April 2017 - package-announce - Fedora Mailing-Lists

[SECURITY] Fedora 24 Update: ansible-2.3.0.0-3.fc24

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-c2129c77ca 2017-04-29 17:48:34.994910 -------------------------------------------------------------------------------- Name : ansible Product : Fedora 24 Version : 2.3.0.0 Release : 3.fc24 URL : http://ansible.com Summary : SSH-based configuration management, deployment, and task execution system Description : Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. -------------------------------------------------------------------------------- Update Information: Backport fix for https://github.com/ansible/ansible/issues/22572 ---- Many bugfixes and improvements. See https://github.com/ansible/ansible/blob/stable-2.3/CHANGELOG.md for full list of changes. rst and html docs have been split out into a ansible-docs subpackage. Includes fix for CVE-2017-7466 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441355 - CVE-2017-7466 ansible: Arbitrary code execution on control node (incomplete fix for CVE-2016-9587) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1441355 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade ansible' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

7 years

1
0
0 / 0

Fedora 24 Update: perl-Tree-Simple-1.31-1.fc24

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-88b770fb66 2017-04-29 17:48:34.994716 -------------------------------------------------------------------------------- Name : perl-Tree-Simple Product : Fedora 24 Version : 1.31 Release : 1.fc24 URL : http://search.cpan.org/dist/Tree-Simple/ Summary : Tree::Simple Perl module Description : A simple tree object. -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade perl-Tree-Simple' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

7 years

1
0
0 / 0

Fedora 24 Update: ncrack-0.5-2.fc24

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-90e5f6f871 2017-04-29 17:48:34.994548 -------------------------------------------------------------------------------- Name : ncrack Product : Fedora 24 Version : 0.5 Release : 2.fc24 URL : http://nmap.org/ncrack/ Summary : High-speed network auth cracking tool Description : Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts. -------------------------------------------------------------------------------- Update Information: Update to the latest version of ncrack. Fix the buid for fc26 (related to switch to compat version of openssl). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1423982 - ncrack: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1423982 [ 2 ] Bug #1332115 - New ncrack release available https://bugzilla.redhat.com/show_bug.cgi?id=1332115 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade ncrack' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

7 years

1
0
0 / 0

Fedora 24 Update: fail2ban-0.9.6-4.fc24

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-44cc991a04 2017-04-29 17:48:34.994402 -------------------------------------------------------------------------------- Name : fail2ban Product : Fedora 24 Version : 0.9.6 Release : 4.fc24 URL : http://fail2ban.sourceforge.net/ Summary : Daemon to ban hosts that cause multiple authentication errors Description : Fail2Ban scans log files and bans IP addresses that makes too many password failures. It updates firewall rules to reject the IP address. These rules can be defined by the user. Fail2Ban can read multiple log files such as sshd or Apache web server ones. Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services. This is a meta-package that will install the default configuration. Other sub-packages are available to install support for other actions and configurations. -------------------------------------------------------------------------------- Update Information: Properly handle /run/fail2ban -------------------------------------------------------------------------------- References: [ 1 ] Bug #1442368 - fail2ban is missing /var/run/fail2ban after installation and refuses to start https://bugzilla.redhat.com/show_bug.cgi?id=1442368 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade fail2ban' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

7 years

1
0
0 / 0

[SECURITY] Fedora 24 Update: yara-3.5.0-7.fc24

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-9941306740 2017-04-29 17:48:34.993853 -------------------------------------------------------------------------------- Name : yara Product : Fedora 24 Version : 3.5.0 Release : 7.fc24 URL : http://VirusTotal.github.io/yara/ Summary : Pattern matching Swiss knife for malware researchers Description : YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a Boolean expression which determine its logic. -------------------------------------------------------------------------------- Update Information: Security fix CVE-2016-10210 CVE-2016-10211 CVE-2017-5923 CVE-2017-5924 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440738 - CVE-2017-8294 CVE-2017-5924 CVE-2017-5923 CVE-2016-10210 CVE-2016-10211 yara: Multiple security issues https://bugzilla.redhat.com/show_bug.cgi?id=1440738 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade yara' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

7 years

1
0
0 / 0

Fedora 25 Update: kexec-tools-2.0.13-7.fc25.3

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-9ec72b6b2b 2017-04-28 19:59:31.371099 -------------------------------------------------------------------------------- Name : kexec-tools Product : Fedora 25 Version : 2.0.13 Release : 7.fc25.3 URL : None Summary : The kexec/kdump userspace component Description : kexec-tools provides /sbin/kexec binary that facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. This package contains the /sbin/kexec binary and ancillary utilities that together form the userspace component of the kernel's kexec feature. -------------------------------------------------------------------------------- Update Information: This build fixes kdump kernel boot failure caused by kernel kaslr by adding nokaslr to kdump kernel boot cmdline params for x86_64. -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade kexec-tools' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

7 years

1
0
0 / 0

Fedora 25 Update: nodejs-emojione-2.2.7-3.fc25

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-f030165dc0 2017-04-28 19:59:31.371041 -------------------------------------------------------------------------------- Name : nodejs-emojione Product : Fedora 25 Version : 2.2.7 Release : 3.fc25 URL : http://www.emojione.com Summary : EmojiOne is a complete set of emojis designed for the web Description : EmojiOne is a complete set of emojis designed for the web. It includes libraries to easily convert unicode characters to shortnames (:smile:) and shortnames to our custom emoji images. PNG and SVG formats provided for the emoji images. -------------------------------------------------------------------------------- Update Information: package.js* are now moved from base package to json package. -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade nodejs-emojione' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

7 years

1
0
0 / 0

Fedora 25 Update: mate-icon-theme-1.16.2-1.fc25

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-a53d36cc38 2017-04-28 19:59:31.370985 -------------------------------------------------------------------------------- Name : mate-icon-theme Product : Fedora 25 Version : 1.16.2 Release : 1.fc25 URL : http://mate-desktop.org Summary : Icon theme for MATE Desktop Description : Icon theme for MATE Desktop -------------------------------------------------------------------------------- Update Information: - update to new upstream release - fix some broken flags -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade mate-icon-theme' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

7 years

1
0
0 / 0

[SECURITY] Fedora 25 Update: community-mysql-5.7.18-2.fc25

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-fe6e14dcf9 2017-04-28 19:59:31.370922 -------------------------------------------------------------------------------- Name : community-mysql Product : Fedora 25 Version : 5.7.18 Release : 2.fc25 URL : http://www.mysql.com Summary : MySQL client programs and shared libraries Description : MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. -------------------------------------------------------------------------------- Update Information: Update to 5.7.18 CVEs fixed by this update can be found here: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #1414386 - CVE-2017-3265 community-mysql: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1414386 [ 2 ] Bug #1443407 - CVE-2017-3308 CVE-2017-3309 CVE-2017-3450 CVE-2017-3453 CVE-2017-3456 CVE-2017-3461 CVE-2017-3462 CVE-2017-3463 CVE-2017-3464 CVE-2017-3599 community-mysql: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1443407 [ 3 ] Bug #1441001 - community-mysql-5.7.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1441001 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade community-mysql' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

7 years

1
0
0 / 0

Fedora 25 Update: squidGuard-1.4-28.fc25

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-2cacf8847a 2017-04-28 19:59:31.370860 -------------------------------------------------------------------------------- Name : squidGuard Product : Fedora 25 Version : 1.4 Release : 28.fc25 URL : http://www.squidguard.org/ Summary : Filter, redirector and access controller plugin for squid Description : squidGuard can be used to - limit the web access for some users to a list of accepted/well known web servers and/or URLs only. - block access to some listed or blacklisted web servers and/or URLs for some users. - block access to URLs matching a list of regular expressions or words for some users. - enforce the use of domainnames/prohibit the use of IP address in URLs. - redirect blocked URLs to an "intelligent" CGI based info page. - redirect unregistered user to a registration form. - redirect popular downloads like Netscape, MSIE etc. to local copies. - redirect banners to an empty GIF. - have different access rules based on time of day, day of the week, date etc. - have different rules for different user groups. - and much more.. Neither squidGuard nor Squid can be used to - filter/censor/edit text inside documents - filter/censor/edit embeded scripting languages like JavaScript or VBscript inside HTML -------------------------------------------------------------------------------- Update Information: Maintenance changes only: - Helper protocol patch (bug #1443273, bug #1418267) - Fix logrotate configuration (bug #1394601) - Fix typo in transparent- proxying.service -------------------------------------------------------------------------------- References: [ 1 ] Bug #1443273 - squidGuard does not work with current squid in F25 (and probably other versions) https://bugzilla.redhat.com/show_bug.cgi?id=1443273 [ 2 ] Bug #1418267 - UPGRADE WARNING from squid "url rewriter responded with garbage" https://bugzilla.redhat.com/show_bug.cgi?id=1418267 [ 3 ] Bug #1394601 - squidGuard logrotate config uses wildcard incorrectly https://bugzilla.redhat.com/show_bug.cgi?id=1394601 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade squidGuard' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

7 years

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

package-announce April 2017