October 2010 - package-announce - Fedora Mailing-Lists

[SECURITY] Fedora 14 Update: glibc-2.12.90-18

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-16851 2010-10-28 05:05:50 -------------------------------------------------------------------------------- Name : glibc Product : Fedora 14 Version : 2.12.90 Release : 18 URL : http://www.gnu.org/software/glibc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. -------------------------------------------------------------------------------- Update Information: Require suid bit on audit objects in privileged programs (CVE-2010-3856) -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 22 2010 Andreas Schwab <schwab(a)redhat.com> - 2.12.90-18 - Require suid bit on audit objects in privileged programs (CVE-2010-3856) -------------------------------------------------------------------------------- References: [ 1 ] Bug #645672 - CVE-2010-3856 glibc: ld.so arbitrary DSO loading via LD_AUDIT in setuid/setgid programs https://bugzilla.redhat.com/show_bug.cgi?id=645672 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update glibc' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

13 years, 6 months

1
0
0 / 0

Fedora 14 Update: libgpod-0.8.0-1.fc14

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-16174 2010-10-13 06:07:22 -------------------------------------------------------------------------------- Name : libgpod Product : Fedora 14 Version : 0.8.0 Release : 1.fc14 URL : http://www.gtkpod.org/libgpod.html Summary : Library to access the contents of an iPod Description : Libgpod is a library to access the contents of an iPod. It supports playlists, smart playlists, playcounts, ratings, podcasts, album artwork, photos, etc. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 12 2010 Nathaniel McCallum <nathaniel(a)natemccallum.com> - 0.8.0-1 - Update to 0.8.0 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libgpod' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

13 years, 6 months

1
0
0 / 0

Fedora 13 Update: gnupg-1.4.11-1.fc13

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-16588 2010-10-21 05:15:28 -------------------------------------------------------------------------------- Name : gnupg Product : Fedora 13 Version : 1.4.11 Release : 1.fc13 URL : http://www.gnupg.org/ Summary : A GNU utility for secure communication and data storage Description : GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of PGP2 (PGP2.x uses only IDEA for symmetric-key encryption, which is patented worldwide). -------------------------------------------------------------------------------- Update Information: Update to upstream v1.4.11 -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 18 2010 Brian C. Lane <bcl(a)redhat.com> 1.4.11-1 - New upstream v1.4.11 - Dropped patch gnupg-1.4.6-dir.patch, now in upstream * Wed Jul 21 2010 Brian C. Lane <bcl(a)redhat.com> 1.4.10-2 - Reviving gnupg 1.x series for F-13, F-14 and rawhide -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update gnupg' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

13 years, 6 months

1
0
0 / 0

Fedora 13 Update: subversion-api-docs-1.6.13-1.fc13

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-16268 2010-10-14 06:02:05 -------------------------------------------------------------------------------- Name : subversion-api-docs Product : Fedora 13 Version : 1.6.13 Release : 1.fc13 URL : http://subversion.tigris.org/ Summary : Subversion API documentation Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. This package provides Subversion API documentation for developers. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 11 2010 Bojan Smojver <bojan(a)rexursive.com> 1.6.13-1 - bump up to 1.6.13 * Mon Jul 19 2010 Bojan Smojver <bojan(a)rexursive.com> 1.6.12-1 - bump up to 1.6.12 * Mon May 10 2010 Bojan Smojver <bojan(a)rexursive.com> 1.6.11-1 - bump up to 1.6.11 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update subversion-api-docs' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

13 years, 6 months

1
0
0 / 0

Fedora 12 Update: petit-1.0.3-1.fc12

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-16590 2010-10-21 05:15:31 -------------------------------------------------------------------------------- Name : petit Product : Fedora 12 Version : 1.0.3 Release : 1.fc12 URL : http://crunchtools.com/software/petit/ Summary : Log analysis tool for syslog, Apache and raw log files Description : Log analysis tool which is useful to systems administrators & systems analysts. It interacts with syslog and Apache logs to clarify what is happening in logs. -------------------------------------------------------------------------------- Update Information: new upstream version -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update petit' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

