---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-122
2004-05-19
---------------------------------------------------------------------
Name : kdelibs
Version : 3.2.2
Release : 6
Summary : K Desktop Environment - Libraries
Description :
Libraries for the K Desktop Environment:
KDE Libraries included: kdecore (KDE core library), kdeui (user interface),
kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),
kspell (spelling checker), jscript (javascript), kab (addressbook),
kimgio (image manipulation).
---------------------------------------------------------------------
Update Information:
iDEFENSE identified a vulnerability in the Opera Web Browser that could
allow remote attackers to create or truncate arbitrary files. The KDE team
has found that a similar vulnerability exists in KDE.
A flaw in the telnet URL handler can allow options to be passed to the
telnet program which can be used to allow file creation or overwriting.
An attacker could create a carefully crafted link such that when opened by
a victim it creates or overwrites a file in the victims home directory. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0411 to this issue.
---------------------------------------------------------------------
* Sun May 16 2004 Than Ngo <than(a)redhat.com> 6:3.2.2-6
- vulnerability in the mailto handler, CAN-2004-0411
* Fri May 14 2004 Than Ngo <than(a)redhat.com> 3.2.2-5
- KDE Telnet URI Handler File Vulnerability , CAN-2004-0411
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
b271936a42f0370877996f52b25d7304 SRPMS/kdelibs-3.2.2-6.src.rpm
1f002c97bebde36e11f8ebaa8dd49ceb i386/kdelibs-3.2.2-6.i386.rpm
fcdb0589544dbc9d878dd99c890429a8 i386/kdelibs-devel-3.2.2-6.i386.rpm
853897fa6815cc47ae2bf92c3352847b
i386/debug/kdelibs-debuginfo-3.2.2-6.i386.rpm
b2174cd0c744138b24364cccfbf50847 x86_64/kdelibs-3.2.2-6.x86_64.rpm
795aa24e391b667a5b2fb79cb8d4230f x86_64/kdelibs-devel-3.2.2-6.x86_64.rpm
e95f633ef222198d8cbb8be067773fae
x86_64/debug/kdelibs-debuginfo-3.2.2-6.x86_64.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-120
2004-05-13
---------------------------------------------------------------------
Name : tcpdump
Version : 3.7.2
Release : 8.fc1.2
Summary : A network traffic monitoring tool.
Description :
Tcpdump is a command-line tool for monitoring network traffic.
Tcpdump can capture and display the packet headers on a particular
network interface or on all interfaces. Tcpdump can display all of
the packet headers, or just the ones that match particular criteria.
Install tcpdump if you need a program to monitor network traffic.
---------------------------------------------------------------------
Update Information:
Tcpdump is a command-line tool for monitoring network traffic.
Tcpdump v3.8.1 and earlier versions contained multiple flaws in the
packet display functions for the ISAKMP protocol. Upon receiving
specially crafted ISAKMP packets, TCPDUMP would try to read beyond
the end of the packet capture buffer and subsequently crash.
Users of tcpdump are advised to upgrade to these erratum packages, which
contain backported security patches and are not vulnerable to these issues.
---------------------------------------------------------------------
* Wed May 12 2004 Harald Hoyer <harald(a)redhat.com> - 14:3.7.2-8.fc1.2
- CAN-2004-0183/0184 fixed
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
c11dc7a9af4766ca018405339f6e8b0d SRPMS/tcpdump-3.7.2-8.fc1.2.src.rpm
f7de913568498b8b38788d2fc673162e i386/tcpdump-3.7.2-8.fc1.2.i386.rpm
13f09fefc188bfa47b0dc993eadabcd7 i386/libpcap-0.7.2-8.fc1.2.i386.rpm
5bdc0b8f388497e475b7091b5175c6c6 i386/arpwatch-2.1a11-8.fc1.2.i386.rpm
2545161afba66a197a54233349bc0285 x86_64/tcpdump-3.7.2-8.fc1.2.x86_64.rpm
343dea7f180e95f86b436fc42ce34c21 x86_64/libpcap-0.7.2-8.fc1.2.x86_64.rpm
1e50e97307551fabb2aba8f8c4cf635d x86_64/arpwatch-2.1a11-8.fc1.2.x86_64.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-121
2004-05-17
---------------------------------------------------------------------
Name : kdelibs
Version : 3.1.4
Release : 5
Summary : K Desktop Environment - Libraries
Description :
Libraries for the K Desktop Environment:
KDE Libraries included: kdecore (KDE core library), kdeui (user interface),
kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),
kspell (spelling checker), jscript (javascript), kab (addressbook),
kimgio (image manipulation).
