From jakub at redhat.com Tue May 4 17:44:08 2004 From: jakub at redhat.com (Jakub Jelinek) Date: Tue, 4 May 2004 13:44:08 -0400 Subject: [SECURITY] Fedora Core 1 Update: mc-4.6.0-14.10 Message-ID: <20040504174408.GY28308@devserv.devel.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-112 2004-04-30 --------------------------------------------------------------------- Name : mc Version : 4.6.0 Release : 14.10 Summary : User-friendly text console file manager and visual shell. Description : Midnight Commander is a visual shell much like a file manager, only with many more features. It is a text mode application, but it also includes mouse support if you are running GPM. Midnight Commander's best features are its ability to FTP, view tar and zip files, and to poke into RPMs for specific files. --------------------------------------------------------------------- Update Information: Several buffer overflows, several temporary file creation vulnerabilities, and one format string vulnerability have been discovered in Midnight Commander. These vulnerabilities were discovered mostly by Andrew V. Samoilov and Pavel Roskin. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0226, CAN-2004-0231, and CAN-2004-0232 to these issues. --------------------------------------------------------------------- * Fri Apr 16 2004 Jakub Jelinek 4.6.0-14.10 - don't use mmap if st_size doesn't fit into size_t - fix one missed match_normal -> match_regex - rebuilt for FC1 updates * Fri Apr 16 2004 Jakub Jelinek 4.6.0-14 - avoid buffer overflows in mcedit Replace function * Wed Apr 14 2004 Jakub Jelinek 4.6.0-13 - perl scripting fix * Wed Apr 14 2004 Jakub Jelinek 4.6.0-12 - fix a bug in complete.c introduced by last patch - export MC_TMPDIR env variable - avoid integer overflows in free diskspace % counting - put temporary files into $MC_TMPDIR tree if possible, use mktemp/mkdtemp * Mon Apr 05 2004 Jakub Jelinek 4.6.0-11 - fix a bunch of buffer overflows and memory leaks (CAN-2004-0226) - fix hardlink handling in cpio filesystem - fix handling of filenames with single/double quotes and backslashes in /usr/share/mc/extfs/rpm - update php.syntax file (#112645) - fix crash with large syntax file (#112644) - update CAN-2003-1023 fix to still make vfs symlinks relative, but with bounds checking --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ b032b48a63ae1f70296d541e470bd9df SRPMS/mc-4.6.0-14.10.src.rpm a7ccdcc1744b3ebb1c14842d5a94a437 i386/mc-4.6.0-14.10.i386.rpm b4a4085af11f8bb7da015080e9ae9301 i386/debug/mc-debuginfo-4.6.0-14.10.i386.rpm 4dbc04a7c8795eeb5098a6d8a87ed38b x86_64/mc-4.6.0-14.10.x86_64.rpm 6c3a6ec0e4a85269be2438791c7eb2e7 x86_64/debug/mc-debuginfo-4.6.0-14.10.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mclasen at redhat.com Wed May 5 19:56:08 2004 From: mclasen at redhat.com (Matthias Clasen) Date: Wed, 05 May 2004 15:56:08 -0400 Subject: [SECURITY] Fedora Core 1 Update: libpng-1.2.2-20 Message-ID: <1083786968.26668.221.camel@dhcp64-192.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-105 2004-05-05 --------------------------------------------------------------------- Name : libpng Version : 1.2.2 Release : 20 Summary : A library of functions for manipulating PNG image format files. Description : The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files. --------------------------------------------------------------------- * Mon Apr 19 2004 Matthias Clasen - fix a possible out-of-bounds read in the error message handler. #121229 * Tue Mar 02 2004 Elliot Lee - rebuilt * Fri Feb 27 2004 Mark McLoughlin 2:1.2.2-19 - rebuild with changed bits/setjmp.h on ppc * Fri Feb 13 2004 Elliot Lee - rebuilt --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 4ceffa6a0fe2b293ec48c2f1a4ca2fe6 SRPMS/libpng-1.2.2-20.src.rpm 876f87e9de276ed92b2e1425439233af i386/libpng-1.2.2-20.i386.rpm afcfe9d01bfa437e24ee4ea2fc898168 i386/libpng-devel-1.2.2-20.i386.rpm a966d3380fc2f761a49e2235b119eae2 i386/debug/libpng-debuginfo-1.2.2-20.i386.rpm 848573832baaaec56f60395c97a198ed x86_64/libpng-1.2.2-20.x86_64.rpm 9f182bc4e203c9e85fc2d216c45b638a x86_64/libpng-devel-1.2.2-20.x86_64.rpm e3f298fdf2f49bc6b239e209bd164cc2 x86_64/debug/libpng-debuginfo-1.2.2-20.x86_64.rpm 876f87e9de276ed92b2e1425439233af x86_64/libpng-1.2.2-20.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mclasen at redhat.com Wed May 5 19:58:18 2004 From: mclasen at redhat.com (Matthias Clasen) Date: Wed, 05 May 2004 15:58:18 -0400 Subject: [SECURITY] Fedora Core 1 Update: libpng10-1.0.13-11 Message-ID: <1083787098.26668.224.camel@dhcp64-192.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-106 2004-05-05 --------------------------------------------------------------------- Name : libpng10 Version : 1.0.13 Release : 11 Summary : Old version of libpng, needed to run old binaries. Description : The libpng10 package contains an old version of libpng, a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. This package is needed if you want to run binaries that were linked dynamically with libpng 1.0.x. --------------------------------------------------------------------- * Mon Apr 19 2004 Matthias Clasen - fix a possible out-of-bounds read in the error message handler. #121229 * Tue Mar 02 2004 Elliot Lee - rebuilt * Fri Feb 13 2004 Elliot Lee - rebuilt --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ a10f985ad9a99cd4ebfbed30fd83c361 SRPMS/libpng10-1.0.13-11.src.rpm 48a389fb9aac66a0bad34fd379311642 i386/libpng10-1.0.13-11.i386.rpm ecb1bc91aec1be82144f2cba036d42d2 i386/libpng10-devel-1.0.13-11.i386.rpm be3edda751a580a3469f2caec5a76495 i386/debug/libpng10-debuginfo-1.0.13-11.i386.rpm e903238f62400930b2ea7539dd3d1e3b x86_64/libpng10-1.0.13-11.x86_64.rpm cbf293eb799ec3a0f407c06f53c58319 x86_64/libpng10-devel-1.0.13-11.x86_64.rpm f0e2875e7ecedf39a9430dd80e2b19c1 x86_64/debug/libpng10-debuginfo-1.0.13-11.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From byte at aeon.com.my Thu May 6 19:33:59 2004 From: byte at aeon.com.my (Colin Charles) Date: Fri, 07 May 2004 05:33:59 +1000 Subject: Fedora News Updates #11 Message-ID: <1083872039.14139.112.camel@albus.aeon.com.my> Another issue of the Fedora News Updates has been released and is available at: http://fedoranews.org/colin/fnu/issue11.shtml The current issue is always linked to http://fedoranews.org/colin/fnu/current.shtml In this issue, we cover special features: statements from the Fedora Project Leader, Cristian Gafton, as well as the Fedora Legacy Project Lead, Jesse Keating. Fedora Core 2 Test 3 has been released, notes for it accompany, along with tips on getting dual-head video as well as webcams that work well with Fedora. There are plenty more updates, with regards to documents, new scripts, and ideas to tame the lists. -- Colin Charles, byte at aeon.com.my http://www.bytebot.net/ From pknirsch at redhat.com Tue May 11 11:55:42 2004 From: pknirsch at redhat.com (Phil Knirsch) Date: Tue, 11 May 2004 13:55:42 +0200 Subject: [SECURITY] Fedora Update Notification: iproute-2.4.7-13.2 Message-ID: <40A0BF3E.6020603@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-115 2004-05-11 --------------------------------------------------------------------- Name : iproute Version : 2.4.7 Release : 13.2 Summary : Advanced IP routing and network device configuration tools. Description : The iproute package contains networking utilities (ip and rtmon, for example) which are designed to use the advanced networking capabilities of the Linux 2.4.x and 2.6.x kernel. --------------------------------------------------------------------- This update of the iproute package fixes a security problem found in netlink. See CAN-2003-0856. All users of the netlink application are very strongly advised to update to these latest packages. * Thu May 06 2004 Phil Knirsch 2.4.7-13.2 - Built security errata version for FC1. * Wed Apr 21 2004 Phil Knirsch 2.4.7-14 - Fixed -f option for ss (#118355). - Small description fix (#110997). - Added initialization of some vars (#74961). - Added patch to initialize "default" rule as well (#60693). * Fri Feb 13 2004 Elliot Lee - rebuilt * Wed Nov 05 2003 Phil Knirsch 2.4.7-12 - Security errata for netlink (CAN-2003-0856). --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 742a66f04b4bb5f4e814908bd33fbdde SRPMS/iproute-2.4.7-13.2.src.rpm ece1fcf398e9e7b234584e942c08d6e1 i386/iproute-2.4.7-13.2.i386.rpm 842d74b8f79ebfe414a1ee1ca5f7ecc7 i386/debug/iproute-debuginfo-2.4.7-13.2.i386.rpm 738a0454d2d4f390d11fa484768dc7ce x86_64/iproute-2.4.7-13.2.x86_64.rpm 2a4e1ee78d017c593588ec0172159295 x86_64/debug/iproute-debuginfo-2.4.7-13.2.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- Philipp Knirsch | Tel.: +49-711-96437-470 Development | Fax.: +49-711-96437-111 Red Hat GmbH | Email: Phil Knirsch Hauptstaetterstr. 