---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-033
2003-12-23
---------------------------------------------------------------------
Name : bash
Version : 2.05b
Release : 34
Summary : The GNU Bourne Again shell (bash) version 2.05b.
Description :
The GNU Bourne Again shell (Bash) is a shell or command language
interpreter that is compatible with the Bourne shell (sh). Bash
incorporates useful features from the Korn shell (ksh) and the C shell
(csh). Most sh scripts can be run by bash without modification. This
package (bash) contains bash version 2.05b, which improves POSIX
compliance over previous versions. However, many old shell scripts
will depend upon the behavior of bash 1.14, which is included in the
bash1 package. Bash is the default shell for Red Hat Linux. It is
popular and powerful, and you'll probably end up using it.
---------------------------------------------------------------------
Update Information:
When interactively editing a command line with UTF-8 encoding, the GNU
bash shell can be very inefficient (bug #102353, bug #110777). A
method for speeding up UTF-8 processing in bash has been incorporated
in this updated package.
Other bugs fixed in this package include bug #83776 (bash.info
problem), bug #109269 (apply official patches) and bug #111171 (build
requirements).
---------------------------------------------------------------------
* Tue Dec 09 2003 Tim Waugh <twaugh(a)redhat.com> 2.05b-34
- Build requires texinfo (bug #111171).
* Fri Nov 28 2003 Tim Waugh <twaugh(a)redhat.com> 2.05b-33
- Speed up UTF-8 command-line redrawing in the common case (bug #102353,
bug #110777).
* Thu Nov 06 2003 Tim Waugh <twaugh(a)redhat.com> 2.05b-32
- Apply upstream patches (bug #109269 among others).
* Fri Oct 31 2003 Tim Waugh <twaugh(a)redhat.com>
- Fix bash.info (bug #83776).
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
bae66d30ed5dc617aebf8b789cd43310 SRPMS/bash-2.05b-34.src.rpm
157ae32e56458f8598312aa93443c4e1 i386/bash-2.05b-34.i386.rpm
71365bb5518026bc1506ced00c5bcdf8 i386/debug/bash-debuginfo-2.05b-34.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-028
2003-12-23
---------------------------------------------------------------------
Name : gphoto2
Version : 2.1.3
Release : 1
Summary : Software for accessing digital cameras
Description :
The gPhoto2 project is a universal, free application and library
framework that lets you download images from several different
digital camera models, including the newer models with USB
connections. Note that
a) for some older camera models you must use the old "gphoto" package.
b) for USB mass storage models you must use the driver in the kernel
This package contains
i) the library that digital camera applications can use
ii) the command-line utility gphoto2
Other (GUI) frontends are available separately.
---------------------------------------------------------------------
Update Information:
New packages are available for gPhoto2, in order to fix bug #111415.
---------------------------------------------------------------------
* Wed Dec 03 2003 Tim Waugh <twaugh(a)redhat.com> 2.1.3-1
- 2.1.3.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
bf6c539ba20a5b9c9fca56b9c2009129 SRPMS/gphoto2-2.1.3-1.src.rpm
5a60997b59a10caa20310e71bf395368 i386/gphoto2-2.1.3-1.i386.rpm
4b599b9e3e6a972b1db1bcd7fc8c2020 i386/gphoto2-devel-2.1.3-1.i386.rpm
1c23c35c0d9cb16a51e92110bb3f9d37 i386/debug/gphoto2-debuginfo-2.1.3-1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-021
2003-12-19
---------------------------------------------------------------------
Name : binutils
Version : 2.14.90.0.6
Release : 4
Summary : A GNU collection of binary utilities.
Description :
Binutils is a collection of binary utilities, including ar (for
creating, modifying and extracting from archives), as (a family of GNU
assemblers), gprof (for displaying call graph profile data), ld (the
GNU linker), nm (for listing symbols from object files), objcopy (for
copying and translating object files), objdump (for displaying
information from object files), ranlib (for generating an index for
the contents of an archive), size (for listing the section sizes of an
object or archive file), strings (for listing printable strings from
files), strip (for discarding symbols), and addr2line (for converting
addresses to file and line).
---------------------------------------------------------------------
Update Information:
An assembler parsing bug has been discovered in binutils released
in Fedora Core 1. The bug affects at least Linux kernel versions
2.5.63 and later, where
nr_syscalls=(.-sys_call_table)/4
line set nr_syscalls incorrectly to (.-sys_call_table) when assembled
by binutils 2.14.90.0.1 and later.
