Yum Update Fails
When I run yum update it fails. What do I do now?
Here is the output:
root [/]# yum update
Loaded plugins: fastestmirror, universal-hooks
[Errno 14] yum fails with HTTP/HTTPS Error 404 - Red Hat Customer Portal
If above article doesn't help to resolve this issue please create a bug on My View - CentOS Bug Tracker
ftp://ftp.cesca.cat/centos/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] FTP Error 550 - Access denied: 550
Trying other mirror.
: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
ftp://ftp.cesca.cat/centos/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] FTP Error 550 - Access denied: 550
Trying other mirror.
: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
Loading mirror speeds from cached hostfile
* EA4: 208.100.0.204
* base: sunsite.rediris.es
* extras: sunsite.rediris.es
* updates: sunsite.rediris.es
No packages marked for update
root [/]# _
-
Hello, Do you have any firewall rules blocking access to that mirror? Also, check to confirm the resolvers in your /etc/resolv.conf file are valid. Thank you. 0 -
Michael there does seem to be an issue with the /etc/resolv.conf What IP's should be used there, ones from the hosting company (1&1) or ones that are installed on the server? 0 -
Hello, You'd generally use the ones offered by your hosting provider. Google offers public resolvers for use if you'd like try different ones: Public DNS "|" Google Developers Thank you. 0 -
Well now when I run Yum update I get: [root@localhost ~]# yum update Loaded plugins: fastestmirror, universal-hooks Loading mirror speeds from cached hostfile * EA4: 208.100.0.204 * base: mirror.tedra.es * extras: mirror.tedra.es * updates: mirror.tedra.es No packages marked for update [root@localhost ~]# I received notice that my Trustwave Scan Failed bebecausef this: Unsupported Version of OpenSSH Last month it was fine, this month it isn't. This is the output I get [root@localhost ~]# rpm -q --changelog openssh | grep CVE-2016 - CVE-2016-1908: possible fallback from untrusted to trusted X11 forwarding (#1298741) - CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317819) - prevents CVE-2016-0777 and CVE-2016-0778 [root@localhost ~]# 0 -
This is what I get, nothing about OpenSSH. [root@localhost ~]# yum update Loaded plugins: fastestmirror, universal-hooks EA4 | 2.9 kB 00:00:00 base | 3.6 kB 00:00:00 extras | 3.4 kB 00:00:00 updates | 3.4 kB 00:00:00 Loading mirror speeds from cached hostfile * EA4: 208.100.0.204 * base: mirror.tedra.es * extras: mirror.tedra.es * updates: mirror.tedra.es No packages marked for update [root@localhost ~]# yum clean all Loaded plugins: fastestmirror, universal-hooks Cleaning repos: EA4 base extras updates Cleaning up everything Cleaning up list of fastest mirrors [root@localhost ~]# yum update Loaded plugins: fastestmirror, universal-hooks EA4 | 2.9 kB 00:00:00 base | 3.6 kB 00:00:00 extras | 3.4 kB 00:00:00 updates | 3.4 kB 00:00:00 (1/5): EA4/7/x86_64/primary_db | 6.0 MB 00:00:00 (2/5): extras/7/x86_64/primary_db | 139 kB 00:00:00 (3/5): base/7/x86_64/group_gz | 155 kB 00:00:00 (4/5): updates/7/x86_64/primary_db | 3.9 MB 00:00:09 (5/5): base/7/x86_64/primary_db | 5.6 MB 00:00:10 Determining fastest mirrors * EA4: 208.100.0.204 * base: mirror.airenetworks.es * extras: mirror.airenetworks.es * updates: mirror.airenetworks.es No packages marked for update 0 -
Hello, The YUM update looks to complete successfully. It's possible a new OpenSSH package is simply not provided by your OS. What's the specific PCI compliance failure message you receive? Thank you. 0 -
There are many: [LIST] - OpenSSH through 6.9 does not correctly restrict the use of keyboard-interactive devices within a single connection, CVE- 2015-5600
- Local privilege escalation in OpenSSH before 7.4 using sandboxed process in shared memory manager (related to m_zback and m_zlib structures), CVE-2016-10012
- OpenSSH through 7.2p2 allows potential privilege escalation by remote attackers, CVE-2015- 8325
- Local privilege escalation in OpenSSH before 7.4 when sshd runs with root privileges (related to serverloop.c), CVE-2016- 10010
- OpenSSH SSHFP DNS resource record look up bypass in the client, CVE-2014-2653
- X11 forwarding data allows multiple CRLF injection in OpenSSH before 7.2p2, CVE- 2016-3115
- OpenSSH before 6.9, when ForwardX11Trusted mode is not used lacks proper access restrictions, CVE-2015-5352
- OpenSSH allows for the transmission of the entire buffer to remote servers before 7.1p2, CVE-2016-0777
0 -
Hello, OpenSSH is a package that's provided by your OS. You can see which security patches have been backported in the version your OS provides with a command such as this (like what you referenced earlier): rpm -q --changelog openssh | grep CVE
You could respond to your PCI compliance company and show them which of those CVEs have been backported to the version of OpenSSH on your system. Thank you.0
Please sign in to leave a comment.
Comments
9 comments