From jakub at redhat.com Wed Sep 1 21:33:55 2004 From: jakub at redhat.com (Jakub Jelinek) Date: Wed, 1 Sep 2004 17:33:55 -0400 Subject: [SECURITY] Fedora Core 1 Update: mc-4.6.0-17.fc1 Message-ID: <20040901213354.GV30573@devserv.devel.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-272 2004-09-01 --------------------------------------------------------------------- Product : Fedora Core 1 Name : mc Version : 4.6.0 Release : 17.fc1 Summary : User-friendly text console file manager and visual shell. Description : Midnight Commander is a visual shell much like a file manager, only with many more features. It is a text mode application, but it also includes mouse support if you are running GPM. Midnight Commander's best features are its ability to FTP, view tar and zip files, and to poke into RPMs for specific files. --------------------------------------------------------------------- Update Information: Security fix for http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127973. CAN-2004-0494 extfs vfs vulnerability in mc --------------------------------------------------------------------- * Sat Aug 21 2004 Jakub Jelinek 4.6.0-17.fc1 - 3 more quoting omissions in a.in * Sat Aug 21 2004 Jakub Jelinek 4.6.0-17 - fix shell quoting in extfs perl scripts (Leonard den Ottolander, #127973, CAN-2004-0494) * Tue Jun 15 2004 Elliot Lee - rebuilt --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 49f1c1f5234fc1d81dd3ffa821e04747 SRPMS/mc-4.6.0-17.fc1.src.rpm 78953790d5f583a77788ad4510cd1fe7 x86_64/mc-4.6.0-17.fc1.x86_64.rpm 1a5730f349b0505fac9cc78425402b8d x86_64/debug/mc-debuginfo-4.6.0-17.fc1.x86_64.rpm a731762be96fb7a2e00f4c8229f1d8b7 i386/mc-4.6.0-17.fc1.i386.rpm cbc9a3ba4897d0acc5a7589a8668476b i386/debug/mc-debuginfo-4.6.0-17.fc1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From jakub at redhat.com Wed Sep 1 21:34:42 2004 From: jakub at redhat.com (Jakub Jelinek) Date: Wed, 1 Sep 2004 17:34:42 -0400 Subject: [SECURITY] Fedora Core 2 Update: mc-4.6.0-17.fc2 Message-ID: <20040901213442.GW30573@devserv.devel.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-273 2004-09-01 --------------------------------------------------------------------- Product : Fedora Core 2 Name : mc Version : 4.6.0 Release : 17.fc2 Summary : User-friendly text console file manager and visual shell. Description : Midnight Commander is a visual shell much like a file manager, only with many more features. It is a text mode application, but it also includes mouse support if you are running GPM. Midnight Commander's best features are its ability to FTP, view tar and zip files, and to poke into RPMs for specific files. --------------------------------------------------------------------- Update Information: Security fix for http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127973. CAN-2004-0494 extfs vfs vulnerability in mc --------------------------------------------------------------------- * Sat Aug 21 2004 Jakub Jelinek 4.6.0-17.fc2 - 3 more quoting omissions in a.in * Sat Aug 21 2004 Jakub Jelinek 4.6.0-17 - fix shell quoting in extfs perl scripts (Leonard den Ottolander, #127973, CAN-2004-0494) * Tue Jun 15 2004 Elliot Lee - rebuilt --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ aadb93bb8a2b047c79a4c5be7da28edb SRPMS/mc-4.6.0-17.fc2.src.rpm 2907d996d845c03dd9ff5cc0bcf1ec84 x86_64/mc-4.6.0-17.fc2.x86_64.rpm 10fa4d7b2d7e7abc48015d23004c903b x86_64/debug/mc-debuginfo-4.6.0-17.fc2.x86_64.rpm 5da38fc92a6d8f57148d57eab6f6f251 i386/mc-4.6.0-17.fc2.i386.rpm 11104e0480ab66addf52e4f30b9e9870 i386/debug/mc-debuginfo-4.6.0-17.fc2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From fenlason at redhat.com Thu Sep 2 16:17:33 2004 From: fenlason at redhat.com (Jay Fenlason) Date: Thu, 2 Sep 2004 12:17:33 -0400 Subject: [SECURITY] Fedora Core 1 Update: samba-3.0.6-2.FC1 Message-ID: <20040902161733.GB28497@redhat.com> If you have not updated to the 3.0.5-2.FC1.1 rpms from testing, this is a security update, as it fixes CAN-2004-0600 and CAN-2004-0686. --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-284 2004-09-02 --------------------------------------------------------------------- Product : Fedora Core 1 Name : samba Version : 3.0.6 Release : 2.FC1 Summary : The Samba SMB server. Description : Samba is the protocol by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB server that can be used to provide network services to SMB (sometimes called "Lan Manager") clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol. --------------------------------------------------------------------- * Wed Aug 25 2004 Jay Fenlason 3.0.6-1.FC2 - Upgade to 3.0.6 include the following patches: samba-3.0.5rc1-passwd.patch from me. This changes the character used in the password field of the entries generated by winbind from a 'x' to a '*'. 'x' means something special ("password is in /etc/shadow") to another pam module. samba-3.0.5pre1-smbclient-kerberos.patch from Alexander Larsson (alexl at redhat.com). Make kerberized smbclient work better. samba-3.0.5pre1-use_authtok.patch from Nalin Dahyabhai Fix an apparent braino in pam_winbind.c and correct Cristian Gafton's name samba-3.0.6-schema.patch from Gerald (Jerry) Carter Correct the LDAP schema samba-3.0.5rc1-64bit-timestamps.patch from Ravikumar (rkumar at hp.com) to allow correct timestamp handling on 64-bit platforms and fix #126109. samba-3.0.4-install.mount.smbfs.patch from Juanjo Villaplana (villapla at si.uji.es) to prevent building the srpm from trashing the installed /usr/bin/smbmount * Thu May 20 2004 Jay Fenlason 3.0.4-2.FC1 - include -winbind patch from Gerald (Jerry) Carter (jerry at samba.org) https://bugzilla.samba.org/show_bug.cgi?id=1315 to make winbindd work against Windows versions that do not have 128 bit encryption enabled. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ d0352aebb980e15200389705284f59ff SRPMS/samba-3.0.6-2.FC1.src.rpm 0fce19d5f2d92c475489ff64a88f4799 x86_64/samba-3.0.6-2.FC1.x86_64.rpm 987315b19e8a2f480aeada49a324dc87 x86_64/samba-client-3.0.6-2.FC1.x86_64.rpm 1af85132be7349cdf02d7aee4a6c71b7 x86_64/samba-common-3.0.6-2.FC1.x86_64.rpm 7c1e334d6090abdcad6000bc91b7f478 x86_64/samba-swat-3.0.6-2.FC1.x86_64.rpm f0e741704ac3253a7f72445cd3834d13 x86_64/debug/samba-debuginfo-3.0.6-2.FC1.x86_64.rpm 7b5d636df97aa289c7fbd53fb6ad040d i386/samba-3.0.6-2.FC1.i386.rpm ac80201c92b13ac07acdf14d22c3223e i386/samba-client-3.0.6-2.FC1.i386.rpm 5ecee2d2e560b164acbe5b7708e6372c i386/samba-common-3.0.6-2.FC1.i386.rpm 8814aeed14a086e6f2f195d2017c5272 i386/samba-swat-3.0.6-2.FC1.i386.rpm c31881d34432bd163e0f6fb1e08c2df8 i386/debug/samba-debuginfo-3.0.6-2.FC1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From fenlason at redhat.com Thu Sep 2 16:19:47 2004 From: fenlason at redhat.com (Jay Fenlason) Date: Thu, 2 Sep 2004 12:19:47 -0400 Subject: [SECURITY] Fedora Core 2 Update: samba-3.0.6-2.fc2 Message-ID: <20040902161947.GC28497@redhat.com> If you have not already upgraded to samba-3.0.5-2.FC2.1 (from fedora testing), this is a seurity release, as it contains fixes for CAN-2004-0600 and CAN-2004-0686. --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-285 2004-09-02 --------------------------------------------------------------------- Product : Fedora Core 2 Name : samba Version : 3.0.6 Release : 2.fc2 Summary : The Samba SMB server. Description : Samba is the protocol by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB server that can be used to provide network services to SMB (sometimes called "Lan Manager") clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol. --------------------------------------------------------------------- * Tue Aug 31 2004 Jay Fenlason 3.0.6-2.fc2 - Upgrade to 3.0.6 Include the same patchset as rawhide and fc1 - Update BuildRequires --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ d5610f25b8e429f06adec8505c0d3551 SRPMS/samba-3.0.6-2.fc2.src.rpm a364d645dbf9711e3a0cf3a2c8c2ee44 x86_64/samba-3.0.6-2.fc2.x86_64.rpm bd5cc0032d75339b146a711d2ad7095e x86_64/samba-client-3.0.6-2.fc2.x86_64.rpm f5627fad3aaff96e94fb59ac9c2a7710 x86_64/samba-common-3.0.6-2.fc2.x86_64.rpm 82d4646d7706257b1781115992ff81c1 x86_64/samba-swat-3.0.6-2.fc2.x86_64.rpm 20eab73da693739bf486fecdb21fd24d x86_64/debug/samba-debuginfo-3.0.6-2.fc2.x86_64.rpm e708e83401cc6bd594d1d1e50824df8a i386/samba-3.0.6-2.fc2.i386.rpm cd399571aa808057e3a1e16edaed2d75 i386/samba-client-3.0.6-2.fc2.i386.rpm 5d05708a289bc8b81c7efd214ad747fc i386/samba-common-3.0.6-2.fc2.i386.rpm b5a2676fabd8da840499e33517caaa30 i386/samba-swat-3.0.6-2.fc2.i386.rpm 54a4574e0ed2e79375a7b29a16cd3f00 i386/debug/samba-debuginfo-3.0.6-2.fc2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From notting at redhat.com Tue Sep 7 17:41:48 2004 From: notting at redhat.com (Bill Nottingham) Date: Tue, 7 Sep 2004 13:41:48 -0400 Subject: Fedora Core 1 Update: kudzu-1.1.36.3-1 Message-ID: <20040907174148.GA30219@nostromo.devel.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-282 2004-09-07 --------------------------------------------------------------------- Product : Fedora Core 1 Name : kudzu Version : 1.1.36.3 Release : 1 Summary : The Red Hat Linux hardware probing tool. Description : Kudzu is a hardware probing tool run at system boot time to determine what hardware has been added or removed from the system. --------------------------------------------------------------------- Update Information: This update reworks the network device detection in kudzu, fixing various reported bugs, among them #108178, #111639, #112837, #120584, #120988, #122983, and #124765. --------------------------------------------------------------------- * Tue Aug 31 2004 Bill Nottingham 1.1.36.3-1 - fix a minor memory leak * Fri Aug 27 2004 Bill Nottingham 1.1.36.2-1 - tweak network device naming algorithm --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 9f44b13a911b9ac76bdc6f65cabcf2d0 SRPMS/kudzu-1.1.36.3-1.src.rpm 373e542803caad82a809bee16a8240e5 x86_64/kudzu-1.1.36.3-1.x86_64.rpm 5eef263e6fb86e48f069a2c55e54a91a x86_64/kudzu-devel-1.1.36.3-1.x86_64.rpm 2ba184236f546d2737a71c8a37c0270f x86_64/debug/kudzu-debuginfo-1.1.36.3-1.x86_64.rpm 99e52ba8ed962fb0833a528e27cdb6bc i386/kudzu-1.1.36.3-1.i386.rpm 1bd6b50ac1c264b70d9cffaa0d100c42 i386/kudzu-devel-1.1.36.3-1.i386.rpm da7c5a1a93954e2e0cde12b511ea6427 i386/debug/kudzu-debuginfo-1.1.36.3-1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From notting at redhat.com Tue Sep 7 17:42:06 2004 From: notting at redhat.com (Bill Nottingham) Date: Tue, 7 Sep 2004 13:42:06 -0400 Subject: Fedora Core 2 Update: kudzu-1.1.68.2-1 Message-ID: <20040907174206.GB30219@nostromo.devel.