Fedora 19 Update: perl-Signal-Mask-0.007-1.fc19
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-6478
2014-05-18 22:13:58
--------------------------------------------------------------------------------
Name : perl-Signal-Mask
Product : Fedora 19
Version : 0.007
Release : 1.fc19
URL : http://search.cpan.org/dist/Signal-Mask/
Summary : Signal masks made easy
Description :
Signal::Mask is an abstraction around your process or thread signal mask.
It is used to fetch and/or change the signal mask of the calling process or
thread. The signal mask is the set of signals whose delivery is currently
blocked for the caller. It is available as the global hash Signal::Mask.
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1087401 - Review Request:perl-Signal-Mask - Signal masks made easy
https://bugzilla.redhat.com/show_bug.cgi?id=1087401
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update perl-Signal-Mask' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years
Fedora 20 Update: python3-postgresql-1.1.0-1.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-6495
2014-05-21 01:29:39
--------------------------------------------------------------------------------
Name : python3-postgresql
Product : Fedora 20
Version : 1.1.0
Release : 1.fc20
URL : http://python.projects.postgresql.org/
Summary : Connect to PostgreSQL with Python 3
Description :
python-postgresql is a Python 3 package providing modules to work with
PostgreSQL. This includes a high-level driver, and many other tools that
support a developer working with PostgreSQL databases.
--------------------------------------------------------------------------------
Update Information:
Rebase to new version that supports PostgreSQL 9.2.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 19 2014 Honza Horak <hhorak(a)redhat.com> - 1.1.0-1
- Rebase to 1.1.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1082216 - python3-postgresql 1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1082216
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update python3-postgresql' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years
Fedora 20 Update: ssldump-0.9-0.9.b3.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-6296
2014-05-13 04:00:37
--------------------------------------------------------------------------------
Name : ssldump
Product : Fedora 20
Version : 0.9
Release : 0.9.b3.fc20
URL : http://www.rtfm.com/ssldump/
Summary : An SSLv3/TLS network protocol analyzer
Description :
This program is an SSLv3/TLS network protocol analyzer. It identifies TCP
connections on the chosen network interface and attempts to interpret them
as SSLv3/TLS traffic. When ssldump identifies SSLv3/TLS traffic, ssldump
decodes the records and displays them in a textual form to stdout. And if
provided with the appropriate keying material, ssldump will also decrypt
the connections and display the application data traffic. This program is
based on tcpdump, a network monitoring and data acquisition tool.
--------------------------------------------------------------------------------
Update Information:
- Added a patch which adds further link layer offsets
- Added patch to include traffic with(out) the 802.1Q VLAN header
- Added patch for TLSv1.1/TLSv1.2 application data decrypt support
- Added a patch to update known cipher suites according to IANA
- Added patch with new cipher suites for application data decoding
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 11 2014 Robert Scheck <robert(a)fedoraproject.org> 0.9-0.9.b3
- Added a patch which adds further link layer offsets
- Added patch to include traffic with(out) the 802.1Q VLAN header
- Added patch for TLSv1.1/TLSv1.2 application data decrypt support
- Added a patch to update known cipher suites according to IANA
- Added patch with new cipher suites for application data decoding
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update ssldump' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years
[SECURITY] Fedora 20 Update: python-django-1.6.5-1.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-6449
2014-05-17 05:40:31
--------------------------------------------------------------------------------
Name : python-django
Product : Fedora 20
Version : 1.6.5
Release : 1.fc20
URL : http://www.djangoproject.com/
Summary : A high-level Python Web framework
Description :
Django is a high-level Python Web framework that encourages rapid
development and a clean, pragmatic design. It focuses on automating as
much as possible and adhering to the DRY (Don't Repeat Yourself)
principle.