---------------------------------------------------------------------
* Mon Nov 24 2003 Jakub Jelinek <jakub(a)redhat.com> 2.14.90.0.6-4
- fix assembly parsing of foo=(.-bar)/4 (Alan Modra)
- fix IA-64 assembly parsing of (p7) hint @pause
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
405b1229a3c3963277c47a3c6f48d612 SRPMS/binutils-2.14.90.0.6-4.src.rpm
47829701efcf6e5f8748d90606af0a3f i386/binutils-2.14.90.0.6-4.i386.rpm
b70c7202dd525c3585235732b4f05999 i386/debug/binutils-debuginfo-2.14.90.0.6-4.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-015
2003-12-19
---------------------------------------------------------------------
Name : sed
Version : 4.0.8
Release : 2
Summary : A GNU stream text editor.
Description :
The sed (Stream EDitor) editor is a stream or batch (non-interactive)
editor. Sed takes text as input, performs an operation or set of
operations on the text and outputs the modified text. The operations
that sed performs (substitutions, deletions, insertions, etc.) can be
specified in a script file or from the command line.
---------------------------------------------------------------------
Update Information:
Sed in Fedora Core 1 (and earlier distributions) was not using fastmap
for regular expressions. Fastmap can speed up regular expression
searching a lot, in some cases as much as 10 times.
---------------------------------------------------------------------
* Fri Nov 14 2003 Jakub Jelinek <jakub(a)redhat.com> 4.0.8-2
- enable --without-included-regex again
- use fastmap for regex searching
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
1adc5cfdc2c2649185014d447f328289 SRPMS/sed-4.0.8-2.src.rpm
6f26b193075e6673094a8b3d2f666c48 i386/sed-4.0.8-2.i386.rpm
cf58ea014488472fa32b60b4dbb70108 i386/debug/sed-debuginfo-4.0.8-2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-039
2003-12-19
---------------------------------------------------------------------
Name : dia
Version : 0.92.2
Release : 1
Summary : A diagram drawing program.
Description :
The Dia drawing program is designed to be like the Windows(TM) Visio
program. Dia can be used to draw different types of diagrams, and
includes support for UML static structure diagrams (class diagrams),
entity relationship modeling, and network diagrams. Dia can load and
save diagrams to a custom file format, can load and save in .xml format,
and can export to PostScript(TM).
---------------------------------------------------------------------
Update Information:
Update to version 0.92.2.
Lots of new features in this version, including support for auto-routing
of zig-zag lines. For details, check out the news at:
http://www.lysator.liu.se/~alla/dia/
---------------------------------------------------------------------
* Tue Dec 09 2003 Alexander Larsson <alexl(a)redhat.com> 1:0.92.2-1
- update to 0.92.2
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
312e024582216b50563337ec397d03b8 SRPMS/dia-0.92.2-1.src.rpm
8b369422cffaf9c9e04bf91159522fdd i386/dia-0.92.2-1.i386.rpm
c9321280df9ecafde7fba9a3402ffcda
i386/debug/dia-debuginfo-0.92.2-1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-029
2003-12-18
---------------------------------------------------------------------
Name : gnucash
Version : 1.8.8
Release : 1
Summary : GnuCash is an application to keep track of your finances.
Description :
GnuCash is a personal finance manager. A check-book like register GUI
allows you to enter and track bank accounts, stocks, income and even
currency trades. The interface is designed to be simple and easy to
use, but is backed with double-entry accounting principles to ensure
balanced books.
---------------------------------------------------------------------
Update Information:
This is an update to the latest stable version of gnucash. From the
upstream release notes:
The GnuCash team is pleased to announce the release of stable version 1.8.8.
What's New in GnuCash 1.8.8?
o HBCI - Improve error message when receiving zero balance from bank.
o Add account template for Swiss German businesses "KMU" by Tom Winterhalder
o Add *big* account template for German businesses "SKR04" by Betina Schmidt
o Add Catalan and Turkish translation, Updated German, Italian, Czech, Greek and Dutch translations.
o Add Turkish account template. Updated Greek account templates.
o Remove debian scripts
o Add a comment about minimum string length
o Fix the ISO_DATELEN to be "long enough"
o Fix handling of HBCI direct debits (fix wrong textkey). Fix and initially implement handling of multiple banks/users/customers.
o Fixed extremly stupid, old bug that causes weird HBCI errors. Improved user messages.
o Refactor some GUI code. Improve user messages.
o BillTermDecRef should have been BillTermIncRef when setting new bill term.
o Applied Frank Pavageau's patch regarding capital gains to handle split transactions.
o Don't make a timespec with tv_sec == 0. Fixes some tests on the alpha platform.
