The FreeBSD Release Engineering Team is pleased to announce the availability
of FreeBSD 9.1-RELEASE. This is the second release from the stable/9 branch,
which improves on the stability of FreeBSD 9.0 and introduces some new
features. Some of the highlights:
- New Intel GPU driver with GEM/KMS support
- netmap(4) fast userspace packet I/O framework
- ZFS improvements from illumos project
- CAM Target Layer, a disk and processor device emulation subsystem
- Optional new C++11 stack including LLVM libc++ and libcxxrt
- Jail devfs, nullfs, zfs mounting and configuration file support
- POSIX2008 extended locale support, including compatibility with
Darwin extensions
- oce(4) driver for Emulex OneConnect 10Gbit Ethernet card
- sfxge(4) driver for 10Gb Ethernet adapters based on Solarflare
SFC9000 controller
- Xen Paravirtualized Backend Ethernet Driver (netback) improvement
- hpt27xx(4) driver for HighPoint RocketRAID 27xx-based SAS 6Gb/s HBA
- GEOM multipath class improvement
- GEOM raid class is enabled by default supporting software RAID
by deprecated ataraid(8)
- kernel support for the AVX FPU extension
- Numerous improvements in IPv6 hardware offload support.
Please note that precompiled third-party packages are not available for
9.1-RELEASE at the time of release. See the "Availability" section below
for further details.
For a complete list of new features and known problems, please see the
online release notes and errata list, available at:
http://www.FreeBSD.org/releases/9.1R/relnotes.html
http://www.FreeBSD.org/releases/9.1R/errata.html
For more information about FreeBSD release engineering activities,
please see:
http://www.FreeBSD.org/releng/
Availability
-------------
FreeBSD 9.1-RELEASE is now available for the amd64, i386, powerpc64,
and sparc64 architectures.
FreeBSD 9.1 can be installed from bootable ISO images or over the
network. Some architectures also support installing from a USB memory
stick. The required files can be downloaded via FTP as described in the
section below. While some of the smaller FTP mirrors may not carry all
architectures, they will all generally contain the more common ones such
as amd64 and i386.
MD5 and SHA256 hashes for the release ISO and memory stick images are
included at the bottom of this message.
The purpose of the images provided as part of the release are as follows:
dvd1: This contains everything necessary to install the base FreeBSD
operating system, the documentation, and a small set of pre-built
packages aimed at getting a graphical workstation up and running.
It also supports booting into a "livefs" based rescue mode. This
should be all you need if you can burn and use DVD-sized media.
disc1: This contains the base FreeBSD operating system. It also supports
booting into a "livefs" based rescue mode. There are no pre-built
packages.
bootonly: This supports booting a machine using the CDROM drive but
does not contain the support for installing FreeBSD from the
CD itself. You would need to perform a network based install
(e.g. from an FTP server) after booting from the CD.
memstick: This can be written to an USB memory stick (flash drive) and
used to do an install on machines capable of booting off USB
drives. It also supports booting into a "livefs" based rescue
mode. There are no pre-built packages.
As one example of how to use the memstick image, assuming the USB drive
appears as /dev/da0 on your machine something like this should work:
# dd if=FreeBSD-9.1-RELEASE-amd64-memstick.img of=/dev/da0 bs=10240 conv=sync
Be careful to make sure you get the target (of=) correct.
Due to the security incident reported here:
http://www.FreeBSD.org/news/2012-compromise.html
only the small third-party package set on the DVD image is available at this
time for users who require pre-built packages (just GNOME and KDE windowing
systems). The FreeBSD Project's package building infrastructure is undergoing
a complete review and redesign. At this time we can not commit to a date
the full release package set will become available. A separate announcement
will be made when that becomes available. If you wish to install 9.1-RELEASE
now you can build your own packages using portsnap(8) to obtain an up to
date ports tree and then build the packages. If you require pre-built
packages you should wait for the announcement of the full release package
set becoming available.
FreeBSD 9.1-RELEASE can also be purchased on CD-ROM or DVD from several
vendors. One of the vendors that will be offering FreeBSD 9.1-based
products is:
~ FreeBSD Mall, Inc. http://www.freebsdmall.com/
FTP
---
At the time of this announcement the following FTP sites have
FreeBSD 9.1-RELEASE available.
ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.1/
ftp://ftp5.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.1/
ftp://ftp7.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.1/
ftp://ftp8.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.1/
ftp://ftp.au.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.1/
ftp://ftp.cn.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.1/
ftp://ftp.cz.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.1/
ftp://ftp.dk.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.1/
ftp://ftp.fr.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.1/
ftp://ftp.jp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.1/
ftp://ftp.ru.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.1/
ftp://ftp.tw.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.1/
ftp://ftp.uk.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.1/
ftp://ftp2.us.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.1/
ftp://ftp10.us.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.1/
ftp://ftp.za.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/9.1/
However before trying these sites please check your regional mirror(s)
first by going to:
ftp://ftp.<yourdomain>.FreeBSD.org/pub/FreeBSD
Any additional mirror sites will be labeled ftp2, ftp3 and so on.
More information about FreeBSD mirror sites can be found at:
http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html
For instructions on installing FreeBSD or updating an existing machine to
9.1-RELEASE please see:
http://www.FreeBSD.org/releases/9.1R/installation.html
Support
-------
9.1-RELEASE is an extended support releases and will be supported by
the FreeBSD Security Team until it's End-of-Life (EoL) date of
December 31st 2014. As 9.1-RELEASE got delayed, the EoL of 9.0-RELEASE
has been pushed to March 31st 2013 to allow people sufficient time to
upgrade. As always all EoL dates can be found at:
http://www.FreeBSD.org/security/
Other Projects Based on FreeBSD
-------------------------------
There are many "third party" Projects based on FreeBSD. The Projects
range from re-packaging FreeBSD into a more "novice friendly" distribution
to making FreeBSD available on Amazon's EC2 infrastructure. For more
information about these Third Party Projects see:
http://wiki.FreeBSD.org/3rdPartyProjects
Acknowledgments
---------------
Many companies donated equipment, network access, or man-hours to
support the release engineering activities for FreeBSD 9.1 including
The FreeBSD Foundation, Yahoo!, NetApp, Internet Systems Consortium,
Sentex Communications, New York Internet, Juniper Networks, and
iXsystems.
The release engineering team for 9.1-RELEASE includes:
Ken Smith <kensmith@FreeBSD.org> Release Engineering,
amd64, i386, sparc64 Release Building,
Mirror Site Coordination
Robert Watson <rwatson@FreeBSD.org> Release Engineering, Security
Konstantin Belousov <kib@FreeBSD.org> Release Engineering
Marc Fonvieille <blackend@FreeBSD.org> Release Engineering, Documentation
Josh Paetzel <jpaetzel@FreeBSD.org> Release Engineering
Hiroki Sato <hrs@FreeBSD.org> Release Engineering, Documentation
Bjoern Zeeb <bz@FreeBSD.org> Release Engineering, Package Building
Marcel Moolenaar <marcel@FreeBSD.org> ia64, powerpc Release Building
Nathan Whitehorn <nwhitehorn@FreeBSD.org> powerpc64 Release Building
Simon Nielsen <simon@FreeBSD.org> Security Officer
Trademark
---------
FreeBSD is a registered trademark of The FreeBSD Foundation.
ISO Image Checksums
-------------------
MD5 (FreeBSD-9.1-RELEASE-amd64-bootonly.iso) = 03ec0d36578a5b2092c75ac8e3eb1979
MD5 (FreeBSD-9.1-RELEASE-amd64-disc1.iso) = f0a320fd52383c42649d48ea545915a9
MD5 (FreeBSD-9.1-RELEASE-amd64-dvd1.iso) = 5da132138da8360491eb0efa24760859
MD5 (FreeBSD-9.1-RELEASE-amd64-memstick.img) = 9fb2d4ad338df42f5d86cd1ae3a427c4
MD5 (FreeBSD-9.1-RELEASE-i386-bootonly.iso) = 0c2338e03b9249c9806b8c2b10f36dec
MD5 (FreeBSD-9.1-RELEASE-i386-disc1.iso) = e37d86ce83908bf4b667fdae7298bca5
MD5 (FreeBSD-9.1-RELEASE-i386-dvd1.iso) = dd07dc30035806cabd136f99ccab7eac
MD5 (FreeBSD-9.1-RELEASE-i386-memstick.img) = 149b98037944300927a21341aa9a455a
MD5 (FreeBSD-9.1-RELEASE-powerpc64-bootonly.iso) = f65cb227e049c48bbc369d79a72e2916
MD5 (FreeBSD-9.1-RELEASE-powerpc64-memstick) = 4febdf7210882e8a9f8eee35315722ce
MD5 (FreeBSD-9.1-RELEASE-powerpc64-release.iso) = a26c7c24a0497980ffc67e1f199a5bba
MD5 (FreeBSD-9.1-RELEASE-sparc64-bootonly.iso) = 3fb02e9998e6341fea7fa75073dcf5ea
MD5 (FreeBSD-9.1-RELEASE-sparc64-disc1.iso) = 7fdec91c78799263d88f3918b71e219f
SHA256 (FreeBSD-9.1-RELEASE-amd64-bootonly.iso) = a7e429071a409232f36024df2fc92eed15dc795445030b305fa242c88d6f4596
SHA256 (FreeBSD-9.1-RELEASE-amd64-disc1.iso) = 776ba34df5ffb8b5f04b823aacea32210104204b5d3d1547334a22c86cf7090e
SHA256 (FreeBSD-9.1-RELEASE-amd64-dvd1.iso) = 7955f97e25985915013c1568319752c4006e722539c65723685923e343c3b5dc
SHA256 (FreeBSD-9.1-RELEASE-amd64-memstick.img) = d085657fc039f579a69598163de39cd0d5d09b3f5ba79ea93bb508e7958cdef4
SHA256 (FreeBSD-9.1-RELEASE-i386-bootonly.iso) = 73361f5947a71465797979a99e9fdee40797c3fc5ebc9dd4d3d31262f4940985
SHA256 (FreeBSD-9.1-RELEASE-i386-disc1.iso) = 211f9562e0c122598e03aa3fdb38dd8a5c79197a9d09e6ad32f9ee9ba4eb6e0e
SHA256 (FreeBSD-9.1-RELEASE-i386-dvd1.iso) = 46a53f57e21a7a1c2d1c014bf2cfafae3848c749174777f3a04543f1da25b678
SHA256 (FreeBSD-9.1-RELEASE-i386-memstick.img) = 9d037fbf6ac62350bf5d39be820f843c215befac94f8668a5d9935f6bec8e37d
SHA256 (FreeBSD-9.1-RELEASE-powerpc64-bootonly.iso) = a2cd9f2d58571d3e9fbb5fadd13237622d4bf1a732d61acbe649e29153a16801
SHA256 (FreeBSD-9.1-RELEASE-powerpc64-memstick) = 02d0bb7236335c6154683800a17c84eb810fbf7950da8c818a519bc09b7ef84e
SHA256 (FreeBSD-9.1-RELEASE-powerpc64-release.iso) = b04fb13eab306424319bb8ecd280a655ca6df51dc1ff5dcd6adb6eaa3ff88dba
SHA256 (FreeBSD-9.1-RELEASE-sparc64-bootonly.iso) = be55f9950e70e4da13c29c90bae0c2110e176939085d72b77e18e23307bbfaea
SHA256 (FreeBSD-9.1-RELEASE-sparc64-disc1.iso) = aa57a02b2d7e46ad8ccca1adcef0ae9aad86b2f4fb5ee9d42e21a95ae2c29f47
Sunday, December 30, 2012
Saturday, December 29, 2012
[USN-1680-1] MoinMoin vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ37qSAAoJEFHb3FjMVZVzMakQAJRxPLX213KP4FU85l7LLeT4
KAcZcNGTLMKcOSQXHZjnmeiz6fNpNyt8GonEhwyg5KnjwLMl0Dz7tIT79WXOjgDg
k+HHsawDfe+6p3SwncytceybuvvFKFOt4ZcbXPWNFDqQminwCySiKE2UFlKLfJoZ
Vm0AFalR+hoGw2Q+2FOKN0FAu4HLDMw1kgh/hs+CBEgP7BYHoUCRBoiK0PbXnI82
dV8VbinEQpT2fcZNu0rA3cu75fw6ZnwqrjHkb6u1ehuDZZcn2tbBOoI5tmlVkpV4
popeh8YFzuypk9kZKzy3Ax9yQ6DxZ6ktjlRoY/v6b1C4wK8HM9ILj93Go2o4efpN
aJxWrJtwvXgwODrzu2YnmnKhGniUSOznn/ORJATtrLbx4QJZ0dlT6aMMOtCWwDt6
KE8Rx/XQDMUczBdE11X3vIqntUwV0QBNjLeqc6EO3u837Y55V7hsIZkvLW5tM/R1
kawdWwNOLtMjLHWz1cAon5uczbYCAKrf1dTeKV3+pZB8PScn0T2vSExVpze9m6KK
zxuGxYPGgYUdNoby1+Xh3MBMis4xKuSkjg9IlOxy9QBqg5hivFDB3CyRz2NEtRJQ
gSxkusAwrZ/tMWT30+xbx7xtzdVVlQZUNdvaaYmZee1kj3A8Pe/qg1f23TstkTy5
hz1MKg57J0iRpivkTQw/
=ayaz
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1680-1
December 30, 2012
moin vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
Summary:
MoinMoin could be made to run programs and overwrite files.
