---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-433
2004-11-17
---------------------------------------------------------------------
Product : Fedora Core 2
Name : xorg-x11
Version : 6.7.0
Release : 10
Summary : The basic fonts, programs and docs for an X workstation.
Description :
X.org X11 is an open source implementation of the X Window System. It
provides the basic low level functionality which full fledged
graphical user interfaces (GUIs) such as GNOME and KDE are designed
upon.
---------------------------------------------------------------------
Update Information:
Several integer overflow flaws in the X.Org libXpm library used to decode
XPM (X PixMap) images have been found and addressed. An attacker could
create a carefully crafted XPM file which would cause an application to
crash or potentially execute arbitrary code if opened by a victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0914 to this issue.
Users are advised to upgrade to these erratum packages, which contain
backported security patches as well as other bug fixes.
---------------------------------------------------------------------
* Mon Nov 15 2004 Kristian Høgsberg <krh(a)redhat.com> 6.7.0-10
- Added xorg-x11-6.7.0-xpm-security-fixes-CAN-2004-0914.patch to fix a
number of Xpm issues found by Thomas Biege <thomas(a)suse.de>
(#136169)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
124c9981637617da46d15f7b195e9ff2 SRPMS/xorg-x11-6.7.0-10.src.rpm
fbac70a586ce7c30b6cd9b8eb7c81ddc x86_64/xorg-x11-6.7.0-10.x86_64.rpm
ef9f482aead8998f6b7a865f15a7ea26 x86_64/xorg-x11-devel-6.7.0-10.x86_64.rpm
8633a13158d102139d4bc2b3e0e2e44e x86_64/xorg-x11-font-utils-6.7.0-10.x86_64.rpm
a02215c532e9e2be4b295332a8a0f174 x86_64/xorg-x11-xfs-6.7.0-10.x86_64.rpm
c18b23c44d9d6d0aafa04b8a6c8c158a x86_64/xorg-x11-twm-6.7.0-10.x86_64.rpm
0c869d822f947bb93c0a952d852e4c6b x86_64/xorg-x11-xdm-6.7.0-10.x86_64.rpm
0d0c16933d98d794c1e535134313276b x86_64/xorg-x11-libs-6.7.0-10.x86_64.rpm
7229fee9eaf7e57292524acdf588e6ba x86_64/xorg-x11-libs-data-6.7.0-10.x86_64.rpm
cd4b7a3208195c0ec02561312c7a33c6 x86_64/xorg-x11-base-fonts-6.7.0-10.x86_64.rpm
341b394049a46eced63bde677df071bd x86_64/xorg-x11-truetype-fonts-6.7.0-10.x86_64.rpm
c22118a03a6b98130941b3b6ab181086 x86_64/xorg-x11-syriac-fonts-6.7.0-10.x86_64.rpm
30254022e237c5b0a595ed51ba82efb3 x86_64/xorg-x11-75dpi-fonts-6.7.0-10.x86_64.rpm
8d61afbe052143aadef744189c4785ba x86_64/xorg-x11-100dpi-fonts-6.7.0-10.x86_64.rpm
0d8fb9084a5d70aef72442683c17d55a x86_64/xorg-x11-ISO8859-2-75dpi-fonts-6.7.0-10.x86_64.rpm
28f2517345bd53cc6eff88205ef418cb x86_64/xorg-x11-ISO8859-2-100dpi-fonts-6.7.0-10.x86_64.rpm
5a5d620ec4046530dc4cc9761ff05a5f x86_64/xorg-x11-ISO8859-9-75dpi-fonts-6.7.0-10.x86_64.rpm
75dc21cf6d5c978c8245d7639957bc1d x86_64/xorg-x11-ISO8859-9-100dpi-fonts-6.7.0-10.x86_64.rpm
1da2604630e93685b530d4b46d47a454 x86_64/xorg-x11-ISO8859-14-75dpi-fonts-6.7.0-10.x86_64.rpm
e8922442b3ba08b20ff0aaba01b017ab x86_64/xorg-x11-ISO8859-14-100dpi-fonts-6.7.0-10.x86_64.rpm
6fcd7052e0b32fc7ad2790bebd1e71c2 x86_64/xorg-x11-ISO8859-15-75dpi-fonts-6.7.0-10.x86_64.rpm
25cd2a14ac8ad51978e46f0fe1f5551c x86_64/xorg-x11-ISO8859-15-100dpi-fonts-6.7.0-10.x86_64.rpm
