Fedora EPEL 5 Update: gfal2-python-1.4.1-1.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-0725
2014-03-03 19:04:33
--------------------------------------------------------------------------------
Name : gfal2-python
Product : Fedora EPEL 5
Version : 1.4.1
Release : 1.el5
URL : https://svnweb.cern.ch/trac/lcgutil/wiki/gfal2-python
Summary : Python bindings for gfal 2.0
Description :
Python bindings for gfal 2.0.
GFAL 2.0 offers an a single, simple and portable API
for the file operations in grids and cloud environments.
--------------------------------------------------------------------------------
Update Information:
Release 1.4.1 of gfal2 python bindings, see RELEASE-NOTES for details
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update gfal2-python' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 11 months
[SECURITY] Fedora EPEL 6 Update: chkrootkit-0.49-9.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-1572
2014-06-05 00:18:43
--------------------------------------------------------------------------------
Name : chkrootkit
Product : Fedora EPEL 6
Version : 0.49
Release : 9.el6
URL : http://www.chkrootkit.org
Summary : Tool to locally check for signs of a rootkit
Description :
chkrootkit is a tool to locally check for signs of a rootkit.
It contains:
* chkrootkit: shell script that checks system binaries for
rootkit modification.
* ifpromisc: checks if the network interface is in promiscuous mode.
* chklastlog: checks for lastlog deletions.
* chkwtmp: checks for wtmp deletions.
* chkproc: checks for signs of LKM trojans.
* chkdirs: checks for signs of LKM trojans.
* strings: quick and dirty strings replacement.
* chkutmp: checks for utmp deletions.
--------------------------------------------------------------------------------
Update Information:
A quoting issue was found in chkrootkit which would lead to a file in /tmp/ being executed, if /tmp/ was mounted without the noexec option. chkrootkit is typically run as the root user. A local attacker could use this flaw to escalate their privileges.
The problematic part was:
file_port=$file_port $i
Which is changed to file_port="$file_port $i" to fix the issue. From the Debian diff:
--- chkrootkit-0.49.orig/debian/patches/CVE-2014-0476.patch
+++ chkrootkit-0.49/debian/patches/CVE-2014-0476.patch
@@ -0,0 +1,13 @@
+Index: chkrootkit/chkrootkit
+===================================================================
+--- chkrootkit.orig/chkrootkit
++++ chkrootkit/chkrootkit
+@@ -117,7 +117,7 @@ slapper (){
+ fi
+ for i in ${SLAPPER_FILES}; do
+ if [ -f ${i} ]; then
+- file_port=$file_port $i
++ file_port="$file_port $i"
+ STATUS=1
+ fi
+ done
Acknowledgements:
Red Hat would like to thank Thomas Stangner for reporting this issue.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1104456 - CVE-2014-0476 chkrootkit: local privilege escalation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1104456
[ 2 ] Bug #1104457 - CVE-2014-0476 chkrootkit: local privilege escalation [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1104457
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update chkrootkit' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 11 months
Fedora EPEL 5 Update: R-qtl-1.31.9-1.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-1586
2014-06-09 14:56:38
--------------------------------------------------------------------------------
Name : R-qtl
Product : Fedora EPEL 5
Version : 1.31.9
Release : 1.el5
URL : http://www.rqtl.org/
Summary : Tools for analyzing QTL experiments
Description :
R-qtl is an extensible, interactive environment for mapping
quantitative trait loci (QTLs) in experimental crosses. Our goal is to
make complex QTL mapping methods widely accessible and allow users to
focus on modeling rather than computing.
A key component of computational methods for QTL mapping is the hidden
Markov model (HMM) technology for dealing with missing genotype
data. We have implemented the main HMM algorithms, with allowance for
the presence of genotyping errors, for backcrosses, intercrosses, and
phase-known four-way crosses.
The current version of R-qtl includes facilities for estimating
genetic maps, identifying genotyping errors, and performing single-QTL
genome scans and two-QTL, two-dimensional genome scans, by interval
mapping (with the EM algorithm), Haley-Knott regression, and multiple
imputation. All of this may be done in the presence of covariates
(such as sex, age or treatment). One may also fit higher-order QTL
models by multiple imputation and Haley-Knott regression.
