Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

URGENT MESSAGE FOR RED HAT USERS



David,

Their certificate expired yesterday.  

People using up2date should note that they need to download or point to the 
appropriate ftp locations and use the manual 'rpm -Fvh' command.  Up2date will 
fail on a bad certificate.

--Tim

 
On Fri, 29 Aug 2003 at 16:02 -0400 David Kramer was heard to utter:

DK> From: David Kramer <david at thekramers.net>
DK> To: discuss at blu.org
DK> Date: Fri, 29 Aug 2003 16:02:08 -0400
DK> Subject: URGENT MESSAGE FOR RED HAT USERS
DK> 
DK> Apparently the SSL certificate used by the up2date program is expiring Real 
DK> Soon Now.  No matter what release you are using.  If you do not get the new 
DK> certificate, or update to an up2date that has the certificate, you will not 
DK> be able to run up2date.
DK> 
DK> Here is the email I got from them:
DK> 
DK> ----------  Forwarded Message  ----------
DK> 
DK> Subject: [RHSA-2003:267-01] New up2date available with updated SSL 
DK> certificate authority file
DK> Date: Fri, 29 Aug 2003 07:39 -0400
DK> From: bugzilla at redhat.com
DK> To: redhat-watch-list at redhat.com, bugtraq at securityfocus.com,   
DK> full-disclosure at lists.netsys.com
DK> 
DK> -----BEGIN PGP SIGNED MESSAGE-----
DK> Hash: SHA1
DK> 
DK> - ---------------------------------------------------------------------
DK>                    Red Hat Security Advisory
DK> 
DK> Synopsis:          New up2date available with updated SSL certificate
DK>  authority file Advisory ID:       RHSA-2003:267-01
DK> Issue date:        2003-08-29
DK> Updated on:        2003-08-29
DK> Product:           Red Hat Linux
DK> Keywords:          up2date Red Hat Network rhn_register
DK> Cross references:
DK> Obsoletes:
DK> - ---------------------------------------------------------------------
DK> 
DK> 1. Topic:
DK> 
DK> New versions of the up2date and rhn_register clients are available and
DK> are required for continued access to Red Hat Network.
DK> 
DK> 2. Relevant releases/architectures:
DK> 
DK> Red Hat Linux 7.1 - i386
DK> Red Hat Linux 7.2 - i386, ia64
DK> Red Hat Linux 7.3 - i386
DK> Red Hat Linux 8.0 - i386
DK> Red Hat Linux 9 - i386
DK> 
DK> 3. Problem description:
DK> 
DK> The rhn_register and up2date packages contain the software necessary to
DK> take advantage of Red Hat Network functionality.
DK> 
DK> This erratum includes an updated RHNS-CA-CERT file, which contains a new CA
DK> certificate.  This new certificate is needed so that up2date can continue
DK> to communicate with Red Hat Network after 28 August 2003.  Without this
DK> updated certificate, users will see SSL Connection Errors reported by
DK> up2date or rhn_register.
DK> 
DK> All users must upgrade to these erratum packages in order to continue to
DK> use Red Hat Network.  This includes both interactive use of up2date, as
DK> well as actions scheduled by the RHN website.
DK> 
DK> 4. Solution:
DK> 
DK> Before applying this update, make sure all previously released errata
DK> relevant to your system have been applied.
DK> 
DK> To update all RPMs for your particular architecture, run:
DK> 
DK> rpm -Fvh [filenames]
DK> 
DK> where [filenames] is a list of the RPMs you wish to upgrade.  Only those
DK> RPMs which are currently installed will be updated.  Those RPMs which are
DK> not installed but included in the list will not be updated.  Note that you
DK> can also use wildcards (*.rpm) if your current directory *only* contains
DK> the desired RPMs.
DK> 
DK> Because the previous Certificate Authority has expired, up2date will
DK> present 'SSL Certificate Errors' if you attempt to use it to apply this
DK> errata.  Therefore, this update cannot be applied directly with up2date and
DK>  instead must be applied as indicated above.
DK> 
DK> In addition to the Red Hat FTP site, the latest versions of up2date and
DK> rhn_register are also available at
DK> 
DK>     https://rhn.redhat.com/help/latest-up2date.pxt
DK> 
DK> For users who would prefer to install the new certificate directly, it is
DK> available at:
DK> 
DK>     https://rhn.redhat.com/help/ssl_cert.pxt
DK> 
DK> 5. RPMs required:
DK> 
DK> Red Hat Linux 7.1:
DK> 
DK> SRPMS:
DK> ftp://updates.redhat.com/7.1/en/os/SRPMS/up2date-2.8.40-1.7.1.src.rpm
DK> 
DK> i386:
DK> ftp://updates.redhat.com/7.1/en/os/i386/up2date-2.8.40-1.7.1.i386.rpm
DK> ftp://updates.redhat.com/7.1/en/os/i386/up2date-gnome-2.8.40-1.7.1.i386.rpm
DK> 
DK> Red Hat Linux 7.2:
DK> 
DK> SRPMS:
DK> ftp://updates.redhat.com/7.2/en/os/SRPMS/up2date-2.8.40-2.7.2.src.rpm
DK> 
DK> i386:
DK> ftp://updates.redhat.com/7.2/en/os/i386/up2date-2.8.40-2.7.2.i386.rpm
DK> ftp://updates.redhat.com/7.2/en/os/i386/up2date-gnome-2.8.40-2.7.2.i386.rpm
DK> 
DK> ia64:
DK> ftp://updates.redhat.com/7.2/en/os/ia64/up2date-2.8.40-2.7.2.ia64.rpm
DK> ftp://updates.redhat.com/7.2/en/os/ia64/up2date-gnome-2.8.40-2.7.2.ia64.rpm
DK> 
DK> Red Hat Linux 7.3:
DK> 
DK> SRPMS:
DK> ftp://updates.redhat.com/7.3/en/os/SRPMS/up2date-2.8.40-3.7.3.src.rpm
DK> 
DK> i386:
DK> ftp://updates.redhat.com/7.3/en/os/i386/up2date-2.8.40-3.7.3.i386.rpm
DK> ftp://updates.redhat.com/7.3/en/os/i386/up2date-gnome-2.8.40-3.7.3.i386.rpm
DK> 
DK> Red Hat Linux 8.0:
DK> 
DK> SRPMS:
DK> ftp://updates.redhat.com/8.0/en/os/SRPMS/up2date-3.0.7.2-1.src.rpm
DK> 
DK> i386:
DK> ftp://updates.redhat.com/8.0/en/os/i386/up2date-3.0.7.2-1.i386.rpm
DK> ftp://updates.redhat.com/8.0/en/os/i386/up2date-gnome-3.0.7.2-1.i386.rpm
DK> 
DK> Red Hat Linux 9:
DK> 
DK> SRPMS:
DK> ftp://updates.redhat.com/9/en/os/SRPMS/up2date-3.1.23.2-1.src.rpm
DK> 
DK> i386:
DK> ftp://updates.redhat.com/9/en/os/i386/up2date-3.1.23.2-1.i386.rpm
DK> ftp://updates.redhat.com/9/en/os/i386/up2date-gnome-3.1.23.2-1.i386.rpm
DK> 
DK> 
DK> 
DK> 6. Verification:
DK> 
DK> MD5 sum                          Package Name
