Fedora EPEL 5 Update: 3proxy-0.6.1-10.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2010-3629
2010-11-05 16:33:46
--------------------------------------------------------------------------------
Name : 3proxy
Product : Fedora EPEL 5
Version : 0.6.1
Release : 10.el5
URL : http://3proxy.ru/?l=EN
Summary : Tiny but very powerful proxy
Description :
3proxy -- light proxy server.
Universal proxy server with HTTP, HTTPS, SOCKS v4, SOCKS v4a, SOCKS v5, FTP,
POP3, UDP and TCP portmapping, access control, bandwith control, traffic
limitation and accounting based on username, client IP, target IP, day time,
day of week, etc.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #648204 - 3proxy does not include 3proxy.cfg man pages
https://bugzilla.redhat.com/show_bug.cgi?id=648204
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update 3proxy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 5 months
Fedora EPEL 5 Update: perl-Try-Tiny-0.07-1.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2010-3620
2010-11-04 16:05:27
--------------------------------------------------------------------------------
Name : perl-Try-Tiny
Product : Fedora EPEL 5
Version : 0.07
Release : 1.el5
URL : http://search.cpan.org/dist/Try-Tiny
Summary : Minimal try/catch with proper localization of $@
Description :
The main focus of this module is to provide simple and reliable error
handling for those having a hard time installing TryCatch, but who still
want to write correct 'eval' blocks without 5 lines of boilerplate each
time.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update perl-Try-Tiny' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 5 months
[SECURITY] Fedora EPEL 5 Update: proftpd-1.3.3c-1.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2010-3621
2010-11-04 16:05:33
--------------------------------------------------------------------------------
Name : proftpd
Product : Fedora EPEL 5
Version : 1.3.3c
Release : 1.el5
URL : http://www.proftpd.org/
Summary : Flexible, stable and highly-configurable FTP server
Description :
ProFTPD is an enhanced FTP server with a focus toward simplicity, security,
and ease of configuration. It features a very Apache-like configuration
syntax, and a highly customizable server infrastructure, including support for
multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory
visibility.
This package defaults to the standalone behavior of ProFTPD, but all the
needed scripts to have it run by xinetd instead are included.
--------------------------------------------------------------------------------
Update Information:
This is an update to the current upstream maintenance release, which addresses two security issues that can be exploited by malicious users to manipulate certain data and compromise a vulnerable system.
* A logic error in the code for processing user input containing the Telnet IAC (Interpret As Command) escape sequence can be exploited to cause a stack-based buffer overflow by sending specially crafted input to the FTP or FTPS service. Successful exploitation may allow execution of arbitrary code. This has been assigned the name CVE-2010-4221. More details can be found at http://bugs.proftpd.org/show_bug.cgi?id=3521
* An input validation error within the "mod_site_misc" module can be exploited to e.g. create and delete directories, create symlinks, and change the time of files located outside a writable directory. Only configurations using "mod_site_misc", which is not enabled by default, and where the attacker has write access to a directory, are vulnerable to this issue, which has been assigned CVE-2010-3867. More details can be found at http://bugs.proftpd.org/show_bug.cgi?id=3519
The update from 1.3.2d to 1.3.3c also includes a large number of non-security bugfixes and a number of additional loadable modules for enhanced functionality:
* mod_geoip
* mod_sftp
* mod_sftp_pam
* mod_sftp_sql
* mod_shaper
* mod_sql_passwd
* mod_tls_shmcache
There is also a new utility "ftpscrub" for scrubbing the scoreboard file.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #651607 - CVE-2010-4221 proftpd: multiple stack-based buffer overflows in pr_netio_telnet_gets()
https://bugzilla.redhat.com/show_bug.cgi?id=651607
[ 2 ] Bug #651602 - CVE-2010-3867 proftpd: multiple directory traversal vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=651602
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update proftpd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 5 months
Fedora EPEL 5 Update: ykpers-1.3.4-1.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2010-3615
2010-11-03 16:11:53
--------------------------------------------------------------------------------
Name : ykpers
Product : Fedora EPEL 5
Version : 1.3.4
Release : 1.el5
URL : http://code.google.com/p/yubikey-personalization/
Summary : Yubikey personalization program
Description :
Yubico's YubiKey can be re-programmed with a new AES key. This is a library
that makes this an easy task.
