- Security - AlmaLinux List Archives

RSS Feed for https://errata.almalinux.org/
by andre.pires_carvalho＠siemens.com 06 Sep '23

06 Sep '23

Dear AlmaLinux, I'm currently monitoring the security advisories for AlmaLinux packages by subscribing your email security list. Nonetheless, I'm an avid supporter of RSS-like delivering systems. Additionally, I think it is a perfect match for structured information such as your security advisories! Is an RSS Feed something that could be provided for the information on https://errata.almalinux.org/ ? Thank you so much for the great work! André C.

2 1

Request for Permission to Conduct Passive Reconnaissance for Academic Purposes
by Robert Crowe 14 Aug '23

14 Aug '23

Dear Almalinux Foundation, I hope this email finds you well. My name is Robert Crowe, and I am currently pursuing a degree in Cybersecurity at the University of Phoenix. As part of my Ethical Hacking course, I have been tasked with conducting a passive reconnaissance assignment focused on a chosen organization. I am reaching out to request your consent to select the Almalinux Foundation as the subject of my research. The objective of this assignment is threefold: 1. Summarize the Importance of Footprinting: This section will briefly discuss the significance of footprinting in ethical hacking, and how it serves as a foundational step in penetration testing. 2. Examine Organizational, Network, and System Information: I will analyze publicly available data about the Almalinux Foundation, including organizational structure, network components, and system configurations. This will allow me to describe the results of the examination. 3. Assess the Security Posture: Based on the collected information, I will provide an analysis of the current security stance of the Almalinux Foundation and identify any potential security vulnerabilities. Please be assured that this exercise will be entirely passive and will only utilize information that is publicly available. No active probing, scanning, or intrusive techniques will be employed. Additionally, I would be more than happy to share my report and findings with you once the assignment has been graded. The integrity and ethical considerations of this task are of paramount importance to me, and I am committed to ensuring full compliance with legal and professional standards. I would not proceed with this assignment without your explicit permission. Thank you for considering my request. I eagerly await your response and assure you of my utmost respect for your privacy and security. Best Regards, Robert Crowe robert.crowe(a)mykolab.com, Abilene, TX Cybersecurity Student University of Phoenix

2 1

Zenbleed Patch Release: 7/27/2023 @ 0700 EST
by Jonathan Wright 26 Jul '23

26 Jul '23

Hi all! There was a flaw announced and patches released that is trivially executable in a large number of AMD environments (CVE-2023-20593). We announced Monday that we had a patch for Zenbleed ready <https://almalinux.org/blog/zenbleed-patch-call-for-testing/> (please read the blog post for full details), but wanted testing. So far we have seen a significant number of users and companies apply the patches with our updated linux-firmware package with no reported problems, and therefore we plan to push the updated package live at 07:00 US eastern time July 27th. If you are at all concerned, we encourage you to test in your own environment and let us know if you find any problems. As a side note: we already have been, but are continuing to discuss the right way to handle this in a sustainable way going forward. If you have interest in being part of that solution, join our chat and keep an eye out for when we start to build those structures, and make sure to join us at the AlmaLinux OS Foundation <https://almalinux.org/members/>. -- Jonathan Wright AlmaLinux Foundation Mattermost: chat <https://chat.almalinux.org/almalinux/messages/@jonathan>

1 0

Zenbleed Patches Available for Testing
by Jonathan Wright 25 Jul '23

25 Jul '23

We are happy to announce that Zenbleed patches are available now for testing. You can apply the fix as follows: AlmaLinux 8: dnf update https://build.almalinux.org/pulp/content/builds/AlmaLinux-8-x86_64-7032-br/… AlmaLinux 9: dnf update https://build.almalinux.org/pulp/content/builds/AlmaLinux-9-x86_64-7033-br/… AlmaLinux 8/9: echo 1 > /sys/devices/system/cpu/microcode/reload For full details please see our blog post at https://almalinux.org/blog/zenbleed-patch-call-for-testing/ The updates are expected to hit the production repos in the coming days. -- Jonathan Wright AlmaLinux Foundation Mattermost: chat <https://chat.almalinux.org/almalinux/messages/@jonathan>

