eglwolf

Well-Known Member
Jan 1, 2004
190
0
166
When I run yum update it fails. What do I do now?

Here is the output:

root [/]# yum update
Loaded plugins: fastestmirror, universal-hooks
http://mirror.trueinter.net/centos/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
To address this issue please refer to the below knowledge base article

[Errno 14] yum fails with HTTP/HTTPS Error 404 - Red Hat Customer Portal

If above article doesn't help to resolve this issue please create a bug on My View - CentOS Bug Tracker

ftp://ftp.cesca.cat/centos/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] FTP Error 550 - Access denied: 550
Trying other mirror.
http://ftp.cica.es/CentOS/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.tedra.es/CentOS/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://ftp.uma.es/mirror/CentOS/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.airenetworks.es/CentOS/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://sunsite.rediris.es/mirror/CentOS/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://centos.cadt.com/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://centos.uvigo.es/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.uv.es/mirror/CentOS/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.trueinter.net/centos/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
ftp://ftp.cesca.cat/centos/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] FTP Error 550 - Access denied: 550
Trying other mirror.
http://ftp.cica.es/CentOS/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.tedra.es/CentOS/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://ftp.uma.es/mirror/CentOS/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.airenetworks.es/CentOS/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://sunsite.rediris.es/mirror/CentOS/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://centos.cadt.com/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://centos.uvigo.es/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.uv.es/mirror/CentOS/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.trueinter.net/centos/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
ftp://ftp.cesca.cat/centos/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] FTP Error 550 - Access denied: 550
Trying other mirror.
http://ftp.cica.es/CentOS/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.tedra.es/CentOS/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://ftp.uma.es/mirror/CentOS/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.airenetworks.es/CentOS/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://sunsite.rediris.es/mirror/CentOS/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://centos.cadt.com/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://centos.uvigo.es/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.uv.es/mirror/CentOS/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
Loading mirror speeds from cached hostfile
* EA4: 208.100.0.204
* base: sunsite.rediris.es
* extras: sunsite.rediris.es
* updates: sunsite.rediris.es
No packages marked for update
root [/]# _
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

Do you have any firewall rules blocking access to that mirror? Also, check to confirm the resolvers in your /etc/resolv.conf file are valid.

Thank you.
 

eglwolf

Well-Known Member
Jan 1, 2004
190
0
166
Michael there does seem to be an issue with the /etc/resolv.conf
What IP's should be used there, ones from the hosting company (1&1) or ones that are installed on the server?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

You'd generally use the ones offered by your hosting provider. Google offers public resolvers for use if you'd like try different ones:

Public DNS  |  Google Developers

Thank you.
 

eglwolf

Well-Known Member
Jan 1, 2004
190
0
166
Well now when I run Yum update I get:

[[email protected] ~]# yum update
Loaded plugins: fastestmirror, universal-hooks
Loading mirror speeds from cached hostfile
* EA4: 208.100.0.204
* base: mirror.tedra.es
* extras: mirror.tedra.es
* updates: mirror.tedra.es
No packages marked for update
[[email protected] ~]#

I received notice that my Trustwave Scan Failed bebecausef this:
Unsupported Version of OpenSSH

Last month it was fine, this month it isn't.

This is the output I get
[[email protected] ~]# rpm -q --changelog openssh | grep CVE-2016
- CVE-2016-1908: possible fallback from untrusted to trusted X11 forwarding (#1298741)
- CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317819)
- prevents CVE-2016-0777 and CVE-2016-0778
[[email protected] ~]#
 

24x7server

Well-Known Member
Apr 17, 2013
1,911
96
78
India
cPanel Access Level
Root Administrator
Twitter
Hi,

Earlier in this thread you gave output of yum update that gave a list of repo mirror URLs, so first please check if they are reachable to you now or not.
# ping http://mirror.trueinter.net

Now that you got your resolvers to work and DNS to resolve, you can try rebuilding the yum again.

# yum clean all
# yum update

If there are any updates pushed, then it will be seen in the list..
 

eglwolf

Well-Known Member
Jan 1, 2004
190
0
166
This is what I get, nothing about OpenSSH.

[[email protected] ~]# yum update
Loaded plugins: fastestmirror, universal-hooks
EA4 | 2.9 kB 00:00:00
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
Loading mirror speeds from cached hostfile
* EA4: 208.100.0.204
* base: mirror.tedra.es
* extras: mirror.tedra.es
* updates: mirror.tedra.es
No packages marked for update

[[email protected] ~]# yum clean all
Loaded plugins: fastestmirror, universal-hooks
Cleaning repos: EA4 base extras updates
Cleaning up everything
Cleaning up list of fastest mirrors

[[email protected] ~]# yum update
Loaded plugins: fastestmirror, universal-hooks
EA4 | 2.9 kB 00:00:00
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/5): EA4/7/x86_64/primary_db | 6.0 MB 00:00:00
(2/5): extras/7/x86_64/primary_db | 139 kB 00:00:00
(3/5): base/7/x86_64/group_gz | 155 kB 00:00:00
(4/5): updates/7/x86_64/primary_db | 3.9 MB 00:00:09
(5/5): base/7/x86_64/primary_db | 5.6 MB 00:00:10
Determining fastest mirrors
* EA4: 208.100.0.204
* base: mirror.airenetworks.es
* extras: mirror.airenetworks.es
* updates: mirror.airenetworks.es
No packages marked for update
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

The YUM update looks to complete successfully. It's possible a new OpenSSH package is simply not provided by your OS. What's the specific PCI compliance failure message you receive?

Thank you.
 

eglwolf

Well-Known Member
Jan 1, 2004
190
0
166
There are many:
  • OpenSSH through 6.9 does not correctly restrict the use of keyboard-interactive devices within a single connection, CVE- 2015-5600
  • Local privilege escalation in OpenSSH before 7.4 using sandboxed process in shared memory manager (related to m_zback and m_zlib structures), CVE-2016-10012
  • OpenSSH through 7.2p2 allows potential privilege escalation by remote attackers, CVE-2015- 8325
  • Local privilege escalation in OpenSSH before 7.4 when sshd runs with root privileges (related to serverloop.c), CVE-2016- 10010
  • OpenSSH SSHFP DNS resource record look up bypass in the client, CVE-2014-2653
  • X11 forwarding data allows multiple CRLF injection in OpenSSH before 7.2p2, CVE- 2016-3115
  • OpenSSH before 6.9, when ForwardX11Trusted mode is not used lacks proper access restrictions, CVE-2015-5352
  • OpenSSH allows for the transmission of the entire buffer to remote servers before 7.1p2, CVE-2016-0777
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

OpenSSH is a package that's provided by your OS. You can see which security patches have been backported in the version your OS provides with a command such as this (like what you referenced earlier):

Code:
rpm -q --changelog openssh | grep CVE
You could respond to your PCI compliance company and show them which of those CVEs have been backported to the version of OpenSSH on your system.

Thank you.