[SECURITY] Fedora 9 Update: drupal-6.6-1.fc9
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-9213
2008-10-30 11:39:59
--------------------------------------------------------------------------------
Name : drupal
Product : Fedora 9
Version : 6.6
Release : 1.fc9
URL : http://www.drupal.org
Summary : An open-source content-management platform
Description :
Equipped with a powerful blend of features, Drupal is a Content Management
System written in PHP that can support a variety of websites ranging from
personal weblogs to large community-driven websites. Drupal is highly
configurable, skinnable, and secure.
--------------------------------------------------------------------------------
Update Information:
Update to 6.6, security fixes: SA-2008-067 ( http://drupal.org/node/324824 )
------------DESCRIPTION------------ Multiple vulnerabilities and weaknesses
were discovered in Drupal. ------------FILE INCLUSION------------ On a
server configured for IP-based virtual hosts, Drupal may be caused to include
and execute specifically named files outside of its root directory. This bug
affects both Drupal 5 and Drupal 6. ------------CROSS SITE
SCRIPTING------------ The title of book pages is not always properly escaped,
enabling users with the "create book content" permission or the permission to
edit any node in the book hierarchy to insert arbitrary HTML and script code
into pages. Such a Cross site scripting [ http://en.wikipedia.org/wiki/Cross-
site_scripting ] attack may lead to the attacker gaining administrator access.
This bug affects Drupal 6. Remember to log in to your site as the admin
user before upgrading this package. After upgrading the package, browse to
http://host/drupal/update.php to run the upgrade script.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2008 Jon Ciesla <limb(a)jcomserv.net> - 6.6-1
- Upgrade to 6.6, SA-2008-067.
* Thu Oct 9 2008 Jon Ciesla <limb(a)jcomserv.net> - 6.5-1
- Upgrade to 6.5, SA-2008-060.
- Added notes to README and drupal.conf re CVE-2008-3661.
* Thu Aug 14 2008 Jon Ciesla <limb(a)jcomserv.net> - 6.4-1
- Upgrade to 6.4, SA-2008-047.
* Thu Jul 10 2008 Jon Ciesla <limb(a)jcomserv.net> - 6.3-1
- Upgrade to 6.3, upstream security fixes, SA-2008-044.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #468422 - drupal: File inclusion, XSS vulnerability (SA-2008-067)
https://bugzilla.redhat.com/show_bug.cgi?id=468422
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update drupal' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 6 months
Fedora 9 Update: python-tidy-0.2-4.fc9
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-8964
2008-10-30 11:39:51
--------------------------------------------------------------------------------
Name : python-tidy
Product : Fedora 9
Version : 0.2
Release : 4.fc9
URL : http://utidylib.berlios.de/
Summary : Python wrapper for tidy, from the HTML tidy project
Description :
Python wrapper (bindings) for tidylib, this allows you to tidy HTML
files through a Pythonic interface.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 18 2008 Terje Rosten <terjeros(a)phys.ntnu.no> - 0.2-4
- Not 64 bits clean, #467246, thanks to Jose Pedro Oliveira
for report and patch.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #467246 - python-tidy: the bindings are not 64bit safe
https://bugzilla.redhat.com/show_bug.cgi?id=467246
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update python-tidy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 6 months
Fedora 8 Update: httperf-0.9.0-2.fc8
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-8943
2008-10-30 11:39:37
--------------------------------------------------------------------------------
Name : httperf
Product : Fedora 8
Version : 0.9.0
Release : 2.fc8
URL : http://www.hpl.hp.com/research/linux/httperf/
Summary : Tool for measuring web server performance
Description :
Httperf is a tool for measuring web server performance. It provides a
flexible facility for generating various HTTP workloads and for
measuring server performance. The focus of httperf is not on
implementing one particular benchmark but on providing a robust,
high-performance tool that facilitates the construction of both micro-
and macro-level benchmarks. The three distinguishing characteristics
of httperf are its robustness, which includes the ability to generate
and sustain server overload, support for the HTTP/1.1 and SSL
protocols, and its extensibility to new workload generators and
performance measurements.