--------------------------------------------------------------------------------
Update Information:
update to 1.6.5 fixing CVE-2014-1418
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 16 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.5-1
- update to 1.6.5 CVE-2014-1418, CVE-2014-3730 (rhbz#1097935)
* Mon May 12 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.4-2
- don't hardcode python3.3
* Wed May 7 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.4-1
- update to 1.6.4 fix a potential regression in reverse()
* Tue Apr 22 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.3-1
- update to 1.6.3 fixing CVE-2014-0473 and CVE-2014-0474
* Thu Mar 27 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.2-2
- remove simplejson requirement
- make bash-completion a sub-package, both main packages can require
* Thu Feb 13 2014 Matthias Runge <mrunge(a)redhat.com> - 1.6.2-1
- update to 1.6.2 (rhbz#1027766)
- bash completion for python3-django-admin (rhbz#1035987)
* Sun Nov 24 2013 Matěj Cepl <mcepl(a)redhat.com> - 1.6-1
- update to 1.6 (rhbz#1027766)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1097500 - CVE-2014-1418 Django: cached data possibly served to the wrong session
https://bugzilla.redhat.com/show_bug.cgi?id=1097500
[ 2 ] Bug #1097505 - CVE-2014-3730 Django: insufficient URL validation could lead to redirects
https://bugzilla.redhat.com/show_bug.cgi?id=1097505
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update python-django' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years
Fedora 20 Update: xen-4.3.2-4.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-6486
2014-05-19 03:31:18
--------------------------------------------------------------------------------
Name : xen
Product : Fedora 20
Version : 4.3.2
Release : 4.fc20
URL : http://xen.org/
Summary : Xen is a virtual machine monitor
Description :
This package contains the XenD daemon and xm command line
tools, needed to manage virtual machines running under the
Xen hypervisor
--------------------------------------------------------------------------------
Update Information:
add systemd preset support (#1094938)
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 11 2014 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.2-4
- add systemd preset support (#1094938)
* Thu May 1 2014 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.2-3
- HVMOP_set_mem_type allows invalid P2M entries to be created
[XSA-92, CVE-2014-3124] (#1093315)
* Wed Mar 26 2014 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.2-2
- HVMOP_set_mem_access is not preemptible [XSA-89, CVE-2014-2599] (#1080425)
* Tue Feb 18 2014 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.2-1
- update to xen-4.3.2
includes fix for "Excessive time to disable caching with HVM guests with
PCI passthrough" [XSA-60, CVE-2013-2212] (#987914)
- remove patches that are now included
* Wed Feb 12 2014 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.1-10
- use-after-free in xc_cpupool_getinfo() under memory pressure [XSA-88,
CVE-2014-1950] (#1064491)
* Thu Feb 6 2014 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.1-9
- integer overflow in several XSM/Flask hypercalls [XSA-84, CVE-2014-1891,
CVE-2014-1892, CVE-2014-1893, CVE-2014-1894]
Off-by-one error in FLASK_AVC_CACHESTAT hypercall [XSA-85, CVE-2014-1895]
libvchan failure handling malicious ring indexes [XSA-86, CVE-2014-1896]
(#1062335)
* Fri Jan 24 2014 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.1-8
- PHYSDEVOP_{prepare,release}_msix exposed to unprivileged pv guests
[XSA-87, CVE-2014-1666] (#1058398)
* Thu Jan 23 2014 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.1-7
- Out-of-memory condition yielding memory corruption during IRQ setup
[XSA-83, CVE-2014-1642] (#1057142)
* Wed Dec 11 2013 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.1-6
- Disaggregated domain management security status update [XSA-77]
- IOMMU TLB flushing may be inadvertently suppressed [XSA-80, CVE-2013-6400]
(#1040024)
* Mon Dec 2 2013 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.1-5
- HVM guest triggerable AMD CPU erratum may cause host hang
[XSA-82, CVE-2013-6885]
* Tue Nov 26 2013 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.1-4
- Lock order reversal between page_alloc_lock and mm_rwlock
[XSA-74, CVE-2013-4553] (#1034925)
- Hypercalls exposed to privilege rings 1 and 2 of HVM guests
[XSA-76, CVE-2013-4554] (#1034923)
* Thu Nov 21 2013 Michael Young <m.a.young(a)durham.ac.uk> - 4.3.1-3
- Insufficient TLB flushing in VT-d (iommu) code
[XSA-78, CVE-2013-6375] (#1033149)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1094938 - xen: script and/or trigger should not directly enable systemd units
https://bugzilla.redhat.com/show_bug.cgi?id=1094938
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update xen' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years
Fedora 19 Update: freeradius-2.2.5-1.fc19
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-6147
2014-05-09 02:07:54
--------------------------------------------------------------------------------
Name : freeradius
Product : Fedora 19
Version : 2.2.5
Release : 1.fc19
URL : http://www.freeradius.org/
Summary : High-performance and highly configurable free RADIUS server
Description :
The FreeRADIUS Server Project is a high performance and highly configurable
GPL'd free RADIUS server. The server is similar in some respects to
Livingston's 2.0 server. While FreeRADIUS started as a variant of the
Cistron RADIUS server, they don't share a lot in common any more. It now has
many more features than Cistron or Livingston, and is much more configurable.
FreeRADIUS is an Internet authentication daemon, which implements the RADIUS
protocol, as defined in RFC 2865 (and others). It allows Network Access
Servers (NAS boxes) to perform authentication for dial-up users. There are
also RADIUS clients available for Web servers, firewalls, Unix logins, and
more. Using RADIUS allows authentication and authorization for a network to
be centralized, and minimizes the amount of re-configuration which has to be
done when adding or deleting new users.
--------------------------------------------------------------------------------
Update Information:
Upgrade to upstream 2.2.5 release.
Upstream ChangeLog entry follows.
Feature improvements
* Update dictionary.terena.
* expose server version via %v. Patch from Alan Buxey.
* Forbid running with vulnerable versions of OpenSSL. See "allow_vulnerable_openssl" in the "security" subsection of "radiusd.conf"
* Catch underlying "heartbleed" problem, so that nothing bad happens even when using a vulnerable version of OpenSSL.
* Add dictionary.zte
Bug fixes
* Minor changes to build on Sun.
* Print non-ASCII characters as octal in linelog. Closes #578
* close stdout in daemon mode.
* Fix zombie period calculation. Closes #579
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 8 2014 Nikolai Kondrashov <Nikolai.Kondrashov(a)redhat.com> - 2.2.5-1
- Upgrade to upstream 2.2.5 release.
See /usr/share/doc/freeradius-2.2.5/ChangeLog for details
* Fri Mar 21 2014 Nikolai Kondrashov <Nikolai.Kondrashov(a)redhat.com> - 2.2.4-1
- Rebase onto 2.2.4. Resolves: bug#1078762.
* Fri Feb 21 2014 Nikolai Kondrashov <Nikolai.Kondrashov(a)redhat.com> - 2.2.3-7
- Fix CVE-2014-2015 "freeradius: stack-based buffer overflow flaw in rlm_pap
module"
- resolves: bug#1066984 (fedora 1066763)
* Tue Jan 14 2014 John Dennis <jdennis(a)redhat.com> - 2.2.3-6
- Upgrade to upstream 2.2.3 release
See /usr/share/doc/freeradius-2.2.3/ChangeLog for details
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update freeradius' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years
Fedora 20 Update: php-pear-Mail-Mime-1.8.9-1.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-6390
2014-05-16 08:56:30
--------------------------------------------------------------------------------
Name : php-pear-Mail-Mime
Product : Fedora 20
Version : 1.8.9
Release : 1.fc20
URL : http://pear.php.net/package/Mail_Mime
Summary : Classes to create MIME messages
Description :
Mail_Mime provides classes to deal with the creation and manipulation
of MIME messages. It allows people to create e-mail messages consisting of:
* Text Parts
* HTML Parts
* Inline HTML Images
* Attachments
* Attached messages
It supports big messages, base64 and quoted-printable encoding and
non-ASCII characters in file names, subjects, recipients, etc. encoded
using RFC2047 and/or RFC2231.
