[SECURITY] Fedora Core 4 Update: mysql-4.1.12-2.FC4.1
by Tom Lane
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-557
2005-07-20
---------------------------------------------------------------------
Product : Fedora Core 4
Name : mysql
Version : 4.1.12
Release : 2.FC4.1
Summary : MySQL client programs and shared library.
Description :
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries. This package
contains the MySQL client programs, the client shared library, and
generic MySQL files.
---------------------------------------------------------------------
Update Information:
Update to MySQL 4.1.12 (includes a low-impact security fix, see bz#158689).
Repair some issues in openssl support.
Re-enable the old ISAM table type.
---------------------------------------------------------------------
* Tue Jul 12 2005 Tom Lane <tgl(a)redhat.com> 4.1.12-2.FC4.1
- Update to MySQL 4.1.12 (includes a fix for bz#158688, bz#158689)
- Extend mysql-test-ssl.patch to solve rpl_openssl test failure (bz#155850)
- Update mysql-lock-ssl.patch to match the upstream committed version
- Add --with-isam to re-enable the old ISAM table type, per bz#159262
- Add dependency on openssl-devel per bz#159569
- Remove manual.txt, as upstream decided not to ship it anymore;
it was redundant with the mysql.info file anyway.
- Fix buffer overflow newly exposed in isam code; it's the same issue
previously found in myisam, and not very exciting, but I'm tired of
seeing build warnings.
* Mon May 9 2005 Tom Lane <tgl(a)redhat.com> 4.1.11-4
- Include proper locking for OpenSSL in the server, per bz#155850
* Mon Apr 25 2005 Tom Lane <tgl(a)redhat.com> 4.1.11-3
- Enable openssl tests during build, per bz#155850
- Might as well turn on --disable-dependency-tracking
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
774460107972d53004a6a2008caebc72 SRPMS/mysql-4.1.12-2.FC4.1.src.rpm
e45f42d42cf30b5b78a2d549f0e25847 ppc/mysql-4.1.12-2.FC4.1.ppc.rpm
98c3ccc6b9fddc04e939e533773ec789 ppc/mysql-server-4.1.12-2.FC4.1.ppc.rpm
cd0089e82da75b84e7db807d1d61dc4d ppc/mysql-devel-4.1.12-2.FC4.1.ppc.rpm
1ab9651bdc3f25ce5d8608b6e52e296c ppc/mysql-bench-4.1.12-2.FC4.1.ppc.rpm
f13f7b728be053fae4306a5fb3da9b77 ppc/debug/mysql-debuginfo-4.1.12-2.FC4.1.ppc.rpm
d7579b55ca0523ee093562ca80be3647 ppc/mysql-4.1.12-2.FC4.1.ppc64.rpm
657bb78043fdb9fbc4ab51d9153f147b x86_64/mysql-4.1.12-2.FC4.1.x86_64.rpm
c522150d70660d88a0c3ab44a2cfa4ba x86_64/mysql-server-4.1.12-2.FC4.1.x86_64.rpm
cb21a91f82c0b39d227c0aaa4d498f53 x86_64/mysql-devel-4.1.12-2.FC4.1.x86_64.rpm
0187d563d0cdecec49375c9b39e5c116 x86_64/mysql-bench-4.1.12-2.FC4.1.x86_64.rpm
85d8d44fc23c0c3960dc825937fa02e2 x86_64/debug/mysql-debuginfo-4.1.12-2.FC4.1.x86_64.rpm
97de47bd2c66fc9e213f9484d04db852 x86_64/mysql-4.1.12-2.FC4.1.i386.rpm
97de47bd2c66fc9e213f9484d04db852 i386/mysql-4.1.12-2.FC4.1.i386.rpm
3999316e1bea7bc0b832447a59870b98 i386/mysql-server-4.1.12-2.FC4.1.i386.rpm
1137e6778dc99f56df1c8c0eb462338b i386/mysql-devel-4.1.12-2.FC4.1.i386.rpm
657113d7ec9d26971f064035ab410a7b i386/mysql-bench-4.1.12-2.FC4.1.i386.rpm
f7c8443e9d551b7fc2651c98195a24e1 i386/debug/mysql-debuginfo-4.1.12-2.FC4.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
18 years, 9 months
[SECURITY] Fedora Core 4 Update: thunderbird-1.0.6-1.1.fc4
by Christopher Aillon
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-606
2005-07-20
---------------------------------------------------------------------
Product : Fedora Core 4
Name : thunderbird
Version : 1.0.6
Release : 1.1.fc4
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
---------------------------------------------------------------------
Update Information:
Mozilla Thunderbird is a standalone mail and newsgroup client.
