Fedora Essential and Critical Security Patch Updates - Page 764
Find the information you need for your favorite open source distribution .
Fedora 10 Update: libtiff-3.8.2-14.fc10
CVE-2009-2347 libtiff: integer overflows in various inter-color spaces conversion tools (crash, ACE) Not the same as last week's libtiff security issue ...
Fedora 10 Update: mingw32-libtiff-3.8.2-17.fc10
- update upstream URL - Fix some more LZW decoding vulnerabilities (CVE-2009-2285) Bugzilla: #511015
Fedora 11 Update: perl-IO-Socket-SSL-1.26-1.fc11
This update to version 1.26 fixes an issue where only the prefix of the hostname was checked if there was no wildcard present, so for example www.example.org would match a certificate starting with www.example.org
Fedora 10 Update: perl-5.10.0-73.fc10
This security update fixes an off-by-one overflow in Compress::Raw::Zlib (CVE-2009-1391) Moreover, it contains a subtle change to the configuration that does not affect the Perl interpreter itself, but fixes the propagation of the chosen options to the modules. For example, a rebuild of perl-Wx against perl-5.10.0-73 will fix bug 508496.
Fedora 11 Update: poppler-0.10.7-2.fc11
An update to the latest stable upstream release fixing many bugs, as well as addressing several security issues. Release announcement, https://lists.freedesktop.org/archives/poppler/2009-May/004721.html
Fedora 11 Update: seamonkey-1.1.17-1.fc11
Update to upstream version 1.1.17, fixing multiple security flaws: https://www.mozilla.org/en-US/security/known-vulnerabilities/seamonkey-1.1/
Fedora 10 Update: seamonkey-1.1.17-1.fc10
Update to upstream version 1.1.17, fixing multiple security flaws: https://www.mozilla.org/en-US/security/known-vulnerabilities/seamonkey-1.1/
Fedora 11 Update: webkitgtk-1.1.8-1.fc11
WebKitGTK+ 1.1.8 contains many bug-fixes and updates including spell-checking support, enhanced error reporting, lots of ATK enhancements, support for copying images to the clipboard, and a new printing API (since 1.1.5) that allows applications better control and monitoring of the printing process. Also, a potential buffer overflow in SVGList::insertItemBefore has been fixed (CVE-2009-0945); and the JIT compiler is now enabled by default for x86_64 systems. Please see the upstream changelog for the full list of fixes and enhancements:
Fedora 11 Update: phpMyAdmin-3.2.0.1-1.fc11
The first security release for phpMyAdmin 3.2.0: - [security] XSS: Insufficient output sanitizing in bookmarks This version contains a number of small new features and some bug fixes: - [core] better support for vendor customisation (based on what Debian needs) - [rfe] warn when session.gc_maxlifetime is less than cookie validity - [rfe] configurable default charset for import - [rfe] link to InnoDB status when error 150 occurs - [rfe] strip ` from column names on import - [rfe] LeftFrameDBSeparator can be an array - [privileges] Extra back reference when editing table-specific privileges - [display] Sortable database columns - [lang] Wrong string in setup script hints - [cleanup] XHTML cleanup, - [display] Possibility of disabling the sliders - [privileges] Create user for existing database - [privileges] Cleanup - [auth] AllowNoPasswordRoot error message is too vague - [XHTML] View table headers/footers completely - [core] support column name having square brackets - [lang] Lithuanian update - [auth] New setting AllowNoPassword (supercedes AllowNoPasswordRoot) that applies to all accounts (even the anonymous user) - [relation] Missing code with hashing for relationship editing - [rfe] Added option to disable mcrypt warning. - [bug] Request-URI Too Large error from Location header - [rfe] Check for relations support on main page. - [rfe] Explanation for using Host table. - [rfe] Link to download more themes. - [rfe] Add option to generate password on change password page. - [rfe] Allow logging of user status with Apache. - [patch] None default is different than other None in some languages. - [lang] Chinese Simplified update - [display] Sort arrows problem - [security] warn about existence of config directory on main page - [lang] Polish update - [export] Escape new line in CSV export - [patch] Optimizations for PHP loops - [import] SQL_MODE not saved during Partial Import - [auth] cache control missing (PHP-CGI) - [parser] Incorrect parsing of constraints in ALTER TABLE - [status] Server status - replication - [edit] Multi-row change with "]" improved - [rfe] Automatically copy generated password - [interface] Table with name 'log_views' is incorrectly displayed as a view - [patch] Detect mcrypt initialization failure - [lang] Galician update - [lang] Swedish update - [lang] Norwegian update - [lang] Catalan update - [lang] Finnish update - [lang] Hungarian update
