From twaugh at redhat.com Thu Jun 3 15:51:25 2004 From: twaugh at redhat.com (Tim Waugh) Date: Thu, 3 Jun 2004 16:51:25 +0100 Subject: Fedora Core 2 Update: cups-1.1.20-11.1 Message-ID: <20040603155125.GG2489@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-144 2004-06-03 --------------------------------------------------------------------- Product : Fedora Core 2 Name : cups Version : 1.1.20 Release : 11.1 Summary : Common Unix Printing System Description : The Common UNIX Printing System provides a portable printing layer for UNIX? operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. --------------------------------------------------------------------- Update Information: Several problems have been fixed, including: o some HTTP handling bugs o failure to use encryption when required o start-up appears to succeed even when it fails --------------------------------------------------------------------- * Wed Jun 02 2004 Tim Waugh 1:1.1.20-11.1 - Undo accidental D-BUS changes. * Wed May 26 2004 Tim Waugh 1:1.1.20-11 - Build requires make >= 3.80 (bug #124472). * Wed May 26 2004 Tim Waugh 1:1.1.20-10 - Finish fix for cupsenable/cupsdisable (bug #102490). - Fix MaxLogSize setting (bug #123003). * Tue May 25 2004 Tim Waugh 1:1.1.20-9 - Apply patches from CVS (authtype) to fix STR #434, STR #611, and as a result STR #719. This fixes several problems including those noted in bug #114999. * Mon May 24 2004 Tim Waugh - Use upstream patch for exit code fix for bug #110135 [STR 718]. * Wed May 19 2004 Tim Waugh 1:1.1.20-8 - If cupsd fails to start, make it exit with an appropriate code so that initlog notifies the user (bug #110135). * Thu May 13 2004 Tim Waugh - Fix cups/util.c:get_num_sdests() to use encryption when it is necessary or requested (bug #118982). - Use upstream patch for the HTTP/1.1 Continue bug (from STR716). * Tue May 11 2004 Tim Waugh 1:1.1.20-7 - Fix non-conformance with HTTP/1.1, which caused failures when printing to a Xerox Phaser 8200 via IPP (bug #122352). - Make lppasswd(1) PIE. - Rotate logs within cupsd (instead of relying on logrotate) if we start to approach the filesystem file size limit (bug #123003). --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 9886040e190bdcac4292e240a95e00d5 SRPMS/cups-1.1.20-11.1.src.rpm 6151363190188b2930b887099d26c9ef i386/cups-1.1.20-11.1.i386.rpm d562479a903f422fc885032abd896587 i386/cups-devel-1.1.20-11.1.i386.rpm 500272e9f6750ba686f5b1548f15edc0 i386/cups-libs-1.1.20-11.1.i386.rpm 6f21a82c92e869dbf507893992c529d4 i386/debug/cups-debuginfo-1.1.20-11.1.i386.rpm 8632e13d2fec0dce37f261327198d849 x86_64/cups-1.1.20-11.1.x86_64.rpm 47f01f98f740b9ccd20b789a28b9c2d4 x86_64/cups-devel-1.1.20-11.1.x86_64.rpm 4262cb06a4399fdfd4462dd64a0d618e x86_64/cups-libs-1.1.20-11.1.x86_64.rpm 362d0c4f1fe2efb9575e9a9b60d88ef9 x86_64/debug/cups-debuginfo-1.1.20-11.1.x86_64.rpm 500272e9f6750ba686f5b1548f15edc0 x86_64/cups-libs-1.1.20-11.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From pknirsch at redhat.com Thu Jun 3 16:00:41 2004 From: pknirsch at redhat.com (Phil Knirsch) Date: Thu, 03 Jun 2004 18:00:41 +0200 Subject: [SECURITY] Fedora Core 1 Update: ethereal-0.10.3-0.1.1 Message-ID: <40BF4B29.2030103@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-152 2004-06-03 --------------------------------------------------------------------- Product : Fedora Core 1 Name : ethereal Version : 0.10.3 Release : 0.1.1 Summary : Network traffic analyzer Description : Ethereal is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for ethereal. A graphical user interface is packaged separately to GTK+ package. --------------------------------------------------------------------- Update Information: Issues have been discovered in the following protocol dissectors: * A SIP packet could make Ethereal crash under specific conditions, as described in the following message: http://www.ethereal.com/lists/ethereal-users/200405/msg00018.html (0.10.3). * The AIM dissector could throw an assertion, causing Ethereal to terminate abnormally (0.10.3). * It was possible for the SPNEGO dissector to dereference a null pointer, causing a crash (0.9.8 to 0.10.3). * The MMSE dissector was susceptible to a buffer overflow. (0.10.1 to 0.10.3). All users of Ethereal are strongly encouraged to update to these latest packages. --------------------------------------------------------------------- * Fri May 28 2004 Phil Knirsch 0.10.3-0.1.1 - Updated to ethereal-0.10.3 - Included backported security fixes from ethereal-0.10.4 * Wed Mar 24 2004 Phil Knirsch 0.10.2.20040324-0.1 - Another updated to CVS version to fix more security problems. * Mon Mar 15 2004 Phil Knirsch 0.10.2-0.1 - Update to latest upstream version 0.10.2. - Make security errata. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 1025a0c7d6dbe9369a2353764ddbc7b9 SRPMS/ethereal-0.10.3-0.1.1.src.rpm 124a9a2914c592276bd0427009c7883c i386/ethereal-0.10.3-0.1.1.i386.rpm 3ec831cf4eaddee5184ddd18796aedc3 i386/ethereal-gnome-0.10.3-0.1.1.i386.rpm 3504ec2a5dfd51cde2b1262644e5ccf0 i386/debug/ethereal-debuginfo-0.10.3-0.1.1.i386.rpm 441e043616370ee4b13e81ca20094d61 x86_64/ethereal-0.10.3-0.1.1.x86_64.rpm ad048fccfa453591c96f3dabc18c5f14 x86_64/ethereal-gnome-0.10.3-0.1.1.x86_64.rpm f89c1bf94f358917813352a0cd82b561 x86_64/debug/ethereal-debuginfo-0.10.3-0.1.1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- Philipp Knirsch | Tel.: +49-711-96437-470 Development | Fax.: +49-711-96437-111 Red Hat GmbH | Email: Phil Knirsch Hauptstaetterstr. 58 | Web: http://www.redhat.de/ D-70178 Stuttgart Motd: You're only jealous cos the little penguins are talking to me. From pknirsch at redhat.com Thu Jun 3 16:02:32 2004 From: pknirsch at redhat.com (Phil Knirsch) Date: Thu, 03 Jun 2004 18:02:32 +0200 Subject: [SECURITY] Fedora Core 2 Update: ethereal-0.10.3-2.1 Message-ID: <40BF4B98.9010802@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-153 2004-06-03 --------------------------------------------------------------------- Product : Fedora Core 2 Name : ethereal Version : 0.10.3 Release : 2.1 Summary : Network traffic analyzer Description : Ethereal is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for ethereal. A graphical user interface is packaged separately to GTK+ package. --------------------------------------------------------------------- Update Information: Issues have been discovered in the following protocol dissectors: * A SIP packet could make Ethereal crash under specific conditions, as described in the following message: http://www.ethereal.com/lists/ethereal-users/200405/msg00018.html (0.10.3). * The AIM dissector could throw an assertion, causing Ethereal to terminate abnormally (0.10.3). * It was possible for the SPNEGO dissector to dereference a null pointer, causing a crash (0.9.8 to 0.10.3). * The MMSE dissector was susceptible to a buffer overflow. (0.10.1 to 0.10.3). All users of the Ethereal package are strongly encouraged to update to these latest packages. --------------------------------------------------------------------- * Tue Jun 01 2004 Phil Knirsch 0.10.3-2.1 - Included backported security fixes from ethereal-0.10.4 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 047f4b58fc2ce78dff5f7f27d588faa7 SRPMS/ethereal-0.10.3-2.1.src.rpm c5954b26aa5e448eb7a1ad1d9ac08692 i386/ethereal-0.10.3-2.1.i386.rpm 052063b1167471b6fcedfa7222a2fc4c i386/ethereal-gnome-0.10.3-2.1.i386.rpm 625e6397e449a2025a4b87fa3724e9cc i386/debug/ethereal-debuginfo-0.10.3-2.1.i386.rpm efdd124a1b6cdbd61d13ddadb1b0ec28 x86_64/ethereal-0.10.3-2.1.x86_64.rpm b0b0bd164858519f316feddeaf3e2db7 x86_64/ethereal-gnome-0.10.3-2.1.x86_64.rpm 57537ac043966efcd69683c547639302 x86_64/debug/ethereal-debuginfo-0.10.3-2.1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- Philipp Knirsch | Tel.: +49-711-96437-470 Development | Fax.: +49-711-96437-111 Red Hat GmbH | Email: Phil Knirsch Hauptstaetterstr. 58 | Web: http://www.redhat.de/ D-70178 Stuttgart Motd: You're only jealous cos the little penguins are talking to me. From pknirsch at redhat.com Thu Jun 3 16:24:39 2004 From: pknirsch at redhat.com (Phil Knirsch) Date: Thu, 03 Jun 2004 18:24:39 +0200 Subject: [SECURITY] Fedora Core 2 Update: net-tools-1.60-25.1 Message-ID: <40BF50C7.60000@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-154 2004-06-03 --------------------------------------------------------------------- Product : Fedora Core 2 Name : net-tools Version : 1.60 Release : 25.1 Summary : Basic networking tools. Description : The net-tools package contains basic networking tools, including ifconfig, netstat, route, and others. --------------------------------------------------------------------- The code in netlink.c is based in part on the code of iproute. It was not updated when CAN-2003-0856 was announced. The code in question is within the netlink_listen & netlink_receive_dump functions. They should both check the source of the packets by looking at nl_pid and ensuring that it is 0 before performing any reconfiguration of network interfaces. These updated packages now contain the latest netplug daemon which fixes that problem. All users of netplug are strongly encouraged to upgrade to these new packages. --------------------------------------------------------------------- * Thu Jun 03 2004 Phil Knirsch 1.60-25.1 - Built FC2 security errata version based on rawhide. * Fri May 14 2004 Phil Knirsch 1.60-27 - Fixed compiler warning/error in netplug. - Updated to netplug-1.2.6 for security update and fixes. * Thu May 06 2004 Phil Knirsch 1.60-26 - Updated netplugd to latest upstream version. - Fixed execshield problem in main.c of netplugd. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 4d37c3c4484a9d0efe3a3f726072454a SRPMS/net-tools-1.60-25.1.src.rpm caa17b1b3a8a9639afdf2483068e0f12 i386/net-tools-1.60-25.1.i386.rpm 6b9bc4fd68b8c4d9f11403f4f10b9e6e i386/debug/net-tools-debuginfo-1.60-25.1.i386.rpm 1a9523abb0871c1c173d3c1c8ec297a1 x86_64/net-tools-1.60-25.1.x86_64.rpm a1fce7c6d5a0eed37d825f70f89ec53c x86_64/debug/net-tools-debuginfo-1.60-25.1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- Philipp Knirsch | Tel.: +49-711-96437-470 Development | Fax.: +49-711-96437-111 Red Hat GmbH | Email: Phil Knirsch Hauptstaetterstr. 58 | Web: http://www.redhat.de/ D-70178 Stuttgart Motd: You're only jealous cos the little penguins are talking to me. From roland at redhat.com Fri Jun 4 04:37:03 2004 From: roland at redhat.com (Roland McGrath) Date: Thu, 3 Jun 2004 21:37:03 -0700 Subject: Fedora Core 2 Update: strace-4.5.4-1 Message-ID: <200406040437.i544b36h019577@magilla.sf.frob.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-156 2004-06-04 --------------------------------------------------------------------- Product : Fedora Core 2 Name : strace Version : 4.5.4 Release : 1 Summary : Tracks and displays system calls associated with a running process. Description : The strace program intercepts and records the system calls called and received by a running process. Strace can print a record of each system call, its arguments and its return value. Strace is useful for diagnosing problems and debugging, as well as for instructional purposes. Install strace if you need a tool to track the system calls made and received by a process. --------------------------------------------------------------------- * Thu Jun 03 2004 Roland McGrath 4.5.4-1 - new upstream version, more ioctls (#122257), minor fixes --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ e7fd7ca352e06982be7f53eca07f3c6a SRPMS/strace-4.5.4-1.src.rpm 8956b5b1155252db37d2bb9d9a4c51fb i386/strace-4.5.4-1.i386.rpm bc72a195340e9d8b21b54009bb818607 i386/debug/strace-debuginfo-4.5.4-1.i386.rpm 695e22ab6ecedc7eeb8b180ee99661f1 x86_64/strace-4.5.4-1.x86_64.rpm 9d745028571faf7ea5b7a47236be6fe6 x86_64/debug/strace-debuginfo-4.5.4-1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From roland at redhat.com Fri Jun 4 04:38:46 2004 From: roland at redhat.com (Roland McGrath) Date: Thu, 3 Jun 2004 21:38:46 -0700 Subject: Fedora Core 1 Update: strace-4.5.4-0.FC1 Message-ID: <200406040438.i544ck8Y019585@magilla.sf.frob.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-155 2004-06-04 --------------------------------------------------------------------- Product : Fedora Core 1 Name : strace Version : 4.5.4 Release : 0.FC1 Summary : Tracks and displays system calls associated with a running process. Description : The strace program intercepts and records the system calls called and received by a running process. Strace can print a record of each system call, its arguments and its return value. Strace is useful for diagnosing problems and debugging, as well as for instructional purposes. Install strace if you need a tool to track the system calls made and received by a process. --------------------------------------------------------------------- * Thu Jun 03 2004 Roland McGrath 4.5.4-0.FC1 - rebuilt for FC1 update * Thu Jun 03 2004 Roland McGrath 4.5.4-1 - new upstream version, more ioctls (#122257), minor fixes * Fri Apr 16 2004 Roland McGrath 4.5.3-1 - new upstream version, mq_* calls (#120701), -p vs NPTL (#120462), more fixes (#118694, #120541, #118685) * Tue Mar 02 2004 Elliot Lee 4.5.2-1.1 - rebuilt * Mon Mar 01 2004 Roland McGrath 4.5.2-1 - new upstream version, sched_* calls (#116990), show core flag (#112117) * Fri Feb 13 2004 Elliot Lee - rebuilt --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 1ea9739391e6d774cf8fdbf3d299dce6 SRPMS/strace-4.5.4-0.FC1.src.rpm c1dc3d89ab2a0489d65edf3ef05de34a i386/strace-4.5.4-0.FC1.i386.rpm f4285155472d964081e1a1004c53d4e9 i386/debug/strace-debuginfo-4.5.4-0.FC1.i386.rpm 012891093dd37048ece9506de7379246 x86_64/strace-4.5.4-0.FC1.x86_64.rpm 544509c69b5257c4ae0639df7cad27cc x86_64/debug/strace-debuginfo-4.5.4-0.FC1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From nalin at redhat.com Fri Jun 4 19:07:41 2004 From: nalin at redhat.com (Nalin Dahyabhai) Date: Fri, 4 Jun 2004 15:07:41 -0400 Subject: [SECURITY] Fedora Core 1 Update: krb5-1.3.3-6 Message-ID: <20040604190740.GE18659@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-149 2004-06-04 --------------------------------------------------------------------- Product : Fedora Core 1 Name : krb5 Version : 1.3.3 Release : 6 Summary : The Kerberos network authentication system. Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. --------------------------------------------------------------------- Update Information: Bugs have been fixed in the krb5_aname_to_localname library function. Specifically, buffer overflows were possible for all Kerberos versions up to and including 1.3.3. The krb5_aname_to_localname function translates a Kerberos principal name to a local account name, typically a UNIX username. This function is frequently used when performing authorization checks. If configured with mappings from particular Kerberos principals to particular UNIX user names, certain functions called by krb5_aname_to_localname will not properly check the lengths of buffers used to store portions of the principal name. If configured to map principals to user names using rules, krb5_aname_to_localname would consistently write one byte past the end of a buffer allocated from the heap. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0523 to this issue. Only configurations which enable the explicit mapping or rules-based mapping functionality of krb5_aname_to_localname() are vulnerable. These configurations are not the default. --------------------------------------------------------------------- * Fri Jun 04 2004 Nalin Dahyabhai 1.3.3-6 - apply updated patch from MITKRB5-SA-2004-001 (revision 2004-06-02) * Tue Jun 01 2004 Nalin Dahyabhai 1.3.3-5 - rebuild * Tue Jun 01 2004 Nalin Dahyabhai 1.3.3-4 - apply patch from MITKRB5-SA-2004-001 (#125001) * Wed May 12 2004 Thomas Woerner 1.3.3-3 - removed rpath * Thu Apr 15 2004 Nalin Dahyabhai 1.3.3-2 - re-enable large file support, fell out in 1.3-1 - patch rcp to use long long and %lld format specifiers when reporting file sizes on large files * Tue Apr 13 2004 Nalin Dahyabhai 1.3.3-1 - update to 1.3.3 * Wed Mar 10 2004 Nalin Dahyabhai 1.3.2-1 - update to 1.3.2 * Mon Mar 08 2004 Nalin Dahyabhai 1.3.1-12 - rebuild * Tue Mar 02 2004 Elliot Lee 1.3.1-11.1 - rebuilt * Fri Feb 13 2004 Elliot Lee 1.3.1-11 - rebuilt * Mon Feb 09 2004 Nalin Dahyabhai 1.3.1-10 - catch krb4 send_to_kdc cases in kdc preference patch * Mon Feb 02 2004 Nalin Dahyabhai 1.3.1-9 - remove patch to set TERM in klogind which, combined with the upstream fix in 1.3.1, actually produces the bug now (#114762) * Mon Jan 19 2004 Nalin Dahyabhai 1.3.1-8 - when iterating over lists of interfaces which are "up" from getifaddrs(), skip over those which have no address (#113347) * Mon Jan 12 2004 Nalin Dahyabhai - prefer the kdc which last replied to a request when sending requests to kdcs * Mon Nov 24 2003 Nalin Dahyabhai 1.3.1-7 - fix combination of --with-netlib and --enable-dns (#82176) * Tue Nov 18 2003 Nalin Dahyabhai - remove libdefault ticket_lifetime option from the default krb5.conf, it is ignored by libkrb5 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 9a19d200ff0a0d6e6c2029c9fd50653c SRPMS/krb5-1.3.3-6.src.rpm e03f00a0916359f8a6005e3fc6b6995c i386/krb5-devel-1.3.3-6.i386.rpm 2d0973874755c7e313cfdf04f6860be7 i386/krb5-libs-1.3.3-6.i386.rpm e4791f4e22a6bb8ab2a7f8fba96a882f i386/krb5-server-1.3.3-6.i386.rpm 720da2c10e2a30d65401425d430ab75d i386/krb5-workstation-1.3.3-6.i386.rpm d52133ae2dd14a5ffb807236e8c46a46 i386/debug/krb5-debuginfo-1.3.3-6.i386.rpm f7b3fd343d8831e217265f0355411f32 x86_64/krb5-devel-1.3.3-6.x86_64.rpm 8d9fa0425dae7bb5aad5642239380918 x86_64/krb5-libs-1.3.3-6.x86_64.rpm 5461eb73a8fe388b767670b71dd867c7 x86_64/krb5-server-1.3.3-6.x86_64.rpm da2a35d9fa2ae594505b959b37abcab4 x86_64/krb5-workstation-1.3.3-6.x86_64.rpm 064b11d2fe16d6f845f850683afabbc4 x86_64/debug/krb5-debuginfo-1.3.3-6.x86_64.rpm 2d0973874755c7e313cfdf04f6860be7 x86_64/krb5-libs-1.3.3-6.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From nalin at redhat.com Fri Jun 4 19:08:50 2004 From: nalin at redhat.com (Nalin Dahyabhai) Date: Fri, 4 Jun 2004 15:08:50 -0400 Subject: [SECURITY] Fedora Core 2 Update: krb5-1.3.3-7 Message-ID: <20040604190846.GF18659@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-150 2004-06-04 --------------------------------------------------------------------- Product : Fedora Core 2 Name : krb5 Version : 1.3.3 Release : 7 Summary : The Kerberos network authentication system. Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. --------------------------------------------------------------------- Update Information: Bugs have been fixed in the krb5_aname_to_localname library function. Specifically, buffer overflows were possible for all Kerberos versions up to and including 1.3.3. The krb5_aname_to_localname function translates a Kerberos principal name to a local account name, typically a UNIX username. This function is frequently used when performing authorization checks. If configured with mappings from particular Kerberos principals to particular UNIX user names, certain functions called by krb5_aname_to_localname will not properly check the lengths of buffers used to store portions of the principal name. If configured to map principals to user names using rules, krb5_aname_to_localname would consistently write one byte past the end of a buffer allocated from the heap. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0523 to this issue. Only configurations which enable the explicit mapping or rules-based mapping functionality of krb5_aname_to_localname() are vulnerable. These configurations are not the default. --------------------------------------------------------------------- * Fri Jun 04 2004 Nalin Dahyabhai 1.3.3-7 - rebuild * Fri Jun 04 2004 Nalin Dahyabhai 1.3.3-6 - apply updated patch from MITKRB5-SA-2004-001 (revision 2004-06-02) * Tue Jun 01 2004 Nalin Dahyabhai 1.3.3-5 - rebuild * Tue Jun 01 2004 Nalin Dahyabhai 1.3.3-4 - apply patch from MITKRB5-SA-2004-001 (#125001) * Wed May 12 2004 Thomas Woerner 1.3.3-3 - removed rpath * Thu Apr 15 2004 Nalin Dahyabhai 1.3.3-2 - re-enable large file support, fell out in 1.3-1 - patch rcp to use long long and %lld format specifiers when reporting file sizes on large files --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 437540335f79da1cbbc18d164e6215c0 SRPMS/krb5-1.3.3-7.src.rpm cd6c377ee71fc3ac7a2ed1451632bc99 i386/krb5-devel-1.3.3-7.i386.rpm 4a4a06a0dd0bddb0bf9aefc35825029c i386/krb5-libs-1.3.3-7.i386.rpm f857845fde8315c8d6416e5d7befc605 i386/krb5-server-1.3.3-7.i386.rpm 84cc98e232f3834450b450d44dd9374a i386/krb5-workstation-1.3.3-7.i386.rpm 1ee42664e020e7fa5a4a1c8202aabdee i386/debug/krb5-debuginfo-1.3.3-7.i386.rpm 6dbdb3334974c1735a044deb2632e3a6 x86_64/krb5-devel-1.3.3-7.x86_64.rpm 864422b001ad11e0468ed53cbe6276fe x86_64/krb5-libs-1.3.3-7.x86_64.rpm 606c96ce4814f686a99d7231aa5a6080 x86_64/krb5-server-1.3.3-7.x86_64.rpm ad1573302d8702c705608d5f2803362d x86_64/krb5-workstation-1.3.3-7.x86_64.rpm 6409ec2efcf54640e58451b32efb270a x86_64/debug/krb5-debuginfo-1.3.3-7.x86_64.rpm 4a4a06a0dd0bddb0bf9aefc35825029c x86_64/krb5-libs-1.3.3-7.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From roland at redhat.com Mon Jun 7 21:08:34 2004 From: roland at redhat.com (Roland McGrath) Date: Mon, 7 Jun 2004 14:08:34 -0700 Subject: Fedora Core 2 Update: bison-1.875c-1 Message-ID: <200406072108.i57L8Y3h017087@magilla.sf.frob.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-157 2004-06-07 --------------------------------------------------------------------- Product : Fedora Core 2 Name : bison Version : 1.875c Release : 1 Summary : A GNU general-purpose parser generator. Description : Bison is a general purpose parser generator that converts a grammar description for an LALR(1) context-free grammar into a C program to parse that grammar. Bison can be used to develop a wide range of language parsers, from ones used in simple desk calculators to complex programming languages. Bison is upwardly compatible with Yacc, so any correctly written Yacc grammar should work with Bison without any changes. If you know Yacc, you shouldn't have any trouble using Bison. You do need to be very proficient in C programming to be able to use Bison. Bison is only needed on systems that are used for development. If your system will be used for C development, you should install Bison. --------------------------------------------------------------------- * Fri Jun 04 2004 Roland McGrath 1.875c-1 - new upstream version (fixes bug #116823) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 583a0bd37ea65a1815df05f28176c06c SRPMS/bison-1.875c-1.src.rpm 7cb8b237d58e62ba57fc8e48c87692f9 i386/bison-1.875c-1.i386.rpm 10eb16f26c380b6800511bdb63e3c0ef i386/debug/bison-debuginfo-1.875c-1.i386.rpm 7b019b597cc6686ecdc6f30fe0cb70e7 x86_64/bison-1.875c-1.x86_64.rpm 0bf1dfcbaf143e7ffe4e17b79112b5a1 x86_64/debug/bison-debuginfo-1.875c-1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From gbenson at redhat.com Wed Jun 9 11:05:43 2004 From: gbenson at redhat.com (Gary Benson) Date: Wed, 9 Jun 2004 12:05:43 +0100 Subject: [SECURITY] Fedora Core 1 Update: squirrelmail-1.4.3-0.f1.1 Message-ID: <20040609110543@aa4ae3c6b4f08b94477b0d6fa4bfc2e9> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-159 2004-06-09 --------------------------------------------------------------------- Product : Fedora Core 1 Name : squirrelmail Version : 1.4.3 Release : 0.f1.1 Summary : SquirrelMail webmail client Description : SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation. --------------------------------------------------------------------- Update Information: An SQL injection flaw was found in SquirrelMail version 1.4.2 and earlier. If SquirrelMail is configured to store user addressbooks in the database, a remote attacker could use this flaw to execute arbitrary SQL statements. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0521 to this issue. A number of cross-site scripting (XSS) flaws in SquirrelMail version 1.4.2 and earlier could allow remote attackers to execute scripts as other web users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0519 and CAN-2004-0520 to these issues. This update includes the SquirrelMail version 1.4.3a which is not vulnerable to these issues. --------------------------------------------------------------------- * Mon Jun 07 2004 Gary Benson 1.4.3-0.f1.1 - upgrade to 1.4.3a. - retain stuff after version when adding release to it. * Wed Jun 02 2004 Gary Benson - upgrade to 1.4.3. * Fri Feb 13 2004 Elliot Lee - rebuilt. * Wed Jan 21 2004 Gary Benson 1.4.2-2 - fix calendar plugin breakage (#113902). * Thu Jan 08 2004 Gary Benson 1.4.2-1 - upgrade to 1.4.2. - tighten up permissions on /etc/squirrelmail/config.php (#112774). --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ be17fbe0ab2c017c9f8aafc407c3fb68 SRPMS/squirrelmail-1.4.3-0.f1.1.src.rpm 4c8288b42458e69e656230afd2a4a38f i386/squirrelmail-1.4.3-0.f1.1.noarch.rpm 4c8288b42458e69e656230afd2a4a38f x86_64/squirrelmail-1.4.3-0.f1.1.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From gbenson at redhat.com Wed Jun 9 11:06:23 2004 From: gbenson at redhat.com (Gary Benson) Date: Wed, 9 Jun 2004 12:06:23 +0100 Subject: [SECURITY] Fedora Core 2 Update: squirrelmail-1.4.3-1 Message-ID: <20040609110623@51b1024d3d46513edb822fb5e6be3914> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-160 2004-06-09 --------------------------------------------------------------------- Product : Fedora Core 2 Name : squirrelmail Version : 1.4.3 Release : 1 Summary : SquirrelMail webmail client Description : SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation. --------------------------------------------------------------------- Update Information: An SQL injection flaw was found in SquirrelMail version 1.4.2 and earlier. If SquirrelMail is configured to store user addressbooks in the database, a remote attacker could use this flaw to execute arbitrary SQL statements. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0521 to this issue. A number of cross-site scripting (XSS) flaws in SquirrelMail version 1.4.2 and earlier could allow remote attackers to execute scripts as other web users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0519 and CAN-2004-0520 to these issues. This update includes the SquirrelMail version 1.4.3a which is not vulnerable to these issues. --------------------------------------------------------------------- * Mon Jun 07 2004 Gary Benson 1.4.3-1 - upgrade to 1.4.3a. - retain stuff after version when adding release to it. * Wed Jun 02 2004 Gary Benson - upgrade to 1.4.3. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 1a985829cd9b532953d8235083aa9ff2 SRPMS/squirrelmail-1.4.3-1.src.rpm b76007bdb6f2a926d46cc6099e66a45d i386/squirrelmail-1.4.3-1.noarch.rpm b76007bdb6f2a926d46cc6099e66a45d x86_64/squirrelmail-1.4.3-1.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From karsten at redhat.com Wed Jun 9 17:11:37 2004 From: karsten at redhat.com (Karsten Hopp) Date: Wed, 9 Jun 2004 19:11:37 +0200 Subject: Fedora Core 1 Update: vim-6.2.532-1 Message-ID: <20040609171137.GF13010@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-147 2004-06-09 --------------------------------------------------------------------- Product : Fedora Core 1 Name : vim Version : 6.2.532 Release : 1 Summary : The VIM editor. Description : VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. --------------------------------------------------------------------- Update Information: This update upgrades vim to the latest patchlevel which fixes a lot of minor issues described in README.patches. It also removes the dependency between vim-minimal and vim-common. Bugzilla entries fixed with this update: #123205,#110033 --------------------------------------------------------------------- * Tue Jun 01 2004 Karsten Hopp 6.2.532-1 - patchlevel 532 - include vimrc in vim-minimal (#123205) - add gvim icons (#110033) * Wed Apr 07 2004 Karsten Hopp 6.2.457-1 - patchlevel 457 * Fri Mar 26 2004 Karsten Hopp 6.2.403-1 - patchlevel 403 * Thu Mar 18 2004 Karsten Hopp 6.2.380-1 - patchlevel 380 * Mon Mar 08 2004 Karsten Hopp 6.2.327-1 - patchlevel 327 * Wed Mar 03 2004 Karsten Hopp 6.2.311-1 - patchlevel 311 * Mon Mar 01 2004 Karsten Hopp 6.2.294-1 - patchlevel 294 * Fri Feb 13 2004 Elliot Lee - rebuilt * Wed Feb 11 2004 Karsten Hopp 6.2.253-1 - patchlevel 253 - disable netbeans * Thu Jan 29 2004 Karsten Hopp 6.2.214-1 - Patchlevel 214 * Mon Jan 26 2004 Dan Walsh 1:6.2.195-5 - Fix call to is_selinux_enabled() * Sat Jan 24 2004 Karsten Hopp 6.2.195-4 - fix perl requirement * Fri Jan 23 2004 Dan Walsh 1:6.2.195-3 - Only attempt to change context if it is different * Thu Jan 22 2004 Karsten Hopp 6.2.195-1 - update to patchlevel 195 - enable ppc64 build * Mon Jan 12 2004 Karsten Hopp 6.2.180-2 - vim-enhanced requires perl >= 5.8.2 (#111592) * Mon Jan 12 2004 Karsten Hopp 6.2.180-1 - Patchlevel 180 - update spec.vim, use g:packager instead of {Packager} macro * Tue Jan 06 2004 Dan Walsh 1:6.2.154-7 - Enable selinux support for vim-minimal * Wed Dec 17 2003 Dan Walsh 1:6.2.154-6 - Enable selinux support * Thu Dec 04 2003 Karsten Hopp 1:6.2.154-5 - rebuild with new perl * Wed Dec 03 2003 Karsten Hopp 1:6.2.154-4 - fix sh.vim syntax file (#104312) * Tue Dec 02 2003 Karsten Hopp 1:6.2.154-3 - perl interface was disabled when perl had thread support. * Thu Nov 27 2003 Karsten Hopp 1:6.2.154-2 - fix date in specfile changelog entries * Thu Nov 13 2003 Karsten Hopp 1:6.2.154-1 - Patchlevel 154 - vim-minimal doesn't really require vim-common to run, removed dependency (#109819) * Mon Nov 10 2003 Karsten Hopp 1:6.2.149-1 - Patchlevel 149 - fix fstab syntax file (Robert G. (Doc) Savage) - lots of updates for syntax files, macros, documentation - disable vimnotvi patch so that vim's behaviour matches documentation - clean up vimrc * Thu Nov 06 2003 Karsten Hopp 1:6.2.145-1 - rebuild with new Python - Patchlevel 145 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ a1cfa8066c6d4cba49a689e766bd5617 SRPMS/vim-6.2.532-1.src.rpm b7f840c961ad6d94be0a6095e146b8dd i386/vim-common-6.2.532-1.i386.rpm c1696f6e6434e4f23417adcfdb250546 i386/vim-minimal-6.2.532-1.i386.rpm 9ffc06d3e55f31b66b54c759f48f82b5 i386/vim-enhanced-6.2.532-1.i386.rpm f387be955d5ce332dd6499a4a0a60030 i386/vim-X11-6.2.532-1.i386.rpm dc0ff79e887a0c7c1808304deac23850 i386/debug/vim-debuginfo-6.2.532-1.i386.rpm 58fc482824ff923fa2321e231d641c7a x86_64/vim-common-6.2.532-1.x86_64.rpm 91e9a3847658046029020d013b5fa1cd x86_64/vim-minimal-6.2.532-1.x86_64.rpm a9611095549c680ccfab734d88350262 x86_64/vim-enhanced-6.2.532-1.x86_64.rpm d37423f9b30ba4a077e225918d719352 x86_64/vim-X11-6.2.532-1.x86_64.rpm d62a957e277b998015ecddb39935c729 x86_64/debug/vim-debuginfo-6.2.532-1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- Karsten Hopp GPG 1024D/70ABD02C Fingerprint D2D4 3B6B 2DE4 464C A432 210A DFF8 A140 70AB D02C Red Hat Deutschland, Hauptstaetter Str.58 70178 Stuttgart, Tel.