[SECURITY] Fedora 14 Update: glibc-2.12.90-18
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-16851
2010-10-28 05:05:50
--------------------------------------------------------------------------------
Name : glibc
Product : Fedora 14
Version : 2.12.90
Release : 18
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.
--------------------------------------------------------------------------------
Update Information:
Require suid bit on audit objects in privileged programs (CVE-2010-3856)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 22 2010 Andreas Schwab <schwab(a)redhat.com> - 2.12.90-18
- Require suid bit on audit objects in privileged programs (CVE-2010-3856)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #645672 - CVE-2010-3856 glibc: ld.so arbitrary DSO loading via LD_AUDIT in setuid/setgid programs
https://bugzilla.redhat.com/show_bug.cgi?id=645672
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update glibc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months
Fedora 14 Update: libgpod-0.8.0-1.fc14
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-16174
2010-10-13 06:07:22
--------------------------------------------------------------------------------
Name : libgpod
Product : Fedora 14
Version : 0.8.0
Release : 1.fc14
URL : http://www.gtkpod.org/libgpod.html
Summary : Library to access the contents of an iPod
Description :
Libgpod is a library to access the contents of an iPod. It supports playlists,
smart playlists, playcounts, ratings, podcasts, album artwork, photos, etc.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 12 2010 Nathaniel McCallum <nathaniel(a)natemccallum.com> - 0.8.0-1
- Update to 0.8.0
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update libgpod' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months
Fedora 13 Update: gnupg-1.4.11-1.fc13
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-16588
2010-10-21 05:15:28
--------------------------------------------------------------------------------
Name : gnupg
Product : Fedora 13
Version : 1.4.11
Release : 1.fc13
URL : http://www.gnupg.org/
Summary : A GNU utility for secure communication and data storage
Description :
GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and
creating digital signatures. GnuPG has advanced key management
capabilities and is compliant with the proposed OpenPGP Internet
standard described in RFC2440. Since GnuPG doesn't use any patented
algorithm, it is not compatible with any version of PGP2 (PGP2.x uses
only IDEA for symmetric-key encryption, which is patented worldwide).
--------------------------------------------------------------------------------
Update Information:
Update to upstream v1.4.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 18 2010 Brian C. Lane <bcl(a)redhat.com> 1.4.11-1
- New upstream v1.4.11
- Dropped patch gnupg-1.4.6-dir.patch, now in upstream
* Wed Jul 21 2010 Brian C. Lane <bcl(a)redhat.com> 1.4.10-2
- Reviving gnupg 1.x series for F-13, F-14 and rawhide
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update gnupg' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months
Fedora 13 Update: subversion-api-docs-1.6.13-1.fc13
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-16268
2010-10-14 06:02:05
--------------------------------------------------------------------------------
Name : subversion-api-docs
Product : Fedora 13
Version : 1.6.13
Release : 1.fc13
URL : http://subversion.tigris.org/
Summary : Subversion API documentation
Description :
Subversion is a concurrent version control system which enables one or more
users to collaborate in developing and maintaining a hierarchy of files and
directories while keeping a history of all changes. This package provides
Subversion API documentation for developers.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 11 2010 Bojan Smojver <bojan(a)rexursive.com> 1.6.13-1
- bump up to 1.6.13
* Mon Jul 19 2010 Bojan Smojver <bojan(a)rexursive.com> 1.6.12-1
- bump up to 1.6.12
* Mon May 10 2010 Bojan Smojver <bojan(a)rexursive.com> 1.6.11-1
- bump up to 1.6.11
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update subversion-api-docs' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months
Fedora 12 Update: petit-1.0.3-1.fc12
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-16590
2010-10-21 05:15:31
--------------------------------------------------------------------------------
Name : petit
Product : Fedora 12
Version : 1.0.3
Release : 1.fc12
URL : http://crunchtools.com/software/petit/
Summary : Log analysis tool for syslog, Apache and raw log files
Description :
Log analysis tool which is useful to systems administrators & systems
analysts. It interacts with syslog and Apache logs to clarify what is
happening in logs.