Software Description:
- moin: Collaborative hypertext environment
Details:
It was discovered that MoinMoin did not properly sanitize its input when
processing AnyWikiDraw and TWikiDraw actions. A remote attacker with write
access could exploit this to overwrite arbitrary files and execute
arbitrary code with the priviliges of the web server (user 'www-data').
It was discovered that MoinMoin also did not properly sanitize its input
when processing the AttachFile action. A remote attacker could exploit
this to overwrite files via directory traversal.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
python-moinmoin 1.9.3-1ubuntu3.1
Ubuntu 12.04 LTS:
python-moinmoin 1.9.3-1ubuntu2.2
Ubuntu 11.10:
python-moinmoin 1.9.3-1ubuntu1.11.10.2
Ubuntu 10.04 LTS:
python-moinmoin 1.9.2-2ubuntu3.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1680-1
https://launchpad.net/bugs/1094599
Package Information:
https://launchpad.net/ubuntu/+source/moin/1.9.3-1ubuntu3.1
https://launchpad.net/ubuntu/+source/moin/1.9.3-1ubuntu2.2
https://launchpad.net/ubuntu/+source/moin/1.9.3-1ubuntu1.11.10.2
https://launchpad.net/ubuntu/+source/moin/1.9.2-2ubuntu3.3
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ37qSAAoJEFHb3FjMVZVzMakQAJRxPLX213KP4FU85l7LLeT4
KAcZcNGTLMKcOSQXHZjnmeiz6fNpNyt8GonEhwyg5KnjwLMl0Dz7tIT79WXOjgDg
k+HHsawDfe+6p3SwncytceybuvvFKFOt4ZcbXPWNFDqQminwCySiKE2UFlKLfJoZ
Vm0AFalR+hoGw2Q+2FOKN0FAu4HLDMw1kgh/hs+CBEgP7BYHoUCRBoiK0PbXnI82
dV8VbinEQpT2fcZNu0rA3cu75fw6ZnwqrjHkb6u1ehuDZZcn2tbBOoI5tmlVkpV4
popeh8YFzuypk9kZKzy3Ax9yQ6DxZ6ktjlRoY/v6b1C4wK8HM9ILj93Go2o4efpN
aJxWrJtwvXgwODrzu2YnmnKhGniUSOznn/ORJATtrLbx4QJZ0dlT6aMMOtCWwDt6
KE8Rx/XQDMUczBdE11X3vIqntUwV0QBNjLeqc6EO3u837Y55V7hsIZkvLW5tM/R1
kawdWwNOLtMjLHWz1cAon5uczbYCAKrf1dTeKV3+pZB8PScn0T2vSExVpze9m6KK
zxuGxYPGgYUdNoby1+Xh3MBMis4xKuSkjg9IlOxy9QBqg5hivFDB3CyRz2NEtRJQ
gSxkusAwrZ/tMWT30+xbx7xtzdVVlQZUNdvaaYmZee1kj3A8Pe/qg1f23TstkTy5
hz1MKg57J0iRpivkTQw/
=ayaz
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1680-1
December 30, 2012
moin vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
Summary:
MoinMoin could be made to run programs and overwrite files.
Software Description:
- moin: Collaborative hypertext environment
Details:
It was discovered that MoinMoin did not properly sanitize its input when
processing AnyWikiDraw and TWikiDraw actions. A remote attacker with write
access could exploit this to overwrite arbitrary files and execute
arbitrary code with the priviliges of the web server (user 'www-data').
It was discovered that MoinMoin also did not properly sanitize its input
when processing the AttachFile action. A remote attacker could exploit
this to overwrite files via directory traversal.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
python-moinmoin 1.9.3-1ubuntu3.1
Ubuntu 12.04 LTS:
python-moinmoin 1.9.3-1ubuntu2.2
Ubuntu 11.10:
python-moinmoin 1.9.3-1ubuntu1.11.10.2
Ubuntu 10.04 LTS:
python-moinmoin 1.9.2-2ubuntu3.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1680-1
https://launchpad.net/bugs/1094599
Package Information:
https://launchpad.net/ubuntu/+source/moin/1.9.3-1ubuntu3.1
https://launchpad.net/ubuntu/+source/moin/1.9.3-1ubuntu2.2
https://launchpad.net/ubuntu/+source/moin/1.9.3-1ubuntu1.11.10.2
https://launchpad.net/ubuntu/+source/moin/1.9.2-2ubuntu3.3
Thursday, December 20, 2012
FUDCon reminders, final subsidy meeting
Time for a few FUDCon reminders, just in case the world doesn't end tomorrow!
---------------------------------------------
---------------------------------------------
- The hotel block was extended through TOMORROW, December 21.
To reserve a room, use these links:
---------------------------------------------
---------------------------------------------
The final meeting for subsidy requests will be held tomorrow at 1 p.m. EST (18:00 UTC).
---------------------------------------------
---------------------------------------------
And finally, if you haven't registered yet, by all means, do so! It helps us plan for things like parties and lunch and cupcakes and t-shirts and room space. You do want cupcakes and t-shirts, right? :-) Register here: http://fudconlawrence-ianweller.rhcloud.com/new
---------------------------------------------
---------------------------------------------
See you in Kansas!
Ruth
---------------------------------------------
---------------------------------------------
- The hotel block was extended through TOMORROW, December 21.
To reserve a room, use these links:
- For the Queen/Queen Suites: http://www.marriott.com/hotels/travel/LWCKS?groupCode=TFPTFPB&app=resvlink&fromDate=1/17/13&toDate=1/21/13
- For the King Suites: http://www.marriott.com/hotels/travel/LWCKS?groupCode=TFPTFPA&app=resvlink&fromDate=1/17/13&toDate=1/21/13
---------------------------------------------
---------------------------------------------
The final meeting for subsidy requests will be held tomorrow at 1 p.m. EST (18:00 UTC).
---------------------------------------------
---------------------------------------------
And finally, if you haven't registered yet, by all means, do so! It helps us plan for things like parties and lunch and cupcakes and t-shirts and room space. You do want cupcakes and t-shirts, right? :-) Register here: http://fudconlawrence-ianweller.rhcloud.com/new
---------------------------------------------
---------------------------------------------
See you in Kansas!
Ruth
[FreeBSD-Announce] Foundation's End-of-Year Newsletter
Dear FreeBSD Community,
We are pleased to announce the publication of The FreeBSD Foundation's
2012 End-of-Year Newsletter.
Go to http://www.freebsdfoundation.org/press/2012Dec-newsletter.shtml
to find out how we have supported the FreeBSD Project and community
this year.
Please help us continue and increase our support of FreeBSD by making
a donation to the Foundation. You can go to
http://www.freebsdfoundation.org/donate/
to find out how to make a donation.
Sincerely,
The FreeBSD Foundation
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
We are pleased to announce the publication of The FreeBSD Foundation's
2012 End-of-Year Newsletter.
Go to http://www.freebsdfoundation.org/press/2012Dec-newsletter.shtml
to find out how we have supported the FreeBSD Project and community
this year.
Please help us continue and increase our support of FreeBSD by making
a donation to the Foundation. You can go to
http://www.freebsdfoundation.org/donate/
to find out how to make a donation.
Sincerely,
The FreeBSD Foundation
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Amateur Radio Testing Session at Fudcon Lawrence
Have you ever want to get your Amateur Radio License or Upgrade here is
your chance at Fudcon Lawrence.
your chance at Fudcon Lawrence.
For the Second NA Fudcon we are pleased to offer a ARRL Test Session on
Saturday Jan 19th 10am -2PM in Learned Hall University of Kansas
There is a $15 cost to take the exam. (This Fee goes to the ARRL to
cover the cost of the Exam and materials needed)
Please bring a Photo ID and if you are Licensed copies you your license
and any CSCE you may have. and a PENCIL.
so if you are at Fudcon and are interested please let Ben Williams
(Southern_Gentleman) or Nick Bebot (nb) know asap.
(Suggested reading for those wanting to get your License or upgrade
http://www.kb6nu.com/tech-manual/ . The nononsense Study guides and
online test will prepeare you for the real test. )
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel-announce
Amateur Radio Testing Session at Fudcon Lawrence
Have you ever want to get your Amateur Radio License or Upgrade here is
your chance at Fudcon Lawrence.
your chance at Fudcon Lawrence.
For the Second NA Fudcon we are pleased to offer a ARRL Test Session on
Saturday Jan 19th 10am -2PM in Learned Hall University of Kansas
There is a $15 cost to take the exam. (This Fee goes to the ARRL to
cover the cost of the Exam and materials needed)
Please bring a Photo ID and if you are Licensed copies you your license
and any CSCE you may have. and a PENCIL.
so if you are at Fudcon and are interested please let Ben Williams
(Southern_Gentleman) or Nick Bebot (nb) know asap.