+49-711-96437-0, Fax +49-711-96437-111 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From fenlason at redhat.com Wed Jun 9 15:16:49 2004 From: fenlason at redhat.com (Jay Fenlason) Date: Wed, 9 Jun 2004 11:16:49 -0400 Subject: [SECURITY] Fedora Core 1 Update: squid-2.5.STABLE3-2.fc1 Message-ID: <20040609151649.GA21265@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-163 2004-06-09 --------------------------------------------------------------------- Product : Fedora Core 1 Name : squid Version : 2.5.STABLE3 Release : 2.fc1 Summary : The Squid proxy caching server. Description : Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. --------------------------------------------------------------------- * Mon Jun 07 2004 Jay Fenlason 7:2.5.STABLE3-2.fc1 - Backport patch for CAN-2004-0541: buffer overflow in ntlm auth helper. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ ac5bbb825c3ab5223b1b26f162f24c19 SRPMS/squid-2.5.STABLE3-2.fc1.src.rpm 28f6216478b102cbddcf6de38ea8f126 i386/squid-2.5.STABLE3-2.fc1.i386.rpm c8fb3a9ddc44e0e8d01a092993877ed7 i386/debug/squid-debuginfo-2.5.STABLE3-2.fc1.i386.rpm e034b4a07c0e00a285f115be6ac63cfa x86_64/squid-2.5.STABLE3-2.fc1.x86_64.rpm 6a4992a5d0244b297ddc9ca44a312541 x86_64/debug/squid-debuginfo-2.5.STABLE3-2.fc1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From fenlason at redhat.com Wed Jun 9 15:23:12 2004 From: fenlason at redhat.com (Jay Fenlason) Date: Wed, 9 Jun 2004 11:23:12 -0400 Subject: [SECURITY] Fedora Core 2 Update: squid-2.5.STABLE5-4.fc2 Message-ID: <20040609152312.GA21219@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-164 2004-06-09 --------------------------------------------------------------------- Product : Fedora Core 2 Name : squid Version : 2.5.STABLE5 Release : 4.fc2 Summary : The Squid proxy caching server. Description : Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. --------------------------------------------------------------------- * Mon Jun 07 2004 Jay Fenlason 7:2.5.STABLE3-4.fc2 - Backport security fix for ntlm auth helper (CAN-2004-0541). * Thu Apr 08 2004 Jay Fenlason 7:2.5.STABLE5-3 - Fix the -pipe patch to have the correct name of the winbind pipe. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ b735863f8f52314d1ff9981c85ea56b2 SRPMS/squid-2.5.STABLE5-4.fc2.src.rpm 4d80ef2db40a68a7ba2ecffdec9d3372 i386/squid-2.5.STABLE5-4.fc2.i386.rpm 779417acbbfe0e022bc1525d9faae339 i386/debug/squid-debuginfo-2.5.STABLE5-4.fc2.i386.rpm c8c1bc2cd95f892ce602e3e38e9e7823 x86_64/squid-2.5.STABLE5-4.fc2.x86_64.rpm fcb5484591641424a956b23c97614963 x86_64/debug/squid-debuginfo-2.5.STABLE5-4.fc2.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From fenlason at redhat.com Thu Jun 10 15:04:15 2004 From: fenlason at redhat.com (Jay Fenlason) Date: Thu, 10 Jun 2004 11:04:15 -0400 Subject: Fedora Core 1 Update: samba-3.0.4-1.FC1 Message-ID: <20040610150415.GA11726@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-123 2004-06-10 --------------------------------------------------------------------- Product : Fedora Core 1 Name : samba Version : 3.0.4 Release : 1.FC1 Summary : The Samba SMB server. Description : Samba is the protocol by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB server that can be used to provide network services to SMB (sometimes called "Lan Manager") clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol. --------------------------------------------------------------------- Update Information: This update has been avaliable in testing for a while without complaints, so I'v sent it to fedora-updates. Note that Samba-3.0.4 still has a few know bugs, most of which should be fixed by the upcoming samba-3.0.5 release. --------------------------------------------------------------------- * Thu May 13 2004 Jay Fenlason 3.0.4-1.FC1 - New upstream version 3.0.4 - Merge many fixes from other branches as described below: - Upgrade to samba-3.0.4, which includes upstream fixes for bugzilla #114436, (probably also #116936) - Move locase.dat, upcase.dat and valid.dat from -client to -common Closes bugzilla #122749 - Added samba-3.0.4-smb.conf patch to make printing work better ootb. Closes bugzilla #122527 - Change all requires lines to include an explicit epoch. This closes bugzilla #102715 - Remove smbgetrc.5 man page, since we don't ship smbget. - updated spec file to make libsmbclient.so executable. This closes bugzilla #121356 - Updated configure line to remove --with-fhs and to explicitly set all the directories that --with-fhs was setting. We were overriding most of them anyway. This closes #118598 - add krb5-devel to buildrequires, fixes #116560 - Add patch from Miloslav Trmac (mitr at volny.cz) to allow non-root to run "service smb status". This fixes #116559 - Change all requires lines to list an explicit epoch. Closes #102715 - Add an explicit Epoch so that 0 is defined. - Changed all requires lines to include an explicit epoch. This closes bugzilla #102715 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 8eb45f84aa62e8e22404354f2e49910a SRPMS/samba-3.0.4-1.FC1.src.rpm 3f50ad449d0be72549728ca928487635 i386/samba-3.0.4-1.FC1.i386.rpm 2591180492b35b7721bf782f5d2adabb i386/samba-client-3.0.4-1.FC1.i386.rpm 5d5862074aa671acd79cfe65d5fecddb i386/samba-common-3.0.4-1.FC1.i386.rpm 85460e3cc8d676fcf42e8b4928a9b665 i386/samba-swat-3.0.4-1.FC1.i386.rpm 50d2cc36e44da6b0b3fc88b554b84e2c i386/debug/samba-debuginfo-3.0.4-1.FC1.i386.rpm 507269e8ca37a519f72aafa58269ddaa x86_64/samba-3.0.4-1.FC1.x86_64.rpm eb285e59cd427a9adaddb08b4e42374b x86_64/samba-client-3.0.4-1.FC1.x86_64.rpm a3e27788a4c84157792edef703651af3 x86_64/samba-common-3.0.4-1.FC1.x86_64.rpm 0e71a36547b37b5dc526abf370da2679 x86_64/samba-swat-3.0.4-1.FC1.x86_64.rpm dc211152fe276a38caeb64869f6ae932 x86_64/debug/samba-debuginfo-3.0.4-1.FC1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From wtogami at redhat.com Thu Jun 10 19:56:39 2004 From: wtogami at redhat.com (Warren Togami) Date: Thu, 10 Jun 2004 09:56:39 -1000 Subject: Fedora Core 1 Update: gaim-0.78-1.FC1 Message-ID: <40C8BCF7.5070703@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-162 2004-06-10 --------------------------------------------------------------------- Product : Fedora Core 1 Name : gaim Version : 0.78 Release : 1.FC1 Summary : A Gtk+ based multiprotocol instant messaging client Description : Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by America Online, Inc., Microsoft Corporation, or Yahoo! Inc. or other messaging service providers. --------------------------------------------------------------------- Update Information: This update upgrades to upstream 0.78 plus several behavioral and crash fix backports from CVS. --------------------------------------------------------------------- * Tue Jun 08 2004 Warren Togami 0.78-1.FC1 - FC1 update * Tue Jun 08 2004 Warren Togami 0.78-7 - CVS backport 125: MSN disconnect on non-fatal error fix 126: Paste html with img crash fix 127: Misplaced free fix * Sat Jun 05 2004 Warren Togami 0.78-4 - CVS backport 123: jabber disconnect fix 124: log find click fix * Sun May 30 2004 Warren Togami 0.78-2 - update to 0.78 (without SILC support for now) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 1c5d85fc72e0948f4c780c818b422335 SRPMS/gaim-0.78-1.FC1.src.rpm 70a80c333bc15dac7639e34af384d82b i386/gaim-0.78-1.FC1.i386.rpm 6fffd9464411a31cef942383848b51cd i386/debug/gaim-debuginfo-0.78-1.FC1.i386.rpm d1a084d723540c4262083e26b4aca502 x86_64/gaim-0.78-1.FC1.x86_64.rpm 6dd2daaf1fb4cbe0b146c1c67c330437 x86_64/debug/gaim-debuginfo-0.78-1.FC1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From wtogami at redhat.com Thu Jun 10 19:57:15 2004 From: wtogami at redhat.com (Warren Togami) Date: Thu, 10 Jun 2004 09:57:15 -1000 Subject: Fedora Core 2 Update: gaim-0.78-1.FC2 Message-ID: <40C8BD1B.4050205@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-162 2004-06-10 --------------------------------------------------------------------- Product : Fedora Core 2 Name : gaim Version : 0.78 Release : 1.FC2 Summary : A Gtk+ based multiprotocol instant messaging client Description : Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by America Online, Inc., Microsoft Corporation, or Yahoo! Inc. or other messaging service providers. --------------------------------------------------------------------- Update Information: This update upgrades to upstream 0.78 plus several behavioral and crash fix backports from CVS. --------------------------------------------------------------------- * Tue Jun 08 2004 Warren Togami 0.78-1.FC2 - FC2 update * Tue Jun 08 2004 Warren Togami 0.78-7 - CVS backport 125: MSN disconnect on non-fatal error fix 126: Paste html with img crash fix 127: Misplaced free fix * Sat Jun 05 2004 Warren Togami 0.78-4 - CVS backport 123: jabber disconnect fix 124: log find click fix * Sun May 30 2004 Warren Togami 0.78-2 - update to 0.78 (without SILC support for now) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 7d28e3d8c79f3a72d75dc72b6d0cc854 SRPMS/gaim-0.78-1.FC2.src.rpm 4d0de7b2717d4637113e4d3b7f6eb38e i386/gaim-0.78-1.FC2.i386.rpm 5c011f566409d1a0a71a0528d669420e i386/debug/gaim-debuginfo-0.78-1.FC2.i386.rpm 5205f9870f97e5ec7f95d9d9d47fc651 x86_64/gaim-0.78-1.FC2.x86_64.rpm 28ca33361f86c7416798fa0a2fbf2411 x86_64/debug/gaim-debuginfo-0.78-1.FC2.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From arjanv at redhat.com Fri Jun 11 15:07:06 2004 From: arjanv at redhat.com (Arjan van de Ven) Date: Fri, 11 Jun 2004 17:07:06 +0200 Subject: [SECURITY] Fedora Core 2 Update: kernel-2.6.6-1.427 Message-ID: <20040611150705.GB15172@devserv.devel.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-137 2004-06-11 --------------------------------------------------------------------- Product : Fedora Core 2 Name : kernel Version : 2.6.6 Release : 1.427 Summary : The Linux kernel (the core of the Linux operating system) Description : The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. --------------------------------------------------------------------- Update Information: An updated kernel is available that brings the kernel to the 2.6.7-rc3 base level. This new kernel provides a significant number of bug fixes and improvements for USB, the keyboard/mouse subsystem and the VM. This kernel also fixes the high profile bugs about not working on VIA C3 processors (#120685) and Asus P4P800 motherboards (#121819). In this new kernel firewire no longer oopses during boot and has been re-enabled, however we consider firewire support still somewhat experimental and recommend extensive testing before using firewire in a production environment. This kernel also contains the enhancements series from Al Viro that enables the Sparse source code checking tool to check for a certain class kernel bugs. This class of bugs can lead to privilege escalation vulnerabilities, and fixes for all such bugs that were found with Sparse and these patches are included in this erratum. NX feature ---------- In addition to these bugfixes, the x86 kernel-smp subpackage now also contains support for the 'NX' feature that is present in current AMD Athlon64/Opteron processors and for which support has been announced by Intel, VIA and Transmeta for future processors. A significant percentage of security exploits are made possible by abusing buffer overflow programming defects in application. With an executable stack or heap, an attacker could use the buffer overflow to put hostile program code on the stack/heap and consequently trick the program into executing this code. The 'NX' feature adds a "don't execute" bit which lets the kernel disallow executing code from marked areas such as the stack and the heap. http://www.uwsg.indiana.edu/hypermail/linux/kernel/0406.0/0497.html describes the patch that provides this feature in more detail. Fedora Core 1 and Fedora Core 2 already contain the Execshield functionality in both the regular and smp kernels. By using the segmentation feature of x86 processors, Execshield can effectively make the stack and certain other regions of memory non-executable on all existing x86 processors. On processors with the 'NX' feature, the kernel can make a finer grained protection decision about which regions of the application memory need to have execution disabled. While Execshield provides the basic no-execute protection for the stack and (for most applications) the heap, the 'NX' feature allows for a more enhanced safety net against buffer overflow attacks in complex applications such as the X server. The 'NX' feature is also used to protect against buffer overflow attacks to the kernel itself. Having a non-executable stack/heap can help prevent the most common security exploits. Other Execshield features such as PIE (Position Independent Executable) randomization supplement and increase this protection (either provided via the segment limits or via the 'NX' feature) with the overall goal of making it much harder to exploit security flaws. --------------------------------------------------------------------- * Fri Jun 11 2004 Arjan van de Ven - disable mlock-uses-rlimit patch, it has a security hole and needs more thought - revert airo driver to the FC2 one since the new one breaks * Wed Jun 09 2004 Dave Jones - Update to 2.6.7rc3 * Sat Jun 05 2004 Arjan van de Ven - fix the mlock-uses-rlimit patch * Thu Jun 03 2004 David Woodhouse - Add ppc64 (Mac G5) * Thu Jun 03 2004 Arjan van de Ven - add a forward port of the mlock-uses-rlimit patch - add NX support for x86 (Intel, Ingo) * Wed Jun 02 2004 Arjan van de Ven - refresh ext3 reservation patch * Mon May 31 2004 Arjan van de Ven - 2.6.7-rc2 * Fri May 28 2004 Pete Zaitcev - Fix qeth and zfcp (s390 drivers): align qib by 256, embedded into qdio_irq. * Fri May 28 2004 Dave Jones - Fix the crashes on boot on Asus P4P800 boards. (#121819) * Thu May 27 2004 Dave Jones - Lots more updates to the SCSI whitelist for various USB card readers. (#112778, among others..) * Thu May 27 2004 Arjan van de Ven - back out ehci suspend/resume patch, it breaks - add fix for 3c59x-meets-kudzu bug from Alan * Wed May 26 2004 Arjan van de Ven - try improving suspend/resume by restoring more PCI state - 2.6.7-rc1-bk1 * Tue May 25 2004 Dave Jones - Add yet another multi-card reader to the whitelist (#85851) * Mon May 24 2004 Dave Jones - Add another multi-card reader to the whitelist (#124048) * Thu May 20 2004 Arjan van de Ven - put firewire race fix in (datacorruptor) * Wed May 19 2004 Dave Jones - Fix typo in ibmtr driver preventing compile (#123391) * Tue May 18 2004 Arjan van de Ven - update to 2.6.6-bk3 - made kernel-source and kernel-doc noarch.rpm's since they are not architecture specific. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 337c999f7dc1dccf8bda806ab94aaad0 SRPMS/kernel-2.6.6-1.427.src.rpm 409e0582df22abbbae031a1593093285 i386/kernel-2.6.6-1.427.i586.rpm 8a009651ce46a265f7705d31f02fcb6e i386/kernel-smp-2.6.6-1.427.i586.rpm f8a2f4edc790cca69829ee71898d0095 i386/debug/kernel-debuginfo-2.6.6-1.427.i586.rpm db2fad6f1bc995fca31f1558aafe8d8a i386/kernel-2.6.6-1.427.i686.rpm d34f944530365d54e95c1a762a103d7a i386/kernel-smp-2.6.6-1.427.i686.rpm de203c8bdebd186192a0fb12a12eaf5a i386/debug/kernel-debuginfo-2.6.6-1.427.i686.rpm d3d3605bc24d574cd0813edc0be8d65c i386/kernel-sourcecode-2.6.6-1.427.noarch.rpm 826a07dcc5c5c8f60bc169f67780c2dc i386/kernel-doc-2.6.6-1.427.noarch.rpm 05fa87f6bb8d2e2d2c0b8f13de180feb x86_64/kernel-2.6.6-1.427.x86_64.rpm eab86618eb29a90b4d1ca3810485b117 x86_64/kernel-smp-2.6.6-1.427.x86_64.rpm aca6a3b39034e44116bc752ad5e15349 x86_64/debug/kernel-debuginfo-2.6.6-1.427.x86_64.rpm d3d3605bc24d574cd0813edc0be8d65c x86_64/kernel-sourcecode-2.6.6-1.427.noarch.rpm 826a07dcc5c5c8f60bc169f67780c2dc x86_64/kernel-doc-2.6.6-1.427.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From nalin at redhat.com Fri Jun 11 16:12:43 2004 From: nalin at redhat.com (Nalin Dahyabhai) Date: Fri, 11 Jun 2004 12:12:43 -0400 Subject: [SECURITY] Fedora Core 1 Update: cvs-1.11.17-1 Message-ID: <20040611161243.GA15522@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-169 2004-06-11 --------------------------------------------------------------------- Product : Fedora Core 1 Name : cvs Version : 1.11.17 Release : 1 Summary : A version control system. Description : CVS (Concurrent Version System) is a version control system that can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. --------------------------------------------------------------------- Update Information: While investigating a previously fixed vulnerability, Derek Price discovered a flaw relating to malformed "Entry" lines which lead to a missing NULL terminator. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0414 to this issue. Stefan Esser and Sebastian Krahmer conducted an audit of CVS and fixed a number of issues that may have had security consequences. Among the issues deemed likely to be exploitable were: -- a double-free relating to the error_prog_name string (CAN-2004-0416) -- an argument integer overflow (CAN-2004-0417) -- out-of-bounds writes in serv_notify (CAN-2004-0418). An attacker who has access to a CVS server may be able to execute arbitrary code under the UID on which the CVS server is executing. Users of CVS are advised to upgrade to this updated package, which updates the cvs package to version 1.11.17, which corrects these issues. Red Hat would like to thank Stefan Esser, Sebastian Krahmer, and Derek Price for auditing, disclosing, and providing patches for these issues. --------------------------------------------------------------------- * Thu Jun 10 2004 Nalin Dahyabhai 1.11.17-1 - update to 1.11.17, which includes those last few fixes * Fri May 28 2004 Nalin Dahyabhai - add security fix for CAN-2004-0416,CAN-2004-0417,CAN-2004-0418 (Stefan Esser) * Fri May 28 2004 Robert Scheck 1.11.16-0 - update to 1.11.16 (#124239) * Tue May 18 2004 Nalin Dahyabhai 1.11.15-6 - rebuild --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ a252936b8c7db7a08ae92e13eecd1da9 SRPMS/cvs-1.11.17-1.src.rpm 23011ce86e8f48e9256480af05321d72 i386/cvs-1.11.17-1.i386.rpm 1cab1d7f6cc00797f48f498ab40b7d30 i386/debug/cvs-debuginfo-1.11.17-1.i386.rpm 91b5a2a92037657186af93fc1fac757b x86_64/cvs-1.11.17-1.x86_64.rpm 0d9021812bef21106ea64e506c963c5d x86_64/debug/cvs-debuginfo-1.11.17-1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From nalin at redhat.com Fri Jun 11 16:13:58 2004 From: nalin at redhat.com (Nalin Dahyabhai) Date: Fri, 11 Jun 2004 12:13:58 -0400 Subject: [SECURITY] Fedora Core 2 Update: cvs-1.11.17-2 Message-ID: <20040611161358.GB15522@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-170 2004-06-11 --------------------------------------------------------------------- Product : Fedora Core 2 Name : cvs Version : 1.11.17 Release : 2 Summary : A version control system. Description : CVS (Concurrent Version System) is a version control system that can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. --------------------------------------------------------------------- Update Information: While investigating a previously fixed vulnerability, Derek Price discovered a flaw relating to malformed "Entry" lines which lead to a missing NULL terminator. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0414 to this issue. Stefan Esser and Sebastian Krahmer conducted an audit of CVS and fixed a number of issues that may have had security consequences. Among the issues deemed likely to be exploitable were: -- a double-free relating to the error_prog_name string (CAN-2004-0416) -- an argument integer overflow (CAN-2004-0417) -- out-of-bounds writes in serv_notify (CAN-2004-0418). An attacker who has access to a CVS server may be able to execute arbitrary code under the UID on which the CVS server is executing. Users of CVS are advised to upgrade to this updated package, which updates the cvs package to version 1.11.17, which corrects these issues. Red Hat would like to thank Stefan Esser, Sebastian Krahmer, and Derek Price for auditing, disclosing, and providing patches for these issues. --------------------------------------------------------------------- * Thu Jun 10 2004 Nalin Dahyabhai 1.11.17-2 - rebuild * Thu Jun 10 2004 Nalin Dahyabhai 1.11.17-1 - update to 1.11.17, which includes those last few fixes * Fri May 28 2004 Nalin Dahyabhai - add security fix for CAN-2004-0416,CAN-2004-0417,CAN-2004-0418 (Stefan Esser) * Fri May 28 2004 Robert Scheck 1.11.16-0 - update to 1.11.16 (#124239) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 8394af3d65f813a6d2ba0d85afda162d SRPMS/cvs-1.11.17-2.src.rpm f0ab2b25a26825b2cad32c721ec03524 i386/cvs-1.11.17-2.i386.rpm d2c6ae3a92fdf11095155ef9351d2037 i386/debug/cvs-debuginfo-1.11.17-2.i386.rpm 891f66a787aac7fe55b003b1e40c8590 x86_64/cvs-1.11.17-2.x86_64.rpm f5a363ba2f97142e03169a5e1d3cb588 x86_64/debug/cvs-debuginfo-1.11.17-2.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From byte at aeon.com.my Fri Jun 11 16:48:15 2004 From: byte at aeon.com.my (Colin Charles) Date: Sat, 12 Jun 2004 02:48:15 +1000 Subject: Fedora News Updates #13 Message-ID: <1086972495.7298.141.camel@albus.aeon.com.my> Another issue of the Fedora News Updates has been released and is available at: http://fedoranews.org/colin/fnu/issue13.shtml The current issue is always linked to http://fedoranews.org/colin/fnu/current.shtml Dual boot FC1 & FC2, FedoraTracker improvements, work on Fedora Legacy, testing of an FC2 LiveCD, the RULE project for minimal installs is spiffy again... And the usual Fedora Core 2 issue round-up, and how to further performance tune Fedora. Touching on some Fedora documentation available, with an outlook of Fedora Core 3, this issue is brimming with links. -- Colin Charles, byte at aeon.com.my http://www.bytebot.net/ From jorton at redhat.com Fri Jun 11 19:20:32 2004 From: jorton at redhat.com (Joe Orton) Date: Fri, 11 Jun 2004 20:20:32 +0100 Subject: [SECURITY] Fedora Core 2 Update: subversion-1.0.4-2 Message-ID: <20040611192032.GA27905@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-166 2004-06-11 --------------------------------------------------------------------- Product : Fedora Core 2 Name : subversion Version : 1.0.4 Release : 2 Summary : Modern Version Control System designed to replace CVS Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. --------------------------------------------------------------------- Update Information: A heap overflow vulnerability was discovered in the svn:// protocol handling library, libsvn_ra_svn. If using the svnserve daemon, an unauthenticated client may be able execute arbitrary code as the user the daemon runs as. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0413. This issue does not affect the mod_dav_svn module. --------------------------------------------------------------------- * Mon Jun 07 2004 Joe Orton 1.0.4-2 - add ra_svn security fix for CVE CAN-2004-0413 (Ben Reser) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 453a16f649e7b5ff502d6379253bbb05 SRPMS/subversion-1.0.4-2.src.rpm 746cc7b03fe3e4b02f7374b8a03850ad i386/subversion-1.0.4-2.i386.rpm 1dd7fd91e468d7af15e1d253c7ef1f08 i386/subversion-devel-1.0.4-2.i386.rpm 05adf7825b9d708c9eba80f359fa33d7 i386/mod_dav_svn-1.0.4-2.i386.rpm 09a54699d17c43dc7f0e585acea64455 i386/subversion-perl-1.0.4-2.i386.rpm 7c5040ab4f0cf6c5305d8edb686c0b5c i386/debug/subversion-debuginfo-1.0.4-2.i386.rpm 640cafcc4e668e1ddf643d10d743e411 x86_64/subversion-1.0.4-2.x86_64.rpm 8140bffe9f94215a83ae2154e4f57c87 x86_64/subversion-devel-1.0.4-2.x86_64.rpm 939e83497404a0a0d4076b33329da3b5 x86_64/mod_dav_svn-1.0.4-2.x86_64.rpm 02c26dbdd27506b6bb7193abe3be7197 x86_64/subversion-perl-1.0.4-2.x86_64.rpm 7ed77899f4912048dececb765d091541 x86_64/debug/subversion-debuginfo-1.0.4-2.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From jorton at redhat.com Fri Jun 11 19:22:47 2004 From: jorton at redhat.com (Joe Orton) Date: Fri, 11 Jun 2004 20:22:47 +0100 Subject: [SECURITY] Fedora Core 1 Update: subversion-0.32.1-5 Message-ID: <20040611192247.GB27905@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-165 2004-06-11 --------------------------------------------------------------------- Product : Fedora Core 1 Name : subversion Version : 0.32.1 Release : 5 Summary : A Concurrent Versioning system similar to, but better than, CVS. Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. --------------------------------------------------------------------- Update Information: A heap overflow vulnerability was discovered in the svn:// protocol handling library, libsvn_ra_svn. If using the svnserve daemon, an unauthenticated client may be able execute arbitrary code as the user the daemon runs as. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0413. This issue does not affect the mod_dav_svn module. --------------------------------------------------------------------- * Wed Jun 09 2004 Joe Orton 0.32.1-5 - add security fix for CVE CAN-2004-0413 (Ben Reser) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 85bb51a2273fe862a534db45c0f98cef SRPMS/subversion-0.32.1-5.src.rpm 3e65c8863d12a8290465c34c9cff8c86 i386/subversion-0.32.1-5.i386.rpm 73415d6b6966fac671d44542e356a209 i386/subversion-devel-0.32.1-5.i386.rpm e54233f3d5c996bc031cfd92c7c333ca i386/mod_dav_svn-0.32.1-5.i386.rpm 5141615f39974fde3a0564c5d37c2fdf i386/debug/subversion-debuginfo-0.32.1-5.i386.rpm dfdb41c89a5d39215a461a7407acf57d x86_64/subversion-0.32.1-5.x86_64.rpm 01d85453b31a93d7c9631af526cbc2b1 x86_64/subversion-devel-0.32.1-5.x86_64.rpm f85473c36affcce1c4e84bde330e1f36 x86_64/mod_dav_svn-0.32.1-5.x86_64.rpm a436f60e985c086cda8c76cb59329e57 x86_64/debug/subversion-debuginfo-0.32.1-5.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From arjanv at redhat.com Mon Jun 14 17:20:29 2004 From: arjanv at redhat.com (Arjan van de Ven) Date: Mon, 14 Jun 2004 19:20:29 +0200 Subject: Fedora Core 2 Update: kernel-2.6.6-1.435 Message-ID: <20040614172029.GA6787@devserv.devel.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-171 2004-06-14 --------------------------------------------------------------------- Product : Fedora Core 2 Name : kernel Version : 2.6.6 Release : 1.435 Summary : The Linux kernel (the core of the Linux operating system) Description : The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. --------------------------------------------------------------------- Update Information: This update includes a fix for the local DoS as described in http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 7911beaaaebd0f0b175e6f217e9acf84 SRPMS/kernel-2.6.6-1.435.src.rpm 876c5a354f3e7cb44fd79cf374758d3a i386/kernel-2.6.6-1.435.i586.rpm 881fb37eacfa931235724307f0ab5b5b i386/kernel-smp-2.6.6-1.435.i586.rpm 80cd19520dda218a08f7a37e128b1745 i386/debug/kernel-debuginfo-2.6.6-1.435.i586.rpm 385a65874dcef2dcc6b6488e703c175b i386/kernel-2.6.6-1.435.i686.rpm c9307a6741f2b6580c822cfac61606bd i386/kernel-smp-2.6.6-1.435.i686.rpm 9c72ec4596765783f56da1a5254d6d43 i386/debug/kernel-debuginfo-2.6.6-1.435.i686.rpm cdcabfe1dcd782e0bcd4d61a01adabeb i386/kernel-sourcecode-2.6.6-1.435.noarch.rpm a3fdbf9364d171a71517cfdb4fcf2725 i386/kernel-doc-2.6.6-1.435.noarch.rpm e66994ba35098dc2f667df234331faae x86_64/kernel-2.6.6-1.435.x86_64.rpm f1051db2f7efa8e2b4b4ef753f6bc966 x86_64/kernel-smp-2.6.6-1.435.x86_64.rpm ef0e3bed79ef92da3c0ce793a576b5db x86_64/debug/kernel-debuginfo-2.6.6-1.435.x86_64.rpm cdcabfe1dcd782e0bcd4d61a01adabeb x86_64/kernel-sourcecode-2.6.6-1.435.noarch.rpm a3fdbf9364d171a71517cfdb4fcf2725 x86_64/kernel-doc-2.6.6-1.435.