[SECURITY] Fedora 16 Update: mongoose-3.0-2.fc16

updates at fedoraproject.org updates at fedoraproject.org
Wed Sep 7 03:29:28 UTC 2011


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-11636
2011-08-28 05:18:59
--------------------------------------------------------------------------------

Name        : mongoose
Product     : Fedora 16
Version     : 3.0
Release     : 2.fc16
URL         : http://code.google.com/p/mongoose
Summary     : An easy-to-use self-sufficient web server
Description :
Mongoose web server executable is self-sufficient, it does not depend on
anything to start serving requests. If it is copied to any directory and
executed, it starts to serve that directory on port 8080 (so to access files,
go to http://localhost:8080). If some additional configuration is required -
for example, different listening port or IP-based access control, then a
'mongoose.conf' file with respective options can be created in the same
directory where executable lives. This makes Mongoose perfect for all sorts
of demos, quick tests, file sharing, and Web programming.

--------------------------------------------------------------------------------
Update Information:

Add upstream patch to fix CVE-2011-2900
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #729145 - CVE-2011-2900 mongoose: stack-based buffer overflow flaw in put_dir()
        https://bugzilla.redhat.com/show_bug.cgi?id=729145
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update mongoose' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list