---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-037
2003-12-11
---------------------------------------------------------------------
Name : net-snmp
Version : 5.1
Release : 2.1
Summary : A collection of SNMP protocol tools and libraries.
Description :
SNMP (Simple Network Management Protocol) is a protocol used for
network management. The NET-SNMP project includes various SNMP tools:
an extensible agent, an SNMP library, tools for requesting or setting
information from SNMP agents, tools for generating and handling SNMP
traps, a version of the netstat command which uses SNMP, and a Tk/Perl
mib browser. This package contains the snmpd and snmptrapd daemons,
documentation, etc.
You will probably also want to install the net-snmp-utils package,
which contains NET-SNMP utilities.
---------------------------------------------------------------------
Update Information:
This is just a bugfix and update release of net-snmp for Fedora Core 1. See
the changelog entries for more details about the fixes.
---------------------------------------------------------------------
* Thu Dec 11 2003 Phil Knirsch <pknirsch(a)redhat.com> 5.1-2.1
- Built Fedora Core 1 update.
* Wed Dec 10 2003 Phil Knirsch <pknirsch(a)redhat.com> 5.1-3
- Removed snmpcheck again, needs perl(Tk) which we don't ship (#111194).
- Fixed getopt definition in include file (#111209).
- Included Kaj J. Niemi's patch for broken perl module (#111319).
- Included Kaj J. Niemi's patch for broken async getnext perl call
(#111479).
- Included Kaj J. Niemi's patch for broken hr_storage (#111502).
* Wed Nov 26 2003 Phil Knirsch <pknirsch(a)redhat.com> 5.1-2
- Included BuildPrereq on lm_sensors-devel on x86 archs (#110616).
- Fixed deprecated initscript options (#110618).
* Wed Nov 19 2003 Phil Knirsch <pknirsch(a)redhat.com> 5.1-1
- Updated to latest net-snmp-5.1 upstream version.
- Tons of specfile and patch cleanup.
- Cleaned up perl stuff (mib2c etc, see #107707).
- Added lm_sensors support patch for x86 archs from Kaj J. Niemi (#107618).
- Added support for custom mib paths and mibs to snmptrapd initscript
(#102762)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
68d4109fcb5ad77c88d2645f25347ce7 SRPMS/net-snmp-5.1-2.1.src.rpm
c6cfdec8bd5e52d0b71264cbc4350e3d i386/net-snmp-5.1-2.1.i386.rpm
200358456c8455c222e3db0351e51a01 i386/net-snmp-utils-5.1-2.1.i386.rpm
363025231d13efb837bcd3741aa3fec0 i386/net-snmp-devel-5.1-2.1.i386.rpm
344606e3101ce6e100bd703b4b86b688 i386/net-snmp-perl-5.1-2.1.i386.rpm
475a98a36e21879dc64ddcd7642d616b
i386/debug/net-snmp-debuginfo-5.1-2.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
--
Philipp Knirsch | Tel.: +49-711-96437-470
Development | Fax.: +49-711-96437-111
Red Hat GmbH | Email: Phil Knirsch <phil(a)redhat.de>
Hauptstaetterstr. 58 | Web: http://www.redhat.de/
D-70178 Stuttgart
Motd: You're only jealous cos the little penguins are talking to me.
---------------------------------------------------------------------
Fedora Security Update Notification
FEDORA-2003-025
2003-12-10
---------------------------------------------------------------------
Name : gnupg
Version : 1.2.3
Release : 2
Summary : A GNU utility for secure communication and data storage.
Description :
GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and
creating digital signatures. GnuPG has advanced key management
capabilities and is compliant with the proposed OpenPGP Internet
standard described in RFC2440. Since GnuPG doesn't use any patented
algorithm, it is not compatible with any version of PGP2 (PGP2.x uses
only IDEA for symmetric-key encryption, which is patented worldwide).
---------------------------------------------------------------------
Update Information:
Phong Nguyen identified a severe bug in the way GnuPG creates and
uses ElGamal keys, when those keys are used both to sign and encrypt
data. This vulnerability can be used to trivially recover the
private key. While the default behavior of GnuPG when generating
keys does not lead to the creation of unsafe keys, by overriding the
default settings an unsafe key could have been created.
If you are using ElGamal keys, you should revoke those keys
immediately.
The packages included in this update do not make ElGamal keys safe to
use; they merely include a patch by David Shaw that disables
functions that would generate or use ElGamal keys for encryption.