---------------------------------------------------------------------
* Tue Dec 02 2003 Bill Nottingham <notting(a)redhat.com> 1.8.8-1
- update to 1.8.8
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
2e45adeba661f5675010c498fe82b9fe SRPMS/gnucash-1.8.8-1.src.rpm
d1f51a5775d3b5704db25630d4e99506 i386/gnucash-1.8.8-1.i386.rpm
8d23cec98b7fa382c383421ade9daf8b i386/gnucash-backend-postgres-1.8.8-1.i386.rpm
06b35a769768d68f2b8eb36b82a50053 i386/debug/gnucash-debuginfo-1.8.8-1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-040
2003-12-18
---------------------------------------------------------------------
Name : ethereal
Version : 0.10.0a
Release : 0.1
Summary : Network traffic analyzer
Description : Ethereal is a network traffic analyzer for Unix-ish
operating systems.
This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for ethereal. A graphical user interface is packaged
separately to GTK+ package.
---------------------------------------------------------------------
Update Information:
Serious issues have been discovered in the following protocol dissectors:
* Selecting "Match->Selected" or "Prepare->Selected" for a
malformed SMB packet could cause a segmentation fault.
* It is possible for the Q.931 dissector to dereference a null
pointer when reading a malformed packet.
Impact:
Both vulnerabilities will make the Ethereal application crash. The Q.931
vulnerability also affects Tethereal. It is not known if either
vulnerability can be used to make Ethereal or Tethereal run arbitrary code.
Resolution:
Upgrade to 0.10.0.
If you are running a version prior to 0.10.0 and you cannot upgrade, you
can disable the SMB and Q.931 protocol dissectors by selecting
Edit->Protocols... and deselecting them from the list.
---------------------------------------------------------------------
* Wed Dec 17 2003 Phil Knirsch <pknirsch(a)redhat.com> 0.10.0a-0.1
- Update to latest upstream version 0.10.0a
- Fixed plugins problem.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
5ac28be19cc9b3113b6c339aed1c5f33 SRPMS/ethereal-0.10.0a-0.1.src.rpm
5e295a50ac358b0edd4828d39da04a9e i386/ethereal-0.10.0a-0.1.i386.rpm
8b0add410bf1e84f44f1e93c91a29596 i386/ethereal-gnome-0.10.0a-0.1.i386.rpm
0cf3428ab5d3ec2fdf8b415d79b5d9db
i386/debug/ethereal-debuginfo-0.10.0a-0.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
--
Philipp Knirsch | Tel.: +49-711-96437-470
Development | Fax.: +49-711-96437-111
Red Hat GmbH | Email: Phil Knirsch <phil(a)redhat.de>
Hauptstaetterstr. 58 | Web: http://www.redhat.de/
D-70178 Stuttgart
Motd: You're only jealous cos the little penguins are talking to me.
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-034
2003-12-15
---------------------------------------------------------------------
Name : lftp
Version : 2.6.10
Release : 1
Summary : A sophisticated file transfer program
Description :
LFTP is a sophisticated ftp/http file transfer program. Like bash, it
has job control and uses the readline library for input. It has
bookmarks, built-in mirroring, and can transfer several files in
parallel. It is designed with reliability in mind.
---------------------------------------------------------------------
Update Information:
Ulf Härnhammar found a remotely-triggerable buffer overflow in lftp.
An attacker could create a carefully crafted directory on a website
such that, if a user connects to that directory using the lftp client
and subsequently issues a 'ls' or 'rels' command, the attacker could
execute arbitrary code on the users machine. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0963 to this issue.
Users of lftp are advised to upgrade to these erratum packages, which
upgrade lftp to a version which is not vulnerable to this issue.
Red Hat would like to thank Ulf Härnhammar for discovering and
alerting us to this issue.
This update notification is being re-issued to correct the advisory
ID and issue date. The update packages themselves are unchanged.
---------------------------------------------------------------------
* Fri Dec 12 2003 Nalin Dahyabhai <nalin(a)redhat.com> 2.6.10-1
- update to 2.6.10, which folds in the previous patches
- configure with --with-debug so that we get useful debug info
* Tue Dec 09 2003 Nalin Dahyabhai <nalin(a)redhat.com> 2.6.9-1
- include patch based on patch from Ulf Härnhammar to fix unsafe use of
sscanf when reading http directory listings (CAN-2003-0963)
- include patch based on patch from Ulf Härnhammar to fix compile warnings
modified based on input from Solar Designer
* Mon Dec 08 2003 Nalin Dahyabhai <nalin(a)redhat.com>
- update to 2.6.9
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
b36e31c19e088ee086afc9c42dacd471 SRPMS/lftp-2.6.10-1.src.rpm
1a6ab3a0b3df685cc1354bf4740a7201 i386/lftp-2.6.10-1.i386.rpm
7c70562d0c91db1b15d21d0f56f32ea0 i386/debug/lftp-debuginfo-2.6.10-1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-025
2003-12-12
---------------------------------------------------------------------
Name : lftp
Version : 2.6.10
Release : 1
Summary : A sophisticated file transfer program
Description :
LFTP is a sophisticated ftp/http file transfer program. Like bash, it
has job control and uses the readline library for input. It has
bookmarks, built-in mirroring, and can transfer several files in
parallel. It is designed with reliability in mind.
---------------------------------------------------------------------
Update Information:
Ulf Härnhammar found a remotely-triggerable buffer overflow in lftp.
An attacker could create a carefully crafted directory on a website
such that, if a user connects to that directory using the lftp client
and subsequently issues a 'ls' or 'rels' command, the attacker could
execute arbitrary code on the users machine. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0963 to this issue.
Users of lftp are advised to upgrade to these erratum packages, which
upgrade lftp to a version which is not vulnerable to this issue.
Red Hat would like to thank Ulf Härnhammar for discovering and
alerting us to this issue.
---------------------------------------------------------------------
* Fri Dec 12 2003 Nalin Dahyabhai <nalin(a)redhat.com> 2.6.10-1
- update to 2.6.10, which folds in the previous patches
- configure with --with-debug so that we get useful debug info
* Tue Dec 09 2003 Nalin Dahyabhai <nalin(a)redhat.com> 2.6.9-1
- include patch based on patch from Ulf Härnhammar to fix unsafe use of
sscanf when reading http directory listings (CAN-2003-0963)
- include patch based on patch from Ulf Härnhammar to fix compile warnings
modified based on input from Solar Designer
* Mon Dec 08 2003 Nalin Dahyabhai <nalin(a)redhat.com>
- update to 2.6.9
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
b36e31c19e088ee086afc9c42dacd471 SRPMS/lftp-2.6.10-1.src.rpm
1a6ab3a0b3df685cc1354bf4740a7201 i386/lftp-2.6.10-1.i386.rpm
7c70562d0c91db1b15d21d0f56f32ea0 i386/debug/lftp-debuginfo-2.6.10-1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-011
2003-12-12
---------------------------------------------------------------------
Name : redhat-config-printer
Version : 0.6.79.2
Release : 1
Summary : A printer configuration backend/frontend combination.
Description :
The printconf utility is a printer configuration and filtration system
based on magicfilter (the alchemist data library) and the foomatic
filter system. It rebuilds local print configuration and spool
directories from data sources at lpd init time, and is integrated to
use the multi-sourced features of the alchemist data library.
---------------------------------------------------------------------
Update Information:
Packages fixing a bug concerning printer sharing in the Printing
configuration tool are now available.
---------------------------------------------------------------------
* Wed Nov 19 2003 Tim Waugh <twaugh(a)redhat.com> 0.6.79.2-1
- 0.6.79.2:
- Another attempt to fix bug #109942.
* Thu Nov 13 2003 Tim Waugh <twaugh(a)redhat.com> 0.6.79.1-1
- 0.6.79.1:
- More sharing fixes (bug #109942).
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
8e948ec34bf3ebed240ae21636f0f8d3 SRPMS/redhat-config-printer-0.6.79.2-1.src.rpm
2371cb63c6e2f616e1382ab5e670cee9 i386/redhat-config-printer-0.6.79.2-1.i386.rpm
fd0c120a21f3d1f13b640ff0f9162b71 i386/redhat-config-printer-gui-0.6.79.2-1.i386.rpm
cf9c57f98d25d1c2f627d8adb0caa29e i386/debug/redhat-config-printer-debuginfo-0.6.79.2-1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-037
2003-12-11
---------------------------------------------------------------------
Name : net-snmp
Version : 5.1
Release : 2.1
Summary : A collection of SNMP protocol tools and libraries.
Description :
SNMP (Simple Network Management Protocol) is a protocol used for
network management. The NET-SNMP project includes various SNMP tools:
an extensible agent, an SNMP library, tools for requesting or setting
information from SNMP agents, tools for generating and handling SNMP
traps, a version of the netstat command which uses SNMP, and a Tk/Perl
mib browser. This package contains the snmpd and snmptrapd daemons,
documentation, etc.
You will probably also want to install the net-snmp-utils package,
which contains NET-SNMP utilities.