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-283 2004-09-07 --------------------------------------------------------------------- Product : Fedora Core 2 Name : kudzu Version : 1.1.68.2 Release : 1 Summary : The Red Hat Linux hardware probing tool. Description : Kudzu is a hardware probing tool run at system boot time to determine what hardware has been added or removed from the system. --------------------------------------------------------------------- Update Information: This update reworks the network device detection in kudzu, fixing various reported bugs, among them #108178, #111639, #112837, #120584, #120988, #122983, and #124765. --------------------------------------------------------------------- * Tue Aug 31 2004 Bill Nottingham - 1.1.68.2-1 - fix a minor memory leak * Fri Aug 27 2004 Bill Nottingham - 1.1.68.1-1 - tweak net device algorithm * Mon May 24 2004 Bill Nottingham - 1.1.68-1 - fix checking of modules loaded which have a - in their name as /proc/modules will contain an _ instead, this time for the !loader case (#122983, at least) * Fri May 21 2004 Jeremy Katz - 1.1.67-1 - look for module.usbmap under /modules also for anaconda usage * Wed May 19 2004 Bill Nottingham 1.1.66-1 - MacIO fixes (#115286, ) * Thu May 13 2004 Karsten Hopp 1.1.65-1 - add CTC and Escon detection (mainframe) * Tue May 11 2004 Karsten Hopp 1.1.64-1 - change QETH module name back, newer kernels have reverted the name change * Mon May 10 2004 Jeremy Katz - 1.1.63-1 - minor fix for viodasd probing --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 1338c9ee6eb181a777c57d5aa4ceaab5 SRPMS/kudzu-1.1.68.2-1.src.rpm e1031d37bdda34ebbf5202e65675d5e3 x86_64/kudzu-1.1.68.2-1.x86_64.rpm 103fc7fb361d7324e0cb55d2c5f01724 x86_64/kudzu-devel-1.1.68.2-1.x86_64.rpm 193e959187a8ee71e500893a53dcd577 x86_64/debug/kudzu-debuginfo-1.1.68.2-1.x86_64.rpm a8a96c2adea4995d9b185dc0ecc1b33a i386/kudzu-1.1.68.2-1.i386.rpm 665a6f6e6eaa42c0d3552dd4c02a4695 i386/kudzu-devel-1.1.68.2-1.i386.rpm f03761bcaed2ac254a91c41924557247 i386/debug/kudzu-debuginfo-1.1.68.2-1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From than at redhat.com Wed Sep 8 09:13:10 2004 From: than at redhat.com (Than Ngo) Date: Wed, 08 Sep 2004 11:13:10 +0200 Subject: [SECURITY] Fedora Core 2 Update: lha-1.14i-14.1 Message-ID: <413ECD26.2090700@redhat.com> Subject: Fedora Core 2 Update: lha-1.14i-14.1 --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-295 2004-09-08 --------------------------------------------------------------------- Product : Fedora Core 2 Name : lha Version : 1.14i Release : 14.1 Summary : An archiving and compression utility for LHarc format archives. Description : LHA is an archiving and compression utility for LHarc format archives. LHA is mostly used in the DOS world, but can be used under Linux to extract DOS files from LHA archives. Install the lha package if you need to extract DOS files from LHA archives. --------------------------------------------------------------------- Update Information: Lukasz Wojtow discovered a stack-based buffer overflow in all versions of lha up to and including version 1.14. A carefully created archive could allow an attacker to execute arbitrary code when a victim extracts or tests the archive. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0769 to this issue. Buffer overflows were discovered in the command line processing of all versions of lha up to and including version 1.14. If a malicious user can trick a victim into passing a specially crafted command line to the lha command, it is possible that arbitrary code could be executed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0771 and CAN-2004-0694 to these issues. Thomas Biege discovered a shell meta character command execution vulnerability in all versions of lha up to and including 1.14. An attacker could create a directory with shell meta characters in its name which could lead to arbitrary command execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0745 to this issue. Users of lha should update to this updated package --------------------------------------------------------------------- * Tue Sep 07 2004 Than Ngo 1.14i-14.1 - security vulnerabilities CAN-2004-0769, CAN-2004-0771, CAN-2004-0694, CAN-2004-0745 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ bccb95c64b01e506961bdacb3323031b SRPMS/lha-1.14i-14.1.src.rpm af515d31f9ff998a88383d0651efff68 x86_64/lha-1.14i-14.1.x86_64.rpm 8641060ad39c6bbe14e68014fbe06ce2 x86_64/debug/lha-debuginfo-1.14i-14.1.x86_64.rpm 494c07eccce7cd3f5a040d8fb384eb8b i386/lha-1.14i-14.1.i386.rpm a8d018efd6c9fe0b8db6f96327557182 i386/debug/lha-debuginfo-1.14i-14.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From than at redhat.com Wed Sep 8 09:15:51 2004 From: than at redhat.com (Than Ngo) Date: Wed, 08 Sep 2004 11:15:51 +0200 Subject: [SECURITY] Fedora Core 1 Update: lha-1.14i-12.2 Message-ID: <413ECDC7.7060709@redhat.com> Subject: Fedora Core 1 Update: lha-1.14i-12.2 --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-294 2004-09-08 --------------------------------------------------------------------- Product : Fedora Core 1 Name : lha Version : 1.14i Release : 12.2 Summary : An archiving and compression utility for LHarc format archives. Description : LHA is an archiving and compression utility for LHarc format archives. LHA is mostly used in the DOS world, but can be used under Linux to extract DOS files from LHA archives. Install the lha package if you need to extract DOS files from LHA archives. --------------------------------------------------------------------- Update Information: Lukasz Wojtow discovered a stack-based buffer overflow in all versions of lha up to and including version 1.14. A carefully created archive could allow an attacker to execute arbitrary code when a victim extracts or tests the archive. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0769 to this issue. Buffer overflows were discovered in the command line processing of all versions of lha up to and including version 1.14. If a malicious user can trick a victim into passing a specially crafted command line to the lha command, it is possible that arbitrary code could be executed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0771 and CAN-2004-0694 to these issues. Thomas Biege discovered a shell meta character command execution vulnerability in all versions of lha up to and including 1.14. An attacker could create a directory with shell meta characters in its name which could lead to arbitrary command execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0745 to this issue. Users of lha should update to this updated package --------------------------------------------------------------------- * Tue Sep 07 2004 Than Ngo 1.14i-12.2 - security vulnerabilities CAN-2004-0769, CAN-2004-0771, CAN-2004-0694, CAN-2004-0745 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 4c8e03b8489c398e6f01c9c26e76a956 SRPMS/lha-1.14i-12.2.src.rpm 170bcabffe4609754eac38e4cab8b592 x86_64/lha-1.14i-12.2.x86_64.rpm 571754fe612bce9f0119dec63049dbca x86_64/debug/lha-debuginfo-1.14i-12.2.x86_64.rpm 6b0f4909ea0753a01a2e29319348240d i386/lha-1.14i-12.2.i386.rpm db44f0f1eeb45ebbbd0f39e079593879 i386/debug/lha-debuginfo-1.14i-12.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From than at redhat.com Wed Sep 8 09:25:03 2004 From: than at redhat.com (Than Ngo) Date: Wed, 08 Sep 2004 11:25:03 +0200 Subject: [SECURITY] Fedora Core 1 Update: kdelibs-3.1.4-7 Message-ID: <413ECFEF.2000103@redhat.com> Subject: Fedora Core 1 Update: kdelibs-3.1.4-7 --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-290 2004-09-08 --------------------------------------------------------------------- Product : Fedora Core 1 Name : kdelibs Version : 3.1.4 Release : 7 Summary : K Desktop Environment - Libraries Description : Libraries for the K Desktop Environment: KDE Libraries included: kdecore (KDE core library), kdeui (user interface), kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking), kspell (spelling checker), jscript (javascript), kab (addressbook), kimgio (image manipulation). --------------------------------------------------------------------- Update Information: Andrew Tuitt reported that versions of KDE up to and including 3.2.3 create temporary directories with predictable names. A local attacker could prevent KDE applications from functioning correctly, or overwrite files owned by other users by creating malicious symlinks. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0689 to this issue. WESTPOINT internet reconnaissance services has discovered that the KDE web browser Konqueror allows websites to set cookies for certain country specific secondary top level domains. An attacker within one of the affected domains could construct a cookie which would be sent to all other websites within the domain leading to a session fixation attack. This issue does not affect popular domains such as .co.uk, .co.in, or .com. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0721 to this issue. A frame injection spoofing vulnerability has been discovered in the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a named frame of a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0746 to this issue. All users of KDE are advised to upgrade to these erratum packages, which contain backported patches from the KDE team for these issues. --------------------------------------------------------------------- * Wed Sep 01 2004 Than Ngo 6:3.1.4-7 - Konqueror Frame Injection Vulnerability CAN-2004-0721 - Konqueror Cross-Domain Cookie Injection CAN-2004-0746 * Wed Jul 28 2004 Than Ngo 6:3.1.4-6 - temporary directory vulnerability, CAN-2004-0689 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 008938cbdcd2153b84d2dda1cbcbf887 SRPMS/kdelibs-3.1.4-7.src.rpm eb7ea45f4d74c1445336bcef9761f02f x86_64/kdelibs-3.1.4-7.x86_64.rpm 09e622613f98b001d548815e0e8a8a1e x86_64/kdelibs-devel-3.1.4-7.x86_64.rpm 5b239bdfa7ccadb00fe6eca14b4c0593 x86_64/debug/kdelibs-debuginfo-3.1.4-7.x86_64.rpm 61cef6ddcc8a103f0aae6d7c8a31e224 i386/kdelibs-3.1.4-7.i386.rpm 987c650d14f71dc848cce75f8bf4dc3a i386/kdelibs-devel-3.1.4-7.i386.rpm b2831db469e778da7a7d4073d6cb5517 i386/debug/kdelibs-debuginfo-3.1.4-7.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From than at redhat.com Wed Sep 8 09:28:44 2004 From: than at redhat.com (Than Ngo) Date: Wed, 08 Sep 2004 11:28:44 +0200 Subject: [SECURITY] Fedora Core 2 Update: kdelibs-3.2.2-8.FC2 Message-ID: <413ED0CC.6070202@redhat.com> Subject: Fedora Core 2 Update: kdelibs-3.2.2-8.FC2 --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-291 2004-09-08 --------------------------------------------------------------------- Product : Fedora Core 2 Name : kdelibs Version : 3.2.2 Release : 8.FC2 Summary : K Desktop Environment - Libraries Description : Libraries for the K Desktop Environment: KDE Libraries included: kdecore (KDE core library), kdeui (user interface), kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking), kspell (spelling checker), jscript (javascript), kab (addressbook), kimgio (image manipulation). --------------------------------------------------------------------- Update Information: Andrew Tuitt reported that versions of KDE up to and including 3.2.3 create temporary directories with predictable names. A local attacker could prevent KDE applications from functioning correctly, or overwrite files owned by other users by creating malicious symlinks. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0689 to this issue. WESTPOINT internet reconnaissance services has discovered that the KDE web browser Konqueror allows websites to set cookies for certain country specific secondary top level domains. An attacker within one of the affected domains could construct a cookie which would be sent to all other websites within the domain leading to a session fixation attack. This issue does not affect popular domains such as .co.uk, .co.in, or .com. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0721 to this issue. A frame injection spoofing vulnerability has been discovered in the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a named frame of a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0746 to this issue. All users of KDE are advised to upgrade to these packages, which contain backported patches from the KDE team for these issues. --------------------------------------------------------------------- * Wed Sep 01 2004 Than Ngo 6:3.2.2-8.FC2 - Konqueror Frame Injection Vulnerability CAN-2004-0721 - Konqueror Cross-Domain Cookie Injection CAN-2004-0746 * Wed Jul 28 2004 Than Ngo 6:3.2.2-7 - DCOPServer Temporary Filename Vulnerability, CAN-2004-0690 - temporary directory vulnerability, CAN-2004-0689 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 1f58d8b1b9a5598e249f9cca9dfd989d SRPMS/kdelibs-3.2.2-8.FC2.src.rpm b5106d0e1e28796c79df11a798d1e1bb x86_64/kdelibs-3.2.2-8.FC2.x86_64.rpm 9460641c334c4e448cd94f20dfda49fd x86_64/kdelibs-devel-3.2.2-8.FC2.x86_64.rpm 82353b5f48c540655dbec591ff6afa28 x86_64/debug/kdelibs-debuginfo-3.2.2-8.FC2.x86_64.rpm bbe4cd8f2842be7209f7821d8548926a i386/kdelibs-3.2.2-8.FC2.i386.rpm 9d25c78e9ae1e911411c47f8f4aaae2f i386/kdelibs-devel-3.2.2-8.FC2.i386.rpm 3cb3189b5c72aa10fef2bfb99b2059d2 i386/debug/kdelibs-debuginfo-3.2.2-8.FC2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From than at redhat.com Wed Sep 8 09:30:56 2004 From: than at redhat.com (Than Ngo) Date: Wed, 08 Sep 2004 11:30:56 +0200 Subject: [SECURITY] Fedora Core 1 Update: kdebase-3.1.4-7 Message-ID: <413ED150.9060205@redhat.com> Subject: Fedora Core 1 Update: kdebase-3.1.4-7 --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-292 2004-09-08 --------------------------------------------------------------------- Product : Fedora Core 1 Name : kdebase Version : 3.1.4 Release : 7 Summary : K Desktop Environment - core files Description : Core applications for the K Desktop Environment. Included are: kdm (replacement for xdm), kwin (window manager), konqueror (filemanager, web browser, ftp client, ...), konsole (xterm replacement), kpanel (application starter and desktop pager), kaudio (audio server), kdehelp (viewer for kde help files, info and man pages), kthememgr (system for managing alternate theme packages) plus other KDE components (kcheckpass, kikbd, kscreensaver, kcontrol, kfind, kfontmanager, kmenuedit). --------------------------------------------------------------------- Update Information: Andrew Tuitt reported that versions of KDE up to and including 3.2.3 create temporary directories with predictable names. A local attacker could prevent KDE applications from functioning correctly, or overwrite files owned by other users by creating malicious symlinks. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0689 to this issue. WESTPOINT internet reconnaissance services has discovered that the KDE web browser Konqueror allows websites to set cookies for certain country specific secondary top level domains. An attacker within one of the affected domains could construct a cookie which would be sent to all other websites within the domain leading to a session fixation attack. This issue does not affect popular domains such as .co.uk, .co.in, or .com. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0721 to this issue. A frame injection spoofing vulnerability has been discovered in the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a named frame of a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0746 to this issue. All users of KDE are advised to upgrade to these packages, which contain backported patches from the KDE team for these issues. --------------------------------------------------------------------- * Wed Sep 01 2004 Than Ngo 6:3.1.4-7 - Konqueror Frame Injection Vulnerability, CAN-2004-0721 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 3004c6dd30bc64d3631acd3d2219814d SRPMS/kdebase-3.1.4-7.src.rpm e91dc13e33256a43b283372e4c7d112c x86_64/kdebase-3.1.4-7.x86_64.rpm 21b010b35a8ed93dc8ab0c53a6e37f06 x86_64/kdebase-devel-3.1.4-7.x86_64.rpm 4c89d11b04180f76815b531a52d0d19c x86_64/debug/kdebase-debuginfo-3.1.4-7.x86_64.rpm d0ec97d874f9a5c9b380c6aee2fa5d64 i386/kdebase-3.1.4-7.i386.rpm af1d70916ef1fc53b7dd2f999650374a i386/kdebase-devel-3.1.4-7.i386.rpm df6a6e5af583325164291aaeaeca4269 i386/debug/kdebase-debuginfo-3.1.4-7.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From than at redhat.com Wed Sep 8 09:33:43 2004 From: than at redhat.com (Than Ngo) Date: Wed, 08 Sep 2004 11:33:43 +0200 Subject: [SECURITY] Fedora Core 2 Update: kdebase-3.2.2-6.FC2 Message-ID: <413ED1F7.5040503@redhat.com> Subject: Fedora Core 2 Update: kdebase-3.2.2-6.FC2 --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-293 2004-09-08 --------------------------------------------------------------------- Product : Fedora Core 2 Name : kdebase Version : 3.2.2 Release : 6.FC2 Summary : K Desktop Environment - core files Description : Core applications for the K Desktop Environment. Included are: kdm (replacement for xdm), kwin (window manager), konqueror (filemanager, web browser, ftp client, ...), konsole (xterm replacement), kpanel (application starter and desktop pager), kaudio (audio server), kdehelp (viewer for kde help files, info and man pages), kthememgr (system for managing alternate theme packages) plus other KDE components (kcheckpass, kikbd, kscreensaver, kcontrol, kfind, kfontmanager, kmenuedit). --------------------------------------------------------------------- Update Information: Andrew Tuitt reported that versions of KDE up to and including 3.2.3 create temporary directories with predictable names. A local attacker could prevent KDE applications from functioning correctly, or overwrite files owned by other users by creating malicious symlinks. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0689 to this issue. WESTPOINT internet reconnaissance services has discovered that the KDE web browser Konqueror allows websites to set cookies for certain country specific secondary top level domains. An attacker within one of the affected domains could construct a cookie which would be sent to all other websites within the domain leading to a session fixation attack. This issue does not affect popular domains such as .co.uk, .co.in, or .com. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0721 to this issue. A frame injection spoofing vulnerability has been discovered in the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a named frame of a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0746 to this issue. All users of KDE are advised to upgrade to these packages, which contain backported patches from the KDE team for these issues. --------------------------------------------------------------------- * Mon Sep 06 2004 Than Ngo 6:3.2.2-6.FC2 - fix a bug in keyboard layout with xorg.x11, bug #121950 - fix df problem on AFS * Wed Sep 01 2004 Than Ngo 6:3.2.2-5.FC2 - Konqueror Frame Injection Vulnerability, CAN-2004-0721 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 80f87d426b760776fc7fc03653ad30a6 SRPMS/kdebase-3.2.2-6.FC2.src.rpm 6bbf33f60b428bc3f2e0fac4fa09b64f x86_64/kdebase-3.2.2-6.FC2.x86_64.rpm 8eb7ca6d4dd1557114980885744ecdfd x86_64/kdebase-devel-3.2.2-6.FC2.x86_64.rpm 4e9b9094fc7abd21083de2c17b9f51f0 x86_64/debug/kdebase-debuginfo-3.2.2-6.FC2.x86_64.rpm a05b23c8202566417a5bc2d3a3a5cd88 i386/kdebase-3.2.2-6.FC2.i386.rpm bc6d4263395d4af1a4b89503ff4a8e28 i386/kdebase-devel-3.2.2-6.FC2.i386.rpm 1835604099fdd8c8ed532f5c15709c0d i386/debug/kdebase-debuginfo-3.2.2-6.FC2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From harald at redhat.com Thu Sep 9 07:52:16 2004 From: harald at redhat.com (Harald Hoyer) Date: Thu, 09 Sep 2004 09:52:16 +0200 Subject: [SECURITY] Fedora Core 1 Update: cdrtools-2.01-0.a19.2.FC1.1 Message-ID: <41400BB0.4020101@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-297 2004-09-09 --------------------------------------------------------------------- Product : Fedora Core 1 Name : cdrtools Version : 2.01 Release : 0.a19.2.FC1.1 Summary : A collection of CD/DVD utilities. Description : cdrtools is a collection of CD/DVD utilities. --------------------------------------------------------------------- Update Information: Anyone who has manually suid /usr/bin/cdrecord should update to this version. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0806 --------------------------------------------------------------------- * Wed Sep 08 2004 Harald Hoyer - 8:2.01-0.a19.2.FC1.1 - added patch for CAN-2004-0806, if s.o. is so stupid to make cdrecord suid --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 8c5baaa4f091b16370a2fc6e92684246 SRPMS/cdrtools-2.01-0.a19.2.FC1.1.src.rpm c3ce28f3c5b3190fd888db13f6a4de4c x86_64/cdrecord-2.01-0.a19.2.FC1.1.x86_64.rpm 32c300cf4f4bafd083782de090375c15 x86_64/cdrecord-devel-2.01-0.a19.2.FC1.1.x86_64.rpm e6a285ccdeba93bd15488ebb8ea29690 x86_64/mkisofs-2.01-0.a19.2.FC1.1.x86_64.rpm 86dde7afac3d91514876e876cf96c4e2 x86_64/cdda2wav-2.01-0.a19.2.FC1.1.x86_64.rpm c9cbb9577b4574f33357cb058eae6de4 x86_64/debug/cdrtools-debuginfo-2.01-0.a19.2.FC1.1.x86_64.rpm 02d85342deaca913ffb55b97bba42e10 i386/cdrecord-2.01-0.a19.2.FC1.1.i386.rpm 2c2ecccb5de0d111e1d23bc40d70cfdc i386/cdrecord-devel-2.01-0.a19.2.FC1.1.i386.rpm 969a9959cb2dac9295cb6a1fd6c48a49 i386/mkisofs-2.01-0.a19.2.FC1.1.i386.rpm 3df104a4966c5c075a8acbdc7248d362 i386/cdda2wav-2.01-0.a19.2.FC1.1.i386.rpm 1101f36dc1b269f940805eea77fd4da8 i386/debug/cdrtools-debuginfo-2.01-0.a19.2.FC1.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From harald at redhat.com Thu Sep 9 07:53:29 2004 From: harald at redhat.com (Harald Hoyer) Date: Thu, 09 Sep 2004 09:53:29 +0200 Subject: [SECURITY] Fedora Core 2 Update: cdrtools-2.01-0.a27.4.FC2.3 Message-ID: <41400BF9.2040704@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-298 2004-09-09 --------------------------------------------------------------------- Product : Fedora Core 2 Name : cdrtools Version : 2.01 Release : 0.a27.4.FC2.3 Summary : A collection of CD/DVD utilities. Description : cdrtools is a collection of CD/DVD utilities. --------------------------------------------------------------------- Update Information: Anyone who has manually suid /usr/bin/cdrecord should update to this version. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0806 --------------------------------------------------------------------- * Wed Sep 08 2004 Harald Hoyer - 8:2.01-0.a27.4.FC2.3 - added patch for CAN-2004-0806, if s.o. is so stupid to make cdrecord suid --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 97a97d2384f9ab582736d985f6b8f302 SRPMS/cdrtools-2.01-0.a27.4.FC2.3.src.rpm 6dad4e7c175d300f9d7a0d2338139ca1 x86_64/cdrecord-2.01-0.a27.4.FC2.3.x86_64.rpm 3ca938e1c1c775bb774349e35dcca9c9 x86_64/cdrecord-devel-2.01-0.a27.4.FC2.3.x86_64.rpm fc4ceb93fb901065cad26be9d6e4b222 x86_64/mkisofs-2.01-0.a27.4.FC2.3.x86_64.rpm 6697f963ed06d27bbafc15dbc4a57e15 x86_64/cdda2wav-2.01-0.a27.4.FC2.3.x86_64.rpm 4426a57a0edcdd96cfcd5235dd97ec86 x86_64/debug/cdrtools-debuginfo-2.01-0.a27.4.FC2.3.x86_64.rpm df1786fde31756ea0e86cc6681a61036 i386/cdrecord-2.01-0.a27.4.FC2.3.i386.rpm 7290bd23cbdf9f2bd745a0f10e97588e i386/cdrecord-devel-2.01-0.a27.4.FC2.3.i386.rpm e211f8168b2871d28284a2a51cedfe1a i386/mkisofs-2.01-0.a27.4.FC2.3.i386.rpm 4ad7958b1c95aa4ad4d2309fc6c24bf8 i386/cdda2wav-2.01-0.a27.4.FC2.3.i386.rpm 6279fef62c5fbfa11a8550cd0731f798 i386/debug/cdrtools-debuginfo-2.01-0.a27.4.FC2.3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mclasen at redhat.com Thu Sep 9 19:17:02 2004 From: mclasen at redhat.com (Matthias Clasen) Date: Thu, 09 Sep 2004 15:17:02 -0400 Subject: [SECURITY] Fedora Core 1 Update: imlib-1.9.13-15.fc1 Message-ID: <1094757422.12713.184.camel@golem.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-300 2004-09-09 --------------------------------------------------------------------- Product : Fedora Core 1 Name : imlib Version : 1.9.13 Release : 15.fc1 Summary : An image loading and rendering library for X11R6. Description : Imlib is a display depth independent image loading and rendering library. Imlib is designed to simplify and speed up the process of loading images and obtaining X Window System drawables. Imlib provides many simple manipulation routines which can be used for common operations. Install imlib if you need an image loading and rendering library for X11R6, or if you are installing GNOME. You may also want to install the imlib-cfgeditor package, which will help you configure Imlib. --------------------------------------------------------------------- Update Information: Several heap overflow vulnerabilities have been found in the imlib BMP image handler. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with imlib to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0817 to this issue. Users of imlib should update to this updated package which contains backported patches and is not vulnerable to these issues. --------------------------------------------------------------------- * Thu Sep 09 2004 Matthias Clasen - Security fixes --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 03a77921e2efd86e0703d66de59cad1c SRPMS/imlib-1.9.13-15.fc1.src.rpm 7c819092b3f54e6fba51460f10d4d2db x86_64/imlib-1.9.13-15.fc1.x86_64.rpm 296479ab2f3ebfdb1b43c4454d881009 x86_64/imlib-devel-1.9.13-15.fc1.x86_64.rpm 5b66680b22684df822ef4f38d6e87a35 x86_64/imlib-cfgeditor-1.9.13-15.fc1.x86_64.rpm f211ba31e2b13a872d0c318b4892c624 x86_64/debug/imlib-debuginfo-1.9.13-15.fc1.x86_64.rpm 8bd4bb9bbcad02a8442edd5bd6afd8f2 i386/imlib-1.9.13-15.fc1.i386.rpm 469d4ed01e2ba0b49fdcd0fa01323052 i386/imlib-devel-1.9.13-15.fc1.i386.rpm fa26f3f2c7a877c806b675fc8de68203 i386/imlib-cfgeditor-1.9.13-15.fc1.i386.rpm 7d0d786eb8e5ea9793c2505267a2f650 i386/debug/imlib-debuginfo-1.9.13-15.fc1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mclasen at redhat.com Thu Sep 9 19:17:50 2004 From: mclasen at redhat.com (Matthias Clasen) Date: Thu, 09 Sep 2004 15:17:50 -0400 Subject: [SECURITY] Fedora Core 2 Update: imlib-1.9.13-19 Message-ID: <1094757469.12713.186.camel@golem.