---------------------------------------------------------------------
* Mon Dec 01 2003 Nalin Dahyabhai <nalin(a)redhat.com> 1.2.3-2
- incorporate patch from gnupg-announce which removes the ability to create
ElGamal encrypt+sign keys or to sign messages with such keys
* Mon Oct 27 2003 Nalin Dahyabhai <nalin(a)redhat.com> 1.2.3-1
- use -fPIE instead of -fpie because some arches need it
* Mon Oct 27 2003 Nalin Dahyabhai <nalin(a)redhat.com>
- build gnupg as a position-independent executable (Arjan van de Ven)
* Mon Aug 25 2003 Nalin Dahyabhai <nalin(a)redhat.com>
- add Werner's key as a source file
* Fri Aug 22 2003 Nalin Dahyabhai <nalin(a)redhat.com>
- update to 1.2.3
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
b7457d205b1807677a352f734dd794b4 SRPMS/gnupg-1.2.3-2.src.rpm
b8d2688e98330f98e954ccffaf0aed79 i386/gnupg-1.2.3-2.i386.rpm
86b34157605dd65bd369d39a7b9d8ea2 i386/debug/gnupg-debuginfo-1.2.3-2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-035
2003-12-10
---------------------------------------------------------------------
Name : quagga
Version : 0.96.4
Release : 0.fc1
Summary : Routing daemon
Description :
Quagga is a free software that manages TCP/IP based routing
protocol. It takes multi-server and multi-thread approach to resolve
the current complexity of the Internet.
Quagga supports BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng.
Quagga is intended to be used as a Route Server and a Route Reflector.
It is
not a toolkit, it provides full routing power under a new
architecture.
Quagga by design has a process for each protocol.
Quagga is a fork of GNU Zebra.
---------------------------------------------------------------------
Update Information:
This update includes the fixes that were included in RHSA-2003:307
---------------------------------------------------------------------
* Mon Nov 03 2003 Jay Fenlason <fenlason(a)redhat.com> 0.96.4-0.fc1
- Merge 0.96.4 as an update for fc1
- include the netlink local DoS patch.
- include .h files in the -devel package.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
e45027cead2d661305cbc85c1b654bd9 SRPMS/quagga-0.96.4-0.fc1.src.rpm
b8c9dbf80af916e1e05d469bc34f9162 i386/quagga-0.96.4-0.fc1.i386.rpm
e7ce058f50961d60f0e08c148fc8326f
i386/quagga-contrib-0.96.4-0.fc1.i386.rpm
f89b59d86cb340f9022014c0745734a0
i386/quagga-devel-0.96.4-0.fc1.i386.rpm
3c8de41328a41521e62b443caf1f93df
i386/debug/quagga-debuginfo-0.96.4-0.fc1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-003
2003-12-05
---------------------------------------------------------------------
Name : grep
Version : 2.5.1
Release : 17.2
Summary : The GNU versions of grep pattern matching utilities.
Description :
The GNU versions of commonly used grep utilities. Grep searches
through textual input for lines which contain a match to a specified
pattern and then prints the matching lines. GNU's grep utilities
include grep, egrep and fgrep.
You should install grep on your system, because it is a very useful
utility for searching through text.
---------------------------------------------------------------------
Update Information:
When processing UTF-8 encoded input, the grep utility (for searching
through textual input to find lines matching a regular expression) is
extremely inefficient (bug #69900). A method for speeding up UTF-8
processing in grep has been incorporated in this updated package.
---------------------------------------------------------------------
* Fri Nov 21 2003 Tim Waugh <twaugh(a)redhat.com> 2.5.1-17.2
- Another two multibyte efficiency bug-fixes (bug #110524).
* Tue Nov 11 2003 Tim Waugh <twaugh(a)redhat.com> 2.5.1-17.1
- Fixed man page bug (bug #106267).
- Turn on multibyte efficiency patch again.
- Fixed a multibyte efficiency bug.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
2d14bf7847d0eda8218b83a3e3ada6f5 SRPMS/grep-2.5.1-17.2.src.rpm
b4c55b1667bc407e1fb0df652e84248a i386/grep-2.5.1-17.2.i386.rpm
27860fbe8e3cb150fd932bd43099fdea i386/debug/grep-debuginfo-2.5.1-17.2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-032
2003-12-09
---------------------------------------------------------------------
Name : procps
Version : 2.0.17
Release : 5
Summary : System and process monitoring utilities.
Description :
The procps package contains a set of system utilities that provide
system information. Procps includes ps, free, skill, snice, tload,
top, uptime, vmstat, w, and watch. The ps command displays a snapshot
of running processes. The top command provides a repetitive update of
the statuses of running processes. The free command displays the
amounts of free and used memory on your system. The skill command
sends a terminate command (or another specified signal) to a specified
set of processes. The snice command is used to change the scheduling
priority of specified processes. The tload command prints a graph of
the current system load average to a specified tty. The uptime command
displays the current time, how long the system has been running, how
many users are logged on, and system load averages for the past one,
five, and fifteen minutes. The w command displays a list of the users
who are currently logged on and what they are running. The watch
program watches a running program. The vmstat command displays virtual
memory statistics about processes, memory, paging, block I/O, traps,
and CPU activity.
