---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-250
2005-03-30
---------------------------------------------------------------------
Product : Fedora Core 3
Name : selinux-policy-targeted
Version : 1.17.30
Release : 2.93
Summary : SELinux targeted policy configuration
Description :
Security-enhanced Linux is a patch of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.
This package contains the SELinux example policy configuration along
with the Flask configuration information and the application
configuration files.
---------------------------------------------------------------------
* Wed Mar 23 2005 Dan Walsh <dwalsh(a)redhat.com> 1.17.30-2.93
- Allow nscd and named to write to /var/log
- Fix /var/lib/nfs/rpc_pipefs(/.*)?
- Better handling of logrotate
* Wed Mar 16 2005 Dan Walsh <dwalsh(a)redhat.com> 1.17.30-2.91
- Allow logrotate to handle tmpfs /tmp
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
1a02e8633223288511e5b422e6e757e8
SRPMS/selinux-policy-targeted-1.17.30-2.93.src.rpm
a51bdb3a2a4bde67dc571c9a1fd717c8
x86_64/selinux-policy-targeted-1.17.30-2.93.noarch.rpm
2d9108501c6ff5de2f9f186e2e881217
x86_64/selinux-policy-targeted-sources-1.17.30-2.93.noarch.rpm
a51bdb3a2a4bde67dc571c9a1fd717c8
i386/selinux-policy-targeted-1.17.30-2.93.noarch.rpm
2d9108501c6ff5de2f9f186e2e881217
i386/selinux-policy-targeted-sources-1.17.30-2.93.noarch.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
--
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-279
2005-03-30
---------------------------------------------------------------------
Product : Fedora Core 3
Name : initscripts
Version : 7.93.7
Release : 1
Summary : The inittab file and the /etc/init.d scripts.
Description :
The initscripts package contains the basic system scripts used to boot
your Red Hat system, change runlevels, and shut the system down
cleanly. Initscripts also contains the scripts that activate and
deactivate most network interfaces.
---------------------------------------------------------------------
Update Information:
This update fixes various bugs, including several IPSEC bugs.
---------------------------------------------------------------------
* Wed Mar 30 2005 Bill Nottingham <notting(a)redhat.com> 7.93.7-1
- fix mistranslation (#151120)
- netfs: fix _netdev unmounting (#147610, <alewis(a)redhat.com>)
- rc.sysinit: fix rngd check (#130350)
... then turn it off entirely
- handle alternate VLAN naming schemes (#115001, <kas(a)informatics.muni.cz>)
- add proper ipsec route (#146169, #140654)
- dhcp release cleanups (<jvdias(a)redhat.com>)
- ifdown: handle being called on down devices better
* Wed Jan 19 2005 Bill Nottingham <notting(a)redhat.com> 7.93.6-1
- add support for releasing DHCP lease (<jvdias(a)redhat.com>)
- fix multiple scsi_hostadapter loads (#145432)
- netfs: don't unmount NFS root FS (#142169)
- netfs: don't mount GFS (#140281)
- fix various minilogd bogosities (#106338)
- fix various fgreps to not catch commented lines (#136531, expanded
from <cww(a)redhat.com>)
- kill dhcp client even if BOOTOPROTO is now static (#127726, others)
- ifup: fix typo (#134787, <bnocera(a)redhat.com>)
- set ETHTOOL_OPTS on addressless devices (#144682, <mpoole(a)redhat.com>)
- ifup: fix ONxxx (#136531, <cww(a)redhat.com>)
- ifup-ipsec: add fwd policies (#145507)
- fix check_link_down to still check negotiation if link is listed as
"up" on entering (#110164, <dbaron(a)dbaron.org>)
- change setting of IPv6 default route (#142308, <pb(a)bieringer.de>)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
f5d5986c818bdc0bff959f55f7bcdc4c SRPMS/initscripts-7.93.7-1.src.rpm
09b45573de5cf69fb8ab0c8511a01bfd x86_64/initscripts-7.93.7-1.x86_64.rpm
5c9d484ebb59c42538b66368d89b1c4a x86_64/debug/initscripts-debuginfo-7.93.7-1.x86_64.rpm
140e0f3e6bd75205a2d45538f2196620 i386/initscripts-7.93.7-1.i386.rpm
898c7defceb1cc37a8c84e3de3fd726a i386/debug/initscripts-debuginfo-7.93.7-1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-268
2005-03-30
---------------------------------------------------------------------
Product : Fedora Core 3
Name : gtk2
Version : 2.4.14
Release : 3.fc3
Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for
X.
