Fedora 14 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 14 Security updates need testing:

    https://admin.fedoraproject.org/updates/telepathy-gabble-0.10.5-1.fc14
    https://admin.fedoraproject.org/updates/q-7.11-8.fc14
    https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc14
    https://admin.fedoraproject.org/updates/socat-1.7.1.3-1.fc14
    https://admin.fedoraproject.org/updates/patch-2.6.1-8.fc14
    https://admin.fedoraproject.org/updates/asterisk-1.6.2.16.2-1.fc14
    https://admin.fedoraproject.org/updates/phpMyAdmin-3.3.9.2-1.fc14
    https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.fc14
    https://admin.fedoraproject.org/updates/tor-0.2.1.29-1400.fc14
    https://admin.fedoraproject.org/updates/exim-4.72-2.fc14


The following Fedora 14 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/lua-5.1.4-7.fc14
    https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-31.fc14
    https://admin.fedoraproject.org/updates/livecd-tools-14.2-1.fc14
    https://admin.fedoraproject.org/updates/librsvg2-2.32.0-3.fc14
    https://admin.fedoraproject.org/updates/mobile-broadband-provider-info-1.20110218-1.fc14
    https://admin.fedoraproject.org/updates/elfutils-0.152-1.fc14
    https://admin.fedoraproject.org/updates/dosfstools-3.0.9-5.fc14
    https://admin.fedoraproject.org/updates/xorg-x11-drv-geode-2.11.11-4.fc14
    https://admin.fedoraproject.org/updates/openldap-2.4.23-8.fc14
    https://admin.fedoraproject.org/updates/dmidecode-2.11-1.fc14


The following builds have been pushed to Fedora 14 updates-testing

    asterisk-1.6.2.16.2-1.fc14
    cinepaint-0.25.0-0.1.fc14
    erlang-cluster_info-0.1.0-0.3.20101229gitd077716.fc14
    festival-1.96-18.fc14
    kde-plasma-networkmanagement-0.9-0.35.20110221.fc14
    libscs-1.4.1-4.fc14
    libst2205-1.4.3-2.fc14
    pidgin-2.7.10-1.fc14
    q-7.11-8.fc14
    rear-1.10.0-1.fc14
    serdisplib-1.97.9-1.fc14
    sssd-1.5.1-9.fc14
    system-config-printer-1.2.7-2.fc14

Details about builds:


================================================================================
 asterisk-1.6.2.16.2-1.fc14 (FEDORA-2011-1975)
 The Open Source PBX
--------------------------------------------------------------------------------
Update Information:

