Fedora Essential and Critical Security Patch Updates - Page 791
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
New upstream patch level version 2.5.5, including multiple security fixes detailed in upstream announcements: http://www.postfix.org/announcements/20080814.html http://www.postfix.org/announcements/20080902.html
New upstream patch level version 2.5.5, including multiple security fixes detailed in upstream announcements: http://www.postfix.org/announcements/20080814.html http://www.postfix.org/announcements/20080902.html
This is an urgent security fix for a bug newly introduced in libxml2-2.7.x leading to CPU and memory exhaustion. See upstream bug report for further details: https://bugzilla.gnome.org/show_bug.cgi?id=554660
This release fixes multiple bugs and security issues: - DoS via corrupted Ogg files (CVE-2008-3231) - multiple possible buffer overflows detailed in oCERT-2008-008 For more details, see: ;group_id=9655 http://ocert.org/advisories/ocert-2008-008.html NOTE: A coordinated release with 3rd-party repos was not possible, so this update may result in dependency issues with currently-installed xine-lib-extras-* rpms. This temporary problem will be rectified asap.
Upstream released Bitlbee 1.2.2 with the following changes to the former release: - Security bugfix: It was possible to hijack accounts (without gaining access to the old account, it's simply an overwrite) - Some more stability improvements. - Fixed bug where people with non-lowercase nicks couldn't drop their account. - Easier upgrades of non-forking daemon mode servers (using the DEAF command). - Can be cross-compiled for Win32 now! (No support for SSL yet though, which makes it less useful for now.) - Exponential backoff on auto-reconnect. - Changing passwords gives less confusing feedback ("password is empty") now. Finished 26 Aug 2008
Multiple insecure temporary file usage flaws were identified in the get-maptools.sh and get_shapelib.sh scripts shipped in xastir packages. As those scripts are not needed with Fedora-distributed xastir packages (they automate installation of libraries used by xastir, which are provided in the Fedora archive in the pre-packaged RPM format), they were removed.
Security fix for CVE-2008-3789 detailed in the upstream advisory: https://www.samba.org/samba/security/CVE-2008-3789.html
Update to R 2.7.2, also fixes security issue with unsafe temp directory handling in javareconf script.
Update to R 2.7.2, also fixes security issue with unsafe temp directory handling in javareconf script.
Update to R 2.7.2, also fixes security issue with unsafe temp directory handling in javareconf script.
This update fixes a format string vulnerability that was discovered in yelp 2.20.
Security-enhanced Linux is a feature of the Linux® kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role-based Access Control, and Multi-level Security.
Amarok 1.4.10 has been released to fix a security problem. For more information please see Please update.
Security fix for CVE-2008-3789 detailed in the upstream advisory: https://www.samba.org/samba/security/CVE-2008-3789.html
Updated thunderbird packages that fix several security issues are now available for Fedora 8. Several flaws were found in the processing of malformed HTML content. An HTML mail containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)
This update includes the latest release of httpd 2.2. A security issue is fixed in this update: A flaw was found in the handling of excessive interim responses from an origin server when using mod_proxy_http. In a forward proxy configuration, if a user of the proxy could be tricked into visiting a malicious web server, the proxy could be forced into consuming a large amount of stack or heap memory. This could lead to an eventual process crash due to stack space exhaustion.
This update includes the latest release of httpd 2.2. Two security issues are fixed in this update: A flaw was found in the handling of excessive interim responses from an origin server when using mod_proxy_http. In a forward proxy configuration, if a user of the proxy could be tricked into visiting a malicious web server, the proxy could be forced into consuming a large amount of stack or heap memory. This could lead to an eventual process crash due to stack space exhaustion. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. A remote attacker enabling compression in an SSL handshake could cause a memory leak in the server, leading to a denial of service.
SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2624.