--------------------------------------------------------------------------------
Update Information:
new upstream version
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update petit' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months
Fedora 12 Update: fluidsynth-1.1.3-1.fc12
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-15720
2010-10-05 08:58:07
--------------------------------------------------------------------------------
Name : fluidsynth
Product : Fedora 12
Version : 1.1.3
Release : 1.fc12
URL : http://www.fluidsynth.org/
Summary : Real-time software synthesizer
Description :
FluidSynth is a real-time software synthesizer based on the SoundFont 2
specifications. It is a "software synthesizer". FluidSynth can read MIDI events
from the MIDI input device and render them to the audio device. It features
real-time effect modulation using SoundFont 2.01 modulators, and a built-in
command line shell. It can also play MIDI files (note: FluidSynth was previously
called IIWU Synth).
--------------------------------------------------------------------------------
Update Information:
FluidSynth 1.1.3 is a pure bug-fix release and contains no new functionality.
* Compilation with LADSPA enabled was broken in 1.1.2 - fixed (plcl, diwic)
* Multichannel output broken when double precision was used - fixed (plcl, diwic)
* Optimize by not starting unused threads with multicore rendering (diwic)
* Race condition in alsa_seq / alsa_raw drivers caused them not to quit (diwic)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 11 2010 Orcan Ogetbil <oget[DOT]fedora[AT]gmail[DOT]com> - 1.1.3-1
- Update to 1.1.3
* Fri Oct 1 2010 Orcan Ogetbil <oget[DOT]fedora[AT]gmail[DOT]com> - 1.1.2-2
- Fix garbled sound issues. Upstream ticket #87
* Wed Sep 1 2010 Orcan Ogetbil <oget[DOT]fedora[AT]gmail[DOT]com> - 1.1.2-1
- Update to 1.1.2 (with cmake)
* Sat Jan 30 2010 Orcan Ogetbil <oget[DOT]fedora[AT]gmail[DOT]com> - 1.1.1-1
- Update to 1.1.1
* Wed Dec 9 2009 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 1.0.9-5
- Enable PulseAudio support (#538224, FESCo#265, also works around #500087)
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update fluidsynth' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months
[SECURITY] Fedora 13 Update: cvs-1.11.23-10.fc13
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-16600
2010-10-22 17:31:35
--------------------------------------------------------------------------------
Name : cvs
Product : Fedora 13
Version : 1.11.23
Release : 10.fc13
URL : http://www.cvshome.org/
Summary : A version control system
Description :
CVS (Concurrent Versions System) is a version control system that can
record the history of your files (usually, but not always, source
code). CVS only stores the differences between versions, instead of
every version of every file you have ever created. CVS also keeps a log
of who, when, and why changes occurred.
CVS is very helpful for managing releases and controlling the
concurrent editing of source files among multiple authors. Instead of
providing version control for a collection of files in a single
directory, CVS provides version control for a hierarchical collection
of directories consisting of revision controlled files. These
directories and files can then be combined together to form a software
release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2010 Petr Pisar <ppisar(a)redhat.com> - 1.11.23-10
- Fix CVE-2010-3846 (bug #645386)
* Tue Jan 12 2010 Jiri Moskovcak <jmoskovc(a)redhat.com> 1.11.23-9
- spec file fixes based on review
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642146 - CVE-2010-3846 cvs: Heap-based buffer overflow by applying RCS file changes
https://bugzilla.redhat.com/show_bug.cgi?id=642146
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update cvs' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months
[SECURITY] Fedora 14 Update: libHX-3.6-1.fc14
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-12950
2010-08-17 19:33:34
--------------------------------------------------------------------------------
Name : libHX
Product : Fedora 14
Version : 3.6
Release : 1.fc14
URL : http://sourceforge.net/projects/libhx/
Summary : General-purpose library for typical low-level operations
Description :
A library for:
- rbtree with key-value pair extension
- deques (double-ended queues) (Stacks (LIFO) / Queues (FIFOs))
- platform independent opendir-style directory access
- platform independent dlopen-style shared library access
- auto-storage strings with direct access
- command line option (argv) parser
- shconfig-style config file parser
- platform independent random number generator with transparent
/dev/urandom support
- various string, memory and zvec ops
--------------------------------------------------------------------------------
Update Information:
Update to libHX 3.6 fixing a buffer overflow in HX_split():
* http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commitdif...
pam_mount v2.5 (August 10 2010)
===============================
Changes:
- mount.crypt: fix incorrect processing of binary files in keyfile passthrough
- call mount.crypt by means of mount -t crypt (selinux), same for umount
- reorder the default path to search in /usr/local first, then /usr, /
- config: add missing fd0ssh command to restore volumes using ssh
- ofl is now run as a separate process (selinux policy simplification)
libHX v3.6 (August 16 2010)
===========================
Fixed:
- bitmap: set/clear/test had no effect due to wrong type selection
- bitmap: avoid left-shift larger than type on 64-bit
- string: fixed buffer overflow in HX_split when too few fields were present in the input
libHX 3.5 (August 01 2010)
==========================
Fixed:
- format2: failure to skip escaped char in "%(echo foo\ bar)" was corrected
- proc: properly check for HXPROC_STDx--HXPROC_STDx_NULL overlap
- strquote: do not cause allocation with invalid format numbers
Enhancements:
- format2: add the %(exec) function
- format2: add the %(shell) function
- format2: security feature for %(exec) and %(shell)
- format2: add the %(snl) function
- string: HX_strquote gained HXQUOTE_LDAPFLT (LDAP search filter) support
- string: HX_strquote gained HXQUOTE_LDAPRDN (LDAP relative DN) support
Changes:
- format1: removed older formatter in favor of format2
- format2: add check for empty key
- format2: function-specific delimiters
- format2: do nest-counting even with normal parentheses
- format2: check for zero-argument function calls
- hashmap: do not needlessy change TID when no reshape was done
- string: HX_basename (the fast variant) now recognizes the root directory
- string: HX_basename now returns the trailing component with slashes instead of everything after the last slash (which may have been nothing)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 16 2010 Till Maas <opensource(a)till.name> - 3.6-1
- really update to latest release
* Mon Aug 16 2010 Till Maas <opensource(a)till.name> - 3.5-1
- Update to latest release
- remove devel %files %{_includedir} globbing
- Update soname
* Sat Aug 7 2010 Till Maas <opensource(a)till.name> - 3.4-2
- Use less globbing in %files to detect changes
* Sun May 16 2010 Till Maas <opensource(a)till.name> - 3.4-1
- Update to new release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #625866 - CVE-2010-2947 libHX: buffer overrun in HX_split()
https://bugzilla.redhat.com/show_bug.cgi?id=625866
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update libHX' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months
[SECURITY] Fedora 14 Update: pam_mount-2.5-1.fc14
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-12950
2010-08-17 19:33:34
--------------------------------------------------------------------------------
Name : pam_mount
Product : Fedora 14
Version : 2.5
Release : 1.fc14
URL : http://pam-mount.sourceforge.net/
Summary : A PAM module that can mount volumes for a user session
Description :
This module is aimed at environments with central file servers that a
user wishes to mount on login and unmount on logout, such as
(semi-)diskless stations where many users can logon.
The module also supports mounting local filesystems of any kind the
normal mount utility supports, with extra code to make sure certain
volumes are set up properly because often they need more than just a
mount call, such as encrypted volumes. This includes SMB/CIFS, NCP,
davfs2, FUSE, losetup crypto, dm-crypt/cryptsetup and truecrypt.
If you intend to use pam_mount to protect volumes on your computer
using an encrypted filesystem system, please know that there are many
other issues you need to consider in order to protect your data. For
example, you probably want to disable or encrypt your swap partition.
Don't assume a system is secure without carefully considering
potential threats.
--------------------------------------------------------------------------------
Update Information:
Update to libHX 3.6 fixing a buffer overflow in HX_split():
* http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commitdif...