DK> -
DK>  --------------------------------------------------------------------------
DK>  b67ea5065c3115d523e17561aac5cb7c
DK>  7.1/en/os/SRPMS/up2date-2.8.40-1.7.1.src.rpm
DK>  71f2f6e4bfcdee8f4f46ef037c7a1c8d
DK>  7.1/en/os/i386/up2date-2.8.40-1.7.1.i386.rpm
DK>  2205d1e5832dbb67d60103104eb59fec
DK>  7.1/en/os/i386/up2date-gnome-2.8.40-1.7.1.i386.rpm
DK>  3deea256b106e71ee6d5890639d872b3
DK>  7.2/en/os/SRPMS/up2date-2.8.40-2.7.2.src.rpm
DK>  21bc8e1f03e9f28590d46df60a9458b5
DK>  7.2/en/os/i386/up2date-2.8.40-2.7.2.i386.rpm
DK>  3d3d7c6dca73d521a0f541b859f13eb3
DK>  7.2/en/os/i386/up2date-gnome-2.8.40-2.7.2.i386.rpm
DK>  ac5161a5bbe122896eccbc312bef9273
DK>  7.2/en/os/ia64/up2date-2.8.40-2.7.2.ia64.rpm
DK>  c789fbf88d7faf82504eb4189b767f90
DK>  7.2/en/os/ia64/up2date-gnome-2.8.40-2.7.2.ia64.rpm
DK>  23d8868920cb7df21925669f04fb2ad2
DK>  7.3/en/os/SRPMS/up2date-2.8.40-3.7.3.src.rpm
DK>  3643d7774d7e60a1aeb79c8fecbf624c
DK>  7.3/en/os/i386/up2date-2.8.40-3.7.3.i386.rpm
DK>  89977334ec0d3a2a720c3303602fc8dd
DK>  7.3/en/os/i386/up2date-gnome-2.8.40-3.7.3.i386.rpm
DK>  17ad92db4579d046d84c84a16784ba98 8.0/en/os/SRPMS/up2date-3.0.7.2-1.src.rpm
DK>  15bc5dc918916bca3a5c29148979716e 8.0/en/os/i386/up2date-3.0.7.2-1.i386.rpm
DK>  1ae89cf79880f3bc5de7b86eb1d47a2b
DK>  8.0/en/os/i386/up2date-gnome-3.0.7.2-1.i386.rpm
DK>  b8a5b2d548869a846cbaf373f3637555 9/en/os/SRPMS/up2date-3.1.23.2-1.src.rpm
DK>  3faabcb9cc610627fe378b88d0b2b928 9/en/os/i386/up2date-3.1.23.2-1.i386.rpm
DK>  733d0aca17c15af0b1fa709ba86337dc
DK>  9/en/os/i386/up2date-gnome-3.1.23.2-1.i386.rpm
DK> 
DK> 
DK> These packages are GPG signed by Red Hat for security.  Our key is
DK> available from https://www.redhat.com/security/keys.html
DK> 
DK> You can verify each package with the following command:
DK> 
DK>     rpm --checksig -v <filename>
DK> 
DK> If you only wish to verify that each package has not been corrupted or
DK> tampered with, examine only the md5sum with the following command:
DK> 
DK>     md5sum <filename>
DK> 
DK> 7. Contact:
DK> 
DK> The Red Hat security contact is <secalert at redhat.com>.  More contact
DK> details at https://www.redhat.com/solutions/security/news/contact.html
DK> 
DK> Copyright 2003 Red Hat, Inc.
DK> -----BEGIN PGP SIGNATURE-----
DK> Version: GnuPG v1.0.7 (GNU/Linux)
DK> 
DK> iD8DBQE/Tzt/XlSAg2UNWIIRAoUSAKCfwH7rc+4n4qDoAwqpeHOfvHHu7gCgmkhY
DK> qGnZb7YTmLpjhBxLWdWQLXs=
DK> =w6lI
DK> -----END PGP SIGNATURE-----
DK> 
DK> 
DK> _______________________________________________
DK> Redhat-watch-list mailing list
DK> To unsubscribe, visit:
DK>  https://www.redhat.com/mailman/listinfo/redhat-watch-list
DK> 
DK> -------------------------------------------------------
DK> 
DK> 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner/Sophos on 
mail.digitalvoodoo.org and is believed to be clean.
--





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org