Fedora 13 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Mon May 9 20:59:01 UTC 2011


The following Fedora 13 Security updates need testing:

    https://admin.fedoraproject.org/updates/tor-0.2.1.29-1300.fc13
    https://admin.fedoraproject.org/updates/libtiff-3.9.5-1.fc13
    https://admin.fedoraproject.org/updates/vino-2.28.3-1.fc13
    https://admin.fedoraproject.org/updates/seamonkey-2.0.14-1.fc13
    https://admin.fedoraproject.org/updates/libmodplug-0.8.7-3.fc13
    https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
    https://admin.fedoraproject.org/updates/libcgroup-0.35.1-5.fc13
    https://admin.fedoraproject.org/updates/polkit-0.96-2.fc13
    https://admin.fedoraproject.org/updates/xorg-x11-server-utils-7.4-17.fc13
    https://admin.fedoraproject.org/updates/kernel-2.6.34.9-69.fc13
    https://admin.fedoraproject.org/updates/perl-Mojolicious-0.999925-4.fc13
    https://admin.fedoraproject.org/updates/wordpress-3.1.2-1.fc13
    https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc13
    https://admin.fedoraproject.org/updates/mediawiki-1.16.5-59.fc13
    https://admin.fedoraproject.org/updates/postfix-2.7.4-1.fc13


The following Fedora 13 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/kernel-2.6.34.9-69.fc13
    https://admin.fedoraproject.org/updates/polkit-0.96-2.fc13
    https://admin.fedoraproject.org/updates/xorg-x11-drv-penmount-1.4.1-2.fc13
    https://admin.fedoraproject.org/updates/python-ethtool-0.7-2.fc13
    https://admin.fedoraproject.org/updates/libtiff-3.9.5-1.fc13
    https://admin.fedoraproject.org/updates/pygtk2-2.17.0-9.fc13
    https://admin.fedoraproject.org/updates/dosfstools-3.0.9-5.fc13
    https://admin.fedoraproject.org/updates/libimobiledevice-1.0.6-1.fc13
    https://admin.fedoraproject.org/updates/usbmuxd-1.0.7-1.fc13
    https://admin.fedoraproject.org/updates/fuse-2.8.5-5.fc13
    https://admin.fedoraproject.org/updates/libcgroup-0.35.1-5.fc13
    https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
    https://admin.fedoraproject.org/updates/livecd-tools-13.2-1.fc13
    https://admin.fedoraproject.org/updates/lua-5.1.4-7.fc13
    https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13
    https://admin.fedoraproject.org/updates/lldpad-0.9.26-2.fc13


The following builds have been pushed to Fedora 13 updates-testing

    mediawiki-1.16.5-59.fc13
    postfix-2.7.4-1.fc13
    vino-2.28.3-1.fc13

Details about builds:


================================================================================
 mediawiki-1.16.5-59.fc13 (FEDORA-2011-6775)
 A wiki engine
--------------------------------------------------------------------------------
Update Information:

Mediawiki 1.16.5 was released to correct two security flaws:

The first issue is yet another recurrence of the Internet Explorer 6 XSS vulnerability that caused the release of 1.16.4. It was pointed out that there are dangerous extensions with more than four characters, so the regular expressions we introduced had to be updated to match longer extensions. (CVE-2011-1765)

The second issue allows unauthenticated users to gain additional
rights, on wikis where $wgBlockDisablesLogin is enabled. By default, it is disabled. The issue occurs when a malicious user sends cookies which contain the user name and user ID of a "victim" account. In certain circumstances, the rights of the victim are loaded and persist throughout the malicious request, allowing the malicious user to perform actions with the victim's rights. (CVE-2011-1766)

$wgBlockDisablesLogin is a feature which is sometimes used on private wikis to prevent users who have an account from logging in and viewing content on the wiki.
--------------------------------------------------------------------------------
ChangeLog:

* Sun May  8 2011 Axel Thimm <Axel.Thimm at ATrpms.net> - 1.16.5-59
- Update to 1.16.5.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #702512 - CVE-2011-1765 mediawiki: two vulnerabilities fixed in 1.16.5
        https://bugzilla.redhat.com/show_bug.cgi?id=702512
--------------------------------------------------------------------------------


================================================================================
 postfix-2.7.4-1.fc13 (FEDORA-2011-6777)
 Postfix Mail Transport Agent
--------------------------------------------------------------------------------
Update Information:

This is an update that fixes memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720). For original upstream announcement see: http://archives.neohapsis.com/archives/postfix/2011-05/0208.html
--------------------------------------------------------------------------------
ChangeLog:

* Mon May  9 2011 Jaroslav Škarvada <jskarvad at redhat.com> - 2:2.7.4-1
- update to 2.7.4
- fix CVE-2011-1720
--------------------------------------------------------------------------------


================================================================================
 vino-2.28.3-1.fc13 (FEDORA-2011-6778)
 A remote desktop system for GNOME
--------------------------------------------------------------------------------
ChangeLog:

* Sun May  8 2011 Christopher Aillon <caillon at redhat.com> - 2.28.3-1
- Update to 2.28.3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #694455 - CVE-2011-0904 vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests
        https://bugzilla.redhat.com/show_bug.cgi?id=694455
  [ 2 ] Bug #694456 - CVE-2011-0905 vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests
        https://bugzilla.redhat.com/show_bug.cgi?id=694456
--------------------------------------------------------------------------------



More information about the test mailing list