---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-926
2005-09-26
---------------------------------------------------------------------
Product : Fedora Core 4
Name : firefox
Version : 1.0.7
Release : 1.1.fc4
Summary : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
---------------------------------------------------------------------
Update Information:
An updated firefox package that fixes several security bugs
is now available for Fedora Core 4.
This update has been rated as having critical security
impact by the Fedora Security Response Team.
Mozilla Firefox is an open source Web browser.
A bug was found in the way Firefox processes XBM image
files. If a user views a specially crafted XBM file, it
becomes possible to execute arbitrary code as the user
running Firefox. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2005-2701
to this issue.
A bug was found in the way Firefox processes certain Unicode
sequences. It may be possible to execute arbitrary code as
the user running Firefox if the user views a specially
crafted Unicode sequence. (CAN-2005-2702)
A bug was found in the way Firefox makes XMLHttp requests.
It is possible that a malicious web page could leverage this
flaw to exploit other proxy or server flaws from the
victim's machine. It is also possible that this flaw could
be leveraged to send XMLHttp requests to hosts other than
the originator; the default behavior of the browser is to
disallow this. (CAN-2005-2703)
A bug was found in the way Firefox implemented its XBL
interface. It may be possible for a malicious web page to
create an XBL binding in such a way that would allow
arbitrary JavaScript execution with chrome permissions.
Please note that in Firefox 1.0.6 this issue is not directly
exploitable and will need to leverage other unknown
exploits. (CAN-2005-2704)
An integer overflow bug was found in Firefox's JavaScript
engine. Under favorable conditions, it may be possible for a
malicious web page to execute arbitrary code as the user
running Firefox. (CAN-2005-2705)
A bug was found in the way Firefox displays about: pages. It
is possible for a malicious web page to open an about: page,
such as about:mozilla, in such a way that it becomes
possible to execute JavaScript with chrome privileges.
(CAN-2005-2706)
A bug was found in the way Firefox opens new windows. It is
possible for a malicious web site to construct a new window
without any user interface components, such as the address
bar and the status bar. This window could then be used to
mislead the user for malicious purposes. (CAN-2005-2707)
A bug was found in the way Firefox processes URLs passed to
it on the command line. If a user passes a malformed URL to
Firefox, such as clicking on a link in an instant messaging
program, it is possible to execute arbitrary commands as the
user running Firefox. (CAN-2005-2968)
Users of Firefox are advised to upgrade to this updated
package that contains Firefox version 1.0.7 and is not
vulnerable to these issues.
---------------------------------------------------------------------
* Thu Sep 22 2005 Christopher Aillon <caillon(a)redhat.com> 0:1.0.7-1.1.fc4
- Update to 1.0.7, containing fixes for:
CAN-2005-2701 CAN-2005-2702 CAN-2005-2703 CAN-2005-2704
CAN-2005-2705 CAN-2005-2706 CAN-2005-2707 CAN-2005-2968
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
3d34c9afd050102e342e54d18c938892 SRPMS/firefox-1.0.7-1.1.fc4.src.rpm
064d9b23b001d6e1e794914254ae60fe ppc/firefox-1.0.7-1.1.fc4.ppc.rpm
4469655cc945d0bd97743c42ba7326b1 ppc/debug/firefox-debuginfo-1.0.7-1.1.fc4.ppc.rpm
3a9cc318a771fa152e65368d43a4b5a0 x86_64/firefox-1.0.7-1.1.fc4.x86_64.rpm
2c3ee4f39f825a78d97420f120629f8e x86_64/debug/firefox-debuginfo-1.0.7-1.1.fc4.x86_64.rpm
61bfc913f93131be9d2754944a7afcfc i386/firefox-1.0.7-1.1.fc4.i386.rpm
5ab51918877bf51b3586ce35f7e01de7 i386/debug/firefox-debuginfo-1.0.7-1.1.fc4.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-925
2005-09-26
---------------------------------------------------------------------
Product : Fedora Core 3
Name : ruby
Version : 1.8.3
Release : 1.fc3
Summary : An interpreter of object-oriented scripting language
Description :
Ruby is the interpreted scripting language for quick and easy
object-oriented programming. It has many features to process text
files and to do system management tasks (as in Perl). It is simple,
straight-forward, and extensible.
