Fedora Essential and Critical Security Patch Updates - Page 742
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially-crafted headers to local user, leading to disclosure of content and potentially, to modification of arbitrary system file, once the email message was processed by the PEAR's Mail
New release, including fix for XSS vulnerability in web interface (CVE-2009-2820) and for improper reference counting in abstract file descriptors handling interface (CVE-2009-3553).
Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially-crafted headers to local user, leading to disclosure of content and potentially, to modification of arbitrary system file, once the email message was processed by the PEAR's Mail
- Fix security in awredir.pl script by adding a security key required by default. - Enhance security of parameter sanitizing function.
Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape content of mail header fields, when using the sendmail backend. A remote attacker could send an email message, with specially-crafted headers to local user, leading to disclosure of content and potentially, to modification of arbitrary system file, once the email message was processed by the PEAR's Mail
Updated to 1.4.2 including XSS security fix (CVE-2009-2820). Fixed improper reference counting in abstract file descriptors handling interface (CVE-2009-3553). Fixed admin.cgi crash when modifying a class. Fix cups-lpd to create unique temporary data files. Pass through serial parameters correctly in web interface. Set the PRINTER_IS_SHARED variable for admin.cgi Fix removing
Fix for CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, and CVE-2009-0783.
Fix for CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, and CVE-2009-0783.
Update to 9.6.1-P2 release which contains following fix: * Additional section of response could be cached without successful DNSSEC validation even if DNSSEC validation is enabled
Update to 9.6.1-P2 release which contains following fix: * Additional section of response could be cached without successful DNSSEC validation even if DNSSEC validation is enabled
Fix for CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, and CVE-2009-0783.
Upstream Changelog Version 2.4.5 - QA Release: * Prevent command injection [saltybeagle] (CVE-2009-4024)
Upstream Changelog Version 2.4.5 - QA Release: * Prevent command injection [saltybeagle] (CVE-2009-4024)
Upstream changelog: QA Release: * Prevent command injection [kguest] (CVE-2009-4025)
Upstream Changelog Version 2.4.5 - QA Release: * Prevent command injection [saltybeagle] (CVE-2009-4024)
Upstream changelog: QA Release: * Prevent command injection [kguest] (CVE-2009-4025)
Upstream changelog: QA Release: * Prevent command injection [kguest] (CVE-2009-4025)
Update to 2.8.5.1 which includes a fix for CVE-2009-3641 DoS (crash) while printing specially-crafted IPv6 packet using the -v option
* Thu Nov 5 2009 Jeffrey C. Ollie - 1.6.0.17-2 - Fix firmware path * Wed Nov 4 2009 Jeffrey C. Ollie - 1.6.0.17-1 - Update to 1.6.0.17 to fix AST-2009-009/CVE-2008-7220 - Merge the firmware subpackage back into the main package. - Don't package the iaxy firmware anymore.
Bugzilla 3.4.4 fixes security issues that were found in previous versions of the software where private information would be leaked to other users. CVE Number: CVE-2009-3386 See upstream security advisory for additional details: https://www.bugzilla.org/security/3.4.3/