13 years, 6 months

1
0
0 / 0

Fedora 12 Update: fluidsynth-1.1.3-1.fc12

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-15720 2010-10-05 08:58:07 -------------------------------------------------------------------------------- Name : fluidsynth Product : Fedora 12 Version : 1.1.3 Release : 1.fc12 URL : http://www.fluidsynth.org/ Summary : Real-time software synthesizer Description : FluidSynth is a real-time software synthesizer based on the SoundFont 2 specifications. It is a "software synthesizer". FluidSynth can read MIDI events from the MIDI input device and render them to the audio device. It features real-time effect modulation using SoundFont 2.01 modulators, and a built-in command line shell. It can also play MIDI files (note: FluidSynth was previously called IIWU Synth). -------------------------------------------------------------------------------- Update Information: FluidSynth 1.1.3 is a pure bug-fix release and contains no new functionality. * Compilation with LADSPA enabled was broken in 1.1.2 - fixed (plcl, diwic) * Multichannel output broken when double precision was used - fixed (plcl, diwic) * Optimize by not starting unused threads with multicore rendering (diwic) * Race condition in alsa_seq / alsa_raw drivers caused them not to quit (diwic) -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 11 2010 Orcan Ogetbil <oget[DOT]fedora[AT]gmail[DOT]com> - 1.1.3-1 - Update to 1.1.3 * Fri Oct 1 2010 Orcan Ogetbil <oget[DOT]fedora[AT]gmail[DOT]com> - 1.1.2-2 - Fix garbled sound issues. Upstream ticket #87 * Wed Sep 1 2010 Orcan Ogetbil <oget[DOT]fedora[AT]gmail[DOT]com> - 1.1.2-1 - Update to 1.1.2 (with cmake) * Sat Jan 30 2010 Orcan Ogetbil <oget[DOT]fedora[AT]gmail[DOT]com> - 1.1.1-1 - Update to 1.1.1 * Wed Dec 9 2009 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 1.0.9-5 - Enable PulseAudio support (#538224, FESCo#265, also works around #500087) -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update fluidsynth' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

13 years, 6 months

1
0
0 / 0

[SECURITY] Fedora 13 Update: cvs-1.11.23-10.fc13

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-16600 2010-10-22 17:31:35 -------------------------------------------------------------------------------- Name : cvs Product : Fedora 13 Version : 1.11.23 Release : 10.fc13 URL : http://www.cvshome.org/ Summary : A version control system Description : CVS (Concurrent Versions System) is a version control system that can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 21 2010 Petr Pisar <ppisar(a)redhat.com> - 1.11.23-10 - Fix CVE-2010-3846 (bug #645386) * Tue Jan 12 2010 Jiri Moskovcak <jmoskovc(a)redhat.com> 1.11.23-9 - spec file fixes based on review -------------------------------------------------------------------------------- References: [ 1 ] Bug #642146 - CVE-2010-3846 cvs: Heap-based buffer overflow by applying RCS file changes https://bugzilla.redhat.com/show_bug.cgi?id=642146 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update cvs' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

