[SECURITY] Fedora EPEL 5 Update: rt3-3.6.11-2.el5

updates at fedoraproject.org updates at fedoraproject.org
Thu Oct 27 19:06:22 UTC 2011 

--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2011-3238
2011-05-03 22:14:47
--------------------------------------------------------------------------------

Name        : rt3
Product     : Fedora EPEL 5
Version     : 3.6.11
Release     : 2.el5
URL         : http://www.bestpractical.com/rt
Summary     : Request tracker 3
Description :
RT is an enterprise-grade ticketing system which enables a group of people
to intelligently and efficiently manage tasks, issues, and requests submitted
by a community of users.

--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2011-0009 : Insecure hashing algorithm used for storage of user passwords
Fix for CVE-2011-1007 : Improper management of form data resubmittion upon user log out
Fix for CVE-2011-1008 : SQL queries information leak by user account transition
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #672250 - CVE-2011-0009 RT3: Insecure hashing algorithm used for storage of user passwords
        https://bugzilla.redhat.com/show_bug.cgi?id=672250
  [ 2 ] Bug #679411 - CVE-2011-1008 rt3: SQL queries information leak by user account transition
        https://bugzilla.redhat.com/show_bug.cgi?id=679411
  [ 3 ] Bug #679396 - CVE-2011-1007 rt3: Improper management of form data resubmittion upon user log out
        https://bugzilla.redhat.com/show_bug.cgi?id=679396
--------------------------------------------------------------------------------

This update can be installed with the "yum" update programs.  Use
su -c 'yum update rt3' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora EPEL GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the epel-package-announce mailing list