Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Yum Update Fails

Discussion in 'Security' started by eglwolf, Apr 4, 2017.

Tags:
  1. eglwolf

    eglwolf Well-Known Member

    Joined:
    Jan 1, 2004
    Messages:
    187
    Likes Received:
    0
    Trophy Points:
    166
    When I run yum update it fails. What do I do now?

    Here is the output:

    root [/]# yum update
    Loaded plugins: fastestmirror, universal-hooks
    http://mirror.trueinter.net/centos/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    To address this issue please refer to the below knowledge base article

    [Errno 14] yum fails with HTTP/HTTPS Error 404 - Red Hat Customer Portal

    If above article doesn't help to resolve this issue please create a bug on My View - CentOS Bug Tracker

    ftp://ftp.cesca.cat/centos/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] FTP Error 550 - Access denied: 550
    Trying other mirror.
    http://ftp.cica.es/CentOS/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://mirror.tedra.es/CentOS/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://ftp.uma.es/mirror/CentOS/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://mirror.airenetworks.es/CentOS/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://sunsite.rediris.es/mirror/CentOS/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://centos.cadt.com/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://centos.uvigo.es/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://mirror.uv.es/mirror/CentOS/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://mirror.trueinter.net/centos/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    ftp://ftp.cesca.cat/centos/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] FTP Error 550 - Access denied: 550
    Trying other mirror.
    http://ftp.cica.es/CentOS/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://mirror.tedra.es/CentOS/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://ftp.uma.es/mirror/CentOS/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://mirror.airenetworks.es/CentOS/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://sunsite.rediris.es/mirror/CentOS/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://centos.cadt.com/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://centos.uvigo.es/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://mirror.uv.es/mirror/CentOS/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://mirror.trueinter.net/centos/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    ftp://ftp.cesca.cat/centos/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] FTP Error 550 - Access denied: 550
    Trying other mirror.
    http://ftp.cica.es/CentOS/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://mirror.tedra.es/CentOS/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://ftp.uma.es/mirror/CentOS/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://mirror.airenetworks.es/CentOS/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://sunsite.rediris.es/mirror/CentOS/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://centos.cadt.com/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://centos.uvigo.es/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    http://mirror.uv.es/mirror/CentOS/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    Loading mirror speeds from cached hostfile
    * EA4: 208.100.0.204
    * base: sunsite.rediris.es
    * extras: sunsite.rediris.es
    * updates: sunsite.rediris.es
    No packages marked for update
    root [/]# _
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Do you have any firewall rules blocking access to that mirror? Also, check to confirm the resolvers in your /etc/resolv.conf file are valid.

    Thank you.
     
  3. eglwolf

    eglwolf Well-Known Member

    Joined:
    Jan 1, 2004
    Messages:
    187
    Likes Received:
    0
    Trophy Points:
    166
    Michael there does seem to be an issue with the /etc/resolv.conf
    What IP's should be used there, ones from the hosting company (1&1) or ones that are installed on the server?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You'd generally use the ones offered by your hosting provider. Google offers public resolvers for use if you'd like try different ones:

    Public DNS  |  Google Developers

    Thank you.
     
  5. eglwolf

    eglwolf Well-Known Member

    Joined:
    Jan 1, 2004
    Messages:
    187
    Likes Received:
    0
    Trophy Points:
    166
    Well now when I run Yum update I get:

    [root@localhost ~]# yum update
    Loaded plugins: fastestmirror, universal-hooks
    Loading mirror speeds from cached hostfile
    * EA4: 208.100.0.204
    * base: mirror.tedra.es
    * extras: mirror.tedra.es
    * updates: mirror.tedra.es
    No packages marked for update
    [root@localhost ~]#

    I received notice that my Trustwave Scan Failed bebecausef this:
    Unsupported Version of OpenSSH

    Last month it was fine, this month it isn't.