---------------------------------------------------------------------
* Mon Sep 26 2005 Akira TAGOH <tagoh(a)redhat.com> - 1.8.3-1.fc3
- New upstream release.
- Build-Requires xorg-x11-devel instead of XFree86-devel.
- ruby-multilib.patch: applied for only 64-bit archs.
- ruby-1.8.2-xmlrpc-CAN-2005-1992.patch: removed. it has already been in upstream.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
7091810b48d485a7d39a3084434f05b7 SRPMS/ruby-1.8.3-1.fc3.src.rpm
8888b7b4b158287c9b37ccbd03e0aff2 x86_64/ruby-1.8.3-1.fc3.x86_64.rpm
9e300e04014cedce2820941113d6306a x86_64/ruby-libs-1.8.3-1.fc3.x86_64.rpm
6ff0722bbfcf4a3d1a94c3f3ce69e09b x86_64/ruby-devel-1.8.3-1.fc3.x86_64.rpm
745e1a9f93f1a887d97e837eeaaeead4 x86_64/ruby-tcltk-1.8.3-1.fc3.x86_64.rpm
8b109da3dbd58f950f7b6b2c0d34f51f x86_64/irb-1.8.3-1.fc3.x86_64.rpm
503f9218383d4a3a3ee4d33ff3106b8d x86_64/rdoc-1.8.3-1.fc3.x86_64.rpm
77deb05ef66cf2a2619ebf4a30382105 x86_64/ruby-docs-1.8.3-1.fc3.x86_64.rpm
0ed15683cd1e18e36fb2011214603fad x86_64/ruby-mode-1.8.3-1.fc3.x86_64.rpm
c648bf63395a252c26f6184809b22713 x86_64/ri-1.8.3-1.fc3.x86_64.rpm
2ab086aa34631908c8cb91cb77d28a14 x86_64/debug/ruby-debuginfo-1.8.3-1.fc3.x86_64.rpm
f798e4d8adc250041c38194c9f64d1f5 x86_64/ruby-libs-1.8.3-1.fc3.i386.rpm
137d1897d3510c5949dacd2129c1115e i386/ruby-1.8.3-1.fc3.i386.rpm
f798e4d8adc250041c38194c9f64d1f5 i386/ruby-libs-1.8.3-1.fc3.i386.rpm
593ab4c5abd6742cd199253939e601c4 i386/ruby-devel-1.8.3-1.fc3.i386.rpm
aa8314dfe654b3fcda15ce55efc6eb8f i386/ruby-tcltk-1.8.3-1.fc3.i386.rpm
73226a6169ceb76bc97bce30be6627f0 i386/irb-1.8.3-1.fc3.i386.rpm
5d4452f228fdd302719b9a04b3ed8653 i386/rdoc-1.8.3-1.fc3.i386.rpm
9c7ece6595d1669b41cc414b1b20b7d4 i386/ruby-docs-1.8.3-1.fc3.i386.rpm
fecdf0c4becd809f39077c20211fca24 i386/ruby-mode-1.8.3-1.fc3.i386.rpm
678c89c106e9700ad76b5f7b8552e77b i386/ri-1.8.3-1.fc3.i386.rpm
7a73494b79ef19bf90100418e6496075 i386/debug/ruby-debuginfo-1.8.3-1.fc3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-885
2005-09-26
---------------------------------------------------------------------
Product : Fedora Core 4
Name : openobex
Version : 1.0.1
Release : 3.0.FC4.1
Summary : Library for using OBEX
Description :
Open OBEX shared c-library
---------------------------------------------------------------------
Update Information:
`OBEX_ServerAccept' was added to the exported symbols to
enable proper linking with some programs.
