Fedora 11 Update: packETH-1.6.5-3.fc11
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-4120
2010-03-11 07:00:35
--------------------------------------------------------------------------------
Name : packETH
Product : Fedora 11
Version : 1.6.5
Release : 3.fc11
URL : http://sourceforge.net/projects/packeth/
Summary : A GUI packet generator tool
Description :
packETH is a Linux GUI tool that is able to send any packet or sequence of
packets on the Ethernet. It uses the RAW socket option, so it doesn't care
about ip, routing, etc. It is designed to have all the options available,
with all the correct and incorrect values (incorrect means, that user can
send wrong parameters like: incorrect checksum, wrong header length, etc.).
--------------------------------------------------------------------------------
Update Information:
A GUI packet generator tool
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #566406 - Review Request: packETH - A GUI packet generator tool
https://bugzilla.redhat.com/show_bug.cgi?id=566406
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update packETH' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
14 years
[SECURITY] Fedora 11 Update: horde-3.3.6-1.fc11
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-5483
2010-04-01 00:18:09
--------------------------------------------------------------------------------
Name : horde
Product : Fedora 11
Version : 3.3.6
Release : 1.fc11
URL : http://www.horde.org/
Summary : The common framework for all Horde applications
Description :
The Horde Framework provides a common structure and interface for Horde
applications (such as IMP, a web-based mail program). This RPM is
required for all other Horde module RPMs.
The Horde Project writes web applications in PHP and releases them under
Open Source licenses. For more information (including help with Horde
and its modules) please visit http://www.horde.org/.
READ /usr/share/doc/horde-3.3.6/README.Fedora AFTER INSTALLING FOR
INSTRUCTIONS AND SECURITY!
For additional functionality, also install horde-enhanced
--------------------------------------------------------------------------------
Update Information:
Upgrade to 3.3.6 - Fixes a lot of security bugs
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 29 2010 Nick Bebout <nick(a)bebout.net - 3.3.6-1
- Upgrade to 3.3.6
* Mon Aug 10 2009 Jason L Tibbitts III <tibbs(a)math.uh.edu> - 3.3.4-2
- Fix Source0: URL.
* Tue Aug 4 2009 Nick Bebout <nb(a)fedoraproject.org> - 3.3.4-1
- Upgrade to 3.3.4
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.2.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #549506 - CVE-2009-3701 horde: PHP_SELF XSS vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=549506
[ 2 ] Bug #549516 - CVE-2009-4363 horde: XSS vulnerability via data: URIs
https://bugzilla.redhat.com/show_bug.cgi?id=549516
[ 3 ] Bug #523401 - CVE-2009-3236 Horde: Improper validation of image form fields (local files overwrite)
https://bugzilla.redhat.com/show_bug.cgi?id=523401
[ 4 ] Bug #523407 - CVE-2009-3237 Horde: XSS in "number" type preferences and in MIME rendering
https://bugzilla.redhat.com/show_bug.cgi?id=523407
[ 5 ] Bug #490932 - CVE-2009-0931 CVE-2009-0932 horde: XSS vulnerability and directory traversal vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=490932
[ 6 ] Bug #461886 - CVE-2008-3823 horde: XSS via filename of MIME attachments (oCERT-2008-012)
https://bugzilla.redhat.com/show_bug.cgi?id=461886
[ 7 ] Bug #461887 - CVE-2008-3824 horde: XSS via unescaped '/' characters (oCERT-2008-012)
https://bugzilla.redhat.com/show_bug.cgi?id=461887
[ 8 ] Bug #480818 - CVE-2008-5917 horde: IE-specific XSS via image style attribute
https://bugzilla.redhat.com/show_bug.cgi?id=480818
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update horde' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
14 years
Fedora 12 Update: noip-2.1.9-7.fc12
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-4372
2010-03-13 01:31:15
--------------------------------------------------------------------------------
Name : noip
Product : Fedora 12
Version : 2.1.9
Release : 7.fc12
URL : http://www.no-ip.com
Summary : A dynamic DNS update client
Description :
Keep your current IP address in sync with your No-IP host or domain with
this Dynamic Update Client (DUC). The client continually checks for IP
address changes in the background and automatically updates the DNS at
No-IP whenever it changes.
N.B. You need to run
%# noip2 -C
before starting the service.
--------------------------------------------------------------------------------
Update Information:
Removed trailing space from %pre script that caused errors.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 12 2010 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 2.1.9-7
- Remove trailing space, causing %pre scriptlet to fail.
* Sun Jan 10 2010 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 2.1.9-6
- Bump release.
* Sat Sep 26 2009 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 2.1.9-5
- Remove exit statement from %pre.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #571230 - typo in install script
https://bugzilla.redhat.com/show_bug.cgi?id=571230
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update noip' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
14 years
[SECURITY] Fedora 12 Update: asterisk-1.6.1.17-1.fc12
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-3381
2010-03-03 01:36:19
--------------------------------------------------------------------------------
Name : asterisk
Product : Fedora 12
Version : 1.6.1.17
Release : 1.fc12
URL : http://www.asterisk.org/
Summary : The Open Source PBX
Description :
Asterisk is a complete PBX in software. It runs on Linux and provides
all of the features you would expect from a PBX and more. Asterisk
does voice over IP in three protocols, and can interoperate with
almost all standards-based telephony equipment using relatively
inexpensive hardware.
--------------------------------------------------------------------------------
Update Information:
Update to 1.6.1.17 * AST-2010-003: Invalid parsing of ACL rules can compromise
security * AST-2010-002: This security release is intended to raise awareness of
how it is possible to insert malicious strings into dialplans, and to advise
developers to read the best practices documents so that they may easily avoid
these dangers. * AST-2010-001: An attacker attempting to negotiate T.38 over SIP
can remotely crash Asterisk by modifying the FaxMaxDatagram field of the SDP to
contain either a negative or exceptionally large value. The same crash occurs
when the FaxMaxDatagram field is omitted from the SDP as well.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 1 2010 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.6.1.17-1
- Update to 1.6.1.17
-
- * AST-2010-003: Invalid parsing of ACL rules can compromise security
- * AST-2010-002: This security release is intended to raise awareness
- of how it is possible to insert malicious strings into dialplans,
- and to advise developers to read the best practices documents so
- that they may easily avoid these dangers.
- * AST-2010-001: An attacker attempting to negotiate T.38 over SIP can
- remotely crash Asterisk by modifying the FaxMaxDatagram field of
- the SDP to contain either a negative or exceptionally large value.
- The same crash occurs when the FaxMaxDatagram field is omitted from
- the SDP as well.
* Mon Dec 21 2009 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.6.1.12-1
- Update to 1.6.1.12
* Mon Nov 30 2009 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.6.1.11-1
- Update to 1.6.1.11 to fix AST-2009-010/CVE-2009-4055
* Thu Nov 19 2009 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.6.1.10-1
- Update to 1.6.1.10
- Drop unneeded patch to get Lua extensions building
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #561332 - CVE-2010-0441 Asterisk: Remote DoS via specially-crafted FaxMaxDatagram SDP packets (AST-2010-001)
https://bugzilla.redhat.com/show_bug.cgi?id=561332
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update asterisk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
14 years
Fedora 12 Update: geos-3.2.1-1.fc12
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-5479
2010-04-01 00:18:04
--------------------------------------------------------------------------------
Name : geos
Product : Fedora 12
Version : 3.2.1
Release : 1.fc12
URL : http://trac.osgeo.org/geos/
Summary : GEOS is a C++ port of the Java Topology Suite
Description :
GEOS (Geometry Engine - Open Source) is a C++ port of the Java Topology
Suite (JTS). As such, it aims to contain the complete functionality of
JTS in C++. This includes all the OpenGIS "Simple Features for SQL" spatial
predicate functions and spatial operators, as well as specific JTS topology
functions such as IsValid()
--------------------------------------------------------------------------------
Update Information:
This bugfix release fixes a bug in Validity computation which results in the
postgis's ST_IsValid() to return TRUE for possibly invalid geometries. In
particular, multi-component geometries were affected. This version plugs
painlessly in existing PostGIS installations, just update to 3.2.1 and you
would get a correct ST_isValid() implementation.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 30 2010 Devrim GUNDUZ <devrim(a)gunduz.org> - 3.2.1-1
- Update to 3.2.1
* Wed Jan 6 2010 Devrim GUNDUZ <devrim(a)gunduz.org> - 3.2.0-1
- Update to 3.2.0
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update geos' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
14 years