URGENT MESSAGE FOR RED HAT USERS

Timothy M. Lyons lyons at digitalvoodoo.org
Fri Aug 29 17:24:34 EDT 2003 

David,

Their certificate expired yesterday.  

People using up2date should note that they need to download or point to the 
appropriate ftp locations and use the manual 'rpm -Fvh' command.  Up2date will 
fail on a bad certificate.

--Tim

 
On Fri, 29 Aug 2003 at 16:02 -0400 David Kramer was heard to utter:

DK> From: David Kramer <david at thekramers.net>
DK> To: discuss at blu.org
DK> Date: Fri, 29 Aug 2003 16:02:08 -0400
DK> Subject: URGENT MESSAGE FOR RED HAT USERS
DK> 
DK> Apparently the SSL certificate used by the up2date program is expiring Real 
DK> Soon Now.  No matter what release you are using.  If you do not get the new 
DK> certificate, or update to an up2date that has the certificate, you will not 
DK> be able to run up2date.
DK> 
DK> Here is the email I got from them:
DK> 
DK> ----------  Forwarded Message  ----------
DK> 
DK> Subject: [RHSA-2003:267-01] New up2date available with updated SSL 
DK> certificate authority file
DK> Date: Fri, 29 Aug 2003 07:39 -0400
DK> From: bugzilla at redhat.com
DK> To: redhat-watch-list at redhat.com, bugtraq at securityfocus.com,   
DK> full-disclosure at lists.netsys.com
DK> 
DK> -----BEGIN PGP SIGNED MESSAGE-----
DK> Hash: SHA1
DK> 
DK> - ---------------------------------------------------------------------
DK>                    Red Hat Security Advisory
DK> 
DK> Synopsis:          New up2date available with updated SSL certificate
DK>  authority file Advisory ID:       RHSA-2003:267-01
DK> Issue date:        2003-08-29
DK> Updated on:        2003-08-29
DK> Product:           Red Hat Linux
DK> Keywords:          up2date Red Hat Network rhn_register
DK> Cross references:
DK> Obsoletes:
DK> - ---------------------------------------------------------------------
DK> 
DK> 1. Topic:
DK> 
DK> New versions of the up2date and rhn_register clients are available and
DK> are required for continued access to Red Hat Network.
DK> 
DK> 2. Relevant releases/architectures:
DK> 
DK> Red Hat Linux 7.1 - i386
DK> Red Hat Linux 7.2 - i386, ia64
DK> Red Hat Linux 7.3 - i386
DK> Red Hat Linux 8.0 - i386
DK> Red Hat Linux 9 - i386
DK> 
DK> 3. Problem description:
DK> 
DK> The rhn_register and up2date packages contain the software necessary to
DK> take advantage of Red Hat Network functionality.
DK> 
DK> This erratum includes an updated RHNS-CA-CERT file, which contains a new CA
DK> certificate.  This new certificate is needed so that up2date can continue
DK> to communicate with Red Hat Network after 28 August 2003.  Without this
DK> updated certificate, users will see SSL Connection Errors reported by
DK> up2date or rhn_register.
DK> 
DK> All users must upgrade to these erratum packages in order to continue to
DK> use Red Hat Network.  This includes both interactive use of up2date, as