Description :
GTK+ is a multi-platform toolkit for creating graphical user
interfaces. Offering a complete set of widgets, GTK+ is suitable for
projects ranging from small one-off tools to complete application
suites.
---------------------------------------------------------------------
Update Information:
David Costanzo found a bug in the way GTK+ processes BMP images.
It is possible that a specially crafted BMP image could cause a denial
of service attack in applications linked against GTK+.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0891 to this issue.
---------------------------------------------------------------------
* Mon Mar 28 2005 Matthias Clasen <mclasen(a)redhat.com> - 2.4.14-3.fc3
- Fix a double free in the bmp loader
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
8c9c1a539e15629f204038597c57e75a SRPMS/gtk2-2.4.14-3.fc3.src.rpm
6491f2ebf95a79a0fafdd90256033189 x86_64/gtk2-2.4.14-3.fc3.x86_64.rpm
7facd80dc1c9ffc2e1745cb1505096c0 x86_64/gtk2-
devel-2.4.14-3.fc3.x86_64.rpm
922ad9d8b24a4a580bca1f3461c1fcde x86_64/debug/gtk2-
debuginfo-2.4.14-3.fc3.x86_64.rpm
9351093394765c34bc5a6b28e8db301b x86_64/gtk2-2.4.14-3.fc3.i386.rpm
9351093394765c34bc5a6b28e8db301b i386/gtk2-2.4.14-3.fc3.i386.rpm
abb369e8b7dbcbe785a23d9cf52ca2a0 i386/gtk2-devel-2.4.14-3.fc3.i386.rpm
816116449734868587e069851dc57a62 i386/debug/gtk2-
debuginfo-2.4.14-3.fc3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-267
2005-03-30
---------------------------------------------------------------------
Product : Fedora Core 2
Name : gtk2
Version : 2.4.14
Release : 2.fc2
Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for
X.
Description :
GTK+ is a multi-platform toolkit for creating graphical user
interfaces. Offering a complete set of widgets, GTK+ is suitable for
projects ranging from small one-off tools to complete application
suites.
---------------------------------------------------------------------
Update Information:
David Costanzo found a bug in the way GTK+ processes BMP images.
It is possible that a specially crafted BMP image could cause a denial
of service attack in applications linked against GTK+.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0891 to this issue.
---------------------------------------------------------------------
* Mon Mar 28 2005 Matthias Clasen <mclasen(a)redhat.com> - 2.4.14-2.fc2
- Fix a double free in the bmp loader
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
e554a876457e37b8a432191af098b455 SRPMS/gtk2-2.4.14-2.fc2.src.rpm
e0ab627f18c00ea25257d7c0e82baa30 x86_64/gtk2-2.4.14-2.fc2.x86_64.rpm
bffbdf4fb9ad6c0803c61994b4f3f125 x86_64/gtk2-
devel-2.4.14-2.fc2.x86_64.rpm
64febbae57060204343e0f212279a3b8 x86_64/debug/gtk2-
debuginfo-2.4.14-2.fc2.x86_64.rpm
40137c8115b35e5f92cc4ac764b7c04e x86_64/gtk2-2.4.14-2.fc2.i386.rpm
40137c8115b35e5f92cc4ac764b7c04e i386/gtk2-2.4.14-2.fc2.i386.rpm
1fd50f68800ac67282143c0d02e5be09 i386/gtk2-devel-2.4.14-2.fc2.i386.rpm
749b4834dfe87cdcf3133a9d859e5b91 i386/debug/gtk2-
debuginfo-2.4.14-2.fc2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-266
2005-03-30
---------------------------------------------------------------------
Product : Fedora Core 3
Name : gdk-pixbuf
Version : 0.22.0
Release : 16.fc3
Summary : An image loading library used with GNOME.
