--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-12395
2013-12-17 02:23:17
--------------------------------------------------------------------------------
Name : thunderbird-lightning
Product : Fedora EPEL 5
Version : 2.6.4
Release : 1.el5
URL : http://www.mozilla.org/projects/calendar/lightning/
Summary : The calendar extension to Thunderbird
Description :
Lightning brings the Sunbird calendar to the popular email client,
Mozilla Thunderbird. Since it's an extension, Lightning is tightly
integrated with Thunderbird, allowing it to easily perform email-related
calendaring tasks.
--------------------------------------------------------------------------------
Update Information:
Update to 2.6.4 for TB 24.2.0.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update thunderbird-lightning' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-12394
2013-12-17 02:23:15
--------------------------------------------------------------------------------
Name : wordpress
Product : Fedora EPEL 5
Version : 3.8
Release : 1.el5
URL : http://www.wordpress.org
Summary : Blog tool and publishing platform
Description :
Wordpress is an online publishing / weblog package that makes it very easy,
almost trivial, to get information out to people on the web.
Important information in /usr/share/doc/wordpress-3.8/README.fedora
--------------------------------------------------------------------------------
Update Information:
WordPress 3.8 “Parker”
Upstream announcement: http://wordpress.org/news/2013/12/parker/
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update wordpress' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-12393
2013-12-16 15:33:15
--------------------------------------------------------------------------------
Name : thunderbird-lightning
Product : Fedora EPEL 6
Version : 2.6.4
Release : 1.el6
URL : http://www.mozilla.org/projects/calendar/lightning/
Summary : The calendar extension to Thunderbird
Description :
Lightning brings the Sunbird calendar to the popular email client,
Mozilla Thunderbird. Since it's an extension, Lightning is tightly
integrated with Thunderbird, allowing it to easily perform email-related
calendaring tasks.
--------------------------------------------------------------------------------
Update Information:
Update to 2.6.4 for TB 24.2.0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1040932 - thunderbird-lightning needs to be updated for Thunderbird 24
https://bugzilla.redhat.com/show_bug.cgi?id=1040932
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update thunderbird-lightning' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-12392
2013-12-16 15:33:13
--------------------------------------------------------------------------------
Name : bcfg2
Product : Fedora EPEL 5
Version : 1.3.3
Release : 3.el5
URL : http://bcfg2.org
Summary : A configuration management system
Description :
Bcfg2 helps system administrators produce a consistent, reproducible,
and verifiable description of their environment, and offers
visualization and reporting tools to aid in day-to-day administrative
tasks. It is the fifth generation of configuration management tools
developed in the Mathematics and Computer Science Division of Argonne
National Laboratory.
It is based on an operational model in which the specification can be
used to validate and optionally change the state of clients, but in a
feature unique to bcfg2 the client's response to the specification can
also be used to assess the completeness of the specification. Using
this feature, bcfg2 provides an objective measure of how good a job an
administrator has done in specifying the configuration of client
systems. Bcfg2 is therefore built to help administrators construct an
accurate, comprehensive specification.
Bcfg2 has been designed from the ground up to support gentle
reconciliation between the specification and current client states. It
is designed to gracefully cope with manual system modifications.
Finally, due to the rapid pace of updates on modern networks, client
systems are constantly changing; if required in your environment,
Bcfg2 can enable the construction of complex change management and
deployment strategies.
This package includes the Bcfg2 client software.
--------------------------------------------------------------------------------
Update Information:
Fixes bz #1043229
This update includes the new upstream 1.3.3 release and the work to reconcile the upstream specfile with the Fedora specfile.
The new specfile includes the 'settings.py' module bugfix (commit 7895f095 from July).
This update includes the new upstream 1.3.3 release and the work to reconcile the upstream specfile with the Fedora specfile.
The new specfile includes the 'settings.py' module bugfix (commit 7895f095 from July).
This update includes the new upstream 1.3.3 release and the work to reconcile the upstream specfile with the Fedora specfile.
The new specfile includes the 'settings.py' module bugfix (commit 7895f095 from July).
Disable server-cherrypy package build to make Fedora buildsys happy
This update includes the new upstream 1.3.3 release and the work to reconcile the upstream specfile with the Fedora specfile.
The new specfile includes the 'settings.py' module bugfix (commit 7895f095 from July).
Update for el5 branch:
- Upstream 1.3.3 release
- Including the new specfile reconciled with upstream's.
