epel-package-announce June 2011

epel-package-announce@lists.fedoraproject.org

1 participants
282 discussions

Fedora EPEL 5 Update: dokuwiki-0-0.8.20101107.a.el5
by updates＠fedoraproject.org 15 Jun '11

15 Jun '11

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3394 2011-05-25 15:24:16 -------------------------------------------------------------------------------- Name : dokuwiki Product : Fedora EPEL 5 Version : 0 Release : 0.8.20101107.a.el5 URL : http://www.dokuwiki.org/dokuwiki Summary : Standards compliant simple to use wiki Description : DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at creating documentation of any kind. It has a simple but powerful syntax which makes sure the datafiles remain readable outside the Wiki and eases the creation of structured texts. All data is stored in plain text files no database is required. -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update dokuwiki' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

[SECURITY] Fedora EPEL 6 Update: drupal7-7.2-1.el6
by updates＠fedoraproject.org 15 Jun '11

15 Jun '11

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3417 2011-05-26 15:39:35 -------------------------------------------------------------------------------- Name : drupal7 Product : Fedora EPEL 6 Version : 7.2 Release : 1.el6 URL : http://www.drupal.org Summary : An open-source content-management platform Description : Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. -------------------------------------------------------------------------------- Update Information: * Advisory ID: DRUPAL-SA-CORE-2011-001 * Project: Drupal core [1] * Version: 6.x, 7.x * Date: 2011-May-25 * Security risk: Critical [2] * Exploitable from: Remote * Vulnerability: Access bypass, Cross Site Scripting -------- DESCRIPTION --------------------------------------------------------- Multiple vulnerabilities and weaknesses were discovered in Drupal. .... Reflected cross site scripting vulnerability in error handler A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a specially crafted URL can cause malicious scripts to be injected into the message. The issue can be mitigated by disabling on-screen error display at admin/settings/error-reporting. This is the recommended setting for production sites. This issue affects Drupal 6.x only. .... Cross site scripting vulnerability in Color module When using re-colorable themes, color inputs are not sanitized. Malicious color values can be used to insert arbitrary CSS and script code. Successful exploitation requires the "Administer themes" permission. This issue affects Drupal 6.x and 7.x. .... Access bypass in File module When using private files in combination with a node access module, the File module allows unrestricted access to private files. This issue affects Drupal 7.x only. -------- VERSIONS AFFECTED --------------------------------------------------- * Drupal 7.x before version 7.1. * Drupal 6.x before version 6.21. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you are running Drupal 7.x then upgrade to Drupal 7.1 [3] or 7.2 [4]. * If you are running Drupal 6.x then upgrade to Drupal 6.21 [5] or 6.22. [6] The Security Team has released both a pure security update without other bug fixes and a security update combined with other bug fixes and improvements. You can choose to either only include the security update for an immediate fix (which might require less quality assurance and testing) or more fixes and improvements alongside the security fixes by choosing between Drupal 7.1 [7] and Drupal 7.2 [8] or Drupal 6.21 [9] and Drupal 6.22 [10]. See the release announcement [11] for more information. See also the Drupal core [12] project page. -------- REPORTED BY --------------------------------------------------------- * The reflected cross site scripting vulnerability was reported by Heine Deelstra [13] (*). * The Color module cross site scripting vulnerability was reported by Kasper Lindgaard, Secunia Research. * The File access bypass was reported by Hubert Lecorche, and Peter Bex [14]. -------- FIXED BY ------------------------------------------------------------ * The reflected cross site scripting vulnerability was fixed by Alan Smithee. * The Color module cross site scripting vulnerability was fixed by Stéphane Corlosquet [15] (*), Heine Deelstra [16] (*), and Peter Wolanin [17] (*). * The File access bypass was fixed by Heine Deelstra [18] (*). (*) Member of the Drupal security team. -------- CONTACT AND MORE INFORMATION ---------------------------------------- The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [19]. Learn more about the Drupal Security team and their policies [20], writing secure code for Drupal [21], and securing your site [22]. [1] http://drupal.org/project/drupal [2] http://drupal.org/security-team/risk-levels [3] http://drupal.org/node/1168910 [4] http://drupal.org/node/1168946 [5] http://drupal.org/node/1168908 [6] http://drupal.org/node/1168950 [7] http://drupal.org/node/1168910 [8] http://drupal.org/node/1168946 [9] http://drupal.org/node/1168908 [10] http://drupal.org/node/1168950 [11] http://drupal.org/drupal-7.2 [12] http://drupal.org/project/drupal [13] http://drupal.org/user/17943 [14] https://drupal.org/user/309898 [15] http://drupal.org/user/52142 [16] http://drupal.org/user/17943 [17] http://drupal.org/user/49851 [18] http://drupal.org/user/17943 [19] http://drupal.org/contact [20] http://drupal.org/security-team [21] http://drupal.org/writing-secure-code [22] http://drupal.org/security/secure-configuration _______________________________________________ Security-news mailing list Security-news(a)drupal.org http://lists.drupal.org/mailman/listinfo/security-news Require php 5.3. -------------------------------------------------------------------------------- References: [ 1 ] Bug #704319 - drupal7 should require php53 instead of php (including php sub-packages) https://bugzilla.redhat.com/show_bug.cgi?id=704319 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update drupal7' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