---------------------------------------------------------------------
Update Information:
This is just a bugfix and update release of net-snmp for Fedora Core 1. See
the changelog entries for more details about the fixes.
---------------------------------------------------------------------
* Thu Dec 11 2003 Phil Knirsch <pknirsch(a)redhat.com> 5.1-2.1
- Built Fedora Core 1 update.
* Wed Dec 10 2003 Phil Knirsch <pknirsch(a)redhat.com> 5.1-3
- Removed snmpcheck again, needs perl(Tk) which we don't ship (#111194).
- Fixed getopt definition in include file (#111209).
- Included Kaj J. Niemi's patch for broken perl module (#111319).
- Included Kaj J. Niemi's patch for broken async getnext perl call
(#111479).
- Included Kaj J. Niemi's patch for broken hr_storage (#111502).
* Wed Nov 26 2003 Phil Knirsch <pknirsch(a)redhat.com> 5.1-2
- Included BuildPrereq on lm_sensors-devel on x86 archs (#110616).
- Fixed deprecated initscript options (#110618).
* Wed Nov 19 2003 Phil Knirsch <pknirsch(a)redhat.com> 5.1-1
- Updated to latest net-snmp-5.1 upstream version.
- Tons of specfile and patch cleanup.
- Cleaned up perl stuff (mib2c etc, see #107707).
- Added lm_sensors support patch for x86 archs from Kaj J. Niemi (#107618).
- Added support for custom mib paths and mibs to snmptrapd initscript
(#102762)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
68d4109fcb5ad77c88d2645f25347ce7 SRPMS/net-snmp-5.1-2.1.src.rpm
c6cfdec8bd5e52d0b71264cbc4350e3d i386/net-snmp-5.1-2.1.i386.rpm
200358456c8455c222e3db0351e51a01 i386/net-snmp-utils-5.1-2.1.i386.rpm
363025231d13efb837bcd3741aa3fec0 i386/net-snmp-devel-5.1-2.1.i386.rpm
344606e3101ce6e100bd703b4b86b688 i386/net-snmp-perl-5.1-2.1.i386.rpm
475a98a36e21879dc64ddcd7642d616b
i386/debug/net-snmp-debuginfo-5.1-2.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
--
Philipp Knirsch | Tel.: +49-711-96437-470
Development | Fax.: +49-711-96437-111
Red Hat GmbH | Email: Phil Knirsch <phil(a)redhat.de>
Hauptstaetterstr. 58 | Web: http://www.redhat.de/
D-70178 Stuttgart
Motd: You're only jealous cos the little penguins are talking to me.
---------------------------------------------------------------------
Fedora Security Update Notification
FEDORA-2003-025
2003-12-10
---------------------------------------------------------------------
Name : gnupg
Version : 1.2.3
Release : 2
Summary : A GNU utility for secure communication and data storage.
Description :
GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and
creating digital signatures. GnuPG has advanced key management
capabilities and is compliant with the proposed OpenPGP Internet
standard described in RFC2440. Since GnuPG doesn't use any patented
algorithm, it is not compatible with any version of PGP2 (PGP2.x uses
only IDEA for symmetric-key encryption, which is patented worldwide).
---------------------------------------------------------------------
Update Information:
Phong Nguyen identified a severe bug in the way GnuPG creates and
uses ElGamal keys, when those keys are used both to sign and encrypt
data. This vulnerability can be used to trivially recover the
private key. While the default behavior of GnuPG when generating
keys does not lead to the creation of unsafe keys, by overriding the
default settings an unsafe key could have been created.
If you are using ElGamal keys, you should revoke those keys
immediately.
The packages included in this update do not make ElGamal keys safe to
use; they merely include a patch by David Shaw that disables
functions that would generate or use ElGamal keys for encryption.
---------------------------------------------------------------------
* Mon Dec 01 2003 Nalin Dahyabhai <nalin(a)redhat.com> 1.2.3-2
- incorporate patch from gnupg-announce which removes the ability to create
ElGamal encrypt+sign keys or to sign messages with such keys
* Mon Oct 27 2003 Nalin Dahyabhai <nalin(a)redhat.com> 1.2.3-1
- use -fPIE instead of -fpie because some arches need it
* Mon Oct 27 2003 Nalin Dahyabhai <nalin(a)redhat.com>
- build gnupg as a position-independent executable (Arjan van de Ven)
* Mon Aug 25 2003 Nalin Dahyabhai <nalin(a)redhat.com>
- add Werner's key as a source file
* Fri Aug 22 2003 Nalin Dahyabhai <nalin(a)redhat.com>
- update to 1.2.3
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
b7457d205b1807677a352f734dd794b4 SRPMS/gnupg-1.2.3-2.src.rpm
b8d2688e98330f98e954ccffaf0aed79 i386/gnupg-1.2.3-2.i386.rpm
86b34157605dd65bd369d39a7b9d8ea2 i386/debug/gnupg-debuginfo-1.2.3-2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-035
2003-12-10
---------------------------------------------------------------------
Name : quagga
Version : 0.96.4
Release : 0.fc1
Summary : Routing daemon
Description :
Quagga is a free software that manages TCP/IP based routing
protocol. It takes multi-server and multi-thread approach to resolve
the current complexity of the Internet.