---------------------------------------------------------------------
* Mon May 2 2005 Harald Hoyer <harald(a)redhat.com> 1.0.1-3.0.FC4.1
- added `OBEX_ServerAccept' to the exported symbols (bug rh#146353)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
b8d99ac2117eb786a876ba5c547fd2af SRPMS/openobex-1.0.1-3.0.FC4.1.src.rpm
f2403dd36e61b7707c12ff4b1cedac7d ppc/openobex-1.0.1-3.0.FC4.1.ppc.rpm
bfa8a12f99a45d5a5bebe1324d9eb1d1 ppc/openobex-devel-1.0.1-3.0.FC4.1.ppc.rpm
635824c9bea9312e7e0ef85ce8c9124a ppc/debug/openobex-debuginfo-1.0.1-3.0.FC4.1.ppc.rpm
dac85ba1d53bff53c41048043836ccfa ppc/openobex-1.0.1-3.0.FC4.1.ppc64.rpm
a124ad68d00b4aed0a952fb3c8c16885 x86_64/openobex-1.0.1-3.0.FC4.1.x86_64.rpm
616f1f891d95927c51a5e604d29e428e x86_64/openobex-devel-1.0.1-3.0.FC4.1.x86_64.rpm
26569b77c94bd246e436020d167d97cc x86_64/debug/openobex-debuginfo-1.0.1-3.0.FC4.1.x86_64.rpm
88d4972d68eca265538689b3db3c99f3 x86_64/openobex-1.0.1-3.0.FC4.1.i386.rpm
88d4972d68eca265538689b3db3c99f3 i386/openobex-1.0.1-3.0.FC4.1.i386.rpm
ad70742b2b6696e6f67710fccb4c0915 i386/openobex-devel-1.0.1-3.0.FC4.1.i386.rpm
4aabdc4d49cb3acbda950308d4f01e99 i386/debug/openobex-debuginfo-1.0.1-3.0.FC4.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-917
2005-09-26
---------------------------------------------------------------------
Product : Fedora Core 4
Name : audit
Version : 1.0.4
Release : 1.fc4
Summary : User space tools for 2.6 kernel auditing.
Description :
The audit package contains the user space utilities for
storing and processing the audit records generate by
the audit subsystem in the Linux 2.6 kernel.
---------------------------------------------------------------------
* Fri Sep 23 2005 Steve Grubb <sgrubb(a)redhat.com> 1.0.4-1.fc4
- Make rate & backlog 32 bit unsigned int in auditctl
- In auditctl, if -F arch is given with -t option, don't require list
- Update auditd man page
- Add size check to audit_send
- Update message for audit_open failure when kernel doesn't support audit
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
ffca4976b6951effcd76ab745dedb8e4 SRPMS/audit-1.0.4-1.fc4.src.rpm
8c5a0c27235e15954cbec333e41601eb ppc/audit-1.0.4-1.fc4.ppc.rpm
a10f3896d4fa5ecfde0419c29009c7ae ppc/audit-libs-1.0.4-1.fc4.ppc.rpm
a4484bfda5e368e1d71324d2e14d0053 ppc/audit-libs-devel-1.0.4-1.fc4.ppc.rpm
ad4deb7c43281229dd2f9da5fe1b27d0 ppc/debug/audit-debuginfo-1.0.4-1.fc4.ppc.rpm
e5e0e784500046d0fce846d4b76d6e73 ppc/audit-libs-1.0.4-1.fc4.ppc64.rpm
bd5b46ef6603d3bc5613031ffdeabef1 x86_64/audit-1.0.4-1.fc4.x86_64.rpm
d953839834b136e510f25001a5bf1093 x86_64/audit-libs-1.0.4-1.fc4.x86_64.rpm
02d3d57fc3566d3ae7f6bf081a8bc0b5 x86_64/audit-libs-devel-1.0.4-1.fc4.x86_64.rpm
b9bfbe8f95a760cc6b3e9e5a39d6ff44 x86_64/debug/audit-debuginfo-1.0.4-1.fc4.x86_64.rpm
1e73d0ec302e7523c601564b7c1fc73d x86_64/audit-libs-1.0.4-1.fc4.i386.rpm
0808b3f53ceaadeb4fd8697fdb81e161 i386/audit-1.0.4-1.fc4.i386.rpm
1e73d0ec302e7523c601564b7c1fc73d i386/audit-libs-1.0.4-1.fc4.i386.rpm
aead555554a929494e2f8f5d872af154 i386/audit-libs-devel-1.0.4-1.fc4.i386.rpm
7a15b0b725a58b45013a372f3e77edf9 i386/debug/audit-debuginfo-1.0.4-1.fc4.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
Welcome to our issue number 15 of Fedora Weekly News.
