Fedora EPEL 4 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Oct 27 19:12:54 UTC 2011
The following Fedora EPEL 4 Security updates need testing:
https://admin.fedoraproject.org/updates/atop-1.26-1.el4.1
https://admin.fedoraproject.org/updates/puppet-0.25.6-1.el4
https://admin.fedoraproject.org/updates/ocsinventory-1.3.3-5.el4
https://admin.fedoraproject.org/updates/phpldapadmin-0.9.8.5-1.el4
https://admin.fedoraproject.org/updates/cherokee-1.2.101-1.el4
The following builds have been pushed to Fedora EPEL 4 updates-testing
crudminer-0.3.2-2.el4
iec16022-0.2.4-7.el4
ocsinventory-1.3.3-5.el4
phpldapadmin-0.9.8.5-1.el4
puppet-0.25.6-1.el4
ssldump-0.9-0.4.b3.el4
Details about builds:
================================================================================
crudminer-0.3.2-2.el4 (FEDORA-EPEL-2011-4754)
Find and report insecure web software in a web root
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #748446 - Review Request: crudminer - Find known-vulnerable software in a web root
https://bugzilla.redhat.com/show_bug.cgi?id=748446
--------------------------------------------------------------------------------
================================================================================
iec16022-0.2.4-7.el4 (FEDORA-EPEL-2011-4781)
Generate ISO/IEC 16022 2D barcodes
--------------------------------------------------------------------------------
Update Information:
iec16022 is a program for producing ISO/IEC 16022 2D barcodes, also known as Data Matrix. These barcodes are defined in the ISO/IEC 16022 standard.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #594844 - Review Request: iec16022 - Generate ISO/IEC 16022 2D barcodes
https://bugzilla.redhat.com/show_bug.cgi?id=594844
--------------------------------------------------------------------------------
================================================================================
ocsinventory-1.3.3-5.el4 (FEDORA-EPEL-2011-4755)
Open Computer and Software Inventory Next Generation
--------------------------------------------------------------------------------
Update Information:
Fix a XSS vulnerability
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 25 2011 Remi Collet <Fedora at famillecollet.com> - 1.3.3-5
- fix XSS vulnerabity (Bug #748072, CVE-2011-4024)
- Don't require php-zip for F16 and up.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #748072 - CVE-2011-4024 ocsinventory: XSS flaw
https://bugzilla.redhat.com/show_bug.cgi?id=748072
--------------------------------------------------------------------------------
================================================================================
phpldapadmin-0.9.8.5-1.el4 (FEDORA-EPEL-2011-4759)
Web-based tool for managing LDAP servers
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2011-4074 and CVE-2011-4075 (XSS and code injection vulnerabilities in versions <= 1.2.1.1)
Update to version 0.9.8.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 26 2011 Dmitry Butskoy <Dmitry at Butskoy.name> - 0.9.8.5-1
- fix #748539 (CVE-2011-4075)
- update to 0.9.8.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #748537 - CVE-2011-4074 CVE-2011-4075 phpldapadmin: XSS and code injection vulnerabilities in <= 1.2.1.1
https://bugzilla.redhat.com/show_bug.cgi?id=748537
--------------------------------------------------------------------------------
================================================================================
puppet-0.25.6-1.el4 (FEDORA-EPEL-2011-4767)
A network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:
A bug in puppet's SSL certificate handling could allow nodes with a valid certificate to impersonate the puppet master. To be vulnerable, a user would have had to set the certdnsnames variable and generated certificates. This setting is not set by default in the Fedora/EPEL packages.
This update closes the vulnerability in newly generated certificates, but cannot prevent existing certificates from being used to exploit the vulnerability. Please refer to the upstream documentation for more details on mitigation and remediation of this issue, if you have generate certificates that are vulnerable to this issue:
http://puppetlabs.com/security/cve/cve-2011-3872/
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 22 2011 Todd Zullinger <tmz at pobox.com> - 0.25.6-1
- Update to 0.25.6, fixes CVE-2011-3872
--------------------------------------------------------------------------------
================================================================================
ssldump-0.9-0.4.b3.el4 (FEDORA-EPEL-2011-4785)
An SSLv3/TLS network protocol analyzer
--------------------------------------------------------------------------------
Update Information:
Fixed wrong decoder table ends to avoid many segfaults
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 24 2011 Robert Scheck <robert at fedoraproject.org> 0.9-0.4.b3
- Fixed wrong decoder table ends to avoid many segfaults (#747398)
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9-0.3.b3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #747398 - ssldump segfaults within minutes after running it
https://bugzilla.redhat.com/show_bug.cgi?id=747398
--------------------------------------------------------------------------------
More information about the epel-devel-list
mailing list