[SECURITY] Fedora 23 Update: squidGuard-1.4-26.fc23
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-f8a01aa629
2016-06-30 14:54:20.833449
--------------------------------------------------------------------------------
Name : squidGuard
Product : Fedora 23
Version : 1.4
Release : 26.fc23
URL : http://www.squidguard.org/
Summary : Filter, redirector and access controller plugin for squid
Description :
squidGuard can be used to
- limit the web access for some users to a list of accepted/well known
web servers and/or URLs only.
- block access to some listed or blacklisted web servers and/or URLs
for some users.
- block access to URLs matching a list of regular expressions or words
for some users.
- enforce the use of domainnames/prohibit the use of IP address in
URLs.
- redirect blocked URLs to an "intelligent" CGI based info page.
- redirect unregistered user to a registration form.
- redirect popular downloads like Netscape, MSIE etc. to local copies.
- redirect banners to an empty GIF.
- have different access rules based on time of day, day of the week,
date etc.
- have different rules for different user groups.
- and much more..
Neither squidGuard nor Squid can be used to
- filter/censor/edit text inside documents
- filter/censor/edit embeded scripting languages like JavaScript or
VBscript inside HTML
--------------------------------------------------------------------------------
Update Information:
Unit file fix. ----
http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20150201
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1177012 - ExecStop syntax error in squidGuard.service
https://bugzilla.redhat.com/show_bug.cgi?id=1177012
[ 2 ] Bug #1323211 - "squidGuard" doesn't guard - no errormessages when failing
https://bugzilla.redhat.com/show_bug.cgi?id=1323211
[ 3 ] Bug #1348459 - CVE-2015-8936 squidGuard: Reflected cross site scripting vulnerability in squidGuard.cgi [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1348459
[ 4 ] Bug #1253636 - error: squidGuard:7 error verifying olddir path /var/log/squidGuard/old: No such file or directory
https://bugzilla.redhat.com/show_bug.cgi?id=1253636
[ 5 ] Bug #1253633 - /var/log/squidGuard permissions
https://bugzilla.redhat.com/show_bug.cgi?id=1253633
[ 6 ] Bug #1348458 - CVE-2015-8936 squidGuard: Reflected cross site scripting vulnerability in squidGuard.cgi [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1348458
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update squidGuard' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
7 years, 9 months
Fedora 23 Update: gnome-chemistry-utils-0.14.12-3.fc23
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-591e1730be
2016-06-30 14:54:20.833367
--------------------------------------------------------------------------------
Name : gnome-chemistry-utils
Product : Fedora 23
Version : 0.14.12
Release : 3.fc23
URL : http://www.nongnu.org/gchemutils/
Summary : A set of chemical utilities
Description :
This is a meta-package for applications in the GNOME Chemistry Utils suite:
* A 3D molecular structure viewer (GChem3D).
* A Chemical calculator (GChemCalc).
* A 2D structure editor (GChemPaint).
* A periodic table of the elements application (GChemTable).
* A crystalline structure editor (GCrystal).
* A spectra viewer (GSpectrum).
--------------------------------------------------------------------------------
Update Information:
This is an update to the latest upstream releases of gnumeric and goffice: *
http://gnumeric.org/announcements/1.12/gnumeric-1.12.30.html
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update gnome-chemistry-utils' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
7 years, 9 months
Fedora 23 Update: goffice-0.10.30-1.fc23
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-591e1730be
2016-06-30 14:54:20.833367
--------------------------------------------------------------------------------
Name : goffice
Product : Fedora 23
Version : 0.10.30
Release : 1.fc23
URL : http://projects.gnome.org/gnumeric/index.shtml
Summary : G Office support libraries
Description :
Support libraries for gnome office
--------------------------------------------------------------------------------
Update Information:
This is an update to the latest upstream releases of gnumeric and goffice: *
http://gnumeric.org/announcements/1.12/gnumeric-1.12.30.html
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update goffice' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
7 years, 9 months
Fedora 23 Update: gnumeric-1.12.30-1.fc23
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-591e1730be
2016-06-30 14:54:20.833367
--------------------------------------------------------------------------------
Name : gnumeric
Product : Fedora 23
Version : 1.12.30
Release : 1.fc23
URL : http://projects.gnome.org/gnumeric/
Summary : Spreadsheet program for GNOME
Description :
Gnumeric is a spreadsheet program for the GNOME GUI desktop
environment.
--------------------------------------------------------------------------------
Update Information:
This is an update to the latest upstream releases of gnumeric and goffice: *
http://gnumeric.org/announcements/1.12/gnumeric-1.12.30.html
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update gnumeric' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
7 years, 9 months
Fedora 23 Update: dyninst-9.0.3-3.fc23
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-5118ab44aa
2016-06-30 14:54:20.833306
--------------------------------------------------------------------------------
Name : dyninst
Product : Fedora 23
Version : 9.0.3
Release : 3.fc23
URL : http://www.dyninst.org
Summary : An API for Run-time Code Generation
Description :
Dyninst is an Application Program Interface (API) to permit the insertion of
code into a running program. The API also permits changing or removing
subroutine calls from the application program. Run-time code changes are
useful to support a variety of applications including debugging, performance
monitoring, and to support composing applications out of existing packages.
The goal of this API is to provide a machine independent interface to permit
the creation of tools and applications that use run-time code patching.
--------------------------------------------------------------------------------
Update Information:
Use static TLS for libdyninstAPI_RT.so
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update dyninst' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
7 years, 9 months
[SECURITY] Fedora 23 Update: python-django-horizon-2015.1.4-1.fc23
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-e538b11379
2016-06-30 14:54:20.833240
--------------------------------------------------------------------------------
Name : python-django-horizon
Product : Fedora 23
Version : 2015.1.4
Release : 1.fc23
URL : http://horizon.openstack.org/
Summary : Django application for talking to Openstack
Description :
Horizon is a Django application for providing Openstack UI components.
It allows performing site administrator (viewing account resource usage,
configuring users, accounts, quotas, flavors, etc.) and end user
operations (start/stop/delete instances, create/restore snapshots, view
instance VNC console, etc.)
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-4428, rebase to 2015.1.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1343982 - CVE-2016-4428 python-django-horizon: XSS in client side template
https://bugzilla.redhat.com/show_bug.cgi?id=1343982
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update python-django-horizon' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
7 years, 9 months
[SECURITY] Fedora 23 Update: wordpress-4.5.3-1.fc23
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-a5e392ef01
2016-06-30 14:54:20.833183
--------------------------------------------------------------------------------
Name : wordpress
Product : Fedora 23
Version : 4.5.3
Release : 1.fc23
URL : http://www.wordpress.org
Summary : Blog tool and publishing platform
Description :
Wordpress is an online publishing / weblog package that makes it very easy,
almost trivial, to get information out to people on the web.
Important information in /usr/share/doc/wordpress/README.fedora
--------------------------------------------------------------------------------
Update Information:
See upstream announcement [WordPress 4.5.3 Maintenance and Security
Release](ttps://wordpress.org/news/2016/06/wordpress-4-5-3/) Packaging changes:
- provide nginx configuration (fedora) - drop mandatory dependency on httpd
(suggested) #1336091 - protect php files in uploads directory
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1349323 - CVE-2016-5832 CVE-2016-5833 CVE-2016-5834 CVE-2016-5835 CVE-2016-5836 CVE-2016-5837 CVE-2016-5838 CVE-2016-5839 wordpress: 4.5.3 Security Release
https://bugzilla.redhat.com/show_bug.cgi?id=1349323
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update wordpress' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
7 years, 9 months
Fedora 23 Update: rubygem-github-linguist-4.8.7-1.fc23
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-633d8c7555
2016-06-30 14:54:20.833124
--------------------------------------------------------------------------------
Name : rubygem-github-linguist
Product : Fedora 23
Version : 4.8.7
Release : 1.fc23
URL : https://github.com/github/linguist
Summary : GitHub Language detection
Description :
Library to detect blob languages, highlight code, ignore
binary files, suppress generated files in diffs, and generate language
breakdown graphs.
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1348747 - rubygem-github-linguist-v4.8.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1348747
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update rubygem-github-linguist' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
7 years, 9 months
Fedora 23 Update: ghex-3.18.2-1.fc23
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-aaad375aa8
2016-06-30 14:54:20.833039
--------------------------------------------------------------------------------
Name : ghex
Product : Fedora 23
Version : 3.18.2
Release : 1.fc23
URL : http://ftp.gnome.org/pub/GNOME/sources/ghex/
Summary : Binary editor for GNOME
Description :
GHex can load raw data from binary files and display them for editing in the
traditional hex editor view. The display is split in two columns, with
hexadecimal values in one column and the ASCII representation in the other.
A useful tool for working with raw data.
--------------------------------------------------------------------------------
Update Information:
ghex 3.18.2 release with translation updates.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update ghex' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
7 years, 9 months
[SECURITY] Fedora 23 Update: struts-1.3.10-18.fc23
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-21bd6a33af
2016-06-30 14:54:20.832965
--------------------------------------------------------------------------------
Name : struts
Product : Fedora 23
Version : 1.3.10
Release : 18.fc23
URL : http://struts.apache.org/
Summary : Web application framework
Description :
Welcome to the Struts Framework! The goal of this project is to provide
an open source framework useful in building web applications with Java
Servlet and JavaServer Pages (JSP) technology. Struts encourages
application architectures based on the Model-View-Controller (MVC)
design paradigm, colloquially known as Model 2 in discussions on various
servlet and JSP related mailing lists.
Struts includes the following primary areas of functionality:
A controller servlet that dispatches requests to appropriate Action
classes provided by the application developer.
JSP custom tag libraries, and associated support in the controller
servlet, that assists developers in creating interactive form-based
applications.
Utility classes to support XML parsing, automatic population of
JavaBeans properties based on the Java reflection APIs, and
internationalization of prompts and messages.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2016-1181, CVE-2016-1182
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1343538 - CVE-2016-1181 struts: Vulnerability in ActionForm allows unintended remote operations against components on server memory
https://bugzilla.redhat.com/show_bug.cgi?id=1343538
[ 2 ] Bug #1343540 - CVE-2016-1182 struts: Improper input validation in Validator
https://bugzilla.redhat.com/show_bug.cgi?id=1343540
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update struts' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
7 years, 9 months