--------------------------------------------------------------------------------
Update Information:
As fedora-pacakge now requires ykpers, ykpers and libyubikey should be available on EL5 and EL6
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update ykpers' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 5 months
[SECURITY] Fedora EPEL 4 Update: proftpd-1.3.3c-1.el4
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2010-3625
2010-11-04 16:05:43
--------------------------------------------------------------------------------
Name : proftpd
Product : Fedora EPEL 4
Version : 1.3.3c
Release : 1.el4
URL : http://www.proftpd.org/
Summary : Flexible, stable and highly-configurable FTP server
Description :
ProFTPD is an enhanced FTP server with a focus toward simplicity, security,
and ease of configuration. It features a very Apache-like configuration
syntax, and a highly customizable server infrastructure, including support for
multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory
visibility.
This package defaults to the standalone behavior of ProFTPD, but all the
needed scripts to have it run by xinetd instead are included.
--------------------------------------------------------------------------------
Update Information:
This is an update to the current upstream maintenance release, which addresses two security issues that can be exploited by malicious users to manipulate certain data and compromise a vulnerable system.
* A logic error in the code for processing user input containing the Telnet IAC (Interpret As Command) escape sequence can be exploited to cause a stack-based buffer overflow by sending specially crafted input to the FTP or FTPS service. Successful exploitation may allow execution of arbitrary code. This has been assigned the name CVE-2010-4221. More details can be found at http://bugs.proftpd.org/show_bug.cgi?id=3521
* An input validation error within the "mod_site_misc" module can be exploited to e.g. create and delete directories, create symlinks, and change the time of files located outside a writable directory. Only configurations using "mod_site_misc", which is not enabled by default, and where the attacker has write access to a directory, are vulnerable to this issue, which has been assigned CVE-2010-3867. More details can be found at http://bugs.proftpd.org/show_bug.cgi?id=3519
The update from 1.3.2d to 1.3.3c also includes a large number of non-security bugfixes and a number of additional loadable modules for enhanced functionality:
* mod_geoip
* mod_sftp
* mod_sftp_pam
* mod_sftp_sql
* mod_shaper
* mod_sql_passwd
* mod_tls_shmcache
There is also a new utility "ftpscrub" for scrubbing the scoreboard file.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #651607 - CVE-2010-4221 proftpd: multiple stack-based buffer overflows in pr_netio_telnet_gets()
https://bugzilla.redhat.com/show_bug.cgi?id=651607
[ 2 ] Bug #651602 - CVE-2010-3867 proftpd: multiple directory traversal vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=651602
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update proftpd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 5 months
Fedora EPEL 4 Update: perl-Try-Tiny-0.07-1.el4
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2010-3624
2010-11-04 16:05:41
--------------------------------------------------------------------------------
Name : perl-Try-Tiny
Product : Fedora EPEL 4
Version : 0.07
Release : 1.el4
URL : http://search.cpan.org/dist/Try-Tiny
Summary : Minimal try/catch with proper localization of $@
Description :
The main focus of this module is to provide simple and reliable error
handling for those having a hard time installing TryCatch, but who still
want to write correct 'eval' blocks without 5 lines of boilerplate each
time.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update perl-Try-Tiny' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 5 months
Fedora EPEL 5 Update: python-sphinx10-1.0.4-3.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2010-3612
2010-11-03 16:11:45
--------------------------------------------------------------------------------
Name : python-sphinx10
Product : Fedora EPEL 5
Version : 1.0.4
Release : 3.el5
URL : http://sphinx.pocoo.org/
Summary : Python documentation generator
Description :
Sphinx is a tool that makes it easy to create intelligent and
beautiful documentation for Python projects (or other documents
consisting of multiple reStructuredText sources), written by Georg
Brandl. It was originally created to translate the new Python
documentation, but has now been cleaned up in the hope that it will be
useful to many other projects.
