Fedora EPEL 6 updates-testing report

Thu, 10 Nov 2011 11:18:20 -0800 

The following Fedora EPEL 6 Security updates need testing:

    https://admin.fedoraproject.org/updates/ocsinventory-1.3.3-5.el6
    https://admin.fedoraproject.org/updates/drupal6-views-2.13-1.el6
    
https://admin.fedoraproject.org/updates/phpldapadmin-1.2.1.1-2.20111006git.el6
    https://admin.fedoraproject.org/updates/moodle-2.1.2-1.el6
    https://admin.fedoraproject.org/updates/clamav-0.97.3-1.el6
    https://admin.fedoraproject.org/updates/supybot-gribble-0.83.4.1-10.el6
    https://admin.fedoraproject.org/updates/net6-1.3.14-1.el6
    https://admin.fedoraproject.org/updates/cacti-0.8.7h-1.el6
    https://admin.fedoraproject.org/updates/puppet-2.6.12-1.el6
    https://admin.fedoraproject.org/updates/bugzilla-3.4.12-1.el6
    https://admin.fedoraproject.org/updates/cherokee-1.2.101-1.el6
    https://admin.fedoraproject.org/updates/proftpd-1.3.3g-1.el6
    https://admin.fedoraproject.org/updates/phpMyAdmin-3.4.7-1.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    lcgdm-1.8.1.2-2.el6
    proftpd-1.3.3g-1.el6
    python-chameleon-2.5.3-1.el6.1
    python-tgext-admin-0.3.11-1.el6

Details about builds:


================================================================================
 lcgdm-1.8.1.2-2.el6 (FEDORA-EPEL-2011-4948)
 LHC Computing Grid Data Management
--------------------------------------------------------------------------------
Update Information:

This update adds proper dependencies to other services in the service startup 
scripts.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 10 2011 Mattias Ellert <mattias.ell...@fysast.uu.se> - 1.8.1.2-2
- Implement new package names agreed with upstream
--------------------------------------------------------------------------------


================================================================================
 proftpd-1.3.3g-1.el6 (FEDORA-EPEL-2011-4944)
 Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:

This update, to the current (and final) release for the 1.3.3 maintenance 
branch, includes a pair of security fixes:

* Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks (upstream bug 
3704); to disable this countermeasure, which may cause interoperability issues 
with some clients, use the NoEmptyFragments TLSOption
* Response pool use-after-free memory corruption error (upstream bug 3711, 
#752812, ZDI-CAN-1420), in which a remote attacker could provide a 
specially-crafted request (resulting in a need for the server to handle an 
exceptional condition), leading to memory corruption and potentially arbitrary 
code execution, with the privileges of the user running the proftpd server
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 10 2011 Paul Howarth <p...@city-fan.org> 1.3.3g-1
- Update to 1.3.3g, fixing the following bugs:
  - ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD (bug 3702)
  - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks (bug 3704);
    to disable this countermeasure, which may cause interoperability issues
    with some clients, use the NoEmptyFragments TLSOption
  - Response pool use-after-free memory corruption error
    (bug 3711, #752812, ZDI-CAN-1420)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #752812 - CVE-2011-4130 proftpd: Response pool use-after-free flaw 
(ZDI-CAN-1420)
        https://bugzilla.redhat.com/show_bug.cgi?id=752812
--------------------------------------------------------------------------------


================================================================================
 python-chameleon-2.5.3-1.el6.1 (FEDORA-EPEL-2011-4950)
 XML-based template compiler
--------------------------------------------------------------------------------
Update Information:

branched python-chameleon to el6 for pyramid
--------------------------------------------------------------------------------


================================================================================
 python-tgext-admin-0.3.11-1.el6 (FEDORA-EPEL-2011-4947)
 Admin Controller add-on for basic TG identity model
--------------------------------------------------------------------------------
Update Information:

This version contains some minor bugfixes, as well as Admin Controller support 
for MongoDB
--------------------------------------------------------------------------------


_______________________________________________
epel-devel-list mailing list
epel-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/epel-devel-list

Reply via email to