DK> well as actions scheduled by the RHN website.
DK> 
DK> 4. Solution:
DK> 
DK> Before applying this update, make sure all previously released errata
DK> relevant to your system have been applied.
DK> 
DK> To update all RPMs for your particular architecture, run:
DK> 
DK> rpm -Fvh [filenames]
DK> 
DK> where [filenames] is a list of the RPMs you wish to upgrade.  Only those
DK> RPMs which are currently installed will be updated.  Those RPMs which are
DK> not installed but included in the list will not be updated.  Note that you
DK> can also use wildcards (*.rpm) if your current directory *only* contains
DK> the desired RPMs.
DK> 
DK> Because the previous Certificate Authority has expired, up2date will
DK> present 'SSL Certificate Errors' if you attempt to use it to apply this
DK> errata.  Therefore, this update cannot be applied directly with up2date and
DK>  instead must be applied as indicated above.
DK> 
DK> In addition to the Red Hat FTP site, the latest versions of up2date and
DK> rhn_register are also available at
DK> 
DK>     https://rhn.redhat.com/help/latest-up2date.pxt
DK> 
DK> For users who would prefer to install the new certificate directly, it is
DK> available at:
DK> 
DK>     https://rhn.redhat.com/help/ssl_cert.pxt
DK> 
DK> 5. RPMs required:
DK> 
DK> Red Hat Linux 7.1:
DK> 
DK> SRPMS:
DK> ftp://updates.redhat.com/7.1/en/os/SRPMS/up2date-2.8.40-1.7.1.src.rpm
DK> 
DK> i386:
DK> ftp://updates.redhat.com/7.1/en/os/i386/up2date-2.8.40-1.7.1.i386.rpm
DK> ftp://updates.redhat.com/7.1/en/os/i386/up2date-gnome-2.8.40-1.7.1.i386.rpm
DK> 
DK> Red Hat Linux 7.2:
DK> 
DK> SRPMS:
DK> ftp://updates.redhat.com/7.2/en/os/SRPMS/up2date-2.8.40-2.7.2.src.rpm
DK> 
DK> i386:
DK> ftp://updates.redhat.com/7.2/en/os/i386/up2date-2.8.40-2.7.2.i386.rpm
DK> ftp://updates.redhat.com/7.2/en/os/i386/up2date-gnome-2.8.40-2.7.2.i386.rpm
DK> 
DK> ia64:
DK> ftp://updates.redhat.com/7.2/en/os/ia64/up2date-2.8.40-2.7.2.ia64.rpm
DK> ftp://updates.redhat.com/7.2/en/os/ia64/up2date-gnome-2.8.40-2.7.2.ia64.rpm
DK> 
DK> Red Hat Linux 7.3:
DK> 
DK> SRPMS:
DK> ftp://updates.redhat.com/7.3/en/os/SRPMS/up2date-2.8.40-3.7.3.src.rpm
DK> 
DK> i386:
DK> ftp://updates.redhat.com/7.3/en/os/i386/up2date-2.8.40-3.7.3.i386.rpm
DK> ftp://updates.redhat.com/7.3/en/os/i386/up2date-gnome-2.8.40-3.7.3.i386.rpm
DK> 
DK> Red Hat Linux 8.0:
DK> 
DK> SRPMS:
DK> ftp://updates.redhat.com/8.0/en/os/SRPMS/up2date-3.0.7.2-1.src.rpm
DK> 
DK> i386:
DK> ftp://updates.redhat.com/8.0/en/os/i386/up2date-3.0.7.2-1.i386.rpm
DK> ftp://updates.redhat.com/8.0/en/os/i386/up2date-gnome-3.0.7.2-1.i386.rpm
DK> 
DK> Red Hat Linux 9:
DK> 
DK> SRPMS:
DK> ftp://updates.redhat.com/9/en/os/SRPMS/up2date-3.1.23.2-1.src.rpm
DK> 
DK> i386:
DK> ftp://updates.redhat.com/9/en/os/i386/up2date-3.1.23.2-1.i386.rpm
DK> ftp://updates.redhat.com/9/en/os/i386/up2date-gnome-3.1.23.2-1.i386.rpm
DK> 
DK> 
DK> 
DK> 6. Verification:
DK> 