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-301 2004-09-09 --------------------------------------------------------------------- Product : Fedora Core 2 Name : imlib Version : 1.9.13 Release : 19 Summary : An image loading and rendering library for X11R6. Description : Imlib is a display depth independent image loading and rendering library. Imlib is designed to simplify and speed up the process of loading images and obtaining X Window System drawables. Imlib provides many simple manipulation routines which can be used for common operations. Install imlib if you need an image loading and rendering library for X11R6, or if you are installing GNOME. You may also want to install the imlib-cfgeditor package, which will help you configure Imlib. --------------------------------------------------------------------- Update Information: Several heap overflow vulnerabilities have been found in the imlib BMP image handler. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with imlib to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0817 to this issue. Users of imlib should update to this updated package which contains backported patches and is not vulnerable to these issues. --------------------------------------------------------------------- * Thu Sep 09 2004 Matthias Clasen - security fixes --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ c6ed83101974d8283a4013a80e356c08 SRPMS/imlib-1.9.13-19.src.rpm 9f6952bd21d1157b4c10dde7f87b8a3d x86_64/imlib-1.9.13-19.x86_64.rpm e70a8c0dec245aea672da1f1608e1e33 x86_64/imlib-devel-1.9.13-19.x86_64.rpm 64aa17fe9a0ea4efa9d48020212274c9 x86_64/imlib-cfgeditor-1.9.13-19.x86_64.rpm 48ef8b28ae79d1c7c82974e7f6b77e86 x86_64/debug/imlib-debuginfo-1.9.13-19.x86_64.rpm d9d04d9df1981e22e45853789a99db19 i386/imlib-1.9.13-19.i386.rpm 9589803f0299131a91bf78ea62cf68c3 i386/imlib-devel-1.9.13-19.i386.rpm b602fcb2d9d57b87abd57792b17c84c1 i386/imlib-cfgeditor-1.9.13-19.i386.rpm fe0ab8902a4f20532cea1f1d988add08 i386/debug/imlib-debuginfo-1.9.13-19.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From fenlason at redhat.com Mon Sep 13 22:01:21 2004 From: fenlason at redhat.com (Jay Fenlason) Date: Mon, 13 Sep 2004 18:01:21 -0400 Subject: [SECURITY] Fedora Core 1 Update: samba-3.0.7-2.FC1 Message-ID: <20040913220121.GB15697@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-304 2004-09-13 --------------------------------------------------------------------- Product : Fedora Core 1 Name : samba Version : 3.0.7 Release : 2.FC1 Summary : The Samba SMB server. Description : Samba is the protocol by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB server that can be used to provide network services to SMB (sometimes called "Lan Manager") clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol. --------------------------------------------------------------------- Update Information: This update addcesses two DoS errors in Samba-3.0.6 This update may also fix other problems some people experienced with Samba-3.0.6. --------------------------------------------------------------------- * Mon Sep 13 2004 Jay Fenlason 3.0.7-2.FC1 - Upgrade to 3.0.7, which fixes CAN-2004-0807 and CAN-2004-0808 This obsoletes the 3.0.6-schema patch. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 9757e9ab6c2b6742bd0e7d43c90b5f68 SRPMS/samba-3.0.7-2.FC1.src.rpm 516c5f141a6c74d1e76916489b7df48b x86_64/samba-3.0.7-2.FC1.x86_64.rpm 09a4f7cf75a9092589f6a1059f427d2d x86_64/samba-client-3.0.7-2.FC1.x86_64.rpm a324f7871f1c40efadca893f067a5435 x86_64/samba-common-3.0.7-2.FC1.x86_64.rpm c9cdfc7a044dac9d0f437849a978cdd2 x86_64/samba-swat-3.0.7-2.FC1.x86_64.rpm 4a18debd87cd2debfe50f06477c3bbfb x86_64/debug/samba-debuginfo-3.0.7-2.FC1.x86_64.rpm 11948fe0d33a6d8e26f4c92c51017ec5 i386/samba-3.0.7-2.FC1.i386.rpm aa07d73eb8a12251bf295fbf3bfa07e1 i386/samba-client-3.0.7-2.FC1.i386.rpm 21bc56202cdde5000cd20a33885e83e1 i386/samba-common-3.0.7-2.FC1.i386.rpm dc9a604697deee540d613297ec1b7c1c i386/samba-swat-3.0.7-2.FC1.i386.rpm 77d193912e368ff09142d502b804ae96 i386/debug/samba-debuginfo-3.0.7-2.FC1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From fenlason at redhat.com Mon Sep 13 22:02:09 2004 From: fenlason at redhat.com (Jay Fenlason) Date: Mon, 13 Sep 2004 18:02:09 -0400 Subject: [SECURITY] Fedora Core 2 Update: samba-3.0.7-2.FC2 Message-ID: <20040913220209.GC15697@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-305 2004-09-13 --------------------------------------------------------------------- Product : Fedora Core 2 Name : samba Version : 3.0.7 Release : 2.FC2 Summary : The Samba SMB server. Description : Samba is the protocol by which a lot of PC-related machines share files, printers, and other information (such as lists of available files and printers). The Windows NT, OS/2, and Linux operating systems support this natively, and add-on packages can enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS, and more. This package provides an SMB server that can be used to provide network services to SMB (sometimes called "Lan Manager") clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need the NetBEUI (Microsoft Raw NetBIOS frame) protocol. --------------------------------------------------------------------- Update Information: This update corrects two Denial-of-Service attacks against Samba-3.0.6. This update may also fix other problems some people experienced with Samba-3.0.6. --------------------------------------------------------------------- * Mon Sep 13 2004 Jay Fenlason 3.0.7-2.FC2 - Upgrade to 3.0.7 to close CAN-2004-0807 and CAN-2004-0808 This obsoletes the 3.0.6-schema patch --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 61069685cc423f62d9a54bb2d95e267b SRPMS/samba-3.0.7-2.FC2.src.rpm 51d78f4c6c66dfd3ecf44735e17a0983 x86_64/samba-3.0.7-2.FC2.x86_64.rpm 10f92c274c213528d611bc9433942f50 x86_64/samba-client-3.0.7-2.FC2.x86_64.rpm 826765f1dd69ebb9c309bfed5af574d6 x86_64/samba-common-3.0.7-2.FC2.x86_64.rpm 77417c565740f526acfd105e5efb0e4b x86_64/samba-swat-3.0.7-2.FC2.x86_64.rpm a0d8c7b1105306ff0cad72dbe924f688 x86_64/debug/samba-debuginfo-3.0.7-2.FC2.x86_64.rpm b21fd9ddd2a3375a2db242f17e46020f i386/samba-3.0.7-2.FC2.i386.rpm baa3b958f91fa31794e5945281526252 i386/samba-client-3.0.7-2.FC2.i386.rpm 4738750072856c0e7ae6329d5632b6ba i386/samba-common-3.0.7-2.FC2.i386.rpm abde417fc55e40b37c19d1089aa59e6f i386/samba-swat-3.0.7-2.FC2.i386.rpm 8e78f2b1df0a73d250a662eaec5241c1 i386/debug/samba-debuginfo-3.0.7-2.FC2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mclasen at redhat.com Wed Sep 15 16:26:19 2004 From: mclasen at redhat.com (Matthias Clasen) Date: Wed, 15 Sep 2004 12:26:19 -0400 Subject: [SECURITY] Fedora Core 1 Update: gdk-pixbuf-0.22.0-11.2.2 Message-ID: <1095265579.12713.237.camel@golem.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-286 2004-09-15 --------------------------------------------------------------------- Product : Fedora Core 1 Name : gdk-pixbuf Version : 0.22.0 Release : 11.2.2 Summary : An image loading library used with GNOME. Description : The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. The GdkPixBuf library provides image loading facilities, the rendering of a GdkPixBuf into various formats (drawables or GdkRGB buffers), and a cache interface. --------------------------------------------------------------------- Update Information: During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw was discovered in the BMP image processor of gdk-pixbuf. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0753 to this issue. During a security audit, Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CAN-2004-0782, CAN-2004-0783) Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file is opened by a victim. (CAN-2004-0788) --------------------------------------------------------------------- * Fri Sep 03 2004 Matthias Clasen - 1:0.22.0-11.2.2 - Rebuild for FC1 * Fri Sep 03 2004 Matthias Clasen - 1:0.22.0-11.1.3 - Rebuild for RHEL3 * Fri Sep 03 2004 Matthias Clasen - 1:0.22.0-11.1.2E - Fix issues in the xpm and ico loaders found by Chris Evans (#130711) * Fri Aug 20 2004 Owen Taylor - 1:0.22.0-10.0.2E - Fix problem with infinite loop on bad BMP data (#130455, test BMP from Chris Evans, fix from Manish Singh) * Sun Aug 15 2004 Tim Waugh 1:0.22.0-9 - Fixed underquoted m4 definition. * Mon Jun 21 2004 Matthias Clasen - Make build * Tue Jun 15 2004 Elliot Lee - rebuilt * Fri Mar 05 2004 Owen Taylor 1:0.22.0-6.0.3 - Include /usr/lib/*.la for AS2.1 * Fri Mar 05 2004 Owen Taylor 1:0.22.0-6.0.2E - Add some additional defines to work with 2.1AS * Thu Mar 04 2004 Owen Taylor 1:0.22.0-6.1.1 - Bump and rebuild * Thu Mar 04 2004 Owen Taylor 1:0.22.0-6.1.0 - Redo package to build without libtool-1.5 patch * Wed Mar 03 2004 Owen Taylor 1:0.22.0-6.0.0 - Add a couple of bug-fixes backported from GTK+-2.x * Tue Mar 02 2004 Elliot Lee - rebuilt * Fri Feb 13 2004 Elliot Lee - rebuilt * Thu Aug 28 2003 Owen Taylor 1:0.22.0-4.0 - Rebuild for RHEL --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 19315b68f5108834ded2239186fc1983 SRPMS/gdk-pixbuf-0.22.0-11.2.2.src.rpm 1e2e3afb3290bbb1f4bd14eec8d16f90 x86_64/gdk-pixbuf-0.22.0-11.2.2.x86_64.rpm 2e96329747230323c2f2583f3cbd4764 x86_64/gdk-pixbuf-devel-0.22.0-11.2.2.x86_64.rpm 39d0264223d1f0e29b6ddd1f0c04809a x86_64/gdk-pixbuf-gnome-0.22.0-11.2.2.x86_64.rpm 556265762760faffa27cf09a368e9c55 x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.2.x86_64.rpm ee240507ab220388cd0b37ccdb59b63d i386/gdk-pixbuf-0.22.0-11.2.2.i386.rpm 0f445a5b5745edf4e6de74742ea4bd46 i386/gdk-pixbuf-devel-0.22.0-11.2.2.i386.rpm 874699ea4c8ba8d5d2a9b467016ffc0a i386/gdk-pixbuf-gnome-0.22.0-11.2.2.i386.rpm bf148083099de37ab7332b2422d3331f i386/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mclasen at redhat.com Wed Sep 15 16:27:12 2004 From: mclasen at redhat.com (Matthias Clasen) Date: Wed, 15 Sep 2004 12:27:12 -0400 Subject: [SECURITY] Fedora Core 1 Update: gtk2-2.2.4-10 Message-ID: <1095265632.12713.239.camel@golem.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-288 2004-09-15 --------------------------------------------------------------------- Product : Fedora Core 1 Name : gtk2 Version : 2.2.4 Release : 10 Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for X. Description : GTK+ is a multi-platform toolkit for creating graphical user interfaces. Offering a complete set of widgets, GTK+ is suitable for projects ranging from small one-off tools to complete application suites. --------------------------------------------------------------------- Update Information: During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw was discovered in the BMP image processor of gtk2. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0753 to this issue. During a security audit Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CAN-2004-0782, CAN-2004-0783) Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file was opened by a victim. (CAN-2004-0788) --------------------------------------------------------------------- * Fri Sep 03 2004 Matthias Clasen - 2.2.4-10 - Fix issues in the xpm and ico loaders found by Chris Evans (#130711) * Fri Aug 20 2004 Owen Taylor - 2.2.4-7.1 - Fix problem with infinite loop on bad BMP data (#130450, test BMP from Chris Evans, fix from Manish Singh) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ d4ae88a59943ed19fb84c197b3800a43 SRPMS/gtk2-2.2.4-10.src.rpm cc87e91fff48e744beda9e0f3cbb9d22 x86_64/gtk2-2.2.4-10.x86_64.rpm eb595b4bd917e25abf6e7730bedcf5e0 x86_64/gtk2-devel-2.2.4-10.x86_64.rpm 85d64ebbf05e414c69d05195fc213704 x86_64/debug/gtk2-debuginfo-2.2.4-10.x86_64.rpm 04c0745cf4dde875344ed93ab38dae8a x86_64/gtk2-2.2.4-10.i386.rpm 04c0745cf4dde875344ed93ab38dae8a i386/gtk2-2.2.4-10.i386.rpm d66eac1eb88431474a089dee707eb0fc i386/gtk2-devel-2.2.4-10.i386.rpm 3d7cf237b8c83d0de2cc74c3c4060567 i386/debug/gtk2-debuginfo-2.2.4-10.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mclasen at redhat.com Wed Sep 15 16:28:04 2004 From: mclasen at redhat.com (Matthias Clasen) Date: Wed, 15 Sep 2004 12:28:04 -0400 Subject: [SECURITY] Fedora Core 2 Update: gdk-pixbuf-0.22.0-11.2.3 Message-ID: <1095265684.12713.241.camel@golem.