---------------------------------------------------------------------
Update Information:
iDEFENSE identified a vulnerability in the Opera Web Browser that could
allow remote attackers to create or truncate arbitrary files. The KDE team
has found that a similar vulnerability exists in KDE.
A flaw in the telnet URL handler can allow options to be passed to the
telnet program which can be used to allow file creation or overwriting.
An attacker could create a carefully crafted link such that when opened by
a victim it creates or overwrites a file in the victims home directory. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0411 to this issue.
---------------------------------------------------------------------
* Sun May 16 2004 Than Ngo <than(a)redhat.com> 6:3.1.4-5
- KDE Telnet URI Handler File Vulnerability, vulnerability in the mailto
handler, CAN-2004-0411
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
17ef612d8376994d49d775e65f7cf3e2 SRPMS/kdelibs-3.1.4-5.src.rpm
67043b7db880bd1c5a6f6a860e357c3f i386/kdelibs-3.1.4-5.i386.rpm
4d7004becf7fb55a35530c49e77c36b7 i386/kdelibs-devel-3.1.4-5.i386.rpm
d2ecc5a35193a30df1fa70bb382bc708
i386/debug/kdelibs-debuginfo-3.1.4-5.i386.rpm
7b91158e81b7291826d5ba614179d706 x86_64/kdelibs-3.1.4-5.x86_64.rpm
6a213815b2584be92ec32da05a985cba x86_64/kdelibs-devel-3.1.4-5.x86_64.rpm
b136d3d183e72666f6f56e6a507c10f3
x86_64/debug/kdelibs-debuginfo-3.1.4-5.x86_64.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-110
2004-04-22
---------------------------------------------------------------------
Name : cvs
Version : 1.11.15
Release : 1
Summary : A version control system.
Description :
CVS (Concurrent Version System) is a version control system that can
record the history of your files (usually, but not always, source
code). CVS only stores the differences between versions, instead of
every version of every file you have ever created. CVS also keeps a log
of who, when, and why changes occurred.
CVS is very helpful for managing releases and controlling the
concurrent editing of source files among multiple authors. Instead of
providing version control for a collection of files in a single
directory, CVS provides version control for a hierarchical collection
of directories consisting of revision controlled files. These
directories and files can then be combined together to form a software
release.
---------------------------------------------------------------------
Update Information:
The client for CVS before 1.11.15 allows a remote malicious CVS server
to create arbitrary files using certain RCS diff files that use
absolute pathnames during checkouts or updates.
Updated packages were made available in April 2004 however the original
update notification email did not make it to fedora-announce-list at
that time.
---------------------------------------------------------------------
* Wed Apr 21 2004 Nalin Dahyabhai <nalin(a)redhat.com> 1.11.15-1
- update to 1.11.15, fixing CAN-2004-0180 (#120969)
* Tue Mar 23 2004 Nalin Dahyabhai <nalin(a)redhat.com> 1.11.14-1
- update to 1.11.14
* Fri Feb 13 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Wed Jan 07 2004 Nalin Dahyabhai <nalin(a)redhat.com> 1.11.11-1
- turn kserver, which people shouldn't use any more, back on
* Tue Dec 30 2003 Nalin Dahyabhai <nalin(a)redhat.com>
- update to 1.11.11
* Thu Dec 18 2003 Nalin Dahyabhai <nalin(a)redhat.com> 1.11.10-1
- update to 1.11.10
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
a4f1dea17be76c29ad0bdeff09a80bba SRPMS/cvs-1.11.15-1.src.rpm
a356c7be00016bd9594462eb7e8041dc i386/cvs-1.11.15-1.i386.rpm
4d9ce4478aa261890870c5eca81320bf i386/debug/cvs-debuginfo-1.11.15-1.i386.rpm
dc36b21f10740253a6927f815c8a28ff x86_64/cvs-1.11.15-1.x86_64.rpm
f2601fe6b89fb6ff9136e46e02b8880b x86_64/debug/cvs-debuginfo-1.11.15-1.x86_64.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-103
2004-04-14
---------------------------------------------------------------------
Name : neon
Version : 0.24.5
Release : 1
Summary : An HTTP and WebDAV client library
Description :
neon is an HTTP and WebDAV client library, with a C interface;
providing a high-level interface to HTTP and WebDAV methods along
with a low-level interface for HTTP request handling. neon
supports persistent connections, proxy servers, basic, digest and
Kerberos authentication, and has complete SSL support.