Quagga supports BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng.
Quagga is intended to be used as a Route Server and a Route Reflector.
It is
not a toolkit, it provides full routing power under a new
architecture.
Quagga by design has a process for each protocol.
Quagga is a fork of GNU Zebra.
---------------------------------------------------------------------
Update Information:
This update includes the fixes that were included in RHSA-2003:307
---------------------------------------------------------------------
* Mon Nov 03 2003 Jay Fenlason <fenlason(a)redhat.com> 0.96.4-0.fc1
- Merge 0.96.4 as an update for fc1
- include the netlink local DoS patch.
- include .h files in the -devel package.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
e45027cead2d661305cbc85c1b654bd9 SRPMS/quagga-0.96.4-0.fc1.src.rpm
b8c9dbf80af916e1e05d469bc34f9162 i386/quagga-0.96.4-0.fc1.i386.rpm
e7ce058f50961d60f0e08c148fc8326f
i386/quagga-contrib-0.96.4-0.fc1.i386.rpm
f89b59d86cb340f9022014c0745734a0
i386/quagga-devel-0.96.4-0.fc1.i386.rpm
3c8de41328a41521e62b443caf1f93df
i386/debug/quagga-debuginfo-0.96.4-0.fc1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-003
2003-12-05
---------------------------------------------------------------------
Name : grep
Version : 2.5.1
Release : 17.2
Summary : The GNU versions of grep pattern matching utilities.
Description :
The GNU versions of commonly used grep utilities. Grep searches
through textual input for lines which contain a match to a specified
pattern and then prints the matching lines. GNU's grep utilities
include grep, egrep and fgrep.
You should install grep on your system, because it is a very useful
utility for searching through text.
---------------------------------------------------------------------
Update Information:
When processing UTF-8 encoded input, the grep utility (for searching
through textual input to find lines matching a regular expression) is
extremely inefficient (bug #69900). A method for speeding up UTF-8
processing in grep has been incorporated in this updated package.
---------------------------------------------------------------------
* Fri Nov 21 2003 Tim Waugh <twaugh(a)redhat.com> 2.5.1-17.2
- Another two multibyte efficiency bug-fixes (bug #110524).
* Tue Nov 11 2003 Tim Waugh <twaugh(a)redhat.com> 2.5.1-17.1
- Fixed man page bug (bug #106267).
- Turn on multibyte efficiency patch again.
- Fixed a multibyte efficiency bug.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
2d14bf7847d0eda8218b83a3e3ada6f5 SRPMS/grep-2.5.1-17.2.src.rpm
b4c55b1667bc407e1fb0df652e84248a i386/grep-2.5.1-17.2.i386.rpm
27860fbe8e3cb150fd932bd43099fdea i386/debug/grep-debuginfo-2.5.1-17.2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-032
2003-12-09
---------------------------------------------------------------------
Name : procps
Version : 2.0.17
Release : 5
Summary : System and process monitoring utilities.
Description :
The procps package contains a set of system utilities that provide
system information. Procps includes ps, free, skill, snice, tload,
top, uptime, vmstat, w, and watch. The ps command displays a snapshot
of running processes. The top command provides a repetitive update of
the statuses of running processes. The free command displays the
amounts of free and used memory on your system. The skill command
sends a terminate command (or another specified signal) to a specified
set of processes. The snice command is used to change the scheduling
priority of specified processes. The tload command prints a graph of
the current system load average to a specified tty. The uptime command
displays the current time, how long the system has been running, how
many users are logged on, and system load averages for the past one,
five, and fifteen minutes. The w command displays a list of the users
who are currently logged on and what they are running. The watch
program watches a running program. The vmstat command displays virtual
memory statistics about processes, memory, paging, block I/O, traps,
and CPU activity.
---------------------------------------------------------------------
Update Information:
Fixes a problem showing the total cpu percentages in top.
