The following Fedora EPEL 4 Security updates need testing:
https://admin.fedoraproject.org/updates/clamav-0.97-12.el4
The following builds have been pushed to Fedora EPEL 4 updates-testing
clamav-0.97-12.el4
globus-gsi-sysconfig-3.1-3.el4
ruby-augeas-0.4.1-1.el4
Details about builds:
================================================================================
clamav-0.97-12.el4 (FEDORA-EPEL-2011-2949)
Anti-virus software
--------------------------------------------------------------------------------
Update Information:
Trivial change to freshclam configuration and cronjob to not override the defaults the
upstream clamav sets for NotifyClamd.
* Wed Mar 30 2011 Jan-Frode Myklebust <janfrode(a)tanso.net> - 0.97-12 - Move deletion
of /var/lib/clamav/mirrors.dat to db package. - Don't enable NotifyClamd in freshclam
config and cronjob, as not everybody is running clamd. Running clamd's will anyway
notice when db is updated.
https://www.redhat.com/archives/epel-devel-list/2011-March/msg00075.html
https://www.redhat.com/archives/epel-devel-list/2011-March/msg00075.html
https://www.redhat.com/archives/epel-devel-list/2011-March/msg00075.html
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 30 2011 Jan-Frode Myklebust <janfrode(a)tanso.net> - 0.97-12
- Move deletion of /var/lib/clamav/mirrors.dat to db package.
- Don't enable NotifyClamd in freshclam config and cronjob, as not
everybody is running clamd. Running clamd's will anyway notice
when db is updated.
* Fri Mar 18 2011 Jan-Frode Myklebust <janfrode(a)tanso.net> - 0.97-11
- Delete /var/lib/clamav/mirrors.dat, it will be recreated on first run.
- clamav-milter config cleanups.
* Wed Mar 16 2011 Jan-Frode Myklebust <janfrode(a)tanso.net> - 0.97-10
- Make sure /var/lib/clamav/mirrors.dat has owner fixed on upgrade.
- Don't start clamd or milter service by default.
* Tue Mar 15 2011 Jan-Frode Myklebust <janfrode(a)tanso.net> - 0.97-7
- rpm-provide all old package names that are now obsoleted
* Mon Mar 14 2011 Jan-Frode Myklebust <janfrode(a)tanso.net> - 0.97-6
- clam-db obsoletes old clamav-data-empty.
* Sun Mar 13 2011 Jan-Frode Myklebust <janfrode(a)tanso.net> - 0.97-4
- Add back clamd-wrapper to stay compatible with users
of old packaging (amavisd-new).
* Wed Feb 23 2011 Nick Bebout <nb(a)fedoraproject.org> - 0.097-3
- Move db to /var/lib/clamav
- Ship empty directory /etc/clamd.d for amavisd-new
* Thu Feb 17 2011 Kevin Fenzi <kevin(a)tummy.com> - 0.97-2
- Disable llvm.
* Tue Feb 8 2011 Kevin Fenzi <kevin(a)tummy.com> - 0.97-1
- Update to 0.97
- Fix up for current guidelines.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #692016 - NotifyClamd: Can't find or parse configuration file
/etc/clamd.conf
https://bugzilla.redhat.com/show_bug.cgi?id=692016
[ 2 ] Bug #579370 - Update to newest version 0.96
https://bugzilla.redhat.com/show_bug.cgi?id=579370
[ 3 ] Bug #667203 - CVE-2010-1639 Clam AntiVirus: Heap-based overflow, when processing
malicious PDF file(s) [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=667203
[ 4 ] Bug #655636 - clamav-scanner, clamav-scanner-sysvinit in EPEL
https://bugzilla.redhat.com/show_bug.cgi?id=655636
[ 5 ] Bug #580676 - CVE-2010-0098 CVE-2010-1311 Multiple clamav vulnerabilities [Fedora
all]
https://bugzilla.redhat.com/show_bug.cgi?id=580676
[ 6 ] Bug #679793 - CVE-2011-1003 clamav: Double free error by reading VBA project
strings [epel-4]
https://bugzilla.redhat.com/show_bug.cgi?id=679793
[ 7 ] Bug #538425 - Wrong milter.conf file template in clamav-milter
https://bugzilla.redhat.com/show_bug.cgi?id=538425
[ 8 ] Bug #495502 - 0.95.1 is busted
https://bugzilla.redhat.com/show_bug.cgi?id=495502
[ 9 ] Bug #679794 - CVE-2011-1003 clamav: Double free error by reading VBA project
strings [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=679794
--------------------------------------------------------------------------------
================================================================================
globus-gsi-sysconfig-3.1-3.el4 (FEDORA-EPEL-2011-2939)
Globus Toolkit - Globus GSI System Config Library
--------------------------------------------------------------------------------
Update Information:
Fixes a bug that caused globus not to identify directories correctly on filesystems were
the directory inode size is reported as 0, e.g. CIFS.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 29 2011 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 3.1-3
- Allow zero-size dirs
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
3.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
ruby-augeas-0.4.1-1.el4 (FEDORA-EPEL-2011-2948)
Ruby bindings for Augeas
--------------------------------------------------------------------------------
Update Information:
Adds bindings for the full augeas-0.8.0 API
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 29 2011 David Lutterkort <lutter(a)redhat.com> - 0.4.1-1
- New version
--------------------------------------------------------------------------------