Asterisk Project Security Advisory - AST-2011-002
Product       Asterisk
Summary       Multiple array overflow and crash vulnerabilities in
UDPTL code
Nature of Advisory Exploitable Stack and Heap Array Overflows
Susceptibility   Remote Unauthenticated Sessions
Severity      Critical
Exploits Known   No
Reported On     January 27, 2011
Reported By     Matthew Nicholson
Posted On      February 21, 2011
Last Updated On   February 21, 2011
Advisory Contact  Matthew Nicholson <mnicholson@xxxxxxxxxx>
CVE Name
Description When decoding UDPTL packets, multiple stack and heap based
arrays can be made to overflow by specially crafted packets.
Systems doing T.38 pass through or termination are vulnerable.
Resolution The UDPTL decoding routines have been modified to respect the
limits of exploitable arrays.
In asterisk versions not containing the fix for this issue,
disabling T.38 support will prevent this vulnerability from
being exploited. T.38 support can be disabled in chan_sip by
setting the t38pt_udptl option to "no" (it is off by default).
t38pt_udptl = no
The chan_ooh323 module should also be disabled by adding the
following line in modles.conf.
noload => chan_ooh323
Affected Versions
Product              Release Series
Asterisk Open Source            1.4.x      All versions
Asterisk Open Source            1.6.x      All versions
Asterisk Business Edition         C.x.x      All versions
AsteriskNOW                 1.5       All versions
s800i (Asterisk Appliance)         1.2.x      All versions
Corrected In
Product                               Release
Asterisk Open Source        1.4.39.2, 1.6.1.22, 1.6.2.16.2, 1.8.2.4
Asterisk Business Edition                      C.3.6.3
Patches
URL                                 Branch
http://downloads.asterisk.org/pub/security/AST-2011-002-1.4.diff    1.4
http://downloads.asterisk.org/pub/security/AST-2011-002-1.6.1.diff  1.6.1
http://downloads.asterisk.org/pub/security/AST-2011-002-1.6.2.diff  1.6.2
http://downloads.asterisk.org/pub/security/AST-2011-002-1.8.diff    1.8
Links
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2011-002.pdf and
http://downloads.digium.com/pub/security/AST-2011-002.html
Revision History
Date                Editor                    Revisions Made
02/21/11        Matthew Nicholson         Initial Release
Asterisk Project Security Advisory - AST-2011-002
Copyright (c) 2011 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 21 2011 <jeff@xxxxxxxxxx> - 1.6.2.16.2-1
-
-              Asterisk Project Security Advisory - AST-2011-002
-
-       Product       Asterisk
-       Summary       Multiple array overflow and crash vulnerabilities in
-                     UDPTL code
-  Nature of Advisory Exploitable Stack and Heap Array Overflows
-    Susceptibility   Remote Unauthenticated Sessions
-       Severity      Critical
-    Exploits Known   No
-     Reported On     January 27, 2011
-     Reported By     Matthew Nicholson
-      Posted On      February 21, 2011
-   Last Updated On   February 21, 2011
-   Advisory Contact  Matthew Nicholson <mnicholson@xxxxxxxxxx>
-       CVE Name
-
-  Description When decoding UDPTL packets, multiple stack and heap based
-              arrays can be made to overflow by specially crafted packets.
-              Systems doing T.38 pass through or termination are vulnerable.
-
-  Resolution The UDPTL decoding routines have been modified to respect the
-             limits of exploitable arrays.
-
-             In asterisk versions not containing the fix for this issue,
-             disabling T.38 support will prevent this vulnerability from
-             being exploited. T.38 support can be disabled in chan_sip by
-             setting the t38pt_udptl option to "no" (it is off by default).
-
-             t38pt_udptl = no
-
-             The chan_ooh323 module should also be disabled by adding the
-             following line in modles.conf.
-
-             noload => chan_ooh323
-
-                              Affected Versions
-               Product              Release Series
-        Asterisk Open Source            1.4.x      All versions
-        Asterisk Open Source            1.6.x      All versions
-      Asterisk Business Edition         C.x.x      All versions
-             AsteriskNOW                 1.5       All versions
-     s800i (Asterisk Appliance)         1.2.x      All versions
-
-                                 Corrected In
-             Product                               Release
-       Asterisk Open Source        1.4.39.2, 1.6.1.22, 1.6.2.16.2, 1.8.2.4
-    Asterisk Business Edition                      C.3.6.3
-
-                                   Patches
-                                  URL                                 Branch
-  http://downloads.asterisk.org/pub/security/AST-2011-002-1.4.diff    1.4
-  http://downloads.asterisk.org/pub/security/AST-2011-002-1.6.1.diff  1.6.1
-  http://downloads.asterisk.org/pub/security/AST-2011-002-1.6.2.diff  1.6.2
-  http://downloads.asterisk.org/pub/security/AST-2011-002-1.8.diff    1.8
-
-         Links
-
-  Asterisk Project Security Advisories are posted at
-  http://www.asterisk.org/security
-
-  This document may be superseded by later versions; if so, the latest
-  version will be posted at
-  http://downloads.digium.com/pub/security/AST-2011-002.pdf and
-  http://downloads.digium.com/pub/security/AST-2011-002.html
-
-                               Revision History
-       Date                Editor                    Revisions Made
-  02/21/11        Matthew Nicholson         Initial Release
-
-              Asterisk Project Security Advisory - AST-2011-002
-             Copyright (c) 2011 Digium, Inc. All Rights Reserved.
- Permission is hereby granted to distribute and publish this advisory in its
-                          original, unaltered form.
--------------------------------------------------------------------------------


================================================================================
 cinepaint-0.25.0-0.1.fc14 (FEDORA-2011-1960)
 CinePaint is a tool for manipulating images
--------------------------------------------------------------------------------
Update Information:

Lot of bug-fixes and enhancements.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 21 2011 Nicolas Chauvet <kwizart@xxxxxxxxx> - 0.25.0-0.1
- Update to pre 0.25
--------------------------------------------------------------------------------