---------------------------------------------------------------------
Update Information:
Multiple format string vulnerabilities in neon 0.24.4 and earlier
allow remote malicious WebDAV servers to execute arbitrary code.
Updated packages were made available in April 2004 however the original
update notification email did not make it to fedora-announce-list at
that time.
---------------------------------------------------------------------
* Wed Apr 14 2004 Joe Orton <jorton(a)redhat.com> 0.24.5-1
- update to 0.24.5 for CAN 2004-0179 fix
* Thu Mar 25 2004 Joe Orton <jorton(a)redhat.com> 0.24.4-4
- implement the Negotate auth scheme, and only over SSL
* Tue Mar 02 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Wed Feb 25 2004 Joe Orton <jorton(a)redhat.com> 0.24.4-3
- use BuildRequires not BuildPrereq, drop autoconf, libtool;
-devel requires {openssl,zlib}-devel (#116744)
* Fri Feb 13 2004 Elliot Lee <sopwith(a)redhat.com> 0.24.4-2
- rebuilt
* Mon Feb 09 2004 Joe Orton <jorton(a)redhat.com> 0.24.4-1
- update to 0.24.4
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
f34a346e0d945707e888874699ed958a SRPMS/neon-0.24.5-1.src.rpm
4c3c9a53a1916566c3822e5ac9eed67d i386/neon-0.24.5-1.i386.rpm
c00098bf0548dcf7e3f8ad1db90c78e8 i386/neon-devel-0.24.5-1.i386.rpm
c6faddb460bff55de5571630324f5381 i386/debug/neon-debuginfo-0.24.5-1.i386.rpm
e192a575ff1184e7ba35326a0ba84b5c x86_64/neon-0.24.5-1.x86_64.rpm
50d3157693574508440893e5dcf48ac3 x86_64/neon-devel-0.24.5-1.x86_64.rpm
eb12e5f3ed12849c26b949ce7c3c5aa0 x86_64/debug/neon-debuginfo-0.24.5-1.x86_64.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-060
2004-02-26
---------------------------------------------------------------------
Name : mailman
Version : 2.1.4
Release : 1
Summary : Mailing list manager with built in Web access.
Description :
Mailman is software to help manage email discussion lists, much like
Majordomo and Smartmail. Unlike most similar products, Mailman gives
each mailing list a webpage, and allows users to subscribe,
unsubscribe, etc. over the Web. Even the list manager can administer
his or her list entirely from the Web. Mailman also integrates most
things people want to do with mailing lists, including archiving, mail
<-> news gateways, and so on.
Documentation can be found in: /usr/share/doc/mailman-2.1.4
When the package has finished installing, you will need to perform some
additional installation steps, these are described in:
/usr/share/doc/mailman-2.1.4/INSTALL.REDHAT
---------------------------------------------------------------------
Update Information:
A cross-site scripting (XSS) vulnerability exists in the admin CGI
script for Mailman before 2.1.4. This update moves Mailman to version
2.1.4 which is not vulnerable to this issue.
Updated packages were made available in February 2004 however the original
update notification email did not make it to fedora-announce-list at
that time.
---------------------------------------------------------------------
* Fri Jan 09 2004 John Dennis <jdennis(a)finch.boston.redhat.com> 3:2.1.4-1
- upgrade to new upstream release 2.1.4
- fixes bugs 106349,112851,105367,91463
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
4b8e7161d1a2bb7f912efd294775b887 SRPMS/mailman-2.1.4-1.src.rpm
6e387ba96c1d651a55b329b0ab678824 i386/mailman-2.1.4-1.i386.rpm
60c4f5f77c01e8521c8079f00fadf1e8 i386/debug/mailman-debuginfo-2.1.4-1.i386.rpm
c823903d2b33ce9ff794f5ba3c9d514d x86_64/mailman-2.1.4-1.x86_64.rpm
15a0c4d8f8069395602a40ee121eff0a x86_64/debug/mailman-debuginfo-2.1.4-1.x86_64.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-119
2004-05-11
---------------------------------------------------------------------
Name : lha
Version : 1.14i
Release : 12.1
Summary : An archiving and compression utility for LHarc format
archives.