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-287 2004-09-15 --------------------------------------------------------------------- Product : Fedora Core 2 Name : gdk-pixbuf Version : 0.22.0 Release : 11.2.3 Summary : An image loading library used with GNOME. Description : The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. The GdkPixBuf library provides image loading facilities, the rendering of a GdkPixBuf into various formats (drawables or GdkRGB buffers), and a cache interface. --------------------------------------------------------------------- Update Information: During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw was discovered in the BMP image processor of gdk-pixbuf. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0753 to this issue. During a security audit, Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CAN-2004-0782, CAN-2004-0783) Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file is opened by a victim. (CAN-2004-0788) --------------------------------------------------------------------- * Tue Sep 07 2004 Matthias Clasen - 1:0.22.0-11.2.3 - Rebuild for FC2 * Fri Sep 03 2004 Matthias Clasen - 1:0.22.0-11.2.2 - Rebuild for FC1 * Fri Sep 03 2004 Matthias Clasen - 1:0.22.0-11.1.3 - Rebuild for RHEL3 * Fri Sep 03 2004 Matthias Clasen - 1:0.22.0-11.1.2E - Fix issues in the xpm and ico loaders found by Chris Evans (#130711) * Fri Aug 20 2004 Owen Taylor - 1:0.22.0-10.0.2E - Fix problem with infinite loop on bad BMP data (#130455, test BMP from Chris Evans, fix from Manish Singh) * Sun Aug 15 2004 Tim Waugh 1:0.22.0-9 - Fixed underquoted m4 definition. * Mon Jun 21 2004 Matthias Clasen - Make build * Tue Jun 15 2004 Elliot Lee - rebuilt * Fri Mar 05 2004 Owen Taylor 1:0.22.0-6.0.3 - Include /usr/lib/*.la for AS2.1 * Fri Mar 05 2004 Owen Taylor 1:0.22.0-6.0.2E - Add some additional defines to work with 2.1AS * Thu Mar 04 2004 Owen Taylor 1:0.22.0-6.1.1 - Bump and rebuild * Thu Mar 04 2004 Owen Taylor 1:0.22.0-6.1.0 - Redo package to build without libtool-1.5 patch * Wed Mar 03 2004 Owen Taylor 1:0.22.0-6.0.0 - Add a couple of bug-fixes backported from GTK+-2.x --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ df423014919ec5696f889ac6f4787746 SRPMS/gdk-pixbuf-0.22.0-11.2.3.src.rpm b0c43651dc3ce287199500dfcc2f0587 x86_64/gdk-pixbuf-0.22.0-11.2.3.x86_64.rpm 7e7fc5ed5415290c782869c4b4891cbf x86_64/gdk-pixbuf-devel-0.22.0-11.2.3.x86_64.rpm 144f31eb04ea373b7e03c7c0478956e9 x86_64/gdk-pixbuf-gnome-0.22.0-11.2.3.x86_64.rpm 3eab7a99d72773cc58f9ae76020170d7 x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.3.x86_64.rpm 7191295371d1375fa214aae40ed552ad i386/gdk-pixbuf-0.22.0-11.2.3.i386.rpm 1312362346782b79454397d5116c3401 i386/gdk-pixbuf-devel-0.22.0-11.2.3.i386.rpm 26640728f906fbc08f11302aea0c551d i386/gdk-pixbuf-gnome-0.22.0-11.2.3.i386.rpm 5e6d6f574976df72d29a33e19e178aaa i386/debug/gdk-pixbuf-debuginfo-0.22.0-11.2.3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mclasen at redhat.com Wed Sep 15 16:28:53 2004 From: mclasen at redhat.com (Matthias Clasen) Date: Wed, 15 Sep 2004 12:28:53 -0400 Subject: [SECURITY] Fedora Core 2 Update: gtk2-2.4.7-2.4 Message-ID: <1095265732.12713.243.camel@golem.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-289 2004-09-15 --------------------------------------------------------------------- Product : Fedora Core 2 Name : gtk2 Version : 2.4.7 Release : 2.4 Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for X. Description : GTK+ is a multi-platform toolkit for creating graphical user interfaces. Offering a complete set of widgets, GTK+ is suitable for projects ranging from small one-off tools to complete application suites. --------------------------------------------------------------------- Update Information: During testing of a previously fixed flaw in Qt (CAN-2004-0691), a flaw was discovered in the BMP image processor of gtk2. An attacker could create a carefully crafted BMP file which would cause an application to enter an infinite loop and not respond to user input when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0753 to this issue. During a security audit Chris Evans discovered a stack and a heap overflow in the XPM image decoder. An attacker could create a carefully crafted XPM file which could cause an application linked with gtk2 to crash or possibly execute arbitrary code when the file was opened by a victim. (CAN-2004-0782, CAN-2004-0783) Chris Evans also discovered an integer overflow in the ICO image decoder. An attacker could create a carefully crafted ICO file which could cause an application linked with gtk2 to crash when the file was opened by a victim. (CAN-2004-0788) --------------------------------------------------------------------- * Tue Sep 07 2004 Matthias Clasen - 2.4.7-2.4 - Fix issues in the xpm and ico loaders found by Chris Evans (#130711) * Fri Aug 20 2004 Owen Taylor - 2.4.7-2.2 - Fix problem with infinite loop on bad BMP data (#130450, test BMP from Chris Evans, fix from Manish Singh) * Sat Aug 14 2004 Matthias Clasen 2.4.7-1 - update to 2.4.7 * Fri Aug 13 2004 Matthias Clasen 2.4.6-1 - update to 2.4.6 - call libtoolize --force to win .so's back... * Fri Jul 30 2004 Jonathan Blandford 2.4.4-4 - add typeahead patch to GtkTreeView - automake-1.9 * Tue Jul 27 2004 Matthias Clasen - 2.4.4-3 - Use -64 suffix on powerpc64. (#128605) * Fri Jul 16 2004 Matthias Clasen - 2.4.4-2 - Fix permissions of gdk-pixbuf-csource script. - Escape macros in %changelog * Fri Jul 09 2004 Matthias Clasen - 2.4.4-1 - Update to 2.4.4 * Thu Jul 08 2004 Matthias Clasen - 2.4.1-5 - Look for the gtk.immodules file in the right location. (#127073) * Thu Jul 08 2004 Matthias Clasen - 2.4.1-4 - Add a wrapper for gdk-pixbuf-csource. * Wed Jun 23 2004 Matthias Clasen - 2.4.1-3 - Don't install testgtk and testtext - Rename binaries to -32/-64 (#124478) - Move arch-dependent config files to /etc/gtk-2.0/$host (#124482) - Add wrappers for updating the arch-dependent config files * Tue Jun 15 2004 Elliot Lee - rebuilt * Thu May 20 2004 Matthias Clasen - 2.4.1-1 - Upgrade to 2.4.1 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 75a86a6d678f76a2f6238a992463005f SRPMS/gtk2-2.4.7-2.4.src.rpm f6923be90c1621e83a19df610213ff12 x86_64/gtk2-2.4.7-2.4.x86_64.rpm e46b3ea2a153749dcf6d5cdf38603ea6 x86_64/gtk2-devel-2.4.7-2.4.x86_64.rpm 81f2cf32b341d60fa766e638624a201c x86_64/debug/gtk2-debuginfo-2.4.7-2.4.x86_64.rpm b659bb38815921f415c45790d2c4b1c6 x86_64/gtk2-2.4.7-2.4.i386.rpm b659bb38815921f415c45790d2c4b1c6 i386/gtk2-2.4.7-2.4.i386.rpm 9d38f480c8ccb6857fc6cbdb322ac073 i386/gtk2-devel-2.4.7-2.4.i386.rpm 5099d6ef8357b99e90e9fa2fd9c28695 i386/debug/gtk2-debuginfo-2.4.7-2.4.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From jorton at redhat.com Thu Sep 16 11:08:22 2004 From: jorton at redhat.com (Joe Orton) Date: Thu, 16 Sep 2004 12:08:22 +0100 Subject: [SECURITY] Fedora Core 1 Update: apr-util-0.9.4-2.1 Message-ID: <20040916110822.GD6809@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-307 2004-09-16 --------------------------------------------------------------------- Product : Fedora Core 1 Name : apr-util Version : 0.9.4 Release : 2.1 Summary : Apache Portable Runtime Utility library Description : The mission of the Apache Portable Runtime (APR) is to provide a free library of C data structures and routines. This library contains additional utility interfaces for APR; including support for XML, LDAP, database interfaces, URI parsing and more. --------------------------------------------------------------------- Update Information: Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child process could be made to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0786 to this issue. This update includes a backported patch for this issue. --------------------------------------------------------------------- * Wed Sep 15 2004 Joe Orton 0.9.4-2.1 - add security fix for CAN-2004-0786 - add fix for SHA1 password support --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ a20b967ffa4e004ba2c24ae6f6d0285b SRPMS/apr-util-0.9.4-2.1.src.rpm 51a0579a62f8a8883946b88863aec3d0 x86_64/apr-util-0.9.4-2.1.x86_64.rpm 814f6f5290b802b1997da32c569034c1 x86_64/apr-util-devel-0.9.4-2.1.x86_64.rpm 0344e8181664d9e6b37bc298fe79cc95 x86_64/debug/apr-util-debuginfo-0.9.4-2.1.x86_64.rpm 6d8df3d6e25c851161e1865f96eab6b4 i386/apr-util-0.9.4-2.1.i386.rpm bcf23f81f50ff80b3fff315b1a6aff92 i386/apr-util-devel-0.9.4-2.1.i386.rpm ea3b514f7544b0eef8deacf1b4e57a62 i386/debug/apr-util-debuginfo-0.9.4-2.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From jorton at redhat.com Thu Sep 16 11:11:58 2004 From: jorton at redhat.com (Joe Orton) Date: Thu, 16 Sep 2004 12:11:58 +0100 Subject: [SECURITY] Fedora Core 2 Update: apr-util-0.9.4-14.2 Message-ID: <20040916111158.GE6809@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-308 2004-09-16 --------------------------------------------------------------------- Product : Fedora Core 2 Name : apr-util Version : 0.9.4 Release : 14.2 Summary : Apache Portable Runtime Utility library Description : The mission of the Apache Portable Runtime (APR) is to provide a free library of C data structures and routines. This library contains additional utility interfaces for APR; including support for XML, LDAP, database interfaces, URI parsing and more. --------------------------------------------------------------------- Update Information: Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child process could be made to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0786 to this issue. This update includes a backported fix for this issue. --------------------------------------------------------------------- * Tue Sep 14 2004 Joe Orton 0.9.4-14.2 - add security fix for CAN-2004-0786 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 707beabca3584d07dbcd3614b80093cb SRPMS/apr-util-0.9.4-14.2.src.rpm 902896dacdd450d100949c5a5af98f93 x86_64/apr-util-0.9.4-14.2.x86_64.rpm 58781e97602be02bb0b37d7039aaed78 x86_64/apr-util-devel-0.9.4-14.2.x86_64.rpm 02ef6a9f2c5651c7db6cd33432b86058 x86_64/debug/apr-util-debuginfo-0.9.4-14.2.x86_64.rpm 70b1159aff827af2930b5488064c4a00 i386/apr-util-0.9.4-14.2.i386.rpm f602170d5cf714238b2a91f4ce4ae052 i386/apr-util-devel-0.9.4-14.2.i386.rpm d9b03f13abf22c32ac291da2ce2a5a10 i386/debug/apr-util-debuginfo-0.9.4-14.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From notting at redhat.com Mon Sep 20 14:16:06 2004 From: notting at redhat.com (Bill Nottingham) Date: Mon, 20 Sep 2004 10:16:06 -0400 Subject: Announcing Fedora Core 3 Test 2 Message-ID: <20040920141606.GA30766@nostromo.devel.redhat.com> Coming soon to a site near you... for the first time, it's the new, digitally remastered, Fedora Core 3 Test 2! Now, you can take home this never before seen four-disc set, chock full of new software and exciting bonus features! Includes hundreds of new and updated packages over the original edition, including: - a minor change to the device model, switching from a static /dev to a dynamic /dev provided by udev - SELinux enablement - the GNOME 2.8 release candidate - KDE 3.3.0 - X.org X11 6.8.0 Please report problems at: http://bugzilla.redhat.com/bugzilla File bugs against product 'Fedora Core', release 'fc3test2'. For more information on just waht the Fedora Project and Fedora Core is, please see: http://fedora.redhat.com/ Fedora Core 3 Test 2 is available at the following sites: * North America: * USA East: * ftp://ftp.linux.ncsu.edu/pub/fedora/linux/core/test/2.91/ * http://ftp.ndlug.nd.edu/pub/fedora/linux/core/test/2.91/ * ftp://ftp.ndlug.nd.edu/pub/fedora/linux/core/test/2.91/ * ftp://mirror.cs.princeton.edu/pub/mirrors/fedora/linux/core/test/2.91/ * http://ftp.dc.aleron.net/linux/fedora/linux/core/test/2.91 * ftp://ftp.dc.aleron.net/linux/fedora/linux/core/test/2.91 * rsync://ftp.dc.aleron.net::fedora-linux-core-test/2.91/ * ftp://redhat.secsup.org/pub/linux/redhat/fedora/core/test/2.91 * http://redhat.secsup.org/fedora/core/test/2.91 * ftp://mirror.clarkson.edu/pub/distributions/fedora/linux/core/test/2.91/ * http://mirror.clarkson.edu/pub/distributions/fedora/linux/core/test/2.91/ * ftp://ftp.cse.buffalo.edu/pub/fedora/linux/core/test/2.91/ * ftp://ftp.ale.org/mirrors/fedora/linux/core/test/2.91 * http://ftp.ale.org/mirrors/fedora/linux/core/test/2.91 * ftp://ftp.gtlib.cc.gatech.edu/pub/fedora.redhat/linux/core/test/2.91 * http://www.gtlib.cc.gatech.edu/pub/fedora.redhat/linux/core/test/2.91 * rsync://rsync.gtlib.cc.gatech.edu/fedora-linux-core/test/2.91 * ftp://mirror.eas.muohio.edu/pub/fedora/linux/core/test/2.91 * http://mirror.hiwaay.net/redhat/fedora/linux/core/test/2.91/ * ftp://mirror.hiwaay.net/redhat/fedora/linux/core/test/2.91/ * rsync://mirror.hiwaay.net/fedora-linux-core-test/2.91/ * http://mirror.linux.duke.edu/pub/fedora/linux/core/test/2.91/ * ftp://mirror.linux.duke.edu/pub/fedora/linux/core/test/2.91/ * rsync://mirror.linux.duke.edu/fedora-linux-core/test/2.91/ * USA West: * http://fedora.cat.pdx.edu/linux/core/test/2.91/ * rsync://fedora.cat.pdx.edu/fedora-linux-core-test/2.91/ * Canada: * ftp://less.cogeco.net/pub/fedora/linux/core/test/2.91/ * http://mirror.cpsc.ucalgary.ca/mirror/fedora/linux/core/test/2.91/ * ftp://mirror.cpsc.ucalgary.ca/mirror/fedora/linux/core/test/2.91/ * rsync://mirror.cpsc.ucalgary.ca/fedora/linux/core/test/2.91/ * http://gulus.USherbrooke.ca/pub/distro/fedora/linux/core/test/2.91/ * South America: * Portugal: * http://tux.cprm.net/pub/ftp.redhat.com/fedora/linux/core/test/2.91 * ftp://tux.cprm.net/pub/ftp.redhat.com/fedora/linux/core/test/2.91 * Europe: * Austria: * ftp://gd.tuwien.ac.at/opsys/linux/fedora/core/test/2.91/ * http://gd.tuwien.ac.at/opsys/linux/fedora/core/test/2.91/ * rsync://gd.tuwien.ac.at/opsys/linux/fedora/core/test/2.91/ * Czech Republic: * ftp://ftp.fi.muni.cz/pub/linux/fedora-core/test/2.91/ * rsync://ftp.fi.muni.cz/pub/linux/fedora-core/test/2.91/ * ftp://ftp6.linux.cz/pub/linux/fedora-core/test/2.91/ (IPv6) * ftp://sunsite.mff.cuni.cz/pub/fedora/test/2.91/ * http://sunsite.mff.cuni.cz/pub/fedora/test/2.91/ * rsync://sunsite.mff.cuni.cz/fedora/fedora/test/2.91/ * ftp://ultra.linux.cz/pub/fedora/test/2.91/ * ftp://ftp1.skynet.cz/pub/linux/fedora/test/2.91 * Denmark: * ftp://klid.dk/fedora/linux/core/test/2.91 * Finland: * http://ftp.funet.fi/pub/mirrors/ftp.redhat.com/pub/fedora/linux/core/test/2.91/ - i386 only * ftp://ftp.funet.fi/pub/mirrors/ftp.redhat.com/pub/fedora/linux/core/test/2.91/ - i386 only * http://ftp.ipv6.funet.fi/pub/mirrors/ftp.redhat.com/pub/fedora/linux/core/test/2.91/ - i386 only * ftp://ftp.ipv6.funet.fi/pub/mirrors/ftp.redhat.com/pub/fedora/linux/core/test/2.91/ - i386 only * France: * ftp://ftp.ciril.fr/pub/linux/fedora/linux/core/test/2.91 * Germany: * ftp://sunsite.informatik.rwth-aachen.de/pub/linux/fedora-core/test/2.91 * http://sunsite.informatik.rwth-aachen.de/ftp/pub/linux/fedora-core/test/2.91 * ftp://ftp.tu-chemnitz.de/pub/linux/fedora-core/test/2.91/ * http://ftp.tu-chemnitz.de/pub/linux/fedora-core/test/2.91/ * http://download.atrpms.net/mirrors/fedoracore/test/2.91/ * ftp://ftp.stw-bonn.de/pub/mirror/fedora/linux/core/test/2.91/ * http://ftp.stw-bonn.de/pub/mirror/fedora/linux/core/test/2.91/ * ftp://ftp.uni-bayreuth.de/pub/linux/fedora/linux/core/test/2.91 * rsync://rsync.uni-bayreuth.de/fedora-linux-core/test/2.91 * ftp://ftp.join.uni-muenster.de/pub/linux/distributions/fedora/linux/core/test/2.91 * rsync://ftp.join.uni-muenster.de/fedora-linux-core-test/2.91/ * Ireland: * http://ftp.esat.net/mirrors/download.fedora.redhat.com/pub/fedora/linux/core/test/2.91 * ftp://ftp.esat.net/mirrors/download.fedora.redhat.com/pub/fedora/linux/core/test/2.91 * rsync://ftp.esat.net/mirrors/download.fedora.redhat.com/pub/fedora/linux/core/test/2.91 * http://ftp.heanet.ie/pub/fedora/linux/core/test/2.91/ * ftp://ftp.heanet.ie/pub/fedora/linux/core/test/2.91/ * rsync://ftp.heanet.ie/pub/fedora/linux/core/test/2.91/ * Netherlands: * ftp://alviss.et.tudelft.nl/pub/fedora/core/test/2.91/ * ftp://ftp.quicknet.nl/pub/Linux/download.fedora.redhat.com/test/2.91/ * ftp://ftp.eu.uu.net/pub/linux/fedora/test/2.91/ * Poland: * ftp://sunsite.icm.edu.pl/pub/Linux/fedora/linux/core/test/2.91/ * http://sunsite.icm.edu.pl/pub/Linux/fedora/linux/core/test/2.91/ * rsync://sunsite.icm.edu.pl/pub/Linux/fedora/linux/core/test/2.91/ * ftp://ftp.wsisiz.edu.pl/pub/Linux/fedora/linux/core/test/2.91/ * Romania: * http://ftp.lug.ro/fedora/linux/core/test/2.91/ * ftp://ftp.lug.ro/fedora/linux/core/test/2.91/ * United Kingdom: * http://zeniiia.linux.org.uk/pub/distributions/fedora/linux/core/test/2.91/ * ftp://zeniiia.linux.org.uk/pub/distributions/fedora/linux/core/test/2.91/ * rsync://zeniiia.linux.org.uk/fedora-linux-core/test/2.91/ * Asia/Pacific: * Australia: * http://planetmirror.com/pub/fedora/linux/core/test/2.91/ * ftp://ftp.planetmirror.com/pub/fedora/linux/core/test/2.91/ * rsync://rsync.planetmirror.com/fedora-linux-core-test/2.91/ * Japan: * ftp://ftp.riken.jp/Linux/fedora/core/test/2.91/ * http://ftp.riken.jp/Linux/fedora/core/test/2.91/ * rsync://ftp.riken.jp/fedora/core/test/2.91/ * ftp://ftp.kddilabs.jp/Linux/packages/fedora/core/test/2.91/ * http://ftp.kddilabs.jp/Linux/packages/fedora/core/test/2.91/ * rsync://ftp.kddilabs.jp/fedora/core/test/2.91/ * Taiwan: * http://ftp.isu.edu.tw/pub/Linux/Fedora/linux/core/test/2.91 * ftp://ftp.isu.edu.tw/pub/Linux/Fedora/linux/core/test/2.91 More mirrors will come online in the near future; check: http://fedora.redhat.com/download/mirrors.html for a list of mirrors that carry Fedora Core. One additional feature provided by the Linux community is the availability of Fedora Core releases via BitTorrent. http://torrent.linux.duke.edu/FC3-test2-binary-i386.torrent http://torrent.linux.duke.edu/FC3-test2-binary-x86_64.torrent See http://torrent.linux.duke.edu/ for other forms, including SRPMS and the DVD iso. RPMS for BitTorrent are available from: http://torrent.linux.duke.edu/btrpms/ Usage is simple: btdownloadcurses.py --url http://URL.torrent Allow incoming TCP 6881 - 6889 to join the torrent swarm. From notting at redhat.com Mon Sep 20 15:43:00 2004 From: notting at redhat.com (Bill Nottingham) Date: Mon, 20 Sep 2004 11:43:00 -0400 Subject: Announcing Fedora Core 3 Test 2 In-Reply-To: <20040920141606.GA30766@nostromo.devel.redhat.com> References: <20040920141606.GA30766@nostromo.devel.redhat.com> Message-ID: <20040920154300.GA31946@nostromo.devel.redhat.com> Bill Nottingham (notting at redhat.com) said: > * South America: > > * Portugal: > > * http://tux.cprm.net/pub/ftp.redhat.com/fedora/linux/core/test/2.91 > * ftp://tux.cprm.net/pub/ftp.redhat.com/fedora/linux/core/test/2.91 Portugal, is, of course, in Europe. Apologies for the inconvenience. Bill From notting at redhat.com Mon Sep 20 16:42:09 2004 From: notting at redhat.com (Bill Nottingham) Date: Mon, 20 Sep 2004 12:42:09 -0400 Subject: Fedora Core 1 Transferred to Fedora Legacy Message-ID: <20040920164209.GA32524@nostromo.devel.redhat.com> Fedora Core 1 Transferred to Fedora Legacy With the release of Fedora Core 3 Test 2, the Fedora Steering Committee would like to announce the transfer of Fedora Core 1 to the Fedora Legacy Project. This means that updates for Fedora Core 1 will no longer be posted at http://download.fedora.redhat.com/. For more information on the Fedora Legacy Project, or if you wish to join the team please see http://fedoralegacy.org/. From bressers at redhat.com Tue Sep 21 22:07:29 2004 From: bressers at redhat.com (Josh Bressers) Date: Tue, 21 Sep 2004 18:07:29 -0400 Subject: [SECURITY] Fedora Core 2 Update: foomatic-3.0.1-3.1 Message-ID: <20040921220729.GF8176@devserv.devel.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-303 2004-09-21 --------------------------------------------------------------------- Product : Fedora Core 2 Name : foomatic Version : 3.0.1 Release : 3.1 Summary : Foomatic printer database. Description : Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. It contains utilities to generate driver description files and printer queues for CUPS, LPD, LPRng, and PDQ using the database. There is also the possibility to read the PJL options out of PJL-capable laser printers and take them into account at the driver description file generation. There are spooler-independent command line interfaces to manipulate queues (foomatic-configure) and to print files/manipulate jobs (foomatic printjob). The site http://www.linuxprinting.org/ is based on this database. --------------------------------------------------------------------- Update Information: Sebastian Krahmer reported a bug in the cupsomatic and foomatic-rip print filters, used by the CUPS print spooler. An attacker who has printing access could send a carefully named file to the print server causing arbitrary commands to be executed as root. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0801 to this issue. --------------------------------------------------------------------- * Fri Sep 10 2004 Tim Waugh 3.0.1-3.1 - Fix security issue (CAN-2004-0801, bug #130951). Patch from Till Kamppeter. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ cab9692a6b2b0161f73b1b9039c6f491 SRPMS/foomatic-3.0.1-3.1.src.rpm 46227411cf108d7436169f198514aca0 x86_64/foomatic-3.0.1-3.1.x86_64.rpm ea451e8bd0b25fbcd5d22faad369a4fb x86_64/debug/foomatic-debuginfo-3.0.1-3.1.x86_64.rpm 571e627239ed4bb5c53d7298f54a56de i386/foomatic-3.0.1-3.1.i386.rpm 7eac2a20ce6fd91a7be07c9b797d3fc6 i386/debug/foomatic-debuginfo-3.0.1-3.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mclasen at redhat.com Thu Sep 23 16:34:37 2004 From: mclasen at redhat.com (Matthias Clasen) Date: Thu, 23 Sep 2004 12:34:37 -0400 Subject: Fedora Core 2 Update: gtk2-2.4.7-2.6 Message-ID: <1095957277.16939.9.camel@golem.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-314 2004-09-23 --------------------------------------------------------------------- Product : Fedora Core 2 Name : gtk2 Version : 2.4.7 Release : 2.6 Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for X. Description : GTK+ is a multi-platform toolkit for creating graphical user interfaces. Offering a complete set of widgets, GTK+ is suitable for projects ranging from small one-off tools to complete application suites. --------------------------------------------------------------------- Update Information: The previous update for the gtk2 contained a bug which breaks image thumbnailing in Nautilus. This update fixes the problem. --------------------------------------------------------------------- * Tue Sep 21 2004 Matthias Clasen - 2.4.7-2.6 - Fix image thumbnailing in nautilus. (#132836) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 817a8555fdbcd2bd5b0691dc37921e43 SRPMS/gtk2-2.4.7-2.6.src.rpm 98bcadd966860e9784006055b42f6d1a x86_64/gtk2-2.4.7-2.6.x86_64.rpm 6eae821587a1642daffaf1ad8e82069c x86_64/gtk2-devel-2.4.7-2.6.x86_64.rpm 2e2a98ec0a34120fa27d4cb96ff71857 x86_64/debug/gtk2-debuginfo-2.4.7-2.6.x86_64.rpm dc38b91b5fcb674f555b5706ddfe0428 x86_64/gtk2-2.4.7-2.6.i386.rpm dc38b91b5fcb674f555b5706ddfe0428 i386/gtk2-2.4.7-2.6.i386.rpm 5faf6ef80013a2f4ae2a041b7aa3c33e i386/gtk2-devel-2.4.7-2.6.i386.rpm 32653464cb99dc72f1f912153aa43283 i386/debug/gtk2-debuginfo-2.4.7-2.6.