================================================================================
 erlang-cluster_info-0.1.0-0.3.20101229gitd077716.fc14 (FEDORA-2011-1965)
 Cluster info/postmortem inspector for Erlang applications
--------------------------------------------------------------------------------
Update Information:

* Initial build
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #671884 - Review Request: erlang-cluster_info - Cluster info/postmortem inspector for Erlang applications
        https://bugzilla.redhat.com/show_bug.cgi?id=671884
--------------------------------------------------------------------------------


================================================================================
 festival-1.96-18.fc14 (FEDORA-2011-1966)
 Speech synthesis and text-to-speech system
--------------------------------------------------------------------------------
Update Information:

Fix header paths.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 22 2011 Tim Niemueller <tim@xxxxxxxxxxxxx> - 1.96-18
- Fix install paths of speech_tools includes (rhbz #242607)
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.96-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #242607 - Build with festival error.
        https://bugzilla.redhat.com/show_bug.cgi?id=242607
--------------------------------------------------------------------------------


================================================================================
 kde-plasma-networkmanagement-0.9-0.35.20110221.fc14 (FEDORA-2011-1969)
 NetworkManager KDE 4 integration
--------------------------------------------------------------------------------
Update Information:

New snapshot includes translation fixes as well as many other small bug fixes.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 21 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:0.9-0.35.20110221
- 20110221 snapshot
* Thu Feb 17 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:0.9-0.34.20110217
- 20110217 snapshot (with translations)
* Mon Feb  7 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1:0.9-0.33.20110106
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Jan  6 2011 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:0.9-0.32.20110106
- 20110106 snapshot (sans translations for now)
* Wed Nov 17 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:0.9-0.31.20101117
- 20101117 snapshot
- "Always ask for password" does not work (#582933,kde#244416)
* Tue Nov  9 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:0.9-0.30.20101105
- move shared bits to main pkg
- -libs: Requires: %name
* Tue Nov  9 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:0.9-0.29.20101105
- 20101105 snapshot
- use kde-plasma-networkmangement-* subpkg names
- drop monolithic/knm bits
* Fri Oct 22 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:0.9-0.28.20101011.2
- rebuild for kde-4.5
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #651223 - applet always says cable is unplugged, cannot update configuration
        https://bugzilla.redhat.com/show_bug.cgi?id=651223
  [ 2 ] Bug #651310 - kded4 always crashes on resume
        https://bugzilla.redhat.com/show_bug.cgi?id=651310
  [ 3 ] Bug #677339 - knetworkmanager lists garbage in the Connections-list (after suspend/resume)
        https://bugzilla.redhat.com/show_bug.cgi?id=677339
--------------------------------------------------------------------------------


================================================================================
 libscs-1.4.1-4.fc14 (FEDORA-2011-1976)
 Software Carry-Save Multiple-Precision Library
--------------------------------------------------------------------------------
Update Information:

Initial package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #678774 - Review Request: libscs - Software Carry-Save Multiple-Precision Library
        https://bugzilla.redhat.com/show_bug.cgi?id=678774
--------------------------------------------------------------------------------


================================================================================
 libst2205-1.4.3-2.fc14 (FEDORA-2011-1963)
 Library for accessing the display of hacked st2205 photo frames
--------------------------------------------------------------------------------
Update Information:

libst2205 is a new Fedora package.

Description:
It is possible to flash digital photo frames with the st2205 chip-sets with a modified firmware, which allows one to display real time images on the display of the frame from a PC. This package contains a library for accessing the display from the PC, for st2205 frames with the hacked firmware.

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #678887 - Review Request: libst2205 - Library for accessing the display of hacked st2205 photo frames
        https://bugzilla.redhat.com/show_bug.cgi?id=678887
--------------------------------------------------------------------------------


================================================================================
 pidgin-2.7.10-1.fc14 (FEDORA-2011-1959)
 A Gtk+ based multiprotocol instant messaging client
--------------------------------------------------------------------------------
Update Information:

New release 2.7.10

Upstream ChangeLog:

http://developer.pidgin.im/wiki/ChangeLog
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 22 2011 Stu Tomlinson <stu@xxxxxxxxxxxxx> 2.7.10-1
- 2.7.10
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.7.9-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Feb  1 2011 Milan Crha <mcrha@xxxxxxxxxx> 2.7.9-3
- Rebuild against newer evolution-data-server
* Wed Jan 12 2011 Milan Crha <mcrha@xxxxxxxxxx> 2.7.9-2
- Rebuild against newer evolution-data-server
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #676569 - pidgin-2.7.10 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=676569
--------------------------------------------------------------------------------


================================================================================
 q-7.11-8.fc14 (FEDORA-2011-1967)
 Equational programming language
--------------------------------------------------------------------------------
Update Information:

Rebuilt against system libltdl.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 22 2011 GÃrard Milmeister <gemi@xxxxxxxxxx> - 7.11-8
- Rebuild against system libltdl
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #537941 - CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory
        https://bugzilla.redhat.com/show_bug.cgi?id=537941
--------------------------------------------------------------------------------


================================================================================
 rear-1.10.0-1.fc14 (FEDORA-2011-1970)
 Relax and Recover (ReaR) is a Linux Disaster Recovery framework
--------------------------------------------------------------------------------
Update Information:

release 1.10.0 fixes the upgrade problems from 1.7.26.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 21 2011 Gratien D'haese <gdha at sourceforge.net> - 1.10.0
- new release
--------------------------------------------------------------------------------


================================================================================
 serdisplib-1.97.9-1.fc14 (FEDORA-2011-1974)
 Library to drive serial displays with built-in controllers
--------------------------------------------------------------------------------
Update Information:

serdisplib is a new Fedora package.

Description:
serdisplib started as a library to drive serial displays with built-in controllers. beginning with version 1.95 support was added for parallel driven displays. anyhow: the name 'serdisplib' will not change.

The serial in "serial display" characterizes the way of how the data is transferred to the display controller: data is sent bit by bit using a single input line. several (few) other lines are controlling things like timing (clock), data or command, ...

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #678889 - Review Request: serdisplib - Library to drive serial displays with built-in controllers
        https://bugzilla.redhat.com/show_bug.cgi?id=678889
--------------------------------------------------------------------------------


================================================================================
 sssd-1.5.1-9.fc14 (FEDORA-2011-1962)
 System Security Services Daemon
--------------------------------------------------------------------------------
Update Information:

Fixes a bug where initgroups() calls would sometimes not remove users from groups they no longer belonged to.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 21 2011 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.5.1-9
- Fix build against older libldb
* Mon Feb 21 2011 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.5.1-8
- Resolves: rhbz#677768 - name service caches names, so id command shows
-                         recently deleted users
* Fri Feb 11 2011 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.5.1-7
- Ensure that SSSD builds against libldb-1.0.0 on F15 and later
- Remove .la for memberOf
* Fri Feb 11 2011 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.5.1-6
- Fix memberOf install path
* Fri Feb 11 2011 Stephen Gallagher <sgallagh@xxxxxxxxxx> - 1.5.1-5
- Add support for libldb 1.0.0
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.5.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 system-config-printer-1.2.7-2.fc14 (FEDORA-2011-1206)
 A printer administration tool
--------------------------------------------------------------------------------
Update Information:

New upstream release that fixes several bugs.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 22 2011 Tim Waugh <twaugh@xxxxxxxxxx> - 1.2.7-2
- Applied upstream fix for dnssdresolve traceback (bug #678961).
* Wed Feb  9 2011 Jiri Popelka <jpopelka@xxxxxxxxxx> 1.2.7-1
- 1.2.7:
  - Handle failure to connect in PrinterURIIndex (bug #668568).
  - Fixed bugs in gtk_label_autowrap.py (bug #637829).
  - Improvements for DNS-SD support from Till Kamppeter
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #637829 - Display artifacts in PPD change confirmation dialog
        https://bugzilla.redhat.com/show_bug.cgi?id=637829
  [ 2 ] Bug #668568 - [abrt] system-config-printer-1.2.95-4.fc15: jobviewer.py:71:__init__:RuntimeError: failed to connect to server
        https://bugzilla.redhat.com/show_bug.cgi?id=668568
  [ 3 ] Bug #678961 - [abrt] system-config-printer-1.2.7-1.fc14: dnssdresolve.py:99:_reply:KeyError: (dbus.String(u'Canon iP90 @ Chris Hanes\u2019s iMac (625)'), dbus.String(u'_ipp._tcp'), dbus.String(u'local'))
        https://bugzilla.redhat.com/show_bug.cgi?id=678961
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe: 
https://admin.fedoraproject.org/mailman/listinfo/test



[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux