The following Fedora EPEL 4 Security updates need testing:
https://admin.fedoraproject.org/updates/atop-1.26-1.el4.1
https://admin.fedoraproject.org/updates/puppet-0.25.6-1.el4
https://admin.fedoraproject.org/updates/ocsinventory-1.3.3-5.el4
https://admin.fedoraproject.org/updates/phpldapadmin-0.9.8.5-1.el4
https://admin.fedoraproject.org/updates/cherokee-1.2.101-1.el4
The following builds have been pushed to Fedora EPEL 4 updates-testing
crudminer-0.3.2-2.el4
iec16022-0.2.4-7.el4
ocsinventory-1.3.3-5.el4
phpldapadmin-0.9.8.5-1.el4
puppet-0.25.6-1.el4
ssldump-0.9-0.4.b3.el4
Details about builds:
================================================================================
crudminer-0.3.2-2.el4 (FEDORA-EPEL-2011-4754)
Find and report insecure web software in a web root
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #748446 - Review Request: crudminer - Find known-vulnerable
software in a web root
https://bugzilla.redhat.com/show_bug.cgi?id=748446
--------------------------------------------------------------------------------
================================================================================
iec16022-0.2.4-7.el4 (FEDORA-EPEL-2011-4781)
Generate ISO/IEC 16022 2D barcodes
--------------------------------------------------------------------------------
Update Information:
iec16022 is a program for producing ISO/IEC 16022 2D barcodes, also known as
Data Matrix. These barcodes are defined in the ISO/IEC 16022 standard.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #594844 - Review Request: iec16022 - Generate ISO/IEC 16022 2D
barcodes
https://bugzilla.redhat.com/show_bug.cgi?id=594844
--------------------------------------------------------------------------------
================================================================================
ocsinventory-1.3.3-5.el4 (FEDORA-EPEL-2011-4755)
Open Computer and Software Inventory Next Generation
--------------------------------------------------------------------------------
Update Information:
Fix a XSS vulnerability
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 25 2011 Remi Collet <[email protected]> - 1.3.3-5
- fix XSS vulnerabity (Bug #748072, CVE-2011-4024)
- Don't require php-zip for F16 and up.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #748072 - CVE-2011-4024 ocsinventory: XSS flaw
https://bugzilla.redhat.com/show_bug.cgi?id=748072
--------------------------------------------------------------------------------
================================================================================
phpldapadmin-0.9.8.5-1.el4 (FEDORA-EPEL-2011-4759)
Web-based tool for managing LDAP servers
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2011-4074 and CVE-2011-4075 (XSS and code injection vulnerabilities in
versions <= 1.2.1.1)
Update to version 0.9.8.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 26 2011 Dmitry Butskoy <[email protected]> - 0.9.8.5-1
- fix #748539 (CVE-2011-4075)
- update to 0.9.8.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #748537 - CVE-2011-4074 CVE-2011-4075 phpldapadmin: XSS and code
injection vulnerabilities in <= 1.2.1.1
https://bugzilla.redhat.com/show_bug.cgi?id=748537
--------------------------------------------------------------------------------
================================================================================
puppet-0.25.6-1.el4 (FEDORA-EPEL-2011-4767)
A network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:
A bug in puppet's SSL certificate handling could allow nodes with a valid
certificate to impersonate the puppet master. To be vulnerable, a user would
have had to set the certdnsnames variable and generated certificates. This
setting is not set by default in the Fedora/EPEL packages.
This update closes the vulnerability in newly generated certificates, but
cannot prevent existing certificates from being used to exploit the
vulnerability. Please refer to the upstream documentation for more details on
mitigation and remediation of this issue, if you have generate certificates
that are vulnerable to this issue:
http://puppetlabs.com/security/cve/cve-2011-3872/
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 22 2011 Todd Zullinger <[email protected]> - 0.25.6-1
- Update to 0.25.6, fixes CVE-2011-3872
--------------------------------------------------------------------------------
================================================================================
ssldump-0.9-0.4.b3.el4 (FEDORA-EPEL-2011-4785)
An SSLv3/TLS network protocol analyzer
--------------------------------------------------------------------------------
Update Information:
Fixed wrong decoder table ends to avoid many segfaults
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 24 2011 Robert Scheck <[email protected]> 0.9-0.4.b3
- Fixed wrong decoder table ends to avoid many segfaults (#747398)
* Wed Feb 9 2011 Fedora Release Engineering <[email protected]>
- 0.9-0.3.b3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #747398 - ssldump segfaults within minutes after running it
https://bugzilla.redhat.com/show_bug.cgi?id=747398
--------------------------------------------------------------------------------
_______________________________________________
epel-devel-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/epel-devel-list