Description :
LHA is an archiving and compression utility for LHarc format archives.
LHA is mostly used in the DOS world, but can be used under Linux to
extract DOS files from LHA archives.
Install the lha package if you need to extract DOS files from LHA archives.
---------------------------------------------------------------------
Update Information:
Ulf Härnhammar discovered two stack buffer overflows and two directory
traversal flaws in LHA. An attacker could exploit the buffer
overflows by creating a carefully crafted LHA archive in such a way
that arbitrary code would be executed when the archive is tested or
extracted by a victim. CAN-2004-0234. An attacker could exploit the
directory traversal issues to create files as the victim outside of
the expected directory. CAN-2004-0235.
---------------------------------------------------------------------
* Wed May 05 2004 Than Ngo <than(a)redhat.com> 1.14i-12.1
- fix security vulnerabilities, CAN-2004-0234, CAN-2004-0235
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
298cc75d90f489e4b71432bfb349162b SRPMS/lha-1.14i-12.1.src.rpm
57238f4d4ec1779fb54c8e36433f9351 i386/lha-1.14i-12.1.i386.rpm
242bf89b6fdc64405e4d9d33a1720934
i386/debug/lha-debuginfo-1.14i-12.1.i386.rpm
2aac21d1d3cc6b1c70d71e275c8f477c x86_64/lha-1.14i-12.1.x86_64.rpm
f00e196233a73f4093856ecd29b921d4
x86_64/debug/lha-debuginfo-1.14i-12.1.x86_64.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-115
2004-05-11
---------------------------------------------------------------------
Name : iproute
Version : 2.4.7
Release : 13.2
Summary : Advanced IP routing and network device configuration tools.
Description :
The iproute package contains networking utilities (ip and rtmon, for
example) which are designed to use the advanced networking
capabilities of the Linux 2.4.x and 2.6.x kernel.
---------------------------------------------------------------------
This update of the iproute package fixes a security problem found in
netlink. See CAN-2003-0856.
All users of the netlink application are very strongly advised to update
to these latest packages.
* Thu May 06 2004 Phil Knirsch <pknirsch(a)redhat.com> 2.4.7-13.2
- Built security errata version for FC1.
* Wed Apr 21 2004 Phil Knirsch <pknirsch(a)redhat.com> 2.4.7-14
- Fixed -f option for ss (#118355).
- Small description fix (#110997).
- Added initialization of some vars (#74961).
- Added patch to initialize "default" rule as well (#60693).
* Fri Feb 13 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Wed Nov 05 2003 Phil Knirsch <pknirsch(a)redhat.com> 2.4.7-12
- Security errata for netlink (CAN-2003-0856).
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
742a66f04b4bb5f4e814908bd33fbdde SRPMS/iproute-2.4.7-13.2.src.rpm
ece1fcf398e9e7b234584e942c08d6e1 i386/iproute-2.4.7-13.2.i386.rpm
842d74b8f79ebfe414a1ee1ca5f7ecc7
i386/debug/iproute-debuginfo-2.4.7-13.2.i386.rpm
738a0454d2d4f390d11fa484768dc7ce x86_64/iproute-2.4.7-13.2.x86_64.rpm
2a4e1ee78d017c593588ec0172159295
x86_64/debug/iproute-debuginfo-2.4.7-13.2.x86_64.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
--
Philipp Knirsch | Tel.: +49-711-96437-470
Development | Fax.: +49-711-96437-111
Red Hat GmbH | Email: Phil Knirsch <phil(a)redhat.de>
Hauptstaetterstr. 58 | Web: http://www.redhat.de/
D-70178 Stuttgart
Motd: You're only jealous cos the little penguins are talking to me.
Another issue of the Fedora News Updates has been released and is
available at:
http://fedoranews.org/colin/fnu/issue11.shtml
The current issue is always linked to
http://fedoranews.org/colin/fnu/current.shtml
In this issue, we cover special features: statements from the Fedora
Project Leader, Cristian Gafton, as well as the Fedora Legacy Project
Lead, Jesse Keating.
Fedora Core 2 Test 3 has been released, notes for it accompany, along
with tips on getting dual-head video as well as webcams that work well
with Fedora. There are plenty more updates, with regards to documents,
new scripts, and ideas to tame the lists.
--
Colin Charles, byte(a)aeon.com.my
http://www.bytebot.net/