A bug was found in the way Thunderbird handled anonymous functions during
regular expression string replacement. It is possible for a malicious HTML
mail to capture a random block of client memory. The Common
Vulnerabilities and Exposures project has assigned this bug the name
CAN-2005-0989.
A bug was found in the way Thunderbird validated several XPInstall related
JavaScript objects. A malicious HTML mail could pass other objects to the
XPInstall objects, resulting in the JavaScript interpreter jumping to
arbitrary locations in memory. (CAN-2005-1159)
A bug was found in the way the Thunderbird privileged UI code handled DOM
nodes from the content window. An HTML message could install malicious
JavaScript code or steal data when a user performs commonplace actions such
as clicking a link or opening the context menu. (CAN-2005-1160)
A bug was found in the way Thunderbird executed JavaScript code. JavaScript
executed from HTML mail should run with a restricted access level,
preventing dangerous actions. It is possible that a malicious HTML mail
could execute JavaScript code with elevated privileges, allowing access to
protected data and functions. (CAN-2005-1532)
A bug was found in the way Thunderbird executed Javascript in XBL controls.
It is possible for a malicious HTML mail to leverage this vulnerability to
execute other JavaScript based attacks even when JavaScript is disabled.
(CAN-2005-2261)
A bug was found in the way Thunderbird handled certain Javascript
functions. It is possible for a malicious HTML mail to crash the client by
executing malformed Javascript code. (CAN-2005-2265)
A bug was found in the way Thunderbird handled child frames. It is possible
for a malicious framed HTML mail to steal sensitive information from its
parent frame. (CAN-2005-2266)
A bug was found in the way Thunderbird handled DOM node names. It is
possible for a malicious HTML mail to overwrite a DOM node name, allowing
certain privileged chrome actions to execute the malicious JavaScript.
(CAN-2005-2269)
A bug was found in the way Thunderbird cloned base objects. It is possible
for HTML content to navigate up the prototype chain to gain access to
privileged chrome objects. (CAN-2005-2270)
Users of Thunderbird are advised to upgrade to this updated package that
contains Thunderbird version 1.0.6 and is not vulnerable to these issues.
---------------------------------------------------------------------
* Wed Jul 20 2005 Christopher Aillon <caillon(a)redhat.com> 1.0.6-1.1.fc4
- Update to 1.0.6
* Mon Jul 18 2005 Christopher Aillon <caillon(a)redhat.com> 1.0.6-0.1.fc4
- 1.0.6 Release Candidate
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
51f614a0a887ffb58ce6bbf4f4eb7431 SRPMS/thunderbird-1.0.6-1.1.fc4.src.rpm
fc206b1fd0dccb15da66b2fe3b272175 ppc/thunderbird-1.0.6-1.1.fc4.ppc.rpm
0b94083b2f2415f84069e30c20742ec1 ppc/debug/thunderbird-debuginfo-1.0.6-1.1.fc4.ppc.rpm
38da7902f6e1bcfc45ef688e04a770e8 x86_64/thunderbird-1.0.6-1.1.fc4.x86_64.rpm
1a6bbee24e0559176e19ba1218d91e02 x86_64/debug/thunderbird-debuginfo-1.0.6-1.1.fc4.x86_64.rpm
f858562b2d77180acb6d40022fe1c3cd i386/thunderbird-1.0.6-1.1.fc4.i386.rpm
90cba454ded9c8d4e049262abdea64d2 i386/debug/thunderbird-debuginfo-1.0.6-1.1.fc4.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
18 years, 9 months
[SECURITY] Fedora Core 4 Update: firefox-1.0.6-1.1.fc4
by Christopher Aillon
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-605
2005-07-20
---------------------------------------------------------------------
Product : Fedora Core 4
Name : firefox
Version : 1.0.6
Release : 1.1.fc4
Summary : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
---------------------------------------------------------------------
Update Information:
Mozilla Firefox is an open source Web browser.
A bug was found in the way Firefox handled synthetic events. It is possible
that Web content could generate events such as keystrokes or mouse clicks
that could be used to steal data or execute malicious JavaScript code. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-2260 to this issue.
A bug was found in the way Firefox executed Javascript in XBL controls. It
is possible for a malicious webpage to leverage this vulnerability to
execute other JavaScript based attacks even when JavaScript is disabled.
(CAN-2005-2261)
A bug was found in the way Firefox set an image as the desktop wallpaper.
