Fedora EPEL 4 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Nov 10 19:17:27 UTC 2011
The following Fedora EPEL 4 Security updates need testing:
https://admin.fedoraproject.org/updates/atop-1.26-1.el4.1
https://admin.fedoraproject.org/updates/puppet-0.25.6-1.el4
https://admin.fedoraproject.org/updates/ocsinventory-1.3.3-5.el4
https://admin.fedoraproject.org/updates/phpldapadmin-0.9.8.5-1.el4
https://admin.fedoraproject.org/updates/cacti-0.8.7h-1.el4
https://admin.fedoraproject.org/updates/cherokee-1.2.101-1.el4
https://admin.fedoraproject.org/updates/proftpd-1.3.3g-1.el4
The following builds have been pushed to Fedora EPEL 4 updates-testing
lcgdm-1.8.1.2-2.el4
proftpd-1.3.3g-1.el4
Details about builds:
================================================================================
lcgdm-1.8.1.2-2.el4 (FEDORA-EPEL-2011-4942)
LHC Computing Grid Data Management
--------------------------------------------------------------------------------
Update Information:
This update adds proper dependencies to other services in the service startup scripts.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 10 2011 Mattias Ellert <mattias.ellert at fysast.uu.se> - 1.8.1.2-2
- Implement new package names agreed with upstream
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.3g-1.el4 (FEDORA-EPEL-2011-4945)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
This update, to the current (and final) release for the 1.3.3 maintenance branch, includes a pair of security fixes:
* Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks (upstream bug 3704); to disable this countermeasure, which may cause interoperability issues with some clients, use the NoEmptyFragments TLSOption
* Response pool use-after-free memory corruption error (upstream bug 3711, #752812, ZDI-CAN-1420), in which a remote attacker could provide a specially-crafted request (resulting in a need for the server to handle an exceptional condition), leading to memory corruption and potentially arbitrary code execution, with the privileges of the user running the proftpd server
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 10 2011 Paul Howarth <paul at city-fan.org> 1.3.3g-1
- Update to 1.3.3g, fixing the following bugs:
- ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD (bug 3702)
- Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks (bug 3704);
to disable this countermeasure, which may cause interoperability issues
with some clients, use the NoEmptyFragments TLSOption
- Response pool use-after-free memory corruption error
(bug 3711, #752812, ZDI-CAN-1420)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #752812 - CVE-2011-4130 proftpd: Response pool use-after-free flaw (ZDI-CAN-1420)
https://bugzilla.redhat.com/show_bug.cgi?id=752812
--------------------------------------------------------------------------------
More information about the epel-devel-list
mailing list