8e44356861d1306cb63d4b55b6c4dd09 x86_64/xorg-x11-cyrillic-fonts-6.7.0-10.x86_64.rpm
c4087a80655762a8e9e55317efb34aed x86_64/xorg-x11-doc-6.7.0-10.x86_64.rpm
e0a4dbd0a261d31b1eb95ee0ea944a95 x86_64/xorg-x11-Xnest-6.7.0-10.x86_64.rpm
d20847c9574db571ed3a9b4c5b55d68c x86_64/xorg-x11-tools-6.7.0-10.x86_64.rpm
8b96b581a166488ab985fa9ba8d9a2a2 x86_64/xorg-x11-xauth-6.7.0-10.x86_64.rpm
f12f6861da2592627eb3bfe06e8c0df1 x86_64/xorg-x11-Mesa-libGL-6.7.0-10.x86_64.rpm
359486a9d0554885b748ef49458426ae x86_64/xorg-x11-Mesa-libGLU-6.7.0-10.x86_64.rpm
af602a72387f7dd857997e88a9a177d6 x86_64/xorg-x11-Xvfb-6.7.0-10.x86_64.rpm
1a6ebca5b2a13d3cf0ba192b68bbaf64 x86_64/xorg-x11-sdk-6.7.0-10.x86_64.rpm
dd6ffe12805f836359305895dc6cd784 x86_64/xorg-x11-libs-6.7.0-10.i386.rpm
5469b7a87f8c5a4248652ee1e9a11377 x86_64/xorg-x11-libs-data-6.7.0-10.i386.rpm
9a2ca053b04a931f575a1be1e73a45b2 x86_64/xorg-x11-Mesa-libGL-6.7.0-10.i386.rpm
7e8a6414fcf02536847f8ae45893bfd1 x86_64/xorg-x11-Mesa-libGLU-6.7.0-10.i386.rpm
bf07fd7d60eb548ce33a9af4de36ab34 i386/xorg-x11-6.7.0-10.i386.rpm
004532cb02e2ec9acab2e9682665be83 i386/xorg-x11-devel-6.7.0-10.i386.rpm
1e86294ce6c318d389f9ee7103fc3726 i386/xorg-x11-font-utils-6.7.0-10.i386.rpm
0f942a7fda7316932de880abf56d638b i386/xorg-x11-xfs-6.7.0-10.i386.rpm
7e1ce9816fafe9425a05068ace414757 i386/xorg-x11-twm-6.7.0-10.i386.rpm
74fac8be1caedc751ce7b2af6d95967c i386/xorg-x11-xdm-6.7.0-10.i386.rpm
dd6ffe12805f836359305895dc6cd784 i386/xorg-x11-libs-6.7.0-10.i386.rpm
5469b7a87f8c5a4248652ee1e9a11377 i386/xorg-x11-libs-data-6.7.0-10.i386.rpm
20c9d95897d02cb28370dd8e7851a96d i386/xorg-x11-base-fonts-6.7.0-10.i386.rpm
383ee0334a3538fba59c64ef8740a51a i386/xorg-x11-truetype-fonts-6.7.0-10.i386.rpm
719533a4e53a723e8f26934ec81ad146 i386/xorg-x11-syriac-fonts-6.7.0-10.i386.rpm
4a055faabb847ac9decb722c7367af3b i386/xorg-x11-75dpi-fonts-6.7.0-10.i386.rpm
6e27f8afd9231e185c81734cc013cc46 i386/xorg-x11-100dpi-fonts-6.7.0-10.i386.rpm
1e324d133b882faf0178151d08836a16 i386/xorg-x11-ISO8859-2-75dpi-fonts-6.7.0-10.i386.rpm
27c4d03568cda36517388a822b238a6f i386/xorg-x11-ISO8859-2-100dpi-fonts-6.7.0-10.i386.rpm
9bfd98c6c590ce47623611811065c9ac i386/xorg-x11-ISO8859-9-75dpi-fonts-6.7.0-10.i386.rpm
df1b1aa3cd36426ea068914e8161eefe i386/xorg-x11-ISO8859-9-100dpi-fonts-6.7.0-10.i386.rpm
e5184c3f401471c9f83fbca16bc11dc2 i386/xorg-x11-ISO8859-14-75dpi-fonts-6.7.0-10.i386.rpm
466d1293d1db57ef47a5fdd915798bad i386/xorg-x11-ISO8859-14-100dpi-fonts-6.7.0-10.i386.rpm
89445862d48da8207e3400182129932b i386/xorg-x11-ISO8859-15-75dpi-fonts-6.7.0-10.i386.rpm
61dd8cb3b03ae37e00a9585dd38f76eb i386/xorg-x11-ISO8859-15-100dpi-fonts-6.7.0-10.i386.rpm
ac93c1cf6345d2606f91b439e00c5eef i386/xorg-x11-cyrillic-fonts-6.7.0-10.i386.rpm
3d3ea8a3575122bd3a63d61ca3501aeb i386/xorg-x11-doc-6.7.0-10.i386.rpm
f802265b36ea9a7c5ea86f68648ae4aa i386/xorg-x11-Xnest-6.7.0-10.i386.rpm
4e3eea649d7872a069770c8130201285 i386/xorg-x11-tools-6.7.0-10.i386.rpm
c96728b5bba2d9b3d1d1c2fdb64a4c50 i386/xorg-x11-xauth-6.7.0-10.i386.rpm
9a2ca053b04a931f575a1be1e73a45b2 i386/xorg-x11-Mesa-libGL-6.7.0-10.i386.rpm
7e8a6414fcf02536847f8ae45893bfd1 i386/xorg-x11-Mesa-libGLU-6.7.0-10.i386.rpm
b64c1b9229d2bbc866321620993de1da i386/xorg-x11-Xvfb-6.7.0-10.i386.rpm
7422827cddd9b5510f44f3c765a0adf2 i386/xorg-x11-sdk-6.7.0-10.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-432
2004-11-16
---------------------------------------------------------------------
Product : Fedora Core 3
Name : gaim
Version : 1.0.3
Release : 0.FC3
Summary : A Gtk+ based multiprotocol instant messaging client
Description :
Gaim allows you to talk to anyone using a variety of messaging
protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!,
MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These
protocols are implemented using a modular, easy to use design.
To use a protocol, just add an account using the account editor.
Gaim supports many common features of other clients, as well as many
unique features, such as perl scripting and C plugins.
Gaim is NOT affiliated with or endorsed by America Online, Inc.,
Microsoft Corporation, or Yahoo! Inc. or other messaging service
providers.
---------------------------------------------------------------------
* Fri Nov 12 2004 Warren Togami <wtogami(a)redhat.com> 1.0.3-0.FC3
- 1.0.3 another bugfix release
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
87f1981114c6d88e4b4ac10e34d8a4f3 SRPMS/gaim-1.0.3-0.FC3.src.rpm
8076180c823d4dcc11d6619f83882a1d x86_64/gaim-1.0.3-0.FC3.x86_64.rpm
c357cb1c75fc6c6df29c51c4950298a4
x86_64/debug/gaim-debuginfo-1.0.3-0.FC3.x86_64.rpm
7ffab75d618c3712b6ea331f1fb34108 i386/gaim-1.0.3-0.FC3.i386.rpm
17f00e2b15df2fdfc8d66052af104ecc
i386/debug/gaim-debuginfo-1.0.3-0.FC3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-419
2004-11-16
---------------------------------------------------------------------
Product : Fedora Core 3
Name : authd
Version : 1.4.3
Release : 1
Summary : a RFC 1413 ident protocol daemon
Description :
authd is a small and fast RFC 1413 ident protocol daemon
with both xinetd server and interactive modes that
supports IPv6 and IPv4 as well as the more popular features
of pidentd.
---------------------------------------------------------------------
Update Information:
Version 1.4.3 of authd fixes a segfault seen on x86_64 arches due to a
double free.
---------------------------------------------------------------------
* Tue Nov 16 2004 Adrian Havill <havill(a)redhat.com> - 1.4.3-1
- fix double-free prob detected on x86_64 glibc (#136392)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
354a3dd252f3830414fb3cfd462e4c91 SRPMS/authd-1.4.3-1.src.rpm
d751b6f25f8d477c00d9fece7537b259 x86_64/authd-1.4.3-1.x86_64.rpm
a5d0e57dda182ff61c67e49f2c0bd05c
x86_64/debug/authd-debuginfo-1.4.3-1.x86_64.rpm
9e70ce3e5bada1d25fa539d78b4d8949 i386/authd-1.4.3-1.i386.rpm
510ca456ea479853ec47f8aea2560cd3
i386/debug/authd-debuginfo-1.4.3-1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-429
2004-11-16
---------------------------------------------------------------------
Product : Fedora Core 3
Name : abiword
Version : 2.0.12
Release : 4.fc3
Summary : The AbiWord word processor
Description :
AbiWord is a cross-platform Open Source word processor. The goal is to make
AbiWord full-featured, and remain lean.