13 years, 6 months

1
0
0 / 0

[SECURITY] Fedora 14 Update: libHX-3.6-1.fc14

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-12950 2010-08-17 19:33:34 -------------------------------------------------------------------------------- Name : libHX Product : Fedora 14 Version : 3.6 Release : 1.fc14 URL : http://sourceforge.net/projects/libhx/ Summary : General-purpose library for typical low-level operations Description : A library for: - rbtree with key-value pair extension - deques (double-ended queues) (Stacks (LIFO) / Queues (FIFOs)) - platform independent opendir-style directory access - platform independent dlopen-style shared library access - auto-storage strings with direct access - command line option (argv) parser - shconfig-style config file parser - platform independent random number generator with transparent /dev/urandom support - various string, memory and zvec ops -------------------------------------------------------------------------------- Update Information: Update to libHX 3.6 fixing a buffer overflow in HX_split(): * http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commitdif... pam_mount v2.5 (August 10 2010) =============================== Changes: - mount.crypt: fix incorrect processing of binary files in keyfile passthrough - call mount.crypt by means of mount -t crypt (selinux), same for umount - reorder the default path to search in /usr/local first, then /usr, / - config: add missing fd0ssh command to restore volumes using ssh - ofl is now run as a separate process (selinux policy simplification) libHX v3.6 (August 16 2010) =========================== Fixed: - bitmap: set/clear/test had no effect due to wrong type selection - bitmap: avoid left-shift larger than type on 64-bit - string: fixed buffer overflow in HX_split when too few fields were present in the input libHX 3.5 (August 01 2010) ========================== Fixed: - format2: failure to skip escaped char in "%(echo foo\ bar)" was corrected - proc: properly check for HXPROC_STDx--HXPROC_STDx_NULL overlap - strquote: do not cause allocation with invalid format numbers Enhancements: - format2: add the %(exec) function - format2: add the %(shell) function - format2: security feature for %(exec) and %(shell) - format2: add the %(snl) function - string: HX_strquote gained HXQUOTE_LDAPFLT (LDAP search filter) support - string: HX_strquote gained HXQUOTE_LDAPRDN (LDAP relative DN) support Changes: - format1: removed older formatter in favor of format2 - format2: add check for empty key - format2: function-specific delimiters - format2: do nest-counting even with normal parentheses - format2: check for zero-argument function calls - hashmap: do not needlessy change TID when no reshape was done - string: HX_basename (the fast variant) now recognizes the root directory - string: HX_basename now returns the trailing component with slashes instead of everything after the last slash (which may have been nothing) -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 16 2010 Till Maas <opensource(a)till.name> - 3.6-1 - really update to latest release * Mon Aug 16 2010 Till Maas <opensource(a)till.name> - 3.5-1 - Update to latest release - remove devel %files %{_includedir} globbing - Update soname * Sat Aug 7 2010 Till Maas <opensource(a)till.name> - 3.4-2 - Use less globbing in %files to detect changes * Sun May 16 2010 Till Maas <opensource(a)till.name> - 3.4-1 - Update to new release -------------------------------------------------------------------------------- References: [ 1 ] Bug #625866 - CVE-2010-2947 libHX: buffer overrun in HX_split() https://bugzilla.redhat.com/show_bug.cgi?id=625866 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libHX' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

13 years, 6 months

1
0
0 / 0

[SECURITY] Fedora 14 Update: pam_mount-2.5-1.fc14

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-12950 2010-08-17 19:33:34 -------------------------------------------------------------------------------- Name : pam_mount Product : Fedora 14 Version : 2.5 Release : 1.fc14 URL : http://pam-mount.sourceforge.net/ Summary : A PAM module that can mount volumes for a user session Description : This module is aimed at environments with central file servers that a user wishes to mount on login and unmount on logout, such as (semi-)diskless stations where many users can logon. The module also supports mounting local filesystems of any kind the normal mount utility supports, with extra code to make sure certain volumes are set up properly because often they need more than just a mount call, such as encrypted volumes. This includes SMB/CIFS, NCP, davfs2, FUSE, losetup crypto, dm-crypt/cryptsetup and truecrypt. If you intend to use pam_mount to protect volumes on your computer using an encrypted filesystem system, please know that there are many other issues you need to consider in order to protect your data. For example, you probably want to disable or encrypt your swap partition. Don't assume a system is secure without carefully considering potential threats. -------------------------------------------------------------------------------- Update Information: Update to libHX 3.6 fixing a buffer overflow in HX_split(): * http://libhx.git.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commitdif... pam_mount v2.5 (August 10 2010) =============================== Changes: - mount.crypt: fix incorrect processing of binary files in keyfile passthrough - call mount.crypt by means of mount -t crypt (selinux), same for umount - reorder the default path to search in /usr/local first, then /usr, / - config: add missing fd0ssh command to restore volumes using ssh - ofl is now run as a separate process (selinux policy simplification) libHX v3.6 (August 16 2010) =========================== Fixed: - bitmap: set/clear/test had no effect due to wrong type selection - bitmap: avoid left-shift larger than type on 64-bit - string: fixed buffer overflow in HX_split when too few fields were present in the input libHX 3.5 (August 01 2010) ========================== Fixed: - format2: failure to skip escaped char in "%(echo foo\ bar)" was corrected - proc: properly check for HXPROC_STDx--HXPROC_STDx_NULL overlap - strquote: do not cause allocation with invalid format numbers Enhancements: - format2: add the %(exec) function - format2: add the %(shell) function - format2: security feature for %(exec) and %(shell) - format2: add the %(snl) function - string: HX_strquote gained HXQUOTE_LDAPFLT (LDAP search filter) support - string: HX_strquote gained HXQUOTE_LDAPRDN (LDAP relative DN) support Changes: - format1: removed older formatter in favor of format2 - format2: add check for empty key - format2: function-specific delimiters - format2: do nest-counting even with normal parentheses - format2: check for zero-argument function calls - hashmap: do not needlessy change TID when no reshape was done - string: HX_basename (the fast variant) now recognizes the root directory - string: HX_basename now returns the trailing component with slashes instead of everything after the last slash (which may have been nothing) -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 16 2010 Till Maas <opensource(a)till.name> - 2.5-1 - Update to lastest release - Update libHX dependency - remove upstreamed patches - do not package pam_mount.txt (RH #615714) -------------------------------------------------------------------------------- References: [ 1 ] Bug #625866 - CVE-2010-2947 libHX: buffer overrun in HX_split() https://bugzilla.redhat.com/show_bug.cgi?id=625866 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update pam_mount' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

