Fedora EPEL 5 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 10 19:17:27 UTC 2011 

The following Fedora EPEL 5 Security updates need testing:

    https://admin.fedoraproject.org/updates/atop-1.26-1.el5.1
    https://admin.fedoraproject.org/updates/couchdb-1.0.2-8.el5,erlang-ibrowse-2.2.0-3.el5
    https://admin.fedoraproject.org/updates/ocsinventory-1.3.3-5.el5
    https://admin.fedoraproject.org/updates/bugzilla-3.2.10-2.el5
    https://admin.fedoraproject.org/updates/phpldapadmin-1.0.2-1.el5
    https://admin.fedoraproject.org/updates/awstats-6.95-3.el5
    https://admin.fedoraproject.org/updates/clamav-0.97.3-1.el5
    https://admin.fedoraproject.org/updates/cacti-0.8.7h-1.el5
    https://admin.fedoraproject.org/updates/puppet-2.6.12-1.el5
    https://admin.fedoraproject.org/updates/proftpd-1.3.3g-1.el5
    https://admin.fedoraproject.org/updates/net6-1.3.14-1.el5
    https://admin.fedoraproject.org/updates/cherokee-1.2.101-1.el5
    https://admin.fedoraproject.org/updates/drupal6-views-2.13-1.el5
    https://admin.fedoraproject.org/updates/phpMyAdmin3-3.4.7-1.el5


The following builds have been pushed to Fedora EPEL 5 updates-testing

    lcgdm-1.8.1.2-2.el5
    proftpd-1.3.3g-1.el5
    python-tgext-admin-0.3.11-1.el5

Details about builds:


================================================================================
 lcgdm-1.8.1.2-2.el5 (FEDORA-EPEL-2011-4946)
 LHC Computing Grid Data Management
--------------------------------------------------------------------------------
Update Information:

This update adds proper dependencies to other services in the service startup scripts.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 10 2011 Mattias Ellert <mattias.ellert at fysast.uu.se> - 1.8.1.2-2
- Implement new package names agreed with upstream
--------------------------------------------------------------------------------


================================================================================
 proftpd-1.3.3g-1.el5 (FEDORA-EPEL-2011-4943)
 Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:

This update, to the current (and final) release for the 1.3.3 maintenance branch, includes a pair of security fixes:

* Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks (upstream bug 3704); to disable this countermeasure, which may cause interoperability issues with some clients, use the NoEmptyFragments TLSOption
* Response pool use-after-free memory corruption error (upstream bug 3711, #752812, ZDI-CAN-1420), in which a remote attacker could provide a specially-crafted request (resulting in a need for the server to handle an exceptional condition), leading to memory corruption and potentially arbitrary code execution, with the privileges of the user running the proftpd server
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 10 2011 Paul Howarth <paul at city-fan.org> 1.3.3g-1
- Update to 1.3.3g, fixing the following bugs:
  - ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD (bug 3702)
  - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks (bug 3704);
    to disable this countermeasure, which may cause interoperability issues
    with some clients, use the NoEmptyFragments TLSOption
  - Response pool use-after-free memory corruption error
    (bug 3711, #752812, ZDI-CAN-1420)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #752812 - CVE-2011-4130 proftpd: Response pool use-after-free flaw (ZDI-CAN-1420)
        https://bugzilla.redhat.com/show_bug.cgi?id=752812
--------------------------------------------------------------------------------


================================================================================
 python-tgext-admin-0.3.11-1.el5 (FEDORA-EPEL-2011-4949)
 Admin Controller add-on for basic TG identity model
--------------------------------------------------------------------------------
Update Information:

This version contains some minor bugfixes, as well as Admin Controller support for MongoDB
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 10 2011 Luke Macken <lmacken at redhat.com> - 0.3.11-1
- Update to 0.3.11 (#741578)
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.3.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sat Sep 11 2010 Luke Macken <lmacken at redhat.com> - 0.3.10-2
- Require python-sprox, and add strict version requirements (#632844)
* Tue Sep  7 2010 Luke Macken <lmacken at redhat.com> - 0.3.10-1
- Update to 0.3.10
* Thu Jul 22 2010 David Malcolm <dmalcolm at redhat.com> - 0.3.9-2
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
--------------------------------------------------------------------------------

More information about the epel-devel-list mailing list