58 | Web: http://www.redhat.de/ D-70178 Stuttgart Motd: You're only jealous cos the little penguins are talking to me. From than at redhat.com Tue May 11 15:05:40 2004 From: than at redhat.com (Than Ngo) Date: Tue, 11 May 2004 17:05:40 +0200 Subject: [SECURITY] Fedora Core 1 Update: lha-1.14i-12.1 Message-ID: <40A0EBC4.6090105@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-119 2004-05-11 --------------------------------------------------------------------- Name : lha Version : 1.14i Release : 12.1 Summary : An archiving and compression utility for LHarc format archives. Description : LHA is an archiving and compression utility for LHarc format archives. LHA is mostly used in the DOS world, but can be used under Linux to extract DOS files from LHA archives. Install the lha package if you need to extract DOS files from LHA archives. --------------------------------------------------------------------- Update Information: Ulf H?rnhammar discovered two stack buffer overflows and two directory traversal flaws in LHA. An attacker could exploit the buffer overflows by creating a carefully crafted LHA archive in such a way that arbitrary code would be executed when the archive is tested or extracted by a victim. CAN-2004-0234. An attacker could exploit the directory traversal issues to create files as the victim outside of the expected directory. CAN-2004-0235. --------------------------------------------------------------------- * Wed May 05 2004 Than Ngo 1.14i-12.1 - fix security vulnerabilities, CAN-2004-0234, CAN-2004-0235 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 298cc75d90f489e4b71432bfb349162b SRPMS/lha-1.14i-12.1.src.rpm 57238f4d4ec1779fb54c8e36433f9351 i386/lha-1.14i-12.1.i386.rpm 242bf89b6fdc64405e4d9d33a1720934 i386/debug/lha-debuginfo-1.14i-12.1.i386.rpm 2aac21d1d3cc6b1c70d71e275c8f477c x86_64/lha-1.14i-12.1.x86_64.rpm f00e196233a73f4093856ecd29b921d4 x86_64/debug/lha-debuginfo-1.14i-12.1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mjc at redhat.com Fri May 14 08:14:30 2004 From: mjc at redhat.com (Mark J Cox) Date: Fri, 14 May 2004 09:14:30 +0100 (BST) Subject: [SECURITY] Fedora Core 1 Update: mailman-2.1.4-1 Message-ID: --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-060 2004-02-26 --------------------------------------------------------------------- Name : mailman Version : 2.1.4 Release : 1 Summary : Mailing list manager with built in Web access. Description : Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing list a webpage, and allows users to subscribe, unsubscribe, etc. over the Web. Even the list manager can administer his or her list entirely from the Web. Mailman also integrates most things people want to do with mailing lists, including archiving, mail <-> news gateways, and so on. Documentation can be found in: /usr/share/doc/mailman-2.1.4 When the package has finished installing, you will need to perform some additional installation steps, these are described in: /usr/share/doc/mailman-2.1.4/INSTALL.REDHAT --------------------------------------------------------------------- Update Information: A cross-site scripting (XSS) vulnerability exists in the admin CGI script for Mailman before 2.1.4. This update moves Mailman to version 2.1.4 which is not vulnerable to this issue. Updated packages were made available in February 2004 however the original update notification email did not make it to fedora-announce-list at that time. --------------------------------------------------------------------- * Fri Jan 09 2004 John Dennis 3:2.1.4-1 - upgrade to new upstream release 2.1.4 - fixes bugs 106349,112851,105367,91463 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 4b8e7161d1a2bb7f912efd294775b887 SRPMS/mailman-2.1.4-1.src.rpm 6e387ba96c1d651a55b329b0ab678824 i386/mailman-2.1.4-1.i386.rpm 60c4f5f77c01e8521c8079f00fadf1e8 i386/debug/mailman-debuginfo-2.1.4-1.i386.rpm c823903d2b33ce9ff794f5ba3c9d514d x86_64/mailman-2.1.4-1.x86_64.rpm 15a0c4d8f8069395602a40ee121eff0a x86_64/debug/mailman-debuginfo-2.1.4-1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mjc at redhat.com Fri May 14 08:15:13 2004 From: mjc at redhat.com (Mark J Cox) Date: Fri, 14 May 2004 09:15:13 +0100 (BST) Subject: [SECURITY] Fedora Core 1 Update: neon-0.24.5-1 Message-ID: --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-103 2004-04-14 --------------------------------------------------------------------- Name : neon Version : 0.24.5 Release : 1 Summary : An HTTP and WebDAV client library Description : neon is an HTTP and WebDAV client library, with a C interface; providing a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete SSL support. --------------------------------------------------------------------- Update Information: Multiple format string vulnerabilities in neon 0.24.4 and earlier allow remote malicious WebDAV servers to execute arbitrary code. Updated packages were made available in April 2004 however the original update notification email did not make it to fedora-announce-list at that time. --------------------------------------------------------------------- * Wed Apr 14 2004 Joe Orton 0.24.5-1 - update to 0.24.5 for CAN 2004-0179 fix * Thu Mar 25 2004 Joe Orton 0.24.4-4 - implement the Negotate auth scheme, and only over SSL * Tue Mar 02 2004 Elliot Lee - rebuilt * Wed Feb 25 2004 Joe Orton 0.24.4-3 - use BuildRequires not BuildPrereq, drop autoconf, libtool; -devel requires {openssl,zlib}-devel (#116744) * Fri Feb 13 2004 Elliot Lee 0.24.4-2 - rebuilt * Mon Feb 09 2004 Joe Orton 0.24.4-1 - update to 0.24.4 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ f34a346e0d945707e888874699ed958a SRPMS/neon-0.24.5-1.src.rpm 4c3c9a53a1916566c3822e5ac9eed67d i386/neon-0.24.5-1.i386.rpm c00098bf0548dcf7e3f8ad1db90c78e8 i386/neon-devel-0.24.5-1.i386.rpm c6faddb460bff55de5571630324f5381 i386/debug/neon-debuginfo-0.24.5-1.i386.rpm e192a575ff1184e7ba35326a0ba84b5c x86_64/neon-0.24.5-1.x86_64.rpm 50d3157693574508440893e5dcf48ac3 x86_64/neon-devel-0.24.5-1.x86_64.rpm eb12e5f3ed12849c26b949ce7c3c5aa0 x86_64/debug/neon-debuginfo-0.24.5-1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mjc at redhat.com Fri May 14 08:16:46 2004 From: mjc at redhat.com (Mark J Cox) Date: Fri, 14 May 2004 09:16:46 +0100 (BST) Subject: [SECURITY] Fedora Core 1 Update: cvs-1.11.15-1 Message-ID: --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-110 2004-04-22 --------------------------------------------------------------------- Name : cvs Version : 1.11.15 Release : 1 Summary : A version control system. Description : CVS (Concurrent Version System) is a version control system that can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. --------------------------------------------------------------------- Update Information: The client for CVS before 1.11.15 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates. Updated packages were made available in April 2004 however the original update notification email did not make it to fedora-announce-list at that time. --------------------------------------------------------------------- * Wed Apr 21 2004 Nalin Dahyabhai 1.11.15-1 - update to 1.11.15, fixing CAN-2004-0180 (#120969) * Tue Mar 23 2004 Nalin Dahyabhai 1.11.14-1 - update to 1.11.14 * Fri Feb 13 2004 Elliot Lee - rebuilt * Wed Jan 07 2004 Nalin Dahyabhai 1.11.11-1 - turn kserver, which people shouldn't use any more, back on * Tue Dec 30 2003 Nalin Dahyabhai - update to 1.11.11 * Thu Dec 18 2003 Nalin Dahyabhai 1.11.10-1 - update to 1.11.10 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ a4f1dea17be76c29ad0bdeff09a80bba SRPMS/cvs-1.11.15-1.src.rpm a356c7be00016bd9594462eb7e8041dc i386/cvs-1.11.15-1.i386.rpm 4d9ce4478aa261890870c5eca81320bf i386/debug/cvs-debuginfo-1.11.15-1.i386.rpm dc36b21f10740253a6927f815c8a28ff x86_64/cvs-1.11.15-1.x86_64.rpm f2601fe6b89fb6ff9136e46e02b8880b x86_64/debug/cvs-debuginfo-1.11.15-1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From than at redhat.com Mon May 17 16:24:02 2004 From: than at redhat.com (Than Ngo) Date: Mon, 17 May 2004 18:24:02 +0200 Subject: [SECURITY] Fedora Core 1 Update: kdelibs-3.1.4-5 Message-ID: <40A8E722.3090607@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-121 2004-05-17 --------------------------------------------------------------------- Name : kdelibs Version : 3.1.4 Release : 5 Summary : K Desktop Environment - Libraries Description : Libraries for the K Desktop Environment: KDE Libraries included: kdecore (KDE core library), kdeui (user interface), kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking), kspell (spelling checker), jscript (javascript), kab (addressbook), kimgio (image manipulation). --------------------------------------------------------------------- Update Information: iDEFENSE identified a vulnerability in the Opera Web Browser that could allow remote attackers to create or truncate arbitrary files. The KDE team has found that a similar vulnerability exists in KDE. A flaw in the telnet URL handler can allow options to be passed to the telnet program which can be used to allow file creation or overwriting. An attacker could create a carefully crafted link such that when opened by a victim it creates or overwrites a file in the victims home directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0411 to this issue. --------------------------------------------------------------------- * Sun May 16 2004 Than Ngo 6:3.1.4-5 - KDE Telnet URI Handler File Vulnerability, vulnerability in the mailto handler, CAN-2004-0411 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 17ef612d8376994d49d775e65f7cf3e2 SRPMS/kdelibs-3.1.4-5.src.rpm 67043b7db880bd1c5a6f6a860e357c3f i386/kdelibs-3.1.4-5.i386.rpm 4d7004becf7fb55a35530c49e77c36b7 i386/kdelibs-devel-3.1.4-5.i386.rpm d2ecc5a35193a30df1fa70bb382bc708 i386/debug/kdelibs-debuginfo-3.1.4-5.i386.rpm 7b91158e81b7291826d5ba614179d706 x86_64/kdelibs-3.1.4-5.x86_64.rpm 6a213815b2584be92ec32da05a985cba x86_64/kdelibs-devel-3.1.4-5.x86_64.rpm b136d3d183e72666f6f56e6a507c10f3 x86_64/debug/kdelibs-debuginfo-3.1.4-5.