The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/asterisk-1.8.2.2-2.el6,libsrtp-1....
https://admin.fedoraproject.org/updates/myproxy-5.3-1.el6
https://admin.fedoraproject.org/updates/perl-CGI-Simple-1.113-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
asterisk-1.8.2.2-2.el6
drupal6-auto_nodetitle-1.2-4.el6
drupal6-ctools-1.8-4.el6
drupal6-views_bulk_operations-1.10-3.el6
libsrtp-1.4.4-2.20101004cvs.el6
netatalk-2.1.5-1.el6
ntfs-3g-2011.1.15-1.el6
perl-Net-DBus-0.33.6-8.el6
python-inotify-0.9.1-1.el6
rear-1.9-1.el6
x11vnc-0.9.12-17.el6
yubikey-ksm-1.5-3.el6
yubikey-val-2.7-2.el6
Details about builds:
================================================================================
asterisk-1.8.2.2-2.el6 (FEDORA-EPEL-2011-0191)
The Open Source PBX
--------------------------------------------------------------------------------
Update Information:
Update to 1.8.2.2 to fix CVE-2011-0495
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 24 2011 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.8.2.2-2
- Build with SRTP support
* Mon Jan 24 2011 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.8.2.2-1
-
- The Asterisk Development Team has announced a release for the security issue
- described in AST-2011-001.
-
- Due to a failed merge, Asterisk 1.8.2.1 which should have included the security
- fix did not. Asterisk 1.8.2.2 contains the the changes which should have been
- included in Asterisk 1.8.2.1.
-
- This releases is available for immediate download at
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The releases of Asterisk 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.2,
- 1.8.1.2, and 1.8.2.2 resolve an issue when forming an outgoing SIP request while
- in pedantic mode, which can cause a stack buffer to be made to overflow if
- supplied with carefully crafted caller ID information. The issue and resolution
- are described in the AST-2011-001 security advisory.
-
- For more information about the details of this vulnerability, please read the
- security advisory AST-2011-001, which was released at the same time as this
- announcement.
-
- For a full list of changes in the current release, please see the ChangeLog:
-
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
- Security advisory AST-2011-001 is available at:
-
-
http://downloads.asterisk.org/pub/security/AST-2011-001.pdf
* Mon Jan 24 2011 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.8.2.1-1
-
- The Asterisk Development Team has announced security releases for the following
- versions of Asterisk:
-
- * 1.4.38.1
- * 1.4.39.1
- * 1.6.1.21
- * 1.6.2.15.1
- * 1.6.2.16.1
- * 1.8.1.2
- * 1.8.2.1
-
- These releases are available for immediate download at
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The releases of Asterisk 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.2,
- 1.8.1.2, and 1.8.2.1 resolve an issue when forming an outgoing SIP request while
- in pedantic mode, which can cause a stack buffer to be made to overflow if
- supplied with carefully crafted caller ID information. The issue and resolution
- are described in the AST-2011-001 security advisory.
-
- For more information about the details of this vulnerability, please read the
- security advisory AST-2011-001, which was released at the same time as this
- announcement.
-
- For a full list of changes in the current releases, please see the ChangeLog:
-
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
- Security advisory AST-2011-001 is available at:
-
-
http://downloads.asterisk.org/pub/security/AST-2011-001.pdf
* Mon Jan 24 2011 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.8.2-1
-
- The Asterisk Development Team has announced the release of Asterisk 1.8.2. This
- release is available for immediate download at
-
http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.2 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * 'sip notify clear-mwi' needs terminating CRLF.
- (Closes issue #18275. Reported, patched by klaus3000)
-
- * Patch for deadlock from ordering issue between channel/queue locks in
- app_queue (set_queue_variables).
- (Closes issue #18031. Reported by rain. Patched by bbryant)
-
- * Fix cache of device state changes for multiple servers.
- (Closes issue #18284, #18280. Reported, tested by klaus3000. Patched, tested
- by russellb)
-
- * Resolve issue where channel redirect function (CLI or AMI) hangs up the call
- instead of redirecting the call.
- (Closes issue #18171. Reported by: SantaFox)
- (Closes issue #18185. Reported by: kwemheuer)
- (Closes issue #18211. Reported by: zahir_koradia)
- (Closes issue #18230. Reported by: vmarrone)
- (Closes issue #18299. Reported by: mbrevda)
- (Closes issue #18322. Reported by: nerbos)
-
- * Fix reloading of peer when a user is requested. Prevent peer reloading from
- causing multiple MWI subscriptions to be created when using realtime.
- (Closes issue #18342. Reported, patched by nivek.)
-
- * Fix XMPP PubSub-based distributed device state. Initialize pubsubflags to 0
- so res_jabber doesn't think there is already an XMPP connection sending
- device state. Also clean up CLI commands a bit.
