Bug in GnuTLS library discovered – allows attackers to bypass SSL trivially – update your GnuTLS now!

What is the GnuTLS bug? Red Hat has discovered a bug in the GnuTLS (GNU Transport Layer Security) package that may allow attackers to trivially bypass SSL (CVE-2014-0092). RHEL, CentOS, Debian and other popular Linux distributions are susceptible to potential eavesdropping due to this bug. What version of GnuTLS is affected? At this ...

Read More...

CentOS Linux Kernel Update 2.6.32-431.5.1 Released

CentOS Linux kernel 2.6.32-431.5.1 has just been released. Update type(s): security and bug fix Resolved CVEs: CVE-2013-2929 CVE-2013-6381 CVE-2013-7263 CVE-2013-7265 * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system ...

Read More...

CentOS Project joins Red Hat, New CentOS Website

The CentOS Project has just announced that they've officially joined forces with the Red Hat Open Source Community! Full details on this exciting new collaboration with RH and CentOS can be found here: Red Hat Announcement: http://community.redhat.com/blog/2014/01/red-hat-and-centos-join-forces/ CentOS Announcement: http://lists.centos.org/pipermail/centos-announce/2014-January/020100.html FAQ regarding CentOS and Red Hat: http://community.redhat.com/centos-faq/ Also with this announcement, a new CentOS ...

Read More...

CentOS Linux Kernel Update 2.6.32-431.1.2 Released

CentOS Linux kernel 2.6.32-431.1.2 has just been released.  Update type(s): security, bug fix and enhancement CVEs: CVE-2013-2141 CVE-2013-4470 CVE-2013-6367 CVE-2013-6368 * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload (UFO) feature was enabled on the output device. ...

Read More...