Description :
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. The GdkPixBuf library provides image
loading facilities, the rendering of a GdkPixBuf into various formats
(drawables or GdkRGB buffers), and a cache interface.
---------------------------------------------------------------------
Update Information:
David Costanzo found a bug in the way gdk-pixbuf processes BMP images.
It is possible that a specially crafted BMP image could cause a denial
of service attack in applications linked against gdk-pixbuf.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0891 to this issue.
---------------------------------------------------------------------
* Mon Mar 28 2005 Matthias Clasen <mclasen(a)redhat.com> - 1:0.22.0-16.fc3
- Fix a double free in the bmp loader
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
140402ef3823af459027e7eec1fb4a31 SRPMS/gdk-pixbuf-0.22.0-16.fc3.src.rpm
46732d3473a71aa4ab90dd456f0e957f x86_64/gdk-
pixbuf-0.22.0-16.fc3.x86_64.rpm
14639a9be1a8470ef3ebf5f8ca6951fa x86_64/gdk-pixbuf-
devel-0.22.0-16.fc3.x86_64.rpm
d35d6f6ff840efced466d44e2556b556 x86_64/gdk-pixbuf-
gnome-0.22.0-16.fc3.x86_64.rpm
91cb66921118ac3187e2a5234d33672a x86_64/debug/gdk-pixbuf-
debuginfo-0.22.0-16.fc3.x86_64.rpm
c226b3c99d9f139883015b249621294f x86_64/gdk-
pixbuf-0.22.0-16.fc3.i386.rpm
c226b3c99d9f139883015b249621294f i386/gdk-pixbuf-0.22.0-16.fc3.i386.rpm
7a7790402d9d477f7f0f47a74259bfa4 i386/gdk-pixbuf-
devel-0.22.0-16.fc3.i386.rpm
4e8f98e1e520d1f9e2b7b1fa98c06119 i386/gdk-pixbuf-
gnome-0.22.0-16.fc3.i386.rpm
a3b06be3f9bd8ec74588dc6b95b637a9 i386/debug/gdk-pixbuf-
debuginfo-0.22.0-16.fc3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-265
2005-03-30
---------------------------------------------------------------------
Product : Fedora Core 2
Name : gdk-pixbuf
Version : 0.22.0
Release : 12.fc2
Summary : An image loading library used with GNOME.
Description :
The gdk-pixbuf package contains an image loading library used with the
GNOME GUI desktop environment. The GdkPixBuf library provides image
loading facilities, the rendering of a GdkPixBuf into various formats
(drawables or GdkRGB buffers), and a cache interface.
---------------------------------------------------------------------
Update Information:
David Costanzo found a bug in the way gdk-pixbuf processes BMP images.
It is possible that a specially crafted BMP image could cause a denial
of service attack in applications linked against gdk-pixbuf.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0891 to this issue.
---------------------------------------------------------------------
* Mon Mar 28 2005 Matthias Clasen <mclasen(a)redhat.com> - 1:0.22.0-12.fc2
- Fix a double free in the bmp loader
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
a0ba48a2695141af2d4a0f7ff3218062 SRPMS/gdk-pixbuf-0.22.0-12.fc2.src.rpm
c1dc4fe31433159afb6bcfdd98dd84a2 x86_64/gdk-
pixbuf-0.22.0-12.fc2.x86_64.rpm
c561473d5921958c2aa7aed692671933 x86_64/gdk-pixbuf-
devel-0.22.0-12.fc2.x86_64.rpm
eb0fae059933dd9613048b4dfaa73d6f x86_64/gdk-pixbuf-
gnome-0.22.0-12.fc2.x86_64.rpm
886d8069570a4202bfbcb6304203fd5a x86_64/debug/gdk-pixbuf-
debuginfo-0.22.0-12.fc2.x86_64.rpm
f56442e8a45c71b7004373b94acf5a9f i386/gdk-pixbuf-0.22.0-12.fc2.i386.rpm
0b16b3e1d3223b91728211fa311e8d72 i386/gdk-pixbuf-
devel-0.22.0-12.fc2.i386.rpm
19ea2d840949337df59ccbe8e3303648 i386/gdk-pixbuf-
gnome-0.22.0-12.fc2.i386.rpm
a64d219947db70a88a5a29f1fba24227 i386/debug/gdk-pixbuf-
debuginfo-0.22.0-12.fc2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-235
2005-03-30
---------------------------------------------------------------------
Product : Fedora Core 3
Name : ImageMagick
Version : 6.2.0.7
Release : 2.fc3
Summary : An X application for displaying and manipulating images.
