Fedora Essential and Critical Security Patch Updates - Page 756
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
- Implemented page referal verification mechanism. (Secunia Advisory SA34627) - Implemented security token system. (Secunia Advisory SA34627)
This update includes the latest release of neon, version 0.28.6. This fixes two security issues: * the "billion laughs" attack against expat could allow a Denial of Service attack by a malicious server. (CVE-2009-2473) * an embedded NUL byte in a certificate subject name could allow an undetected MITM attack against an SSL server if a trusted CA issues such a cert.
Fixes CVE-2008-2232: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2232
Qt's WebKit code did not properly handle numeric character references, which could allow remote attackers to cause a denial of service (memory corruption and application crash) via a crafted HTML document. Also included is: * a fix for lib symlinks changing erroneously on upgrades * a fix for Copy and paste issues * added support for more x keycodes
pidgin upgrade to 2.6.0 for the CVE-2009-2694, insufficient input validation in msn_slplink_process_msg(). 2.6.0 has Voice and Video support via farsight2 (Fedora 11+ only) and numerous other bug fixes. farsight2, libnice and gupnp- igd are version upgrades to make voice and video actually work on Fedora 11.
pidgin upgrade to 2.6.0 for the CVE-2009-2694, insufficient input validation in msn_slplink_process_msg(). 2.6.0 has Voice and Video support via farsight2 (Fedora 11+ only) and numerous other bug fixes. farsight2, libnice and gupnp- igd are version upgrades to make voice and video actually work on Fedora 11.
pidgin upgrade to 2.6.0 for the CVE-2009-2694, insufficient input validation in msn_slplink_process_msg(). 2.6.0 has Voice and Video support via farsight2 (Fedora 11+ only) and numerous other bug fixes. farsight2, libnice and gupnp- igd are version upgrades to make voice and video actually work on Fedora 11.
pidgin upgrade to 2.6.0 for the CVE-2009-2694, insufficient input validation in msn_slplink_process_msg(). 2.6.0 has Voice and Video support via farsight2 (Fedora 11+ only) and numerous other bug fixes. farsight2, libnice and gupnp- igd are version upgrades to make voice and video actually work on Fedora 11.
- Implemented page referal verification mechanism. (Secunia Advisory SA34627) - Implemented security token system. (Secunia Advisory SA34627)
A security issue has been found in GUI https://seclists.org/fulldisclosure/2009/Aug/143
Qt's WebKit code did not properly handle numeric character references, which could allow remote attackers to cause a denial of service (memory corruption and application crash) via a crafted HTML document. Also included is: * a fix for lib symlinks changing erroneously on upgrades * a fix for Copy and paste issues * added support for more x keycodes
This update includes the latest release of neon, version 0.28.6. This fixes two security issues: * the "billion laughs" attack against expat could allow a Denial of Service attack by a malicious server. (CVE-2009-2473) * an embedded NUL byte in a certificate subject name could allow an undetected MITM attack against an SSL server if a trusted CA issues such a cert. Several bug fixes are also included, notably: * X.509v1 CA certificates are trusted by default * Fix handling of some PKCS#12 certificates
pidgin upgrade to 2.6.0 for the CVE-2009-2694, insufficient input validation in msn_slplink_process_msg() and numerous other bug fixes. Fedora 10 does not support voice and video with pidgin-2.6.0. Upgrade to Fedora 11 for this capability.
Fixes CVE-2008-2232: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2232
Fix oops in clock_nanosleep syscall which allows an ordinary user to cause a null ptr dereference in the kernel. CVE-2009-2767. Fixes BUG_ON() in the intel gem page fault code breaking GNOME Shell.
Fixes several denial of service issues which could allow an attacker to stop the Squid service. CVE-2009-2621, CVE-2009-2622
Fixes several denial of service issues which could allow an attacker to stop the Squid service. CVE-2009-2621, CVE-2009-2622