Fedora 9 Update: pidgin-2.5.8-1.fc9
Several important bug fixes: - More fixes for Yahoo protocol 16 - MSN, MySpace, XMPP - CVE-2009-1889
Fedora 10 Update: drupal-6.13-1.fc10
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-7406 2009-07-03 18:39:15 -------------------------------------------------------------------------------- Name : drupal Product : Fedora 10 Version : 6.13 Release : 1.fc10 URL : http://www.drupal.org Summary : An open-source content-management platform Description : Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. -------------------------------------------------------------------------------- Update Information: Fixes SA-CORE-2009-007 ( https://www.drupal.org/node/507572 ). Remember to log in to your site as the admin user before upgrading this package. After upgrading the package, browse to to run the upgrade script. Multiple vulnerabilities and weaknesses were discovered in Drupal. Cross-site scripting The Forum module does not correctly handle certain arguments obtained from the URL. By enticing a suitably privileged user to visit a specially crafted URL, a malicious user is able to insert arbitrary HTML and script code into forum pages. Such a cross-site scripting attack may lead to the malicious user gaining administrative access. Wikipedia has more information about cross-site scripting (XSS). This issue affects Drupal 6.x only. Input format access bypass User signatures have no separate input format, they use the format of the comment with which they are displayed. A user will no longer be able to edit a comment when an administrator changes the comment's input format to a format that is not accessible to the user. However they will still be able to modify their signature, which will then be processed by the new input format. If the new format is very permissive, via their signature, the user may be able to insert arbitrary HTML and script code into pages or, when the PHP filter is enabled for the new format, execute PHP code. This issue affects Drupal 6.x only. Password leaked in URL When an anonymous user fails to login due to mistyping his username or password, and the page he is on contains a sortable table, the (incorrect) username and password are included in links on the table. If the user visits these links the password may then be leaked to external sites via the HTTP referer. In addition, if the anonymous user is enticed to visit the site via a specially crafted URL while the Drupal page cache is enabled, a malicious user might be able to retrieve the (incorrect) username and password from the page cache. This issue affects both Drupal 5.x and Drupal 6.x -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 2 2009 Jon Ciesla - 6.13-1 - Update to 6.11, SA-CORE-2009-007. - Added clarifying text on module installation to readme, BZ 500707. * Thu May 14 2009 Jon Ciesla - 6.12-1 - Update to 6.11, SA-CORE-2009-006. * Thu Apr 30 2009 Jon Ciesla - 6.11-1 - Update to 6.11, SA-CORE-2009-005. * Mon Apr 27 2009 Jon Ciesla - 6.10-2 - Added SELinux/sendmail note to README, BZ 497642. * Thu Feb 26 2009 Jon Ciesla - 6.10-1 - Update to 6.10, SA-CORE-2009-003. * Tue Feb 17 2009 Jon Ciesla - 6.9-2 - Drop pre script for files move, 472642. - Updated drupal-README.fedora. - Mark cron job noreplace, BZ 485567. * Thu Jan 15 2009 Jon Ciesla - 6.9-1 - Upgrade to 6.9, SA-CORE-2009-001. * Fri Jan 2 2009 Jon Ciesla - 6.8-1 - Upgrade to 6.8. - Move files directories from sites to /var/lib/drupal/files/N for selinux reasons, 472642. - Included script to move files outside of default, use at your own risk, patches welcome. * Thu Dec 11 2008 Jon Ciesla - 6.7-1 - Upgrade to 6.7, SA-2008-073. -------------------------------------------------------------------------------- References: [ 1 ] Bug #500707 - drupal-README.fedora should give hints about where to install modules https://bugzilla.redhat.com/show_bug.cgi?id=500707 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update drupal' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.redhat.com/mailman/listinfo/fedora-package-announce
Fedora 10 Update: pidgin-2.5.8-1.fc10
Several important bug fixes: - More fixes for Yahoo protocol 16 - MSN, MySpace, XMPP - CVE-2009-1889
Fedora 11 Update: pidgin-2.5.8-1.fc11
Several important bug fixes: - More fixes for Yahoo protocol 16 - MSN, MySpace, XMPP - CVE-2009-1889