1 0

Package missing in Podman Module container-tools:rhel8 / container-selinux-2.189.0-1.module_el8.7.0+3344+5bcd850f.noarch.rpm
by Dominik Rutkowski 02 Feb '23

02 Feb '23

Hello, I just noticed this behavior because of an trivy scan I enabled podman module RHEL8 and installed podman: dnf module enable container-tools:rhel8 dnf install podman rpm -qa podman podman-4.2.0-6.module_el8.7.0+3385+a9526ac7.x86_64 rpm -qa container-selinux container-selinux-2.189.0-1.module_el8.6.0+3336+00d107d5.noarch if I switch to container-tools:4.0 then the correct container-selinux module get installed dnf module switch-to container-tools:4.0 rpm -qa podman podman-4.0.2-8.module_el8.7.0+3344+5bcd850f.x86_64 rpm -qa container-selinux container-selinux-2.189.0-1.module_el8.7.0+3344+5bcd850f.noarch The whole Module "container-tools:rhel8" seems messed up fuse-overlayfs 1.9-1.module_el8.6.0+3070+1510fbd1 get installed, but should be 1.9-1.module_el8.7.0+3344+5bcd850f I cannot replicate it on an RHEL machine, so I don't know if this is an upstream RHEL issue Thanks in advance If you need any more infos, just let me know Greetings Dominik

1 0

Re: Can I use the Elevate tool to migrate my CentOS 7.9 with Virtualmin/Webmin to AlmaLinux 9.0?
by Turritopsis Dohrnii Teo En Ming 24 Nov '22

24 Nov '22

On Fri, 18 Nov 2022 at 21:58, Scott Blaydes <scott(a)nettek.io> wrote: > > I believe that is beyond the scope of this list. > > Best bet would be to make a clone of the system and try running Elevate. If you can't make a clone, build a new server and try it. > > Also, if you do choose to build a new server and install an Alma/Virtualmin server, you can migrate backups from the CentOS/Virtualmin and restore them on the new Alma/Virtualmin server. > > Thank you, > Scott Blaydes Dear Scott Blaydes, Thank you for your reply. I think you may have saved my day. You mean I can make full and complete backups of my web hosting control panel using the Virtualmin GUI web interface in CentOS 7.9 and restore the backups on the fresh new installation of AlmaLinux 9.1/Virtualmin server? That means I do not need to make a clone of my CentOS 7.9 linux server and run Elevate tool already. I can simply make a fresh new installation of both AlmaLinux 9.1 and Virtualmin on a brand new server. No migration needed and no headaches and complications. Thank you. Mr. Turritopsis Dohrnii Teo En Ming > > On Wed, Nov 16, 2022 at 10:45:10PM +0800, Turritopsis Dohrnii Teo En Ming wrote: > > Subject: Can I use the Elevate tool to migrate my CentOS 7.9 with > > Virtualmin/Webmin to AlmaLinux 9.0? > > > > Good day from Singapore, > > > > I understand both CentOS Linux and AlmaLinux follow Red Hat Enterprise > > Linux (RHEL). > > > > I have 2 CentOS 7.9 Linux virtual private servers (VPS) in Europe. > > They are running Virtualmin/Webmin web hosting control panel in master > > and slave configuration. > > > > Unfortunately, the end of life (EOL) date for CentOS 7.9 is 30 June > > 2024, which is less than 2 years away. > > > > Can I use the Elevate tool to migrate my CentOS 7.9 with > > Virtualmin/Webmin to AlmaLinux 9.0? Is it technically impossible or > > will result in too many complications? > > > > Should I install AlmaLinux 9.0 from fresh and then install Virtualmin > > instead? If I choose this route, I will need to ask Virtualmin > > developers how I can migrate the web hosting control panel from CentOS > > 7.9 to AlmaLinux 9.0. > > > > Please advise. > > > > Thank you. > > > > Regards, > > > > Mr. Turritopsis Dohrnii Teo En Ming > > Targeted Individual in Singapore > > Blogs: > > https://tdtemcerts.blogspot.com > > https://tdtemcerts.wordpress.com > > _______________________________________________ > > Security mailing list -- security(a)lists.almalinux.org > > To unsubscribe send an email to security-leave(a)lists.almalinux.org

2 2

Can I use the Elevate tool to migrate my CentOS 7.9 with Virtualmin/Webmin to AlmaLinux 9.0?
by Turritopsis Dohrnii Teo En Ming 16 Nov '22

16 Nov '22

Subject: Can I use the Elevate tool to migrate my CentOS 7.9 with Virtualmin/Webmin to AlmaLinux 9.0? Good day from Singapore, I understand both CentOS Linux and AlmaLinux follow Red Hat Enterprise Linux (RHEL). I have 2 CentOS 7.9 Linux virtual private servers (VPS) in Europe. They are running Virtualmin/Webmin web hosting control panel in master and slave configuration. Unfortunately, the end of life (EOL) date for CentOS 7.9 is 30 June 2024, which is less than 2 years away. Can I use the Elevate tool to migrate my CentOS 7.9 with Virtualmin/Webmin to AlmaLinux 9.0? Is it technically impossible or will result in too many complications? Should I install AlmaLinux 9.0 from fresh and then install Virtualmin instead? If I choose this route, I will need to ask Virtualmin developers how I can migrate the web hosting control panel from CentOS 7.9 to AlmaLinux 9.0. Please advise. Thank you. Regards, Mr. Turritopsis Dohrnii Teo En Ming Targeted Individual in Singapore Blogs: https://tdtemcerts.blogspot.com https://tdtemcerts.wordpress.com

1 0

Errata missing
by Dominik Rutkowski 15 Jul '22

15 Jul '22

Hello, I just noticed, there seems to be errata missing for the past few weeks? https://errata.almalinux.org/ Last Errata 01.07.22 https://errata.rockylinux.org/ last Errata 14.07.22 Just noticed because of last Kernel update See https://access.redhat.com/errata/RHSA-2022:5564 Could you please look into it? We rely on errata for our Katello Thank you very much Greetings Dominik

1 0

Re: Advisories pointing to 404 pages
by Vyacheslav Potoropin 09 Jun '22

09 Jun '22

The problem has been fixed, missing records are available now. On Thu, Jun 9, 2022 at 1:39 PM Vyacheslav Potoropin < vpotoropin(a)almalinux.org> wrote: > Hello, thanks for taking interest in the AlmaLinux project and reporting > this issue. > The problem has been fixed, missing records are available now. > > > On Thu, Jun 9, 2022 at 1:25 PM Eugene Zamriy <ezamriy(a)almalinux.org> > wrote: > >> >> >> ---------- Forwarded message --------- >> From: Nunes, Vitor <vitor.nunes(a)siemens.com> >> Date: Thu, Jun 9, 2022 at 1:58 PM >> Subject: [Security] Advisories pointing to 404 pages >> To: security(a)lists.almalinux.org <security(a)lists.almalinux.org> >> >> >> Hello, >> >> I've noticed for a couple of days now that some advisories in >> errata.almalinux.org, starting from ALSA-2022:4776 to ALSA-2022:4807 are >> pointing to 404 pages. Any planned disclosure date? >> >> Many thanks in advance. >> >> Vítor >> _______________________________________________ >> Security mailing list -- security(a)lists.almalinux.org >> To unsubscribe send an email to security-leave(a)lists.almalinux.org >> >> >> -- >> Best regards, >> >> Eugene Zamriy >> PGP 4760 356E 2A4F 412D 4162 D0FA 9919 5B96 BD3F 68EA >> >

1 0

Advisories pointing to 404 pages
by Nunes, Vitor 09 Jun '22

09 Jun '22

Hello, I've noticed for a couple of days now that some advisories in errata.almalinux.org, starting from ALSA-2022:4776 to ALSA-2022:4807 are pointing to 404 pages. Any planned disclosure date? Many thanks in advance. Vítor

1 0

2023

2022

Security ----- 2023 ----- October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 ----- 2022 ----- December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022

Security