---------------------------------------------------------------------
* Mon Nov 15 2004 Caolan McNamara <caolanm(a)redhat.com> 1:2.0.12-4.fc3
- Backport fix to stop #rh139201# crash on CTRL-A and making font changes
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
fa124c8c78d0a018c50c352275af9361 SRPMS/abiword-2.0.12-4.fc3.src.rpm
8731d81c569d56a825e554b30965db23 x86_64/abiword-2.0.12-4.fc3.x86_64.rpm
e3979e4c7eac1f49180647ee06bb60a3 x86_64/debug/abiword-debuginfo-2.0.12-4.fc3.x86_64.rpm
1958568ff16f1e1292a825457dfe7720 i386/abiword-2.0.12-4.fc3.i386.rpm
94188181a77099f00d635ae137b63836 i386/debug/abiword-debuginfo-2.0.12-4.fc3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-427
2004-11-12
---------------------------------------------------------------------
Product : Fedora Core 3
Name : gdb
Version : 6.1post
Release : 1.20040607.43
Summary : A GNU source-level debugger for C, C++ and other languages.
Description :
GDB, the GNU debugger, allows you to debug programs written in C, C++,
and other languages, by executing them in a controlled fashion and
printing their data.
---------------------------------------------------------------------
#136455 workaround to prevent gdb from failing and getting stuck when
hitting certain DWARF-2 symbols.
---------------------------------------------------------------------
* Tue Oct 26 2004 Andrew Cagney <cagney(a)redhat.com> 1.200400607.43
- Hack around broken PT_FPSCR defined in headers.
- Import latest s390 fixes.
- Disable sigstep.exp - s390 has problems.
- Use PC's symtab when looking for a symbol.
- Work around DW_OP_piece.
* Fri Oct 22 2004 Andrew Cagney <cagney(a)redhat.com> 1.200400607.42
- For 64-bit PPC, convert _dl_debug_state descriptor into a code address.
- Fix --ignore option.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
f2378ff5d82d43098fc741f5b4efe4a2 SRPMS/gdb-6.1post-1.20040607.43.src.rpm
5d9d8ecab4c0b70bd308d3ceb30c8026
x86_64/gdb-6.1post-1.20040607.43.x86_64.rpm
8b02a26c1fb8e85ad43e77735eade9e7
x86_64/debug/gdb-debuginfo-6.1post-1.20040607.43.x86_64.rpm
094cb2c74acc9b8b9be0b361dd79abeb i386/gdb-6.1post-1.20040607.43.i386.rpm
49c48b93df53d8f67589d988e925f27e
i386/debug/gdb-debuginfo-6.1post-1.20040607.43.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-423
2004-11-12
---------------------------------------------------------------------
Product : Fedora Core 3
Name : subversion
Version : 1.1.1
Release : 1.1
Summary : Modern Version Control System designed to replace CVS
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.
---------------------------------------------------------------------
Update Information:
This update includes the latest release of Subversion 1.1, including
the fix for a regression in the performance of repository browsing
since version 1.1.0 and a variety of other bug fixes.
---------------------------------------------------------------------
* Mon Nov 01 2004 Joe Orton <jorton(a)redhat.com> 1.1.1-1.1
- rebuild
* Tue Oct 26 2004 Joe Orton <jorton(a)redhat.com> 1.1.1-1
- update to 1.1.1
- update -pie patch to address #134786
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
7950b1867019c2f1fb063823429dd566 SRPMS/subversion-1.1.1-1.1.src.rpm
a71fc8ef99a2c428403e88e92ab4dda7 x86_64/subversion-1.1.1-1.1.x86_64.rpm
84a6f711a8ea90f4babf5e1f1dbbdcd5 x86_64/subversion-devel-1.1.1-1.1.x86_64.rpm
710204eb85ecac9ceab9762f21752151 x86_64/mod_dav_svn-1.1.1-1.1.x86_64.rpm
69a924e907c4a5a09f2cf079bd3aa9df x86_64/subversion-perl-1.1.1-1.1.x86_64.rpm
e442ea2789d36b4b8cbe5e03aee09765 x86_64/debug/subversion-debuginfo-1.1.1-1.1.x86_64.rpm
a69040704a67fdfdf44ce8de99ce4910 i386/subversion-1.1.1-1.1.i386.rpm
89b945d2427cdfbe5b470fbe68ded954 i386/subversion-devel-1.1.1-1.1.i386.rpm
fb74b1ef6239d95a542c44b3b3089a56 i386/mod_dav_svn-1.1.1-1.1.i386.rpm
1bd351d7bff4b4dd0a3ab248e1cb469b i386/subversion-perl-1.1.1-1.1.i386.rpm
90cd40af88674ea5e09ab0ab63b8401e i386/debug/subversion-debuginfo-1.1.1-1.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-422
2004-11-12
---------------------------------------------------------------------
Product : Fedora Core 2
Name : subversion
Version : 1.0.9
Release : 1
Summary : Modern Version Control System designed to replace CVS
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.
---------------------------------------------------------------------
Update Information:
This update includes the latest release of Subversion 1.0, including
the fix for a regression in the performance of repository browsing
since version 1.0.8.
---------------------------------------------------------------------
* Thu Oct 14 2004 Joe Orton <jorton(a)redhat.com> 1.0.9-1
- update to 1.0.9
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
d0d44cf011c662e0078f6f9cf9612d70 SRPMS/subversion-1.0.9-1.src.rpm
57edb8ba1f5ec715bde48e8af5e6824e x86_64/subversion-1.0.9-1.x86_64.rpm
1a872e77e522a970584f269a6599b137 x86_64/subversion-devel-1.0.9-1.x86_64.rpm
5368593535f1f3b62f87fa4f75d480dc x86_64/mod_dav_svn-1.0.9-1.x86_64.rpm
71c4c0f458fdcbc0bd2742fc8457c98c x86_64/subversion-perl-1.0.9-1.x86_64.rpm
b8f29ffa334f7675f107344a02ba3c82 x86_64/debug/subversion-debuginfo-1.0.9-1.x86_64.rpm
76a6ef90b9cb95bf1ee8ecb1d5b980a9 i386/subversion-1.0.9-1.i386.rpm
91923b904979425c3c0da28033cc0942 i386/subversion-devel-1.0.9-1.i386.rpm
de845cc828ce43bb370604b722c28f7c i386/mod_dav_svn-1.0.9-1.i386.rpm
30257ba356c6192c13e0be7a52903c2e i386/subversion-perl-1.0.9-1.i386.rpm
f7a1844876f989fc87958532f518ba54 i386/debug/subversion-debuginfo-1.0.9-1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-421
2004-11-12
---------------------------------------------------------------------
Product : Fedora Core 3
Name : httpd
Version : 2.0.52
Release : 3.1
Summary : Apache HTTP Server
Description :
Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the
Internet.
---------------------------------------------------------------------
Update Information:
This update includes the fix for a memory consumption denial of
service issue in the handling of request header lines (CVE
CAN-2004-0942).
---------------------------------------------------------------------
* Thu Nov 11 2004 Joe Orton <jorton(a)redhat.com> 2.0.52-3.1
- add fix for memory consumption DoS, CAN-2004-0942
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
7716c1d14e0ae69a891f2a329523dc96 SRPMS/httpd-2.0.52-3.1.src.rpm
ec3154ccfa6ac70331c830836dcc4871 x86_64/httpd-2.0.52-3.1.x86_64.rpm
31fa689b0a81efdd0e004be836637bc9 x86_64/httpd-devel-2.0.52-3.1.x86_64.rpm
c1d9035ad988c68b8ddae0c85c71ee02 x86_64/httpd-manual-2.0.52-3.1.x86_64.rpm
39c126e3f817d373daca7c441cb44caa x86_64/mod_ssl-2.0.52-3.1.x86_64.rpm
ceb684bb374754185bcdd4d859b11204 x86_64/httpd-suexec-2.0.52-3.1.x86_64.rpm
5b3aedb582d98588a052741f907b191c x86_64/debug/httpd-debuginfo-2.0.52-3.1.x86_64.rpm
de542c36d54e33026de4ab41c5e1853f i386/httpd-2.0.52-3.1.i386.rpm
d1e862ee15033b0a8a4f0e61e09a58eb i386/httpd-devel-2.0.52-3.1.i386.rpm
ec0ffcc129a05b97d8e83656bc49efff i386/httpd-manual-2.0.52-3.1.i386.rpm
5c55333c780b4fe78449044c95d93ed3 i386/mod_ssl-2.0.52-3.1.i386.rpm
bf1ffd0c0cf005de92d3efeb81c9228e i386/httpd-suexec-2.0.52-3.1.i386.rpm
4e2f66cc48e668b74dedcfb9f9c12e66 i386/debug/httpd-debuginfo-2.0.52-3.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-420
2004-11-12
---------------------------------------------------------------------
Product : Fedora Core 2
Name : httpd
Version : 2.0.51
Release : 2.9
Summary : Apache HTTP Server
Description :
Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the
Internet.
---------------------------------------------------------------------
This update includes the fixes for an issue in mod_ssl which could
lead to a bypass of an SSLCipherSuite setting in directory or location
context (CVE CAN-2004-0885), and a memory consumption denial of
service issue in the handling of request header lines (CVE
CAN-2004-0942).
---------------------------------------------------------------------
* Thu Nov 11 2004 Joe Orton <jorton(a)redhat.com> 2.0.51-2.9
- add fix for memory consumption DoS, CAN-2004-0942
- mod_ssl: add fix for SSLCipherSuite bypass, CAN-2004-0885
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
b202b93fa33a117c576f49b0b6ea8cce SRPMS/httpd-2.0.51-2.9.src.rpm
d44a26a035bef7f26249e1d0a7ae95b4 x86_64/httpd-2.0.51-2.9.x86_64.rpm
0920735cfe93100965958df44e6cca28 x86_64/httpd-devel-2.0.51-2.9.x86_64.rpm
50681f4ed4f3448fa1f8fd86ce41d749 x86_64/httpd-manual-2.0.51-2.9.x86_64.rpm
1b3230a8c205bdf96464d4ecc51bea40 x86_64/mod_ssl-2.0.51-2.9.x86_64.rpm
fae759a29d5ac1eacfb947ec4b447994 x86_64/debug/httpd-debuginfo-2.0.51-2.9.x86_64.rpm
d8e4ed9aafd639fdfab26e6fe3cd8c29 i386/httpd-2.0.51-2.9.i386.rpm
cd1ab7ce0fcc375de0d6db748babc753 i386/httpd-devel-2.0.51-2.9.i386.rpm
341a963e8ac8aba17c18eaebc7ac27c1 i386/httpd-manual-2.0.51-2.9.i386.rpm
f227c579f61c355c594f8e790695bcd8 i386/mod_ssl-2.0.51-2.9.i386.rpm
dc3be7afa997f09293b82caaae505f7b i386/debug/httpd-debuginfo-2.0.51-2.9.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-414
2004-11-11
---------------------------------------------------------------------
Product : Fedora Core 2
Name : unarj
Version : 2.63a
Release : 7
Summary : An uncompressor for .arj format archive files.
Description :
The UNARJ program is used to uncompress .arj format archives. The .arj
format archive was mostly used on DOS machines.
Install the unarj package if you need to uncompress .arj format
archives.
---------------------------------------------------------------------
Update Information:
A buffer overflow bug has been discovered in unarj when handling long
file names contained in an archive. An attacker could create an archive
with a specially crafted path which could cause unarj to crash or
execute arbitrary instructions. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0947 to
this issue.
Additionally, a path traversal vulnerability exists in unarj which
allows an attacker to extract files to the parent ("..") directory. When
used recursively, this vulnerability can be used to overwrite critical
system files and programs.
Users of unarj are advised to upgrade to these packages.
---------------------------------------------------------------------
* Wed Nov 10 2004 Lon Hohberger <lhh(a)redhat.com> 2.63a-7
- Fix directory traversal & buffer overflow. #138468
* Tue Jun 15 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
7cd2b05ac20893645d2d5307bec0bd44 SRPMS/unarj-2.63a-7.src.rpm
373d4ac8b936d388deeec2ef34195783 x86_64/unarj-2.63a-7.x86_64.rpm
8db05c7d97465cb809a520839799e69e x86_64/debug/unarj-
debuginfo-2.63a-7.x86_64.rpm
663a0b4cfa78c48f54ed531ed4ec5404 i386/unarj-2.63a-7.i386.rpm
dd4778dc2519de5b5dfb787a5f290ccf i386/debug/unarj-
debuginfo-2.63a-7.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------