- (Closes issue #18272. Reported by klaus3000. Patched by Marquis42)
-
- * Don't crash after Set(CDR(userfield)=...) in ast_bridge_call. Instead of
- setting peer->cdr = NULL, set it to not post.
- (Closes issue #18415. Reported by macbrody. Patched, tested by jsolares)
-
- * Fixes issue with outbound google voice calls not working. Thanks to az1234
- and nevermind_quack for their input in helping debug the issue.
- (Closes issue #18412. Reported by nevermind_quack. Patched by dvossel)
-
- For a full list of changes in this release, please see the ChangeLog:
-
-
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.2
* Mon Jan 24 2011 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.8.1.1-1
-
- The Asterisk Development Team has announced the release of Asterisk 1.8.1.1.
- This release is available for immediate download at
-
http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.1.1 resolves two issues reported by the community
- since the release of Asterisk 1.8.1.
-
- * Don't crash after Set(CDR(userfield)=...) in ast_bridge_call. Instead of
- setting peer->cdr = NULL, set it to not post.
- (Closes issue #18415. Reported by macbrody. Patched, tested by jsolares)
-
- * Fixes issue with outbound google voice calls not working. Thanks to az1234
- and nevermind_quack for their input in helping debug the issue.
- (Closes issue #18412. Reported by nevermind_quack. Patched by dvossel)
-
- For a full list of changes in this release candidate, please see the ChangeLog:
-
-
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.1.1
* Mon Jan 24 2011 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.8.1-1
-
- The Asterisk Development Team has announced the release of Asterisk 1.8.1. This
- release is available for immediate download at
-
http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.1 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * Fix issue when using directmedia. Asterisk needs to limit the codecs offered
- to just the ones that both sides recognize, otherwise they may end up sending
- audio that the other side doesn't understand.
- (Closes issue #17403. Reported, patched by one47. Tested by one47, falves11)
-
- * Resolve issue where Party A in an analog 3-way call would continue to hear
- ringback after party C answers.
- (Patched by rmudgett)
-
- * Fix playback failure when using IAX with the timerfd module.
- (Closes issue #18110. Reported, tested by tpanton. Patched by jpeeler)
-
- * Fix problem with qualify option packets for realtime peers never stopping.
- The option packets not only never stopped, but if a realtime peer was not in
- the peer list multiple options dialogs could accumulate over time.
- (Closes issue #16382. Reported by lftsy. Tested by zerohalo. Patched by
- jpeeler)
-
- * Fix issue where it is possible to crash Asterisk by feeding the curl engine
- invalid data.
- (Closes issue #18161. Reported by wdoekes. Patched by tilghman)
-
- For a full list of changes in this release, please see the ChangeLog:
-
-
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #670777 - CVE-2011-0495 Asterisk: Stack-based buffer overflow by forming an
outgoing SIP request with specially-crafted caller ID information (AST-2011-001)
https://bugzilla.redhat.com/show_bug.cgi?id=670777
--------------------------------------------------------------------------------
================================================================================
drupal6-auto_nodetitle-1.2-4.el6 (FEDORA-EPEL-2011-0173)
A small and efficient module that allows hiding of the content title
--------------------------------------------------------------------------------
Update Information:
"auto_nodetitle" is a small and efficient module that allows hiding of the
content title.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #664303 - Review Request: drupal6-auto_nodetitle - "auto_nodetitle"
is a small and efficient module that allows hiding of the content title
https://bugzilla.redhat.com/show_bug.cgi?id=664303
--------------------------------------------------------------------------------
================================================================================
drupal6-ctools-1.8-4.el6 (FEDORA-EPEL-2011-0187)
This suite is primarily a set of APIs and tools
--------------------------------------------------------------------------------
Update Information:
This suite is primarily a set of APIs and tools to improve the developer experience.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #653805 - Review Request: drupal6-ctools - This suite is primarily a set of
APIs and tools to improve the developer experience.
https://bugzilla.redhat.com/show_bug.cgi?id=653805
--------------------------------------------------------------------------------
================================================================================
drupal6-views_bulk_operations-1.10-3.el6 (FEDORA-EPEL-2011-0179)
This module augments Views by allowing bulk operations to be executed
--------------------------------------------------------------------------------
Update Information:
This module augments Views by allowing bulk operations to be executed.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #669327 - Review Request: drupal6-views_bulk_operations - This module augments
Views by allowing bulk operations to be executed
https://bugzilla.redhat.com/show_bug.cgi?id=669327
--------------------------------------------------------------------------------
================================================================================
libsrtp-1.4.4-2.20101004cvs.el6 (FEDORA-EPEL-2011-0191)
An implementation of the Secure Real-time Transport Protocol (SRTP)
--------------------------------------------------------------------------------
Update Information:
Update to 1.8.2.2 to fix CVE-2011-0495
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #670777 - CVE-2011-0495 Asterisk: Stack-based buffer overflow by forming an
outgoing SIP request with specially-crafted caller ID information (AST-2011-001)
https://bugzilla.redhat.com/show_bug.cgi?id=670777
--------------------------------------------------------------------------------
================================================================================
netatalk-2.1.5-1.el6 (FEDORA-EPEL-2011-0180)
AppleTalk networking programs
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #669196 - Please move netatalk into EPEL repo
https://bugzilla.redhat.com/show_bug.cgi?id=669196
--------------------------------------------------------------------------------
================================================================================
ntfs-3g-2011.1.15-1.el6 (FEDORA-EPEL-2011-0174)
Linux NTFS userspace driver
--------------------------------------------------------------------------------
Update Information:
Update to 2011.1.15:
* New: implemented fsync() and fsyncdir().
* New: implemented the ’sync’ mount option.
* New: sanity check upcase table.
* New: added a big-endian extended attribute name for attrib and times.
* New: added an extended attribute name for creation time.
* New: enable renaming of system extended attributes.
* Change: improved appending data to fragmented files.
* Change: improved rebuilding a runlist.
* Change: improved comparing filenames on big-endian CPUs.
* Fixed stat(2) for system files with no data.
* Fixed alignment on cached structures.
* Fixed Posix ACLs for big-endian CPUs.
* Fixed deleting files using ignore_case option.
* Fixed allocated size when an attribute update causes unnamed data to be expelled.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 25 2011 Tom Callaway <spot(a)fedoraproject.org> - 2:2011.1.15-1
- update to 2011.1.15
* Mon Oct 11 2010 Tom "spot" Callaway <tcallawa(a)redhat.com> -
2:2010.10.2-1
- update to 2010.10.2, all patches merged upstream
* Thu Sep 9 2010 Tom "spot" Callaway <tcallawa(a)redhat.com> -
2:2010.8.8-2
- add support for context= mount option (Till Maas) (bz502946)
* Mon Aug 9 2010 Tom "spot" Callaway <tcallawa(a)redhat.com> -
2:2010.8.8-1
- update to 2010.8.8
--------------------------------------------------------------------------------
================================================================================
perl-Net-DBus-0.33.6-8.el6 (FEDORA-EPEL-2011-0178)
Use and provide DBus services
--------------------------------------------------------------------------------
Update Information:
New package for the Perl Net::DBus module in EL6.
--------------------------------------------------------------------------------
================================================================================
python-inotify-0.9.1-1.el6 (FEDORA-EPEL-2011-0188)
Monitor filesystem events with Python under Linux
--------------------------------------------------------------------------------
Update Information:
This is a Python module for watching filesystems changes. pyinotify can be used for
various kind of fs monitoring. pyinotify relies on a recent Linux Kernel feature (merged
in kernel 2.6.13) called inotify. inotify is an event-driven notifier, its notifications
are
exported from kernel space to user space.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #231830 - Review Request: python-inotify - Monitor filesystem events with
Python under Linux
https://bugzilla.redhat.com/show_bug.cgi?id=231830
--------------------------------------------------------------------------------
================================================================================
rear-1.9-1.el6 (FEDORA-EPEL-2011-0189)
Relax and Recover (ReaR) is a Linux Disaster Recovery framework
--------------------------------------------------------------------------------
Update Information:
rear release with cloning functionalities (P2V,...)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 24 2011 Gratien D'haese <gdha at sourceforge.net> - 1.9-1
- New development release with P2V, V2V functionality, and more
- added AUTHORS, TODO to %doc and rm from datadir
--------------------------------------------------------------------------------
================================================================================
x11vnc-0.9.12-17.el6 (FEDORA-EPEL-2011-0192)
VNC server for the current X11 session
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #666612 - new release of x11vnc 0.9.12 is available that might allow
successful build.
https://bugzilla.redhat.com/show_bug.cgi?id=666612
--------------------------------------------------------------------------------
================================================================================
yubikey-ksm-1.5-3.el6 (FEDORA-EPEL-2011-0175)
The YubiKey Key Storage Module
--------------------------------------------------------------------------------
Update Information:
adding yubikey-ksm the yubikey key storage module
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #637212 - Review Request: yubikey-ksm - The YubiKey Key Storage Module
https://bugzilla.redhat.com/show_bug.cgi?id=637212
--------------------------------------------------------------------------------
================================================================================
yubikey-val-2.7-2.el6 (FEDORA-EPEL-2011-0190)
The YubiKey Validation Server
--------------------------------------------------------------------------------
Update Information:
adding yubikey-val the yubikey validation server
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #637213 - Review Request: yubikey-val - The YubiKey Validation Server
https://bugzilla.redhat.com/show_bug.cgi?id=637213
--------------------------------------------------------------------------------