If a user chooses the "Set As Wallpaper..." context menu item on a
specially crafted image, it is possible for an attacker to execute
arbitrary code on a victim's machine. (CAN-2005-2262)
A bug was found in the way Firefox installed its extensions. If a user can
be tricked into visiting a malicious webpage, it may be possible to obtain
sensitive information such as cookies or passwords. (CAN-2005-2263)
A bug was found in the way Firefox handled the _search target. It is
possible for a malicious website to inject JavaScript into an already open
webpage. (CAN-2005-2264)
A bug was found in the way Firefox handled certain Javascript functions. It
is possible for a malicious web page to crash the browser by executing
malformed Javascript code. (CAN-2005-2265)
A bug was found in the way Firefox handled multiple frame domains. It is
possible for a frame as part of a malicious web site to inject content into
a frame that belongs to another domain. This issue was previously fixed as
CAN-2004-0718 but was accidentally disabled. (CAN-2005-1937)
A bug was found in the way Firefox handled child frames. It is possible for
a malicious framed page to steal sensitive information from its parent
page. (CAN-2005-2266)
A bug was found in the way Firefox opened URLs from media players. If a
media player opens a URL that is JavaScript, JavaScript is executed
with access to the currently open webpage. (CAN-2005-2267)
A design flaw was found in the way Firefox displayed alerts and prompts.
Alerts and prompts were given the generic title [JavaScript Application]
which prevented a user from knowing which site created them. (CAN-2005-2268)
A bug was found in the way Firefox handled DOM node names. It is possible
for a malicious site to overwrite a DOM node name, allowing certain
privileged chrome actions to execute the malicious JavaScript. (CAN-2005-2269)
A bug was found in the way Firefox cloned base objects. It is possible for
Web content to navigate up the prototype chain to gain access to privileged
chrome objects. (CAN-2005-2270)
Users of Firefox are advised to upgrade to this updated package that
contains Firefox version 1.0.6 and is not vulnerable to these issues.
---------------------------------------------------------------------
* Wed Jul 20 2005 Christopher Aillon <caillon(a)redhat.com> 0:1.0.6-1.1.fc4
- Update to 1.0.6
* Mon Jul 18 2005 Christopher Aillon <caillon(a)redhat.com> 0:1.0.6-0.1.fc4
- 1.0.6 Release Candidate
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
ff916b514b9af918d03c5c3fc84b7d27 SRPMS/firefox-1.0.6-1.1.fc4.src.rpm
9facc82245e82e7eb55ed5efb9928bfd ppc/firefox-1.0.6-1.1.fc4.ppc.rpm
2ec89c34a5f8f407039d6062a55c5aa7 ppc/debug/firefox-debuginfo-1.0.6-1.1.fc4.ppc.rpm
6ddc89c3fba24903f5304bc08e8a3163 x86_64/firefox-1.0.6-1.1.fc4.x86_64.rpm
d2f45bece85710236ed59f25b68f3a56 x86_64/debug/firefox-debuginfo-1.0.6-1.1.fc4.x86_64.rpm
5e71924a825cdcf578af4362c431adbf i386/firefox-1.0.6-1.1.fc4.i386.rpm
23816e60313ff356c93b52045ab12ecb i386/debug/firefox-debuginfo-1.0.6-1.1.fc4.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
18 years, 9 months
[SECURITY] Fedora Core 3 Update: thunderbird-1.0.6-1.1.fc3
by Christopher Aillon
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-604
2005-07-20
---------------------------------------------------------------------
Product : Fedora Core 3
Name : thunderbird
Version : 1.0.6
Release : 1.1.fc3
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
---------------------------------------------------------------------
Update Information:
Mozilla Thunderbird is a standalone mail and newsgroup client.
A bug was found in the way Thunderbird handled anonymous functions during
regular expression string replacement. It is possible for a malicious HTML
mail to capture a random block of client memory. The Common
Vulnerabilities and Exposures project has assigned this bug the name
CAN-2005-0989.
A bug was found in the way Thunderbird validated several XPInstall related
JavaScript objects. A malicious HTML mail could pass other objects to the
XPInstall objects, resulting in the JavaScript interpreter jumping to
arbitrary locations in memory. (CAN-2005-1159)
A bug was found in the way the Thunderbird privileged UI code handled DOM
nodes from the content window. An HTML message could install malicious
JavaScript code or steal data when a user performs commonplace actions such
as clicking a link or opening the context menu. (CAN-2005-1160)
A bug was found in the way Thunderbird executed JavaScript code. JavaScript
executed from HTML mail should run with a restricted access level,
preventing dangerous actions. It is possible that a malicious HTML mail
could execute JavaScript code with elevated privileges, allowing access to
protected data and functions. (CAN-2005-1532)
A bug was found in the way Thunderbird executed Javascript in XBL controls.