---------------------------------------------------------------------
Update Information:
Fixes a problem showing the total cpu percentages in top.
For full details, see
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=109484
---------------------------------------------------------------------
* Mon Dec 08 2003 Alexander Larsson <alexl(a)redhat.com> 2.0.17-5
- Fix top total percentages (#109484)
* Wed Oct 15 2003 Dan Walsh <dwalsh(a)redhat.com> 2.0.17-4
- Turn off selinux
* Wed Oct 15 2003 Dan Walsh <dwalsh(a)redhat.com> 2.0.17-3.sel
- Fix help message
* Thu Oct 09 2003 Dan Walsh <dwalsh(a)redhat.com> 2.0.17-2.sel
- Turn on selinux
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
aa8287c9d9dd4c8e473df5086c9114ae SRPMS/procps-2.0.17-5.src.rpm
67ea787d8d3bd4dfec625ffd1f96349f i386/procps-2.0.17-5.i386.rpm
60a4e240f3e56df81912ab9e7539904f
i386/debug/procps-debuginfo-2.0.17-5.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-031
2003-12-04
---------------------------------------------------------------------
Name : xboard
Version : 4.2.7
Release : 1
Summary : An X Window System graphical chessboard.
Description :
Xboard is an X Window System based graphical chessboard which can be
used with the GNUchess and Crafty chess programs, with Internet Chess
Servers (ICSs), with chess via email, or with your own saved games.
Install the xboard package if you need a graphical chessboard.
---------------------------------------------------------------------
Update Information:
XBoard 4.2.6 and older contains a script which writes to a file in
/tmp with a predictable filename. Malicious users could use this
vulnerability to force XBoard users to overwrite any file writable
by them.
---------------------------------------------------------------------
* Thu Dec 04 2003 Karsten Hopp <karsten(a)redhat.de> 4.2.7-1
- update to 4.2.7
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
c9ee7f4bfdc30da49d4e4e968baf4512 SRPMS/xboard-4.2.7-1.src.rpm
ed2216de0ce24bf9d18423e5eb94d734 i386/xboard-4.2.7-1.i386.rpm
c22f3442cbd928378ace8d4aaaf4681f i386/debug/xboard-debuginfo-4.2.7-1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
--
Karsten Hopp | Mail: karsten(a)redhat.com
Red Hat Deutschland | Tel: +49-711-96437-0
Hauptstaetterstr.58 | Fax: +49-711-96437-111
D-70178 Stuttgart | http://www.redhat.de
---------------------------------------------------------------------
Fedora Security Update Notification
FEDORA-2003-030
2003-12-04
---------------------------------------------------------------------
Name : rsync
Version : 2.5.7
Release : 2
Summary : A program for synchronizing files over a network.
Description :
Rsync uses a reliable algorithm to bring remote and host files into
sync very quickly. Rsync is fast because it just sends the differences
in the files over the network instead of sending the complete
files. Rsync is often used as a very powerful mirroring process or
just as a more capable replacement for the rcp command. A technical
report which describes the rsync algorithm is included in this
package.
---------------------------------------------------------------------
Update Information:
A heap overflow bug exists in rsync versions prior to 2.5.7. On
machines where the rsync server has been enabled, a remote attacker
could use this flaw to execute arbitrary code as an unprivileged user.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0962 to this issue.
---------------------------------------------------------------------
* Wed Dec 03 2003 Bill Nottingham <notting(a)redhat.com> 2.5.7-2
- rebuild
* Wed Dec 03 2003 Bill Nottingham <notting(a)redhat.com> 2.5.7-1
- update to 2.5.7
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
4e76615d1b2192be4c43d040b85ce67e SRPMS/rsync-2.5.7-2.src.rpm
1072294ffa8bbb37d760600093077348 i386/rsync-2.5.7-2.i386.rpm
fa5d5ca86e6af5c15153800274443f90 i386/debug/rsync-debuginfo-2.5.7-2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Security Update Notification
FEDORA-2003-026
2003-12-02
---------------------------------------------------------------------
Name : kernel
Version : 2.4.22
Release : 1.2129.nptl
Summary : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of your
Red Hat Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
---------------------------------------------------------------------
The kernel shipped with Fedora Core 1 was vulnerable to a bug in the
error return on a concurrent fork() with threaded exit() which could be
exploited by a user level program to crash the kernel.
In addition to this bug fix, the changelog below details various
other non security fixes that have been added.
* Mon Dec 01 2003 Dave Jones <davej(a)redhat.com>
- sys_tgkill wasn't enabled on IA32.
* Sun Nov 30 2003 Dave Jones <davej(a)redhat.com>
- Process scheduler fix.