Sphinx uses reStructuredText as its markup language, and many of its
strengths come from the power and straightforwardness of
reStructuredText and its parsing and translating suite, the Docutils.
Although it is still under constant development, the following
features are already present, work fine and can be seen "in action" in
the Python docs:
* Output formats: HTML (including Windows HTML Help) and LaTeX,
for printable PDF versions
* Extensive cross-references: semantic markup and automatic links
for functions, classes, glossary terms and similar pieces of
information
* Hierarchical structure: easy definition of a document tree, with
automatic links to siblings, parents and children
* Automatic indices: general index as well as a module index
* Code handling: automatic highlighting using the Pygments highlighter
* Various extensions are available, e.g. for automatic testing of
snippets and inclusion of appropriately formatted docstrings.
--------------------------------------------------------------------------------
Update Information:
This is a compatibility package for releases where the main Sphinx package tracks the 0.6.x series, for those who need the 1.0.x documentation format. See README.Fedora for details of changes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #648633 - Review Request: python-sphinx10 - Python documentation generator
https://bugzilla.redhat.com/show_bug.cgi?id=648633
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update python-sphinx10' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 5 months
Fedora EPEL 4 Update: R-2.12.0-1.el4.1
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2010-3616
2010-11-03 16:12:00
--------------------------------------------------------------------------------
Name : R
Product : Fedora EPEL 4
Version : 2.12.0
Release : 1.el4.1
URL : http://www.r-project.org
Summary : A language for data analysis and graphics
Description :
This is a metapackage that provides both core R userspace and
all R development components.
R is a language and environment for statistical computing and graphics.
R is similar to the award-winning S system, which was developed at
Bell Laboratories by John Chambers et al. It provides a wide
variety of statistical and graphical techniques (linear and
nonlinear modelling, statistical tests, time series analysis,
classification, clustering, ...).
R is designed as a true computer language with control-flow
constructions for iteration and alternation, and it allows users to
add additional functionality by defining new functions. For
computationally intensive tasks, C, C++ and Fortran code can be linked
and called at run time.
--------------------------------------------------------------------------------
Update Information:
Update to R 2.12.0. (rpy packages also updated for Fedora targets)
Many bugs were fixed, for a full list, see:
http://cran.r-project.org/src/base/NEWS
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update R' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 5 months
Fedora EPEL 4 Update: voms-1.9.19.2-1.el4
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2010-3619
2010-11-03 16:12:08
--------------------------------------------------------------------------------
Name : voms
Product : Fedora EPEL 4
Version : 1.9.19.2
Release : 1.el4
URL : http://glite.web.cern.ch/glite/
Summary : Virtual Organization Membership Service
Description :
In grid computing, and whenever the access to resources may be controlled
by parties external to the resource provider, users may be grouped to
Virtual Organizations (VOs). This package provides a VO Membership Service
(VOMS), which informs on that association between users and their VOs:
groups, roles and capabilities.
This package offers libraries that applications using the VOMS functionality
will bind to.
--------------------------------------------------------------------------------
Update Information:
Upstream bugfix release that fixes some memory leaks.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update voms' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 5 months
Fedora EPEL 5 Update: sssd-1.2.1-28.el5.0.2
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2010-3544
2010-10-20 15:43:18
--------------------------------------------------------------------------------
Name : sssd
Product : Fedora EPEL 5
Version : 1.2.1
Release : 28.el5.0.2
URL : http://fedorahosted.org/sssd/
Summary : System Security Services Daemon
Description :
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
--------------------------------------------------------------------------------
Update Information:
- SSSD initgroups does not behave as expected
- multilib conflicts in libpath_utils-devel and libini_config-devel
- SSSD log fills up the disk
- the krb5 locator plugin isn't packaged for multilib
- sssd stops on upgrade
- error: %post(sssd-1.2.1-28.1.el5.s390x) scriptlet failed, exit status 127
- Always use uin32_t to handle UID and GID
- Fix a segfault issue in the NSS provider
- Fix https://fedorahosted.org/sssd/ticket/624 - Groups being lost from the cache
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update sssd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 5 months