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From pknirsch at redhat.com Wed Jun 16 16:04:06 2004 From: pknirsch at redhat.com (Phil Knirsch) Date: Wed, 16 Jun 2004 18:04:06 +0200 Subject: [SECURITY] Fedora Core 2 Update: ethereal-0.10.3-2.2 Message-ID: <40D06F76.8070908@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-172 2004-06-16 --------------------------------------------------------------------- Product : Fedora Core 2 Name : ethereal Version : 0.10.3 Release : 2.2 Summary : Network traffic analyzer Description : Ethereal is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for ethereal. A graphical user interface is packaged separately to GTK+ package. --------------------------------------------------------------------- Update Information: These new packages fix a bug in the last errata where the actual security patch didn't get applied. All users of ethereal are strongly recommended to update to these latest packages. --------------------------------------------------------------------- * Fri Jun 04 2004 Phil Knirsch 0.10.3-2.2 - Urgs. Actually apply the patch that fixes the security bugs. :-) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 916e964ba95525138104dda332998b85 SRPMS/ethereal-0.10.3-2.2.src.rpm a2ccd15a07237e776660dd1594cbffd0 i386/ethereal-0.10.3-2.2.i386.rpm 141e68f22e6ed396270cf54987bc9ec2 i386/ethereal-gnome-0.10.3-2.2.i386.rpm 3d22359150a5050d7bea51ea7e8c6e0c i386/debug/ethereal-debuginfo-0.10.3-2.2.i386.rpm a50e02ee91f449713a5d087dbb7be89d x86_64/ethereal-0.10.3-2.2.x86_64.rpm f031c15b11b6a2c1a6ad7382e4cffb27 x86_64/ethereal-gnome-0.10.3-2.2.x86_64.rpm 851c87a8bc2ad958dddf505304b27e65 x86_64/debug/ethereal-debuginfo-0.10.3-2.2.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- Philipp Knirsch | Tel.: +49-711-96437-470 Development | Fax.: +49-711-96437-111 Red Hat GmbH | Email: Phil Knirsch Hauptstaetterstr. 58 | Web: http://www.redhat.de/ D-70178 Stuttgart Motd: You're only jealous cos the little penguins are talking to me. From tagoh at redhat.com Fri Jun 18 02:37:54 2004 From: tagoh at redhat.com (Akira TAGOH) Date: Fri, 18 Jun 2004 11:37:54 +0900 (JST) Subject: Fedora Core 2 Update: jcode.pl-2.13-9.2 Message-ID: <20040618.113754.221450982.tagoh@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-184 2004-06-18 --------------------------------------------------------------------- Product : Fedora Core 2 Name : jcode.pl Version : 2.13 Release : 9.2 Summary : A Perl library for Japanese character code conversion. Description : A Perl library for Japanese character code conversion. --------------------------------------------------------------------- Update Information: The updated jcode.pl package has been released to fix the wrong install path so that it was not usable except on x86-64 architecture. --------------------------------------------------------------------- * Fri Jun 18 2004 Akira TAGOH 2.13-9.2 - FC2 updates to fix (#124756, #125395) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ dfdf933c2957a85ecb61e84d15d3dc94 SRPMS/jcode.pl-2.13-9.2.src.rpm 18d56ed92311c373a3fef233b9037421 x86_64/jcode.pl-2.13-9.2.noarch.rpm 18d56ed92311c373a3fef233b9037421 i386/jcode.pl-2.13-9.2.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From harald at redhat.de Fri Jun 18 08:21:11 2004 From: harald at redhat.de (Harald Hoyer) Date: Fri, 18 Jun 2004 10:21:11 +0200 Subject: Fedora Core 2 Update: cdrtools-2.01-0.a27.4 Message-ID: <40D2A5F7.5090504@redhat.de> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-158 2004-06-18 --------------------------------------------------------------------- Product : Fedora Core 2 Name : cdrtools Version : 2.01 Release : 0.a27.4 Summary : A collection of CD/DVD utilities. Description : cdrtools is a collection of CD/DVD utilities. --------------------------------------------------------------------- Update Information: This release of cdrtools obsoletes the dvdrtools packages. It includes a stub for dvdrecord and its man page, which mentions that it is obsoleted. --------------------------------------------------------------------- * Thu May 06 2004 Harald Hoyer - 8:2.01-0.a27.4 - provide dvdrecord with a stub to cdrecord --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 1283256f09a0eb7db58edb7dad606ce1 SRPMS/cdrtools-2.01-0.a27.4.src.rpm 25f32e972c2282ed57dfcdf7538396b3 i386/cdrecord-2.01-0.a27.4.i386.rpm 7343415aa0ea972917f7f10891fba123 i386/cdrecord-devel-2.01-0.a27.4.i386.rpm 58d56333ccfa367e576055d059344338 i386/mkisofs-2.01-0.a27.4.i386.rpm 68caf4a566e6cdd9d75d857f428c5162 i386/cdda2wav-2.01-0.a27.4.i386.rpm 0178b2eedc10ebe72f84229d57fde16d i386/debug/cdrtools-debuginfo-2.01-0.a27.4.i386.rpm 7c33b062efffdc06ad1e502c4a81f16d x86_64/cdrecord-2.01-0.a27.4.x86_64.rpm dec567d5c92452b9ef27f0513252c09f x86_64/cdrecord-devel-2.01-0.a27.4.x86_64.rpm 8e230d53a002c7e55251ef64f9c74f94 x86_64/mkisofs-2.01-0.a27.4.x86_64.rpm bb6af99ff9ef4e6d9c75a7fdf0838bdf x86_64/cdda2wav-2.01-0.a27.4.x86_64.rpm 661a3c01f9c54dce517c6151370cf08f x86_64/debug/cdrtools-debuginfo-2.01-0.a27.4.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From twoerner at redhat.com Fri Jun 18 16:42:15 2004 From: twoerner at redhat.com (Thomas Woerner) Date: Fri, 18 Jun 2004 18:42:15 +0200 Subject: Fedora Update Notification FEDORA-2004-185 Message-ID: <40D31B67.9020306@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-185 2004-06-18 --------------------------------------------------------------------- Name : openmotif Version : 2.2.3 Release : 4.1 Summary : Open Motif runtime libraries and executables. Description : This is the Open Motif 2.2.3 runtime environment. It includes the Motif shared libraries, needed to run applications which are dynamically linked against Motif, and the Motif Window Manager "mwm". --------------------------------------------------------------------- FC2 updates contains an update to xinitrc that requires shell-scripts in /etc/X11/xinit/xinitrc.d/ to end in a "*.sh" to get sourced but the xinitrc master script, which is a good thing since it prevents backup files etc from being sourced erroneously. This version fixes the this. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 180734dc8bb7347a0fa2a9dd12560317 SRPMS/openmotif-2.2.3-4.1.src.rpm a875e6e27aa0bd412bd9ce8d399f45ec i386/openmotif-2.2.3-4.1.i386.rpm f5d1f5846625b2f77589f2fe6d663293 i386/openmotif-devel-2.2.3-4.1.i386.rpm d11e30e046d62f326613aff901ca2c3b i386/debug/openmotif-debuginfo-2.2.3-4.1.i386.rpm b4e2af451f7e7ab783fca041946b5e68 x86_64/openmotif-2.2.3-4.1.x86_64.rpm f7bf09e1607f0e92006a6441e355a207 x86_64/openmotif-devel-2.2.3-4.1.x86_64.rpm 81fb1c85587fc09a1e462d0d99aea540 x86_64/debug/openmotif-debuginfo-2.2.3-4.1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mclasen at redhat.com Fri Jun 18 17:27:36 2004 From: mclasen at redhat.com (Matthias Clasen) Date: Fri, 18 Jun 2004 13:27:36 -0400 Subject: [SECURITY] Fedora Core 1 Update: libpng-1.2.5-4 Message-ID: <1087579656.8232.34.camel@golem.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-173 2004-06-18 --------------------------------------------------------------------- Product : Fedora Core 1 Name : libpng Version : 1.2.5 Release : 4 Summary : A library of functions for manipulating PNG image format files. Description : The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. --------------------------------------------------------------------- Update Information: During an audit of Red Hat Linux updates, the Fedora Legacy team found a security issue in libpng that had not been fixed in Fedora Core. An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash or potentially execute arbitrary code when opened by a victim. --------------------------------------------------------------------- --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 0824eaf1a7bda8624abffdf23c8e1cfd SRPMS/libpng-1.2.5-4.src.rpm 0d15484d8d0fe10aba3352d83d1a9856 x86_64/libpng-1.2.5-4.x86_64.rpm 682e673705a6c0752acf66dafc2fb235 x86_64/libpng-devel-1.2.5-4.x86_64.rpm 4c070a56703b15296c6d25c4a0bd45c7 x86_64/debug/libpng-debuginfo-1.2.5-4.x86_64.rpm be7033c0527158fe7ce64f3e6f0bcc30 x86_64/libpng-1.2.5-4.i386.rpm 0da44b75a2e7dc229135b7cecaea0f8b x86_64/libpng-devel-1.2.5-4.i386.rpm 72987036728beaf4393af2710e81816a x86_64/debug/libpng-debuginfo-1.2.5-4.i386.rpmbe7033c0527158fe7ce64f3e6f0bcc30 i386/libpng-1.2.5-4.i386.rpm 0da44b75a2e7dc229135b7cecaea0f8b i386/libpng-devel-1.2.5-4.i386.rpm 72987036728beaf4393af2710e81816a i386/debug/libpng-debuginfo-1.2.5-4.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mclasen at redhat.com Fri Jun 18 17:27:52 2004 From: mclasen at redhat.com (Matthias Clasen) Date: Fri, 18 Jun 2004 13:27:52 -0400 Subject: [SECURITY] Fedora Core 1 Update: libpng10-1.0.15-4 Message-ID: <1087579672.8232.36.camel@golem.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-174 2004-06-18 --------------------------------------------------------------------- Product : Fedora Core 1 Name : libpng10 Version : 1.0.15 Release : 4 Summary : Old version of libpng, needed to run old binaries. Description : The libpng10 package contains an old version of libpng, a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamically with libpng 1.0.x. --------------------------------------------------------------------- Update Information: During an audit of Red Hat Linux updates, the Fedora Legacy team found a security issue in libpng that had not been fixed in Fedora Core. An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash or potentially execute arbitrary code when opened by a victim. --------------------------------------------------------------------- --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 27291030c4b45837604fa29ea1ba63af SRPMS/libpng10-1.0.15-4.src.rpm 373999494fd66d5110f30cc13f23afdf x86_64/libpng10-1.0.15-4.x86_64.rpm c3179356daded13a6f03f5384e201772 x86_64/libpng10-devel-1.0.15-4.x86_64.rpm 0583f6e917579a841183ade07772ee71 x86_64/debug/libpng10-debuginfo-1.0.15-4.x86_64.rpm c340858b643a92beb4ab16bcfff55e6c i386/libpng10-1.0.15-4.i386.rpm 4642cf8bafa073269763964a85ef5139 i386/libpng10-devel-1.0.15-4.i386.rpm 67b64172374624083b436c49d0ae7a8a i386/debug/libpng10-debuginfo-1.0.15-4.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mclasen at redhat.com Fri Jun 18 17:28:03 2004 From: mclasen at redhat.com (Matthias Clasen) Date: Fri, 18 Jun 2004 13:28:03 -0400 Subject: [SECURITY] Fedora Core 2 Update: libpng-1.2.5-5 Message-ID: <1087579683.8232.40.camel@golem.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-175 2004-06-18 --------------------------------------------------------------------- Product : Fedora Core 2 Name : libpng Version : 1.2.5 Release : 5 Summary : A library of functions for manipulating PNG image format files. Description : The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. --------------------------------------------------------------------- Update Information: During an audit of Red Hat Linux updates, the Fedora Legacy team found a security issue in libpng that had not been fixed in Fedora Core. An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash or potentially execute arbitrary code when opened by a victim. --------------------------------------------------------------------- --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 7110a37d68c8c40e714a1ac98968bf8c SRPMS/libpng-1.2.5-5.src.rpm 459fcd366522dc38efb4a652d8def823 x86_64/libpng-1.2.5-5.x86_64.rpm 4d7c8e03855acd7b9becbe4346018696 x86_64/libpng-devel-1.2.5-5.x86_64.rpm 57c26ab46c584b6f0f988158d898c054 x86_64/debug/libpng-debuginfo-1.2.5-5.x86_64.rpm 9d383cea2fa4aef94fa80531214707bd x86_64/libpng-1.2.5-5.i386.rpm f880999528679481d1c6ff76559a3049 x86_64/libpng-devel-1.2.5-5.i386.rpm 213aeb2882f3ebba9859367b46e64849 x86_64/debug/libpng-debuginfo-1.2.5-5.i386.rpm9d383cea2fa4aef94fa80531214707bd i386/libpng-1.2.5-5.i386.rpm f880999528679481d1c6ff76559a3049 i386/libpng-devel-1.2.5-5.i386.rpm 213aeb2882f3ebba9859367b46e64849 i386/debug/libpng-debuginfo-1.2.5-5.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mclasen at redhat.com Fri Jun 18 17:28:08 2004 From: mclasen at redhat.com (Matthias Clasen) Date: Fri, 18 Jun 2004 13:28:08 -0400 Subject: [SECURITY] Fedora Core 2 Update: libpng10-1.0.15-5 Message-ID: <1087579688.8232.42.camel@golem.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-176 2004-06-18 --------------------------------------------------------------------- Product : Fedora Core 2 Name : libpng10 Version : 1.0.15 Release : 5 Summary : Old version of libpng, needed to run old binaries. Description : The libpng10 package contains an old version of libpng, a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamically with libpng 1.0.x. --------------------------------------------------------------------- Update Information: During an audit of Red Hat Linux updates, the Fedora Legacy team found a security issue in libpng that had not been fixed in Fedora Core. An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash or potentially execute arbitrary code when opened by a victim. --------------------------------------------------------------------- --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ e061938ff40d4b6d79d6a2867fade179 SRPMS/libpng10-1.0.15-5.src.rpm 10a4be8fa833afdd2c6c93452b9a81d8 x86_64/libpng10-1.0.15-5.x86_64.rpm cf1d624c20f1ec1b56247c2b996c7d0e x86_64/libpng10-devel-1.0.15-5.x86_64.rpm 249c40e90cad1abf55fdf689d4f96cba x86_64/debug/libpng10-debuginfo-1.0.15-5.x86_64.rpm 070b4e3eab29bbf9915f9220e5430db5 i386/libpng10-1.0.15-5.i386.rpm 0d058440eb04087b8db8c9652d9a6fe5 i386/libpng10-devel-1.0.15-5.i386.rpm 2007c462b58b07032c2040080690b508 i386/debug/libpng10-debuginfo-1.0.15-5.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From tagoh at redhat.com Wed Jun 23 09:54:22 2004 From: tagoh at redhat.com (Akira TAGOH) Date: Wed, 23 Jun 2004 18:54:22 +0900 (JST) Subject: Fedora Core 2 Update: kcc-2.3-20.1 Message-ID: <20040623.185422.341113790.tagoh@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-189 2004-06-23 --------------------------------------------------------------------- Product : Fedora Core 2 Name : kcc Version : 2.3 Release : 20.1 Summary : Kanji Code Converter Description : kcc is a kanji code converter with an auto detection. --------------------------------------------------------------------- Update Information: The kcc, which is a kanji code converter, crashes when the invalid options is specified. this updated package fixes this problem. --------------------------------------------------------------------- * Wed Jun 23 2004 Akira TAGOH 2.3-20.1 - kcc-2.3-fix-segv.patch: applied to fix segfaults with invalid options. (#126338) - add kcc.1 from Debian package. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 48227dbb44ceb99d08a099f75935b3f0 SRPMS/kcc-2.3-20.1.src.rpm db5ee243e59807b2583377878ffbb3a6 x86_64/kcc-2.3-20.1.x86_64.rpm 751607a72ef5e08912fc17e24d8dcda9 x86_64/debug/kcc-debuginfo-2.3-20.1.x86_64.rpm 97510ee7f52986b17d306726603efa16 i386/debug/kcc-debuginfo-2.3-20.1.i386.rpm 475356fd31f0c1a8f53fc281c5b3d1eb i386/kcc-2.3-20.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From dwalsh at redhat.com Wed Jun 23 16:50:17 2004 From: dwalsh at redhat.com (Daniel J Walsh) Date: Wed, 23 Jun 2004 12:50:17 -0400 Subject: Fedora Core 2 Update: dhcp-3.0.1rc14-1 Message-ID: <40D9B4C9.7010701@redhat.com> ----- Fedora Update Notification FEDORA-2004-190 2004-06-23 --------------------------------------------------------------------- Product : Fedora Core 2 Name : dhcp Version : 3.0.1rc14 Release : 1 Summary : A DHCP (Dynamic Host Configuration Protocol) server and relay agent. Description : DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the ISC DHCP service and relay agent. To use DHCP on your network, install a DHCP service (or relay agent), and on clients run a DHCP client daemon. The dhcp package provides the ISC DHCP service and relay agent. --------------------------------------------------------------------- Update Information: dhcp-3.0.1rc14-1 is now available. This release fixes a buffer overflow vulnerability in the Fedora Core 2 dhcp-3.0.1rc12-*. We strongly urge you to upgrade. (CAN-2004-0460, CAN-2004-0461) Update will also be inRawhide Tomorrow. --------------------------------------------------------------------- --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 897c80adca3003975bfa42ec0bba5b55 SRPMS/dhcp-3.0.1rc14-1.src.rpm 0882aea526e1e18840eb0f4f40f02755 x86_64/dhcp-3.0.1rc14-1.x86_64.rpm 2bb511e354ee98f4fb28e6717f729b95 x86_64/dhclient-3.0.1rc14-1.x86_64.rpm bb0c361146a939b8ec35a0316f3f3d4c x86_64/dhcp-devel-3.0.1rc14-1.x86_64.rpm 5fa117855101aac239de6ac2a5af3eba x86_64/debug/dhcp-debuginfo-3.0.1rc14-1.x86_64.rpm a9ef45e9a74f3869a907ffcc5639c600 i386/dhcp-3.0.1rc14-1.i386.rpm 712617febeab53a9fb7e246f0322fb40 i386/dhclient-3.0.1rc14-1.i386.rpm 58ed2439d5d34f9db0c73a59e3405811 i386/dhcp-devel-3.0.1rc14-1.i386.rpm 4b0a126e729021bfd152621356161096 i386/debug/dhcp-debuginfo-3.0.1rc14-1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From nphilipp at redhat.com Wed Jun 23 17:49:23 2004 From: nphilipp at redhat.com (Nils Philippsen) Date: Wed, 23 Jun 2004 19:49:23 +0200 Subject: Fedora Core 2 Update: gimp-gap-2.0.2-1 Message-ID: <1088012963.17262.3.camel@gibraltar.stuttgart.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-142 2004-06-23 --------------------------------------------------------------------- Product : Fedora Core 2 Name : gimp-gap Version : 2.0.2 Release : 1 Summary : The GIMP Animation Package. Description : The GIMP-GAP (GIMP Animation Package) is a collection of Plug-Ins to extend GIMP 2.0 with capabilities to edit and create animations as sequences of single frames. --------------------------------------------------------------------- Update Information: Updated to version 2.0.2 which has enhancements and bugfixes. --------------------------------------------------------------------- --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ d238875e2aa86b50db6f2bc72b6479d5 SRPMS/gimp-gap-2.0.2-1.src.rpm 960acaf735a1ba0939970e2154698ff7 x86_64/gimp-gap-2.0.2-1.x86_64.rpm d5d655b13417c4a53cd15c3fca4d61f3 x86_64/debug/gimp-gap-debuginfo-2.0.2-1.x86_64.rpm f5e60f8bd17db2a20e6acce628c7569e i386/gimp-gap-2.0.2-1.i386.rpm e35dff4477267ef7f05451bae44c30c0 i386/debug/gimp-gap-debuginfo-2.0.2-1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- Nils Philippsen / Red Hat / nphilipp at redhat.com "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- B. Franklin, 1759 PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From nphilipp at redhat.com Wed Jun 23 17:51:57 2004 From: nphilipp at redhat.com (Nils Philippsen) Date: Wed, 23 Jun 2004 19:51:57 +0200 Subject: Fedora Core 2 Update: gimp-2.0.1-5 Message-ID: <1088013117.17262.5.camel@gibraltar.stuttgart.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-145 2004-06-23 --------------------------------------------------------------------- Product : Fedora Core 2 Name : gimp Version : 2.0.1 Release : 5 Summary : The GNU Image Manipulation Program BETA Description : The GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. The GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. The GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. The GIMP includes a scripting facility, but many of the included scripts rely on fonts that we cannot distribute. The GIMP FTP site has a package of fonts that you can install by yourself, which includes all the fonts needed to run the included scripts. Some of the fonts have unusual licensing requirements; all the licenses are documented in the package. Get ftp://ftp.gimp.org/pub/gimp/fonts/freefonts-0.10.tar.gz and ftp://ftp.gimp.org/pub/gimp/fonts/sharefonts-0.10.tar.gz if you are so inclined. Alternatively, choose fonts which exist on your system before running the scripts. --------------------------------------------------------------------- Update Information: This update is supposed to fix #124307 "missing help files" by spitting out a slightly more informative error message if gimp-help isn't installed. --------------------------------------------------------------------- --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 76b405cd19e7ed04359a4aed9a0b73ee SRPMS/gimp-2.0.1-5.src.rpm 0eb52372e6783a7470432357f6f9d1dc x86_64/gimp-2.0.1-5.x86_64.rpm 2d531d2bd97d9092fa091740302afab4 x86_64/gimp-devel-2.0.1-5.x86_64.rpm 79bde7f7df3c5d52978381c7988f3086 x86_64/debug/gimp-debuginfo-2.0.1-5.x86_64.rpm38eae5268f2d071b4f52306f61817573 i386/gimp-2.0.1-5.i386.rpm eb6a9ed12c9183cb4b21e2413b00874d i386/gimp-devel-2.0.1-5.i386.rpm 47e7c1f778c697dc7b36e3656352eb54 i386/debug/gimp-debuginfo-2.0.1-5.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- Nils Philippsen / Red Hat / nphilipp at redhat.com "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- B. Franklin, 1759 PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From davej at redhat.com Wed Jun 23 18:25:44 2004 From: davej at redhat.com (Dave Jones) Date: Wed, 23 Jun 2004 19:25:44 +0100 Subject: [SECURITY] Fedora Core 1 Update: kernel-2.4.22-1.2194.nptl Message-ID: <20040623182544.GA15935@redhat.com> --------------------------------------------------------------------- Fedora Security Update Notification FEDORA-2004-186 2004-06-23 --------------------------------------------------------------------- Product : Fedora Core 1 Name : kernel Version : 2.4.22 Release : 1.2194.nptl Summary : The Linux kernel (the core of the Linux operating system) Description : The kernel package contains the Linux kernel (vmlinuz), the core of your Fedora Core Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. Numerous problems referencing userspace memory were identified in several device drivers by Al Viro using the sparse tool. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2004-0495 to this issue. A problem was found where userspace code could execute certain floating point instructions from signal handlers which would cause the kernel to lock up. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2004-0554 to this issue. Previous kernels contained a patch against the framebuffer ioctl code which turned out to be unnecessary. This has been dropped in this update. A memory leak in the E1000 network card driver has been fixed. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2004-0535 to this issue. Previously, inappropriate permissions were set on /proc/scsi/qla2300/HbaApiNode The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2004-0587 to this issue. Support for systems with more than 4GB of memory was previously unavailable. The 686 SMP kernel now supports this configuration. (Bugzilla #122960) Support for SMP on 586's was also previously not included. This has also been rectified. (Bugzilla #111871) --------------------------------------------------------------------- --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ afbebd8faf6000a21ccb31b9d79cc42d SRPMS/kernel-2.4.22-1.2194.nptl.src.rpm d096e20bef069c9f8c134bc490d7b1c0 x86_64/kernel-2.4.22-1.2194.nptl.x86_64.rpm 2e2f20c4090f09591c1c2fda395766a1 x86_64/kernel-source-2.4.22-1.2194.nptl.x86_64.rpm ba9315c99099ae2ea50faad7efbc7a57 x86_64/kernel-doc-2.4.22-1.2194.nptl.x86_64.rpm 030f29ae64f0bfbe4c99a45e5077e40c x86_64/kernel-smp-2.4.22-1.2194.nptl.x86_64.rpm 372301d42349cb0568ce7d6b71ce078b x86_64/debug/kernel-debuginfo-2.4.22-1.2194.nptl.x86_64.rpm 4b2105dd045d9cb57eabe18d1047a6de i386/kernel-source-2.4.22-1.2194.nptl.i386.rpm a59e186147f73c15d96d0a806e06fcbc i386/kernel-doc-2.4.22-1.2194.nptl.i386.rpm d90babb412eef5a6dd24bd53ceab38a9 i386/kernel-BOOT-2.4.22-1.2194.nptl.i386.rpm d8ec8ec23c17058c24ce4bbe5eb59275 i386/debug/kernel-debuginfo-2.4.22-1.2194.nptl.i386.rpm 7d70b95d0cd5b4a93bc1ce90e57762f6 i386/kernel-2.4.22-1.2194.nptl.i586.rpm 370fa73f7b82c79b03aa7b865671df3a i386/kernel-smp-2.4.22-1.2194.nptl.i586.rpm 413f46ceee286f874d7cebdf0694a5ef i386/debug/kernel-debuginfo-2.4.22-1.2194.nptl.i586.rpm 6839a7a334a2980b036b09c8a4ad20a9 i386/kernel-2.4.22-1.2194.nptl.i686.rpm e33e1bd82d52502298e9b24fe53f9acf i386/kernel-smp-2.4.22-1.2194.nptl.i686.rpm a1bbd9f5bfe7aaa27a561e2b663842ba i386/debug/kernel-debuginfo-2.4.22-1.2194.nptl.i686.rpm fe4595933f55899f1341c8b167c3720f i386/kernel-2.4.22-1.2194.nptl.athlon.rpm 8df5e29195d4c779d60938b740b2b777 i386/kernel-smp-2.4.22-1.2194.nptl.athlon.rpm 597b43d471f2fedad519a059d66dc72f i386/debug/kernel-debuginfo-2.4.22-1.2194.nptl.athlon.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From harald at redhat.com Thu Jun 24 14:29:22 2004 From: harald at redhat.com (Harald Hoyer) Date: Thu, 24 Jun 2004 16:29:22 +0200 Subject: Fedora Core 2 Update: cdrtools-2.01-0.a27.4.FC2.1 Message-ID: <40DAE542.9090003@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-192 2004-06-24 --------------------------------------------------------------------- Product : Fedora Core 2 Name : cdrtools Version : 2.01 Release : 0.a27.4.FC2.1 Summary : A collection of CD/DVD utilities. Description : cdrtools is a collection of CD/DVD utilities. --------------------------------------------------------------------- Update Information: corrected dvdrtools version to obsolete dvdrtools. --------------------------------------------------------------------- --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ e27689f72d6ed48b96f50664d566ae2c SRPMS/cdrtools-2.01-0.a27.4.FC2.1.src.rpm 4ad4ed028176e7fb12786f3351752ca9 x86_64/cdrecord-2.01-0.a27.4.FC2.1.x86_64.rpm ea23fcf50cefceee4fe3d9f00cca59e4 x86_64/cdrecord-devel-2.01-0.a27.4.FC2.1.x86_64.rpm 0d7a2c70e941b169c6c9192a54d0eb53 x86_64/mkisofs-2.01-0.a27.4.FC2.1.x86_64.rpm d553afa03bff1f302ff675af698bdd07 x86_64/cdda2wav-2.01-0.a27.4.FC2.1.x86_64.rpm eb2fbc1d61713c4e8aa2b966cb9f49cc x86_64/debug/cdrtools-debuginfo-2.01-0.a27.4.FC2.1.x86_64.rpm fa2096ebd4c24dc386234d429e53183d i386/cdrecord-2.01-0.a27.4.FC2.1.i386.rpm 98eb93899dec4b02ca94538f0a8e94ce i386/cdrecord-devel-2.01-0.a27.4.FC2.1.i386.rpm b8a522529a17bd115027dd0075d59bf8 i386/mkisofs-2.01-0.a27.4.FC2.1.i386.rpm 4fff1e52dc7c662ebc31d6bf5d1f678c i386/cdda2wav-2.01-0.a27.4.FC2.1.i386.rpm 4abadabede9568e16160b60a48a25133 i386/debug/cdrtools-debuginfo-2.01-0.a27.4.FC2.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: From mharris at redhat.com Thu Jun 24 16:18:02 2004 From: mharris at redhat.com (Mike A. Harris) Date: Thu, 24 Jun 2004 12:18:02 -0400 (EDT) Subject: Fedora Core 2 Update: xinitrc-3.42-1 Message-ID: --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-191 2004-06-24 --------------------------------------------------------------------- Product : Fedora Core 2 Name : xinitrc Version : 3.42 Release : 1 Summary : The default startup script for the X Window System. Description : The xinitrc package contains the xinitrc file, a script which is used to configure your X Window System session or to start a window manager. --------------------------------------------------------------------- Update Information: A new xinitrc update is available that resolves an issue caused by the previous xinitrc package update in which some users were unable to use input methods in X11. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 0a0f31fbae6a989a26dda3f36051fa01 SRPMS/xinitrc-3.42-1.src.rpm aad409de3215303498550b118c625817 x86_64/xinitrc-3.42-1.noarch.rpm aad409de3215303498550b118c625817 i386/xinitrc-3.42-1.