It is possible for a malicious HTML mail to leverage this vulnerability to
execute other JavaScript based attacks even when JavaScript is disabled.
(CAN-2005-2261)
A bug was found in the way Thunderbird handled certain Javascript
functions. It is possible for a malicious HTML mail to crash the client by
executing malformed Javascript code. (CAN-2005-2265)
A bug was found in the way Thunderbird handled child frames. It is possible
for a malicious framed HTML mail to steal sensitive information from its
parent frame. (CAN-2005-2266)
A bug was found in the way Thunderbird handled DOM node names. It is
possible for a malicious HTML mail to overwrite a DOM node name, allowing
certain privileged chrome actions to execute the malicious JavaScript.
(CAN-2005-2269)
A bug was found in the way Thunderbird cloned base objects. It is possible
for HTML content to navigate up the prototype chain to gain access to
privileged chrome objects. (CAN-2005-2270)
Users of Thunderbird are advised to upgrade to this updated package that
contains Thunderbird version 1.0.6 and is not vulnerable to these issues.
---------------------------------------------------------------------
* Wed Jul 20 2005 Christopher Aillon <caillon(a)redhat.com> 1.0.6-1.1.fc3
- Update to 1.0.6
* Mon Jul 18 2005 Christopher Aillon <caillon(a)redhat.com> 1.0.6-0.1.fc3
- 1.0.6 Release Candidate
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
e060dd6ce427541531cc40c28a678643 SRPMS/thunderbird-1.0.6-1.1.fc3.src.rpm
617b9df6931ff067e896d29399849df0 x86_64/thunderbird-1.0.6-1.1.fc3.x86_64.rpm
8bcb33b02ad164e499e4109dc6909caa x86_64/debug/thunderbird-debuginfo-1.0.6-1.1.fc3.x86_64.rpm
2781375f4ff5c6280692d573787f5064 i386/thunderbird-1.0.6-1.1.fc3.i386.rpm
774d64ba857b9c430c3ae87471bc68f6 i386/debug/thunderbird-debuginfo-1.0.6-1.1.fc3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
18 years, 9 months
[SECURITY] Fedora Core 3 Update: firefox-1.0.6-1.1.fc3
by Christopher Aillon
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-603
2005-07-20
---------------------------------------------------------------------
Product : Fedora Core 3
Name : firefox
Version : 1.0.6
Release : 1.1.fc3
Summary : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
---------------------------------------------------------------------
Update Information:
Mozilla Firefox is an open source Web browser.
A bug was found in the way Firefox handled synthetic events. It is possible
that Web content could generate events such as keystrokes or mouse clicks
that could be used to steal data or execute malicious JavaScript code. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-2260 to this issue.
A bug was found in the way Firefox executed Javascript in XBL controls. It
is possible for a malicious webpage to leverage this vulnerability to
execute other JavaScript based attacks even when JavaScript is disabled.
(CAN-2005-2261)
A bug was found in the way Firefox set an image as the desktop wallpaper.
If a user chooses the "Set As Wallpaper..." context menu item on a
specially crafted image, it is possible for an attacker to execute
arbitrary code on a victim's machine. (CAN-2005-2262)
A bug was found in the way Firefox installed its extensions. If a user can
be tricked into visiting a malicious webpage, it may be possible to obtain
sensitive information such as cookies or passwords. (CAN-2005-2263)
A bug was found in the way Firefox handled the _search target. It is
possible for a malicious website to inject JavaScript into an already open
webpage. (CAN-2005-2264)
A bug was found in the way Firefox handled certain Javascript functions. It
is possible for a malicious web page to crash the browser by executing
malformed Javascript code. (CAN-2005-2265)
A bug was found in the way Firefox handled multiple frame domains. It is
possible for a frame as part of a malicious web site to inject content into
a frame that belongs to another domain. This issue was previously fixed as
CAN-2004-0718 but was accidentally disabled. (CAN-2005-1937)
A bug was found in the way Firefox handled child frames. It is possible for
a malicious framed page to steal sensitive information from its parent
page. (CAN-2005-2266)
A bug was found in the way Firefox opened URLs from media players. If a
media player opens a URL that is JavaScript, JavaScript is executed
with access to the currently open webpage. (CAN-2005-2267)
A design flaw was found in the way Firefox displayed alerts and prompts.
