Fedora EPEL 4 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Mon Nov 8 16:15:30 UTC 2010 

The following Fedora EPEL 4 Security updates need testing:

    https://admin.fedoraproject.org/updates/mod_fcgid-2.2-11.el4
    https://admin.fedoraproject.org/updates/gnucash-2.0.5-4.el4
    https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.el4


The following builds have been pushed to Fedora EPEL 4 updates-testing

    mod_fcgid-2.2-11.el4

Details about builds:


================================================================================
 mod_fcgid-2.2-11.el4 (FEDORA-EPEL-2010-3646)
 Apache2 module for high-performance server-side scripting
--------------------------------------------------------------------------------
Update Information:

This update includes a back-ported fix from upstream version 2.3.6 addressing a possible stack buffer overwrite (CVE-2010-3872), plus another back-ported fix for making the server return a 500 error code instead of segfaulting if a FastCGI application returns no data for a request.

--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov  5 2010 Paul Howarth <paul at city-fan.org> 2.2-11
- Fix possible stack buffer overwrite (CVE-2010-3872)
- Return 500 instead of segfaulting if application returns no data
- Explicitly use /var/run/mod_fcgid as "run" directory rather than following
  /etc/httpd/run symlink
- Conflict with selinux-policy versions prior to EL 5.5 as earlier ones didn't
  work properly
- Re-order sources
- Minor documentation updates
* Mon Apr  6 2009 Paul Howarth <paul at city-fan.org> 2.2-10
- EL 5.3 now has SELinux support in the main selinux-policy package so handle
  that release as per Fedora >= 8, except that the RHEL selinux-policy package
  doesn't Obsolete/Provide mod_fcgid-selinux like the Fedora version, so do
  the obsoletion here instead
* Thu Feb 26 2009 Paul Howarth <paul at city-fan.org> 2.2-9
- Update documentation for MoinMoin, Rails (#476658), and SELinux
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Wed Nov 12 2008 Paul Howarth <paul at city-fan.org> 2.2-7
- SELinux policy module no longer built for Fedora 8 onwards as it is
  obsoleted by the main selinux-policy package
- Conflicts for selinux-policy packages older than the releases where mod_fcgid
  policy was incorporated have been added for Fedora 8, 9, and 10 versions, to
  ensure that SELinux support will work if installed
* Tue Oct 21 2008 Paul Howarth <paul at city-fan.org> 2.2-6
- SELinux policy module rewritten to merge fastcgi and system script domains
  in preparation for merge into main selinux-policy package (#462318)
- Try to determine supported SELinux policy types by reading /etc/selinux/config
* Thu Jul 24 2008 Paul Howarth <paul at city-fan.org> 2.2-5
- Tweak selinux-policy version detection macro to work with current Rawhide
--------------------------------------------------------------------------------

More information about the epel-devel-list mailing list