[SECURITY] Fedora 14 Update: cherokee-1.2.99-1.fc14

updates at fedoraproject.org updates at fedoraproject.org
Sun Sep 25 03:50:00 UTC 2011 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-12687
2011-09-14 21:55:09
--------------------------------------------------------------------------------

Name        : cherokee
Product     : Fedora 14
Version     : 1.2.99
Release     : 1.fc14
URL         : http://www.cherokee-project.com/
Summary     : Flexible and Fast Webserver
Description :
Cherokee is a very fast, flexible and easy to configure Web Server. It supports
the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, TLS and SSL
encrypted connections, Virtual hosts, Authentication, on the fly encoding,
Apache compatible log files, and much more.

--------------------------------------------------------------------------------
Update Information:

Latest 1.2.x upstream release and bugzilla resolving
--------------------------------------------------------------------------------
ChangeLog:

* Sat Sep 10 2011 Pavel Lisý <pali at fedoraproject.org> - 1.2.99-1
- Latest 1.2.x upstream release
- Resolves bz 713306
- Resolves bz 710473
- Resolves bz 728741
- Resolves bz 720515
- Resolves bz 701196
- Resolves bz 712555
* Wed Aug 10 2011 Pavel Lisý <pali at fedoraproject.org> - 1.2.98-1
- Latest 1.2.x upstream release
* Wed Mar 23 2011 Dan Horák <dan at danny.cz> - 1.2.1-2
- rebuilt for mysql 5.5.10 (soname bump in libmysqlclient)
* Tue Feb 22 2011 Pavel Lisý <pali at fedoraproject.org> - 1.2.1-1
- Resolves bz 678243
- Resolves bz 680051
- Resolves bz 678838 (EPEL)
- Resolves bz 622514 (EPEL)
* Tue Feb 22 2011 Pavel Lisý <pali at fedoraproject.org> - 1.0.20-4
- Resolves bz 570317
* Tue Feb 22 2011 Pavel Lisý <pali at fedoraproject.org> - 1.0.20-3
- reenabled ppc build for el4/el5
* Tue Feb 22 2011 Pavel Lisý <pali at fedoraproject.org> - 1.0.20-2
- .spec corrections for el4
* Tue Feb 22 2011 Pavel Lisý <pali at fedoraproject.org> - 1.0.20-1
- Latest 1.0.x upstream release (1.0.20)
- Resolves bz 657085
- Resolves bz 678237
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Sep  1 2010 Lorenzo Villani <lvillani at binaryhelix.net> - 1.0.8-2
- Merge changes to cherokee.init from Pavel Lisý (hide cherokee's
  stdout messages)
* Sun Aug 29 2010 Lorenzo Villani <lvillani at binaryhelix.net> - 1.0.8-1
- New upstream release (1.0.8)
- Init script overhaul
- Relevant changes since 1.0.6:
- NEW: Enhanced 'Header' rule match
- NEW: Improved extensions rule
- FIX: SSL/TLS works with Firefox again
- FIX: Better SSL/TLS connection close
- FIX: Range requests work better now
- FIX: Hot-linking wizard w/o Referer
- FIX: Hot-linking wizard usability
- FIX: Minor CSS fix in the default dirlist theme
- FIX: POST management issue
- FIX: PHP wizard, better configuration
- FIX: admin, unresponsive button
- DOC: Misc improvements
- i18n: French translation updated
* Fri Aug  6 2010 Lorenzo Villani <lvillani at enterprise.binaryhelix.net> 1.0.6-1
- Relevant changes since 1.0.4
- NEW: Much better UTF-8 encoding
- NEW: Templates support slicing now (as in Python str)
- NEW: 'TLS/SSL' matching rule
- NEW: Reverse HTTP proxy can overwrite "Expire:" entries
- NEW: Redirection handler support the ${host} macro now
- FIX: POST support in the HTTP reverse proxy
- FIX: Some SSL/TLS were fixed. [unfinished]
- FIX: X-Forwarded-For parsing bug fixed
- FIX: Better php-fpm support in the PHP wizard
- FIX: Bundled PySCGI bumped to 1.14
- FIX: Random 100% CPU usage
- FIX: POST management regression in the proxy
- FIX: Connection RST/WAIT_FIN related fixes
- FIX: Dirlist bugfix: symbolic links handling
- FIX: POST status report bug-fixes
- DOC: Documentation updates
- i18n: Spanish translation updated
- i18n: Dutch translation updated
- i18n: Polish translation updated
- i18n: German translation updated
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #713306 - CVE-2011-2190 CVE-2011-2191 cherokee: multiple vulnerabilities [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=713306
  [ 2 ] Bug #710473 - cherokee: A weakness in Cherokee’s administrative interface random administrator password generation [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=710473
  [ 3 ] Bug #728741 - Cherokee package is very old
        https://bugzilla.redhat.com/show_bug.cgi?id=728741
  [ 4 ] Bug #720515 - Provide native systemd unit file
        https://bugzilla.redhat.com/show_bug.cgi?id=720515
  [ 5 ] Bug #701196 - Cherokee not automatically started when installed
        https://bugzilla.redhat.com/show_bug.cgi?id=701196
  [ 6 ] Bug #712555 - Cherokee dies at boot time
        https://bugzilla.redhat.com/show_bug.cgi?id=712555
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update cherokee' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list