CentOS 5533 Published by

The following updates has been released for CentOS 6:

CEBA-2014:0375 CentOS 6 libvirt Update
CESA-2014:0376 Important CentOS 6 openssl Update
CVE-2014-0160 CentOS 6 openssl heartbleed workaround



CEBA-2014:0375 CentOS 6 libvirt Update


CentOS Errata and Bugfix Advisory 2014:0375

Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0375.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
7d67a5d63fc75d54183502af364c758120ac6fa408c9e66e6fb2c07a92fbcd1e libvirt-0.10.2-29.el6_5.7.i686.rpm
56d8252ec87c23d4791b4ffee52f7fa17ef458079e02b831def8256b72eec1bc libvirt-client-0.10.2-29.el6_5.7.i686.rpm
cde2a06fecc26f53b90ca4969bc85ac7ecee69be97260aabce51598230d946ce libvirt-devel-0.10.2-29.el6_5.7.i686.rpm
bac371bc8e6ce0fee8f3544ed563138d0f9724942d9beec366174989c2bbfcd0 libvirt-python-0.10.2-29.el6_5.7.i686.rpm

x86_64:
290c65b89604bbe5a2c4faf29426b856523be3d3959df8b26577c319965c61d1 libvirt-0.10.2-29.el6_5.7.x86_64.rpm
56d8252ec87c23d4791b4ffee52f7fa17ef458079e02b831def8256b72eec1bc libvirt-client-0.10.2-29.el6_5.7.i686.rpm
cd7e72698d0725977f17733e1a7551e515867dca6f3de29218d9854bf740e31b libvirt-client-0.10.2-29.el6_5.7.x86_64.rpm
cde2a06fecc26f53b90ca4969bc85ac7ecee69be97260aabce51598230d946ce libvirt-devel-0.10.2-29.el6_5.7.i686.rpm
5acf324a4c2ec8a8fd1ebb06f5bdd84946145ca94c5f1f38c49aea47ed74a0cf libvirt-devel-0.10.2-29.el6_5.7.x86_64.rpm
d34f42ad7bbd1f58e831a3fc4282161fceb4d883062bf5e98bf731181b920f84 libvirt-lock-sanlock-0.10.2-29.el6_5.7.x86_64.rpm
c5107e81ae019699a7782aa69d9ebebbcdbc9c6933f3c549382aa68d01cc7fad libvirt-python-0.10.2-29.el6_5.7.x86_64.rpm

Source:
6fcbd8519b7c558859efed0f68afd9323b2dfbf8546f0d1a3ca53e8d9c26a1e9 libvirt-0.10.2-29.el6_5.7.src.rpm


CESA-2014:0376 Important CentOS 6 openssl Update


CentOS Errata and Security Advisory 2014:0376 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0376.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
6ceff4bad2608484b9b9ab74b8e9047b593b6b7a6ca5ba3cc16db7d8b447f1d8 openssl-1.0.1e-16.el6_5.7.i686.rpm
ef6c735885f24ca8618357b880e8cdc6fcb7c6895d99f740169684a3a6f0b8ba openssl-devel-1.0.1e-16.el6_5.7.i686.rpm
5724d24708d8b62ee48585ea530d379c258a9dd537ce3d350a61af4489c11ea5 openssl-perl-1.0.1e-16.el6_5.7.i686.rpm
601108f27b4716355d972d70e8711b6ff53f4375962b3d6e81321736c6709b90 openssl-static-1.0.1e-16.el6_5.7.i686.rpm

x86_64:
6ceff4bad2608484b9b9ab74b8e9047b593b6b7a6ca5ba3cc16db7d8b447f1d8 openssl-1.0.1e-16.el6_5.7.i686.rpm
42cdc321aa3d46889c395c5d6dc11961ed86be5f4d98af0d6399d6c4e1233712 openssl-1.0.1e-16.el6_5.7.x86_64.rpm
ef6c735885f24ca8618357b880e8cdc6fcb7c6895d99f740169684a3a6f0b8ba openssl-devel-1.0.1e-16.el6_5.7.i686.rpm
3328f32f211b2e136c25ec8538c768049f288f0b410932b31880fa4b4de8e73b openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm
89cdbaed00f8348a6a6d567c6c1eb8aba9f94578653be475e826e24c51f10594 openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm
9222db08c5cbf4fded04fd7d060f5b91ed396665e2baa4c899fc2aa8aa9297d0 openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm

Source:
3a08cda99f54b97c027ed32758e7b1ddcff635be5c3737c1e9084321561a015d openssl-1.0.1e-16.el6_5.7.src.rpm

CentOS 6 openssl heartbleed workaround

Earlier in the day today, we were made aware of a serious
issue in openssl as shipped in CentOS-6.5 ( including updates issued
since CentOS-6.5 was released ); This issue is addressed in detail at
http://heartbleed.com/

Upstream have not released a patched version of openssl, although we
are reliably informed that there is quite a bit of effort ongoing
to release a patched package soon.

As an interim workaround, we are releasing packages that disable the
exploitable code using the published workaround( tls heartbeat );
Note that these packages do not resolve the issue, they merely
disable the feature that is being exploited.

i386:
58ac5c57e0bcc3a34434973244ddb5eaf1323ef4ff1341f8ad78ec722a794238
openssl-1.0.1e-16.el6_5.4.0.1.centos.i686.rpm
b4413e3509647ca7ad2d9d3eb7d53b367b7ea0d43a0d3553c9e517fdfc0a81a7
openssl-devel-1.0.1e-16.el6_5.4.0.1.centos.i686.rpm
12e4456c9c9783fb08794d6a96b5aba4ee28d146b836d626cd1c6b073710d62a
openssl-perl-1.0.1e-16.el6_5.4.0.1.centos.i686.rpm
8fbf30e0e237a772417013e81144715d7422fcb585e58adba9635164e3598f4e
openssl-static-1.0.1e-16.el6_5.4.0.1.centos.i686.rpm

x86_64:
58ac5c57e0bcc3a34434973244ddb5eaf1323ef4ff1341f8ad78ec722a794238
openssl-1.0.1e-16.el6_5.4.0.1.centos.i686.rpm
80d3f839551280bec1aafaacbaddde6b4112c5d64ed4f5ecd2cb3974785319c0
openssl-1.0.1e-16.el6_5.4.0.1.centos.x86_64.rpm
b4413e3509647ca7ad2d9d3eb7d53b367b7ea0d43a0d3553c9e517fdfc0a81a7
openssl-devel-1.0.1e-16.el6_5.4.0.1.centos.i686.rpm
fc146768d01e92c1dca6b8fffc2b272e62ee7e30c8004e64aa6c5a62707d8d30
openssl-devel-1.0.1e-16.el6_5.4.0.1.centos.x86_64.rpm
8a91c231fe0b021613f784bac7d31e9468a2b286f75afb0276e8b4fe33020092
openssl-perl-1.0.1e-16.el6_5.4.0.1.centos.x86_64.rpm
fa2d68756a47d41ee227dcdc3de878c8f4edfb1d7b17b4b96027c991406aa4ee
openssl-static-1.0.1e-16.el6_5.4.0.1.centos.x86_64.rpm

- ----
Notes:
1) All versions of CentOS prior to 6.5 are unaffected.
2) the release tag in these packages is marked in a manner that the next
upstream version will override and replace these packages.

ref:
- - http://heartbleed.com/
- - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0160
- - https://access.redhat.com/security/cve/CVE-2014-0160