--------------------------------------------------------------------------------
Update Information:
New upstream release.
Rebuild for updated R.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1096804 - R-qtl requires update because of R-3.1.0-5.el6 update
https://bugzilla.redhat.com/show_bug.cgi?id=1096804
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update R-qtl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 11 months
Fedora EPEL 6 Update: R-qtl-1.31.9-1.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-1593
2014-06-09 14:56:52
--------------------------------------------------------------------------------
Name : R-qtl
Product : Fedora EPEL 6
Version : 1.31.9
Release : 1.el6
URL : http://www.rqtl.org/
Summary : Tools for analyzing QTL experiments
Description :
R-qtl is an extensible, interactive environment for mapping
quantitative trait loci (QTLs) in experimental crosses. Our goal is to
make complex QTL mapping methods widely accessible and allow users to
focus on modeling rather than computing.
A key component of computational methods for QTL mapping is the hidden
Markov model (HMM) technology for dealing with missing genotype
data. We have implemented the main HMM algorithms, with allowance for
the presence of genotyping errors, for backcrosses, intercrosses, and
phase-known four-way crosses.
The current version of R-qtl includes facilities for estimating
genetic maps, identifying genotyping errors, and performing single-QTL
genome scans and two-QTL, two-dimensional genome scans, by interval
mapping (with the EM algorithm), Haley-Knott regression, and multiple
imputation. All of this may be done in the presence of covariates
(such as sex, age or treatment). One may also fit higher-order QTL
models by multiple imputation and Haley-Knott regression.
--------------------------------------------------------------------------------
Update Information:
New upstream release.
Rebuild for updated R.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1096804 - R-qtl requires update because of R-3.1.0-5.el6 update
https://bugzilla.redhat.com/show_bug.cgi?id=1096804
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update R-qtl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 11 months
Fedora EPEL 6 Update: python-okaara-1.0.34-1.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-1535
2014-05-30 16:29:09
--------------------------------------------------------------------------------
Name : python-okaara
Product : Fedora EPEL 6
Version : 1.0.34
Release : 1.el6
URL : https://github.com/jdob/okaara
Summary : Python command line utilities
Description :
Python library to facilitate the creation of command-line interfaces.
--------------------------------------------------------------------------------
Update Information:
Updated to 1.0.34
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update python-okaara' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 11 months
[SECURITY] Fedora EPEL 5 Update: chkrootkit-0.49-9.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-1575
2014-06-05 00:18:49
--------------------------------------------------------------------------------
Name : chkrootkit
Product : Fedora EPEL 5
Version : 0.49
Release : 9.el5
URL : http://www.chkrootkit.org
Summary : Tool to locally check for signs of a rootkit
Description :
chkrootkit is a tool to locally check for signs of a rootkit.
It contains:
* chkrootkit: shell script that checks system binaries for
rootkit modification.
* ifpromisc: checks if the network interface is in promiscuous mode.
* chklastlog: checks for lastlog deletions.
* chkwtmp: checks for wtmp deletions.
* chkproc: checks for signs of LKM trojans.
* chkdirs: checks for signs of LKM trojans.
* strings: quick and dirty strings replacement.
* chkutmp: checks for utmp deletions.
--------------------------------------------------------------------------------
Update Information:
A quoting issue was found in chkrootkit which would lead to a file in /tmp/ being executed, if /tmp/ was mounted without the noexec option. chkrootkit is typically run as the root user. A local attacker could use this flaw to escalate their privileges.