http://fedoranews.org/wiki/Fedora_Weekly_News_Issue_15
In this issue, we have following articles:
1 Mozilla Firefox 1.0.7 Released
2 Unavoidable Xorg package update problems
3 News for ASUS K8N-DL owners
4 Fedora FAQ merger effort
5 Meeting Minutes for Fedora Documentation
6 Meeting Minutes for Fedora Marketing
7 Review: The Present and Future with Fedora Core 4
8 My Experience and Strategy in Migrating MS Windows to Linux
9 Tip of the Week
10 Fedora Core 4 Updates
11 Contributing to Fedora Weekly News
12 Editor's Blog
The latest issue can always be found at
http://fedoranews.org/wiki/Fedora_Weekly_News_Latest_Issue
We need more volunteer writers who watch the Fedora community and report
about what is going on. To find out how you can contribute, please visit
http://fedoranews.org/wiki/Contributing_to_Fedora_Weekly_News
See you in next issue of FWN!
--
Thomas Chung
FedoraNEWS.ORG (http://fedoranews.org)
"..where you can free your knowledge for your free community!"
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-924
2005-09-23
---------------------------------------------------------------------
Product : Fedora Core 4
Name : xinitrc
Version : 4.0.18.1
Release : 1
Summary : The default startup script for the X Window System.
Description :
The xinitrc package contains the xinitrc file, a script which is used
to configure your X Window System session or to start a window
manager.
---------------------------------------------------------------------
Update Information:
The xinitrc package is a collection of startup scripts
and config files for the X Window System.
A new feature was added to the xinitrc package in FC-4
to allow 3rd party window managers to be able to drop
in their own custom startup shell scripts, which would
get autodetected and used by xinitrc/Xsession
automatically if present for a given windowmanager or
desktop environment.
This feature was unused in Fedora Core 4 itself however,
and recently a flaw was discovered in the implementation.
This update fixes this feature of the xinitrc scripts
to allow 3rd party window managers and desktop
environments to easily integrate with the X startup
process.
---------------------------------------------------------------------
* Fri Sep 23 2005 Mike A. Harris <mharris(a)redhat.com> 4.0.18.1-1
- Backport all of 4.0.20-1 from Fedora devel head to xinitrc-fc4-branch
for FC4 update, to fix (#168634)
* Fri Sep 23 2005 Mike A. Harris <mharris(a)redhat.com> 4.0.20-1
- Fix glitch in Xsession script in implementation of Xclients.d (#168634)
* Tue May 24 2005 Mike A. Harris <mharris(a)redhat.com> 4.0.19-1
- [xinitrc-common] source /etc/profile.d/lang.sh if it exists to try and fix
bug (#138681)
- Remove unnecessary dependancy on /usr/X11R6/bin/RunWM from spec file
- Do not install RunWM symlinks for window managers we have not shipped for
several years.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
3e309143e316534e24250aa6b7b8c5d2 SRPMS/xinitrc-4.0.18.1-1.src.rpm
e987474a5764bafc5a16093f40c74f35 x86_64/xinitrc-4.0.18.1-1.noarch.rpm
e987474a5764bafc5a16093f40c74f35 i386/xinitrc-4.0.18.1-1.noarch.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-922
2005-09-23
---------------------------------------------------------------------
Product : Fedora Core 4
Name : x86info
Version : 1.15
Release : 1.11
Summary : x86 processor information tool.
Description :
x86info displays diagnostic information about x86 CPU's, such
as cache configuration and supported features.
---------------------------------------------------------------------
Update Information:
Upstream update, which recognises a whole bunch of extra CPUs.
---------------------------------------------------------------------
* Fri Sep 23 2005 Dave Jones <davej(a)redhat.com>
- Update to 1.15
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
f0afda399a704300fa51ab96c3f956f5 SRPMS/x86info-1.15-1.11.src.rpm
792243801da252b01b1a4bf4dc1bd863 x86_64/x86info-1.15-1.11.x86_64.rpm
9c28aaf9b2d6253915997f2af83896a5 x86_64/debug/x86info-debuginfo-1.15-1.11.x86_64.rpm
e71a0324e1154bf4ec21fac32b70a405 i386/x86info-1.15-1.11.i386.rpm
7c99c5d1f69371018f574df54e29edb1 i386/debug/x86info-debuginfo-1.15-1.11.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-919
2005-09-23
---------------------------------------------------------------------
Product : Fedora Core 4
Name : system-config-bind
Version : 4.0.0
Release : 31_FC4
Summary : The Red Hat BIND DNS Configuration Tool.
Description :
The system-config-bind package provides a graphical user interface (GUI) to
configure the Berkeley Internet Name Domain (BIND) Domain Name System (DNS)
server, "named", with a set of python modules.
Users new to BIND configuration can use this tool to quickly set up a working
DNS server.
---------------------------------------------------------------------
* Fri Sep 23 2005 Jason Vas Dias <jvdias(a)redhat.com> - 4.0.0-31
- fix deletion of record with following records for same name
- fix zone serial increment on save
- ship updated translations
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
01b51213542d251ef64dab6a4f4afca7 SRPMS/system-config-bind-4.0.0-31_FC4.src.rpm
82f7bacc5d36d7e9462f7153dcbed9c9 x86_64/system-config-bind-4.0.0-31_FC4.noarch.rpm
82f7bacc5d36d7e9462f7153dcbed9c9 i386/system-config-bind-4.0.0-31_FC4.noarch.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-895
2005-09-23
---------------------------------------------------------------------
Product : Fedora Core 4
Name : selinux-policy-targeted
Version : 1.27.1
Release : 2.1
Summary : SELinux targeted policy configuration
Description :
Security-enhanced Linux is a patch of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux. The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.
This package contains the SELinux example policy configuration along
with the Flask configuration information and the application
configuration files.
---------------------------------------------------------------------
Update Information:
Several fixes included from rawhide version.
---------------------------------------------------------------------
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
6072115b6d5325f93d1c3485fe45180c SRPMS/selinux-policy-targeted-1.27.1-2.1.src.rpm
ea4069112cdfc62d12c6d8ac0c13ad14 x86_64/selinux-policy-targeted-1.27.1-2.1.noarch.rpm
cdcf8ef72dc85953f5bae31eb87416d4 x86_64/selinux-policy-targeted-sources-1.27.1-2.1.noarch.rpm
ea4069112cdfc62d12c6d8ac0c13ad14 i386/selinux-policy-targeted-1.27.1-2.1.noarch.rpm
cdcf8ef72dc85953f5bae31eb87416d4 i386/selinux-policy-targeted-sources-1.27.1-2.1.noarch.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-915
2005-09-23
---------------------------------------------------------------------
Product : Fedora Core 3
Name : squid
Version : 2.5.STABLE11
Release : 1.FC3
Summary : The Squid proxy caching server.
Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.
Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.
---------------------------------------------------------------------
* Fri Sep 23 2005 Martin Stransky <stransky(a)redhat.com> 7:2.5.STABLE11-1.FC3
- update to STABLE11
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
c9e608c609b5886eb6d8b72ec2685b9a SRPMS/squid-2.5.STABLE11-1.FC3.src.rpm
18c100bced6661d3c3e54917e0e1f187 x86_64/squid-2.5.STABLE11-1.FC3.x86_64.rpm
aa771a75ee39341822ad6d9f544aeee6 x86_64/debug/squid-debuginfo-2.5.STABLE11-1.FC3.x86_64.rpm
6805a343752c38bdda8c6261b933bf87 i386/squid-2.5.STABLE11-1.FC3.i386.rpm
62bd18bd99f6618496d03fe47579ada8 i386/debug/squid-debuginfo-2.5.STABLE11-1.FC3.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------