--------------------------------------------------------------------------------
Update Information:
Upstream Changelog:
* Fixed Bug #20273: Incorrect handling of HTAB in encodeHeader() [alec]
* Fixed Bug #20226: Mail_mimePart::encodeHeader does not encode ISO-2022-JP string [alec]
* Fixed Bug #20222: Broken Compatybility with PHP4 [alec]
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 14 2014 Remi Collet <remi(a)fedoraproject.org> - 1.8.9-1
- update to 1.8.9
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update php-pear-Mail-Mime' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years
Fedora 19 Update: ssldump-0.9-0.9.b3.fc19
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-6287
2014-05-13 04:00:18
--------------------------------------------------------------------------------
Name : ssldump
Product : Fedora 19
Version : 0.9
Release : 0.9.b3.fc19
URL : http://www.rtfm.com/ssldump/
Summary : An SSLv3/TLS network protocol analyzer
Description :
This program is an SSLv3/TLS network protocol analyzer. It identifies TCP
connections on the chosen network interface and attempts to interpret them
as SSLv3/TLS traffic. When ssldump identifies SSLv3/TLS traffic, ssldump
decodes the records and displays them in a textual form to stdout. And if
provided with the appropriate keying material, ssldump will also decrypt
the connections and display the application data traffic. This program is
based on tcpdump, a network monitoring and data acquisition tool.
--------------------------------------------------------------------------------
Update Information:
- Added a patch which adds further link layer offsets
- Added patch to include traffic with(out) the 802.1Q VLAN header
- Added patch for TLSv1.1/TLSv1.2 application data decrypt support
- Added a patch to update known cipher suites according to IANA
- Added patch with new cipher suites for application data decoding
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 11 2014 Robert Scheck <robert(a)fedoraproject.org> 0.9-0.9.b3
- Added a patch which adds further link layer offsets
- Added patch to include traffic with(out) the 802.1Q VLAN header
- Added patch for TLSv1.1/TLSv1.2 application data decrypt support
- Added a patch to update known cipher suites according to IANA
- Added patch with new cipher suites for application data decoding
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.9-0.8.b3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update ssldump' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years
Fedora 19 Update: glite-px-proxyrenewal-1.3.35-1.fc19
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-6112
2014-05-08 09:10:58
--------------------------------------------------------------------------------
Name : glite-px-proxyrenewal
Product : Fedora 19
Version : 1.3.35
Release : 1.fc19
URL : http://glite.cern.ch
Summary : gLite proxyrenewal renews existing proxy certificates for grid users
Description :
The daemon is responsible for secure and controlled way of periodical renewal
of user proxy certificates. Its primary goal is to support long-time jobs
running on the grid.
--------------------------------------------------------------------------------
Update Information:
New release 1.3.35.
Changes:
* Make sure 1024-bit keys are explicitly requested from Globus for initiating proxy certificates, overriding the current Globus default of 512 bits
* Hardened build has been enabled, result binaries are more secured now
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 6 2014 František Dvořák <valtri(a)civ.zcu.cz> - 1.3.35-1
- Release glite-px-proxyrenewal 1.3.35
- Enable hardened build
- Update patches, add EPEL 7 support
- Simplify scriptlets
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update glite-px-proxyrenewal' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years
Fedora 20 Update: lohit-nepali-fonts-2.94.0-1.fc20
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-6382
2014-05-16 08:56:11
--------------------------------------------------------------------------------
Name : lohit-nepali-fonts
Product : Fedora 20
Version : 2.94.0
Release : 1.fc20
URL : https://fedorahosted.org/lohit/
Summary : Free TrueType fonts for Nepali language
Description :
This package provides a free TrueType font for Nepali language.
--------------------------------------------------------------------------------
Update Information:
This is an update with latest upstream release.
This is an update with enhanced upstream new release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 15 2014 Pravin Satpute <psatpute(a)redhat.com> - 2.94.0-1
- Upstream release 2.94.0
- Positioning lookup clean-up.
- Improved grid fitting(GASP) table.
- Renamed anchors to DVAnchor.
- Using glyph reference (copy reference) instead of whole glyph points.
- Auto test integrated with Makefile ($make test).
- Resolved #32: "सर्व्हिस does not render correctly"
- Resolved #33: "improper rendering for word : "मञ्यांच्या""
* Mon Dec 30 2013 Pravin Satpute <psatpute(a)redhat.com> - 2.93.0-1
- Upstream release 2.93.0
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update lohit-nepali-fonts' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
10 years