Alerts and prompts were given the generic title [JavaScript Application]
which prevented a user from knowing which site created them. (CAN-2005-2268)
A bug was found in the way Firefox handled DOM node names. It is possible
for a malicious site to overwrite a DOM node name, allowing certain
privileged chrome actions to execute the malicious JavaScript. (CAN-2005-2269)
A bug was found in the way Firefox cloned base objects. It is possible for
Web content to navigate up the prototype chain to gain access to privileged
chrome objects. (CAN-2005-2270)
Users of Firefox are advised to upgrade to this updated package that
contains Firefox version 1.0.6 and is not vulnerable to these issues.
---------------------------------------------------------------------
* Wed Jul 20 2005 Christopher Aillon <caillon(a)redhat.com> 0:1.0.6-1.1.fc3
- Update to 1.0.6
* Mon Jul 18 2005 Christopher Aillon <caillon(a)redhat.com> 0:1.0.6-0.1.fc3
- 1.0.6 Candidate Release
* Sun May 15 2005 Christopher Aillon <caillon(a)redhat.com>
- Re-enable jsd now that there are venkman versions that work with Firefox
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
af02171d12225714c15c60f04c20e2f9 SRPMS/firefox-1.0.6-1.1.fc3.src.rpm
ef8cb22e843e9c462b070913124eb55d x86_64/firefox-1.0.6-1.1.fc3.x86_64.rpm
54fbfd492a9d044b64166a226cef75ca x86_64/debug/firefox-debuginfo-1.0.6-1.1.fc3.x86_64.rpm
0b8019d7294f3be8d1647cf7d571ae14 i386/firefox-1.0.6-1.1.fc3.i386.rpm
8f0c85f49676902e4f0be8f90aa52712 i386/debug/firefox-debuginfo-1.0.6-1.1.fc3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
18 years, 9 months
Official Launch of the Fedora BugZappers Triage Team
by Jack Aboutboul
Want to help out with the Fedora Project, but can't code a lick? Well
fear not my dear friends. There are many ways you can help the cause
and today I am pleased to announce a brand new way you can help
contribute. Join the Fedora BugZappers!
Who are the BugZappers?
The BugZappers, (http://www.fedoraproject.org/wiki/BugZappers) are the
official triage team of the Fedora Project. The main goal of the team
is to triage, or do a first pass, of bugs in Bugzilla and ensure that a
number of parameters are satisfactorily met. Basically what that means
is that the BugZappers will go through bugs as they come in and try and
make sure the bugs are valid (i.e. not a duplicate), sane and contain
enough information to be escalated to developers. If you have ever
reported a bug and wondered why it took so long to get fixed, well then
BugZappers is the right project to join.
Tell Me More!
The BugZappers aim to be the primary line of defense for Fedora Quality
Assurance (QA). The BugZappers will begin running Bug Day events, every
alternating week, usually on Wednesdays. Bug Day events are when the
team gets together to concentrate our focus on certain subsections of
the project which need work. Triage should continue on though, and
remember kids, "Every day should be a Bug Day!"
So, if you are tired of hearing complaints about things not working,
pieces being broken or just plain want to help Fedora be the best dang
Fedora it can be, then join the BugZappers team and help the developers
make the most of their coding time. It's fun, it's easy, you don't need
much experience to start and we are willing to show you the path of the
righteous, should you choose to accept this mission.
What's in it for me?
Glad you asked. First of all there is candy. OK, so there is no candy,
but there is free stuff. The team is working on some giveaways and run
contests during Bug Day events. You also get to work on triaging things
that annoy you first, so your problems get fixed sooner; kernel problems
anyone? Also, a wise man once said, much fame and fortune come to he
who close many bugs. OK, it really wasn't a wise man buy you get the
point.
How Do I Join?
Step 1: Sign up for the mailing list at:
http://www.redhat.com/mailman/listinfo/fedora-triage-list
Step 2: Join us on IRC
We live in #fedora-bugs on Freenode
Step 3: Read/Modify/Enhance the wiki
Our wiki is located at http://www.fedoraproject.org/wiki/BugZappers .
Additionally, we have more information available on the wiki at:
http://www.fedoraproject.org/wiki/BugsReports and
http://www.fedoraproject.org/wiki/Bugs .
More content will be added as we get the project off the ground and
moving.
Also, be sure to look for our announcement of the first Bug Day event
coming soon to an Inbox near you!
