-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-7670 2010-04-30 01:03:28 --------------------------------------------------------------------------------
Name : xar Product : Fedora 11 Version : 1.5.2 Release : 6.fc11 URL : http://code.google.com/p/xar/ Summary : The eXtensible ARchiver Description : The XAR project aims to provide an easily extensible archive format. Important design decisions include an easily extensible XML table of contents for random access to archived files, storing the toc at the beginning of the archive to allow for efficient handling of streamed archives, the ability to handle files of arbitrarily large sizes, the ability to choose independent encodings for individual files in the archive, the ability to store checksums for individual files in both compressed and uncompressed form, and the ability to query the table of content's rich meta-data. -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2010-0055, an issue where xar did not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 28 2010 Matthias Saou <http://freshrpms.net/> 1.5.2-6 - Include patch to fix CVE-2010-0055 (#570678). * Fri Aug 21 2009 Tomas Mraz <[email protected]> - 1.5.2-5 - rebuilt with new openssl * Mon Jul 27 2009 Fedora Release Engineering <[email protected]> - 1.5.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #570678 - CVE-2010-0055 xar: signature bypass vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=570678 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update xar' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