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From wtogami at redhat.com Fri Jun 25 05:09:44 2004 From: wtogami at redhat.com (Warren Togami) Date: Thu, 24 Jun 2004 19:09:44 -1000 Subject: Fedora Core 1 Update: gaim-0.79-0.FC1 Message-ID: <40DBB398.6040205@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-195 2004-06-25 --------------------------------------------------------------------- Product : Fedora Core 1 Name : gaim Version : 0.79 Release : 0.FC1 Summary : A Gtk+ based multiprotocol instant messaging client Description : Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by America Online, Inc., Microsoft Corporation, or Yahoo! Inc. or other messaging service providers. --------------------------------------------------------------------- Update Information: gaim-0.79 update most notably fixes the Yahoo protocol #126700 See upstream's release notes for more details. --------------------------------------------------------------------- --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 1968706d154bfe2ea24dfcc5e91b5470 SRPMS/gaim-0.79-0.FC1.src.rpm 7f1bb038c03917ce8f481376226bf91f x86_64/gaim-0.79-0.FC1.x86_64.rpm e3bf8af305da44427088aab37fba3b07 x86_64/debug/gaim-debuginfo-0.79-0.FC1.x86_64.rpm 798d757c174ebc1d5e1ade0f41716407 i386/gaim-0.79-0.FC1.i386.rpm dedca8bea8618b3c61fd20f5a6eeb1f7 i386/debug/gaim-debuginfo-0.79-0.FC1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From wtogami at redhat.com Fri Jun 25 05:09:50 2004 From: wtogami at redhat.com (Warren Togami) Date: Thu, 24 Jun 2004 19:09:50 -1000 Subject: Fedora Core 2 Update: gaim-0.79-0.FC2 Message-ID: <40DBB39E.7010202@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-196 2004-06-25 --------------------------------------------------------------------- Product : Fedora Core 2 Name : gaim Version : 0.79 Release : 0.FC2 Summary : A Gtk+ based multiprotocol instant messaging client Description : Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by America Online, Inc., Microsoft Corporation, or Yahoo! Inc. or other messaging service providers. --------------------------------------------------------------------- Update Information: gaim-0.79 update most notably fixes the Yahoo protocol #126700 See upstream's release notes for more details. --------------------------------------------------------------------- --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 6a6c877bee2a2256f855c7721c92b112 SRPMS/gaim-0.79-0.FC2.src.rpm fcdc606c4305484e6cce4dffcaad2eef x86_64/gaim-0.79-0.FC2.x86_64.rpm 3bf95ecae9fe8f9f61d497566d5bbe37 x86_64/debug/gaim-debuginfo-0.79-0.FC2.x86_64.rpm 8ed984f994279ae64f51314a9ebb2339 i386/gaim-0.79-0.FC2.i386.rpm 006deaff720f40ae470b691ed243181b i386/debug/gaim-debuginfo-0.79-0.FC2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From wtogami at redhat.com Fri Jun 25 05:09:54 2004 From: wtogami at redhat.com (Warren Togami) Date: Thu, 24 Jun 2004 19:09:54 -1000 Subject: Fedora Core 1 Update: dovecot-0.99.10.5-0.FC1 Message-ID: <40DBB3A2.6020106@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-182 2004-06-25 --------------------------------------------------------------------- Product : Fedora Core 1 Name : dovecot Version : 0.99.10.5 Release : 0.FC1 Summary : Dovecot Secure imap server Description : Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. --------------------------------------------------------------------- Update Information: Resolves several rare problems including: #123022 segfault with certain maildir usage #113492 after expunge, dovecot hangs fetchmail if new e-mail came in Note that #115284 the SSL related crash is not fully resolved. Rather than crash when entropy is depleted, dovecot silently fails. This remaining issue is Fedora specific and may require patching of the FC1 kernel or openssl in order to resolve in a future update. --------------------------------------------------------------------- --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 834b09c4fbcd8203d0107a6d2e33c203 SRPMS/dovecot-0.99.10.5-0.FC1.src.rpm b59c5d7506b0c5ce2bc7ecd8d8e80a41 x86_64/dovecot-0.99.10.5-0.FC1.x86_64.rpm 2d01e5023d38184c5aa41b8533cfc146 x86_64/debug/dovecot-debuginfo-0.99.10.5-0.FC1.x86_64.rpm 09eb0fd6b14081ce816dc3e04f3c9cea i386/dovecot-0.99.10.5-0.FC1.i386.rpm 5091655964a59c61d4166607813b75ff i386/debug/dovecot-debuginfo-0.99.10.5-0.FC1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From wtogami at redhat.com Fri Jun 25 05:10:41 2004 From: wtogami at redhat.com (Warren Togami) Date: Thu, 24 Jun 2004 19:10:41 -1000 Subject: Fedora Core 2 Update: dovecot--0.99.10.5-0.FC2 Message-ID: <40DBB3D1.8010303@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-183 2004-06-25 --------------------------------------------------------------------- Product : Fedora Core 2 Name : dovecot Version : 0.99.10.5 Release : 0.FC2 Summary : Dovecot Secure imap server Description : Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. --------------------------------------------------------------------- Update Information: Resolves several rare problems including: #123022 segfault with certain maildir usage #113492 after expunge, dovecot hangs fetchmail if new e-mail came in --------------------------------------------------------------------- --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 19dee348c8c1c84a46ae172054ced918 SRPMS/dovecot-0.99.10.5-0.FC2.src.rpm 849fcce0d8c125538e0142ca57324eee x86_64/dovecot-0.99.10.5-0.FC2.x86_64.rpm b27f33972e3d8a98b969265375cc4ffd x86_64/debug/dovecot-debuginfo-0.99.10.5-0.FC2.x86_64.rpm 168ccac958c65af0cf21645d7fb4608c i386/dovecot-0.99.10.5-0.FC2.i386.rpm 9a35ca0eafcee002c043fc9b2c4a5320 i386/debug/dovecot-debuginfo-0.99.10.5-0.FC2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From petersen at redhat.com Fri Jun 25 13:04:00 2004 From: petersen at redhat.com (Jens Petersen) Date: Fri, 25 Jun 2004 22:04:00 +0900 Subject: Fedora Core 1 Update: tcltk-8.3.5-96.1 Message-ID: <40DC22C0.8060508@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-193 2004-06-25 --------------------------------------------------------------------- Product : Fedora Core 1 Name : tcltk Version : 8.3.5 Release : 96.1 Summary : Tcl/Tk development environment Description : Tcl is a simple scripting language designed to be embedded into other applications. Tcl is designed to be used with Tk, a widget set. --------------------------------------------------------------------- Update Information: A minor update of tcltk to add backward compatible symlinks /usr/lib/{tcl,tk}8.3 and to fix the rpath of expect. --------------------------------------------------------------------- * Mon Mar 29 2004 Jens Petersen - 8.3.5-96 - add expect-ro-afs-112174.patch (Bernd Schmidt,#112174) - add backward compatibility symlinks /usr/lib/tcl8.3 and /usr/lib/tk8.3 * Fri Jan 16 2004 Jens Petersen - 8.3.5-95 - buildrequire autoconf213 (#110583, mvd at mylinux.com.ua) * Mon Nov 17 2003 Thomas Woerner 8.3.5-94 - fixed RPATH for expect and expectk: patch 121 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 3e341c669321b333f8e1f018df0b11bf SRPMS/tcltk-8.3.5-96.1.src.rpm d3f4dbb7c0e861b9e1031e1ab4ad8469 x86_64/tcl-8.3.5-96.1.x86_64.rpm baec2823ca561e12b589ab2d92f7c076 x86_64/tcl-devel-8.3.5-96.1.x86_64.rpm fd17a533132cc55d7bea6d564ad41ec6 x86_64/tk-8.3.5-96.1.x86_64.rpm f5a84d2932abb506b63705ef52ed3e0d x86_64/tk-devel-8.3.5-96.1.x86_64.rpm b685100e0af42753b05d2bea538c8b76 x86_64/expect-5.39.0-96.1.x86_64.rpm 6a79e01783b9b192ca481c77fd63a66d x86_64/expect-devel-5.39.0-96.1.x86_64.rpm 22474b02b4bbe4d014296efd24274fd3 x86_64/expectk-5.39.0-96.1.x86_64.rpm 051a61b8007fa6bee82a5c7e0a53e5dd x86_64/tclx-8.3-96.1.x86_64.rpm db07b54b903692f9c67258467678539b x86_64/tix-8.1.4-96.1.x86_64.rpm 8e64966f33ed3d718d86e453925ba176 x86_64/itcl-3.2-96.1.x86_64.rpm 98dbfd3921bc107f006538839fb48a58 x86_64/tcllib-1.3-96.1.x86_64.rpm 00fdfdb1652789ec8f8eb9345ffcccd3 x86_64/tcl-html-8.3.5-96.1.x86_64.rpm 915086c689c9d809d83e42f32f34a50f x86_64/debug/tcltk-debuginfo-8.3.5-96.1.x86_64.rpm c4b500b0e7c4258938260e2caee66bb7 i386/tcl-8.3.5-96.1.i386.rpm 53dfa29d606f709ed3cb4f030ca0d0ff i386/tcl-devel-8.3.5-96.1.i386.rpm dbdf536a3d035fb67e7036fdde447573 i386/tk-8.3.5-96.1.i386.rpm 905191a23f14cd6974ee3d93e45b6468 i386/tk-devel-8.3.5-96.1.i386.rpm e5267c95c7ddd30d2a85593aa7723489 i386/expect-5.39.0-96.1.i386.rpm 669202de3a5e8d404a78e2743621cb15 i386/expect-devel-5.39.0-96.1.i386.rpm 030aefbc2f76fab025f70ddb9181358f i386/expectk-5.39.0-96.1.i386.rpm 368c36c0912250020afcca0c89d86d0b i386/tclx-8.3-96.1.i386.rpm 72f6de2a1870afa9b62eb067803e6168 i386/tix-8.1.4-96.1.i386.rpm f77739b9fdc9e7423ddc4e66355727be i386/itcl-3.2-96.1.i386.rpm c2006d1d714cb73f035ebb9eb1d858da i386/tcllib-1.3-96.1.i386.rpm d64255b0f02f516332b9b4e5b59b6a83 i386/tcl-html-8.3.5-96.1.i386.rpm 94edf98f3298e62dc08521f1b8045304 i386/debug/tcltk-debuginfo-8.3.5-96.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From alan at redhat.com Fri Jun 25 13:21:06 2004 From: alan at redhat.com (Alan Cox) Date: Fri, 25 Jun 2004 09:21:06 -0400 Subject: Fedora Core 2 Update: sysstat-5.0.1-4 Message-ID: <20040625132106.GA2360@devserv.devel.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-187 2004-06-25 --------------------------------------------------------------------- Product : Fedora Core 2 Name : sysstat Version : 5.0.1 Release : 4 Summary : The sar and iostat system monitoring commands. Description : This package provides the sar and iostat commands for Linux. Sar and iostat enable system monitoring of disk, network, and other IO activity. --------------------------------------------------------------------- Update Information: Sysstat had minor buffer overflows and parsing problems. None of them in any way exploitable it turns out. Sysstat also spewed junk to the console on startup. --------------------------------------------------------------------- --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ ce6b8daf436254dd2347a1eaafefe858 SRPMS/sysstat-5.0.1-4.src.rpm 83bdce713e6026fa7887ff7462b4fc62 x86_64/sysstat-5.0.1-4.x86_64.rpm 843695b7556682b2c2ac445d7b4e1f17 x86_64/debug/sysstat-debuginfo-5.0.1-4.x86_64.rpm 83a8953f7ba6504b1bd0a835a06a9ffb i386/sysstat-5.0.1-4.i386.rpm c3fbcf5081dd277f1bc57320260502c2 i386/debug/sysstat-debuginfo-5.0.1-4.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From alan at redhat.com Fri Jun 25 13:26:32 2004 From: alan at redhat.com (Alan Cox) Date: Fri, 25 Jun 2004 09:26:32 -0400 Subject: Fedora Core 2 Update: finger-0.17-24 Message-ID: <20040625132632.GA4141@devserv.devel.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-181 2004-06-25 --------------------------------------------------------------------- Product : Fedora Core 2 Name : finger Version : 0.17 Release : 24 Summary : The finger client. Description : Finger is a utility which allows users to see information about system users (login name, home directory, name, how long they've been logged in to the system, etc.). The finger package includes a standard finger client. You should install finger if you'd like to retrieve finger information from other systems. --------------------------------------------------------------------- Update Information: Finger mishandled stale utmp entries and also entries from remote X sessions. This would cause random idle times and spurious users to be shown. --------------------------------------------------------------------- --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 3a7b2b30c410b3c02ea3d553a57e325d SRPMS/finger-0.17-24.src.rpm ac9eaba7e9f9c15f2c049b5eae3821eb x86_64/finger-0.17-24.x86_64.rpm e33ca90c2981bb38b848f461fa0fa949 x86_64/finger-server-0.17-24.x86_64.rpm 8eb9ede2949c23fa5344b8b64ada900f x86_64/debug/finger-debuginfo-0.17-24.x86_64.rpm 4aef5ad7fc026cf7197896253facb2f5 i386/finger-0.17-24.i386.rpm b85db8943d869d47db7e89837811bf1b i386/finger-server-0.17-24.i386.rpm e474d34add7fbd406099724d460c0009 i386/debug/finger-debuginfo-0.17-24.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From alan at redhat.com Fri Jun 25 13:28:34 2004 From: alan at redhat.com (Alan Cox) Date: Fri, 25 Jun 2004 09:28:34 -0400 Subject: Fedora Core 2 Update: ftp-0.17-21 Message-ID: <20040625132834.GA5618@devserv.devel.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-178 2004-06-25 --------------------------------------------------------------------- Product : Fedora Core 2 Name : ftp Version : 0.17 Release : 21 Summary : The standard UNIX FTP (File Transfer Protocol) client. Description : The ftp package provides the standard UNIX command-line FTP (File Transfer Protocol) client. FTP is a widely used protocol for transferring files over the Internet and for archiving files. If your system is on a network, you should install ftp in order to do file transfers. --------------------------------------------------------------------- Update Information: The ftp client would segmentation fault in certain situations when the remote server closed the connection on it in an unexpected fashion. This fixes the segmentation fault. --------------------------------------------------------------------- --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 6069f019fa581593cac9660e34800395 SRPMS/ftp-0.17-21.src.rpm da1511906e9f53e798f0632cf0b63d20 x86_64/ftp-0.17-21.x86_64.rpm 7fbc0000e74a9821efc32ccc8337e580 x86_64/debug/ftp-debuginfo-0.17-21.x86_64.rpm 773c95f1618647219db8b682aca38484 i386/ftp-0.17-21.i386.rpm 04017e605a38e02d788f0da6083677ba i386/debug/ftp-debuginfo-0.17-21.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From petersen at redhat.com Sat Jun 26 02:07:07 2004 From: petersen at redhat.com (Jens Petersen) Date: Sat, 26 Jun 2004 11:07:07 +0900 Subject: Fedora Core 2 Update: im-sdk-11.4-46.svn1587 Message-ID: <40DCDA4B.7000303@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-188 2004-06-25 --------------------------------------------------------------------- Product : Fedora Core 2 Name : im-sdk Version : 11.4 Release : 46.svn1587 Summary : IIIMF Input Method Software Developers Kit Description : im-sdk is a IIIMF Input Method Software Developers Kit. --------------------------------------------------------------------- Update Information: This update hides the status window when the input method is off and also fixes a number of other issues. --------------------------------------------------------------------- * Wed Jun 23 2004 Jens Petersen - 1:11.4-46.svn1587 - append svn revision to %release (116223) - im-switch: don't override i18n file (Descender,126542) and output string improvements - iiimecf-init.el: don't be the default input method by default * Thu Jun 17 2004 Yu Shao 1:11.4-46 - rebuild for fc2 * Tue Jun 08 2004 Akira TAGOH - im-sdk-11.4-newpy-hide-status-window.patch: applied to hide the status window when it's switched off. (#118114) - im-sdk-11.4-unit-hide-status-window.patch: likewise. (#118114) * Thu Jun 03 2004 Akira TAGOH - im-sdk-11.4-xiiimp-locale.patch: fixed to run httx with .UTF-8 locale. * Wed May 19 2004 Akira TAGOH - im-sdk-11.4-xiiimp-no-taskbar.patch: another fix to hide the status window from the taskbar. (#121818) - im-sdk-11.4-canna-hide-status-window.patch: applied to hide the status window when it's switched off. (#118114) - im-sdk-11.4-hangul-hide-status-window.patch: likewise. (#118114) - im-sdk-11.4-xiiimp-hide-status-window.patch: likewise. (#118114) - im-sdk-11.4-gimlet-status-off-string.patch: applied to show the status when given status is empty. (#118114) * Wed May 19 2004 Yu Shao 1:11.4-44 - fixed bug #123021, Changing preferences causes gimlet to eat 80% of CPU * Fri May 14 2004 Jens Petersen - improve im-switch's option handling and help somewhat --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 3de107b91d1014654ef5bc37fe48ba5d SRPMS/im-sdk-11.4-46.svn1587.src.rpm 21baa5fb1f4cfe5498fa1fdb8572ae73 x86_64/iiimf-csconv-11.4-46.svn1587.x86_64.rpm 1d57c9c0be1ec4627ba6fdcd56f8ff7c