This package's reporting system is known to break, but the reporter lost interest before the problem was resolved. If others are still running the bcfg2 reporting or server on el5, I'll gladly work with them to resolve any packaging problems.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1043229 - web package has broken Django dep for el5
https://bugzilla.redhat.com/show_bug.cgi?id=1043229
[ 2 ] Bug #1003882 - Bcfg2-server requires bcfg2-web
https://bugzilla.redhat.com/show_bug.cgi?id=1003882
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update bcfg2' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-12396
2013-12-17 02:23:19
--------------------------------------------------------------------------------
Name : wordpress
Product : Fedora EPEL 6
Version : 3.8
Release : 1.el6
URL : http://www.wordpress.org
Summary : Blog tool and publishing platform
Description :
Wordpress is an online publishing / weblog package that makes it very easy,
almost trivial, to get information out to people on the web.
Important information in /usr/share/doc/wordpress-3.8/README.fedora
--------------------------------------------------------------------------------
Update Information:
WordPress 3.8 “Parker”
Upstream announcement: http://wordpress.org/news/2013/12/parker/
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update wordpress' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-12389
2013-12-16 15:33:06
--------------------------------------------------------------------------------
Name : bcfg2
Product : Fedora EPEL 6
Version : 1.3.3
Release : 3.el6
URL : http://bcfg2.org
Summary : A configuration management system
Description :
Bcfg2 helps system administrators produce a consistent, reproducible,
and verifiable description of their environment, and offers
visualization and reporting tools to aid in day-to-day administrative
tasks. It is the fifth generation of configuration management tools
developed in the Mathematics and Computer Science Division of Argonne
National Laboratory.
It is based on an operational model in which the specification can be
used to validate and optionally change the state of clients, but in a
feature unique to bcfg2 the client's response to the specification can
also be used to assess the completeness of the specification. Using
this feature, bcfg2 provides an objective measure of how good a job an
administrator has done in specifying the configuration of client
systems. Bcfg2 is therefore built to help administrators construct an
accurate, comprehensive specification.
Bcfg2 has been designed from the ground up to support gentle
reconciliation between the specification and current client states. It
is designed to gracefully cope with manual system modifications.
Finally, due to the rapid pace of updates on modern networks, client
systems are constantly changing; if required in your environment,
Bcfg2 can enable the construction of complex change management and
deployment strategies.
This package includes the Bcfg2 client software.
--------------------------------------------------------------------------------
Update Information:
Fixes bz #1043229
This update includes the new upstream 1.3.3 release and the work to reconcile the upstream specfile with the Fedora specfile.
The new specfile includes the 'settings.py' module bugfix (commit 7895f095 from July).
This update includes the new upstream 1.3.3 release and the work to reconcile the upstream specfile with the Fedora specfile.
The new specfile includes the 'settings.py' module bugfix (commit 7895f095 from July).
This update includes the new upstream 1.3.3 release and the work to reconcile the upstream specfile with the Fedora specfile.
The new specfile includes the 'settings.py' module bugfix (commit 7895f095 from July).
Disable server-cherrypy package build to make Fedora buildsys happy
This update includes the new upstream 1.3.3 release and the work to reconcile the upstream specfile with the Fedora specfile.
The new specfile includes the 'settings.py' module bugfix (commit 7895f095 from July).
Update for el5 branch:
- Upstream 1.3.3 release
- Including the new specfile reconciled with upstream's.
This package's reporting system is known to break, but the reporter lost interest before the problem was resolved. If others are still running the bcfg2 reporting or server on el5, I'll gladly work with them to resolve any packaging problems.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1043229 - web package has broken Django dep for el5
https://bugzilla.redhat.com/show_bug.cgi?id=1043229
[ 2 ] Bug #1003882 - Bcfg2-server requires bcfg2-web
https://bugzilla.redhat.com/show_bug.cgi?id=1003882
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update bcfg2' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-12384
2013-12-15 19:20:07
--------------------------------------------------------------------------------
Name : zabbix20
Product : Fedora EPEL 6
Version : 2.0.10
Release : 2.el6
URL : http://www.zabbix.com
Summary : Open-source monitoring solution for your IT infrastructure
Description :
Zabbix is software that monitors numerous parameters of a network and the
health and integrity of servers. Zabbix uses a flexible notification mechanism
that allows users to configure e-mail based alerts for virtually any event.
