Fedora 14 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 14 Security updates need testing:

    https://admin.fedoraproject.org/updates/quagga-0.99.19-1.fc14
    https://admin.fedoraproject.org/updates/perl-FCGI-0.74-1.fc14
    https://admin.fedoraproject.org/updates/drupal6-views_bulk_operations-1.11-1.fc14
    https://admin.fedoraproject.org/updates/NetworkManager-0.8.5.92-1.git20110927.fc14
    https://admin.fedoraproject.org/updates/bcfg2-1.1.3-1.fc14
    https://admin.fedoraproject.org/updates/tomcat6-6.0.26-27.fc14
    https://admin.fedoraproject.org/updates/kernel-2.6.35.14-97.fc14
    https://admin.fedoraproject.org/updates/puppet-2.6.6-2.fc14
    https://admin.fedoraproject.org/updates/cyrus-imapd-2.3.17-1.fc14
    https://admin.fedoraproject.org/updates/php-5.3.8-3.fc14
    https://admin.fedoraproject.org/updates/thunderbird-3.1.15-1.fc14
    https://admin.fedoraproject.org/updates/firefox-3.6.23-1.fc14,xulrunner-1.9.2.23-1.fc14,gnome-web-photo-0.9-24.fc14.1,perl-Gtk2-MozEmbed-0.08-6.fc14.30,gnome-python2-extras-2.25.3-34.fc14.1,galeon-2.0.7-44.fc14.1,mozvoikko-1.0-25.fc14.1


The following Fedora 14 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/livecd-tools-14.5-1.fc14
    https://admin.fedoraproject.org/updates/NetworkManager-0.8.5.92-1.git20110927.fc14
    https://admin.fedoraproject.org/updates/lldpad-0.9.41-4.fc14
    https://admin.fedoraproject.org/updates/ModemManager-0.4.998-1.git20110706.fc14
    https://admin.fedoraproject.org/updates/mash-0.5.22-1.fc14
    https://admin.fedoraproject.org/updates/policycoreutils-2.0.85-30.3.fc14
    https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-8.fc14.2
    https://admin.fedoraproject.org/updates/xorg-x11-drv-qxl-0.0.21-3.fc14
    https://admin.fedoraproject.org/updates/xorg-x11-drv-nouveau-0.0.16-14.20101010git8c8f15c.fc14
    https://admin.fedoraproject.org/updates/libconcord-0.23-5.fc14,udev-161-9.fc14,concordance-0.23-2.fc14


The following builds have been pushed to Fedora 14 updates-testing

    ghc-attoparsec-enumerator-0.2.0.4-2.fc14
    livecd-tools-14.5-1.fc14
    mc-4.7.5.5-1.fc14
    puppet-2.6.6-2.fc14
    quagga-0.99.19-1.fc14
    shorewall-4.4.23.3-1.fc14
    xscreensaver-5.15-1.fc14

Details about builds:


================================================================================
 ghc-attoparsec-enumerator-0.2.0.4-2.fc14 (FEDORA-2011-13502)
 Haskell attoparsec to iteree library
--------------------------------------------------------------------------------
Update Information:

Haskell attoparsec to iteree library
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #740283 - Review Request: ghc-attoparsec-enumerator - Haskell attoparsec to enumerator library
        https://bugzilla.redhat.com/show_bug.cgi?id=740283
--------------------------------------------------------------------------------


================================================================================
 livecd-tools-14.5-1.fc14 (FEDORA-2011-13515)
 Tools for building live CDs
--------------------------------------------------------------------------------
Update Information:

Add the rest of the patches needed to get EFI USB stick creation working.
Make sure F14 can make USB EFI sticks with F16 DVD iso
- Ensure previous filesystems are wiped when formatting (#712553) (bcl)
- Use copyFile on the iso (bcl)
- Use rsync to copy if available (bcl)
- Turn on the legacy_boot flag for EFI (#680563) (bcl)
- Add initial support for ARM architectures (martin.langhoff)
- gptmbr can be written directly to the mbr (bcl)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 29 2011 Brian C. Lane <bcl@xxxxxxxxxx> - 14.5-1
- Version 14.5 (bcl)
- Images go into $SYSLINUXPATH (bcl)
- Add extracting BOOTX64.efi from iso (#688258) (bcl)
- Add repo to DVD EFI install config file (#688258) (bcl)
- Add EFI support to netboot (#688258) (bcl)
* Tue Sep 27 2011 Brian C. Lane <bcl@xxxxxxxxxx> - 14.4-1
- Version 14.4 (bcl)
- Support /EFI/BOOT or /EFI/boot (#688258) (bcl)
* Tue Aug 30 2011 Brian C. Lane <bcl@xxxxxxxxxx> - 14.3-1
- Version 14.3 (bcl)
- Ensure previous filesystems are wiped when formatting (#712553) (bcl)
- Use copyFile on the iso (bcl)
- Use rsync to copy if available (bcl)
- Add initial support for ARM architectures (martin.langhoff)
- gptmbr can be written directly to the mbr (bcl)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #688258 - Looks for /EFI/boot instead of /EFI/BOOT
        https://bugzilla.redhat.com/show_bug.cgi?id=688258
--------------------------------------------------------------------------------


================================================================================
 mc-4.7.5.5-1.fc14 (FEDORA-2011-13513)
 User-friendly text console file manager and visual shell
--------------------------------------------------------------------------------
Update Information:

update to 4.7.5.5
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 29 2011 Jindrich Novy <jnovy@xxxxxxxxxx> 4.7.5.5-1
- update to 4.7.5.5
* Thu Sep 15 2011 Jindrich Novy <jnovy@xxxxxxxxxx> 4.7.5.4-1
- update to 4.7.5.4
--------------------------------------------------------------------------------


================================================================================
 puppet-2.6.6-2.fc14 (FEDORA-2011-13501)
 A network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:

A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application.  For Fedora and EPEL, this is the puppet user.

Further details can be found in the upstream announcement:

http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406

Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 27 2011 Todd Zullinger <tmz@xxxxxxxxx> - 2.6.6-2
- Apply upstream patch for CVE-2011-3848
--------------------------------------------------------------------------------


================================================================================
 quagga-0.99.19-1.fc14 (FEDORA-2011-13499)
 Routing daemon
--------------------------------------------------------------------------------
Update Information:

fixes CVE-2011-332{3..7}
update to latest upstream 0.99.19
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 29 2011 Jiri Skala <jskala@xxxxxxxxxx> - 0.99.19-1
- fixes #741343 - CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327
- fixes #741580 - updated to latest upstream version 0.99.19
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #738393 - CVE-2011-3323 Quagga (ospf6d): Stack-based buffer overflow while decoding Link State Update packet with malformed Inter Area Prefix LSA
        https://bugzilla.redhat.com/show_bug.cgi?id=738393
  [ 2 ] Bug #738394 - CVE-2011-3324 Quagga (ospf6d): Denial of service by decoding malformed Database Description packet headers
        https://bugzilla.redhat.com/show_bug.cgi?id=738394
  [ 3 ] Bug #738396 - CVE-2011-3325 Quagga (ospfd): Denial of service by decoding too short Hello packet or Hello packet with invalid OSPFv2 header type
        https://bugzilla.redhat.com/show_bug.cgi?id=738396
  [ 4 ] Bug #738398 - CVE-2011-3326 Quagga (ospfd): Denial of service by decoding Link State Update LSAs of unknown type
        https://bugzilla.redhat.com/show_bug.cgi?id=738398
  [ 5 ] Bug #738400 - CVE-2011-3327 Quagga (bgpd): Heap-based buffer overflow by decoding BGP UPDATE message with unknown AS_PATH attributes
        https://bugzilla.redhat.com/show_bug.cgi?id=738400
--------------------------------------------------------------------------------


================================================================================
 shorewall-4.4.23.3-1.fc14 (FEDORA-2011-13507)
 An iptables front end for firewall configuration
--------------------------------------------------------------------------------
Update Information:

Update to 4.4.23.3. Release notes:
http://www1.shorewall.net/pub/shorewall/4.4/shorewall-4.4.23/releasenotes.txt
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------


================================================================================
 xscreensaver-5.15-1.fc14 (FEDORA-2011-13516)
 X screen saver and locker
--------------------------------------------------------------------------------
Update Information:

New version 5.15 is released.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 30 2011 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 1:5.15-1
- Update to 5.15
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe: 
https://admin.fedoraproject.org/mailman/listinfo/test


[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux