eglwolf

Well-Known Member
Jan 1, 2004
190
0
166
When I run yum update it fails. What do I do now?

Here is the output:

root [/]# yum update
Loaded plugins: fastestmirror, universal-hooks
http://mirror.trueinter.net/centos/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
To address this issue please refer to the below knowledge base article

[Errno 14] yum fails with HTTP/HTTPS Error 404 - Red Hat Customer Portal

If above article doesn't help to resolve this issue please create a bug on My View - CentOS Bug Tracker

ftp://ftp.cesca.cat/centos/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] FTP Error 550 - Access denied: 550
Trying other mirror.
http://ftp.cica.es/CentOS/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.tedra.es/CentOS/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://ftp.uma.es/mirror/CentOS/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.airenetworks.es/CentOS/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://sunsite.rediris.es/mirror/CentOS/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://centos.cadt.com/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://centos.uvigo.es/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.uv.es/mirror/CentOS/7.3.1611/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.trueinter.net/centos/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
ftp://ftp.cesca.cat/centos/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] FTP Error 550 - Access denied: 550
Trying other mirror.
http://ftp.cica.es/CentOS/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.tedra.es/CentOS/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://ftp.uma.es/mirror/CentOS/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.airenetworks.es/CentOS/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://sunsite.rediris.es/mirror/CentOS/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://centos.cadt.com/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://centos.uvigo.es/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.uv.es/mirror/CentOS/7.3.1611/extras/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.trueinter.net/centos/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
ftp://ftp.cesca.cat/centos/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] FTP Error 550 - Access denied: 550
Trying other mirror.
http://ftp.cica.es/CentOS/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.tedra.es/CentOS/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://ftp.uma.es/mirror/CentOS/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.airenetworks.es/CentOS/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://sunsite.rediris.es/mirror/CentOS/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://centos.cadt.com/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://centos.uvigo.es/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://mirror.uv.es/mirror/CentOS/7.3.1611/updates/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
Loading mirror speeds from cached hostfile
* EA4: 208.100.0.204
* base: sunsite.rediris.es
* extras: sunsite.rediris.es
* updates: sunsite.rediris.es
No packages marked for update
root [/]# _
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Hello,

Do you have any firewall rules blocking access to that mirror? Also, check to confirm the resolvers in your /etc/resolv.conf file are valid.

Thank you.
 

eglwolf

Well-Known Member
Jan 1, 2004
190
0
166
Michael there does seem to be an issue with the /etc/resolv.conf
What IP's should be used there, ones from the hosting company (1&1) or ones that are installed on the server?
 

eglwolf

Well-Known Member
Jan 1, 2004
190
0
166
Well now when I run Yum update I get:

[[email protected] ~]# yum update
Loaded plugins: fastestmirror, universal-hooks
Loading mirror speeds from cached hostfile
* EA4: 208.100.0.204
* base: mirror.tedra.es
* extras: mirror.tedra.es
* updates: mirror.tedra.es
No packages marked for update
[[email protected] ~]#

I received notice that my Trustwave Scan Failed bebecausef this:
Unsupported Version of OpenSSH

Last month it was fine, this month it isn't.

This is the output I get
[[email protected] ~]# rpm -q --changelog openssh | grep CVE-2016
- CVE-2016-1908: possible fallback from untrusted to trusted X11 forwarding (#1298741)
- CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317819)
- prevents CVE-2016-0777 and CVE-2016-0778
[[email protected] ~]#
 

24x7server

Well-Known Member
Apr 17, 2013
1,911
96
78
India
cPanel Access Level
Root Administrator
Twitter
Hi,

Earlier in this thread you gave output of yum update that gave a list of repo mirror URLs, so first please check if they are reachable to you now or not.
# ping http://mirror.trueinter.net

Now that you got your resolvers to work and DNS to resolve, you can try rebuilding the yum again.

# yum clean all
# yum update

If there are any updates pushed, then it will be seen in the list..
 

eglwolf

Well-Known Member
Jan 1, 2004
190
0
166
This is what I get, nothing about OpenSSH.

[[email protected] ~]# yum update
Loaded plugins: fastestmirror, universal-hooks
EA4 | 2.9 kB 00:00:00
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
Loading mirror speeds from cached hostfile
* EA4: 208.100.0.204
* base: mirror.tedra.es
* extras: mirror.tedra.es
* updates: mirror.tedra.es
No packages marked for update

[[email protected] ~]# yum clean all
Loaded plugins: fastestmirror, universal-hooks
Cleaning repos: EA4 base extras updates
Cleaning up everything
Cleaning up list of fastest mirrors

[[email protected] ~]# yum update
Loaded plugins: fastestmirror, universal-hooks
EA4 | 2.9 kB 00:00:00
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/5): EA4/7/x86_64/primary_db | 6.0 MB 00:00:00
(2/5): extras/7/x86_64/primary_db | 139 kB 00:00:00
(3/5): base/7/x86_64/group_gz | 155 kB 00:00:00
(4/5): updates/7/x86_64/primary_db | 3.9 MB 00:00:09
(5/5): base/7/x86_64/primary_db | 5.6 MB 00:00:10
Determining fastest mirrors
* EA4: 208.100.0.204
* base: mirror.airenetworks.es
* extras: mirror.airenetworks.es
* updates: mirror.airenetworks.es
No packages marked for update
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Hello,

The YUM update looks to complete successfully. It's possible a new OpenSSH package is simply not provided by your OS. What's the specific PCI compliance failure message you receive?

Thank you.
 

eglwolf

Well-Known Member
Jan 1, 2004
190
0
166
There are many:
  • OpenSSH through 6.9 does not correctly restrict the use of keyboard-interactive devices within a single connection, CVE- 2015-5600
  • Local privilege escalation in OpenSSH before 7.4 using sandboxed process in shared memory manager (related to m_zback and m_zlib structures), CVE-2016-10012
  • OpenSSH through 7.2p2 allows potential privilege escalation by remote attackers, CVE-2015- 8325
  • Local privilege escalation in OpenSSH before 7.4 when sshd runs with root privileges (related to serverloop.c), CVE-2016- 10010
  • OpenSSH SSHFP DNS resource record look up bypass in the client, CVE-2014-2653
  • X11 forwarding data allows multiple CRLF injection in OpenSSH before 7.2p2, CVE- 2016-3115
  • OpenSSH before 6.9, when ForwardX11Trusted mode is not used lacks proper access restrictions, CVE-2015-5352
  • OpenSSH allows for the transmission of the entire buffer to remote servers before 7.1p2, CVE-2016-0777
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Hello,

OpenSSH is a package that's provided by your OS. You can see which security patches have been backported in the version your OS provides with a command such as this (like what you referenced earlier):

Code:
rpm -q --changelog openssh | grep CVE
You could respond to your PCI compliance company and show them which of those CVEs have been backported to the version of OpenSSH on your system.

Thank you.