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From sopwith at redhat.com Tue May 18 14:04:08 2004 From: sopwith at redhat.com (Elliot Lee) Date: Tue, 18 May 2004 10:04:08 -0400 (EDT) Subject: Presenting FEDORA CORE 2 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Presenting FEDORA CORE 2 STARRING .............. Linux 2.6 GNOME 2.6 & KDE 3.2.2 Xorg 6.7.0 WITH APPEARANCES BY ... SELinux IIIMF and the CJK gang Xfce 4 subversion 1.0 And hundreds of other updated and new packages MUSIC DECOMPOSED BY ... Homey G of Redmond BARTENDER ............. The Man from Tettnang EXECUTIVE PRODUCER .... The Open Source Community DIRECTOR .............. Red Hat Including musical numbers such as "Who Let Fedora Out?" by the Slashdot Men, "The Download Goes On" by Celeron Dion, and "The Hacker in Me" by Shania Sane. "It's a singing, dancing extravaganza!" says the Rawhide Daily News. "The new DVD iso image brings tears to my eyes!" gushes Eugenius. "Two penguin flippers up!" votes the Tux Dispatch. "My mortgage rate was cut in half after I replied to spam using Fedora Core 2!" raves Bo Battipaglia. "The combination of better hardware support, a new kernel, and desktop improvements provides a more powerful and productive user experience." mutters someone with a grounding in reality. Fedora Core 2. "They can take away our hard drives, but they'll never take away our freedom!" Opening May 18 on 32-bit x86 and 64-bit x86_64 computers worldwide. Contact your local Fedora mirror for details, or visit http://fedora.redhat.com/ ... The Fedora Project would like to thank the thousands of community members whose testing and contributions have raised the bar of quality and made this release possible. What is the Fedora Project? The Fedora Project is a Red Hat-sponsored and community-supported open source project that promotes rapid development of innovative open source software through a collaborative, community effort. Fedora Core 2 provides a complete Linux platform built exclusively from open source software. Available at no cost, the release serves the needs of community developers, testers, and other technology enthusiasts who wish to participate in and accelerate the technology development process. As a community forum for advanced development, the Fedora Project provides early visibility to the latest open source technology and serves as a proving ground for technology that may eventually make its way into Red Hat's fully-supported commercial solutions such as Red Hat Enterprise Linux. Red Hat contributes development resources, editorial direction and management to the Fedora Project. How Can I Get Fedora Core 2? Fedora Core 2 x86 or x86-64 Downloads are available from: http://fedora.redhat.com/download/ or from the network of mirrors in the Fedora Project distribution system. Users may prefer to download Fedora Core via BitTorrent, or via older file retrieval protocols such as HTTP, FTP, or RSYNC. BitTorrent typically provides faster download speeds than HTTP, FTP, or RSYNC. BitTorrent RPMS for Red Hat Linux and Fedora Core are available with detailed instructions at http://torrent.linux.duke.edu/ THE BEST WAY - BITTORRENT: http://torrent.linux.duke.edu/ HTTP/FTP/RSYNC MIRRORS: (courtesy of Matthias Saou) NORTH AMERICA ftp://mirror.clarkson.edu/pub/distributions/fedora/linux/core/2/ http://mirror.clarkson.edu/pub/distributions/fedora/linux/core/2/ ftp://ftp.webtrek.com/pub/mirrors/fedora/2/ ftp://mirror.stanford.edu/pub/mirrors/fedora/linux/core/2/ ftp://ftp.gtlib.cc.gatech.edu/pub/fedora.redhat/linux/core/2/ http://ftp.gtlib.cc.gatech.edu/pub/fedora.redhat/linux/core/2/ rsync://rsync.gtlib.cc.gatech.edu/fedora-linux-core/2/ ftp://mirror.hiwaay.net/redhat/fedora/linux/core/2/ http://mirror.hiwaay.net/redhat/fedora/linux/core/2/ rsync://mirror.hiwaay.net/fedora-linux-core/2/ ftp://mirror.cs.princeton.edu/pub/mirrors/fedora/linux/core/2/ ftp://mirror.cs.wisc.edu/pub/mirrors/linux/download.fedora.redhat.com/pub/fedora/linux/core/2/ http://mirror.cs.wisc.edu/pub/mirrors/linux/download.fedora.redhat.com/pub/fedora/linux/core/2/ rsync://mirror.cs.wisc.edu/pub/mirrors/linux/download.fedora.redhat.com/pub/fedora/linux/core/2/ ftp://fedora.mirrors.tds.net/pub/fedora-core/2/ http://fedora.mirrors.tds.net/pub/fedora-core/2/ rsync://fedora.mirrors.tds.net/fedora-core/2/ ftp://mirror2.mirrors.tds.net/pub/fedora-core/2/ http://mirror2.mirrors.tds.net/pub/fedora-core/2/ rsync://mirror2.mirrors.tds.net/fedora-core/2/ ftp://less.cogeco.net/pub/fedora/linux/core/2/ ftp://limestone.uoregon.edu/fedora/2/ http://limestone.uoregon.edu/ftp/fedora/2/ rsync://limestone.uoregon.edu/ftp/fedora/2/ ftp://ftp.cse.buffalo.edu/pub/fedora/linux/core/2/ ftp://ftp.linux.ncsu.edu/pub/fedora/linux/core/2/ ftp://mirrors.secsup.org/pub/linux/redhat/fedora/core/2/ http://redhat.secsup.org/fedora/core/2/ ftp://ftp.nrc.ca/pub/systems/linux/redhat/fedora/linux/core/2/ ftp://mirror.netglobalis.net/pub/fedora/core/2/ ftp://mirrors.kernel.org/fedora/core/2/ http://mirrors.kernel.org/fedora/core/2/ rsync://mirrors.kernel.org/fedora/core/2/ ftp://mirror.eas.muohio.edu/mirrors/fedora/linux/core/2/ http://mirror.eas.muohio.edu/fedora/linux/core/2/ rsync://mirror.eas.muohio.edu/fedora/linux/core/2/ ftp://ftp.muug.mb.ca/pub/fedora/linux/core/2/ http://www.muug.mb.ca/pub/fedora/linux/core/2/ rsync://rsync.muug.mb.ca/fedora-linux-core/2/ ftp://ftp.net.usf.edu/pub/fedora/linux/core/2/ ftp://ftp.ussg.iu.edu/linux/fedora/linux/core/2/ ftp://mirror.cpsc.ucalgary.ca/mirror/fedora/linux/core/2/ http://mirror.cpsc.ucalgary.ca/mirror/fedora/linux/core/2/ rsync://mirror.cpsc.ucalgary.ca/fedora/linux/core/2/ ftp://ftp.dc.aleron.net/pub/linux/fedora/linux/core/2/ http://ftp.dc.aleron.net/linux/fedora/linux/core/2/ rsync://ftp.dc.aleron.net/fedora-linux-core/2/ ftp://mirror.web-ster.com/fedora/2/ ftp://mirrors.hpcf.upr.edu/pub/Mirrors/redhat/download.fedora.redhat.com/2/ ftp://mirror.atlantic.net/pub/fedora/core/2/ EUROPE ftp://ftp.heanet.ie/pub/fedora/linux/core/2/ http://ftp.heanet.ie/pub/fedora/linux/core/2/ rsync://ftp.heanet.ie/pub/fedora/linux/core/2/ ftp://alviss.et.tudelft.nl/pub/fedora/core/2/ ftp://mirror.switch.ch/mirror/fedora/linux/core/2/ ftp://ftp.tu-chemnitz.de/pub/linux/fedora-core/2/ http://wftp.tu-chemnitz.de/pub/linux/fedora-core/2/ ftp://ftp.fi.muni.cz/pub/linux/fedora-core/2/ ftp://ftp6.linux.cz/pub/linux/fedora-core/2/ rsync://ftp.fi.muni.cz/pub/linux/fedora-core/2/ ftp://sunsite.mff.cuni.cz/pub/fedora/2/ http://sunsite.mff.cuni.cz/pub/fedora/2/ rsync://sunsite.mff.cuni.cz/fedora/fedora/2/ ftp://ultra.linux.cz/pub/fedora/2/ ftp://sunsite.icm.edu.pl/pub/Linux/fedora/linux/core/2/ http://sunsite.icm.edu.pl/pub/Linux/fedora/linux/core/2/ rsync://sunsite.icm.edu.pl/fedora/linux/core/2/ ftp://sunsite.informatik.rwth-aachen.de/pub/linux/fedora-core/2/ ftp://ftp.chl.chalmers.se/pub/fedora/linux/core/2/ ftp://ftp.informatik.uni-frankfurt.de/pub/linux/Mirror/ftp.redhat.com/fedora/core/2/ ftp://ftp.otenet.gr/pub/linux/fedora/linux/core/2/ ftp://fr2.rpmfind.net/linux/fedora/core/2/ http://fr2.rpmfind.net/linux/fedora/core/2/ rsync://fr2.rpmfind.net/linux/fedora/core/2/ ftp://ftp.funet.fi/pub/mirrors/ftp.redhat.com/pub/fedora/linux/core/2/ http://ftp.funet.fi/pub/mirrors/ftp.redhat.com/pub/fedora/linux/core/2/ ftp://ftp.ipv6.funet.fi/pub/mirrors/ftp.redhat.com/pub/fedora/linux/core/2/ http://ftp.ipv6.funet.fi/pub/mirrors/ftp.redhat.com/pub/fedora/linux/core/2/ ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/fedora.redhat.com/linux/core/2/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/fedora.redhat.com/linux/core/2/ ftp://redhat.linux.ee/pub/fedora/linux/core/2/ http://edhat.linux.ee/pub/fedora/linux/core/2/ ftp://ftp.lug.ro/fedora/linux/core/2/ http://ftp.lug.ro/fedora/linux/core/2/ ftp://klid.dk/pub/fedora/linux/core/2/ ftp://tux.cprm.net/pub/ftp.redhat.com/fedora/linux/core/2/ http://tux.cprm.net/pub/ftp.redhat.com/fedora/linux/core/2/ ftp://ftp.stw-bonn.de/pub/mirror/fedora/linux/core/2/ ftp://ftp.udl.es/pub/fedora/linux/core/2/ http://ftp.udl.es/pub/fedora/linux/core/2/ rsync://ftp.udl.es/fedora-linux-core/2/ ftp://ftp.quicknet.nl/pub/Linux/download.fedora.redhat.com/2/ ftp://ftp.uninett.no/pub/linux/Fedora/core/2/ rsync://ftp.uninett.no/fedora-linux-core/2/ ftp://gd.tuwien.ac.at/opsys/linux/fedora/core/2/ http://gd.tuwien.ac.at/opsys/linux/fedora/core/2/ rsync://gd.tuwien.ac.at/opsys/linux/fedora/core/2/ ftp://ftp.wsisiz.edu.pl/pub/linux/fedora/linux/core/2/ ftp://ftp.rdsor.ro/pub/Linux/Distributions/Fedora/Fedora 2/ ftp://ftp.nluug.nl/pub/os/Linux/distr/fedora/2/ http://ftp.nluug.nl/ftp/pub/os/Linux/distr/fedora/2/ rsync://ftp.nluug.nl/fedora/2/ ftp://zeniiia.linux.org.uk/pub/distributions/fedora/linux/core/2/ http://zeniiia.linux.org.uk/pub/distributions/fedora/linux/core/2/ rsync://zeniiia.linux.org.uk/fedora-linux-core/2/ ftp://zeniiib.linux.org.uk/pub/distributions/fedora/linux/core/2/ http://zeniiib.linux.org.uk/pub/distributions/fedora/linux/core/2/ rsync://zeniiib.linux.org.uk/fedora-linux-core/2/ ftp://ftp.nx.ro/fedora-core/2/ ftp://ftp.eu.uu.net/pub/linux/fedora/2/ ftp://ftp.crihan.fr/mirrors/fedora.redhat.com/fedora/linux/core/2/ http://ftp.crihan.fr/mirrors/fedora.redhat.com/fedora/linux/core/2/ rsync://ftp.crihan.fr/fedora-linux-core/2/ ftp://ftp.rhd.ru/pub/fedora/linux/core/2/ http://ftp.rhd.ru/pub/fedora/linux/core/2/ ftp://ftp.join.uni-muenster.de/pub/linux/distributions/fedora/linux/core/2/ rsync://ftp.join.uni-muenster.de/fedora-linux-core/2/ ftp://ftp.iasi.roedu.net/pub/mirrors/fedora.redhat.com/core/2/ http://ftp.iasi.roedu.net/mirrors/fedora.redhat.com/core/2/ rsync://ftp.iasi.roedu.net/fedora-core/core/2/ ftp://ftp.rediris.es/mirror/fedora.redhat/2/ http://sunsite.rediris.es/mirror/fedora.redhat/2/ ftp://ftp.g-int.net/pub/fedora/linux/core/2/ http://ftp.g-int.net/pub/fedora/linux/core/2/ http://download.atrpms.net/mirrors/fedoracore/2/ ftp://ftp.fi.udc.es/pub/linux/fedora/linux/core/2/ http://ftp.fi.udc.es/pub/linux/fedora/linux/core/2/ SOUTH AMERICA ftp://ftp.tecnoera.com/pub/fedora/linux/core/2/ http://ftp.tecnoera.com/pub/fedora/linux/core/2/ rsync://ftp.tecnoera.com/pub/fedora/linux/core/2/ ASIA-PACIFIC ftp://ftp.planetmirror.com/pub/fedora/linux/core/2/ http://planetmirror.com/pub/fedora/linux/core/2/ rsync://rsync.planetmirror.com/fedora/linux/core/2/ ftp://ftp.wicks.co.nz/pub/linux/dist/fedora/2/ ftp://ftp.kddilabs.jp/Linux/packages/fedora/core/2/ http://ftp.kddilabs.jp/Linux/packages/fedora/core/2/ rsync://ftp.kddilabs.jp/fedora/core/2/ ftp://ftp.isu.edu.tw/pub/Linux/Fedora/linux/core/2/ http://ftp.isu.edu.tw/pub/Linux/Fedora/linux/core/2/ ftp://download.stmc.edu.hk/fedora/linux/core/2/ http://download.stmc.edu.hk/fedora/linux/core/2/ ftp://ftp.sfc.wide.ad.jp/pub/Linux/Fedora/2/ rsync://ftp.sfc.wide.ad.jp/fedora/2/ ftp://ftp.oss.eznetsols.org/linux/fedora/2/ rsync://rsync.oss.eznetsols.org/ftp/linux/fedora/2/ ftp://videl.ics.hawaii.edu/mirrors/fedora/linux/core/2/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAqhQHtEJp0E8qb9IRArpXAJ9fKQIlPxr5v46DA7ouVhWIwIgbIgCeI282 e+1EYYXCfBXUYyAquLjdISI= =ErE6 -----END PGP SIGNATURE----- From harald at redhat.com Wed May 19 10:45:13 2004 From: harald at redhat.com (Harald Hoyer) Date: Wed, 19 May 2004 12:45:13 +0200 Subject: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.2 Message-ID: <40AB3AB9.9030403@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-120 2004-05-13 --------------------------------------------------------------------- Name : tcpdump Version : 3.7.2 Release : 8.fc1.2 Summary : A network traffic monitoring tool. Description : Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. --------------------------------------------------------------------- Update Information: Tcpdump is a command-line tool for monitoring network traffic. Tcpdump v3.8.1 and earlier versions contained multiple flaws in the packet display functions for the ISAKMP protocol. Upon receiving specially crafted ISAKMP packets, TCPDUMP would try to read beyond the end of the packet capture buffer and subsequently crash. Users of tcpdump are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues. --------------------------------------------------------------------- * Wed May 12 2004 Harald Hoyer - 14:3.7.2-8.fc1.2 - CAN-2004-0183/0184 fixed --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ c11dc7a9af4766ca018405339f6e8b0d SRPMS/tcpdump-3.7.2-8.fc1.2.src.rpm f7de913568498b8b38788d2fc673162e i386/tcpdump-3.7.2-8.fc1.2.i386.rpm 13f09fefc188bfa47b0dc993eadabcd7 i386/libpcap-0.7.2-8.fc1.2.i386.rpm 5bdc0b8f388497e475b7091b5175c6c6 i386/arpwatch-2.1a11-8.fc1.2.i386.rpm 2545161afba66a197a54233349bc0285 x86_64/tcpdump-3.7.2-8.fc1.2.x86_64.rpm 343dea7f180e95f86b436fc42ce34c21 x86_64/libpcap-0.7.2-8.fc1.2.x86_64.rpm 1e50e97307551fabb2aba8f8c4cf635d x86_64/arpwatch-2.1a11-8.fc1.2.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From than at redhat.com Wed May 19 11:04:28 2004 From: than at redhat.com (Than Ngo) Date: Wed, 19 May 2004 13:04:28 +0200 Subject: [SECURITY] Fedora Core 2 Update: kdelibs-3.2.2-6 Message-ID: <40AB3F3C.6010309@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-122 2004-05-19 --------------------------------------------------------------------- Name : kdelibs Version : 3.2.2 Release : 6 Summary : K Desktop Environment - Libraries Description : Libraries for the K Desktop Environment: KDE Libraries included: kdecore (KDE core library), kdeui (user interface), kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking), kspell (spelling checker), jscript (javascript), kab (addressbook), kimgio (image manipulation). --------------------------------------------------------------------- Update Information: iDEFENSE identified a vulnerability in the Opera Web Browser that could allow remote attackers to create or truncate arbitrary files. The KDE team has found that a similar vulnerability exists in KDE. A flaw in the telnet URL handler can allow options to be passed to the telnet program which can be used to allow file creation or overwriting. An attacker could create a carefully crafted link such that when opened by a victim it creates or overwrites a file in the victims home directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0411 to this issue. --------------------------------------------------------------------- * Sun May 16 2004 Than Ngo 6:3.2.2-6 - vulnerability in the mailto handler, CAN-2004-0411 * Fri May 14 2004 Than Ngo 3.2.2-5 - KDE Telnet URI Handler File Vulnerability , CAN-2004-0411 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ b271936a42f0370877996f52b25d7304 SRPMS/kdelibs-3.2.2-6.src.rpm 1f002c97bebde36e11f8ebaa8dd49ceb i386/kdelibs-3.2.2-6.i386.rpm fcdb0589544dbc9d878dd99c890429a8 i386/kdelibs-devel-3.2.2-6.i386.rpm 853897fa6815cc47ae2bf92c3352847b i386/debug/kdelibs-debuginfo-3.2.2-6.i386.rpm b2174cd0c744138b24364cccfbf50847 x86_64/kdelibs-3.2.2-6.x86_64.rpm 795aa24e391b667a5b2fb79cb8d4230f x86_64/kdelibs-devel-3.2.2-6.x86_64.rpm e95f633ef222198d8cbb8be067773fae x86_64/debug/kdelibs-debuginfo-3.2.2-6.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From nalin at redhat.com Wed May 19 15:44:40 2004 From: nalin at redhat.com (Nalin Dahyabhai) Date: Wed, 19 May 2004 11:44:40 -0400 Subject: [SECURITY] Fedora Core 1 Update: cvs-1.11.15-5 Message-ID: <20040519154439.GJ26797@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-126 2004-05-19 --------------------------------------------------------------------- Product : Fedora Core 1 Name : cvs Version : 1.11.15 Release : 5 Summary : A version control system. Description : CVS (Concurrent Version System) is a version control system that can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. --------------------------------------------------------------------- Update Information: Stefan Esser discovered a flaw in cvs where malformed "Entry" lines could cause a heap overflow. An attacker who has access to a CVS server could use this flaw to execute arbitrary code under the UID which the CVS server is executing. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0396 to this issue. This update includes a patch by Derek Price, based on a patch by Stefan Esser, which corrects this flaw. --------------------------------------------------------------------- * Thu May 13 2004 Nalin Dahyabhai 1.11.15-5 - use revised version of Stefan Esser's patch provided by Derek Robert Price * Mon May 03 2004 Nalin Dahyabhai 1.11.15-4 - rebuild * Mon May 03 2004 Nalin Dahyabhai 1.11.15-3 - add patch from Stefan Esser to close CAN-2004-0396 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 6de72febc153af0e5e8b1670372c767e SRPMS/cvs-1.11.15-5.src.rpm 0e70cb1a6940f6b2b7b71b64ada84e0a i386/cvs-1.11.15-5.i386.rpm e7bb5244e9e067b6cc22b2f408ada206 i386/debug/cvs-debuginfo-1.11.15-5.i386.rpm 6dc5672173170e2a3b1a89a8f928364e x86_64/cvs-1.11.15-5.x86_64.rpm e9ae30cfbc082e6e7f1a0ad8e0d0a37f x86_64/debug/cvs-debuginfo-1.11.15-5.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From nalin at redhat.com Wed May 19 15:45:13 2004 From: nalin at redhat.com (Nalin Dahyabhai) Date: Wed, 19 May 2004 11:45:13 -0400 Subject: [SECURITY] Fedora Core 2 Update: cvs-1.11.15-6 Message-ID: <20040519154513.GK26797@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-131 2004-05-19 --------------------------------------------------------------------- Product : Fedora Core 2 Name : cvs Version : 1.11.15 Release : 6 Summary : A version control system. Description : CVS (Concurrent Version System) is a version control system that can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred. CVS is very helpful for managing releases and controlling the concurrent editing of source files among multiple authors. Instead of providing version control for a collection of files in a single directory, CVS provides version control for a hierarchical collection of directories consisting of revision controlled files. These directories and files can then be combined together to form a software release. --------------------------------------------------------------------- Update Information: Stefan Esser discovered a flaw in cvs where malformed "Entry" lines could cause a heap overflow. An attacker who has access to a CVS server could use this flaw to execute arbitrary code under the UID which the CVS server is executing. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0396 to this issue. This update includes a patch by Derek Price, based on a patch by Stefan Esser, which corrects this flaw. --------------------------------------------------------------------- * Tue May 18 2004 Nalin Dahyabhai 1.11.15-6 - rebuild * Thu May 13 2004 Nalin Dahyabhai 1.11.15-5 - use revised version of Stefan Esser's patch provided by Derek Robert Price * Mon May 03 2004 Nalin Dahyabhai 1.11.15-4 - rebuild * Mon May 03 2004 Nalin Dahyabhai 1.11.15-3 - add patch from Stefan Esser to close CAN-2004-0396 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ e4e908430953b43fcd8543b4cf3ba123 SRPMS/cvs-1.11.15-6.src.rpm a05f5a97fa3e6b9a51eba6f418b51092 i386/cvs-1.11.15-6.i386.rpm 8484fea6acfc241e351a16ad9199db47 i386/debug/cvs-debuginfo-1.11.15-6.i386.rpm 727d6b8fa0bd49ef2c9bbe4cf3205250 x86_64/cvs-1.11.15-6.x86_64.rpm b7ad37eee7739318c78985d2b598f878 x86_64/debug/cvs-debuginfo-1.11.15-6.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From jorton at redhat.com Wed May 19 16:06:31 2004 From: jorton at redhat.com (Joe Orton) Date: Wed, 19 May 2004 17:06:31 +0100 Subject: [SECURITY] Fedora Core 1 Update: neon-0.24.5-2.1 Message-ID: <20040519160631.GA24850@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-129 2004-05-19 --------------------------------------------------------------------- Product : Fedora Core 1 Name : neon Version : 0.24.5 Release : 2.1 Summary : An HTTP and WebDAV client library Description : neon is an HTTP and WebDAV client library, with a C interface; providing a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete SSL support. --------------------------------------------------------------------- Update Information: Stefan Esser discovered a flaw in the neon library which allows a heap buffer overflow in a date parsing routine. An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client should a user connect to it using a neon-based application which uses the date parsing routines, such as cadaver. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0398 to this issue. This update includes packages with a patch for this issue. --------------------------------------------------------------------- * Sun May 16 2004 Joe Orton 0.24.5-2.1 - add security fix for CVE CAN-2004-0398 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 71f0ddffbe8b5171b2fa2d93e55f8e35 SRPMS/neon-0.24.5-2.1.src.rpm c215af0bae2c90672573090fee1ec706 i386/neon-0.24.5-2.1.i386.rpm 89c59069a0b48258b8b5f8cc66be5bf7 i386/neon-devel-0.24.5-2.1.i386.rpm f7d813c7a96814072b097f15692771e9 i386/debug/neon-debuginfo-0.24.5-2.1.i386.rpm 841d910930f3def3f0202570b8c984a6 x86_64/neon-0.24.5-2.1.x86_64.rpm 92cc5ffa0588fe59bdd976308ea52971 x86_64/neon-devel-0.24.5-2.1.x86_64.rpm 03c24e6f0cd267e655a40127696a71b6 x86_64/debug/neon-debuginfo-0.24.5-2.1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From jorton at redhat.com Wed May 19 16:07:33 2004 From: jorton at redhat.com (Joe Orton) Date: Wed, 19 May 2004 17:07:33 +0100 Subject: [SECURITY] Fedora Core 2 Update: neon-0.24.5-2.2 Message-ID: <20040519160733.GA24881@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-130 2004-05-19 --------------------------------------------------------------------- Product : Fedora Core 2 Name : neon Version : 0.24.5 Release : 2.2 Summary : An HTTP and WebDAV client library Description : neon is an HTTP and WebDAV client library, with a C interface; providing a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete SSL support. --------------------------------------------------------------------- Update Information: Stefan Esser discovered a flaw in the neon library which allows a heap buffer overflow in a date parsing routine. An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client should a user connect to it using a neon-based application which uses the date parsing routines, such as cadaver. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0398 to this issue. This update includes packages with a patch for this issue. --------------------------------------------------------------------- * Sun May 16 2004 Joe Orton 0.24.5-2.2 - rebuild for FC2 update * Sun May 16 2004 Joe Orton 0.24.5-2.1 - add security fix for CVE CAN-2004-0398 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 435cce4188891f20707b16615c893413 SRPMS/neon-0.24.5-2.2.src.rpm 6dece9ed94cbf68834f7d84b6868f4d9 i386/neon-0.24.5-2.2.i386.rpm d307e0e58a179d12b1c40c840279d6c9 i386/neon-devel-0.24.5-2.2.i386.rpm 4d4b66a4a49c82ed57ce4c00a2b0cebc i386/debug/neon-debuginfo-0.24.5-2.2.i386.rpm ab0fb62241d6373f83081580d144cfee x86_64/neon-0.24.5-2.2.x86_64.rpm ba481e85f740f718c10fc9e8ccc60f9f x86_64/neon-devel-0.24.5-2.2.x86_64.rpm fcab8e5e26dccd7f1f904b0d1379198f x86_64/debug/neon-debuginfo-0.24.5-2.2.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From jorton at redhat.com Wed May 19 16:17:25 2004 From: jorton at redhat.com (Joe Orton) Date: Wed, 19 May 2004 17:17:25 +0100 Subject: [SECURITY] Fedora Core 1 Update: subversion-0.32.1-2 Message-ID: <20040519161725.GC24881@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-127 2004-05-19 --------------------------------------------------------------------- Product : Fedora Core 1 Name : subversion Version : 0.32.1 Release : 2 Summary : A Concurrent Versioning system similar to, but better than, CVS. Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. --------------------------------------------------------------------- Update Information: Stefan Esser discovered an issue in the date parsing routines in Subversion which allows a buffer overflow. An attacker could send malicious requests to a Subversion server (either Apache-based using mod_dav_svn, or using the svnserve daemon) and perform arbitrary execution of code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0397 to this issue. This update includes packages with a patch for this issue. --------------------------------------------------------------------- * Wed May 12 2004 Joe Orton 0.32.1-2 - add security fix for CVE CAN-2004-0397 (Ben Reser) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 21f86e755d58ec2ca68c2dc338e26743 SRPMS/subversion-0.32.1-2.src.rpm e844f7f47bdae053bfe94d4b0fd2ee16 i386/subversion-0.32.1-2.i386.rpm 18413a741fb6a6ffac48b3765bb0dd6d i386/subversion-devel-0.32.1-2.i386.rpm 8565cf933e01213c9cfd741e66fb49d9 i386/mod_dav_svn-0.32.1-2.i386.rpm 04be62fe37bf0a0af958f4dba83dc717 i386/debug/subversion-debuginfo-0.32.1-2.i386.rpm fc9cec597b0ac29f8af2311059c0325a x86_64/subversion-0.32.1-2.x86_64.rpm 69617e64446f47824698ffd94cb3f01b x86_64/subversion-devel-0.32.1-2.x86_64.rpm 903b1f372340c0099ee7876175b3dc23 x86_64/mod_dav_svn-0.32.1-2.x86_64.rpm 0f4755e17c255b54dfdd9c9982d52910 x86_64/debug/subversion-debuginfo-0.32.1-2.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From jorton at redhat.com Wed May 19 16:19:02 2004 From: jorton at redhat.com (Joe Orton) Date: Wed, 19 May 2004 17:19:02 +0100 Subject: [SECURITY] Fedora Core 2 Update: subversion-1.0.2-2.1 Message-ID: <20040519161902.GD24881@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-128 2004-05-19 --------------------------------------------------------------------- Product : Fedora Core 2 Name : subversion Version : 1.0.2 Release : 2.1 Summary : Modern Version Control System designed to replace CVS Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. --------------------------------------------------------------------- Update Information: Stefan Esser discovered an issue in the date parsing routines in Subversion which allows a buffer overflow. An attacker could send malicious requests to a Subversion server (either Apache-based using mod_dav_svn, or using the svnserve daemon) and perform arbitrary execution of code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0397 to this issue. This update includes packages with a patch for this issue. --------------------------------------------------------------------- * Sat May 15 2004 Joe Orton 1.0.2-2.1 - add security fix for CVE CAN-2004-0397 (Ben Reser) * Tue May 04 2004 Joe Orton 1.0.2-2 - add perl MODULE_COMPAT requirement for -perl subpackage - move perl man pages into -perl subpackage - clean up -perl installation and dependencies (Ville Skytt?, #123045) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 92cc070981eae85dc2220126a7cbd9d0 SRPMS/subversion-1.0.2-2.1.src.rpm 2ff7ecbf8f8c10b6ab761c3cbc913bf2 i386/subversion-1.0.2-2.1.i386.rpm a9e16d37859ee2168af5d2f0e53560a5 i386/subversion-devel-1.0.2-2.1.i386.rpm 6bd4b498f5c13bf4d2b2ad6668c86008 i386/mod_dav_svn-1.0.2-2.1.i386.rpm bfbbc9af5bbc287f74260bacb3bd3126 i386/subversion-perl-1.0.2-2.1.i386.rpm 8d4671361745f71e67310007ef8c6449 i386/debug/subversion-debuginfo-1.0.2-2.1.i386.rpm ca4fddfff4fff8a5496e29f3c314d32f x86_64/subversion-1.0.2-2.1.x86_64.rpm 0af6c873bcffd22fb0e1e4d60bcf1813 x86_64/subversion-devel-1.0.2-2.1.x86_64.rpm 9f8cef2892d8929b76f61562850e0648 x86_64/mod_dav_svn-1.0.2-2.1.x86_64.rpm 3e0bdc13b5fcd141416ec102b8608ac7 x86_64/subversion-perl-1.0.2-2.1.x86_64.rpm f7d2a0c88fcaeba74ef0bc9c9cb97dc9 x86_64/debug/subversion-debuginfo-1.0.2-2.1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From notting at redhat.com Wed May 19 19:47:10 2004 From: notting at redhat.com (Bill Nottingham) Date: Wed, 19 May 2004 15:47:10 -0400 Subject: [SECURITY] Fedora Core 2 Update: ipsec-tools-0.2.5-2 Message-ID: <20040519194710.GA8552@nostromo.devel.redhat.com> --------------------------------------------------------------------- Fedora Security Update Notification FEDORA-2004-132 2004-05-19 --------------------------------------------------------------------- Product : Fedora Core 2 Name : ipsec-tools Version : 0.2.5 Release : 2 Summary : Tools for configuring and using IPSEC Description : This is the IPsec-Tools package. You need this package in order to really use the IPsec functionality in the linux-2.5+ kernels. This package builds: - libipsec, a PFKeyV2 library - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon --------------------------------------------------------------------- Update Information: An updated ipsec-tools package that fixes vulnerabilities in racoon (the ISAKMP daemon) is now available. When ipsec-tools receives an ISAKMP header, it will attempt to allocate sufficient memory for the entire ISAKMP message according to the header's length field. If an attacker crafts an ISAKMP header with a extremely large value in the length field, racoon may exceed operating system resource limits and be terminated, resulting in a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0403 to this issue. --------------------------------------------------------------------- * Wed Apr 14 2004 Bill Nottingham - 0.2.5-2 - add patch for potential remote DoS (CAN-2004-0403) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 3e2e04aca6ff5ad9b87a58f360b5bdfd SRPMS/ipsec-tools-0.2.5-2.src.rpm b5cf2f91174df9363be3fae649278f33 i386/ipsec-tools-0.2.5-2.i386.rpm 9f0262afaad8669bb6d194874845ba19 i386/debug/ipsec-tools-debuginfo-0.2.5-2.i386.rpm 4783879e9aa712ddd98373aad9429333 x86_64/ipsec-tools-0.2.5-2.x86_64.rpm 7447cbdca523ad5b185d697388386f2e x86_64/debug/ipsec-tools-debuginfo-0.2.5-2.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From than at redhat.com Wed May 19 21:06:05 2004 From: than at redhat.com (Than Ngo) Date: Wed, 19 May 2004 23:06:05 +0200 Subject: [SECURITY] Fedora Core 1 Update: kdepim-3.1.4-2 Message-ID: <40ABCC3D.4040203@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-133 2004-05-19 --------------------------------------------------------------------- Product : Fedora Core 1 Name : kdepim Version : 3.1.4 Release : 2 Summary : PIM (Personal Information Manager) for KDE Description : A PIM (Personal Information Manager) for KDE. --------------------------------------------------------------------- Update Information: The KDE team found a buffer overflow in the file information reader of VCF files. An attacker could construct a VCF file so that when it was opened by a victim it would execute arbitrary commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0988 to this issue. --------------------------------------------------------------------- * Thu Dec 18 2003 Than Ngo 6:3.1.4-2 - added patch from KDE stable branch to fix buffer overflow in vcf --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 20a4f053aba0eccfd4e22b816714e27a SRPMS/kdepim-3.1.4-2.src.rpm 216304bb47999422716bc39b1b992d5e i386/kdepim-3.1.4-2.i386.rpm a1b17e1958b623c414751bfb0044bf37 i386/debug/kdepim-debuginfo-3.1.4-2.i386.rpm e750576e7c01bdc9242fc31299cd07b4 i386/kdepim-devel-3.1.4-2.i386.rpm 1c5694e3993b93e5a242a4acb725e18c x86_64/kdepim-3.1.4-2.x86_64.rpm f7fa93f04c386d21cbdd380c9606766d x86_64/debug/kdepim-debuginfo-3.1.4-2.x86_64.rpm 2024ae0a406a8aaf39e00a5997cc76f0 x86_64/kdepim-devel-3.1.4-2.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From walters at redhat.com Thu May 20 19:51:26 2004 From: walters at redhat.com (Colin Walters) Date: Thu, 20 May 2004 15:51:26 -0400 Subject: Fedora Core 2 Update: libgnome Message-ID: <1085082686.14808.34.camel@nexus.verbum.private> Subject: Fedora Core 2 Update: libgnome-2.6.0-3 --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-134 2004-05-20 --------------------------------------------------------------------- Product : Fedora Core 2 Name : libgnome Version : 2.6.0 Release : 3 Summary : GNOME base library Description : GNOME (GNU Network Object Model Environment) is a user-friendly set of GUI applications and desktop tools to be used in conjunction with a window manager for the X Window System. The libgnome package includes non-GUI-related libraries that are needed to run GNOME. The libgnomeui package contains X11-dependent GNOME library features. --------------------------------------------------------------------- Update Information: This updated libgnome package allows GNOME sound events to work in FC2. --------------------------------------------------------------------- * Sat May 15 2004 Colin Walters 2.6.0-3 - Apply another patch which fixes GNOME sound events, which due to what appears to be a glib bug, were broken by my previous patch. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 881324410f3f62632b0a33d72f560eee SRPMS/libgnome-2.6.0-3.src.rpm 6b548ef29b51b46957cae5a2eb07dcb9 i386/libgnome-2.6.0-3.i386.rpm 2fe93f6f27fdff138df2305b9013abf1 i386/libgnome-devel-2.6.0-3.i386.rpm f5a4f166e664c5c3e28f9fc3105b7283 i386/debug/libgnome-debuginfo-2.6.0-3.i386.rpm d08a508a00d152ac3f4f47ae5543b0be x86_64/libgnome-2.6.0-3.x86_64.rpm d6544332881e8d1a95b3b57cc09c6340 x86_64/libgnome-devel-2.6.0-3.x86_64.rpm 1756f5ba07cc35985895c845122b88e8 x86_64/debug/libgnome-debuginfo-2.6.0-3.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From byte at aeon.com.my Thu May 20 20:24:15 2004 From: byte at aeon.com.my (Colin Charles) Date: Fri, 21 May 2004 06:24:15 +1000 Subject: Fedora News Updates #12 Message-ID: <1085084655.4055.862.camel@albus.aeon.com.my> Another issue of the Fedora News Updates has been released and is available at: http://fedoranews.org/colin/fnu/issue12.shtml The current issue is always linked to http://fedoranews.org/colin/fnu/current.shtml Covering Fedora Core 2's release, and some migration topics. Arjan, the kernel maintainer talks about why 'sg' isn't needed for regular burning/ripping of CDs, while Alexandre has some great stuff on Firewire. Fedora Legacy has interesting news of stopping support for RH7.2/8.0, and Fedora works on a Mac! Excellent public discussion of performance tuning the Fedora Desktop, a must read. -- Colin Charles, byte at aeon.com.my http://www.bytebot.net/ From sopwith at redhat.com Mon May 24 17:47:00 2004 From: sopwith at redhat.com (Elliot Lee) Date: Mon, 24 May 2004 13:47:00 -0400 Subject: Fedora Project Mailing Lists reminder Message-ID: This is a reminder of the mailing lists for the Fedora Project, and the purpose of each list. You can view this information at http://fedora.redhat.com/participate/communicate/ When you're using these mailing lists, please take the time to choose the one that is most appropriate to your post. If you don't know the right mailing list to use for a question or discussion, please contact me. This will help you get the best possible answer for your question, and keep other list subscribers happy! Mailing Lists Mailing lists are email addresses which send email to all users subscribed to the mailing list. Sending an email to a mailing list reaches all users interested in discussing a specific topic and users available to help other users with the topic. The following mailing lists are available. To subscribe, send email to -request at redhat.com (replace with the desired mailing list name such as fedora-list) with the word subscribe in the subject. fedora-announce-list - Announcements of changes and events. To stay aware of news, subscribe to this list. fedora-list - For users of releases. If you want help with a problem installing or using , this is the list for you. fedora-test-list - For testers of test releases. If you would like to discuss experiences using TEST releases, this is the list for you. fedora-devel-list - For developers, developers, developers. If you are interested in helping create releases, this is the list for you. fedora-docs-list - For participants of the docs project fedora-desktop-list - For discussions about desktop issues such as user interfaces, artwork, and usability fedora-config-list - For discussions about the development of configuration tools fedora-legacy-announce - For announcements about the Fedora Legacy Project fedora-legacy-list - For discussions about the Fedora Legacy Project fedora-selinux-list - For discussions about the Fedora SELinux Project fedora-de-list - For discussions about Fedora in the German language fedora-ja-list - For discussions about Fedora in the Japanese language fedora-i18n-list - For discussions about the internationalization of Fedora Core fedora-trans-list - For discussions about translating the software and documentation associated with the Fedora Project German: fedora-trans-de French: fedora-trans-fr Spanish: fedora-trans-es Italian: fedora-trans-it Brazilian Portuguese: fedora-trans-pt_br Japanese: fedora-trans-ja Korean: fedora-trans-ko Simplified Chinese: fedora-trans-zh_cn Traditional Chinese: fedora-trans-zh_tw From jorton at redhat.com Tue May 25 13:18:15 2004 From: jorton at redhat.com (Joe Orton) Date: Tue, 25 May 2004 14:18:15 +0100 Subject: [SECURITY] Fedora Core 1 Update: httpd-2.0.49-1.1 Message-ID: <20040525131815.GA9638@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-117 2004-05-25 --------------------------------------------------------------------- Product : Fedora Core 1 Name : httpd Version : 2.0.49 Release : 1.1 Summary : Apache HTTP Server Description : Apache is a powerful, full-featured, efficient, and freely-available Web server. Apache is also the most popular Web server on the