DK> MD5 sum                          Package Name
DK> -
DK>  --------------------------------------------------------------------------
DK>  b67ea5065c3115d523e17561aac5cb7c
DK>  7.1/en/os/SRPMS/up2date-2.8.40-1.7.1.src.rpm
DK>  71f2f6e4bfcdee8f4f46ef037c7a1c8d
DK>  7.1/en/os/i386/up2date-2.8.40-1.7.1.i386.rpm
DK>  2205d1e5832dbb67d60103104eb59fec
DK>  7.1/en/os/i386/up2date-gnome-2.8.40-1.7.1.i386.rpm
DK>  3deea256b106e71ee6d5890639d872b3
DK>  7.2/en/os/SRPMS/up2date-2.8.40-2.7.2.src.rpm
DK>  21bc8e1f03e9f28590d46df60a9458b5
DK>  7.2/en/os/i386/up2date-2.8.40-2.7.2.i386.rpm
DK>  3d3d7c6dca73d521a0f541b859f13eb3
DK>  7.2/en/os/i386/up2date-gnome-2.8.40-2.7.2.i386.rpm
DK>  ac5161a5bbe122896eccbc312bef9273
DK>  7.2/en/os/ia64/up2date-2.8.40-2.7.2.ia64.rpm
DK>  c789fbf88d7faf82504eb4189b767f90
DK>  7.2/en/os/ia64/up2date-gnome-2.8.40-2.7.2.ia64.rpm
DK>  23d8868920cb7df21925669f04fb2ad2
DK>  7.3/en/os/SRPMS/up2date-2.8.40-3.7.3.src.rpm
DK>  3643d7774d7e60a1aeb79c8fecbf624c
DK>  7.3/en/os/i386/up2date-2.8.40-3.7.3.i386.rpm
DK>  89977334ec0d3a2a720c3303602fc8dd
DK>  7.3/en/os/i386/up2date-gnome-2.8.40-3.7.3.i386.rpm
DK>  17ad92db4579d046d84c84a16784ba98 8.0/en/os/SRPMS/up2date-3.0.7.2-1.src.rpm
DK>  15bc5dc918916bca3a5c29148979716e 8.0/en/os/i386/up2date-3.0.7.2-1.i386.rpm
DK>  1ae89cf79880f3bc5de7b86eb1d47a2b
DK>  8.0/en/os/i386/up2date-gnome-3.0.7.2-1.i386.rpm
DK>  b8a5b2d548869a846cbaf373f3637555 9/en/os/SRPMS/up2date-3.1.23.2-1.src.rpm
DK>  3faabcb9cc610627fe378b88d0b2b928 9/en/os/i386/up2date-3.1.23.2-1.i386.rpm
DK>  733d0aca17c15af0b1fa709ba86337dc
DK>  9/en/os/i386/up2date-gnome-3.1.23.2-1.i386.rpm
DK> 
DK> 
DK> These packages are GPG signed by Red Hat for security.  Our key is
DK> available from https://www.redhat.com/security/keys.html
DK> 
DK> You can verify each package with the following command:
DK> 
DK>     rpm --checksig -v <filename>
DK> 
DK> If you only wish to verify that each package has not been corrupted or
DK> tampered with, examine only the md5sum with the following command:
DK> 
DK>     md5sum <filename>
DK> 
DK> 7. Contact:
DK> 
DK> The Red Hat security contact is <secalert at redhat.com>.  More contact
DK> details at https://www.redhat.com/solutions/security/news/contact.html
DK> 
DK> Copyright 2003 Red Hat, Inc.
DK> -----BEGIN PGP SIGNATURE-----
DK> Version: GnuPG v1.0.7 (GNU/Linux)
DK> 
DK> iD8DBQE/Tzt/XlSAg2UNWIIRAoUSAKCfwH7rc+4n4qDoAwqpeHOfvHHu7gCgmkhY
DK> qGnZb7YTmLpjhBxLWdWQLXs=
DK> =w6lI
DK> -----END PGP SIGNATURE-----
DK> 
DK> 
DK> _______________________________________________
DK> Redhat-watch-list mailing list
DK> To unsubscribe, visit:
DK>  https://www.redhat.com/mailman/listinfo/redhat-watch-list
DK> 
DK> -------------------------------------------------------
DK> 
DK> 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner/Sophos on 
mail.digitalvoodoo.org and is believed to be clean.
--

More information about the Discuss mailing list