    This is the output I get
    [root@localhost ~]# rpm -q --changelog openssh | grep CVE-2016
    - CVE-2016-1908: possible fallback from untrusted to trusted X11 forwarding (#1298741)
    - CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317819)
    - prevents CVE-2016-0777 and CVE-2016-0778
    [root@localhost ~]#
     
  6. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,488
    Likes Received:
    60
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    Earlier in this thread you gave output of yum update that gave a list of repo mirror URLs, so first please check if they are reachable to you now or not.
    # ping http://mirror.trueinter.net

    Now that you got your resolvers to work and DNS to resolve, you can try rebuilding the yum again.

    # yum clean all
    # yum update

    If there are any updates pushed, then it will be seen in the list..
     
  7. eglwolf

    eglwolf Well-Known Member

    Joined:
    Jan 1, 2004
    Messages:
    187
    Likes Received:
    0
    Trophy Points:
    166
    This is what I get, nothing about OpenSSH.

    [root@localhost ~]# yum update
    Loaded plugins: fastestmirror, universal-hooks
    EA4 | 2.9 kB 00:00:00
    base | 3.6 kB 00:00:00
    extras | 3.4 kB 00:00:00
    updates | 3.4 kB 00:00:00
    Loading mirror speeds from cached hostfile
    * EA4: 208.100.0.204
    * base: mirror.tedra.es
    * extras: mirror.tedra.es
    * updates: mirror.tedra.es
    No packages marked for update

    [root@localhost ~]# yum clean all
    Loaded plugins: fastestmirror, universal-hooks
    Cleaning repos: EA4 base extras updates
    Cleaning up everything
    Cleaning up list of fastest mirrors

    [root@localhost ~]# yum update
    Loaded plugins: fastestmirror, universal-hooks
    EA4 | 2.9 kB 00:00:00
    base | 3.6 kB 00:00:00
    extras | 3.4 kB 00:00:00
    updates | 3.4 kB 00:00:00
    (1/5): EA4/7/x86_64/primary_db | 6.0 MB 00:00:00
    (2/5): extras/7/x86_64/primary_db | 139 kB 00:00:00
    (3/5): base/7/x86_64/group_gz | 155 kB 00:00:00
    (4/5): updates/7/x86_64/primary_db | 3.9 MB 00:00:09
    (5/5): base/7/x86_64/primary_db | 5.6 MB 00:00:10
    Determining fastest mirrors
    * EA4: 208.100.0.204
    * base: mirror.airenetworks.es
    * extras: mirror.airenetworks.es
    * updates: mirror.airenetworks.es
    No packages marked for update
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The YUM update looks to complete successfully. It's possible a new OpenSSH package is simply not provided by your OS. What's the specific PCI compliance failure message you receive?

    Thank you.
     
  9. eglwolf

    eglwolf Well-Known Member

    Joined:
    Jan 1, 2004
    Messages:
    187
    Likes Received:
    0
    Trophy Points:
    166
    There are many:
    • OpenSSH through 6.9 does not correctly restrict the use of keyboard-interactive devices within a single connection, CVE- 2015-5600
    • Local privilege escalation in OpenSSH before 7.4 using sandboxed process in shared memory manager (related to m_zback and m_zlib structures), CVE-2016-10012
    • OpenSSH through 7.2p2 allows potential privilege escalation by remote attackers, CVE-2015- 8325
    • Local privilege escalation in OpenSSH before 7.4 when sshd runs with root privileges (related to serverloop.c), CVE-2016- 10010
    • OpenSSH SSHFP DNS resource record look up bypass in the client, CVE-2014-2653
    • X11 forwarding data allows multiple CRLF injection in OpenSSH before 7.2p2, CVE- 2016-3115
    • OpenSSH before 6.9, when ForwardX11Trusted mode is not used lacks proper access restrictions, CVE-2015-5352
    • OpenSSH allows for the transmission of the entire buffer to remote servers before 7.1p2, CVE-2016-0777
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    OpenSSH is a package that's provided by your OS. You can see which security patches have been backported in the version your OS provides with a command such as this (like what you referenced earlier):

    Code:
    rpm -q --changelog openssh | grep CVE
    You could respond to your PCI compliance company and show them which of those CVEs have been backported to the version of OpenSSH on your system.

    Thank you.
     
Loading...

Share This Page