[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Fedora EPEL 4 updates-testing report



The following Fedora EPEL 4 Security updates need testing:

    https://admin.fedoraproject.org/updates/atop-1.26-1.el4.1
    https://admin.fedoraproject.org/updates/puppet-0.25.6-1.el4
    https://admin.fedoraproject.org/updates/ocsinventory-1.3.3-5.el4
    https://admin.fedoraproject.org/updates/phpldapadmin-0.9.8.5-1.el4
    https://admin.fedoraproject.org/updates/cherokee-1.2.101-1.el4


The following builds have been pushed to Fedora EPEL 4 updates-testing

    crudminer-0.3.2-2.el4
    iec16022-0.2.4-7.el4
    ocsinventory-1.3.3-5.el4
    phpldapadmin-0.9.8.5-1.el4
    puppet-0.25.6-1.el4
    ssldump-0.9-0.4.b3.el4

Details about builds:


================================================================================
 crudminer-0.3.2-2.el4 (FEDORA-EPEL-2011-4754)
 Find and report insecure web software in a web root
--------------------------------------------------------------------------------
Update Information:

New package.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #748446 - Review Request: crudminer - Find known-vulnerable software in a web root
        https://bugzilla.redhat.com/show_bug.cgi?id=748446
--------------------------------------------------------------------------------


================================================================================
 iec16022-0.2.4-7.el4 (FEDORA-EPEL-2011-4781)
 Generate ISO/IEC 16022 2D barcodes
--------------------------------------------------------------------------------
Update Information:

iec16022 is a program for producing ISO/IEC 16022 2D barcodes, also known as Data Matrix. These barcodes are defined in the ISO/IEC 16022 standard.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #594844 - Review Request: iec16022 - Generate ISO/IEC 16022 2D barcodes
        https://bugzilla.redhat.com/show_bug.cgi?id=594844
--------------------------------------------------------------------------------


================================================================================
 ocsinventory-1.3.3-5.el4 (FEDORA-EPEL-2011-4755)
 Open Computer and Software Inventory Next Generation
--------------------------------------------------------------------------------
Update Information:

Fix a XSS vulnerability
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 25 2011 Remi Collet <Fedora famillecollet com> - 1.3.3-5
- fix XSS vulnerabity (Bug #748072, CVE-2011-4024)
- Don't require php-zip for F16 and up.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #748072 - CVE-2011-4024 ocsinventory: XSS flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=748072
--------------------------------------------------------------------------------


================================================================================
 phpldapadmin-0.9.8.5-1.el4 (FEDORA-EPEL-2011-4759)
 Web-based tool for managing LDAP servers
--------------------------------------------------------------------------------
Update Information:

Fix CVE-2011-4074 and CVE-2011-4075 (XSS and code injection vulnerabilities in versions <= 1.2.1.1)

Update to version 0.9.8.5
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 26 2011 Dmitry Butskoy <Dmitry Butskoy name> - 0.9.8.5-1
- fix #748539 (CVE-2011-4075)
- update to 0.9.8.5
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #748537 - CVE-2011-4074 CVE-2011-4075 phpldapadmin: XSS and code injection vulnerabilities in <= 1.2.1.1
        https://bugzilla.redhat.com/show_bug.cgi?id=748537
--------------------------------------------------------------------------------


================================================================================
 puppet-0.25.6-1.el4 (FEDORA-EPEL-2011-4767)
 A network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:

A bug in puppet's SSL certificate handling could allow nodes with a valid certificate to impersonate the puppet master.  To be vulnerable, a user would have had to set the certdnsnames variable and generated certificates.  This setting is not set by default in the Fedora/EPEL packages.

This update closes the vulnerability in newly generated certificates, but cannot prevent existing certificates from being used to exploit the vulnerability.  Please refer to the upstream documentation for more details on mitigation and remediation of this issue, if you have generate certificates that are vulnerable to this issue:

http://puppetlabs.com/security/cve/cve-2011-3872/
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct 22 2011 Todd Zullinger <tmz pobox com> - 0.25.6-1
- Update to 0.25.6, fixes CVE-2011-3872
--------------------------------------------------------------------------------


================================================================================
 ssldump-0.9-0.4.b3.el4 (FEDORA-EPEL-2011-4785)
 An SSLv3/TLS network protocol analyzer
--------------------------------------------------------------------------------
Update Information:

Fixed wrong decoder table ends to avoid many segfaults
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 24 2011 Robert Scheck <robert fedoraproject org> 0.9-0.4.b3
- Fixed wrong decoder table ends to avoid many segfaults (#747398)
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng lists fedoraproject org> - 0.9-0.3.b3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #747398 - ssldump segfaults within minutes after running it
        https://bugzilla.redhat.com/show_bug.cgi?id=747398
--------------------------------------------------------------------------------



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]