Thanks,
Jack
18 years, 9 months
Fedora Core 4 Update: freeradius-1.0.4-1.FC4.1
by Thomas Woerner
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-602
2005-07-20
---------------------------------------------------------------------
Product : Fedora Core 4
Name : freeradius
Version : 1.0.4
Release : 1.FC4.1
Summary : High-performance and highly configurable free RADIUS server.
Description :
The FreeRADIUS Server Project is a high performance and highly configurable
GPL'd free RADIUS server. The server is similar in some respects to
Livingston's 2.0 server. While FreeRADIUS started as a variant of the
Cistron RADIUS server, they don't share a lot in common any more. It now has
many more features than Cistron or Livingston, and is much more configurable.
FreeRADIUS is an Internet authentication daemon, which implements the RADIUS
protocol, as defined in RFC 2865 (and others). It allows Network Access
Servers (NAS boxes) to perform authentication for dial-up users. There are
also RADIUS clients available for Web servers, firewalls, Unix logins, and
more. Using RADIUS allows authentication and authorization for a network to
be centralized, and minimizes the amount of re-configuration which has to be
done when adding or deleting new users.
---------------------------------------------------------------------
Update Information:
Fixes missing ldap plugin.
---------------------------------------------------------------------
* Wed Jul 20 2005 Thomas Woerner <twoerner(a)redhat.com> 1.0.4-1.FC4.1
- new version 1.0.4
- droppend radrelay patch (fixed upstream)
- added missing build requires for libtool-ltdl-devel (#160877)
- modified file list to get a report for missing plugins
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
a51fa9e2809f03f98d28bce6089d3e51 SRPMS/freeradius-1.0.4-1.FC4.1.src.rpm
db011e5c9044216e7c2a76815064ebfe ppc/freeradius-1.0.4-1.FC4.1.ppc.rpm
8bd3c642452cbe98dc6655f342ca4330 ppc/freeradius-mysql-1.0.4-1.FC4.1.ppc.rpm
b5430a868c61a80746acdc3a3e04f5ab ppc/freeradius-postgresql-1.0.4-1.FC4.1.ppc.rpm
62d77c13aefbdd4c3758ad4ff0b3bdaf ppc/freeradius-unixODBC-1.0.4-1.FC4.1.ppc.rpm
0c4e4ee863a08060436322d91fb79584 ppc/debug/freeradius-debuginfo-1.0.4-1.FC4.1.ppc.rpm
0ffe42e6641a1265ae6e5dfffdbcffd9 x86_64/freeradius-1.0.4-1.FC4.1.x86_64.rpm
6a9319c6924667deef028c0eaad9fb70 x86_64/freeradius-mysql-1.0.4-1.FC4.1.x86_64.rpm
4107da0cd2391e4c1d17c15236a5dbdf x86_64/freeradius-postgresql-1.0.4-1.FC4.1.x86_64.rpm
ef78eb055368270b4af28cd6132eee41 x86_64/freeradius-unixODBC-1.0.4-1.FC4.1.x86_64.rpm
911f54259a12748f3cf3997f65723cc0 x86_64/debug/freeradius-debuginfo-1.0.4-1.FC4.1.x86_64.rpm
1aeb4cbb393a7e731ab740b1fdae5e24 i386/freeradius-1.0.4-1.FC4.1.i386.rpm
34778f69fa2cf36edf6d324a3ec2da9c i386/freeradius-mysql-1.0.4-1.FC4.1.i386.rpm
8f8e28cd5b6253332ae07a18d58c936c i386/freeradius-postgresql-1.0.4-1.FC4.1.i386.rpm
5b18442ad0e54a8e20412803ea6c5cbd i386/freeradius-unixODBC-1.0.4-1.FC4.1.i386.rpm
91fd6b450005e165c5618dd851ce6679 i386/debug/freeradius-debuginfo-1.0.4-1.FC4.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
18 years, 9 months
Fedora Core 4 Update: kernel-2.6.12-1.1398_FC4
by Dave Jones
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-572
2005-07-15
---------------------------------------------------------------------
Product : Fedora Core 4
Name : kernel
Version : 2.6.12
Release : 1.1398_FC4
Summary : The Linux kernel (the core of the Linux operating system).
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of
the Red Hat Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process
allocation, device input and output, etc.
---------------------------------------------------------------------
* Fri Jul 15 2005 Dave Jones <davej(a)redhat.com>
- Include a number of patches likely to show up in 2.6.12.3
* Thu Jul 14 2005 Dave Jones <davej(a)redhat.com>
- Add Appletouch support.
* Wed Jul 13 2005 David Woodhouse <dwmw2(a)redhat.com>
- Audit updates. In particular, don't printk audit messages that
are passed from userspace when auditing is disabled.
* Tue Jul 12 2005 Dave Jones <davej(a)redhat.com>
- Fix up several reports of CD's causing crashes.
- Make -p port arg of rpc.nfsd work.
- Work around a usbmon deficiency.
- Fix connection tracking bug with bridging. (#162438)
* Mon Jul 11 2005 Dave Jones <davej(a)redhat.com>
- Fix up locking in piix IDE driver whilst tuning chipset.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
d60975e1a16064f73648ff4214715a6d SRPMS/kernel-2.6.12-1.1398_FC4.src.rpm
f6115f583228118c20b38402ca60ea1d ppc/kernel-2.6.12-1.1398_FC4.ppc.rpm
524039577f55a2bd7321418732a291dc ppc/kernel-devel-2.6.12-1.1398_FC4.ppc.rpm
c2e0891dc4a99b9eb1fe9c3688d864ca ppc/kernel-smp-2.6.12-1.1398_FC4.ppc.rpm
927df1215539fdd716c74abeb9a7b6de ppc/kernel-smp-devel-2.6.12-1.1398_FC4.ppc.rpm
3ed769a3ba498d9dd1266add3f259f1c ppc/debug/kernel-debuginfo-2.6.12-1.1398_FC4.ppc.rpm
3857f71be4ffdeca8b309ca1e29759bc ppc/kernel-2.6.12-1.1398_FC4.ppc64.rpm
853694ec5db007cf0a36b226a4f75694 ppc/kernel-devel-2.6.12-1.1398_FC4.ppc64.rpm
fca7efcef4e84a40b61aea0e03a75f23 ppc/kernel-2.6.12-1.1398_FC4.ppc64iseries.rpm
7005912e1d33c1843aeb4cb653c3a424 ppc/kernel-devel-2.6.12-1.1398_FC4.ppc64iseries.rpm
9c97f4ad5a2c37701bba142ef786869d x86_64/kernel-2.6.12-1.1398_FC4.x86_64.rpm
40ae8531537f7ac1d5784063407aeff7 x86_64/kernel-devel-2.6.12-1.1398_FC4.x86_64.rpm
c2a4f2d332b95d128528abe01c9533e2 x86_64/kernel-smp-2.6.12-1.1398_FC4.x86_64.rpm
20f42bd2178b643a0fdbff20532c72bf x86_64/kernel-smp-devel-2.6.12-1.1398_FC4.x86_64.rpm
7142e5e15fdf520d8dfc89c8953b0b12 x86_64/debug/kernel-debuginfo-2.6.12-1.1398_FC4.x86_64.rpm
8a13d764eaeed65871579e27a461337d x86_64/kernel-doc-2.6.12-1.1398_FC4.noarch.rpm
04a278fdd00bdb01aebac101a002b054 i386/kernel-2.6.12-1.1398_FC4.i586.rpm
677187f478b404d03bb9f7febad17bcd i386/kernel-devel-2.6.12-1.1398_FC4.i586.rpm
7fda173b7d5a2490f5e45f9d7134bfac i386/debug/kernel-debuginfo-2.6.12-1.1398_FC4.i586.rpm
650a339a9d1437658260ea7d28df617c i386/kernel-2.6.12-1.1398_FC4.i686.rpm
d8f301430c6bc35d6bc5a5f5ecdcc188 i386/kernel-devel-2.6.12-1.1398_FC4.i686.rpm
1dadb93aa84cc37e25deddc545bc94b0 i386/kernel-smp-2.6.12-1.1398_FC4.i686.rpm
734f49956151ccff7d06a014f7f262e5 i386/kernel-smp-devel-2.6.12-1.1398_FC4.i686.rpm
9cd10325d3b24b663ce6934085e416b7 i386/kernel-xen0-2.6.12-1.1398_FC4.i686.rpm
9a6652a2905ca5642be945a87b1d580e i386/kernel-xen0-devel-2.6.12-1.1398_FC4.i686.rpm
3a564afecc494e657337be375f62dab4 i386/kernel-xenU-2.6.12-1.1398_FC4.i686.rpm
a70eb479e1478ab87801edd7f8f73747 i386/kernel-xenU-devel-2.6.12-1.1398_FC4.i686.rpm
a53522cf81dce5043c93ca00bcebbc52 i386/debug/kernel-debuginfo-2.6.12-1.1398_FC4.i686.rpm
8a13d764eaeed65871579e27a461337d i386/kernel-doc-2.6.12-1.1398_FC4.noarch.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
18 years, 9 months
[SECURITY] Fedora Core 3 Update: kdelibs-3.3.1-2.14.FC3
by than
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-594
2005-07-19
---------------------------------------------------------------------
Product : Fedora Core 3
Name : kdelibs
Version : 3.3.1
Release : 2.14.FC3
Summary : K Desktop Environment - Libraries
Description :
Libraries for the K Desktop Environment.
KDE Libraries include: kdecore (KDE core library), kdeui (user
interface), kfm (file manager), khtmlw (HTML widget), kio
(Input/Output, networking), kspell (spelling checker), jscript
(javascript), kab (addressbook), kimgio (image manipulation).
---------------------------------------------------------------------
Update Information:
A flaw was discovered affecting Kate, the KDE advanced text editor, and
Kwrite. Depending on system settings it may be possible for a local user
to read the backup files created by Kate or Kwrite. The Common
Vulnerabilities and Exposures project assigned the name CAN-2005-1920 to
this issue.
Users of Kate or Kwrite should update to this erratum package which
contains a backported patch from the KDE security team correcting this issue.
---------------------------------------------------------------------
* Tue Jul 12 2005 Than Ngo <than(a)redhat.com> 6:3.3.1-2.14.FC3
- Kate backup file permission leak, apply patch to fix this vulnerabilities
CAN-2005-1920
- apply cvs patch to get rid of warning "Mutex destroy failure", #160922
* Wed May 4 2005 Than Ngo <than(a)redhat.com> 6:3.3.1-2.13.FC3
- new patch to fix kimgio input validation vulnerabilities, CAN-2005-1046
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
7c16ace15f5c3cc17833062448f9a479 SRPMS/kdelibs-3.3.1-2.14.FC3.src.rpm
ab43dbc1f7f8bd0ab15abbd1b81fa8b7 x86_64/kdelibs-3.3.1-2.14.FC3.x86_64.rpm
00ff507d1d9629744a0750c5dc36c0ca x86_64/kdelibs-devel-3.3.1-2.14.FC3.x86_64.rpm
3aab6b8bf911cc5915392cafd78c5da3 x86_64/debug/kdelibs-debuginfo-3.3.1-2.14.FC3.x86_64.rpm
4ea59323607d5df364a9ba9a0bb9a6c7 x86_64/kdelibs-3.3.1-2.14.FC3.i386.rpm
4ea59323607d5df364a9ba9a0bb9a6c7 i386/kdelibs-3.3.1-2.14.FC3.i386.rpm
99f32b21eb7cf1c5a612356bcd935bcc i386/kdelibs-devel-3.3.1-2.14.FC3.i386.rpm
a1baca56812419ec7f261291bb86084b i386/debug/kdelibs-debuginfo-3.3.1-2.14.FC3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
18 years, 9 months
Fedora Core 4 Update: radvd-0.8-2.FC4
by Jason Vas Dias
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-595
2005-07-19
---------------------------------------------------------------------
Product : Fedora Core 4
Name : radvd
Version : 0.8
Release : 2.FC4
Summary : A Router Advertisement daemon.
Description :
Radvd is the router advertisement daemon for IPv6. It listens to
router solicitations and sends router advertisements as described in
"Neighbor Discovery for IP Version 6 (IPv6)" (RFC 2461). With these
advertisements, hosts can automatically configure their addresses and
some other parameters. They also can choose a default router based on
these advertisements.
Install radvd if you are setting up IPv6 network and/or Mobile IPv6
services.
---------------------------------------------------------------------
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
40eb95779d33e520c211c13f00c72b97 SRPMS/radvd-0.8-2.FC4.src.rpm
ba208dcd52a3b329ec42e0184b46090d ppc/radvd-0.8-2.FC4.ppc.rpm
85374292e0e4395392d0919cd16b5282 ppc/debug/radvd-debuginfo-0.8-2.FC4.ppc.rpm
eafe5668eaed0cb8ebfc4397586e8a3a x86_64/radvd-0.8-2.FC4.x86_64.rpm
a3e09c8e71c0ca4a1b93217a3c53eb82 x86_64/debug/radvd-debuginfo-0.8-2.FC4.x86_64.rpm
e1410e3529c80f1a9cefa662b02d198a i386/radvd-0.8-2.FC4.i386.rpm
af6ec6f612d7c6bd6ae762c3035b2b72 i386/debug/radvd-debuginfo-0.8-2.FC4.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
18 years, 9 months