(Suggested reading for those wanting to get your License or upgrade
http://www.kb6nu.com/tech-manual/ . The nononsense Study guides and
online test will prepeare you for the real test. )
--
announce mailing list
announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce
[USN-1679-1] Linux kernel (OMAP4) vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0wchAAoJEAUvNnAY1cPYQ6kP/0goRRqjTKp6uDcETyau/0uU
fNgdA/L/OW7qSUkNysPXCvHup188KjJ0ityqkYcEjEbyAQ+hFn7tnNWObqRPTIGU
P1UW20koTR2jKhc850TNji7pPujJqH3F1HeT5e318ZDNUBP+gBhhOQ244VO4HsiH
T2GikS6ruIWF9zK8p17FfB4qgv1mRLxEXQ3HzY8fqn9ZMAfGawzr9T4NfJ+SdbJa
b5zLDMm5Aj0BOlkYJNfPNB9Zx+HM9whxUtSKFHtW0QiJyryUpdrBUdzyeVE5MbZg
Xl1rBKn79oeqf2WnQtar3NDX1qe03+icFH2BgwzOTmodn7zN/7Y6rzkksvQGIRfO
iwHLVXlF1Ssp6D7KLEdGBOSkTqmJnWgO9EilL5Jk3ZcC6KriRzVB7xuKBByEXpH7
iSp9vCLxn62qBbT5hb0xW/fxK55myhAxvriFLDSKzE468RFISa1hfd18lJGhFn9e
7GH/VabzlNs17u1PesZz95nADcP7S4xLZ+hJrudDl5roIwKOjV94Tf17g8b4ChLl
eXkCPeLEwsqbyR9M9A9IY4SYkBiO3wyOjP+iPCK4KpttS42r97lZR4ZudL2HgNoK
DVuFavPwEQjbRM4Xm7NSSzR1Tp6dOF4GHVq2iN7+0mbGK5K4Gl60OoRNLI5e7Pgc
b9egSm+pHwYgGgVbShE4
=1gkY
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1679-1
December 20, 2012
linux-ti-omap4 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4
Details:
A flaw was discovered in the Linux kernel's handling of new hot-plugged
memory. An unprivileged local user could exploit this flaw to cause a
denial of service by crashing the system.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
linux-image-3.0.0-1219-omap4 3.0.0-1219.32
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1679-1
CVE-2012-5517
Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.0.0-1219.32
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0wchAAoJEAUvNnAY1cPYQ6kP/0goRRqjTKp6uDcETyau/0uU
fNgdA/L/OW7qSUkNysPXCvHup188KjJ0ityqkYcEjEbyAQ+hFn7tnNWObqRPTIGU
P1UW20koTR2jKhc850TNji7pPujJqH3F1HeT5e318ZDNUBP+gBhhOQ244VO4HsiH
T2GikS6ruIWF9zK8p17FfB4qgv1mRLxEXQ3HzY8fqn9ZMAfGawzr9T4NfJ+SdbJa
b5zLDMm5Aj0BOlkYJNfPNB9Zx+HM9whxUtSKFHtW0QiJyryUpdrBUdzyeVE5MbZg
Xl1rBKn79oeqf2WnQtar3NDX1qe03+icFH2BgwzOTmodn7zN/7Y6rzkksvQGIRfO
iwHLVXlF1Ssp6D7KLEdGBOSkTqmJnWgO9EilL5Jk3ZcC6KriRzVB7xuKBByEXpH7
iSp9vCLxn62qBbT5hb0xW/fxK55myhAxvriFLDSKzE468RFISa1hfd18lJGhFn9e
7GH/VabzlNs17u1PesZz95nADcP7S4xLZ+hJrudDl5roIwKOjV94Tf17g8b4ChLl
eXkCPeLEwsqbyR9M9A9IY4SYkBiO3wyOjP+iPCK4KpttS42r97lZR4ZudL2HgNoK
DVuFavPwEQjbRM4Xm7NSSzR1Tp6dOF4GHVq2iN7+0mbGK5K4Gl60OoRNLI5e7Pgc
b9egSm+pHwYgGgVbShE4
=1gkY
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1679-1
December 20, 2012
linux-ti-omap4 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4
Details:
A flaw was discovered in the Linux kernel's handling of new hot-plugged
memory. An unprivileged local user could exploit this flaw to cause a
denial of service by crashing the system.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
linux-image-3.0.0-1219-omap4 3.0.0-1219.32
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1679-1
CVE-2012-5517
Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.0.0-1219.32
[USN-1678-1] Linux kernel (Oneiric backport) vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0wLzAAoJEAUvNnAY1cPYPzwQAIkM4vJls3utqrLEGoECNvYf
j4Id1vLJUpxzq+aEUNvzQUrM+PLeehCgjFDLgfsd1XmLKNrkh9NLsJfCbu3dAV9M
xyyvw8aD6/9mkP6Q9M67lhm1SusFfrE2Mepzn7jVOxvJwxhqBW4fLz+U58CiAqSm
jGbmxYLOIUAK+069dkFui4zJ2Ljarg7MF/pSxgr1zU48T6Ug3S+R7GsOwIlbifxa
pwmISWYn+wex3bEKKMF1rGNu30wGaGCdp0qbGMEvrfTb0pO1nP+7Nd8j1Qw8J+Zo
wUBIeiisW2iVEgLLlJR0moSYjhGubXNDWJkBOgmbzdxQGt7suMsWmoMM/MWmwtX/
9x99W6ITzO9KBKohSHbq90yFuMLmT7v6CtIhee/sfy2xvK5ZRJ1ZNScypt6kWkJJ
OmgJgwCJAaABvwVSoRVU5uQo53KPKxTqJJEbJZZSIW0q/4pPxxHnu2R8Dpk5VQLN
PksMzFgjptucGdA6WX9i2P8bfd3StJgH/cTkrKni/teeZzovoFAl6gP37acDgW5c
nDD4Ty9nKZTQmYphNRNZcE3C60+BGtaxtTF2n3nQXAwJyDJRlNV7ubYm06qug1Wj
NK1QI79EParW2u9kciRAlAyFVYYSeukMk7nsmVYI74vSFDjsMQ6ZNfpnA3jARExd
ARTXNwn4ZMVaGILUf/Pr
=flZF
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1678-1
December 20, 2012
linux-lts-backport-oneiric vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux-lts-backport-oneiric: Linux kernel backport from Oneiric
Details:
A flaw was discovered in the Linux kernel's handling of new hot-plugged
memory. An unprivileged local user could exploit this flaw to cause a
denial of service by crashing the system.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
linux-image-3.0.0-29-generic 3.0.0-29.46~lucid1
linux-image-3.0.0-29-generic-pae 3.0.0-29.46~lucid1
linux-image-3.0.0-29-server 3.0.0-29.46~lucid1
linux-image-3.0.0-29-virtual 3.0.0-29.46~lucid1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1678-1
CVE-2012-5517
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-backport-oneiric/3.0.0-29.46~lucid1
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0wLzAAoJEAUvNnAY1cPYPzwQAIkM4vJls3utqrLEGoECNvYf
j4Id1vLJUpxzq+aEUNvzQUrM+PLeehCgjFDLgfsd1XmLKNrkh9NLsJfCbu3dAV9M
xyyvw8aD6/9mkP6Q9M67lhm1SusFfrE2Mepzn7jVOxvJwxhqBW4fLz+U58CiAqSm
jGbmxYLOIUAK+069dkFui4zJ2Ljarg7MF/pSxgr1zU48T6Ug3S+R7GsOwIlbifxa
pwmISWYn+wex3bEKKMF1rGNu30wGaGCdp0qbGMEvrfTb0pO1nP+7Nd8j1Qw8J+Zo
wUBIeiisW2iVEgLLlJR0moSYjhGubXNDWJkBOgmbzdxQGt7suMsWmoMM/MWmwtX/
9x99W6ITzO9KBKohSHbq90yFuMLmT7v6CtIhee/sfy2xvK5ZRJ1ZNScypt6kWkJJ
OmgJgwCJAaABvwVSoRVU5uQo53KPKxTqJJEbJZZSIW0q/4pPxxHnu2R8Dpk5VQLN
PksMzFgjptucGdA6WX9i2P8bfd3StJgH/cTkrKni/teeZzovoFAl6gP37acDgW5c
nDD4Ty9nKZTQmYphNRNZcE3C60+BGtaxtTF2n3nQXAwJyDJRlNV7ubYm06qug1Wj
NK1QI79EParW2u9kciRAlAyFVYYSeukMk7nsmVYI74vSFDjsMQ6ZNfpnA3jARExd
ARTXNwn4ZMVaGILUf/Pr
=flZF
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1678-1
December 20, 2012
linux-lts-backport-oneiric vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux-lts-backport-oneiric: Linux kernel backport from Oneiric
Details:
A flaw was discovered in the Linux kernel's handling of new hot-plugged
memory. An unprivileged local user could exploit this flaw to cause a
denial of service by crashing the system.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
linux-image-3.0.0-29-generic 3.0.0-29.46~lucid1
linux-image-3.0.0-29-generic-pae 3.0.0-29.46~lucid1
linux-image-3.0.0-29-server 3.0.0-29.46~lucid1
linux-image-3.0.0-29-virtual 3.0.0-29.46~lucid1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1678-1
CVE-2012-5517
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-backport-oneiric/3.0.0-29.46~lucid1
[CentOS-announce] CEBA-2012:1599 CentOS 5 device-mapper-multipath Update
CentOS Errata and Bugfix Advisory 2012:1599
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1599.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
29eb88b0ceb60111771ffbb484974977f783c39bf982615ce875a62e4933699c device-mapper-multipath-0.4.7-48.el5_8.2.i386.rpm
203a34b1b4000133170263fcb58c8cdb5b74faa6400d7a2bb08379dc090153d8 kpartx-0.4.7-48.el5_8.2.i386.rpm
x86_64:
399722760637863b9bdc732b63fff74d9d72683dbc43b1999f2840e629de37e9 device-mapper-multipath-0.4.7-48.el5_8.2.x86_64.rpm
26fd81445697a54b57fd4b0ad7ba9c97e71037bc9add0665263d2605c232c364 kpartx-0.4.7-48.el5_8.2.x86_64.rpm
Source:
fb85e1716abd4d07b551ae0f8012c7774818d7b42492fd06d2615d2dbc47e4dc device-mapper-multipath-0.4.7-48.el5_8.2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1599.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
29eb88b0ceb60111771ffbb484974977f783c39bf982615ce875a62e4933699c device-mapper-multipath-0.4.7-48.el5_8.2.i386.rpm
203a34b1b4000133170263fcb58c8cdb5b74faa6400d7a2bb08379dc090153d8 kpartx-0.4.7-48.el5_8.2.i386.rpm
x86_64:
399722760637863b9bdc732b63fff74d9d72683dbc43b1999f2840e629de37e9 device-mapper-multipath-0.4.7-48.el5_8.2.x86_64.rpm
26fd81445697a54b57fd4b0ad7ba9c97e71037bc9add0665263d2605c232c364 kpartx-0.4.7-48.el5_8.2.x86_64.rpm
Source:
fb85e1716abd4d07b551ae0f8012c7774818d7b42492fd06d2615d2dbc47e4dc device-mapper-multipath-0.4.7-48.el5_8.2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[USN-1677-1] Linux kernel vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0v54AAoJEAUvNnAY1cPYRUEQAIgKH6ojhxyzHhmpOaMHQWQL
1/pEYhW+MZAb5UZMjVYCqk9i6JzGlcWad2kMpQ8S855iMVQnSTCxwl2wnXaR1ZL2
i/YhfdOnc+DWqssdwVcdMibxrpjIRLogsPiSRy0G7Zcj2Rm9OGUT7aZ35Nx2FZ+V
/toJjm3RbcMCUQA+VDftcbOTb7P1NdOuyyp1yl8rR1VHnjiJV8T17/OWLJc2ekhf
20Xk9QFdEIbtHG7ieJzgaXtfavs5jzZJSVQVDuKN7mSKj0QOv/iINZUQwkwNK6c2
xH8P+gvTZ+7iapDpbtlbIQl5/52cec0OZ+OiWoM87jP9b+FBc/Mn+cR195kV2u7Y
mJTmG4PFFbKKYi5IF1bbm13sXE1uO1SEPgO8kr57kMULPLXNjRHpIdowJUPm9Hha
xhxj13aGASkH5z5JyGJlfdTgujFqWhLvpOnAInz2Q7RVnActG3wHj+c5GQaR2hcL
3ltVYiwAgvvbdqG1qXPfG3RrKfQVB+40FvJ8DI4Kj/PLuuTkFxRU9k0jfvK1AUUi
LDv577SjjhJOnajwrR9vJlLYIvn6rGFDmElhcvdrDGe+B18n+vk/zIRwJ8XDtEGe