For full details, see
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=109484
---------------------------------------------------------------------
* Mon Dec 08 2003 Alexander Larsson <alexl(a)redhat.com> 2.0.17-5
- Fix top total percentages (#109484)
* Wed Oct 15 2003 Dan Walsh <dwalsh(a)redhat.com> 2.0.17-4
- Turn off selinux
* Wed Oct 15 2003 Dan Walsh <dwalsh(a)redhat.com> 2.0.17-3.sel
- Fix help message
* Thu Oct 09 2003 Dan Walsh <dwalsh(a)redhat.com> 2.0.17-2.sel
- Turn on selinux
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
aa8287c9d9dd4c8e473df5086c9114ae SRPMS/procps-2.0.17-5.src.rpm
67ea787d8d3bd4dfec625ffd1f96349f i386/procps-2.0.17-5.i386.rpm
60a4e240f3e56df81912ab9e7539904f
i386/debug/procps-debuginfo-2.0.17-5.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-031
2003-12-04
---------------------------------------------------------------------
Name : xboard
Version : 4.2.7
Release : 1
Summary : An X Window System graphical chessboard.
Description :
Xboard is an X Window System based graphical chessboard which can be
used with the GNUchess and Crafty chess programs, with Internet Chess
Servers (ICSs), with chess via email, or with your own saved games.
Install the xboard package if you need a graphical chessboard.
---------------------------------------------------------------------
Update Information:
XBoard 4.2.6 and older contains a script which writes to a file in
/tmp with a predictable filename. Malicious users could use this
vulnerability to force XBoard users to overwrite any file writable
by them.
---------------------------------------------------------------------
* Thu Dec 04 2003 Karsten Hopp <karsten(a)redhat.de> 4.2.7-1
- update to 4.2.7
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
c9ee7f4bfdc30da49d4e4e968baf4512 SRPMS/xboard-4.2.7-1.src.rpm
ed2216de0ce24bf9d18423e5eb94d734 i386/xboard-4.2.7-1.i386.rpm
c22f3442cbd928378ace8d4aaaf4681f i386/debug/xboard-debuginfo-4.2.7-1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
--
Karsten Hopp | Mail: karsten(a)redhat.com
Red Hat Deutschland | Tel: +49-711-96437-0
Hauptstaetterstr.58 | Fax: +49-711-96437-111
D-70178 Stuttgart | http://www.redhat.de
---------------------------------------------------------------------
Fedora Security Update Notification
FEDORA-2003-030
2003-12-04
---------------------------------------------------------------------
Name : rsync
Version : 2.5.7
Release : 2
Summary : A program for synchronizing files over a network.
Description :
Rsync uses a reliable algorithm to bring remote and host files into
sync very quickly. Rsync is fast because it just sends the differences
in the files over the network instead of sending the complete
files. Rsync is often used as a very powerful mirroring process or
just as a more capable replacement for the rcp command. A technical
report which describes the rsync algorithm is included in this
package.
---------------------------------------------------------------------
Update Information:
A heap overflow bug exists in rsync versions prior to 2.5.7. On
machines where the rsync server has been enabled, a remote attacker
could use this flaw to execute arbitrary code as an unprivileged user.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0962 to this issue.
---------------------------------------------------------------------
* Wed Dec 03 2003 Bill Nottingham <notting(a)redhat.com> 2.5.7-2
- rebuild
* Wed Dec 03 2003 Bill Nottingham <notting(a)redhat.com> 2.5.7-1
- update to 2.5.7
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
4e76615d1b2192be4c43d040b85ce67e SRPMS/rsync-2.5.7-2.src.rpm
1072294ffa8bbb37d760600093077348 i386/rsync-2.5.7-2.i386.rpm
fa5d5ca86e6af5c15153800274443f90 i386/debug/rsync-debuginfo-2.5.7-2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Security Update Notification
FEDORA-2003-026
2003-12-02
---------------------------------------------------------------------
Name : kernel
Version : 2.4.22
Release : 1.2129.nptl
Summary : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of your
Red Hat Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
---------------------------------------------------------------------
The kernel shipped with Fedora Core 1 was vulnerable to a bug in the
error return on a concurrent fork() with threaded exit() which could be
exploited by a user level program to crash the kernel.
In addition to this bug fix, the changelog below details various
other non security fixes that have been added.
* Mon Dec 01 2003 Dave Jones <davej(a)redhat.com>
- sys_tgkill wasn't enabled on IA32.
* Sun Nov 30 2003 Dave Jones <davej(a)redhat.com>
- Process scheduler fix.
When doing sync wakeups we must not skip the notification of other cpus if
the task is not on this runqueue.