The problematic part was:
file_port=$file_port $i
Which is changed to file_port="$file_port $i" to fix the issue. From the Debian diff:
--- chkrootkit-0.49.orig/debian/patches/CVE-2014-0476.patch
+++ chkrootkit-0.49/debian/patches/CVE-2014-0476.patch
@@ -0,0 +1,13 @@
+Index: chkrootkit/chkrootkit
+===================================================================
+--- chkrootkit.orig/chkrootkit
++++ chkrootkit/chkrootkit
+@@ -117,7 +117,7 @@ slapper (){
+ fi
+ for i in ${SLAPPER_FILES}; do
+ if [ -f ${i} ]; then
+- file_port=$file_port $i
++ file_port="$file_port $i"
+ STATUS=1
+ fi
+ done
Acknowledgements:
Red Hat would like to thank Thomas Stangner for reporting this issue.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1104456 - CVE-2014-0476 chkrootkit: local privilege escalation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1104456
[ 2 ] Bug #1104457 - CVE-2014-0476 chkrootkit: local privilege escalation [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1104457
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update chkrootkit' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 11 months
Fedora EPEL 6 Update: perl-Net-Statsd-0.09-1.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-1594
2014-06-09 14:56:54
--------------------------------------------------------------------------------
Name : perl-Net-Statsd
Product : Fedora EPEL 6
Version : 0.09
Release : 1.el6
URL : http://search.cpan.org/dist/Net-Statsd/
Summary : Sends statistics to the stats daemon over UDP
Description :
This module implements a client for a statsd statistics collection server, such
as the one in use at Etsy.com.
You want to use this module to track statistics in your Perl application, such
as how many times a certain event occurs (user logins in a web application, or
database queries issued), or you want to time and then graph how long certain
events take, like database queries execution time or time to download a certain
file, etc...
--------------------------------------------------------------------------------
Update Information:
Upgrade to 0.09
Initial release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1105810 - perl-Net-Statsd-0.09 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1105810
[ 2 ] Bug #1103466 - Review Request: perl-Net-Statsd - Sends statistics to the stats daemon over UDP
https://bugzilla.redhat.com/show_bug.cgi?id=1103466
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update perl-Net-Statsd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 11 months
Fedora EPEL 6 Update: python-moksha-hub-1.3.3-1.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-1571
2014-06-05 00:18:41
--------------------------------------------------------------------------------
Name : python-moksha-hub
Product : Fedora EPEL 6
Version : 1.3.3
Release : 1.el6
URL : http://pypi.python.org/pypi/moksha.hub
Summary : Hub components for Moksha
Description :
Hub components for Moksha.
--------------------------------------------------------------------------------
Update Information:
Threaded polling producer API.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update python-moksha-hub' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 11 months
Fedora EPEL 6 Update: lcgdm-dav-0.14.1-2.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-1365
2014-05-08 21:30:29
--------------------------------------------------------------------------------
Name : lcgdm-dav
Product : Fedora EPEL 6
Version : 0.14.1
Release : 2.el6
URL : https://svnweb.cern.ch/trac/lcgdm
Summary : HTTP/DAV front end to the DPM/LFC services
Description :
This package provides the HTTP/DAV front end to the LCGDM components
(DPM and LFC).
The Disk Pool Manager (DPM) is a lightweight grid storage component, allowing
access to data using commonly used grid protocols. The LCG File Catalog (LFC)
is the main catalog being used by grid communities for both file bookkeeping
and meta-data.
--------------------------------------------------------------------------------
Update Information:
Upstream patch: fix for mod_lcgdm_disk context leaking
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update lcgdm-dav' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 11 months
Fedora EPEL 5 Update: lcgdm-dav-0.14.1-2.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2014-1349
2014-05-08 21:29:37
--------------------------------------------------------------------------------
Name : lcgdm-dav
Product : Fedora EPEL 5
Version : 0.14.1
Release : 2.el5
URL : https://svnweb.cern.ch/trac/lcgdm
Summary : HTTP/DAV front end to the DPM/LFC services
Description :
This package provides the HTTP/DAV front end to the LCGDM components
(DPM and LFC).
The Disk Pool Manager (DPM) is a lightweight grid storage component, allowing
access to data using commonly used grid protocols. The LCG File Catalog (LFC)
is the main catalog being used by grid communities for both file bookkeeping
and meta-data.
--------------------------------------------------------------------------------
Update Information:
Upstream patch: fix for mod_lcgdm_disk context leaking
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update lcgdm-dav' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 11 months