AiivVircbtap/PyVaEGVhR8fqpI41HkqThCeCxvkAn6PeIOgk0XCzrmelI7xOBmv
zzgKXLNflUb4n2wp+lLs
=u939
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1677-1
December 20, 2012
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux: Linux kernel
Details:
A flaw was discovered in the Linux kernel's handling of new hot-plugged
memory. An unprivileged local user could exploit this flaw to cause a
denial of service by crashing the system.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
linux-image-3.0.0-29-generic 3.0.0-29.46
linux-image-3.0.0-29-generic-pae 3.0.0-29.46
linux-image-3.0.0-29-omap 3.0.0-29.46
linux-image-3.0.0-29-powerpc 3.0.0-29.46
linux-image-3.0.0-29-powerpc-smp 3.0.0-29.46
linux-image-3.0.0-29-powerpc64-smp 3.0.0-29.46
linux-image-3.0.0-29-server 3.0.0-29.46
linux-image-3.0.0-29-virtual 3.0.0-29.46
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1677-1
CVE-2012-5517
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.0.0-29.46
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0v54AAoJEAUvNnAY1cPYRUEQAIgKH6ojhxyzHhmpOaMHQWQL
1/pEYhW+MZAb5UZMjVYCqk9i6JzGlcWad2kMpQ8S855iMVQnSTCxwl2wnXaR1ZL2
i/YhfdOnc+DWqssdwVcdMibxrpjIRLogsPiSRy0G7Zcj2Rm9OGUT7aZ35Nx2FZ+V
/toJjm3RbcMCUQA+VDftcbOTb7P1NdOuyyp1yl8rR1VHnjiJV8T17/OWLJc2ekhf
20Xk9QFdEIbtHG7ieJzgaXtfavs5jzZJSVQVDuKN7mSKj0QOv/iINZUQwkwNK6c2
xH8P+gvTZ+7iapDpbtlbIQl5/52cec0OZ+OiWoM87jP9b+FBc/Mn+cR195kV2u7Y
mJTmG4PFFbKKYi5IF1bbm13sXE1uO1SEPgO8kr57kMULPLXNjRHpIdowJUPm9Hha
xhxj13aGASkH5z5JyGJlfdTgujFqWhLvpOnAInz2Q7RVnActG3wHj+c5GQaR2hcL
3ltVYiwAgvvbdqG1qXPfG3RrKfQVB+40FvJ8DI4Kj/PLuuTkFxRU9k0jfvK1AUUi
LDv577SjjhJOnajwrR9vJlLYIvn6rGFDmElhcvdrDGe+B18n+vk/zIRwJ8XDtEGe
AiivVircbtap/PyVaEGVhR8fqpI41HkqThCeCxvkAn6PeIOgk0XCzrmelI7xOBmv
zzgKXLNflUb4n2wp+lLs
=u939
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1677-1
December 20, 2012
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux: Linux kernel
Details:
A flaw was discovered in the Linux kernel's handling of new hot-plugged
memory. An unprivileged local user could exploit this flaw to cause a
denial of service by crashing the system.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
linux-image-3.0.0-29-generic 3.0.0-29.46
linux-image-3.0.0-29-generic-pae 3.0.0-29.46
linux-image-3.0.0-29-omap 3.0.0-29.46
linux-image-3.0.0-29-powerpc 3.0.0-29.46
linux-image-3.0.0-29-powerpc-smp 3.0.0-29.46
linux-image-3.0.0-29-powerpc64-smp 3.0.0-29.46
linux-image-3.0.0-29-server 3.0.0-29.46
linux-image-3.0.0-29-virtual 3.0.0-29.46
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1677-1
CVE-2012-5517
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.0.0-29.46
[CentOS-announce] CEBA-2012:1597 CentOS 5 bind97 Update
CentOS Errata and Bugfix Advisory 2012:1597
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1597.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
fcfd5762ded18b8dc971488a9dc223137cf990bc5b4e45f40ae0762bccb7e657 bind97-9.7.0-10.P2.el5_8.5.i386.rpm
31f91a2a2d62ccd0158c60382e8c97c5240141d48535b67ab9fe4fea4fce4818 bind97-chroot-9.7.0-10.P2.el5_8.5.i386.rpm
2e63f3d206d48e8c4c30fdc8adaf656957531c57dfb424771fd321ab3431181c bind97-devel-9.7.0-10.P2.el5_8.5.i386.rpm
700ab39b63ed21e1e8b80013b300a9c336901ea6336e3619244a843b62709c75 bind97-libs-9.7.0-10.P2.el5_8.5.i386.rpm
3d1640e4e842d69f9975a89411c08d050b2ce5094174274d2ae7a2c65e609970 bind97-utils-9.7.0-10.P2.el5_8.5.i386.rpm
x86_64:
571a7be6e5ad020c05cc623629956b62a96c43553865abd64338deaece264db9 bind97-9.7.0-10.P2.el5_8.5.x86_64.rpm
cbed9d91cf1fb4c743ef41e6e1078b955675fe1588d0f37b7e9263b26a186aac bind97-chroot-9.7.0-10.P2.el5_8.5.x86_64.rpm
2e63f3d206d48e8c4c30fdc8adaf656957531c57dfb424771fd321ab3431181c bind97-devel-9.7.0-10.P2.el5_8.5.i386.rpm
5201efc9068ee0328e25df7189516a09584bde6c3faa6ca307c9982911d79279 bind97-devel-9.7.0-10.P2.el5_8.5.x86_64.rpm
700ab39b63ed21e1e8b80013b300a9c336901ea6336e3619244a843b62709c75 bind97-libs-9.7.0-10.P2.el5_8.5.i386.rpm
44adc49be6fe9999dbfae9c0814a149c0ff6fc25faca6039faa7fc346bd11e1b bind97-libs-9.7.0-10.P2.el5_8.5.x86_64.rpm
b55f94864fc84e078783c289f0e71f71c44a7eee4613fc56360f623ae56d9bbb bind97-utils-9.7.0-10.P2.el5_8.5.x86_64.rpm
Source:
16198dd83062efc3d483bae0274bb7685f99c29f09e2e26ac35cf242aa24b8e8 bind97-9.7.0-10.P2.el5_8.5.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1597.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
fcfd5762ded18b8dc971488a9dc223137cf990bc5b4e45f40ae0762bccb7e657 bind97-9.7.0-10.P2.el5_8.5.i386.rpm
31f91a2a2d62ccd0158c60382e8c97c5240141d48535b67ab9fe4fea4fce4818 bind97-chroot-9.7.0-10.P2.el5_8.5.i386.rpm
2e63f3d206d48e8c4c30fdc8adaf656957531c57dfb424771fd321ab3431181c bind97-devel-9.7.0-10.P2.el5_8.5.i386.rpm
700ab39b63ed21e1e8b80013b300a9c336901ea6336e3619244a843b62709c75 bind97-libs-9.7.0-10.P2.el5_8.5.i386.rpm
3d1640e4e842d69f9975a89411c08d050b2ce5094174274d2ae7a2c65e609970 bind97-utils-9.7.0-10.P2.el5_8.5.i386.rpm
x86_64:
571a7be6e5ad020c05cc623629956b62a96c43553865abd64338deaece264db9 bind97-9.7.0-10.P2.el5_8.5.x86_64.rpm
cbed9d91cf1fb4c743ef41e6e1078b955675fe1588d0f37b7e9263b26a186aac bind97-chroot-9.7.0-10.P2.el5_8.5.x86_64.rpm
2e63f3d206d48e8c4c30fdc8adaf656957531c57dfb424771fd321ab3431181c bind97-devel-9.7.0-10.P2.el5_8.5.i386.rpm
5201efc9068ee0328e25df7189516a09584bde6c3faa6ca307c9982911d79279 bind97-devel-9.7.0-10.P2.el5_8.5.x86_64.rpm
700ab39b63ed21e1e8b80013b300a9c336901ea6336e3619244a843b62709c75 bind97-libs-9.7.0-10.P2.el5_8.5.i386.rpm
44adc49be6fe9999dbfae9c0814a149c0ff6fc25faca6039faa7fc346bd11e1b bind97-libs-9.7.0-10.P2.el5_8.5.x86_64.rpm
b55f94864fc84e078783c289f0e71f71c44a7eee4613fc56360f623ae56d9bbb bind97-utils-9.7.0-10.P2.el5_8.5.x86_64.rpm
Source:
16198dd83062efc3d483bae0274bb7685f99c29f09e2e26ac35cf242aa24b8e8 bind97-9.7.0-10.P2.el5_8.5.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Wednesday, December 19, 2012
[USN-1676-1] AppArmor update
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0kOPAAoJEFHb3FjMVZVzMV8P/3fh4YpPO5kw3q2pUf2Tx91g
VBxBjuRhzlh31gZU4y6asKINsMYxrJrDVNJS4efRV7WhsfNTGOGBJc/x8HHzqxcp
IK5dXpSY4RkVPj3N3phpfd2m6rplVWE4drVlxqntN9/BHptNanTNyF/Sh6C/b1Pi
+Uywcgvl52VH7+S+LCw/0x3J7r6RD9iE08RqBAJxVQbFpCQxk1yoVlhKnYbB4Rgr
S4+d2G7FgESHF+SJl3UGwVJG8YoQpK/83DgmfZcrd5eDOnswC3dRsHZKXAeO5Tou
TuJK1yDhqjJfA6yLyKPmZkU4tx2ESIzaiSJDt2KtmyC1IREnfKODw2jTPo1KvntX
akBEGQKMIqm0+B9d2/4t7WS+V77SFk6mbz5i0JRh3g5gcgtUrZPJR9NV51VXofCf
tFg1OKUecRt4+heaFSYsfIYNAQrU1NkCDcX5eSzYFJUvkTiq4j3CBU4cJHJN/gYJ
Gbf2Y/R/SEU8gd6KrmroFelEc5Vthdw6e/fDNPf419U1RAEK1LHJuiyEUSfEuBTR
1SeZ9paltjiag4/OI0lzMZtjMkyawzNb+aw1EfQO2YlALSa5STRGm1VW5lyJ3HOG
kAvFjeR4MZr4kgC7HZYHIqWrJ7Y/ZxdhuThqo4AIUzbDgQyl4XSm1qLxbNHbQIxK
HKEwBxNYwowkgHlEO+Up
=fPPX
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1676-1
December 19, 2012
AppArmor update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
Summary:
A weakness was discovered in the example AppArmor profile for
chromium-browser.
Software Description:
- apparmor: Linux security system
Details:
Dan Rosenberg discovered that the example AppArmor profile for
chromium-browser could be escaped by calling xdg-settings with a crafted
environment.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
apparmor-profiles 2.7.102-0ubuntu3.7
Ubuntu 11.10:
apparmor-profiles 2.7.0~beta1+bzr1774-1ubuntu2.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1676-1
https://launchpad.net/bugs/1045986
Package Information:
https://launchpad.net/ubuntu/+source/apparmor/2.7.102-0ubuntu3.7
https://launchpad.net/ubuntu/+source/apparmor/2.7.0~beta1+bzr1774-1ubuntu2.2
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0kOPAAoJEFHb3FjMVZVzMV8P/3fh4YpPO5kw3q2pUf2Tx91g
VBxBjuRhzlh31gZU4y6asKINsMYxrJrDVNJS4efRV7WhsfNTGOGBJc/x8HHzqxcp
IK5dXpSY4RkVPj3N3phpfd2m6rplVWE4drVlxqntN9/BHptNanTNyF/Sh6C/b1Pi
+Uywcgvl52VH7+S+LCw/0x3J7r6RD9iE08RqBAJxVQbFpCQxk1yoVlhKnYbB4Rgr
S4+d2G7FgESHF+SJl3UGwVJG8YoQpK/83DgmfZcrd5eDOnswC3dRsHZKXAeO5Tou
TuJK1yDhqjJfA6yLyKPmZkU4tx2ESIzaiSJDt2KtmyC1IREnfKODw2jTPo1KvntX
akBEGQKMIqm0+B9d2/4t7WS+V77SFk6mbz5i0JRh3g5gcgtUrZPJR9NV51VXofCf
tFg1OKUecRt4+heaFSYsfIYNAQrU1NkCDcX5eSzYFJUvkTiq4j3CBU4cJHJN/gYJ
Gbf2Y/R/SEU8gd6KrmroFelEc5Vthdw6e/fDNPf419U1RAEK1LHJuiyEUSfEuBTR
1SeZ9paltjiag4/OI0lzMZtjMkyawzNb+aw1EfQO2YlALSa5STRGm1VW5lyJ3HOG
kAvFjeR4MZr4kgC7HZYHIqWrJ7Y/ZxdhuThqo4AIUzbDgQyl4XSm1qLxbNHbQIxK
HKEwBxNYwowkgHlEO+Up
=fPPX
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1676-1
December 19, 2012
AppArmor update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
Summary:
A weakness was discovered in the example AppArmor profile for
chromium-browser.
