Fedora Essential and Critical Security Patch Updates - Page 741
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
CVE-2009-4131: EXT4 - fix insufficient permission checking which could result in arbitrary data corruption by a local unprivileged user.
This update contains the latest stable release of Apache httpd. Three security fixes are included, along with several minor bug fixes. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS
Update to 3.12.5 This update fixes the following security flaw: CVE-2009-3555 TLS: MITM attacks via session renegotiation
Two security issues are found on activepack shipped on Fedora 10. One bug is that there is a weakness in the strip_tags function in ruby on rails (bug 542786, CVE-2009-4214). Another one is a possibility to circumvent protection against cross-site request forgery (CSRF) attacks (bug 544329). This new rpm will fix these issues.
Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using Expat to crash while parsing the file. (CVE-2009-3560, CVE-2009-3720)
A buffer over-read flaw was found in the way Expat handles malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using Expat to crash while parsing the file. (CVE-2009-3560)
A buffer over-read flaw was found in the way Expat handles malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using Expat to crash while parsing the file. (CVE-2009-3560)
This release fixes above mentioned security issue, adds several enhancements and fixes few other bugs. For complete information, please see changelog.
This update include a fix for improper reference counting in abstract file descriptors handling interface (CVE-2009-3553), and for a memory leak in the LSPP support.
Rebased to 1.2.x, fixing several security flaws, see the security advisory for details: https://www.wireshark.org/security/wnpa-sec-2009-04.html
Update to upstream PHP version 5.3.1 PHP 5.3.1 Release Announcement: https://www.php.net/releases/5_3_1.php Changelog: https://www.php.net/ChangeLog-5.php
Update to upstream PHP version 5.3.1 PHP 5.3.1 Release Announcement: https://www.php.net/releases/5_3_1.php Changelog: https://www.php.net/ChangeLog-5.php