security update

Unix Server vom 22.06.2018 um 02:00 Uhr | Quelle debian.org

Two vulnerabilities were discovered in LAVA, a continuous integration system for deploying operating systems for running tests, which could result in information disclosure of files readable by the lavaserver system user or the execution of arbitrary code via a XMLRPC call.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4232 xen - security update

Unix Server vom 20.06.2018 um 02:00 Uhr | Quelle debian.org

This update provides mitigations for the lazy FPU vulnerability affecting a range of Intel CPUs, which could result in leaking CPU register states belonging to another vCPU previously scheduled on the same CPU. For additional information please refer to https://xenbits.xen.org/xsa/advisory-267.html


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

Vor 25 Jahren: Das Aus von John Sculley wird eingeleitet

Unix Server vom 19.06.2018 um 10:35 Uhr | Quelle google.com
Es gab exakt wie bei MacOS X ein Terminal Programm und einen X11-Server. Wollte man UNIX-X11-Programme ausführen musste man explizit den ...
1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4230 redis - security update

Unix Server vom 17.06.2018 um 02:00 Uhr | Quelle debian.org

Multiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4231 libgcrypt20 - security update

Unix Server vom 17.06.2018 um 02:00 Uhr | Quelle debian.org

It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

CentOS Blog: CentOS Atomic Host 7.1805 Available for Download

Unix Server vom 15.06.2018 um 22:54 Uhr | Quelle blog.centos.org

The CentOS Atomic SIG has released an updated version of CentOS Atomic Host (7.1805), a lean operating system designed to run Linux containers, built from standard CentOS 7 RPMs, and tracking the component versions included in Red Hat Enterprise Linux Atomic Host.

CentOS Atomic Host includes these core component versions:

  • atomic-1.22.1-3.git2fd0860.el7.x86_64
  • cloud-init-0.7.9-24.el7.centos.x86_64
  • docker-1.13.1-63.git94f4240.el7.centos.x86_64
  • etcd-3.2.18-1.el7.x86_64
  • flannel-0.7.1-3.el7.x86_64
  • kernel-3.10.0-862.3.2.el7.x86_64
  • ostree-2018.1-4.el7.x86_64
  • rpm-ostree-client-2018.1-1.atomic.el7.x86_64

Download CentOS Atomic Host

CentOS Atomic Host is available as a VirtualBox or libvirt-formatted Vagrant box, or as an installable ISO, qcow2 or Amazon Machine image. For links to media, see the CentOS wiki.

Upgrading

If you’re running a previous version of CentOS Atomic Host, you can upgrade to the current image by running the following command:

# atomic host upgrade

Release Cycle

The CentOS Atomic Host image follows the upstream Red Hat Enterprise Linux Atomic Host cadence. After sources are released, they’re rebuilt and included in new images. After the images are tested by the SIG and deemed ready, we announce them.

Getting Involved

CentOS Atomic Host is produced by the CentOS Atomic SIG, based on upstream work from Project Atomic. If you’d like to work on testing images, help with packaging, documentation – join us!

You’ll often find us in #atomic and/or #centos-devel if you have questions. You can also join the atomic-devel mailing list if you’d like to discuss the direction of Project Atomic, its components, or have other questions.

Getting Help

If you run into any problems with the images or components, feel free to ask on the centos-devel mailing list.

Have questions about using Atomic? See the atomic mailing list or find us in the #atomic channel on Freenode.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4228 spip - security update

Unix Server vom 14.06.2018 um 02:00 Uhr | Quelle debian.org

Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in cross-site scripting and PHP injection.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4229 strongswan - security update

Unix Server vom 14.06.2018 um 02:00 Uhr | Quelle debian.org

Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4227 plexus-archiver - security update

Unix Server vom 12.06.2018 um 02:00 Uhr | Quelle debian.org

Danny Grander discovered a directory traversal flaw in plexus-archiver, an Archiver plugin for the Plexus compiler system, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted Zip archive.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4226 perl - security update

Unix Server vom 12.06.2018 um 02:00 Uhr | Quelle debian.org

Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4225 openjdk-7 - security update

Unix Server vom 10.06.2018 um 02:00 Uhr | Quelle debian.org

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code or bypass of JAR signature validation.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4224 gnupg - security update

Unix Server vom 08.06.2018 um 02:00 Uhr | Quelle debian.org

Marcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4222 gnupg2 - security update

Unix Server vom 08.06.2018 um 02:00 Uhr | Quelle debian.org

Marcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4221 libvncserver - security update

Unix Server vom 08.06.2018 um 02:00 Uhr | Quelle debian.org

Alexander Peslyak discovered that insufficient input sanitising of RFB packets in LibVNCServer could result in the disclosure of memory contents.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4223 gnupg1 - security update

Unix Server vom 08.06.2018 um 02:00 Uhr | Quelle debian.org

Marcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4219 jruby - security update

Unix Server vom 08.06.2018 um 02:00 Uhr | Quelle debian.org

Several vulnerabilities were discovered in jruby, a Java implementation of the Ruby programming language. They would allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4220 firefox-esr - security update

Unix Server vom 08.06.2018 um 02:00 Uhr | Quelle debian.org

Ivan Fratric discovered a buffer overflow in the Skia graphics library used by Firefox, which could result in the execution of arbitrary code.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4218 memcached - security update

Unix Server vom 06.06.2018 um 02:00 Uhr | Quelle debian.org

Several vulnerabilities were discovered in memcached, a high-performance memory object caching system. The Common Vulnerabilities and Exposures project identifies the following problems:


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

CentOS Blog: CentOS Pulse Newsletter Rebooted

Unix Server vom 05.06.2018 um 17:02 Uhr | Quelle blog.centos.org

After an 8 year silence, we're pleased to announce that the CentOS Pulse Newsletter is coming back to life.

This release is packed with information from the CentOS Community, including events, reports from our SIGs (Special Interest Groups) and information about the release of CentOS 7.5.1804

You can read the newsletter at https://wiki.centos.org/Newsletter/1801

More information about the newsletter, and how you can contribute to future editions, is available at http://wiki.centos.org/Newsletter   Subscribe to the newsletter mailing list, at https://lists.centos.org/mailman/listinfo/centos-newsletter, or by sending an empty message to centos-newsletter-subscribe@centos.org, to ensure you never miss an edition.

We always welcome comments and suggestions.

Enjoy the read.

The Newsletter Team

 


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4217 wireshark - security update

Unix Server vom 03.06.2018 um 02:00 Uhr | Quelle debian.org

It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC, IEEE 802.11, SIGCOMP, LDSS, GSM A DTAP and Q.931, which result in denial of service or the execution of arbitrary code.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4216 prosody - security update

Unix Server vom 02.06.2018 um 02:00 Uhr | Quelle debian.org

It was discovered that Prosody, a lightweight Jabber/XMPP server, does not properly validate client-provided parameters during XMPP stream restarts, allowing authenticated users to override the realm associated with their session, potentially bypassing security policies and allowing impersonation.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4215 batik - security update

Unix Server vom 02.06.2018 um 02:00 Uhr | Quelle debian.org

Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, a toolkit for processing SVG images, did not properly validate its input. This would allow an attacker to cause a denial-of-service, mount cross-site scripting attacks, or access restricted files on the server.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4214 zookeeper - security update

Unix Server vom 01.06.2018 um 02:00 Uhr | Quelle debian.org

It was discovered that Zookeeper, a service for maintaining configuration information, enforced no authentication/authorisation when a server attempts to join a Zookeeper quorum.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4213 qemu - security update

Unix Server vom 29.05.2018 um 02:00 Uhr | Quelle debian.org

Several vulnerabilities were discovered in qemu, a fast processor emulator.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4212 git - security update

Unix Server vom 29.05.2018 um 02:00 Uhr | Quelle debian.org

Etienne Stalmans discovered that git, a fast, scalable, distributed revision control system, is prone to an arbitrary code execution vulnerability exploitable via specially crafted submodule names in a .gitmodules file.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4211 xdg-utils - security update

Unix Server vom 25.05.2018 um 02:00 Uhr | Quelle debian.org

Gabriel Corona discovered that xdg-utils, a set of tools for desktop environment integration, is vulnerable to argument injection attacks. If the environment variable BROWSER in the victim host has a "%s" and the victim opens a link crafted by an attacker with xdg-open, the malicious party could manipulate the parameters used by the browser when opened. This manipulation could set, for example, a proxy to which the network traffic could be intercepted for that particular execution.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4210 xen - security update

Unix Server vom 25.05.2018 um 02:00 Uhr | Quelle debian.org

This update provides mitigations for the Spectre v4 variant in x86-based micro processors. On Intel CPUs this requires updated microcode which is currently not released publicly (but your hardware vendor may have issued an update). For servers with AMD CPUs no microcode update is needed, please refer to https://xenbits.xen.org/xsa/advisory-263.html for further information.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4209 thunderbird - security update

Unix Server vom 25.05.2018 um 02:00 Uhr | Quelle debian.org

Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

CentOS Blog: CentOS Atomic Host 7.1804 Available for Download

Unix Server vom 23.05.2018 um 18:17 Uhr | Quelle blog.centos.org

The CentOS Atomic SIG has released an updated version of CentOS Atomic Host (7.1804), a lean operating system designed to run Linux containers, built from standard CentOS 7 RPMs, and tracking the component versions included in Red Hat Enterprise Linux Atomic Host.

This release, which is based on the RHEL 7.5 source code, now ships without any baked-in Kubernetes rpms, which makes it simpler for users to layer their preferred Kubernetes or OpenShift packages onto the host.

CentOS Atomic Host includes these core component versions:

  • atomic-1.22.1-3.git2fd0860.el7.x86_64
  • cloud-init-0.7.9-24.el7.centos.x86_64
  • docker-1.13.1-63.git94f4240.el7.centos.x86_64
  • etcd-3.2.18-1.el7.x86_64
  • flannel-0.7.1-3.el7.x86_64
  • kernel-3.10.0-862.2.3.el7.x86_64
  • ostree-2018.1-4.el7.x86_64
  • rpm-ostree-client-2018.1-1.atomic.el7.x86_64

Download CentOS Atomic Host

CentOS Atomic Host is available as a VirtualBox or libvirt-formatted Vagrant box, or as an installable ISO, qcow2 or Amazon Machine image. For links to media, see the CentOS wiki.

Upgrading

If you’re running a previous version of CentOS Atomic Host, you can upgrade to the current image by running the following command:

# atomic host upgrade

Release Cycle

The CentOS Atomic Host image follows the upstream Red Hat Enterprise Linux Atomic Host cadence. After sources are released, they’re rebuilt and included in new images. After the images are tested by the SIG and deemed ready, we announce them.

Getting Involved

CentOS Atomic Host is produced by the CentOS Atomic SIG, based on upstream work from Project Atomic. If you’d like to work on testing images, help with packaging, documentation – join us!

You’ll often find us in #atomic and/or #centos-devel if you have questions. You can also join the atomic-devel mailing list if you’d like to discuss the direction of Project Atomic, its components, or have other questions.

Getting Help

If you run into any problems with the images or components, feel free to ask on the centos-devel mailing list.

Have questions about using Atomic? See the atomic mailing list or find us in the #atomic channel on Freenode.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4208 procps - security update

Unix Server vom 22.05.2018 um 02:00 Uhr | Quelle debian.org

The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs. The Common Vulnerabilities and Exposures project identifies the following problems:


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4207 packagekit - security update

Unix Server vom 22.05.2018 um 02:00 Uhr | Quelle debian.org

Matthias Gerstner discovered that PackageKit, a DBus abstraction layer for simple software management tasks, contains an authentication bypass flaw allowing users without privileges to install local packages.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4206 gitlab - security update

Unix Server vom 21.05.2018 um 02:00 Uhr | Quelle debian.org

Several vulnerabilities have been discovered in Gitlab, a software platform to collaborate on code:


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

CentOS Blog: Updated CentOS Vagrant Images Available (v1804.02)

Unix Server vom 19.05.2018 um 09:45 Uhr | Quelle blog.centos.org

We are pleased to announce new official Vagrant images of CentOS Linux 6.9 and CentOS Linux 7.5.1804 for x86_64 (based on the sources of RHEL 7.5). All included packages have been updated to 12th May 2018.

Notable Changes

The IO scheduler is now set to noop, according to Red Hat recommendations.

Known Issues

  1. The VirtualBox Guest Additions are not preinstalled; if you need them for shared folders, please install the vagrant-vbguest plugin and add the following line to your Vagrantfile:
    config.vm.synced_folder ".", "/vagrant", type: "virtualbox"

    We recommend using NFS instead of VirtualBox shared folders if possible; you can also use the vagrant-sshfs plugin, which, unlike NFS, works on all operating systems.

  2. Since the Guest Additions are missing, our images are preconfigured to use rsync for synced folders. Windows users can either use SMB for synced folders, or disable the sync directory by adding the line
    config.vm.synced_folder ".", "/vagrant", disabled: true

    to their Vagrantfile, to prevent errors on "vagrant up".

  3. Vagrant 1.8.5 is unable to create new CentOS Linux boxes due to Vagrant bug #7610
  4. Vagrant 1.8.7 is unable to download or update boxes due to Vagrant bug #7969.
  5. Vagrant 1.9.1 broke private networking, see Vagrant bug #8166
  6. Vagrant 1.9.3 doesn't work with SMB sync due to Vagrant bug #8404
  7. The vagrant-libvirt plugin is only compatible with Vagrant 1.5 to 1.8
  8. Installing open-vm-tools is not enough for enabling shared folders with Vagrant’s VMware provider. Please follow the detailed instructions in https://github.com/mvermaes/centos-vmware-tools (updated for this release).
  9. Some people reported "could not resolve host" errors when running the centos/7 image for VirtualBox on Windows hosts. Try adding the following line to your Vagrantfile:
    vb.customize ["modifyvm", :id, "--natdnshostresolver1", "off"]

Recommended Setup on the Host

Our automatic testing is running on a CentOS Linux 7 host, using Vagrant 1.9.4 with vagrant-libvirt and VirtualBox 5.1.20 (without the Guest Additions) as providers. We strongly recommend using the libvirt provider when stability is required.

Downloads

The official images can be downloaded from Vagrant Cloud. We provide images for HyperV, libvirt-kvm, VirtualBox and VMware.

If you never used our images before:

vagrant box add centos/6 # for CentOS Linux 6, or...
vagrant box add centos/7 # for CentOS Linux 7

Existing users can upgrade their images:

vagrant box update --box centos/6
vagrant box update --box centos/7

Verifying the integrity of the images

The SHA256 checksums of the images are signed with the CentOS 7 Official Signing Key. First, download and verify the checksum file:

$ curl http://cloud.centos.org/centos/7/vagrant/x86_64/images/sha256sum.txt.asc -o sha256sum.txt.asc
$ gpg --verify sha256sum.txt.asc

Once you are sure that the checksums are properly signed by the CentOS Project, you have to include them in your Vagrantfile (Vagrant unfortunately ignores checksum provided from the command line). Here's the relevant snippet from my own Vagrantfile, using v1803.01 and VirtualBox:

Vagrant.configure(2) do |config|
  config.vm.box = "centos/7"

  config.vm.provider :virtualbox do |virtualbox, override|
    virtualbox.memory = 1024
    override.vm.box_download_checksum_type = "sha256"
    override.vm.box_download_checksum = "b24c912b136d2aa9b7b94fc2689b2001c8d04280cf25983123e45b6a52693fb3"
    override.vm.box_url = "https://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7-x86_64-Vagrant-1803_01.VirtualBox.box"
  end
end

Feedback

If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or via IRC, in #centos on Freenode.

Ackowledgements

We would like to warmly thank Fabian Arrotin and Thomas Oulevey for their work on the build infrastructure, as well as Patrick Lang from Microsoft for testing and feedback on the Hyper-V images.

We would also like to thank the following people (listed alphabetically):

  • Graham Mainwaring, for helping with tests and validations;
  • Michael Vermaes, for testing our official images, as well as for writing the detailed guide to using them with VMware Fusion Pro and VMware Workstation Pro;
  • Kirill Kalachev, for reporting and debugging the host name errors with VirtualBox on Windows hosts.

1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

DSA-4205 - Advance notification for upcoming end-of-life for Debian 8

Unix Server vom 18.05.2018 um 02:00 Uhr | Quelle debian.org

This is an advance notice that regular security support for Debian GNU/Linux 8 (code name "jessie") will be terminated on the 17th of June.


1-Klick Newsbewertung vornehmen

Weiterlesen Artikel ansehen

Seitennavigation

Seite 1 von 61 Seiten (Bei Beitrag 1 - 35)
2.115x Beiträge in dieser Kategorie

Nächste 2 Seite | Letzte Seite
[ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ]