Fedora Essential and Critical Security Patch Updates - Page 748
Find the information you need for your favorite open source distribution .
Fedora 11 Update: xpdf-3.02-15.fc11
- apply xpdf-3.02pl4 security patch to fix: CVE-2009-1188/CVE-2009-3603, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609
Fedora 11 Update: perl-Net-OAuth-0.19-1.fc11
A session fixation vulnerability was discovered in OAuth protocol 1.0. Perl OAuth bindings were updated to support the new version of the OAauth protocol that was issued to address the vulnerability. All OAuth users are strongly advised to update to this updated package and protocol version 1.0a which fixes the vulnerability. Upstream advisory: https://oauth.net/advisories/2009-1/
Fedora 11 Update: phpMyAdmin-3.2.2.1-1.fc11
Changes for 3.2.2.1: - [security] XSS and SQL injection, thanks to Herman van Rink
Fedora 11 Update: Django-1.1.1-1.fc11
http://www.djangoproject.com/weblog/2009/oct/09/security/ Description of vulnerability ============================ Django's forms library included field types which perform regular-expression-based validation of email addresses and URLs. Certain addresses/URLs could trigger a pathological performance case in this regular expression, resulting in the server process/thread becoming unresponsive, and consuming excessive CPU over an extended period of time. If deliberately triggered, this could result in an effective denial-of-service attack.
Fedora 10 Update: Django-1.1.1-1.fc10
http://www.djangoproject.com/weblog/2009/oct/09/security/ Description of vulnerability ============================ Django's forms library included field types which perform regular-expression-based validation of email addresses and URLs. Certain addresses/URLs could trigger a pathological performance case in this regular expression, resulting in the server process/thread becoming unresponsive, and consuming excessive CPU over an extended period of time. If deliberately triggered, this could result in an effective denial-of-service attack.
Fedora 10 Update: perl-Net-OAuth-0.19-1.fc10
A session fixation vulnerability was discovered in OAuth protocol 1.0. Perl OAuth bindings were updated to support the new version of the OAauth protocol that was issued to address the vulnerability. All OAuth users are strongly advised to update to this updated package and protocol version 1.0a which fixes the vulnerability. Upstream advisory: https://oauth.net/advisories/2009-1/
Fedora 10 Update: phpMyAdmin-3.2.2.1-1.fc10
Changes for 3.2.2.1: - [security] XSS and SQL injection, thanks to Herman van Rink
Fedora 10 Update: dnsmasq-2.46-2.fc10
This update fixes two security issues with dnsmasq's tftp server: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2958
Fedora 11 Update: rubygem-activeresource-2.3.2-2.fc11
- Fixes CVE-2009-3009 - Downgrade to Rails 2.3.2 to avoid update issues for existing applications
Fedora 11 Update: rubygem-rails-2.3.2-5.fc11
- Fixes CVE-2009-3009 - Downgrade to Rails 2.3.2 to avoid update issues for existing applications
Fedora 11 Update: rubygem-actionpack-2.3.2-2.fc11
- Fixes CVE-2009-3009 - Downgrade to Rails 2.3.2 to avoid update issues for existing applications
Fedora 11 Update: rubygem-actionmailer-2.3.2-3.fc11
- Fixes CVE-2009-3009 - Downgrade to Rails 2.3.2 to avoid update issues for existing applications
Fedora 11 Update: rubygem-activerecord-2.3.2-2.fc11
- Fixes CVE-2009-3009 - Downgrade to Rails 2.3.2 to avoid update issues for existing applications
Fedora 11 Update: rubygem-activesupport-2.3.2-2.fc11
- Fixes CVE-2009-3009 - Downgrade to Rails 2.3.2 to avoid update issues for existing applications
Fedora 11 Update: drupal-service_links-6.x.1.0-5.fc11
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-10466 2009-10-14 00:47:15 -------------------------------------------------------------------------------- Name : drupal-service_links Product : Fedora 11 Version : 6.x.1.0 Release : 5.fc11 URL : https://www.drupal.org/project/service_links Summary : Enables admins to add links to a number of sites Description : The service links module enables admins to add links to a number of social bookmarking sites, blog search sites etc. Includes sites are del.icio.us, Digg, Reddit, ma.gnolia.com, Newsvine, Furl, Google, Yahoo, Technorati and IceRocket. -------------------------------------------------------------------------------- Update Information: Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3648 to the following vulnerability: Name: CVE-2009-3648 URL: http://cve.mitre.org /cgi-bin/cvename.cgi?name=CVE-2009-3648 Assigned: 20091009 Reference: MISC: https://www.madirish.net/ Reference: BID:36584 Reference: URL: Reference: XF:servicelinks-content-type- xss(53633) Reference: URL: Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectorswhen displaying content type names. Checked drupal-service_links in CVS and this affects Fedora 10, 11, and rawhide. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 9 2009 Jon Ciesla - 6.x.1.0-5 - Patch for CVE-2009-3648 from madirish.net, BZ 528200, 528201. * Fri Jul 24 2009 Fedora Release Engineering - 6.x.1.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #528200 - CVE-2009-3648 drupal-service_links: xss vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=528200 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update drupal-service_links' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.redhat.com/mailman/listinfo/fedora-package-announce
Fedora 10 Update: drupal-service_links-6.x.1.0-5.fc10
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-10445 2009-10-14 00:46:50 -------------------------------------------------------------------------------- Name : drupal-service_links Product : Fedora 10 Version : 6.x.1.0 Release : 5.fc10 URL : https://www.drupal.org/project/service_links Summary : Enables admins to add links to a number of sites Description : The service links module enables admins to add links to a number of social bookmarking sites, blog search sites etc. Includes sites are del.icio.us, Digg, Reddit, ma.gnolia.com, Newsvine, Furl, Google, Yahoo, Technorati and IceRocket. -------------------------------------------------------------------------------- Update Information: Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3648 to the following vulnerability: Name: CVE-2009-3648 URL: http://cve.mitre.org /cgi-bin/cvename.cgi?name=CVE-2009-3648 Assigned: 20091009 Reference: MISC: https://www.madirish.net/ Reference: BID:36584 Reference: URL: Reference: XF:servicelinks-content-type- xss(53633) Reference: URL: Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectorswhen displaying content type names. Checked drupal-service_links in CVS and this affects Fedora 10, 11, and rawhide. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 9 2009 Jon Ciesla - 6.x.1.0-5 - Patch for CVE-2009-3648 from madirish.net, BZ 528200, 528201. * Fri Jul 24 2009 Fedora Release Engineering - 6.x.1.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Tue Feb 24 2009 Fedora Release Engineering - 6.x.1.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #528200 - CVE-2009-3648 drupal-service_links: xss vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=528200 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update drupal-service_links' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.redhat.com/mailman/listinfo/fedora-package-announce
Fedora 11 Update: deltarpm-3.4-18.fc11
deltarpm prior to the current build ships with a bundled copy of zlib. This version of zlib has a known vulnerability with CVE identifier: CAN-2005-1849 This build of deltarpm patches the program to use the system zlib (which was fixed when the vulnerability was first discovered) instead of the bundled copy.