Fedora EPEL 5 Update: python26-m2crypto-0.21.1-5.el5
by updates＠fedoraproject.org 15 Jun '11

15 Jun '11

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3386 2011-05-25 15:23:59 -------------------------------------------------------------------------------- Name : python26-m2crypto Product : Fedora EPEL 5 Version : 0.21.1 Release : 5.el5 URL : http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto Summary : Support for using OpenSSL in python 2.6 scripts Description : This package allows you to call OpenSSL functions from python 2.6 scripts. -------------------------------------------------------------------------------- Update Information: This update consolidates a number of fixes from Fedora's main m2crypto package: - Fixed M2Crypto.SMIME documentation and examples - Fixed sending SSL data from buffer objects - Fixed a memory leak -------------------------------------------------------------------------------- References: [ 1 ] Bug #618500 - S/MIME signing does not work https://bugzilla.redhat.com/show_bug.cgi?id=618500 [ 2 ] Bug #702766 - [F15 regression] traceback when sending over SSL https://bugzilla.redhat.com/show_bug.cgi?id=702766 [ 3 ] Bug #659881 - Memory leak in m2crypto-0.16/SWIG/_aes.i: AES_crypt https://bugzilla.redhat.com/show_bug.cgi?id=659881 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update python26-m2crypto' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

Fedora EPEL 4 Update: mod_flvx-0-0.1.20100525git.el4
by updates＠fedoraproject.org 15 Jun '11

15 Jun '11

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3378 2011-05-25 15:23:41 -------------------------------------------------------------------------------- Name : mod_flvx Product : Fedora EPEL 4 Version : 0 Release : 0.1.20100525git.el4 URL : http://tperspective.blogspot.com/2009/02/apache-flv-streaming-done-right.ht… Summary : FLV progressive download streaming for the Apache HTTP Server Description : FLV streaming means it can be sought to any position during video, and browser (Flash player) will buffer only from this position to the end. Thus streaming allows to skip boring parts or see video ending without loading the whole file, which simply saves bandwidth. Even H264 is more efficient, FLV is still a common container format for videos, because H264 is supported by Flash since version 9.115. For using FLV streaming on the web, a pseudo-streaming compliant Flash player, such as Flowplayer, is needed. Streaming requires that the FLV has embedded key-frame markers (meta-data), that can be injected by any supported tool, e.g. flvtool2. -------------------------------------------------------------------------------- Update Information: FLV streaming means it can be sought to any position during video, and browser (Flash player) will buffer only from this position to the end. Thus streaming allows to skip boring parts or see video ending without loading the whole file, which simply saves bandwidth. Even H264 is more efficient, FLV is still a common container format for videos, because H264 is supported by Flash since version 9.115. For using FLV streaming on the web, a pseudo-streaming compliant Flash player, such as Flowplayer, is needed. Streaming requires that the FLV has embedded key-frame markers (meta-data), that can be injected by any supported tool, e.g. flvtool2. -------------------------------------------------------------------------------- References: [ 1 ] Bug #688121 - Review Request: mod_flvx - FLV progressive download streaming for the Apache HTTP Server https://bugzilla.redhat.com/show_bug.cgi?id=688121 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update mod_flvx' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

Fedora EPEL 6 Update: drupal6-features-1.0-3.el6
by updates＠fedoraproject.org 15 Jun '11

