[SECURITY] Fedora EPEL 5 Update: mongoose-2.8-7.el5

Sat Sep 17 21:59:11 UTC 2011

--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2011-4316
2011-08-31 22:25:26
--------------------------------------------------------------------------------

Name        : mongoose
Product     : Fedora EPEL 5
Version     : 2.8
Release     : 7.el5
URL         : http://code.google.com/p/mongoose
Summary     : An easy-to-use self-sufficient web server
Description :
Mongoose web server executable is self-sufficient, it does not depend on
anything to start serving requests. If it is copied to any directory and
executed, it starts to serve that directory on port 8080 (so to access files,
go to http://localhost:8080). If some additional configuration is required -
for example, different listening port or IP-based access control, then a
'mongoose.conf' file with respective options can be created in the same
directory where executable lives. This makes Mongoose perfect for all sorts
of demos, quick tests, file sharing, and Web programming.

--------------------------------------------------------------------------------
Update Information:

Add backport patch to fix CVE-2011-2900 (729146)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #729145 - CVE-2011-2900 mongoose: stack-based buffer overflow flaw in put_dir()
        https://bugzilla.redhat.com/show_bug.cgi?id=729145
--------------------------------------------------------------------------------

This update can be installed with the "yum" update programs.  Use
su -c 'yum update mongoose' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora EPEL GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------