Description :
ImageMagick(TM) is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,
and Photo CD image formats. It can resize, rotate, sharpen, color
reduce, or add special effects to an image, and when finished you can
either save the completed work in the original format or a different
one. ImageMagick also includes command line programs for creating
animated or transparent .gifs, creating composite images, creating
thumbnail images, and more.
ImageMagick is one of your choices if you need a program to manipulate
and dis play images. If you want to develop your own applications
which use ImageMagick code or APIs, you need to install
ImageMagick-devel as well.
---------------------------------------------------------------------
Update Information:
Andrei Nigmatulin discovered a heap based buffer overflow flaw in the
ImageMagick image handler. An attacker could create a carefully crafted
Photoshop Document (PSD) image in such a way that it would cause
ImageMagick to execute arbitrary code when processing the image. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0005 to this issue.
A format string bug was found in the way ImageMagick handles filenames.
An attacker could execute arbitrary code in a victims machine if they
are able to trick the victim into opening a file with a specially
crafted name. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0397 to this issue.
---------------------------------------------------------------------
* Wed Mar 16 2005 <mclasen(a)redhat.com> - 6.2.0.7-2.fc3
- Update to 6.2.0 to fix a number of security issues:
- Drop a lot of upstreamed patches
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
dbbd0c32799bc32658214273037f1942
SRPMS/ImageMagick-6.2.0.7-2.fc3.src.rpm
39ecc49bcdfda64dd2cfaac13b332f42
x86_64/ImageMagick-6.2.0.7-2.fc3.x86_64.rpm
908f8c2f25568cf2340db0a6ae7c5b57 x86_64/ImageMagick-
devel-6.2.0.7-2.fc3.x86_64.rpm
7f5112e7f05c9d4a448f5edeb42b153c x86_64/ImageMagick-
perl-6.2.0.7-2.fc3.x86_64.rpm
039af81133349c933d0de1e1f61f3ba1 x86_64/ImageMagick-c+
+-6.2.0.7-2.fc3.x86_64.rpm
455c2286d9f1ed1e778a5c5e905053cb x86_64/ImageMagick-c++-
devel-6.2.0.7-2.fc3.x86_64.rpm
fe8a3812e6c3fbc8f5016e6eb1d2271a x86_64/debug/ImageMagick-
debuginfo-6.2.0.7-2.fc3.x86_64.rpm
1f8387ff55eee8116b53309fc93e28db
x86_64/ImageMagick-6.2.0.7-2.fc3.i386.rpm
214aee8a27780dee6e5c4a5b8b58ec0e x86_64/ImageMagick-c+
+-6.2.0.7-2.fc3.i386.rpm
1f8387ff55eee8116b53309fc93e28db
i386/ImageMagick-6.2.0.7-2.fc3.i386.rpm
a97fb99dfbcddc4391a351a51d544f14 i386/ImageMagick-
devel-6.2.0.7-2.fc3.i386.rpm
12ceecfa8d7fd51e9e7a0eaf92c2abcf i386/ImageMagick-
perl-6.2.0.7-2.fc3.i386.rpm
214aee8a27780dee6e5c4a5b8b58ec0e i386/ImageMagick-c+
+-6.2.0.7-2.fc3.i386.rpm
1ed8f7ca926e4fd31500f7ee8f767e72 i386/ImageMagick-c++-
devel-6.2.0.7-2.fc3.i386.rpm
1f8756e8c6b5405dad07396eb34bf064 i386/debug/ImageMagick-
debuginfo-6.2.0.7-2.fc3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-234
2005-03-30
---------------------------------------------------------------------
Product : Fedora Core 2
Name : ImageMagick
Version : 6.2.0.7
Release : 2.fc2
Summary : An X application for displaying and manipulating images.
Description :
ImageMagick(TM) is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,
and Photo CD image formats. It can resize, rotate, sharpen, color
reduce, or add special effects to an image, and when finished you can
either save the completed work in the original format or a different
one. ImageMagick also includes command line programs for creating
animated or transparent .gifs, creating composite images, creating
thumbnail images, and more.
ImageMagick is one of your choices if you need a program to manipulate
and dis play images. If you want to develop your own applications
which use ImageMagick code or APIs, you need to install
ImageMagick-devel as well.
---------------------------------------------------------------------
Update Information:
Andrei Nigmatulin discovered a heap based buffer overflow flaw in the
ImageMagick image handler. An attacker could create a carefully crafted
Photoshop Document (PSD) image in such a way that it would cause
ImageMagick to execute arbitrary code when processing the image. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0005 to this issue.
A format string bug was found in the way ImageMagick handles filenames.
An attacker could execute arbitrary code in a victims machine if they
are able to trick the victim into opening a file with a specially
crafted name. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0397 to this issue.
A bug was found in the way ImageMagick handles TIFF tags. It is possible
that a TIFF image file with an invalid tag could cause ImageMagick to
crash.
A bug was found in ImageMagick's TIFF decoder. It is possible that a
specially crafted TIFF image file could cause ImageMagick to crash.
A bug was found in the way ImageMagick parses PSD files. It is possilbe
that a specially crafted PSD file could cause ImageMagick to crash.
A heap overflow bug was found in ImageMagick's SGI parser. It is
possible
that an attacker could execute arbitrary code by tricking a user into
opening a specially crafted SGI image file.
---------------------------------------------------------------------
* Wed Mar 16 2005 <mclasen(a)redhat.com> - 6.2.0.7-2.fc2
- Update to 6.2.0 to fix a number of security issues:
- Drop a lot of upstreamed patches
* Tue Nov 23 2004 <jrb(a)redhat.com> - 5.5.7.7-1.3
- Fix heap overflow, CAN-2004-0827
- buffer overflow in ImageMagick's EXIF parser, CAN-2004-0981
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
52fbf39e38a7ae5cc0914b6517fedcba
SRPMS/ImageMagick-6.2.0.7-2.fc2.src.rpm
f6a42bb0239a56780d7fac79bf4cb0cd
x86_64/ImageMagick-6.2.0.7-2.fc2.x86_64.rpm
ac4add6449a8f20658f865161656b492 x86_64/ImageMagick-
devel-6.2.0.7-2.fc2.x86_64.rpm
414e95f0ed5189e246a5f03f27a9ba8a x86_64/ImageMagick-
perl-6.2.0.7-2.fc2.x86_64.rpm
1f416050e2410950b7d31cb6a20fcf3c x86_64/ImageMagick-c+
+-6.2.0.7-2.fc2.x86_64.rpm
dca65373bdde8fc72ad43f5fbb66d082 x86_64/ImageMagick-c++-
devel-6.2.0.7-2.fc2.x86_64.rpm
39e6fd4dd15ff0830a8a4629f9544ad1 x86_64/debug/ImageMagick-
debuginfo-6.2.0.7-2.fc2.x86_64.rpm
9cf6d6efbb10b85c7aac59ccdc8404c1
i386/ImageMagick-6.2.0.7-2.fc2.i386.rpm
bd5af835d5c692efeb91f8e72bd3ad68 i386/ImageMagick-
devel-6.2.0.7-2.fc2.i386.rpm
3bcd96b4f37d0d00496322172c3ab985 i386/ImageMagick-
perl-6.2.0.7-2.fc2.i386.rpm
3cc2862b41fa967e89743dca2794068a i386/ImageMagick-c+
+-6.2.0.7-2.fc2.i386.rpm
40e7147cf90e2fcd9f9589bdd201ab48 i386/ImageMagick-c++-
devel-6.2.0.7-2.fc2.i386.rpm
ed7985c73aa5b5806ad66e0b97636f9c i386/debug/ImageMagick-
debuginfo-6.2.0.7-2.fc2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
FUD: An acronym for Fear, Uncertainty and Doubt. A typical tactic used by
the opponents of open source to prevent its widespread adoption.
Con: In opposition or disagreement with; against.
===
FUDCon II, the second gathering of Fedora Users and Developers, will be
held at LinuxTag, on the 24th and 25th of June in Karlsruhe, Germany.
FUDCon II will feature presentations from prominent members of the Fedora
Project, both from Red Hat and from the Fedora community. Attendance is
free to anyone attending LinuxTag, and pre-registration to LinuxTag is
also free; visit http://linuctag.org for more details.
The FUDCon staff requests that those who plan to attend FUDCon II reply
via email to fudcon-register(a)fedoraproject.org.
Thanks, and we'll see you in Karlsruhe!
===
Call for Presentations
Working on an interesting project that uses Fedora? Looking to find
contributors to help with your work, or just looking to share your project
with the world? The Fedora Project is looking for presenters at FUDCon
II. Any topic that relates significantly to the Fedora Project will be
considered.
Please submit an abstract of no more than 250 words to
fudcon-cfp(a)fedoraporject.org.
Submission deadline: Friday, April 22nd, 2005
Notification of decision: Friday, May 6th, 2005
Final version deadline: Friday, May 27th, 2005
===
_____________________ ____________________________________________
Greg DeKoenigsberg ] [ the future masters of technology will have
Community Relations ] [ to be lighthearted and intelligent. the
Red Hat ] [ machine easily masters the grim and the
] [ dumb. --mcluhan
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-277
2005-03-30
---------------------------------------------------------------------
Product : Fedora Core 2
Name : telnet
Version : 0.17
Release : 28.FC2.1
Summary : The client program for the telnet remote login protocol.
Description :
Telnet is a popular protocol for logging into remote systems over the
Internet. The telnet package provides a command line telnet client.
---------------------------------------------------------------------
Update Information:
Two buffer overflow flaws were discovered in the way the telnet client
handles messages from a server. An attacker may be able to execute
arbitrary code on a victim's machine if the victim can be tricked into
connecting to a malicious telnet server. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names CAN-2005-0468
and CAN-2005-0469 to these issues.
Red Hat would like to thank iDEFENSE for their responsible disclosure of
this issue.
---------------------------------------------------------------------
* Thu Mar 17 2005 Harald Hoyer <harald(a)redhat.com> - 1:0.17-28.FC2.1
- fixed CAN-2005-468 and CAN-2005-469
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
24aa5985deaa986141292837ba73249b SRPMS/telnet-0.17-28.FC2.1.src.rpm
2fc2868d96e97260cfbae7f9b6557c02 x86_64/telnet-0.17-28.FC2.1.x86_64.rpm
536604c795642bdf90c1568a8c2db5a5 x86_64/telnet-server-0.17-28.FC2.1.x86_64.rpm
827d2014eacad235de5f0b7c0be5e716 x86_64/debug/telnet-debuginfo-0.17-28.FC2.1.x86_64.rpm
81b0c394c3d9fb8b852d3a847c11cf02 i386/telnet-0.17-28.FC2.1.i386.rpm
d1e36e266c88b50d0e1b4f879a981786 i386/telnet-server-0.17-28.FC2.1.i386.rpm
8fd31e10878d243a4b0f6d3e3e6d3b25 i386/debug/telnet-debuginfo-0.17-28.FC2.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------