This allows a fast reaction to server problems. Zabbix offers excellent
reporting and data visualization features based on the stored data.
This makes Zabbix ideal for capacity planning.
Zabbix supports both polling and trapping. All Zabbix reports and statistics,
as well as configuration parameters are accessed through a web-based front end.
A web-based front end ensures that the status of your network and the health of
your servers can be assessed from any location. Properly configured, Zabbix can
play an important role in monitoring IT infrastructure. This is equally true
for small organizations with a few servers and for large companies with a
multitude of servers.
--------------------------------------------------------------------------------
Update Information:
New upstream release 2.0.10
http://www.zabbix.com/rn2.0.10.php
Note that CVE-2013-6824 was already fixed in 2.0.9-2!
This release includes new init scripts that allow to run multiple instances. Please take a look at the included README file for detailed instructions.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1018293 - init.d script kills also any subsequent agents that were started
https://bugzilla.redhat.com/show_bug.cgi?id=1018293
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update zabbix20' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-12383
2013-12-15 19:20:04
--------------------------------------------------------------------------------
Name : globus-gram-job-manager-slurm
Product : Fedora EPEL 5
Version : 1.2
Release : 2.el5
URL : http://www.globus.org/
Summary : Globus Toolkit - SLURM Job Manager Support
Description :
The Globus Toolkit is an open source software toolkit used for building Grid
systems and applications. It is being developed by the Globus Alliance and
many others all over the world. A growing number of projects and companies are
using the Globus Toolkit to unlock the potential of grids for their cause.
The globus-gram-job-manager-slurm package contains:
SLURM Job Manager Support
--------------------------------------------------------------------------------
Update Information:
New package from Globus Toolkit 5.2.5.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1028165 - Review Request: globus-gram-job-manager-slurm - Globus Toolkit - SLURM Job Manager Support
https://bugzilla.redhat.com/show_bug.cgi?id=1028165
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update globus-gram-job-manager-slurm' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-12295
2013-12-05 02:06:18
--------------------------------------------------------------------------------
Name : mod_form
Product : Fedora EPEL 6
Version : 0.1
Release : 1.20131204svn145.el6
URL : http://apache.webthing.com/mod_form
Summary : Apache module that decodes data submitted from Web forms
Description :
Utility to decode data submitted from Web forms. It deals with both GET
and POST methods where the data are encoded using the default content type
application/x-www-form-urlencoded. It does not decode multipart/form-data
(file upload) forms: for those you should use mod_upload.
--------------------------------------------------------------------------------
Update Information:
New package inclusion.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1035934 - Review Request: mod_form - Apache module that decodes data submitted from Web forms
https://bugzilla.redhat.com/show_bug.cgi?id=1035934
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update mod_form' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-12386
2013-12-15 19:20:11
--------------------------------------------------------------------------------
Name : v8
Product : Fedora EPEL 6
Version : 3.14.5.10
Release : 3.el6
URL : http://code.google.com/p/v8
Summary : JavaScript Engine
Description :
V8 is Google's open source JavaScript engine. V8 is written in C++ and is used
in Google Chrome, the open source browser from Google. V8 implements ECMAScript
as specified in ECMA-262, 3rd edition.
--------------------------------------------------------------------------------
Update Information:
This update resolves multiple security vulnerabilities in the V8 JavaScript just-in-time compiler.
--
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6640 to the following vulnerability:
Name: CVE-2013-6640
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6640
Assigned: 20131105
Reference: http://code.google.com/p/v8/source/detail?r=17801
Reference: http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
Reference: https://code.google.com/p/chromium/issues/detail?id=319860
The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.
--
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6639 to the following vulnerability:
Name: CVE-2013-6639
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6639
Assigned: 20131105
Reference: http://code.google.com/p/v8/source/detail?r=17801
Reference: http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
Reference: https://code.google.com/p/chromium/issues/detail?id=319835
The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1039888 - CVE-2013-6639 v8: DoS (out-of-bounds write) in DehoistArrayIndex function in hydrogen.cc
https://bugzilla.redhat.com/show_bug.cgi?id=1039888
[ 2 ] Bug #1039889 - CVE-2013-6640 v8: DoS (out-of-bounds read) in DehoistArrayIndex function in hydrogen.cc
https://bugzilla.redhat.com/show_bug.cgi?id=1039889
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update v8' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------