* Wed Nov 26 2003 Justin M. Forbes <64bit_fedora(a)comcast.net>
- Merge required ia32 syscalls for AMD64
- [f]truncate64 for 32bit code fix
* Mon Nov 24 2003 Dave Jones <davej(a)redhat.com>
- Fix power-off on shutdown with ACPI.
- Add missing part of recent cmpci fix
- Drop CONFIG_NR_CPUS patch which was problematic.
- Fold futex-fix into main futex patch.
- Fix TG3 tqueue initialisation.
- Various NPTL fixes.
* Fri Nov 14 2003 Dave Jones <davej(a)redhat.com>
- Drop netfilter change which proved to be bad upstream.
* Thu Nov 13 2003 Justin M. Forbes <64bit_fedora(a)comcast.net>
- Fix NForce3 DMA and ATA133 on AMD64
* Wed Nov 12 2003 Dave Jones <davej(a)redhat.com>
- Fix syscall definitions on AMD64
* Tue Nov 11 2003 Dave Jones <davej(a)redhat.com>
- Fix Intel 440GX Interrupt routing.
- Fix waitqueue leak in cmpci driver.
* Mon Nov 10 2003 Dave Jones <davej(a)redhat.com>
- Kill noisy warnings in the DRM modules.
- Merge munged upstream x86-64.org patch for various AMD64 fixes.
* Mon Nov 03 2003 Dave Jones <davej(a)redhat.com>
- Further cleanups related to AMD64 build.
* Fri Oct 31 2003 Dave Jones <davej(a)redhat.com>
- Make AMD64 build.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
b2ca2e65c14ba3a32bbae6b11e368033 SRPMS/kernel-2.4.22-1.2129.nptl.src.rpm
30c673e9bd3470d2323fad69ba064a59 i386/kernel-source-2.4.22-1.2129.nptl.i386.rpm
ea3ca9fce1003aa1c03396501fe8e8e4 i386/kernel-doc-2.4.22-1.2129.nptl.i386.rpm
90bbab66acb77dbfe6e2ae91fca5f4c8 i386/kernel-BOOT-2.4.22-1.2129.nptl.i386.rpm
a9ebdfdfd8d19a72decf1b8d5549996b i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i386.rpm
d088887cfc2894539051ec7708ef7c9e i386/kernel-2.4.22-1.2129.nptl.i586.rpm
43edf191d8dd0713964ee922e85179a4 i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i586.rpm
ee7850054d3f2b3f72a7d262a398ad87 i386/kernel-2.4.22-1.2129.nptl.i686.rpm
a023b71cda6252a168c69a05e894e988 i386/kernel-smp-2.4.22-1.2129.nptl.i686.rpm
7c23798f7d4d3852cf395a23169e99df i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i686.rpm
a81da54e2c360f336e35135b5b3fedb9 i386/kernel-2.4.22-1.2129.nptl.athlon.rpm
230fedc801524652681a23cfd6aad8a4 i386/kernel-smp-2.4.22-1.2129.nptl.athlon.rpm
7f461087fa103bef89c14057413e0c1d i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.athlon.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-016
2003-12-01
---------------------------------------------------------------------
Name : initscripts
Version : 7.42.2
Release : 1
Summary : The inittab file and the /etc/init.d scripts.
Description :
The initscripts package contains the basic system scripts used to boot
your Red Hat system, change runlevels, and shut the system down
cleanly. Initscripts also contains the scripts that activate and
deactivate most network interfaces.
---------------------------------------------------------------------
Update Information:
New initscripts packages are available. These packages fix an issue
with the permissions when mounting /dev/pts, which fixes the use of
mesg or write, as well as eliminates some errors from pty helper programs.
It also fixes manipulation of xDSL and other interfaces where the nickname
does not match the device name, use of IPv6 with ISDN devices, and removes
an extraneous ethtool error message on devices that don't support ethtool.
---------------------------------------------------------------------
* Mon Nov 17 2003 Bill Nottingham <notting(a)redhat.com> 7.42.1-1
- fix /dev/pts mounting (#110209)
- fix xDSL and other interfaces (#109601)
- get rid of ethtool error message from ifup
- fix ipv6 with ippp (#111215, <tomek(a)jot23.org>)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
31e754ac2197f2136a124e81845aa681 SRPMS/initscripts-7.42.2-1.src.rpm
686577e1f96d5cf25de9ccd2cb29f665 i386/initscripts-7.42.2-1.i386.rpm
3ec240a6fe19559eba31364611a1b242 i386/debug/initscripts-debuginfo-7.42.2-1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------