Software Description:
- apparmor: Linux security system
Details:
Dan Rosenberg discovered that the example AppArmor profile for
chromium-browser could be escaped by calling xdg-settings with a crafted
environment.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
apparmor-profiles 2.7.102-0ubuntu3.7
Ubuntu 11.10:
apparmor-profiles 2.7.0~beta1+bzr1774-1ubuntu2.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1676-1
https://launchpad.net/bugs/1045986
Package Information:
https://launchpad.net/ubuntu/+source/apparmor/2.7.102-0ubuntu3.7
https://launchpad.net/ubuntu/+source/apparmor/2.7.0~beta1+bzr1774-1ubuntu2.2
[CentOS-announce] CEBA-2012:1595 CentOS 6 libvirt Update
CentOS Errata and Bugfix Advisory 2012:1595
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1595.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
a35bfa2be6d2239be4e211aad2d783dad8e6b04809bef8d063e765cbd41ad7af libvirt-0.9.10-21.el6_3.7.i686.rpm
9bda3bbe9b547369677df547b0f5a8d8c06781584e83b9d707044f06f5365f6f libvirt-client-0.9.10-21.el6_3.7.i686.rpm
394284b0fb933156ffabfe0dae361b1de9ce5ff6e239a7fa55c945aad216bbc0 libvirt-devel-0.9.10-21.el6_3.7.i686.rpm
8ace74daec09274c92cf42cb278d0e46c5f921f6c52ad9669dc6b9ce8000656f libvirt-python-0.9.10-21.el6_3.7.i686.rpm
x86_64:
7e05beb86b435c2684177b469efbf68cbbc49665f31649cf585f27d9786e769d libvirt-0.9.10-21.el6_3.7.x86_64.rpm
9bda3bbe9b547369677df547b0f5a8d8c06781584e83b9d707044f06f5365f6f libvirt-client-0.9.10-21.el6_3.7.i686.rpm
cc4e75f9cdd8bf4f5675d48c4b9dacb187c9585694f44b5d6f907088a1fecb9c libvirt-client-0.9.10-21.el6_3.7.x86_64.rpm
394284b0fb933156ffabfe0dae361b1de9ce5ff6e239a7fa55c945aad216bbc0 libvirt-devel-0.9.10-21.el6_3.7.i686.rpm
d9c23e1e2c0fd9de60823eb112589dddf8192b2dfc49c2287cc04c688953833a libvirt-devel-0.9.10-21.el6_3.7.x86_64.rpm
6a43f345afa055cbff4bccf46a266245aca746d37f0b18c6eeb085e4d9ad81a6 libvirt-lock-sanlock-0.9.10-21.el6_3.7.x86_64.rpm
c92d9286b39a59edccb8d220e48374eb0ec7a7f9421845a254e10838182b6f1a libvirt-python-0.9.10-21.el6_3.7.x86_64.rpm
Source:
f9073c0ea35fc03f71a009c3d6c9a915988aec0057e9e6594b5bc63ffa970c7e libvirt-0.9.10-21.el6_3.7.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1595.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
a35bfa2be6d2239be4e211aad2d783dad8e6b04809bef8d063e765cbd41ad7af libvirt-0.9.10-21.el6_3.7.i686.rpm
9bda3bbe9b547369677df547b0f5a8d8c06781584e83b9d707044f06f5365f6f libvirt-client-0.9.10-21.el6_3.7.i686.rpm
394284b0fb933156ffabfe0dae361b1de9ce5ff6e239a7fa55c945aad216bbc0 libvirt-devel-0.9.10-21.el6_3.7.i686.rpm
8ace74daec09274c92cf42cb278d0e46c5f921f6c52ad9669dc6b9ce8000656f libvirt-python-0.9.10-21.el6_3.7.i686.rpm
x86_64:
7e05beb86b435c2684177b469efbf68cbbc49665f31649cf585f27d9786e769d libvirt-0.9.10-21.el6_3.7.x86_64.rpm
9bda3bbe9b547369677df547b0f5a8d8c06781584e83b9d707044f06f5365f6f libvirt-client-0.9.10-21.el6_3.7.i686.rpm
cc4e75f9cdd8bf4f5675d48c4b9dacb187c9585694f44b5d6f907088a1fecb9c libvirt-client-0.9.10-21.el6_3.7.x86_64.rpm
394284b0fb933156ffabfe0dae361b1de9ce5ff6e239a7fa55c945aad216bbc0 libvirt-devel-0.9.10-21.el6_3.7.i686.rpm
d9c23e1e2c0fd9de60823eb112589dddf8192b2dfc49c2287cc04c688953833a libvirt-devel-0.9.10-21.el6_3.7.x86_64.rpm
6a43f345afa055cbff4bccf46a266245aca746d37f0b18c6eeb085e4d9ad81a6 libvirt-lock-sanlock-0.9.10-21.el6_3.7.x86_64.rpm
c92d9286b39a59edccb8d220e48374eb0ec7a7f9421845a254e10838182b6f1a libvirt-python-0.9.10-21.el6_3.7.x86_64.rpm
Source:
f9073c0ea35fc03f71a009c3d6c9a915988aec0057e9e6594b5bc63ffa970c7e libvirt-0.9.10-21.el6_3.7.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2012:1580 Moderate CentOS 6 kernel Update
CentOS Errata and Security Advisory 2012:1580 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1580.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
a62669598e8872b09afde779865793593d5761656e06ac32ecf1e6f18b063585 kernel-2.6.32-279.19.1.el6.i686.rpm
6fa0882926d0e4cd16da068f0f822eb0283889414670d0ae9bdea7fe01101b81 kernel-debug-2.6.32-279.19.1.el6.i686.rpm
3b5243a5cd8034e6669317cad0d60945c6bcc55a5f741e1b1d5b2e7d06a4d6c2 kernel-debug-devel-2.6.32-279.19.1.el6.i686.rpm
75d6c528cc929e798e7fce40792b2064c234529b161a13f7689e987731918bf5 kernel-devel-2.6.32-279.19.1.el6.i686.rpm
fa97d4f6d551fbff987e1fc3d8425a59bf3088b9542c20d78493763b9151ae9d kernel-doc-2.6.32-279.19.1.el6.noarch.rpm
7cce85a54e2deb641cda6cd6a6f41a7d7862de99248adfb691aa60e9ca9279cb kernel-firmware-2.6.32-279.19.1.el6.noarch.rpm
1990cad562e5cd36d3fd5054528c6b1752f0afa684ec631c186c870a3ae10d97 kernel-headers-2.6.32-279.19.1.el6.i686.rpm
e9f44e59b3a954b100dfe14632b12ee3f48f7aba0e2b554d34e253432306c044 perf-2.6.32-279.19.1.el6.i686.rpm
d843ebe5e5e7d30bf15c1f9da03bb8e7b216d0cb0c15c74104105e4756fc61ec python-perf-2.6.32-279.19.1.el6.i686.rpm
x86_64:
1bc7607c5d5bbe3133459e535051ecd7829601e4d60378ca4d3158e2904b2b00 kernel-2.6.32-279.19.1.el6.x86_64.rpm
6078ec7398b1a8bacaa5cd9280c07bac86a4b72b9b4b80e4b5907c6c72bcd1ef kernel-debug-2.6.32-279.19.1.el6.x86_64.rpm
e2dba25aa756a11d4516d35eea31a084a12b08e5be74f48a6992988321370db6 kernel-debug-devel-2.6.32-279.19.1.el6.x86_64.rpm
4849bf82177d03905444b975e3979aac90749ae1ae701da7b47df43b58e90f79 kernel-devel-2.6.32-279.19.1.el6.x86_64.rpm
fa97d4f6d551fbff987e1fc3d8425a59bf3088b9542c20d78493763b9151ae9d kernel-doc-2.6.32-279.19.1.el6.noarch.rpm
7cce85a54e2deb641cda6cd6a6f41a7d7862de99248adfb691aa60e9ca9279cb kernel-firmware-2.6.32-279.19.1.el6.noarch.rpm
7d3b5d0511e6b8e422af5ce829deb1e96b4aed7e124b47e9a0f9d04f2d6f3c58 kernel-headers-2.6.32-279.19.1.el6.x86_64.rpm
871b44d077426c946c75aa77b60f744fca052f6209fdde4c30f4ec8496624b1d perf-2.6.32-279.19.1.el6.x86_64.rpm
4d64220c5397992ec49fa53fdcc9e5c92f6954c2981d619546c2f10ab5b15f1c python-perf-2.6.32-279.19.1.el6.x86_64.rpm
Source:
dea73f9c1cf12a9d92b87845512a79db43b77932c89ff6730ae4fc1689731535 kernel-2.6.32-279.19.1.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1580.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
a62669598e8872b09afde779865793593d5761656e06ac32ecf1e6f18b063585 kernel-2.6.32-279.19.1.el6.i686.rpm
6fa0882926d0e4cd16da068f0f822eb0283889414670d0ae9bdea7fe01101b81 kernel-debug-2.6.32-279.19.1.el6.i686.rpm
3b5243a5cd8034e6669317cad0d60945c6bcc55a5f741e1b1d5b2e7d06a4d6c2 kernel-debug-devel-2.6.32-279.19.1.el6.i686.rpm
75d6c528cc929e798e7fce40792b2064c234529b161a13f7689e987731918bf5 kernel-devel-2.6.32-279.19.1.el6.i686.rpm
fa97d4f6d551fbff987e1fc3d8425a59bf3088b9542c20d78493763b9151ae9d kernel-doc-2.6.32-279.19.1.el6.noarch.rpm
7cce85a54e2deb641cda6cd6a6f41a7d7862de99248adfb691aa60e9ca9279cb kernel-firmware-2.6.32-279.19.1.el6.noarch.rpm
1990cad562e5cd36d3fd5054528c6b1752f0afa684ec631c186c870a3ae10d97 kernel-headers-2.6.32-279.19.1.el6.i686.rpm
e9f44e59b3a954b100dfe14632b12ee3f48f7aba0e2b554d34e253432306c044 perf-2.6.32-279.19.1.el6.i686.rpm
d843ebe5e5e7d30bf15c1f9da03bb8e7b216d0cb0c15c74104105e4756fc61ec python-perf-2.6.32-279.19.1.el6.i686.rpm
x86_64:
1bc7607c5d5bbe3133459e535051ecd7829601e4d60378ca4d3158e2904b2b00 kernel-2.6.32-279.19.1.el6.x86_64.rpm
6078ec7398b1a8bacaa5cd9280c07bac86a4b72b9b4b80e4b5907c6c72bcd1ef kernel-debug-2.6.32-279.19.1.el6.x86_64.rpm
e2dba25aa756a11d4516d35eea31a084a12b08e5be74f48a6992988321370db6 kernel-debug-devel-2.6.32-279.19.1.el6.x86_64.rpm
4849bf82177d03905444b975e3979aac90749ae1ae701da7b47df43b58e90f79 kernel-devel-2.6.32-279.19.1.el6.x86_64.rpm
fa97d4f6d551fbff987e1fc3d8425a59bf3088b9542c20d78493763b9151ae9d kernel-doc-2.6.32-279.19.1.el6.noarch.rpm
7cce85a54e2deb641cda6cd6a6f41a7d7862de99248adfb691aa60e9ca9279cb kernel-firmware-2.6.32-279.19.1.el6.noarch.rpm
7d3b5d0511e6b8e422af5ce829deb1e96b4aed7e124b47e9a0f9d04f2d6f3c58 kernel-headers-2.6.32-279.19.1.el6.x86_64.rpm
871b44d077426c946c75aa77b60f744fca052f6209fdde4c30f4ec8496624b1d perf-2.6.32-279.19.1.el6.x86_64.rpm
4d64220c5397992ec49fa53fdcc9e5c92f6954c2981d619546c2f10ab5b15f1c python-perf-2.6.32-279.19.1.el6.x86_64.rpm
Source:
dea73f9c1cf12a9d92b87845512a79db43b77932c89ff6730ae4fc1689731535 kernel-2.6.32-279.19.1.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2012:1590 Moderate CentOS 6 libtiff Update
CentOS Errata and Security Advisory 2012:1590 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1590.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
0b3f107d56ce0573d470ff613f3fe15419493fe940021ff2aa57a61fd755af21 libtiff-3.9.4-9.el6_3.i686.rpm
e01f275496db09d08317400b80b8d3955e4f8033e3dfd6da076a43d4e116cf71 libtiff-devel-3.9.4-9.el6_3.i686.rpm
440238ac77302728881e9ad9959af7784bd7c62a64b0b6df552846ee94903d17 libtiff-static-3.9.4-9.el6_3.i686.rpm
x86_64:
0b3f107d56ce0573d470ff613f3fe15419493fe940021ff2aa57a61fd755af21 libtiff-3.9.4-9.el6_3.i686.rpm
cd3d65500f2a958a6c5c7a50c8b5155600c38a3d21f5d196a52e7be9ce7a61f8 libtiff-3.9.4-9.el6_3.x86_64.rpm
e01f275496db09d08317400b80b8d3955e4f8033e3dfd6da076a43d4e116cf71 libtiff-devel-3.9.4-9.el6_3.i686.rpm
ee9c0d9cc6d1486b9e3fb485b475d880d7b5564b14cca8fbd183a26e6f7c53a6 libtiff-devel-3.9.4-9.el6_3.x86_64.rpm
e993d3bbf096a34df95ee48a033446ff88e4378527cfaa39224a51d72b3ebc02 libtiff-static-3.9.4-9.el6_3.x86_64.rpm
Source:
73bd79bac805f90a43cfe048bf71eb28c9e10758a47d97b0a8ef478e210dbbd5 libtiff-3.9.4-9.el6_3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1590.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
0b3f107d56ce0573d470ff613f3fe15419493fe940021ff2aa57a61fd755af21 libtiff-3.9.4-9.el6_3.i686.rpm
e01f275496db09d08317400b80b8d3955e4f8033e3dfd6da076a43d4e116cf71 libtiff-devel-3.9.4-9.el6_3.i686.rpm
440238ac77302728881e9ad9959af7784bd7c62a64b0b6df552846ee94903d17 libtiff-static-3.9.4-9.el6_3.i686.rpm
x86_64:
0b3f107d56ce0573d470ff613f3fe15419493fe940021ff2aa57a61fd755af21 libtiff-3.9.4-9.el6_3.i686.rpm
cd3d65500f2a958a6c5c7a50c8b5155600c38a3d21f5d196a52e7be9ce7a61f8 libtiff-3.9.4-9.el6_3.x86_64.rpm
e01f275496db09d08317400b80b8d3955e4f8033e3dfd6da076a43d4e116cf71 libtiff-devel-3.9.4-9.el6_3.i686.rpm
ee9c0d9cc6d1486b9e3fb485b475d880d7b5564b14cca8fbd183a26e6f7c53a6 libtiff-devel-3.9.4-9.el6_3.x86_64.rpm
e993d3bbf096a34df95ee48a033446ff88e4378527cfaa39224a51d72b3ebc02 libtiff-static-3.9.4-9.el6_3.x86_64.rpm
Source:
73bd79bac805f90a43cfe048bf71eb28c9e10758a47d97b0a8ef478e210dbbd5 libtiff-3.9.4-9.el6_3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[USN-1674-1] Libav vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0cVsAAoJEGVp2FWnRL6TAFcQALpQxS7so0CwvJsPcH5a78IK
Ugg09Sxo9XMqrlPLtXlQ4HqGTKPP/k7knVJlxTYNLSQ9TImF61QftqPkUmmg7sM+
wKjLd9dYrJaQtIw3de0k3r6dMdpQXYF1aAXDsd/kg+bQ98d/SwnpYeX8/xvgVWB/
nB8yfcXahZxOl6UjqxEbBQiuzPvy06BbT/RzCqj+czFHHSvFEHjLtjd8GFsTGd0k
wqx3n42zfaRea+x81QZdhGGA6MoL5HdUVxzH2iLHyWRsJgk2kq1ulE4qlUNzG+hk
UGSIJPcztw9Pd3aJzgYtZlrxlrfCpK1X0DrH5wF04RqeEFmghTM16mRMjCQF5SW/
hCESHdqn/UTLFI+J9Z0AqT6Mn1lsXoiW9BiuvbiKbMgZjlRtWP/Iw72oFdSJb4Yg
SREmK2p/o2mnUvcARKlLPH+cbaQDy4o57hH1AN3/MmXTDBoW7o/KmRxM4tOrVJY+
KsL/TFjzVkF0OLq0kl9fL4gIrZlK/ePZkPudJ1asHMG9BfdjjojjRN/GBVfmuM1D
eJCeT4+mBHHCGg65/bbYGISVyzFFCfVQPXVt2N8eFGvHZ9mq4tBZKpYSj4sU1Dnp
wpZ7xx+ahdpeclkcwiFxI4847mXgif7HnHbLBrTLDrVdh1Xrw489fZi3acBxsbt7
Rsu+kl2h1FqJNMJWp1Kh
=WpTQ
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1674-1
December 19, 2012
libav vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
Summary:
Libav could be made to crash or run programs as your login if it opened a
specially crafted file.