13 years, 6 months

1
0
0 / 0

[SECURITY] Fedora 13 Update: glibc-2.12.1-4

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-16655 2010-10-27 21:13:10 -------------------------------------------------------------------------------- Name : glibc Product : Fedora 13 Version : 2.12.1 Release : 4 URL : http://sources.redhat.com/glibc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. -------------------------------------------------------------------------------- Update Information: Require suid bit on audit objects in privileged programs (CVE-2010-3856) -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 22 2010 Andreas Schwab <schwab(a)redhat.com> - 2.12.1-4 - Require suid bit on audit objects in privileged programs (CVE-2010-3856) * Tue Oct 19 2010 Andreas Schwab <schwab(a)redhat.com> - 2.12.1-3 - Update from 2.12 branch - Fix strstr and memmem algorithm (BZ#12092, #641124) - Fix handling of tail bytes of buffer in SSE2/SSSE3 x86-64 version strncmp (BZ#12077) - Never expand $ORIGIN in privileged programs (#643306, CVE-2010-3847) * Fri Aug 20 2010 Andreas Schwab <schwab(a)redhat.com> - 2.12.1-2 - Update from 2.12 branch - Fix ifunc thunk for strspn on x86 in static libc * Tue Aug 17 2010 Andreas Schwab <schwab(a)redhat.com> - 2.12.1-1 - Update from 2.12 branch - 2.12.1 release - Fix error handling in getlogin_r (#580709) * Tue Jul 6 2010 Andreas Schwab <schwab(a)redhat.com> - 2.12-3 - Update from 2.12 branch - Fix use of extend_alloca in NIS - Fix a couple of __REDIRECT () __THROW occurrences - Workaround assembler bug sneaking in nopl (#579838) * Tue Jun 1 2010 Andreas Schwab <schwab(a)redhat.com> - 2.12-2 - Update from 2.12 branch - Correct x86 CPU family and model check (BZ#11640, #596554) - Don't crash on unresolved weak symbol reference - Implement recvmmsg also as socketcall - sunrpc: Fix spurious fall-through - Make <sys/timex.h> compatible with C++ (#593762) - Enable IDN support in getent - Fix race in free sanity check (#594784) - Fix lookup of collation sequence value during regexp matching - Fix name of tt_RU.UTF-8@iqtelif locale (#589138) - Handle too-small buffers in Linux getlogin_r (BZ#11571, #589946) - Fix users and groups creation in nscd %post script - Require coreutils instead of sh-utils - Fix typo causing missing directory ownership -------------------------------------------------------------------------------- References: [ 1 ] Bug #645672 - CVE-2010-3856 glibc: ld.so arbitrary DSO loading via LD_AUDIT in setuid/setgid programs https://bugzilla.redhat.com/show_bug.cgi?id=645672 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update glibc' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

13 years, 6 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

package-announce October 2010