15 Jun '11

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3369 2011-05-20 17:37:10 -------------------------------------------------------------------------------- Name : drupal6-features Product : Fedora EPEL 6 Version : 1.0 Release : 3.el6 URL : http://drupal.org/project/features Summary : Provides feature management for Drupal Description : The features module enables the capture and management of features in Drupal. A feature is a collection of Drupal entities which taken together satisfy a certain use-case. Features provides a UI and API for taking different site building components from modules with exportables and bundling them together in a single feature module. A feature module is like any other Drupal module except that it declares its components (e.g. views, contexts, CCK fields, etc.) in its .info file so that it can be checked, updated, or reverted programmatically. -------------------------------------------------------------------------------- Update Information: The features module enables the capture and management of features in Drupal. A feature is a collection of Drupal entities which taken together satisfy a certain use-case. The features module enables the capture and management of features in Drupal. A feature is a collection of Drupal entities which taken together satisfy a certain use-case. -------------------------------------------------------------------------------- References: [ 1 ] Bug #705375 - README.txt should appear in module directory for use in-module https://bugzilla.redhat.com/show_bug.cgi?id=705375 [ 2 ] Bug #698590 - Review Request: drupal6-features - Provides feature management for Drupal https://bugzilla.redhat.com/show_bug.cgi?id=698590 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update drupal6-features' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

[SECURITY] Fedora EPEL 5 Update: drupal6-6.22-1.el5
by updates＠fedoraproject.org 15 Jun '11

15 Jun '11

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3408 2011-05-26 15:39:17 -------------------------------------------------------------------------------- Name : drupal6 Product : Fedora EPEL 5 Version : 6.22 Release : 1.el5 URL : http://www.drupal.org Summary : An open-source content-management platform Description : Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. -------------------------------------------------------------------------------- Update Information: * Advisory ID: DRUPAL-SA-CORE-2011-001 * Project: Drupal core [1] * Version: 6.x, 7.x * Date: 2011-May-25 * Security risk: Critical [2] * Exploitable from: Remote * Vulnerability: Access bypass, Cross Site Scripting -------- DESCRIPTION --------------------------------------------------------- Multiple vulnerabilities and weaknesses were discovered in Drupal. .... Reflected cross site scripting vulnerability in error handler A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a specially crafted URL can cause malicious scripts to be injected into the message. The issue can be mitigated by disabling on-screen error display at admin/settings/error-reporting. This is the recommended setting for production sites. This issue affects Drupal 6.x only. .... Cross site scripting vulnerability in Color module When using re-colorable themes, color inputs are not sanitized. Malicious color values can be used to insert arbitrary CSS and script code. Successful exploitation requires the "Administer themes" permission. This issue affects Drupal 6.x and 7.x. .... Access bypass in File module When using private files in combination with a node access module, the File module allows unrestricted access to private files. This issue affects Drupal 7.x only. -------- VERSIONS AFFECTED --------------------------------------------------- * Drupal 7.x before version 7.1. * Drupal 6.x before version 6.21. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you are running Drupal 7.x then upgrade to Drupal 7.1 [3] or 7.2 [4]. * If you are running Drupal 6.x then upgrade to Drupal 6.21 [5] or 6.22. [6] The Security Team has released both a pure security update without other bug fixes and a security update combined with other bug fixes and improvements. You can choose to either only include the security update for an immediate fix (which might require less quality assurance and testing) or more fixes and improvements alongside the security fixes by choosing between Drupal 7.1 [7] and Drupal 7.2 [8] or Drupal 6.21 [9] and Drupal 6.22 [10]. See the release announcement [11] for more information. See also the Drupal core [12] project page. -------- REPORTED BY --------------------------------------------------------- * The reflected cross site scripting vulnerability was reported by Heine Deelstra [13] (*). * The Color module cross site scripting vulnerability was reported by Kasper Lindgaard, Secunia Research. * The File access bypass was reported by Hubert Lecorche, and Peter Bex [14]. -------- FIXED BY ------------------------------------------------------------ * The reflected cross site scripting vulnerability was fixed by Alan Smithee. * The Color module cross site scripting vulnerability was fixed by Stéphane Corlosquet [15] (*), Heine Deelstra [16] (*), and Peter Wolanin [17] (*). * The File access bypass was fixed by Heine Deelstra [18] (*). (*) Member of the Drupal security team. -------- CONTACT AND MORE INFORMATION ---------------------------------------- The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [19]. Learn more about the Drupal Security team and their policies [20], writing secure code for Drupal [21], and securing your site [22]. [1] http://drupal.org/project/drupal [2] http://drupal.org/security-team/risk-levels [3] http://drupal.org/node/1168910 [4] http://drupal.org/node/1168946 [5] http://drupal.org/node/1168908 [6] http://drupal.org/node/1168950 [7] http://drupal.org/node/1168910 [8] http://drupal.org/node/1168946 [9] http://drupal.org/node/1168908 [10] http://drupal.org/node/1168950 [11] http://drupal.org/drupal-7.2 [12] http://drupal.org/project/drupal [13] http://drupal.org/user/17943 [14] https://drupal.org/user/309898 [15] http://drupal.org/user/52142 [16] http://drupal.org/user/17943 [17] http://drupal.org/user/49851 [18] http://drupal.org/user/17943 [19] http://drupal.org/contact [20] http://drupal.org/security-team [21] http://drupal.org/writing-secure-code [22] http://drupal.org/security/secure-configuration _______________________________________________ Security-news mailing list Security-news(a)drupal.org http://lists.drupal.org/mailman/listinfo/security-news -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update drupal6' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

Fedora EPEL 6 Update: dojo-1.6.0-1.el6
by updates＠fedoraproject.org 15 Jun '11

15 Jun '11

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3390 2011-05-25 15:24:08 -------------------------------------------------------------------------------- Name : dojo Product : Fedora EPEL 6 Version : 1.6.0 Release : 1.el6 URL : http://dojotoolkit.org/ Summary : Modular JavaScript toolkit Description : Dojo is a JavaScript toolkit, providing cross-browser abstractions and widgets for building dynamic web sites. -------------------------------------------------------------------------------- References: [ 1 ] Bug #609817 - Review Request: dojo - Modular JavaScript toolkit https://bugzilla.redhat.com/show_bug.cgi?id=609817 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update dojo' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

Fedora EPEL 5 Update: autoconf-archive-2011.04.12-1.el5
by updates＠fedoraproject.org 15 Jun '11

15 Jun '11

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3413 2011-05-26 15:39:26 -------------------------------------------------------------------------------- Name : autoconf-archive Product : Fedora EPEL 5 Version : 2011.04.12 Release : 1.el5 URL : http://www.gnu.org/software/autoconf-archive/ Summary : The Autoconf Macro Archive Description : The GNU Autoconf Archive is a collection of more than 450 macros for GNU Autoconf that have been contributed as free software by friendly supporters of the cause from all over the Internet. -------------------------------------------------------------------------------- Update Information: The GNU Autoconf Archive is a collection of more than 450 macros for GNU Autoconf that have been contributed as free software by friendly supporters of the cause from all over the Internet. -------------------------------------------------------------------------------- References: [ 1 ] Bug #663925 - Review Request: autoconf-archive - The Autoconf Macro Archive https://bugzilla.redhat.com/show_bug.cgi?id=663925 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update autoconf-archive' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

Fedora EPEL 6 Update: liveusb-creator-3.11.1-1.el6
by updates＠fedoraproject.org 15 Jun '11

15 Jun '11

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3376 2011-05-25 15:23:36 -------------------------------------------------------------------------------- Name : liveusb-creator Product : Fedora EPEL 6 Version : 3.11.1 Release : 1.el6 URL : https://fedorahosted.org/liveusb-creator Summary : A liveusb creator Description : A liveusb creator from Live Fedora images -------------------------------------------------------------------------------- Update Information: Support downloading the latest Fedora 15 release -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update liveusb-creator' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

[SECURITY] Fedora EPEL 6 Update: couchdb-1.0.2-4.el6
by updates＠fedoraproject.org 15 Jun '11

15 Jun '11

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3359 2011-05-20 17:36:48 -------------------------------------------------------------------------------- Name : couchdb Product : Fedora EPEL 6 Version : 1.0.2 Release : 4.el6 URL : http://couchdb.apache.org/ Summary : A document database server, accessible via a RESTful JSON API Description : Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API. Among other features, it provides robust, incremental replication with bi-directional conflict detection and resolution, and is queryable and indexable using a table-oriented view engine with JavaScript acting as the default view definition language. -------------------------------------------------------------------------------- Update Information: - Fixed Futon test failures with Erlang/OTP R14B02 * Ver. 1.0.2 (Bugfix release) * Ver. 1.0.2 (Bugfix release) -------------------------------------------------------------------------------- References: [ 1 ] Bug #674146 - CVE-2010-3854 couchdb: XSS vulnerability [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=674146 [ 2 ] Bug #674145 - CVE-2010-3854 couchdb: XSS vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=674145 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update couchdb' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 0

← Newer
1
...
12
13
14
15
16
17
18
...
29
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

epel-package-announce June 2011