x86_64/iiimf-protocol-lib-11.4-46.svn1587.x86_64.rpm d1a8a67c9837532152f946ef2335bf5f x86_64/iiimf-protocol-lib-devel-11.4-46.svn1587.x86_64.rpm a8e1281ae89164f6cbd9d02e05155c04 x86_64/iiimf-client-lib-11.4-46.svn1587.x86_64.rpm 882cc91a08b803d334d99b0002aa03e9 x86_64/iiimf-client-lib-devel-11.4-46.svn1587.x86_64.rpm 8c27146d7f5bdc05040963a5c50368cd x86_64/iiimf-server-11.4-46.svn1587.x86_64.rpm f0e9d4ff6d81c066b5497e9825415c32 x86_64/iiimf-le-unit-11.4-46.svn1587.x86_64.rpm daa67cb4d553e5b31d54bf8762edea30 x86_64/iiimf-le-newpy-11.4-46.svn1587.x86_64.rpm c05afbff9fae192b35961aabcf73d78e x86_64/iiimf-le-hangul-11.4-46.svn1587.x86_64.rpm 11ab83e6e2128449dcf074ed563b3302 x86_64/iiimf-le-canna-11.4-46.svn1587.x86_64.rpm 5aeea4aba3da39aa6bc1a306126241da x86_64/iiimf-x-11.4-46.svn1587.x86_64.rpm 50f58d97209e4c823ba39d934bda8c82 x86_64/iiimf-gtk-11.4-46.svn1587.x86_64.rpm a00486d9989f2e5f2b2d308c086466b4 x86_64/iiimf-docs-11.4-46.svn1587.x86_64.rpm af6e674db875d5b6dbfb7d478b1ffee3 x86_64/iiimf-emacs-11.4-46.svn1587.x86_64.rpm 4095941428eaeeae824b527091ae907a x86_64/debug/im-sdk-debuginfo-11.4-46.svn1587.x86_64.rpm 1e00166a7dd8d7362f0df8bf70331b5c i386/iiimf-csconv-11.4-46.svn1587.i386.rpm bb56c863e8319fa27c86db064a9492e3 i386/iiimf-protocol-lib-11.4-46.svn1587.i386.rpm dc880bfba18cd2228d43a28145952584 i386/iiimf-protocol-lib-devel-11.4-46.svn1587.i386.rpm adcc8b02083ca28a3d2e5308450e3da6 i386/iiimf-client-lib-11.4-46.svn1587.i386.rpm e679074529de46d38dda83aa2bcb572f i386/iiimf-client-lib-devel-11.4-46.svn1587.i386.rpm 33481725c2eee22532b014efdc0727c2 i386/iiimf-server-11.4-46.svn1587.i386.rpm 430976fef989c957c2eeb267f03582e5 i386/iiimf-le-unit-11.4-46.svn1587.i386.rpm fe3415874adf312d206f5d8fc4167fbb i386/iiimf-le-newpy-11.4-46.svn1587.i386.rpm 3ea6d869d5430755c5d0d8e65e02c41b i386/iiimf-le-hangul-11.4-46.svn1587.i386.rpm 63feb8ed9d36dc344a4d6cb48e85d2ff i386/iiimf-le-canna-11.4-46.svn1587.i386.rpm d928217fc16cd5a0a37156b217f48072 i386/iiimf-x-11.4-46.svn1587.i386.rpm 5438d283ae2e9d0785448179e97edbdc i386/iiimf-gtk-11.4-46.svn1587.i386.rpm e946dfdbc236e4caca5dc139d0fb4265 i386/iiimf-docs-11.4-46.svn1587.i386.rpm d935a6c0e5454985ea8c542aa267a3e9 i386/iiimf-emacs-11.4-46.svn1587.i386.rpm cb3e4bce77a3478fde26f6bbc0600397 i386/debug/im-sdk-debuginfo-11.4-46.svn1587.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From petersen at redhat.com Mon Jun 28 16:58:03 2004 From: petersen at redhat.com (Jens Petersen) Date: Tue, 29 Jun 2004 01:58:03 +0900 Subject: Fedora Core 1 Update: tcltk-8.3.5-96.0.1 Message-ID: <40E04E1B.2080809@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-200 2004-06-28 --------------------------------------------------------------------- Product : Fedora Core 1 Name : tcltk Version : 8.3.5 Release : 96.0.1 Summary : Tcl/Tk development environment Description : Tcl is a simple scripting language designed to be embedded into other applications. Tcl is designed to be used with Tk, a widget set. --------------------------------------------------------------------- Update Information: This update replaces the recent tcltk update FEDORA-2004-193 that conflicted with the expect and tix packages released in Fedora Core 2. If you have already updated to 96.1 you're advised to downgrade at least the expect and tix packages to the ones provided in this update to avoid potential problems later if you upgrade to Fedora Core 2. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 0d0daf64630cdca4d919963c1f1a27be SRPMS/tcltk-8.3.5-96.0.1.src.rpm bcff82afbd3e4e40550ed886e3bf7b60 x86_64/tcl-8.3.5-96.0.1.x86_64.rpm 7f5ec64316b93fe1d74ae19fb1db3135 x86_64/tcl-devel-8.3.5-96.0.1.x86_64.rpm 449ddd34a434165fdd291445da26da8a x86_64/tk-8.3.5-96.0.1.x86_64.rpm 010622f71c2d9e4db2ad3bc02546bea8 x86_64/tk-devel-8.3.5-96.0.1.x86_64.rpm d2af1bda5008370965fb10208a353e9d x86_64/expect-5.39.0-96.0.1.x86_64.rpm b987cec47d100d7aa3e5ed864173da38 x86_64/expect-devel-5.39.0-96.0.1.x86_64.rpm 19408103ba81fef1c4b818134a9aec6e x86_64/expectk-5.39.0-96.0.1.x86_64.rpm d5655d48ae429a71246e14d664cb549d x86_64/tclx-8.3-96.0.1.x86_64.rpm 8dfdc259e49d722e6e35961a2d74c9c3 x86_64/tix-8.1.4-96.0.1.x86_64.rpm 44cdbf6101ed7d6efe250ce8d364f29c x86_64/itcl-3.2-96.0.1.x86_64.rpm 8b594792c182ecc78ddecaf62bce54ca x86_64/tcllib-1.3-96.0.1.x86_64.rpm 3977a8c37a052bdfd22b40e4d44bd6b7 x86_64/tcl-html-8.3.5-96.0.1.x86_64.rpm f819018da42290279cb7c23bd68194c9 x86_64/debug/tcltk-debuginfo-8.3.5-96.0.1.x86_64.rpm 0cd9d230c366d1b8d6cdfde19dd18b60 i386/tcl-8.3.5-96.0.1.i386.rpm 504994088d4e8cc1ad8d14cd1fc8b084 i386/tcl-devel-8.3.5-96.0.1.i386.rpm 253ad4be33fc5a2e1441e30a174889de i386/tk-8.3.5-96.0.1.i386.rpm 5870980d48afdbe5db709174c5972baf i386/tk-devel-8.3.5-96.0.1.i386.rpm 07e265ac209930f2416cf69f1f08ba24 i386/expect-5.39.0-96.0.1.i386.rpm 57ed2f096140c71dd6502c996cbb045c i386/expect-devel-5.39.0-96.0.1.i386.rpm 82a45b175cfd934bd008c20836dd1288 i386/expectk-5.39.0-96.0.1.i386.rpm f2026f9b45f2e5c676795af472067f3d i386/tclx-8.3-96.0.1.i386.rpm 6de1d9bdaf745d7b1a1377a3759154ca i386/tix-8.1.4-96.0.1.i386.rpm a63a8f10583dcc1933712b10e697fb17 i386/itcl-3.2-96.0.1.i386.rpm aa4227412f7e96c7cb98c30584b5798d i386/tcllib-1.3-96.0.1.i386.rpm 23876adb146d83305f71ebc253e3d336 i386/tcl-html-8.3.5-96.0.1.i386.rpm 2a53061da593a1851e15a78ae2afb85b i386/debug/tcltk-debuginfo-8.3.5-96.0.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From nalin at redhat.com Mon Jun 28 17:28:09 2004 From: nalin at redhat.com (Nalin Dahyabhai) Date: Mon, 28 Jun 2004 13:28:09 -0400 Subject: [SECURITY] Fedora Core 2 Update: ipsec-tools-0.2.5-4 Message-ID: <20040628172809.GA30712@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-197 2004-06-28 --------------------------------------------------------------------- Product : Fedora Core 2 Name : ipsec-tools Version : 0.2.5 Release : 4 Summary : Tools for configuring and using IPSEC Description : This is the IPsec-Tools package. You need this package in order to really use the IPsec functionality in the linux-2.5+ kernels. This package builds: - libipsec, a PFKeyV2 library - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon --------------------------------------------------------------------- Update Information: When configured to use X.509 certificates to authenticate remote hosts, ipsec-tools versions 0.3.3 and earlier will attempt to verify that host certificate, but will not abort the key exchange if the verification fails. Users of ipsec-tools should upgrade to this updated package which contains a backported security patch and is not vulnerable to this issue. --------------------------------------------------------------------- * Fri Jun 25 2004 Nalin Dahyabhai 0.2.5-4 - backport certificate validation fixes from 0.3.3 (#126568) * Tue Jun 15 2004 Elliot Lee - rebuilt --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ a37bb0893daee1ebecfb9ec03d7df542 SRPMS/ipsec-tools-0.2.5-4.src.rpm 2d2773ae7faee29982e87d26aea76803 x86_64/ipsec-tools-0.2.5-4.x86_64.rpm 79bcd6d5050b207492080e70fe7c04c6 x86_64/debug/ipsec-tools-debuginfo-0.2.5-4.x86_64.rpm e9c0a5fef2720246a1751f6e88befd77 i386/ipsec-tools-0.2.5-4.i386.rpm 6abfadc474494cf9393364b78488b321 i386/debug/ipsec-tools-debuginfo-0.2.5-4.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From roland at redhat.com Tue Jun 29 21:09:56 2004 From: roland at redhat.com (Roland McGrath) Date: Tue, 29 Jun 2004 14:09:56 -0700 Subject: Fedora Core 2 Update: strace-4.5.5-1 Message-ID: <200406292109.i5TL9uHn025355@magilla.sf.frob.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-199 2004-06-29 --------------------------------------------------------------------- Product : Fedora Core 2 Name : strace Version : 4.5.5 Release : 1 Summary : Tracks and displays system calls associated with a running process. Description : The strace program intercepts and records the system calls called and received by a running process. Strace can print a record of each system call, its arguments and its return value. Strace is useful for diagnosing problems and debugging, as well as for instructional purposes. Install strace if you need a tool to track the system calls made and received by a process. --------------------------------------------------------------------- Update Information: This update is only of interest on the x86-64 platform. It fixes support for running 32-bit binaries. --------------------------------------------------------------------- * Sun Jun 27 2004 Roland McGrath 4.5.5-1 - new upstream version, fixes x86-64 biarch support (#126547) * Tue Jun 15 2004 Elliot Lee 4.5.4-2 - rebuilt --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ e8b307bfe20f0fe451d411d8f0368b51 SRPMS/strace-4.5.5-1.src.rpm fb1624692bea26a7c02184b6099aecb8 x86_64/strace-4.5.5-1.x86_64.rpm 511bd3f0201d85cded8275aba69bb411 x86_64/debug/strace-debuginfo-4.5.5-1.x86_64.rpm 50b0566dea8cb7222649d9400c8781b0 i386/strace-4.5.5-1.i386.rpm 898c7325626c48cc8e58a8b02ff8e21b i386/debug/strace-debuginfo-4.5.5-1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From nhorman at redhat.com Wed Jun 30 11:58:18 2004 From: nhorman at redhat.com (Neil Horman) Date: Wed, 30 Jun 2004 07:58:18 -0400 Subject: new package available: cscope for FC1 Message-ID: <40E2AADA.6050805@redhat.com> warning: cscope-15.5-0.fdr.1.1.i386.rpm: V3 DSA signature: NOKEY, key ID 8df56d05 Name : cscope Version: 15.5 Release: 0.fdr.1.1 License: BSD URL : http://cscope.sourceforge.net cscope is a mature, ncurses based, C source code tree browsing tool. It allows users to search large source code bases for variables, functions, macros, etc, as well as perform general regex and plain text searches. Results are returned in lists, from which the user can select individual matches for use in file editing. * Fri Jun 18 2004 Neil Horman - built the package -- /*************************************************** *Neil Horman *Software Engineer *Red Hat, Inc. *nhorman at redhat.com *gpg keyid: 1024D / 0x92A74FA1 *http://www.keyserver.net ***************************************************/ From nhorman at redhat.com Wed Jun 30 11:59:07 2004 From: nhorman at redhat.com (Neil Horman) Date: Wed, 30 Jun 2004 07:59:07 -0400 Subject: new package available: cscope for FC2 Message-ID: <40E2AB0B.9090302@redhat.com> Name : cscope Version: 15.5 Release: 0.fdr.1.2 License: BSD URL : http://cscope.sourceforge.net cscope is a mature, ncurses based, C source code tree browsing tool. It allows users to search large source code bases for variables, functions, macros, etc, as well as perform general regex and plain text searches. Results are returned in lists, from which the user can select individual matches for use in file editing. * Fri Jun 18 2004 Neil Horman - built the package -- /*************************************************** *Neil Horman *Software Engineer *Red Hat, Inc. *nhorman at redhat.com *gpg keyid: 1024D / 0x92A74FA1 *http://www.keyserver.net ***************************************************/ From nhorman at redhat.com Wed Jun 30 18:02:34 2004 From: nhorman at redhat.com (Neil Horman) Date: Wed, 30 Jun 2004 14:02:34 -0400 Subject: cscope announcement In-Reply-To: <1088616940.1639.192.camel@bobcat.mine.nu> References: <1088616940.1639.192.camel@bobcat.mine.nu> Message-ID: <40E3003A.9040300@redhat.com> Ville Skytt? wrote: > Hi Neil, > > I noticed you announced cscope on fedora-announce-list at redhat.com; > there's nothing wrong with that per se but the announcement should have > emphasized that the new package is in Fedora Extras, not Core. > > Extras announcements should be generally sent to > fedora-package-announce at fedora.us, see > http://www.fedora.us/wiki/PackageSubmissionQAPolicy#verify > Quite right, sorry for the misunderstanding. As Ville Mentioned, the previous announcement was part of Fedora Extras and is available there, rather than in core. Neil -- /*************************************************** *Neil Horman *Software Engineer *Red Hat, Inc. *nhorman at redhat.com *gpg keyid: 1024D / 0x92A74FA1 *http://www.keyserver.net ***************************************************/ From arjanv at redhat.com Wed Jun 30 21:57:41 2004 From: arjanv at redhat.com (Arjan van de Ven) Date: Wed, 30 Jun 2004 23:57:41 +0200 Subject: Fedora Core 2 Update: kernel-2.6.6-1.435.2.1 Message-ID: <20040630215740.GA31986@devserv.devel.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-202 2004-06-30 --------------------------------------------------------------------- Product : Fedora Core 2 Name : kernel Version : 2.6.6 Release : 1.435.2.1 Summary : The Linux kernel (the core of the Linux operating system) Description : The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. --------------------------------------------------------------------- Update Information: This security update fixes the remote DoS possibility identified and fixed by Adam Osuchowski and Tomasz Dubinski in the netfilter code of the 2.6 kernel. Note that this remote DoS can only be triggered when using the rarely used "-p tcp --tcp-option" options in the netfilter firewall subsystem. Fedora Core 2 systems are not vulnerable unless the administrator manually configured this rarely used option. For more information see http://www.securityfocus.com/archive/1/367615/2004-06-27/2004-07-03/0 --------------------------------------------------------------------- * Thu Jul 01 2004 Arjan van de Ven - add patch to fix the ipstables DoS --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 7da0393d672f991b382f7ef2138ae095 SRPMS/kernel-2.6.6-1.435.2.1.src.rpm b4ce3f92d9528c3a66ddfef9e7ec6c2a x86_64/kernel-2.6.6-1.435.2.1.x86_64.rpm eb529813525e2d69bbf2a02fe2d3e6c3 x86_64/kernel-smp-2.6.6-1.435.2.1.x86_64.rpm 08912697eed782dc25ef77d6f6f5533a x86_64/debug/kernel-debuginfo-2.6.6-1.435.2.1.x86_64.rpm a913341d990108ec18280c4807e486f5 x86_64/kernel-sourcecode-2.6.6-1.435.2.1.noarch.rpm 4be412b20965720540172c874ec941bd x86_64/kernel-doc-2.6.6-1.435.2.1.noarch.rpm aabf6baa884e7030fba4732dd9fffa0c i386/kernel-2.6.6-1.435.2.1.i586.rpm 2fec496992d7b14da8cbe884b4b67236 i386/kernel-smp-2.6.6-1.435.2.1.i586.rpm f8f4e2e53f88934bcad82d9a3459b773 i386/debug/kernel-debuginfo-2.6.6-1.435.2.1.i586.rpm b001aaab73f1cebbbda9ead164a68a1d i386/kernel-2.6.6-1.435.2.1.i686.rpm f77451335cc000a2e0268028d188ca61 i386/kernel-smp-2.6.6-1.435.2.1.i686.rpm ab8370ea8f03e3bbe3381001dd552c80 i386/debug/kernel-debuginfo-2.6.6-1.435.2.1.i686.rpm a913341d990108ec18280c4807e486f5 i386/kernel-sourcecode-2.6.6-1.435.2.1.noarch.rpm 4be412b20965720540172c874ec941bd i386/kernel-doc-2.6.6-1.435.2.1.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: