The following Fedora EPEL 4 Security updates need testing:
https://admin.fedoraproject.org/updates/mod_fcgid-2.2-11.el4
https://admin.fedoraproject.org/updates/gnucash-2.0.5-4.el4
https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.el4
The following builds have been pushed to Fedora EPEL 4 updates-testing
mod_fcgid-2.2-11.el4
Details about builds:
================================================================================
mod_fcgid-2.2-11.el4 (FEDORA-EPEL-2010-3646)
Apache2 module for high-performance server-side scripting
--------------------------------------------------------------------------------
Update Information:
This update includes a back-ported fix from upstream version 2.3.6 addressing a possible
stack buffer overwrite (CVE-2010-3872), plus another back-ported fix for making the server
return a 500 error code instead of segfaulting if a FastCGI application returns no data
for a request.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 5 2010 Paul Howarth <paul(a)city-fan.org> 2.2-11
- Fix possible stack buffer overwrite (CVE-2010-3872)
- Return 500 instead of segfaulting if application returns no data
- Explicitly use /var/run/mod_fcgid as "run" directory rather than following
/etc/httpd/run symlink
- Conflict with selinux-policy versions prior to EL 5.5 as earlier ones didn't
work properly
- Re-order sources
- Minor documentation updates
* Mon Apr 6 2009 Paul Howarth <paul(a)city-fan.org> 2.2-10
- EL 5.3 now has SELinux support in the main selinux-policy package so handle
that release as per Fedora >= 8, except that the RHEL selinux-policy package
doesn't Obsolete/Provide mod_fcgid-selinux like the Fedora version, so do
the obsoletion here instead
* Thu Feb 26 2009 Paul Howarth <paul(a)city-fan.org> 2.2-9
- Update documentation for MoinMoin, Rails (#476658), and SELinux
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.2-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Wed Nov 12 2008 Paul Howarth <paul(a)city-fan.org> 2.2-7
- SELinux policy module no longer built for Fedora 8 onwards as it is
obsoleted by the main selinux-policy package
- Conflicts for selinux-policy packages older than the releases where mod_fcgid
policy was incorporated have been added for Fedora 8, 9, and 10 versions, to
ensure that SELinux support will work if installed
* Tue Oct 21 2008 Paul Howarth <paul(a)city-fan.org> 2.2-6
- SELinux policy module rewritten to merge fastcgi and system script domains
in preparation for merge into main selinux-policy package (#462318)
- Try to determine supported SELinux policy types by reading /etc/selinux/config
* Thu Jul 24 2008 Paul Howarth <paul(a)city-fan.org> 2.2-5
- Tweak selinux-policy version detection macro to work with current Rawhide
--------------------------------------------------------------------------------