Software Description:
- libav: Multimedia player, server, encoder and transcoder
Details:
It was discovered that Libav incorrectly handled certain malformed media
files. If a user were tricked into opening a crafted media file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
libavcodec53 4:0.7.6-0ubuntu0.11.10.2
libavformat53 4:0.7.6-0ubuntu0.11.10.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1674-1
CVE-2012-2772, CVE-2012-2775, CVE-2012-2777, CVE-2012-2779,
CVE-2012-2784, CVE-2012-2786, CVE-2012-2788, CVE-2012-2789,
CVE-2012-2790, CVE-2012-2793, CVE-2012-2794, CVE-2012-2798,
CVE-2012-2800, CVE-2012-2801
Package Information:
https://launchpad.net/ubuntu/+source/libav/4:0.7.6-0ubuntu0.11.10.2
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0cVsAAoJEGVp2FWnRL6TAFcQALpQxS7so0CwvJsPcH5a78IK
Ugg09Sxo9XMqrlPLtXlQ4HqGTKPP/k7knVJlxTYNLSQ9TImF61QftqPkUmmg7sM+
wKjLd9dYrJaQtIw3de0k3r6dMdpQXYF1aAXDsd/kg+bQ98d/SwnpYeX8/xvgVWB/
nB8yfcXahZxOl6UjqxEbBQiuzPvy06BbT/RzCqj+czFHHSvFEHjLtjd8GFsTGd0k
wqx3n42zfaRea+x81QZdhGGA6MoL5HdUVxzH2iLHyWRsJgk2kq1ulE4qlUNzG+hk
UGSIJPcztw9Pd3aJzgYtZlrxlrfCpK1X0DrH5wF04RqeEFmghTM16mRMjCQF5SW/
hCESHdqn/UTLFI+J9Z0AqT6Mn1lsXoiW9BiuvbiKbMgZjlRtWP/Iw72oFdSJb4Yg
SREmK2p/o2mnUvcARKlLPH+cbaQDy4o57hH1AN3/MmXTDBoW7o/KmRxM4tOrVJY+
KsL/TFjzVkF0OLq0kl9fL4gIrZlK/ePZkPudJ1asHMG9BfdjjojjRN/GBVfmuM1D
eJCeT4+mBHHCGg65/bbYGISVyzFFCfVQPXVt2N8eFGvHZ9mq4tBZKpYSj4sU1Dnp
wpZ7xx+ahdpeclkcwiFxI4847mXgif7HnHbLBrTLDrVdh1Xrw489fZi3acBxsbt7
Rsu+kl2h1FqJNMJWp1Kh
=WpTQ
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1674-1
December 19, 2012
libav vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
Summary:
Libav could be made to crash or run programs as your login if it opened a
specially crafted file.
Software Description:
- libav: Multimedia player, server, encoder and transcoder
Details:
It was discovered that Libav incorrectly handled certain malformed media
files. If a user were tricked into opening a crafted media file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
libavcodec53 4:0.7.6-0ubuntu0.11.10.2
libavformat53 4:0.7.6-0ubuntu0.11.10.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1674-1
CVE-2012-2772, CVE-2012-2775, CVE-2012-2777, CVE-2012-2779,
CVE-2012-2784, CVE-2012-2786, CVE-2012-2788, CVE-2012-2789,
CVE-2012-2790, CVE-2012-2793, CVE-2012-2794, CVE-2012-2798,
CVE-2012-2800, CVE-2012-2801
Package Information:
https://launchpad.net/ubuntu/+source/libav/4:0.7.6-0ubuntu0.11.10.2
[USN-1675-1] FFmpeg vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0cV+AAoJEGVp2FWnRL6T4hwQAK5VN0xvzZiKY6NF2P8wyHDU
Pt1kXbeq5ZtdlMk2KfCEzP0f0ei75JfOlOV3fDdHZpnEAFzu/MQwEChVmnFwxvHG
cXgOGSrtMyDIzUUUbJpKs0NAmRfVvT2vTT6VGTPYObPbLDLAsQ9zTgF/InOUW0TN
aUhFzt3wOVDck56T9Kq21H8Ejc1xv/erCBc9pCv992BSwca1RWOZsHYBwajmwFGA
xay2oxKqvxQygh1E2c04DRhbVBQPNY3xHwjJgYIRC3qsxiK1shT8BLze3NgRW2Om
8q896zT2LgcuEuSRrcUbXW3/POIRZ+LXrgydgiWIAlIzEJj5965d6RDP/N8T0C18
8RYlrqSUIG9zSZGgRv50r46uzHE4dAcCA2Az5L6gnAQMwuGvR4HGSRa3cVJI1wdh
Dm7xP3YdgOk7Lfk1S2ybFfH5f61qRNAe753bqSyGNMbxKnEzI4e3mfycUSq35LLF
1H9kVSB0h/rBgKgVn+qS0bfsdTPHB/bCw8hsRkphpuxNQGSi2ogYethm79fLjctO
2TCiDhyflLP4lO0eyVkwxg7Ei5LcpD6qEzt0xcIWGdReHnAw9BrDJVvZKMPlGrXm
rfh4+4579c+4dGCaIZfEG2cNsQDcbZ2OCQf1fNzhuyia+1fu1MzCx0DVclavNYTv
dbgD1F01Zwwzh0GTls5o
=2RNG
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1675-1
December 19, 2012
ffmpeg vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
FFmpeg could be made to crash or run programs as your login if it opened a
specially crafted file.
Software Description:
- ffmpeg: multimedia player, server and encoder
Details:
It was discovered that FFmpeg incorrectly handled certain malformed media
files. If a user were tricked into opening a crafted media file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
libavcodec52 4:0.5.9-0ubuntu0.10.04.2
libavformat52 4:0.5.9-0ubuntu0.10.04.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1675-1
CVE-2012-2777, CVE-2012-2784, CVE-2012-2788, CVE-2012-2801
Package Information:
https://launchpad.net/ubuntu/+source/ffmpeg/4:0.5.9-0ubuntu0.10.04.2
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0cV+AAoJEGVp2FWnRL6T4hwQAK5VN0xvzZiKY6NF2P8wyHDU
Pt1kXbeq5ZtdlMk2KfCEzP0f0ei75JfOlOV3fDdHZpnEAFzu/MQwEChVmnFwxvHG
cXgOGSrtMyDIzUUUbJpKs0NAmRfVvT2vTT6VGTPYObPbLDLAsQ9zTgF/InOUW0TN
aUhFzt3wOVDck56T9Kq21H8Ejc1xv/erCBc9pCv992BSwca1RWOZsHYBwajmwFGA
xay2oxKqvxQygh1E2c04DRhbVBQPNY3xHwjJgYIRC3qsxiK1shT8BLze3NgRW2Om
8q896zT2LgcuEuSRrcUbXW3/POIRZ+LXrgydgiWIAlIzEJj5965d6RDP/N8T0C18
8RYlrqSUIG9zSZGgRv50r46uzHE4dAcCA2Az5L6gnAQMwuGvR4HGSRa3cVJI1wdh
Dm7xP3YdgOk7Lfk1S2ybFfH5f61qRNAe753bqSyGNMbxKnEzI4e3mfycUSq35LLF
1H9kVSB0h/rBgKgVn+qS0bfsdTPHB/bCw8hsRkphpuxNQGSi2ogYethm79fLjctO
2TCiDhyflLP4lO0eyVkwxg7Ei5LcpD6qEzt0xcIWGdReHnAw9BrDJVvZKMPlGrXm
rfh4+4579c+4dGCaIZfEG2cNsQDcbZ2OCQf1fNzhuyia+1fu1MzCx0DVclavNYTv
dbgD1F01Zwwzh0GTls5o
=2RNG
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1675-1
December 19, 2012
ffmpeg vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
FFmpeg could be made to crash or run programs as your login if it opened a
specially crafted file.
