DevHeads.net

Postings by Veetil, Vyshnav

To enquire about the expected arrival of ntp, ntpdate, expat&libxml2 rpms with CVE fix

Hi All,
Can you please tell me the expected release of these rpms which is having the fix for below CVE's.
1. expat rpm:
CVE-2017-9233

2.libxml2:
CVE-2015-8035

3. ntp and ntpdate RPM:
CVE-2017-6462
CVE-2018-7170
CVE-2018-7170
CVE-2016-4954
CVE-2016-4955
CVE-2016-4956

Environment variable $USER not getting updated on using 'exec sudo command'

Hi All,
We are facing an issue with exec sudo command which is resulting in an infinite loop.
We have one script in which we are checking if $USER is not equal to root then execute the same script with exec sudo so that it will run with root.
Code snippet:
script1:

if [[ "$USER" != "root" ]]; then
exec sudo $0 $@
fi
If we run the script with some another user say root1 using below
"sudo -u root1 script1" script1 will run in infinite loop.
In CentOS 7.4 when exec sudo command runs , the value of $USER remains same i.e root1 and again it enters and if block and execute the scipt1 and so on

EVP_sha1() returning exception invalid digest in fips mode on Centos7.4

Hi,

We are facing an issue when we are trying to sign a certificate using digest value EVP_sha1(). It throws an exception error
"Error: com.adharman.datatools.DataException: java.lang.Exception: java.lang.Exception: [0x80004005] AvMiuOpenSSLCertCreate, X509_sign->0. [error:060B7098:digital envelope routines:EVP_DigestSignInit:invalid digest]"

When I tried same thing with EVP_sha256() it worked. Is there any change in Centos7.4? Any deprecation for sha1?
Please share your thoughts on the same.

Can we expect the Fix for “OpenSSL error hex string is too long invalid hex key value” in next OpenSSL release.

In CentOS7.4 ,we are getting this error “OpenSSL error hex string is too long invalid hex key value” . OpenSSL version we are using is openssl-1.0.2k-8.el7. We have solved this issue by applying a patch in openssl package suggested by openssl community (<a href="https://mta.openssl.org/pipermail/openssl-dev/2016-May/007266.html" title="https://mta.openssl.org/pipermail/openssl-dev/2016-May/007266.html">https://mta.openssl.org/pipermail/openssl-dev/2016-May/007266.html</a>). Can we expect a Fix for this problem in next release of OpenSSL.