When doing sync wakeups we must not skip the notification of other cpus if
the task is not on this runqueue.
* Wed Nov 26 2003 Justin M. Forbes <64bit_fedora(a)comcast.net>
- Merge required ia32 syscalls for AMD64
- [f]truncate64 for 32bit code fix
* Mon Nov 24 2003 Dave Jones <davej(a)redhat.com>
- Fix power-off on shutdown with ACPI.
- Add missing part of recent cmpci fix
- Drop CONFIG_NR_CPUS patch which was problematic.
- Fold futex-fix into main futex patch.
- Fix TG3 tqueue initialisation.
- Various NPTL fixes.
* Fri Nov 14 2003 Dave Jones <davej(a)redhat.com>
- Drop netfilter change which proved to be bad upstream.
* Thu Nov 13 2003 Justin M. Forbes <64bit_fedora(a)comcast.net>
- Fix NForce3 DMA and ATA133 on AMD64
* Wed Nov 12 2003 Dave Jones <davej(a)redhat.com>
- Fix syscall definitions on AMD64
* Tue Nov 11 2003 Dave Jones <davej(a)redhat.com>
- Fix Intel 440GX Interrupt routing.
- Fix waitqueue leak in cmpci driver.
* Mon Nov 10 2003 Dave Jones <davej(a)redhat.com>
- Kill noisy warnings in the DRM modules.
- Merge munged upstream x86-64.org patch for various AMD64 fixes.
* Mon Nov 03 2003 Dave Jones <davej(a)redhat.com>
- Further cleanups related to AMD64 build.
* Fri Oct 31 2003 Dave Jones <davej(a)redhat.com>
- Make AMD64 build.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
b2ca2e65c14ba3a32bbae6b11e368033 SRPMS/kernel-2.4.22-1.2129.nptl.src.rpm
30c673e9bd3470d2323fad69ba064a59 i386/kernel-source-2.4.22-1.2129.nptl.i386.rpm
ea3ca9fce1003aa1c03396501fe8e8e4 i386/kernel-doc-2.4.22-1.2129.nptl.i386.rpm
90bbab66acb77dbfe6e2ae91fca5f4c8 i386/kernel-BOOT-2.4.22-1.2129.nptl.i386.rpm
a9ebdfdfd8d19a72decf1b8d5549996b i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i386.rpm
d088887cfc2894539051ec7708ef7c9e i386/kernel-2.4.22-1.2129.nptl.i586.rpm
43edf191d8dd0713964ee922e85179a4 i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i586.rpm
ee7850054d3f2b3f72a7d262a398ad87 i386/kernel-2.4.22-1.2129.nptl.i686.rpm
a023b71cda6252a168c69a05e894e988 i386/kernel-smp-2.4.22-1.2129.nptl.i686.rpm
7c23798f7d4d3852cf395a23169e99df i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.i686.rpm
a81da54e2c360f336e35135b5b3fedb9 i386/kernel-2.4.22-1.2129.nptl.athlon.rpm
230fedc801524652681a23cfd6aad8a4 i386/kernel-smp-2.4.22-1.2129.nptl.athlon.rpm
7f461087fa103bef89c14057413e0c1d i386/debug/kernel-debuginfo-2.4.22-1.2129.nptl.athlon.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2003-016
2003-12-01
---------------------------------------------------------------------
Name : initscripts
Version : 7.42.2
Release : 1
Summary : The inittab file and the /etc/init.d scripts.
Description :
The initscripts package contains the basic system scripts used to boot
your Red Hat system, change runlevels, and shut the system down
cleanly. Initscripts also contains the scripts that activate and
deactivate most network interfaces.
---------------------------------------------------------------------
Update Information:
New initscripts packages are available. These packages fix an issue
with the permissions when mounting /dev/pts, which fixes the use of
mesg or write, as well as eliminates some errors from pty helper programs.
It also fixes manipulation of xDSL and other interfaces where the nickname
does not match the device name, use of IPv6 with ISDN devices, and removes
an extraneous ethtool error message on devices that don't support ethtool.
---------------------------------------------------------------------
* Mon Nov 17 2003 Bill Nottingham <notting(a)redhat.com> 7.42.1-1
- fix /dev/pts mounting (#110209)
- fix xDSL and other interfaces (#109601)
- get rid of ethtool error message from ifup
- fix ipv6 with ippp (#111215, <tomek(a)jot23.org>)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
31e754ac2197f2136a124e81845aa681 SRPMS/initscripts-7.42.2-1.src.rpm
686577e1f96d5cf25de9ccd2cb29f665 i386/initscripts-7.42.2-1.i386.rpm
3ec240a6fe19559eba31364611a1b242 i386/debug/initscripts-debuginfo-7.42.2-1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------