The Fedora Unity Project is proud to announce the release of new ISO
Re-Spins (DVD and CD Sets) of Fedora 8. These Re-Spin ISOs are based on
the officially released Fedora 8 installation media and include all
updates released as of December 18th, 2007. The ISO images are available
for i386 and x86_64 architectures via jigdo starting Sunday, December
23rd, 2007.
We have included CD Image sets for those in the Fedora community that do
not have DVD drives or burners available.
With this particular Re-Spin, we address the following problems
experienced by many community members:
- #372011, "depsolve hang in F7 to F8 upgrade"
We have incorporated the updates image made by Jeremy Katz (comment #11
in the bug), and we have verified that a full Fedora 7 installation
upgrades to Fedora 8 without issues.
- #367731, "anaconda fails on Via VPSD motherboard"
On i586 hardware, the installation media wouldn't boot and thus renders
itself unusable. We have backported the fix for this issue from anaconda
development to the Fedora 8 stock anaconda, as anaconda is not updated
during a release.
- #369611, "yum upgrade with selinux-policy-strict installed fails"
A dependency problem in selinux-policy-strict during upgrades is
resolved in an updated selinux-policy-strict package, which is included
in the Re-Spin
- #404601, "anaconda crashes on 'cdrom' line in kickstart"
Updates to pykickstart incorporated in the rebuilt installer resolve
this issue.
These are some of the bugs brought to our attention, which you can do by
sending a message to me directly, or other Fedora Unity team members in
the #fedora-unity channel on IRC.
Fedora Unity has taken up the Re-Spin task to provide the community with
the chance to install Fedora with recent updates already included. These
updates might otherwise comprise more than 1.33GiB of downloads for a
full install. This is a community project, for and by the community.
You can contribute to the community by joining our test process.
A full list of bugs, packages and changelogs that have been updated in
this Re-Spin can be reviewed on
http://spins.fedoraunity.org/changelogs/20071218/
If you are interested in helping with the testing or mirroring efforts,
please contact the Fedora Unity team. Contact information is available
at http://fedoraunity.org/ or the #fedora-unity channel on the Freenode
IRC Network (irc.freenode.net)
Go to http://spins.fedoraunity.org/spins to get the bits!
To report bugs in the Re-Spins please use http://bugs.fedoraunity.org/
Kind regards,
Jeroen van Meeuwen
-kanarip
Fedora Unity Founder
Greetings!
Whether you are a new Fedora user who just started with Fedora 8, a
seasoned veteran who has been with Red Hat from the very beginning, or
somewhere in between, you are all invited to FUDCon Raleigh 2008.
http://barcamp.org/FUDConRaleigh2008
This year's FUDCon is a 3 day event, from Friday January 11th - Sunday
January 13th.
The main event that most people will be interested in is on Saturday
January 12. This is a BarCamp (look on wikipedia if you don't know what
that is) style conference, and it will feature sessions, talks,
demonstrations, and brainstorming sessions about all sorts of technology
related to Fedora.
Friday January 11th and Sunday January 13th will be dedicated Fedora
hackfest days -- if you are a coder, or have some sort of
engineering/project management skill and are interested in two intense
days of work, you are encouraged to come and participate.
FUDCon is free to attend. There is much more information at the URL
above, which also is the place where you can sign up, propose sessions,
etc.
Thanks,
Max
Fedora 7 and 8 packages are being released but as you may know FC6 has
reached EOL just recently.
As I think this is an important security problem I decided to release
new packages for FC6 so that people that have not yet finished their
migration to newer supported Fedora releases can buy some more time.
This is a one off service I felt compelled to release to help people, I
am not going to do regular releases for FC6.
Packages here:
http://simo.fedoraproject.org/samba
Simo.
On Mon, 2007-12-10 at 07:49 -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ==========================================================
> ==
> == Subject: Boundary failure in GETDC mailslot
> == processing can result in a buffer overrun
> ==
> == CVE ID#: CVE-2007-6015
> ==
> == Versions: Samba 3.0.0 - 3.0.27a (inclusive)
> ==
> == Summary: Specifically crafted GETDC mailslot requests
> == can trigger a boundary error in the domain
> == controller GETDC mail slot support which
> == can be remotely exploited to execute arbitrary
> == code.
> ==
> ==========================================================
>
> ===========
> Description
> ===========
>
> Secunia Research reported a vulnerability that allows for
> the execution of arbitrary code in nmbd. This defect is
> only be exploited when the "domain logons" parameter has
> been enabled in smb.conf.
>
>
> ==================
> Patch Availability
> ==================
>
> A patch addressing this defect has been posted to
>
> http://www.samba.org/samba/security/
>
> Additionally, Samba 3.0.28 has been issued as a security
> release to correct the defect.
>
>
> ==========
> Workaround
> ==========
>
> Samba administrators may avoid this security issue by disabling
> both the "domain logons" options in the server's smb.conf file.
> Note that this will disable all domain controller features as
> well.
>
>
> =======
> Credits
> =======
>
> This vulnerability was reported to Samba developers by
> Alin Rad Pop, Secunia Research.
>
> The time line is as follows:
>
> * Nov 22, 2007: Initial report to security(a)samba.org.
> * Nov 22, 2007: First response from Samba developers confirming
> the bug along with a proposed patch.
> * Dec 10, 2007: Public security advisory made available.
>
>
> ==========================================================
> == Our Code, Our Bugs, Our Responsibility.
> == The Samba Team
> ==========================================================
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHXUPeIR7qMdg1EfYRArBPAKDeDyXyeauJuVk0FcHYWbBci0Dw6gCgoYYF
> UmvJh11x9pp5Nbbg/VYpSJ0=
> =d7SS
> -----END PGP SIGNATURE-----
>
--
Simo Sorce
Samba Team GPL Compliance Officer <simo(a)samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce(a)redhat.com>
The next FUDCon (Fedora User and Developer Conference) will be in
Raleigh, NC from January 11-13, 2008. The event is 100% free to attend.
For more information, and to SIGN UP, please visit:
http://barcamp.org/FUDConRaleigh2008
We hope to see you there.