Internet. --------------------------------------------------------------------- Update Information: This update includes the latest stable release of Apache httpd 2.0, including a security fix for a memory leak in mod_ssl which can be triggered remotely (CVE CAN-2004-0113), and a fix for escaping of error log output (CVE CAN-2003-0020). This update also includes an enhanced version of the mod_cgi module which fixes a long-standing bug in the handling of stderr output during CGI script execution. --------------------------------------------------------------------- * Fri May 07 2004 Joe Orton 2.0.49-1.1 - fix 2.0.48's httpd loading 2.0.49's mod_expires.so * Fri May 07 2004 Joe Orton 2.0.49-1.0 - update to 2.0.49 (thanks to Robert Scheck, #118798) - make "noindex" page valid XHTML 1.1 (Pascal Volk, #122020) - restore /etc/httpd/build/libtool symlink (#113720) - mod_cgi: backport fixes for stderr handling (upstream #22030) - mod_dav: misc improvements - add rgetline NUL-termination fixes (Tsurutani Naoki, upstream #28376) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ b008b66b5af9ce253a53a805919a6814 SRPMS/httpd-2.0.49-1.1.src.rpm f047f09af00b168af1b67ce4ff377c39 i386/httpd-2.0.49-1.1.i386.rpm 52befed28d29860131a578615c2a4ff1 i386/httpd-devel-2.0.49-1.1.i386.rpm 2915df9769773493e82472ce5dfe84dc i386/httpd-manual-2.0.49-1.1.i386.rpm d943e6a34e9dbf1df956f9b98faf9e36 i386/mod_ssl-2.0.49-1.1.i386.rpm 7a59a2e8e05ae55d188c6eeaa2b57e3d i386/debug/httpd-debuginfo-2.0.49-1.1.i386.rpm 89d28478a3a3fa06872aa5a5c4738d08 x86_64/httpd-2.0.49-1.1.x86_64.rpm 4b08a98a31db3e9b4b7482d63b107e18 x86_64/httpd-devel-2.0.49-1.1.x86_64.rpm d553b52be3170277f528289ea1fc8eef x86_64/httpd-manual-2.0.49-1.1.x86_64.rpm b0a67133622538b4d3137114dba3ad04 x86_64/mod_ssl-2.0.49-1.1.x86_64.rpm 479c2ccc1fada2efde2ba409c9058d75 x86_64/debug/httpd-debuginfo-2.0.49-1.1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From jorton at redhat.com Tue May 25 13:22:45 2004 From: jorton at redhat.com (Joe Orton) Date: Tue, 25 May 2004 14:22:45 +0100 Subject: Fedora Core 1 Update: php-4.3.6-1.3 Message-ID: <20040525132245.GA9554@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-118 2004-05-25 --------------------------------------------------------------------- Product : Fedora Core 1 Name : php Version : 4.3.6 Release : 1.3 Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor) Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages. --------------------------------------------------------------------- Update Information: This update includes the latest stable release of PHP 4 with a large number of bug fixes since the previous 4.3.4 release. --------------------------------------------------------------------- * Wed May 12 2004 Joe Orton 4.3.6-1.3 - fix segfault on httpd SIGHUP (upstream #27810) * Mon May 10 2004 Joe Orton 4.3.6-1.0 - update to 4.3.6 (Robert Scheck, #121011, #118126) - add "fix" for umask() handling in apache2handler (#121454) * Fri Jan 30 2004 Joe Orton 4.3.4-1.2 - add trigger to handle php.ini upgrades smoothly (#112470) - add fix for config setting leaking from upstream (#110861) - drop gdbm support --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ d70191eb5dfc791af8af98af39410eca SRPMS/php-4.3.6-1.3.src.rpm bdb70f481b587d6b0b1ee129d22d743d i386/php-4.3.6-1.3.i386.rpm 623732f35b19982eee1645349e6b87b6 i386/php-devel-4.3.6-1.3.i386.rpm 34224a5981ffcad2c262d523e9ab14ca i386/php-imap-4.3.6-1.3.i386.rpm 9ff2ebb3bb2c7fb56f63e8e50c3c5cbd i386/php-ldap-4.3.6-1.3.i386.rpm 13450935364f3bbe603880b524111fd9 i386/php-mysql-4.3.6-1.3.i386.rpm 9e7bae85c89b8118ae024e888b9c3291 i386/php-pgsql-4.3.6-1.3.i386.rpm 0ce26d3528f861cdaf6cb5a89e99fa6b i386/php-odbc-4.3.6-1.3.i386.rpm 31ec681802b34186b3df66898af7d12f i386/php-snmp-4.3.6-1.3.i386.rpm 6c627834bccd5f00835dff675afc91cc i386/php-domxml-4.3.6-1.3.i386.rpm 06bd77cb8678aef9d673a8842b9d47f0 i386/php-xmlrpc-4.3.6-1.3.i386.rpm 1358d5686e3edf5dcb2ed2aafe0b3f00 i386/debug/php-debuginfo-4.3.6-1.3.i386.rpm 67a535d2ec6089b21fb866777d80ebfb x86_64/php-4.3.6-1.3.x86_64.rpm 9483eb5e8dded6cdce47b82c0a9e1b9f x86_64/php-devel-4.3.6-1.3.x86_64.rpm 8d8d0249554e0ba1e90d2da7319bc67b x86_64/php-imap-4.3.6-1.3.x86_64.rpm c4838664b9702c44a2d21bf315903178 x86_64/php-ldap-4.3.6-1.3.x86_64.rpm c467cddd1328000671445a9aa6a6f741 x86_64/php-mysql-4.3.6-1.3.x86_64.rpm bcac0570c687ac8491a548163bb7ec94 x86_64/php-pgsql-4.3.6-1.3.x86_64.rpm 958602f36e1b83e369e06524d8461b66 x86_64/php-odbc-4.3.6-1.3.x86_64.rpm 72f38bbc0b2421fb8888b6d5153c72fe x86_64/php-snmp-4.3.6-1.3.x86_64.rpm 885ef63af1cf22bbfb5f5e38873c0120 x86_64/php-domxml-4.3.6-1.3.x86_64.rpm 815319f7d16fa80c095261c6e96539f1 x86_64/php-xmlrpc-4.3.6-1.3.x86_64.rpm 4d84fb89f3a714b83e23fa304a29d23d x86_64/debug/php-debuginfo-4.3.6-1.3.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From markmc at redhat.com Tue May 25 19:35:56 2004 From: markmc at redhat.com (Mark McLoughlin) Date: Tue, 25 May 2004 20:35:56 +0100 Subject: Fedora Core 2 Update: rsync-2.6.2-1 Message-ID: <1085513756.20586.52.camel@localhost.localdomain> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-138 2004-05-25 --------------------------------------------------------------------- Product : Fedora Core 2 Name : rsync Version : 2.6.2 Release : 1 Summary : A program for synchronizing files over a network. Description : Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. --------------------------------------------------------------------- * Tue May 25 2004 Mark McLoughlin - 2.6.2-1 - Backport fix from upstream for crasher when passing multiple directories of the same length (bug #123708) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ b30b938efc3ab4e7ffd663310f6381b3 SRPMS/rsync-2.6.2-1.src.rpm b28b330419ed4c03b61d36bc0e31e1b5 i386/rsync-2.6.2-1.i386.rpm 202035cca722817343a672e499eb9eb8 i386/debug/rsync-debuginfo-2.6.2-1.i386.rpm 2d34d5eea63dde13a107288df7c79620 x86_64/rsync-2.6.2-1.x86_64.rpm b3e03abb5be064e46f971774125d974d x86_64/debug/rsync-debuginfo-2.6.2-1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From notting at redhat.com Tue May 25 20:30:18 2004 From: notting at redhat.com (Bill Nottingham) Date: Tue, 25 May 2004 16:30:18 -0400 Subject: Fedora Core 2 Update: hwdata-0.120-1 Message-ID: <20040525203018.GA10218@nostromo.devel.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-139 2004-05-25 --------------------------------------------------------------------- Product : Fedora Core 2 Name : hwdata Version : 0.120 Release : 1 Summary : Hardware identification and configuration data Description : hwdata contains various hardware identification and configuration data, such as the pci.ids database, the XFree86 Cards and MonitorsDb databases. --------------------------------------------------------------------- Update Information: This update fixes the module mapping for cmpci cards in the upgradelist, for upgrades from eariler releases using the OSS drivers. There are also some other minor additions. --------------------------------------------------------------------- * Mon May 24 2004 Bill Nottingham - 0.120-1 - mainly: fix upgradelist module for CMPci cards (#123647) - also: add another wireless card (#122676) add wireless card (#122625) add 1280x800 (#121548) add 1680x1050 (#121148) add IntelligentStick (#124313) * Mon May 10 2004 Jeremy Katz - 0.119-1 - veth driver is iseries_veth in 2.6 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 5587d7c0e425f263999d59dc4a6a0645 SRPMS/hwdata-0.120-1.src.rpm f71bcf83f17a273988d746bca746a404 i386/hwdata-0.120-1.noarch.rpm f71bcf83f17a273988d746bca746a404 x86_64/hwdata-0.120-1.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From jorton at redhat.com Thu May 27 19:47:39 2004 From: jorton at redhat.com (Joe Orton) Date: Thu, 27 May 2004 20:47:39 +0100 Subject: Fedora Core 2 Update: subversion-1.0.4-1 Message-ID: <20040527194739.GA25445@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-135 2004-05-27 --------------------------------------------------------------------- Product : Fedora Core 2 Name : subversion Version : 1.0.4 Release : 1 Summary : Modern Version Control System designed to replace CVS Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. --------------------------------------------------------------------- Update Information: This update includes the latest stable release of Subversion, including three user-visible bug fixes: * fixed: pool leaks in 'svnlook diff/changed/dirs-changed' * fixed: insecure script example in pre-commit-hook template * fixed: inability to do a checkout to '/' --------------------------------------------------------------------- * Sat May 22 2004 Joe Orton 1.0.4-1 - update to 1.0.4 * Fri May 21 2004 Joe Orton 1.0.3-2 - build /usr/bin/* as PIEs - add fix for libsvn_client symbol namespace violation (r9608) * Wed May 19 2004 Joe Orton 1.0.3-1 - update to 1.0.3 * Sun May 16 2004 Joe Orton 1.0.2-3 - add ldconfig invocations for -perl post/postun (Ville Skytt?) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 9e16b09409ccf2bf6b6445b506064fbb SRPMS/subversion-1.0.4-1.src.rpm 8e703cc35e9078b89d1363d3f745e730 i386/subversion-1.0.4-1.i386.rpm b4a85675387213446766022cebe9aa34 i386/subversion-devel-1.0.4-1.i386.rpm d3ef34734e944272ad9fc619d97fc491 i386/mod_dav_svn-1.0.4-1.i386.rpm bc1a124699431e0f1daa142fe9cdceb8 i386/subversion-perl-1.0.4-1.i386.rpm 8b37e98cad1ec03cd68e04e468336ae9 i386/debug/subversion-debuginfo-1.0.4-1.i386.rpm 37d99082980e5cd603fd9c687e16357d x86_64/subversion-1.0.4-1.x86_64.rpm 9e48b25d2fd18d18b2dc2317a1c34a60 x86_64/subversion-devel-1.0.4-1.x86_64.rpm 16ee6151af7fb8616b062b1e71ce074a x86_64/mod_dav_svn-1.0.4-1.x86_64.rpm 247830f8ab799cf73859f23bd247ce0b x86_64/subversion-perl-1.0.4-1.x86_64.rpm 031a8251ef8889778a7f9736b30875e5 x86_64/debug/subversion-debuginfo-1.0.4-1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From jorton at redhat.com Thu May 27 19:49:47 2004 From: jorton at redhat.com (Joe Orton) Date: Thu, 27 May 2004 20:49:47 +0100 Subject: Fedora Core 2 Update: php-4.3.6-5 Message-ID: <20040527194947.GB25445@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-136 2004-05-27 --------------------------------------------------------------------- Product : Fedora Core 2 Name : php Version : 4.3.6 Release : 5 Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor) Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages. --------------------------------------------------------------------- Update Information: This update includes the latest stable release of PHP 4 with a large number of bug fixes since the previous 4.3.4 release. --------------------------------------------------------------------- * Wed May 19 2004 Joe Orton 4.3.6-5 - don't obsolete php-imap (#123580) - unconditionally build -imap subpackage * Thu May 13 2004 Joe Orton 4.3.6-4 - remove trigger * Thu Apr 22 2004 Joe Orton 4.3.6-3 - fix umask reset "feature" (#121454) - don't use DL_GLOBAL when dlopen'ing extension modules * Sun Apr 18 2004 Joe Orton 4.3.6-2 - fix segfault on httpd SIGHUP (upstream #27810) * Fri Apr 16 2004 Joe Orton 4.3.6-1 - update to 4.3.6 (Robert Scheck, #121011) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 792528570a39f625e4ecbcc3bba27bb7 SRPMS/php-4.3.6-5.src.rpm c082751c91c44f590e3649c9192bde5c i386/php-4.3.6-5.i386.rpm 8104aaefa0627fc673256d350b72c332 i386/php-devel-4.3.6-5.i386.rpm e506a5f42cd1d3c568d56e74556cc800 i386/php-pear-4.3.6-5.i386.rpm 675060da090c9793850870f2ebaa2ee2 i386/php-imap-4.3.6-5.i386.rpm 8327454a87f3996c4266d2a69e358d1a i386/php-ldap-4.3.6-5.i386.rpm 8c2f5ad0f865513edb71f721f026b77e i386/php-mysql-4.3.6-5.i386.rpm 74a38ecf2c08ae2cd74f1eb887f8ad2b i386/php-pgsql-4.3.6-5.i386.rpm 6e5a27d5a7c2a23564354b05c0672b82 i386/php-odbc-4.3.6-5.i386.rpm 0b5065c612c9e8928901b5a4e67048cd i386/php-snmp-4.3.6-5.i386.rpm 53e37d62c0f2190f86719b0645017600 i386/php-domxml-4.3.6-5.i386.rpm 8d76b26c507b8e9b75cf5bcbf3ccf145 i386/php-xmlrpc-4.3.6-5.i386.rpm 6252d2683cded5f314630f19dd6ece12 i386/debug/php-debuginfo-4.3.6-5.i386.rpm 04295d7e8d6764f54f72fb420d3aded6 x86_64/php-4.3.6-5.x86_64.rpm 7e19ce3ca31b595eebcfb5c0fad8427c x86_64/php-devel-4.3.6-5.x86_64.rpm 1e43db85eed4e04cc2e94ffe2ba783e1 x86_64/php-pear-4.3.6-5.x86_64.rpm a72ce3cbbb27fee6838e2b80d192a29a x86_64/php-imap-4.3.6-5.x86_64.rpm c8918c7813a4988841265221704a975c x86_64/php-ldap-4.3.6-5.x86_64.rpm 5954a8afcc16bdb2ba4c12f0bbf5e036 x86_64/php-mysql-4.3.6-5.x86_64.rpm cd51be72c27e1cc61291b2efe2150ca9 x86_64/php-pgsql-4.3.6-5.x86_64.rpm 36c4e464b0b4621632c6f813bd94ce0a x86_64/php-odbc-4.3.6-5.x86_64.rpm 3a13c5b6c4aab0f04ceec9e5a465e41d x86_64/php-snmp-4.3.6-5.x86_64.rpm d60aafe980432df8a7c81ef70e0bd945 x86_64/php-domxml-4.3.6-5.x86_64.rpm 448580538d783bca8d0f1a62c7e38f3f x86_64/php-xmlrpc-4.3.6-5.x86_64.rpm 4bb7585f31b325115f83e07670115395 x86_64/debug/php-debuginfo-4.3.6-5.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From nphilipp at redhat.com Fri May 28 10:37:38 2004 From: nphilipp at redhat.com (Nils Philippsen) Date: Fri, 28 May 2004 12:37:38 +0200 Subject: Fedora Core 1 Update: gimp-1.2.5-2 Message-ID: <1085740657.6938.4.camel@gibraltar.stuttgart.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-100 2004-05-28 --------------------------------------------------------------------- Product : Fedora Core 1 Name : gimp Version : 1.2.5 Release : 2 Summary : The GNU Image Manipulation Program. Description : The GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. The GIMP has many of the tools and filters you would expect to find in similar commercial offerings, and some interesting extras as well. The GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. The GIMP includes a scripting facility, but many of the included scripts rely on fonts that we cannot distribute. The GIMP FTP site has a package of fonts that you can install by yourself, which includes all the fonts needed to run the included scripts. Some of the fonts have unusual licensing requirements; all the licenses are documented in the package. Get ftp://ftp.gimp.org/pub/gimp/fonts/freefonts-0.10.tar.gz and ftp://ftp.gimp.org/pub/gimp/fonts/sharefonts-0.10.tar.gz if you are so inclined. Alternatively, choose fonts which exist on your system before running the scripts. --------------------------------------------------------------------- Update Information: This update has improvements in the handling of multibyte locales, specifically it should show the startup tips now with both Unicode and non-Unicode Japanese (and possibly other Asian) locales. --------------------------------------------------------------------- * Thu Apr 08 2004 Nils Philippsen - fix Japanese tips on UTF-8 locale (#98520) - use %patch ... -b ... always --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 4c6917108dda9242011e50a37193848f SRPMS/gimp-1.2.5-2.src.rpm 6625ea73411a1a50bc788da7873bbfd3 i386/gimp-1.2.5-2.i386.rpm 326ee140ce61cc2a0796c361d9189448 i386/gimp-devel-1.2.5-2.i386.rpm 2d2943e2f49c41e60342d63cb7383ccd i386/gimp-perl-1.2.5-2.i386.rpm d047e29b02ca9dd5663c58902bd71017 x86_64/gimp-1.2.5-2.x86_64.rpm 1162076eb5f57d4bd87765103710017e x86_64/gimp-devel-1.2.5-2.x86_64.rpm f06345a06010b4c3429aea858ceec3d8 x86_64/gimp-perl-1.2.5-2.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- Nils Philippsen / Red Hat / nphilipp at redhat.com "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- B. Franklin, 1759 PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From notting at redhat.com Fri May 28 16:49:27 2004 From: notting at redhat.com (Bill Nottingham) Date: Fri, 28 May 2004 12:49:27 -0400 Subject: Fedora Core 1 Update: vsftpd-1.2.1-4.fc1 Message-ID: <20040528164927.GC12755@nostromo.devel.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-141 2004-05-28 --------------------------------------------------------------------- Product : Fedora Core 1 Name : vsftpd Version : 1.2.1 Release : 4.fc1 Summary : vsftpd - Very Secure Ftp Daemon Description : vsftpd is a Very Secure FTP daemon. It was written completely from scratch. --------------------------------------------------------------------- Update Information: This update upgrades vsftpd to the code shipped in Fedora Core 2. Notable is a fix for the signal handling in the listener code that can cause the listener to hang. (bug #109933, #113364) --------------------------------------------------------------------- * Tue May 25 2004 Bill Nottingham 1.2.1-4.FC1 - build for FC1 * Mon May 03 2004 Bill Nottingham 1.2.1-5 - fix all references to vsftpd.conf to be /etc/vsftpd/vsftpd.conf, including in the binary (#121199, #104075) * Thu Mar 25 2004 Bill Nottingham 1.2.1-4 - don't call malloc()/free() in signal handlers (#119136, ) * Fri Feb 13 2004 Elliot Lee - rebuilt * Mon Nov 24 2003 Karsten Hopp 1.2.1-1 - update to 1.2.1, which fixes #89765 and lot of other issues - remove manpage patch, it isn't required anymore - clean up init script - don't use script to find libs to link with (lib64 issues) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ ea34c2be755924e992b4ef214382747a SRPMS/vsftpd-1.2.1-4.fc1.src.rpm 9d25e767e65cfff4763adf1562a7a2d7 i386/vsftpd-1.2.1-4.fc1.i386.rpm 29c511fabb9795eea97617b1f2092631 i386/debug/vsftpd-debuginfo-1.2.1-4.fc1.i386.rpm 165f3e28ab47a41a1cb2d29ee875a507 x86_64/vsftpd-1.2.1-4.fc1.x86_64.rpm 380ebf1df4d4aa51eb48b96299fd437a x86_64/debug/vsftpd-debuginfo-1.2.1-4.fc1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From max_list at fedorafaq.org Sun May 30 06:58:52 2004 From: max_list at fedorafaq.org (Max K-A) Date: Sat, 29 May 2004 23:58:52 -0700 Subject: Unofficial Fedora FAQ Updated for Fedora Core 2 Message-ID: <1085900331.3527.54.camel@max.localdomain> Hi Fedora Users! I'm proud to announce that the Unofficial Fedora FAQ has been updated for the release of Fedora Core 2! All the questions on the site should now be accurate for FC2, and the yum.conf has been modified and tested for FC2. During the update, almost all the questions in the FAQ have been tweaked for accuracy, clarity, and simplicity. As always, the FAQ is at: http://www.fedorafaq.org/ There's also a new section on how to contribute to the FAQ: http://www.fedorafaq.org/contribute/ I have an archived version of the FC1 FAQ at http://www.fedorafaq.org/fc1/ There will be many updates in the coming days and weeks, so keep checking back for updates! As always, I will announce all major updates on the fedora-list. Thanks to Sindre "foolish" Pedersen Bj?rdal for a lot of updates and the cool new look of FedoraFAQ.org. Also a big thanks to Gareth "Ug" Russell of FedoraForum (http://www.fedoraforum.org) for his contributions with Sindre, and for even more great content that you'll see up there soon. If you have any questions or comments, feel free to email me! I'm max {a t} fedorafaq {do t} org. -M