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From jorton at redhat.com Thu Sep 23 20:58:59 2004 From: jorton at redhat.com (Joe Orton) Date: Thu, 23 Sep 2004 21:58:59 +0100 Subject: [SECURITY] Fedora Core 2 Update: httpd-2.0.51-2.7 Message-ID: <20040923205859.GA31114@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-313 2004-09-23 --------------------------------------------------------------------- Product : Fedora Core 2 Name : httpd Version : 2.0.51 Release : 2.7 Summary : Apache HTTP Server Description : Apache is a powerful, full-featured, efficient, and freely-available Web server. Apache is also the most popular Web server on the Internet. --------------------------------------------------------------------- This update includes the latest stable release of Apache httpd 2.0, including fixes for possible denial of service issues in mod_ssl (CAN-2004-0751, CAN-2004-0747) and mod_dav_fs (CAN-2004-0809), and a privilege elevation attack for local users (CAN-2004-0747). Note that these packages do also contain the fix for a regression in Satisfy handling in the 2.0.51 release (CAN-2004-0811). --------------------------------------------------------------------- * Tue Sep 21 2004 Joe Orton 2.0.51-2.7 - ap_rgetline_core fix from Rici Lake * Tue Sep 21 2004 Joe Orton 2.0.51-2.6 - fix 2.0.51 regression in Satisfy merging (CAN-2004-0811) * Thu Sep 16 2004 Joe Orton 2.0.51-2.5 - mod_ssl: prevent SIGHUP-triggers-SIGSEGV after upgrade from 2.0.50 - revert mod_ldap/mod_auth_ldap changes likewise * Wed Sep 15 2004 Joe Orton 2.0.51-2.1 - update to 2.0.51, including security fixes for: * core: CAN-2004-0747 * mod_dav_fs: CAN-2004-0809 * mod_ssl: CAN-2004-0751, CAN-2004-0748 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 99c4698c12b5ce206fe1d421a0d24626 SRPMS/httpd-2.0.51-2.7.src.rpm e015611ce4a96ef0488eb772d4e20e95 x86_64/httpd-2.0.51-2.7.x86_64.rpm 9d4c7c3db22fe5b8b5db8f0e6229c9c1 x86_64/httpd-devel-2.0.51-2.7.x86_64.rpm 0d5eaca4b6a0ca22dfb164438f0df73d x86_64/httpd-manual-2.0.51-2.7.x86_64.rpm 6ae2964daebddd4630a143712583929b x86_64/mod_ssl-2.0.51-2.7.x86_64.rpm a87b486fe234e674ec7a7040da825874 x86_64/debug/httpd-debuginfo-2.0.51-2.7.x86_64.rpm 6ce668b14a339a895c1f94d3d2c74344 i386/httpd-2.0.51-2.7.i386.rpm bf2d5ce617b715efb85a6bef1dcc1ff6 i386/httpd-devel-2.0.51-2.7.i386.rpm 7fdc3fd7ffd27e10ed608bad819f8203 i386/httpd-manual-2.0.51-2.7.i386.rpm df387ada50ec5a154d840ae8d3996157 i386/mod_ssl-2.0.51-2.7.i386.rpm feb541c52c040b0e12c879a3f264f5b7 i386/debug/httpd-debuginfo-2.0.51-2.7.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From jorton at redhat.com Thu Sep 23 21:04:10 2004 From: jorton at redhat.com (Joe Orton) Date: Thu, 23 Sep 2004 22:04:10 +0100 Subject: [SECURITY] Fedora Core 2 Update: subversion-1.0.8-1 Message-ID: <20040923210410.GB31114@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-318 2004-09-23 --------------------------------------------------------------------- Product : Fedora Core 2 Name : subversion Version : 1.0.8 Release : 1 Summary : Modern Version Control System designed to replace CVS Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. --------------------------------------------------------------------- Update Information: This update includes the latest stable release of Subversion, including a security fix for information disclosure bugs in handling of metadata (such as log messages) in repositories using mod_authz_svn for path-based access-control (CAN-2004-0749). --------------------------------------------------------------------- * Thu Sep 23 2004 Joe Orton 1.0.8-1 - update to 1.0.8 (mod_authz_svn security fix, CAN-2004-0749) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ c8e5bdf05d542ad3ba3e491a7866401e SRPMS/subversion-1.0.8-1.src.rpm 63915e9ecdc55267108493a1a27234d7 x86_64/subversion-1.0.8-1.x86_64.rpm 560ec06f7756d22cdaa8f2a7522acf52 x86_64/subversion-devel-1.0.8-1.x86_64.rpm 0cd133ee95123c620cf9b859d7bd225e x86_64/mod_dav_svn-1.0.8-1.x86_64.rpm ba61830fb3a8be68f5c39bc0dca642f3 x86_64/subversion-perl-1.0.8-1.x86_64.rpm 171925d1eb6db9173a8d12c8027f36a5 x86_64/debug/subversion-debuginfo-1.0.8-1.x86_64.rpm 4a2484241e2d01bfe6f912d3adb34ab3 i386/subversion-1.0.8-1.i386.rpm 4d2cf86a62a1a166a251d4febd0bb60b i386/subversion-devel-1.0.8-1.i386.rpm 1414749aefab44d7356b6c9b55a47c44 i386/mod_dav_svn-1.0.8-1.i386.rpm 7e1b229e3f790b394006672e4f813be5 i386/subversion-perl-1.0.8-1.i386.rpm 97550cc2bd748cf71a9bd46c665e8381 i386/debug/subversion-debuginfo-1.0.8-1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From ezannoni at redhat.com Thu Sep 23 22:04:03 2004 From: ezannoni at redhat.com (Elena Zannoni) Date: Thu, 23 Sep 2004 18:04:03 -0400 Subject: [ANNOUNCE] New mailing list: fedora-tools-list Message-ID: <16723.18515.99062.946342@localhost.redhat.com> This is to announce the availability of a new Fedora mailing list for tools specific discussions. The term "tools" includes packages like gcc, gdb, binutils, glibc, oprofile, libstdc++, elfutils, etc... The list is for users and developers posting bug reports, usage questions and answers, patches and test results, etc. For subscription details see: http://www.redhat.com/mailman/listinfo/fedora-tools-list From nphilipp at redhat.com Mon Sep 27 07:08:20 2004 From: nphilipp at redhat.com (Nils Philippsen) Date: Mon, 27 Sep 2004 09:08:20 +0200 Subject: Fedora Core 2 Update: system-config-samba-1.2.15-0.fc2.1 Message-ID: <1096268900.10535.0.camel@wombat.tiptoe.de> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-306 2004-09-27 --------------------------------------------------------------------- Product : Fedora Core 2 Name : system-config-samba Version : 1.2.15 Release : 0.fc2.1 Summary : Samba server configuration tool Description : system-config-samba is a graphical user interface for creating, modifying, and deleting samba shares. --------------------------------------------------------------------- * Wed Sep 15 2004 Nils Philippsen - 1.2.15-0.fc2.1 - write smbpasswd file when adding user (#132084) * Sun Aug 15 2004 Nils Philippsen - 1.2.14-1 - make share name configurable (#110804, use patch from Philip Van Hoof, fix it up a bit) - do some more code consolidation * Tue Jul 20 2004 Brent Fox - 1.2.13-1 - add 'cups option' entry (bug #128245) * Wed Jun 23 2004 Brent Fox - 1.2.12-1 - use popen instead of system (bug #112528) * Tue Jun 22 2004 Brent Fox - 1.2.11-1 - fix security and guest account defaults (bug #121745) * Mon Jun 21 2004 Brent Fox - 1.2.10-1 - write workgroup name explicitly (bug #126435) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 8b3d71dd9cf6cf0df9e45d6e72756c6a SRPMS/system-config-samba-1.2.15-0.fc2.1.src.rpm 0464a33daa2fc24b77a508935a611367 x86_64/system-config-samba-1.2.15-0.fc2.1.noarch.rpm 0464a33daa2fc24b77a508935a611367 i386/system-config-samba-1.2.15-0.fc2.1.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -- Nils Philippsen / Red Hat / nphilipp at redhat.com "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- B. Franklin, 1759 PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011 From twaugh at redhat.com Tue Sep 28 16:16:55 2004 From: twaugh at redhat.com (Tim Waugh) Date: Tue, 28 Sep 2004 17:16:55 +0100 Subject: Fedora Core 2 Update: vnc-4.0-5 Message-ID: <20040928161655.GE21098@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-280 2004-09-28 --------------------------------------------------------------------- Product : Fedora Core 2 Name : vnc Version : 4.0 Release : 5 Summary : A remote display system. Description : Virtual Network Computing (VNC) is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you to connect to other desktops running a VNC server. --------------------------------------------------------------------- Update Information: This package updates VNC to the latest released version, 4.0. It also fixes several bugs not fixed upstream. --------------------------------------------------------------------- * Fri Aug 27 2004 Tim Waugh 4.0-5 - Built for Fedora Core 2. * Wed Aug 25 2004 Tim Waugh 4.0-4 - Apply and enable Kristian H?gsberg's --use-fb patch. * Mon Aug 02 2004 Tim Waugh - Fixed vnc-via patch (bug #128940). * Thu Jun 24 2004 Tim Waugh 4.0-3 - 4.0. - No longer need hotspot patch. - Add sparc patch from bug #126382. * Tue Jun 15 2004 Elliot Lee - rebuilt * Tue Jun 01 2004 Tim Waugh 4.0-1.beta5.6 - Turn ppc64 builds on again. * Tue Jun 01 2004 Tim Waugh 4.0-1.beta5.5 - Exclude ppc64 until the build machine is fixed. - Undo last vnc.def change to get vnc.so back. * Fri May 28 2004 Tim Waugh 4.0-1.beta5.4 - Further vnc.def fix. - Fix cursor handling for hotspots outside the bounding rectangle. * Thu May 27 2004 Tim Waugh 4.0-1.beta5.3 - Fix ppc64 build. - Fix debuginfo package. - Another fix for REGION_INIT usage. * Wed May 26 2004 Tim Waugh 4.0-1.beta5.2 - Switch to xorg-x11 (bug #119530). * Thu May 20 2004 Tim Waugh 4.0-1.beta5.1 - 4.0beta5. - Removed compat, f8 and crash patches. - Fixed via patch now that NULL is not a valid parameter default. - Updated gcc34 patch. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ c05b1bfa8ea9cf1a9e651a75adaed972 SRPMS/vnc-4.0-5.src.rpm c39e93c8536cc04ce1f5204cb5b7d384 x86_64/vnc-4.0-5.x86_64.rpm a4018dcc7da55504384834bd203caad4 x86_64/vnc-server-4.0-5.x86_64.rpm 4d986ed90f78e3f8ddfde66c111982ba x86_64/debug/vnc-debuginfo-4.0-5.x86_64.rpm d5086758ca7dd17c51ea5423e0931701 i386/vnc-4.0-5.i386.rpm 2891853d846531c64193a18fc32f893f i386/vnc-server-4.0-5.i386.rpm c1920027fd669bdd7729ce8157b03977 i386/debug/vnc-debuginfo-4.0-5.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From twaugh at redhat.com Tue Sep 28 16:21:17 2004 From: twaugh at redhat.com (Tim Waugh) Date: Tue, 28 Sep 2004 17:21:17 +0100 Subject: [SECURITY] Fedora Core 2 Update: cups-1.1.20-11.3 Message-ID: <20040928162117.GF21098@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-275 2004-09-28 --------------------------------------------------------------------- Product : Fedora Core 2 Name : cups Version : 1.1.20 Release : 11.3 Summary : Common Unix Printing System Description : The Common UNIX Printing System provides a portable printing layer for UNIX? operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. --------------------------------------------------------------------- Update Information: This update fixes a denial of service problem causing loss of browse services. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0558 to this issue. In addition, this update fixes the cupsenable, cupsdisable and accept commands. --------------------------------------------------------------------- * Mon Aug 23 2004 Tim Waugh 1:1.1.20-11.3 - Apply patch to fix CAN-2004-0558 (bug #130646). * Mon Aug 16 2004 Tim Waugh 1:1.1.20-11.2 - Fix cupsenable/cupsdisable/accept (bug #129864). - Added version to LPRng obsoletes: tag (bug #128024). --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 43053868e766009625ad430adfe935df SRPMS/cups-1.1.20-11.3.src.rpm a17bc35fb4befa32cda3c01f003112fe x86_64/cups-1.1.20-11.3.x86_64.rpm 46d79527e7be77044d40bd596aa540c4 x86_64/cups-devel-1.1.20-11.3.x86_64.rpm facb9f477e3b376fd326d4b8734ff953 x86_64/cups-libs-1.1.20-11.3.x86_64.rpm 5e3f80ee8e1a31a95ec0c6125ee4d977 x86_64/debug/cups-debuginfo-1.1.20-11.3.x86_64.rpm 93c3fd2f1a873f2aa2655552fc82c099 x86_64/cups-libs-1.1.20-11.3.i386.rpm 2a7235d7f9a4eaf807b1d8f390eb64e1 i386/cups-1.1.20-11.3.i386.rpm 99886d980b9782bc6f95fb5c4459b2e1 i386/cups-devel-1.1.20-11.3.i386.rpm 93c3fd2f1a873f2aa2655552fc82c099 i386/cups-libs-1.1.20-11.3.i386.rpm 8dbf2a8c61067a7765efc6b6e1574fa8 i386/debug/cups-debuginfo-1.1.20-11.3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From wtogami at redhat.com Tue Sep 28 21:04:51 2004 From: wtogami at redhat.com (Warren Togami) Date: Tue, 28 Sep 2004 11:04:51 -1000 Subject: Fedora Core 2 Update: gaim-1.0.0-0.FC2 Message-ID: <4159D1F3.4000200@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-319 2004-09-28 --------------------------------------------------------------------- Product : Fedora Core 2 Name : gaim Version : 1.0.0 Release : 0.FC2 Summary : A Gtk+ based multiprotocol instant messaging client Description : Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by America Online, Inc., Microsoft Corporation, or Yahoo! Inc. or other messaging service providers. --------------------------------------------------------------------- Update Information: This update is done primarily so I stop receiving hourly complaints. --------------------------------------------------------------------- * Mon Sep 27 2004 Warren Togami 1.0.0-0.FC2 - FC2 update * Mon Sep 20 2004 Warren Togami 1.0.0-3 - 141: Jabber chat room list fix * Mon Sep 20 2004 Daniel Reed 1.0.0-2 - #132967 Remove GenericName * Sat Sep 18 2004 Warren Togami 1.0.0-1 - 1.0.0 * Wed Sep 01 2004 Warren Togami 0.82.1-2 - enable SILC protocol * Thu Aug 26 2004 Warren Togami 0.82.1-1 - new upstream point release with crash fix and added translation --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 4f0eb0a084e1005edf47f906dd8b5ca3 SRPMS/gaim-1.0.0-0.FC2.src.rpm a77e4188a18f541d31d1c39d92d54ca2 x86_64/gaim-1.0.0-0.FC2.x86_64.rpm 6985ef917b118539015ae057c1ad561b x86_64/debug/gaim-debuginfo-1.0.0-0.FC2.x86_64.rpm ba35c35ac75cb35e4189f513cb43beeb i386/gaim-1.0.0-0.FC2.i386.rpm 12b6ebf4f0b15c67ae38bc0becde9d2b i386/debug/gaim-debuginfo-1.0.0-0.FC2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From pnasrat at redhat.com Wed Sep 29 16:32:03 2004 From: pnasrat at redhat.com (Paul Nasrat) Date: Wed, 29 Sep 2004 17:32:03 +0100 Subject: Fedora Core 2 Update: system-config-display-1.0.17-2 Message-ID: <1096475523.10824.45.camel@anu.eridu> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-322 2004-09-29 --------------------------------------------------------------------- Product : Fedora Core 2 Name : system-config-display Version : 1.0.17 Release : 2 Summary : A graphical interface for configuring the X Window System display Description : system-config-display is a graphical application for configuring an X Window System X server display. --------------------------------------------------------------------- Update Information: This release fixes reconfig mode for system-config-display for Fedora Core 2. --------------------------------------------------------------------- * Wed Sep 29 2004 Paul Nasrat - 1.0.17-2 - Rebuild for FC-2 update * Fri Jun 25 2004 Brent Fox - 1.0.17-1 - initialize self.probed_path in videocardDialog.py (bug #113695) * Wed Jun 23 2004 Brent Fox - 1.0.16-1 - reduce size of monitor-off.png and monitor-on.png to fit in 640x480 (bug #1221 42) * Mon Jun 14 2004 Brent Fox - 1.0.15-2 - set the text domain for xconf.py and xConfigDialog.py (bug #123494) * Wed Jun 02 2004 Alex Larsson 1.0.15-1 - fix --reconfig and catch some exceptions for readonly root * Tue May 25 2004 Brent Fox 1.0.14-2 - add BuildRequires for desktop-file-utils (bug# 124181) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 333ac7c720b073bc0a6299ec65fe0b6b SRPMS/system-config- display-1.0.17-2.src.rpm b7fcedeab0e775cf285945de7e42b696 x86_64/system-config- display-1.0.17-2.noarch.r pm b7fcedeab0e775cf285945de7e42b696 i386/system-config- display-1.0.17-2.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From byte at aeon.com.my Wed Sep 29 21:57:00 2004 From: byte at aeon.com.my (Colin Charles) Date: Thu, 30 Sep 2004 07:57:00 +1000 Subject: Fedora News Updates #16 Message-ID: <1096495019.4136.116.camel@albus.aeon.com.my> Another issue of the Fedora News Updates has been released and is available at: http://fedoranews.org/colin/fnu/issue16.shtml The current issue is always linked to http://fedoranews.org/colin/fnu/current.shtml First, apologies for a late, tiny release! FC3test2 has been released, FC1's has been passed on to Fedora Legacy. Fedora Bugweek is almost ending, participate! There's some new documentation for translators as well. And there's a lot of other bits and pieces, and expect a lot more in the next week or so. -- Colin Charles, byte at aeon.com.my http://www.bytebot.net/ "First they ignore you, then they laugh at you, then they fight you, then you win." -- Mohandas Gandhi From harald at redhat.com Thu Sep 30 13:32:14 2004 From: harald at redhat.com (Harald Hoyer) Date: Thu, 30 Sep 2004 15:32:14 +0200 Subject: Fedora Core 2 Update: cdrtools-2.01.1-0.FC2.1 Message-ID: <415C0ADE.9000606@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-323 2004-09-30 --------------------------------------------------------------------- Product : Fedora Core 2 Name : cdrtools Version : 2.01.1 Release : 0.FC2.1 Summary : A collection of CD/DVD utilities. Description : cdrtools is a collection of CD/DVD utilities. --------------------------------------------------------------------- Update Information: Updated due to new kernel scsi filtering. --------------------------------------------------------------------- * Thu Sep 30 2004 Harald Hoyer - 8:2.01.1-0.FC2.1 - erratum for 2.6.8 kernel * Thu Sep 23 2004 Harald Hoyer - 8:2.01.1-3 - better globbing - readded O_EXCL opening for the direct device opening case, e.g. dev=/dev/cdrom - removed some debugging messages (bug 82089) * Tue Sep 14 2004 Harald Hoyer - 8:2.01.1-2 - fixed scsi-globbing * Tue Sep 14 2004 Harald Hoyer - 8:2.01.1-1 - final 2.01 version --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 470275e0acbc271348045990fb18dc9b SRPMS/cdrtools-2.01.1-0.FC2.1.src.rpm ea35caf2c0ba664c0a3995c8dd042769 x86_64/cdrecord-2.01.1-0.FC2.1.x86_64.rpm e52d5b99c5e5c431abfceb91413b2b72 x86_64/cdrecord-devel-2.01.1-0.FC2.1.x86_64.rpm 4d9ed795e935925f69e7134f8100c23a x86_64/mkisofs-2.01.1-0.FC2.1.x86_64.rpm 0d8d425cafb028d7361ba4f98ac87985 x86_64/cdda2wav-2.01.1-0.FC2.1.x86_64.rpm 2180e190030f89a396f7530f8fd8cc84 x86_64/debug/cdrtools-debuginfo-2.01.1-0.FC2.1.x86_64.rpm 24a76389b1c0e6dbe0d9253d3de48a95 i386/cdrecord-2.01.1-0.FC2.1.i386.rpm a37d843fd38fc6db1fd0727ef8fd86d8 i386/cdrecord-devel-2.01.1-0.FC2.1.i386.rpm 028df80690bf6e8378594d1fe7ad4bcc i386/mkisofs-2.01.1-0.FC2.1.i386.rpm 5894d5f300e777ac1a8a8675bf2ba282 i386/cdda2wav-2.01.1-0.FC2.1.i386.rpm 0515f1d593b75511d94f23725a6b40bf i386/debug/cdrtools-debuginfo-2.01.1-0.FC2.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From harald at redhat.com Thu Sep 30 13:37:26 2004 From: harald at redhat.com (Harald Hoyer) Date: Thu, 30 Sep 2004 15:37:26 +0200 Subject: Fedora Core 2 Update: dvd+rw-tools-5.21.4.10.8-1.FC2.1 Message-ID: <415C0C16.7090702@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-325 2004-09-30 --------------------------------------------------------------------- Product : Fedora Core 2 Name : dvd+rw-tools Version : 5.21.4.10.8 Release : 1.FC2.1 Summary : Toolchain to master DVD+RW/+R media Description : Collection of tools to master DVD+RW/+R media. For further information see http://fy.chalmers.se/~appro/linux/DVD+RW/. --------------------------------------------------------------------- Update Information: Updated due to new kernel scsi filtering. --------------------------------------------------------------------- * Thu Sep 30 2004 Harald Hoyer - 5.21.4.10.8-1.FC2.1 - rebuild for FC2 erratum * Thu Sep 02 2004 Harald Hoyer - 5.21.4.10.8-2 - added dvd+rw-tools-5.21.4.10.8-excl.patch to open O_EXCL * Thu Sep 02 2004 Harald Hoyer - 5.21.4.10.8-1 - version 5.21.4.10.8 * Tue Jul 27 2004 Harald Hoyer - 5.20.4.10.8-1 - version 5.20.4.10.8 * Thu Jun 17 2004 Harald Hoyer - 5.19.1.4.9.7-1 - version 5.19.1.4.9.7 * Wed Jun 16 2004 Elliot Lee - rebuilt --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 19cf9f5993d6a364f77b1eb664ed39cf SRPMS/dvd+rw-tools-5.21.4.10.8-1.FC2.1.src.rpm 5824285cb86e7ad6c064ea33d7e70541 x86_64/dvd+rw-tools-5.21.4.10.8-1.FC2.1.x86_64.rpm d0d16c0093f9393e7bb47468f47c2980 x86_64/debug/dvd+rw-tools-debuginfo-5.21.4.10.8-1.FC2.1.x86_64.rpm d63ab700232f1dd1a5ff1a6d0dd409f6 i386/dvd+rw-tools-5.21.4.10.8-1.FC2.1.i386.rpm 16f0daf1c995e06f3a1d9fbd26ea02b1 i386/debug/dvd+rw-tools-debuginfo-5.21.4.10.8-1.FC2.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From harald at redhat.com Thu Sep 30 13:38:22 2004 From: harald at redhat.com (Harald Hoyer) Date: Thu, 30 Sep 2004 15:38:22 +0200 Subject: Fedora Core 2 Update: xcdroast-0.98a15-6.FC2.1 Message-ID: <415C0C4E.5080207@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-324 2004-09-30 --------------------------------------------------------------------- Product : Fedora Core 2 Name : xcdroast Version : 0.98a15 Release : 6.FC2.1 Summary : An X Window System based tool for creating CDs. Description : X-CD-Roast provides a GUI interface for commands like cdrecord and mkisofs. X-CD-Roast includes a self-explanatory X11 user interface, automatic SCSI and IDE hardware setup, support for mastering of new ISO9660 data CDs, support for production of new audio CDs, fast copying of CDs without hard disk buffering, and a logfile option. --------------------------------------------------------------------- Update Information: Updated due to new kernel scsi filtering. --------------------------------------------------------------------- * Thu Sep 30 2004 Harald Hoyer - 0.98a15-6.FC2.1 - rebuilt for FC2 erratum * Tue Sep 21 2004 Harald Hoyer - 0.98a15-7 - only add /dev/cdrom* - enable prodvd mode for our cdrecord * Sat Sep 11 2004 Harald Hoyer - 0.98a15-6 - improved scanning and removed warnings * Mon Aug 30 2004 Tim Waugh - 0.98a15-5 - Actually apply the patch. * Wed Jul 14 2004 Harald Hoyer - 0.98a15-4 - added xcdroast-0.98alpha15-linebuffer.patch (Tim Waugh, bz 127658) - corrected buildrequires (bz 127300) * Wed Jun 16 2004 Elliot Lee - rebuilt --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 8f702efb3f4b49638f07066193e31f42 SRPMS/xcdroast-0.98a15-6.FC2.1.src.rpm f23f819417ff560d41d0cadc7b94ba51 x86_64/xcdroast-0.98a15-6.FC2.1.x86_64.rpm dab0eb111cceef3c66439fdd696cd8cb x86_64/debug/xcdroast-debuginfo-0.98a15-6.FC2.1.x86_64.rpm 64a72651a72db03534d965b8b143a5a6 i386/xcdroast-0.98a15-6.FC2.1.i386.rpm 4ef86868985c8537317694c6a47a3f3b i386/debug/xcdroast-debuginfo-0.98a15-6.FC2.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From harald at redhat.com Thu Sep 30 13:58:49 2004 From: harald at redhat.com (Harald Hoyer) Date: Thu, 30 Sep 2004 15:58:49 +0200 Subject: Fedora Core 2 Update: k3b-0.11.14-0.FC2.1 Message-ID: <415C1119.9010609@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-326 2004-09-30 --------------------------------------------------------------------- Product : Fedora Core 2 Name : k3b Version : 0.11.14 Release : 0.FC2.1 Summary : CD/DVD burning application for KDE Description : K3b provides a comfortable user interface to perform most CD/DVD burning tasks. While the experienced user can take influence in all steps of the burning process the beginner may find comfort in the automatic settings and the reasonable k3b defaults which allow a quick start. --------------------------------------------------------------------- Update Information: Updated due to new kernel scsi filtering. --------------------------------------------------------------------- * Thu Sep 30 2004 Harald Hoyer 0:0.11.14-0.FC2.1 - rebuild for FC2 erratum * Thu Sep 02 2004 Harald Hoyer 0:0.11.14-1 - added k3b-0.11.14-rdrw.patch for kernel >= 2.6.8 - update to 0.11.14 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ a51416bc32cb7cb2ab7f58d09c1bfffa SRPMS/k3b-0.11.14-0.FC2.1.src.rpm edafadb41400efe869b68933b1b6e311 x86_64/k3b-0.11.14-0.FC2.1.x86_64.rpm 942c36aaf63b81aae1bd692e47e02ac4 x86_64/debug/k3b-debuginfo-0.11.14-0.FC2.1.x86_64.rpm 3a1a73997696b6555bcecd352947a9c5 i386/k3b-0.11.14-0.FC2.1.i386.rpm 8319137154efdb158c7e3f41425fa440 i386/debug/k3b-debuginfo-0.11.14-0.FC2.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From harald at redhat.com Thu Sep 30 14:09:50 2004 From: harald at redhat.com (Harald Hoyer) Date: Thu, 30 Sep 2004 16:09:50 +0200 Subject: Fedora Core 2 Update: cdrdao-1.1.9-4.FC.1 Message-ID: <415C13AE.40407@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-327 2004-09-30 --------------------------------------------------------------------- Product : Fedora Core 2 Name : cdrdao Version : 1.1.9 Release : 4.FC.1 Summary : Writes audio CD-Rs in disk-at-once (DAO) mode. Description : Cdrdao records audio CD-Rs in disk-at-once (DAO) mode, based on a textual description of the CD contents. Recording in DAO mode writes the complete disc (lead-in, one or more tracks, and lead-out) in a single step. DAO allows full control over the length and the contents of pre-gaps, the pause areas between tracks. --------------------------------------------------------------------- Update Information: Updated due to new kernel scsi filtering. --------------------------------------------------------------------- * Wed Sep 22 2004 Harald Hoyer - 1.1.9-4.FC2.1 - rebuild for FC2 erratum * Wed Sep 22 2004 Harald Hoyer - 1.1.9-5 - removed INSTALL from doc (bug 132908) * Thu Sep 09 2004 Harald Hoyer - 1.1.9-4 - build requires newer cdrecord-devel * Wed Sep 08 2004 Harald Hoyer - 1.1.9-3 - build requires newer cdrecord-devel * Wed Jun 16 2004 Elliot Lee - rebuilt * Wed Jun 09 2004 Harald Hoyer - 1.1.9-1 - version 1.1.9 * Thu Apr 15 2004 Harald Hoyer - 1.1.8-4 - fixed BuildRequires --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ 107a242ae42592323a53e8fd73a6a2e0 SRPMS/cdrdao-1.1.9-4.FC.1.src.rpm 62778092c1dfca341d306cdcd4991107 x86_64/cdrdao-1.1.9-4.FC.1.x86_64.rpm a86e1d4e0be44ba8c914ced953626524 x86_64/debug/cdrdao-debuginfo-1.1.9-4.FC.1.x86_64.rpm c3a58420fc15e0e05d256085493d3093 i386/cdrdao-1.1.9-4.FC.1.i386.rpm fe1699dbec26531b33b7596a479ae1bc i386/debug/cdrdao-debuginfo-1.1.9-4.FC.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. ---------------------------------------------------------------------