--------------------------------------------------------------------------------
Update Information:
New package: Httperf is a tool for measuring web server performance.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #460707 - Review Request: httperf - Tool for measuring web server performance
https://bugzilla.redhat.com/show_bug.cgi?id=460707
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update httperf' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 6 months
Fedora 8 Update: remoot-0.9-3.fc8
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-9053
2008-10-30 11:39:37
--------------------------------------------------------------------------------
Name : remoot
Product : Fedora 8
Version : 0.9
Release : 3.fc8
URL : http://remoot.sourceforge.net/
Summary : ReMoot is a remote control wrapper
Description :
ReMoot is a remote control that supports many popular multimedia applications
running on GNU/Linux. It wraps around these apps and provides a unified and
easy-to-use interface which can be accessed in many different ways. You can
use the remote control from the command-line, with desktop icons or panel
buttons, over the web with "rewwwoot" or by mapping your multimedia keyboard
to it so that you can control all supported applications with the same keys.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update remoot' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 6 months
Fedora 9 Update: tcl-snack-2.2.10-6.fc9
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-9088
2008-10-30 11:39:30
--------------------------------------------------------------------------------
Name : tcl-snack
Product : Fedora 9
Version : 2.2.10
Release : 6.fc9
URL : http://www.speech.kth.se/snack/
Summary : Sound toolkit
Description :
The Snack Sound Toolkit is designed to be used with a scripting language such
as Tcl/Tk or Python. Using Snack you can create powerful multi-platform audio
applications with just a few lines of code. Snack has commands for basic sound
handling, such as playback, recording, file and socket I/O. Snack also provides
primitives for sound visualization, e.g. waveforms and spectrograms. It was
developed mainly to handle digital recordings of speech, but is just as useful
for general audio. Snack has also successfully been applied to other
one-dimensional signals. The combination of Snack and a scripting language
makes it possible to create sound tools and applications with a minimum of
effort. This is due to the rapid development nature of scripting languages. As
a bonus you get an application that is cross-platform from start. It is also
easy to integrate Snack based applications with existing sound analysis
software.
--------------------------------------------------------------------------------
Update Information:
Disable broken ALSA support
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #463259 - /usr/lib/tcl8.5/snack2.2/libsnack.so: undefined symbol: _snd_pcm_mmap_hw_ptr
https://bugzilla.redhat.com/show_bug.cgi?id=463259
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update tcl-snack' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 6 months
Fedora 9 Update: iml-1.0.2-4.fc9
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-9208
2008-10-30 11:39:25
--------------------------------------------------------------------------------
Name : iml
Product : Fedora 9
Version : 1.0.2
Release : 4.fc9
URL : http://www.cs.uwaterloo.ca/~z4chen/iml.html
Summary : Finds solutions to systems of linear equations over integers
Description :
IML package provides efficient routines to solve nonsingular systems of
linear equations, certified solve any shape systems of linear equations,
and perform mod p matrix operations, such as computing row-echelon form,
determinant, rank profile, inverse of a mod p matrix.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update iml' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 6 months
Fedora 8 Update: kdesvn-1.0.4-1.fc8
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-9206
2008-10-30 11:39:14
--------------------------------------------------------------------------------
Name : kdesvn
Product : Fedora 8
Version : 1.0.4
Release : 1.fc8
URL : http://kdesvn.alwins-world.de/
Summary : A subversion client for KDE with KIO integration
Description :
KDESvn is a frontend to the subversion vcs. In difference to most other
tools it uses the subversion C-Api direct via a c++ wrapper made by Rapid
SVN and doesn't parse the output of the subversion client. So it is a real
client itself instead of a frontend to the command line tool.
It is designed for the K-Desktop environment and uses all of the goodies
it has. It is planned for future that based on the native client some plugins
for konqueror and/or kate will made.
--------------------------------------------------------------------------------
Update Information:
Update to 1.0.4. Replace broken 1.0.3 build.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 24 2008 - Orion Poplawski <orion(a)cora.nwra.com> - 1.0.4-1
- Update to 1.0.4
* Fri Oct 3 2008 - Orion Poplawski <orion(a)cora.nwra.com> - 1.0.3-1
- Update to 1.0.3
* Mon Sep 29 2008 - Orion Poplawski <orion(a)cora.nwra.com> - 1.0.2-1
- Update to 1.0.2
- Add BR sqlite-devel needed for Qt3 build
* Thu Aug 7 2008 - Orion Poplawski <orion(a)cora.nwra.com> - 1.0.0-1
- Update to 1.0.0
- Drop png patch applied upstream
- Update asneeded patch
- Handle multiple languages
* Tue Jul 15 2008 - Orion Poplawski <orion(a)cora.nwra.com> - 0.14.6-1
- Update to 0.14.6
* Mon May 19 2008 - Orion Poplawski <orion(a)cora.nwra.com> - 0.14.4-1
- Update to 0.14.4
* Tue May 6 2008 - Orion Poplawski <orion(a)cora.nwra.com> - 0.14.3-1
- Update to 0.14.3
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng(a)fedoraproject.org> - 0.14.1-4
- Autorebuild for GCC 4.3
* Tue Dec 11 2007 Alex Lancaster <alexlan[AT]fedoraproject.org> - 0.14.1-3
- BuildRequires: kdelibs-devel -> kdelibs3-devel
* Tue Dec 11 2007 Alex Lancaster <alexlan[AT]fedoraproject.org> - 0.14.1-2
- Rebuild for new openssl/openldap
* Mon Nov 19 2007 - Orion Poplawski <orion(a)cora.nwra.com> - 0.14.1-1
- Update to 0.14.1
- Link libsvnqt.so with --as-needed
- Add patch to fix bug #388821 (dangling symlinks)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #468468 - Completely unusable kdesvn 1.0.3 pushed to F8 stable updates
https://bugzilla.redhat.com/show_bug.cgi?id=468468
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update kdesvn' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 6 months
[SECURITY] Fedora 9 Update: libtirpc-0.1.7-20.fc9
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-9204
2008-10-30 11:39:02
--------------------------------------------------------------------------------
Name : libtirpc
Product : Fedora 9
Version : 0.1.7
Release : 20.fc9
URL : http://nfsv4.bullopensource.org/
Summary : Transport Independent RPC Library
Description :
This package contains SunLib's implementation of transport-independent
RPC (TI-RPC) documentation. This library forms a piece of the base of
Open Network Computing (ONC), and is derived directly from the
Solaris 2.3 source.
TI-RPC is an enhanced version of TS-RPC that requires the UNIX System V
Transport Layer Interface (TLI) or an equivalent X/Open Transport Interface
(XTI). TI-RPC is on-the-wire compatible with the TS-RPC, which is supported
by almost 70 vendors on all major operating systems. TS-RPC source code
(RPCSRC 4.0) remains available from several internet sites.
--------------------------------------------------------------------------------
Update Information:
CVE-2008-4619
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 27 2008 Steve Dickson <steved(a)redhat.com> 0.1.7-20
- Fix bad assumption taddr2uaddr processing that
caused a segfault (bz468014)
* Tue Sep 16 2008 Steve Dickson <steved(a)redhat.com> 0.1.7-19
- Added super-H(sh3,sh4) architecture support
- Updated COPYING with new license agreement
- Fix incorrect sizeof() in __rpc_getbroadifs
- Fix for taddr2addr conversion bug of local addresses
- Fixed some of warnings in: src/auth_time.c, src/clnt_dg.c and
src/clnt_raw.c
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #468014 - CVE-2008-4619 libtirpc: rpcbind DoS in the taddr2uaddr XDR_DECODE
https://bugzilla.redhat.com/show_bug.cgi?id=468014
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update libtirpc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 6 months
Fedora 9 Update: libchewing-0.3.1-0.fc9
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-8874
2008-10-30 11:38:55
--------------------------------------------------------------------------------
Name : libchewing
Product : Fedora 9
Version : 0.3.1
Release : 0.fc9
URL : http://chewing.csie.net/
Summary : Intelligent phonetic input method library for Traditional Chinese
Description :
libchewing is an intelligent phonetic input method library for Chinese.
It provides the core algorithm and logic that can be used by various
input methods. The Chewing input method is a smart bopomofo phonetics
input method that is useful for inputting Mandarin Chinese.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 8 2008 Ding-Yi Chen <dchen at redhat dot com> - 0.3.1-0
- Upstream update.
* Wed Sep 17 2008 Ding-Yi Chen <dchen at redhat dot com> - 0.3.0.901-0
- Upstream update.
* Thu May 29 2008 Tom "spot" Callaway <tcallawa(a)redhat.com> - 0.3.0-12
- fix license tag
* Tue Apr 22 2008 Caius Chance <cchance(a)redhat.com> - 0.3.0-11.fc10
- Resolves: rhbz195416 (Initial input mode between Chinese and English.)
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update libchewing' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 6 months
Fedora 9 Update: opticalraytracer-1.2-1.fc9
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-8701
2008-10-30 11:38:55
--------------------------------------------------------------------------------
Name : opticalraytracer
Product : Fedora 9
Version : 1.2
Release : 1.fc9
URL : http://arachnoid.com/OpticalRayTracer/index.html
Summary : Utility that analyzes systems of lenses
Description :
OpticalRayTracer is a X Window GUI-based utility that analyzes systems of
lenses. It uses optical principles and a virtual optical bench to predict
the behavior of many kinds of ordinary and exotic lens types.
OpticalRayTracer includes an advanced, easy-to-use interface that allows the
user to rearrange the optical configuration by simply dragging lenses around
using the mouse.
--------------------------------------------------------------------------------
Update Information:
Initial release.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #461897 - Review Request: opticalraytracer - OpticalRayTracer is a Linux utility that analyzes systems of lenses
https://bugzilla.redhat.com/show_bug.cgi?id=461897
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update opticalraytracer' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
15 years, 6 months