package-announce April 2010

package-announce@lists.fedoraproject.org

1 participants
2245 discussions

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-4120 2010-03-11 07:00:35 -------------------------------------------------------------------------------- Name : packETH Product : Fedora 11 Version : 1.6.5 Release : 3.fc11 URL : http://sourceforge.net/projects/packeth/ Summary : A GUI packet generator tool Description : packETH is a Linux GUI tool that is able to send any packet or sequence of packets on the Ethernet. It uses the RAW socket option, so it doesn't care about ip, routing, etc. It is designed to have all the options available, with all the correct and incorrect values (incorrect means, that user can send wrong parameters like: incorrect checksum, wrong header length, etc.). -------------------------------------------------------------------------------- Update Information: A GUI packet generator tool -------------------------------------------------------------------------------- References: [ 1 ] Bug #566406 - Review Request: packETH - A GUI packet generator tool https://bugzilla.redhat.com/show_bug.cgi?id=566406 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update packETH' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

14 years

1
0
0 / 0

[SECURITY] Fedora 11 Update: horde-3.3.6-1.fc11

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-5483 2010-04-01 00:18:09 -------------------------------------------------------------------------------- Name : horde Product : Fedora 11 Version : 3.3.6 Release : 1.fc11 URL : http://www.horde.org/ Summary : The common framework for all Horde applications Description : The Horde Framework provides a common structure and interface for Horde applications (such as IMP, a web-based mail program). This RPM is required for all other Horde module RPMs. The Horde Project writes web applications in PHP and releases them under Open Source licenses. For more information (including help with Horde and its modules) please visit http://www.horde.org/. READ /usr/share/doc/horde-3.3.6/README.Fedora AFTER INSTALLING FOR INSTRUCTIONS AND SECURITY! For additional functionality, also install horde-enhanced -------------------------------------------------------------------------------- Update Information: Upgrade to 3.3.6 - Fixes a lot of security bugs -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 29 2010 Nick Bebout <nick(a)bebout.net - 3.3.6-1 - Upgrade to 3.3.6 * Mon Aug 10 2009 Jason L Tibbitts III <tibbs(a)math.uh.edu> - 3.3.4-2 - Fix Source0: URL. * Tue Aug 4 2009 Nick Bebout <nb(a)fedoraproject.org> - 3.3.4-1 - Upgrade to 3.3.4 * Fri Jul 24 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.2.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #549506 - CVE-2009-3701 horde: PHP_SELF XSS vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=549506 [ 2 ] Bug #549516 - CVE-2009-4363 horde: XSS vulnerability via data: URIs https://bugzilla.redhat.com/show_bug.cgi?id=549516 [ 3 ] Bug #523401 - CVE-2009-3236 Horde: Improper validation of image form fields (local files overwrite) https://bugzilla.redhat.com/show_bug.cgi?id=523401 [ 4 ] Bug #523407 - CVE-2009-3237 Horde: XSS in "number" type preferences and in MIME rendering https://bugzilla.redhat.com/show_bug.cgi?id=523407 [ 5 ] Bug #490932 - CVE-2009-0931 CVE-2009-0932 horde: XSS vulnerability and directory traversal vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=490932 [ 6 ] Bug #461886 - CVE-2008-3823 horde: XSS via filename of MIME attachments (oCERT-2008-012) https://bugzilla.redhat.com/show_bug.cgi?id=461886 [ 7 ] Bug #461887 - CVE-2008-3824 horde: XSS via unescaped '/' characters (oCERT-2008-012) https://bugzilla.redhat.com/show_bug.cgi?id=461887 [ 8 ] Bug #480818 - CVE-2008-5917 horde: IE-specific XSS via image style attribute https://bugzilla.redhat.com/show_bug.cgi?id=480818 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update horde' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

14 years

1
0
0 / 0

Fedora 12 Update: noip-2.1.9-7.fc12

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-4372 2010-03-13 01:31:15 -------------------------------------------------------------------------------- Name : noip Product : Fedora 12 Version : 2.1.9 Release : 7.fc12 URL : http://www.no-ip.com Summary : A dynamic DNS update client Description : Keep your current IP address in sync with your No-IP host or domain with this Dynamic Update Client (DUC). The client continually checks for IP address changes in the background and automatically updates the DNS at No-IP whenever it changes. N.B. You need to run %# noip2 -C before starting the service. -------------------------------------------------------------------------------- Update Information: Removed trailing space from %pre script that caused errors. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 12 2010 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 2.1.9-7 - Remove trailing space, causing %pre scriptlet to fail. * Sun Jan 10 2010 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 2.1.9-6 - Bump release. * Sat Sep 26 2009 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 2.1.9-5 - Remove exit statement from %pre. -------------------------------------------------------------------------------- References: [ 1 ] Bug #571230 - typo in install script https://bugzilla.redhat.com/show_bug.cgi?id=571230 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update noip' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

14 years

1
0
0 / 0

[SECURITY] Fedora 12 Update: asterisk-1.6.1.17-1.fc12

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-3381 2010-03-03 01:36:19 -------------------------------------------------------------------------------- Name : asterisk Product : Fedora 12 Version : 1.6.1.17 Release : 1.fc12 URL : http://www.asterisk.org/ Summary : The Open Source PBX Description : Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. -------------------------------------------------------------------------------- Update Information: Update to 1.6.1.17 * AST-2010-003: Invalid parsing of ACL rules can compromise security * AST-2010-002: This security release is intended to raise awareness of how it is possible to insert malicious strings into dialplans, and to advise developers to read the best practices documents so that they may easily avoid these dangers. * AST-2010-001: An attacker attempting to negotiate T.38 over SIP can remotely crash Asterisk by modifying the FaxMaxDatagram field of the SDP to contain either a negative or exceptionally large value. The same crash occurs when the FaxMaxDatagram field is omitted from the SDP as well. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 1 2010 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.6.1.17-1 - Update to 1.6.1.17 - - * AST-2010-003: Invalid parsing of ACL rules can compromise security - * AST-2010-002: This security release is intended to raise awareness - of how it is possible to insert malicious strings into dialplans, - and to advise developers to read the best practices documents so - that they may easily avoid these dangers. - * AST-2010-001: An attacker attempting to negotiate T.38 over SIP can - remotely crash Asterisk by modifying the FaxMaxDatagram field of - the SDP to contain either a negative or exceptionally large value. - The same crash occurs when the FaxMaxDatagram field is omitted from - the SDP as well. * Mon Dec 21 2009 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.6.1.12-1 - Update to 1.6.1.12 * Mon Nov 30 2009 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.6.1.11-1 - Update to 1.6.1.11 to fix AST-2009-010/CVE-2009-4055 * Thu Nov 19 2009 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.6.1.10-1 - Update to 1.6.1.10 - Drop unneeded patch to get Lua extensions building -------------------------------------------------------------------------------- References: [ 1 ] Bug #561332 - CVE-2010-0441 Asterisk: Remote DoS via specially-crafted FaxMaxDatagram SDP packets (AST-2010-001) https://bugzilla.redhat.com/show_bug.cgi?id=561332 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update asterisk' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

14 years

1
0
0 / 0

Fedora 12 Update: geos-3.2.1-1.fc12

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-5479 2010-04-01 00:18:04 -------------------------------------------------------------------------------- Name : geos Product : Fedora 12 Version : 3.2.1 Release : 1.fc12 URL : http://trac.osgeo.org/geos/ Summary : GEOS is a C++ port of the Java Topology Suite Description : GEOS (Geometry Engine - Open Source) is a C++ port of the Java Topology Suite (JTS). As such, it aims to contain the complete functionality of JTS in C++. This includes all the OpenGIS "Simple Features for SQL" spatial predicate functions and spatial operators, as well as specific JTS topology functions such as IsValid() -------------------------------------------------------------------------------- Update Information: This bugfix release fixes a bug in Validity computation which results in the postgis's ST_IsValid() to return TRUE for possibly invalid geometries. In particular, multi-component geometries were affected. This version plugs painlessly in existing PostGIS installations, just update to 3.2.1 and you would get a correct ST_isValid() implementation. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 30 2010 Devrim GUNDUZ <devrim(a)gunduz.org> - 3.2.1-1 - Update to 3.2.1 * Wed Jan 6 2010 Devrim GUNDUZ <devrim(a)gunduz.org> - 3.2.0-1 - Update to 3.2.0 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update geos' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

14 years

1
0
0 / 0

← Newer
1
...
222
223
224
225
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

package-announce April 2010