pam_mount v2.5 (August 10 2010)
===============================
Changes:
- mount.crypt: fix incorrect processing of binary files in keyfile passthrough
- call mount.crypt by means of mount -t crypt (selinux), same for umount
- reorder the default path to search in /usr/local first, then /usr, /
- config: add missing fd0ssh command to restore volumes using ssh
- ofl is now run as a separate process (selinux policy simplification)
libHX v3.6 (August 16 2010)
===========================
Fixed:
- bitmap: set/clear/test had no effect due to wrong type selection
- bitmap: avoid left-shift larger than type on 64-bit
- string: fixed buffer overflow in HX_split when too few fields were present in the input
libHX 3.5 (August 01 2010)
==========================
Fixed:
- format2: failure to skip escaped char in "%(echo foo\ bar)" was corrected
- proc: properly check for HXPROC_STDx--HXPROC_STDx_NULL overlap
- strquote: do not cause allocation with invalid format numbers
Enhancements:
- format2: add the %(exec) function
- format2: add the %(shell) function
- format2: security feature for %(exec) and %(shell)
- format2: add the %(snl) function
- string: HX_strquote gained HXQUOTE_LDAPFLT (LDAP search filter) support
- string: HX_strquote gained HXQUOTE_LDAPRDN (LDAP relative DN) support
Changes:
- format1: removed older formatter in favor of format2
- format2: add check for empty key
- format2: function-specific delimiters
- format2: do nest-counting even with normal parentheses
- format2: check for zero-argument function calls
- hashmap: do not needlessy change TID when no reshape was done
- string: HX_basename (the fast variant) now recognizes the root directory
- string: HX_basename now returns the trailing component with slashes instead of everything after the last slash (which may have been nothing)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 16 2010 Till Maas <opensource(a)till.name> - 2.5-1
- Update to lastest release
- Update libHX dependency
- remove upstreamed patches
- do not package pam_mount.txt (RH #615714)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #625866 - CVE-2010-2947 libHX: buffer overrun in HX_split()
https://bugzilla.redhat.com/show_bug.cgi?id=625866
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update pam_mount' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months
[SECURITY] Fedora 13 Update: glibc-2.12.1-4
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-16655
2010-10-27 21:13:10
--------------------------------------------------------------------------------
Name : glibc
Product : Fedora 13
Version : 2.12.1
Release : 4
URL : http://sources.redhat.com/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.
--------------------------------------------------------------------------------
Update Information:
Require suid bit on audit objects in privileged programs (CVE-2010-3856)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 22 2010 Andreas Schwab <schwab(a)redhat.com> - 2.12.1-4
- Require suid bit on audit objects in privileged programs (CVE-2010-3856)
* Tue Oct 19 2010 Andreas Schwab <schwab(a)redhat.com> - 2.12.1-3
- Update from 2.12 branch
- Fix strstr and memmem algorithm (BZ#12092, #641124)
- Fix handling of tail bytes of buffer in SSE2/SSSE3 x86-64 version
strncmp (BZ#12077)
- Never expand $ORIGIN in privileged programs (#643306, CVE-2010-3847)
* Fri Aug 20 2010 Andreas Schwab <schwab(a)redhat.com> - 2.12.1-2
- Update from 2.12 branch
- Fix ifunc thunk for strspn on x86 in static libc
* Tue Aug 17 2010 Andreas Schwab <schwab(a)redhat.com> - 2.12.1-1
- Update from 2.12 branch
- 2.12.1 release
- Fix error handling in getlogin_r (#580709)
* Tue Jul 6 2010 Andreas Schwab <schwab(a)redhat.com> - 2.12-3
- Update from 2.12 branch
- Fix use of extend_alloca in NIS
- Fix a couple of __REDIRECT () __THROW occurrences
- Workaround assembler bug sneaking in nopl (#579838)
* Tue Jun 1 2010 Andreas Schwab <schwab(a)redhat.com> - 2.12-2
- Update from 2.12 branch
- Correct x86 CPU family and model check (BZ#11640, #596554)
- Don't crash on unresolved weak symbol reference
- Implement recvmmsg also as socketcall
- sunrpc: Fix spurious fall-through
- Make <sys/timex.h> compatible with C++ (#593762)
- Enable IDN support in getent
- Fix race in free sanity check (#594784)
- Fix lookup of collation sequence value during regexp matching
- Fix name of tt_RU.UTF-8@iqtelif locale (#589138)
- Handle too-small buffers in Linux getlogin_r (BZ#11571, #589946)
- Fix users and groups creation in nscd %post script
- Require coreutils instead of sh-utils
- Fix typo causing missing directory ownership
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #645672 - CVE-2010-3856 glibc: ld.so arbitrary DSO loading via LD_AUDIT in setuid/setgid programs
https://bugzilla.redhat.com/show_bug.cgi?id=645672
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update glibc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months