The following Fedora EPEL 4 Security updates need testing:
https://admin.fedoraproject.org/updates/ocsinventory-agent-1.1.2.1-1.el4
https://admin.fedoraproject.org/updates/gnucash-2.0.5-4.el4
The following builds have been pushed to Fedora EPEL 4 updates-testing
erlang-etap-0.3.4-5.el4
gnucash-2.0.5-4.el4
nrpe-2.12-16.el4
Details about builds:
================================================================================
erlang-etap-0.3.4-5.el4 (FEDORA-EPEL-2010-3556)
Erlang testing library
--------------------------------------------------------------------------------
Update Information:
* Fixed runtime issues in EL-4
* Added %check target
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2010 Peter Lemenkov <lemenkov(a)gmail.com> 0.3.4-5
- Fixed missing runtime dependency on EL-4
- Added %check target
* Tue Sep 28 2010 Peter Lemenkov <lemenkov(a)gmail.com> 0.3.4-4
- Narrowed BuildRequires
* Mon Jul 12 2010 Peter Lemenkov <lemenkov(a)gmail.com> 0.3.4-3
- Rebuild for Erlang/OTP R14A
- Simplified spec-file
--------------------------------------------------------------------------------
================================================================================
gnucash-2.0.5-4.el4 (FEDORA-EPEL-2010-3554)
GnuCash is an application to keep track of your finances
--------------------------------------------------------------------------------
Update Information:
This update removes an unneeded file which could cause a security issue if executed from a
directory other users had write access to.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2010 Bill Nottingham <notting(a)redhat.com>
- don't ship gnc-test-env (#644933, CVE-2010-3999)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #644933 - CVE-2010-3999 gnucash: insecure library loading vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=644933
--------------------------------------------------------------------------------
================================================================================
nrpe-2.12-16.el4 (FEDORA-EPEL-2010-3560)
Host/service/network monitoring agent for Nagios
--------------------------------------------------------------------------------
Update Information:
Proper directory access mode for %{_localstatedir}/run/nrpe
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 25 2010 Peter Lemenkov <lemenkov(a)gmail.com> - 2.12-16
- Issue with SELinux was resolved (see rhbz #565220#c25). 2nd try.
* Wed Sep 29 2010 jkeating - 2.12-15
- Rebuilt for gcc bug 634757
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #565220 - SELinux is preventing /usr/sbin/nrpe "dac_override" access
.
https://bugzilla.redhat.com/show_bug.cgi?id=565220
--------------------------------------------------------------------------------