Software Description:
- ffmpeg: multimedia player, server and encoder
Details:
It was discovered that FFmpeg incorrectly handled certain malformed media
files. If a user were tricked into opening a crafted media file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
libavcodec52 4:0.5.9-0ubuntu0.10.04.2
libavformat52 4:0.5.9-0ubuntu0.10.04.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1675-1
CVE-2012-2777, CVE-2012-2784, CVE-2012-2788, CVE-2012-2801
Package Information:
https://launchpad.net/ubuntu/+source/ffmpeg/4:0.5.9-0ubuntu0.10.04.2
Tuesday, December 18, 2012
[CentOS-announce] CESA-2012:1590 Moderate CentOS 5 libtiff Update
CentOS Errata and Security Advisory 2012:1590 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1590.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
2ce12711407b1f0e3c367320072e5de986cf2a4f0be4c4d23db2c93f89103e42 libtiff-3.8.2-18.el5_8.i386.rpm
2a210f4b43bbfce608df51722e91ab37ab80cfe01ac849716f4fdd9b30d489b9 libtiff-devel-3.8.2-18.el5_8.i386.rpm
x86_64:
2ce12711407b1f0e3c367320072e5de986cf2a4f0be4c4d23db2c93f89103e42 libtiff-3.8.2-18.el5_8.i386.rpm
d239701e8437a5069775693fda4c80c0b4773efefa39f97dd7d144d1babbeaec libtiff-3.8.2-18.el5_8.x86_64.rpm
2a210f4b43bbfce608df51722e91ab37ab80cfe01ac849716f4fdd9b30d489b9 libtiff-devel-3.8.2-18.el5_8.i386.rpm
1c303ad3fb890f96ac4a642dcb88209d32dc3d6c5f6855dbe7ffd635baa15984 libtiff-devel-3.8.2-18.el5_8.x86_64.rpm
Source:
66caf11a56d70345f7ca44928f2664710ab69800a1f2e860f248942d3e95c3d9 libtiff-3.8.2-18.el5_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1590.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
2ce12711407b1f0e3c367320072e5de986cf2a4f0be4c4d23db2c93f89103e42 libtiff-3.8.2-18.el5_8.i386.rpm
2a210f4b43bbfce608df51722e91ab37ab80cfe01ac849716f4fdd9b30d489b9 libtiff-devel-3.8.2-18.el5_8.i386.rpm
x86_64:
2ce12711407b1f0e3c367320072e5de986cf2a4f0be4c4d23db2c93f89103e42 libtiff-3.8.2-18.el5_8.i386.rpm
d239701e8437a5069775693fda4c80c0b4773efefa39f97dd7d144d1babbeaec libtiff-3.8.2-18.el5_8.x86_64.rpm
2a210f4b43bbfce608df51722e91ab37ab80cfe01ac849716f4fdd9b30d489b9 libtiff-devel-3.8.2-18.el5_8.i386.rpm
1c303ad3fb890f96ac4a642dcb88209d32dc3d6c5f6855dbe7ffd635baa15984 libtiff-devel-3.8.2-18.el5_8.x86_64.rpm
Source:
66caf11a56d70345f7ca44928f2664710ab69800a1f2e860f248942d3e95c3d9 libtiff-3.8.2-18.el5_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[USN-1673-1] Linux kernel (OMAP4) vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0RAWAAoJEAUvNnAY1cPYxgMP/3BAsDUEPrMGtGHUIV9NKQlP
7onh8rR+7t+qzJidb7Ruuwk+uo62bYlrk6rBkD6Ruig9ADLTdBaDD4t/dQp0N1cR
hfheusesSWwOr9SwZe0anDUK7RDEbb9+VpcMzuM4MizW35P4ydAXeGYFWJ7who1V
Y1pI0XtYlZ4nxjuCThvfdEXmS6Rc3Nu+dfqn5qJX5vFBiWCOfli2UvHqSdwXXO1t
bqbVWCnLwP1JjALpTnQAblAsadbiZk2+ocLoOrlukTqQ643wSOdJstn+/3ErhcOG
mYc85c5lhnk4Hlp1+Ymq4WTGJ0A8Rxsc44HJb2h8yGW/15/BeaXTYKyci3fI8THA
BNABJoz91Slvymecqrc0XbKpceh9+PUXXZtGg4MuPKWvg3b1RNq0z8QpNjyUnZPE
P8Yb3GL7/54PCHMVR8dhorPB0klb+MkF12WwihX0R7KH7toHnqKDcketGnqzECLn
nFHOMGqVMeRMXtC3yaKUF9TTXgwOp+g0LefRn9Ywk/wuujBb6AG7mqzd6iOA3bar
99CO0YAWkS04U6fII3N8e0RDB63uGZYrD6j5RLB6JQP35ET1riuUGfGHV/BaRvDH
BS9ldkUCmFtUz3Lc4t0pSBHLPV2wRxA/Qj08D5cVxkPQ4BL0OB26f2kSI9+s6MuO
0D+OaTD3dzaZP70q5V4D
=Xomq
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1673-1
December 19, 2012
linux-ti-omap4 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4
Details:
A flaw was discovered in the Linux kernel's handling of new hot-plugged
memory. An unprivileged local user could exploit this flaw to cause a
denial of service by crashing the system.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
linux-image-3.5.0-216-omap4 3.5.0-216.23
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1673-1
CVE-2012-5517
Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.5.0-216.23
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0RAWAAoJEAUvNnAY1cPYxgMP/3BAsDUEPrMGtGHUIV9NKQlP
7onh8rR+7t+qzJidb7Ruuwk+uo62bYlrk6rBkD6Ruig9ADLTdBaDD4t/dQp0N1cR
hfheusesSWwOr9SwZe0anDUK7RDEbb9+VpcMzuM4MizW35P4ydAXeGYFWJ7who1V
Y1pI0XtYlZ4nxjuCThvfdEXmS6Rc3Nu+dfqn5qJX5vFBiWCOfli2UvHqSdwXXO1t
bqbVWCnLwP1JjALpTnQAblAsadbiZk2+ocLoOrlukTqQ643wSOdJstn+/3ErhcOG
mYc85c5lhnk4Hlp1+Ymq4WTGJ0A8Rxsc44HJb2h8yGW/15/BeaXTYKyci3fI8THA
BNABJoz91Slvymecqrc0XbKpceh9+PUXXZtGg4MuPKWvg3b1RNq0z8QpNjyUnZPE
P8Yb3GL7/54PCHMVR8dhorPB0klb+MkF12WwihX0R7KH7toHnqKDcketGnqzECLn
nFHOMGqVMeRMXtC3yaKUF9TTXgwOp+g0LefRn9Ywk/wuujBb6AG7mqzd6iOA3bar
99CO0YAWkS04U6fII3N8e0RDB63uGZYrD6j5RLB6JQP35ET1riuUGfGHV/BaRvDH
BS9ldkUCmFtUz3Lc4t0pSBHLPV2wRxA/Qj08D5cVxkPQ4BL0OB26f2kSI9+s6MuO
0D+OaTD3dzaZP70q5V4D
=Xomq
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1673-1
December 19, 2012
linux-ti-omap4 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4
Details:
A flaw was discovered in the Linux kernel's handling of new hot-plugged
memory. An unprivileged local user could exploit this flaw to cause a
denial of service by crashing the system.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
linux-image-3.5.0-216-omap4 3.5.0-216.23
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1673-1
CVE-2012-5517
Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.5.0-216.23
[USN-1671-1] Linux kernel vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0QyhAAoJEAUvNnAY1cPYu1kP/RqFljS6A5dLASMnCP8FAgcF
YEGc/f7r6AZkXeNcddGix8mF/LZ4nNZcY/LfEYRUCq7uH9SPOGCLp8saRe/ThRZd
7rtbm+oWB64+ng09GFkyRv14bKIjposzkXL0KIheqFNrOICucisspMCvT4Kx1iSc
R2G0yYr1qocNhXGuL63y5dqUOK3+BxcyMWR8KdMTOQ0/E7yIt1aKlDNTsBhtLfC7
veOtwkOYGVbXSrp80bcm52pLDTLJ5KJIsmHPSDNdqGkwXGM03ImxLU748aroc6+a
qSI8ne5lCCoZxlmq1D/kWYm59+0xC7nJVooCOFzNBP90LCBRopcHbFULLF86xOdo
H7Os5jZ2iy/P4Em8W3obNiQb+pelP9k67yo+52kC4VfxWkWy7z6M+Nw0ie0Yn/le
nW80RXxvtjwLnI1a6OycYlUTjqle3pkr+IsRrgOuMzP11AGGEUApuOcQ0hY/DGmz
DM2mGq2ehYeKgtuA5ds7mK7sADpghzPB4tW7/xXd1+8bi7CB2NbfQnuCcVerMMR8
M3c8scgMEgdFw2KetBkIHqf6wlLlbyzS4TB+3aZToRAJTpYUmp74EAGJz14EcuUq
VcJrMXAQZj3LUvLsBJwNOZOdRvAaG5mGKKa7dsxZD78lQo1aQLPn7u3QloP8IMIq
cRmPKy6K48lHYFHCu9t+
=j4nu
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1671-1
December 19, 2012
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux: Linux kernel
Details:
A flaw was discovered in the Linux kernel's handling of new hot-plugged
memory. An unprivileged local user could exploit this flaw to cause a
denial of service by crashing the system.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
linux-image-3.5.0-21-generic 3.5.0-21.32
linux-image-3.5.0-21-highbank 3.5.0-21.32
linux-image-3.5.0-21-omap 3.5.0-21.32
linux-image-3.5.0-21-powerpc-smp 3.5.0-21.32
linux-image-3.5.0-21-powerpc64-smp 3.5.0-21.32
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1671-1
CVE-2012-5517
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.5.0-21.32
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0QyhAAoJEAUvNnAY1cPYu1kP/RqFljS6A5dLASMnCP8FAgcF
YEGc/f7r6AZkXeNcddGix8mF/LZ4nNZcY/LfEYRUCq7uH9SPOGCLp8saRe/ThRZd
7rtbm+oWB64+ng09GFkyRv14bKIjposzkXL0KIheqFNrOICucisspMCvT4Kx1iSc
R2G0yYr1qocNhXGuL63y5dqUOK3+BxcyMWR8KdMTOQ0/E7yIt1aKlDNTsBhtLfC7
veOtwkOYGVbXSrp80bcm52pLDTLJ5KJIsmHPSDNdqGkwXGM03ImxLU748aroc6+a
qSI8ne5lCCoZxlmq1D/kWYm59+0xC7nJVooCOFzNBP90LCBRopcHbFULLF86xOdo
H7Os5jZ2iy/P4Em8W3obNiQb+pelP9k67yo+52kC4VfxWkWy7z6M+Nw0ie0Yn/le
nW80RXxvtjwLnI1a6OycYlUTjqle3pkr+IsRrgOuMzP11AGGEUApuOcQ0hY/DGmz
DM2mGq2ehYeKgtuA5ds7mK7sADpghzPB4tW7/xXd1+8bi7CB2NbfQnuCcVerMMR8
M3c8scgMEgdFw2KetBkIHqf6wlLlbyzS4TB+3aZToRAJTpYUmp74EAGJz14EcuUq
VcJrMXAQZj3LUvLsBJwNOZOdRvAaG5mGKKa7dsxZD78lQo1aQLPn7u3QloP8IMIq
cRmPKy6K48lHYFHCu9t+
=j4nu
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1671-1
December 19, 2012
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux: Linux kernel
Details:
A flaw was discovered in the Linux kernel's handling of new hot-plugged
memory. An unprivileged local user could exploit this flaw to cause a
denial of service by crashing the system.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
linux-image-3.5.0-21-generic 3.5.0-21.32
linux-image-3.5.0-21-highbank 3.5.0-21.32
linux-image-3.5.0-21-omap 3.5.0-21.32
linux-image-3.5.0-21-powerpc-smp 3.5.0-21.32
linux-image-3.5.0-21-powerpc64-smp 3.5.0-21.32
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1671-1
CVE-2012-5517
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.5.0-21.32
[USN-1670-1] Linux kernel (OMAP4) vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0QSiAAoJEAUvNnAY1cPYN5MQAIr9t/oQAEbjknlSHBDA4Vn0
D8yOmHJHkABcgM1qwSZgrg1zdPjtt9BaAfIDkoWUNLBVzeY4D6Spy3LsDJY7sFcm
Ii4c98Sc9rEiEVRk+GnAN6QpDOn8ESLjeGt5kjQSYzIY4+vETPPX2WLOpKJyKVzx
3AISsflVHjWGHp+9xnqyHtD5ydHfn+cyHp2OEU7JAWns2qPM6WoyeAHLyVrVW4p7
0RRquFFnlEJL558WZl5xMNimJxCJ9pUfDixzrNLdBiew1yV1qUcrx5QjWyfWTX4N
g1jx1XCjdtKbSQwJwb5E1Mu+NfcqLVG/Nte90oCwJB7QerUb6Y3i/myeONv40cEV
PKA2H1Tl7/RMurGEr4j7T+Snp7LBL45/ysCsFbXZnj5S8EcU9iD9w0owz15Slaty
llP+xCIWUGAddLmAE56GVhdJ3JsQUcZ8Vd+irogO7SJXGAQekmIguSFI+96/mrIc
t7oNaeW0yfCzNyeyQG0tUt4IAxRDEscTTErgakYz24kbqWc3an3c6WsLYjd5vpyg
tVAKg/Bkj8PZnn6cTZMq+m9ovEsi8agXnrvCCq79FlBQujkVlI/6ifG8J9DZHz3f
gf9OjOrTXmLnc30ImI6L4PYz4rPhuZ5enN1hWU7fRCU4wUDLpkdhnC2AEl3DLmYT
9xYlefU1WVo7tsnmc4T/
=4j3L
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1670-1
December 19, 2012
linux-ti-omap4 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4
Details:
A flaw was discovered in the Linux kernel's handling of new hot plugged
memory. An unprivileged local user could exploit this flaw to cause a
denial of service by crashing the system.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.2.0-1423-omap4 3.2.0-1423.30
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1670-1
CVE-2012-5517
Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1423.30
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0QSiAAoJEAUvNnAY1cPYN5MQAIr9t/oQAEbjknlSHBDA4Vn0
D8yOmHJHkABcgM1qwSZgrg1zdPjtt9BaAfIDkoWUNLBVzeY4D6Spy3LsDJY7sFcm
Ii4c98Sc9rEiEVRk+GnAN6QpDOn8ESLjeGt5kjQSYzIY4+vETPPX2WLOpKJyKVzx
3AISsflVHjWGHp+9xnqyHtD5ydHfn+cyHp2OEU7JAWns2qPM6WoyeAHLyVrVW4p7
0RRquFFnlEJL558WZl5xMNimJxCJ9pUfDixzrNLdBiew1yV1qUcrx5QjWyfWTX4N
g1jx1XCjdtKbSQwJwb5E1Mu+NfcqLVG/Nte90oCwJB7QerUb6Y3i/myeONv40cEV
PKA2H1Tl7/RMurGEr4j7T+Snp7LBL45/ysCsFbXZnj5S8EcU9iD9w0owz15Slaty
llP+xCIWUGAddLmAE56GVhdJ3JsQUcZ8Vd+irogO7SJXGAQekmIguSFI+96/mrIc
t7oNaeW0yfCzNyeyQG0tUt4IAxRDEscTTErgakYz24kbqWc3an3c6WsLYjd5vpyg
tVAKg/Bkj8PZnn6cTZMq+m9ovEsi8agXnrvCCq79FlBQujkVlI/6ifG8J9DZHz3f
gf9OjOrTXmLnc30ImI6L4PYz4rPhuZ5enN1hWU7fRCU4wUDLpkdhnC2AEl3DLmYT
9xYlefU1WVo7tsnmc4T/
=4j3L
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1670-1
December 19, 2012
linux-ti-omap4 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4
Details:
A flaw was discovered in the Linux kernel's handling of new hot plugged
memory. An unprivileged local user could exploit this flaw to cause a
denial of service by crashing the system.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.2.0-1423-omap4 3.2.0-1423.30
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1670-1
CVE-2012-5517
Package Information:
https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1423.30
[USN-1669-1] Linux kernel vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0QCyAAoJEAUvNnAY1cPYvIkP/1MEOszdmCs4YO76ldCrvxKq
Tab3Kd4C9ZuXv42fywTX5dl+8uT07rJyTz482aeB6ich2GfKCLevUtf2dmyVeDbI
8rgMM+PmXqQDDoKmM6U/ONqljL/KPAhU/XyP4a+Ype8lYNINOTC8Fyv5m4gO+rDH
LvRG42EUBiJ55kaiKYbFE7mzvjZwMWHEo7WYsux0XS+MrbyrNdpsWZy4+T8Cf3L7
kVohFnmXVM2UkalWAlndcrZi6ApbFbc3NGuKnty2wdWXnSKBaZO+DPGfc5bL4ag2
DJH78qRgP2pYX0x4aamWJa7+lqT+RIJdawFD7FznSAu2mxdcdpSqivuVWclwfPGN
/9EsW9PZlWtrN7jo232CI2gK/WHzb8yF4y3hDFZxDUSuRCZNxhLxqxhsRlSPaG2x
ZCDR92tpk3FN9EwpfGMnMEV30bWpFaTdjZmpfSquvDVZGQ3PJ1TWNnBDGuLlwxtY
AYQrHwzkD6PHWbYN9gEGt42KAfrFRbB72ic71m04DujygiPHNLE67sz0GarW9pgp
hfvMtTFFzUkkQmU/3JLce97KG8BUx6Tf0Gje3Wri4GOBhIuLcK9MALwcHMJkL71f
3MH0DgShE9W0y44a6n3LWuI49el2SMljexHwD3fjv269bUQlYW6226aA5Fx+ripF
1Cq0+CjkxNmxoqtQcVf7
=Qdu2
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1669-1
December 18, 2012
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux: Linux kernel
Details:
A flaw was discovered in the Linux kernel's handling of new hot plugged
memory. An unprivileged local user could exploit this flaw to cause a
denial of service by crashing the system.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.2.0-35-generic 3.2.0-35.55
linux-image-3.2.0-35-generic-pae 3.2.0-35.55
linux-image-3.2.0-35-highbank 3.2.0-35.55
linux-image-3.2.0-35-omap 3.2.0-35.55
linux-image-3.2.0-35-powerpc-smp 3.2.0-35.55
linux-image-3.2.0-35-powerpc64-smp 3.2.0-35.55
linux-image-3.2.0-35-virtual 3.2.0-35.55
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1669-1
CVE-2012-5517
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.2.0-35.55
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQ0QCyAAoJEAUvNnAY1cPYvIkP/1MEOszdmCs4YO76ldCrvxKq
Tab3Kd4C9ZuXv42fywTX5dl+8uT07rJyTz482aeB6ich2GfKCLevUtf2dmyVeDbI
8rgMM+PmXqQDDoKmM6U/ONqljL/KPAhU/XyP4a+Ype8lYNINOTC8Fyv5m4gO+rDH
LvRG42EUBiJ55kaiKYbFE7mzvjZwMWHEo7WYsux0XS+MrbyrNdpsWZy4+T8Cf3L7
kVohFnmXVM2UkalWAlndcrZi6ApbFbc3NGuKnty2wdWXnSKBaZO+DPGfc5bL4ag2
DJH78qRgP2pYX0x4aamWJa7+lqT+RIJdawFD7FznSAu2mxdcdpSqivuVWclwfPGN
/9EsW9PZlWtrN7jo232CI2gK/WHzb8yF4y3hDFZxDUSuRCZNxhLxqxhsRlSPaG2x
ZCDR92tpk3FN9EwpfGMnMEV30bWpFaTdjZmpfSquvDVZGQ3PJ1TWNnBDGuLlwxtY
AYQrHwzkD6PHWbYN9gEGt42KAfrFRbB72ic71m04DujygiPHNLE67sz0GarW9pgp
hfvMtTFFzUkkQmU/3JLce97KG8BUx6Tf0Gje3Wri4GOBhIuLcK9MALwcHMJkL71f
3MH0DgShE9W0y44a6n3LWuI49el2SMljexHwD3fjv269bUQlYW6226aA5Fx+ripF
1Cq0+CjkxNmxoqtQcVf7
=Qdu2
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1669-1
December 18, 2012
linux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
The system could be made to crash under certain conditions.
Software Description:
- linux: Linux kernel
Details:
A flaw was discovered in the Linux kernel's handling of new hot plugged
memory. An unprivileged local user could exploit this flaw to cause a
denial of service by crashing the system.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
linux-image-3.2.0-35-generic 3.2.0-35.55
linux-image-3.2.0-35-generic-pae 3.2.0-35.55
linux-image-3.2.0-35-highbank 3.2.0-35.55
linux-image-3.2.0-35-omap 3.2.0-35.55
linux-image-3.2.0-35-powerpc-smp 3.2.0-35.55
linux-image-3.2.0-35-powerpc64-smp 3.2.0-35.55
linux-image-3.2.0-35-virtual 3.2.0-35.55
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1669-1
CVE-2012-5517
Package Information:
https://launchpad.net/ubuntu/+source/linux/3.2.0-35.55
[CentOS-announce] CEBA-2012:1582 CentOS 6 qemu-kvm Update
CentOS Errata and Bugfix Advisory 2012:1582
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1582.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
afd61224e79e69cc3e0ae8532fece1c87cbaf7cbb03102cd1a95daaacff9eae7 qemu-guest-agent-0.12.1.2-2.295.el6_3.10.x86_64.rpm
b251e176577a174dbd00a435ba4a434fbb03bb6eabd8dd0a871e128fab8b33f0 qemu-img-0.12.1.2-2.295.el6_3.10.x86_64.rpm
64b40dbbacfa8083be1270eaaaf12c569731c69cc9f91cb938f243a1416481e1 qemu-kvm-0.12.1.2-2.295.el6_3.10.x86_64.rpm
5e564afadc9316ff441d3c7b878563fd78191c141cd31ea2db5c8bec7d09a1f5 qemu-kvm-tools-0.12.1.2-2.295.el6_3.10.x86_64.rpm
Source:
128f9c42ce265dec81f2f6341495a21d7330721fa9809df6a44d118d72322e51 qemu-kvm-0.12.1.2-2.295.el6_3.10.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1582.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
afd61224e79e69cc3e0ae8532fece1c87cbaf7cbb03102cd1a95daaacff9eae7 qemu-guest-agent-0.12.1.2-2.295.el6_3.10.x86_64.rpm
b251e176577a174dbd00a435ba4a434fbb03bb6eabd8dd0a871e128fab8b33f0 qemu-img-0.12.1.2-2.295.el6_3.10.x86_64.rpm
64b40dbbacfa8083be1270eaaaf12c569731c69cc9f91cb938f243a1416481e1 qemu-kvm-0.12.1.2-2.295.el6_3.10.x86_64.rpm
5e564afadc9316ff441d3c7b878563fd78191c141cd31ea2db5c8bec7d09a1f5 qemu-kvm-tools-0.12.1.2-2.295.el6_3.10.x86_64.rpm
Source:
128f9c42ce265dec81f2f6341495a21d7330721fa9809df6a44d118d72322e51 qemu-kvm-0.12.1.2-2.295.el6_3.10.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2012:1581 CentOS 6 selinux-policy Update
CentOS Errata and Bugfix Advisory 2012:1581
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1581.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
93fcbda76348333a270a0fc8b03065aa93dd4e1404f085c5cfb16e035df3b5df selinux-policy-3.7.19-155.el6_3.13.noarch.rpm
7b891c2840e85440e106723489985f50f24c5764cbdf99f605ea2331156c0d83 selinux-policy-doc-3.7.19-155.el6_3.13.noarch.rpm
11c1753caefb29036d889da2f1f8ccb290016bdce9dcc9182bff6e434338732a selinux-policy-minimum-3.7.19-155.el6_3.13.noarch.rpm
133f4e518fea37a8d7f5347fb9df63391f3ddc47a5c11d691371baa0811cd18d selinux-policy-mls-3.7.19-155.el6_3.13.noarch.rpm
5081b403b0db4d1a6aa2d2d4bb992d6daed8dfda7d2d2bc64d1bf3e7218dfc04 selinux-policy-targeted-3.7.19-155.el6_3.13.noarch.rpm
x86_64:
93fcbda76348333a270a0fc8b03065aa93dd4e1404f085c5cfb16e035df3b5df selinux-policy-3.7.19-155.el6_3.13.noarch.rpm
7b891c2840e85440e106723489985f50f24c5764cbdf99f605ea2331156c0d83 selinux-policy-doc-3.7.19-155.el6_3.13.noarch.rpm
11c1753caefb29036d889da2f1f8ccb290016bdce9dcc9182bff6e434338732a selinux-policy-minimum-3.7.19-155.el6_3.13.noarch.rpm
133f4e518fea37a8d7f5347fb9df63391f3ddc47a5c11d691371baa0811cd18d selinux-policy-mls-3.7.19-155.el6_3.13.noarch.rpm
5081b403b0db4d1a6aa2d2d4bb992d6daed8dfda7d2d2bc64d1bf3e7218dfc04 selinux-policy-targeted-3.7.19-155.el6_3.13.noarch.rpm
Source:
adfd2d9a56f1a82244d2351586b093c680472dbb44ddf894c8e50a6c27c9a3f8 selinux-policy-3.7.19-155.el6_3.13.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1581.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
93fcbda76348333a270a0fc8b03065aa93dd4e1404f085c5cfb16e035df3b5df selinux-policy-3.7.19-155.el6_3.13.noarch.rpm
7b891c2840e85440e106723489985f50f24c5764cbdf99f605ea2331156c0d83 selinux-policy-doc-3.7.19-155.el6_3.13.noarch.rpm
11c1753caefb29036d889da2f1f8ccb290016bdce9dcc9182bff6e434338732a selinux-policy-minimum-3.7.19-155.el6_3.13.noarch.rpm
133f4e518fea37a8d7f5347fb9df63391f3ddc47a5c11d691371baa0811cd18d selinux-policy-mls-3.7.19-155.el6_3.13.noarch.rpm
5081b403b0db4d1a6aa2d2d4bb992d6daed8dfda7d2d2bc64d1bf3e7218dfc04 selinux-policy-targeted-3.7.19-155.el6_3.13.noarch.rpm
x86_64:
93fcbda76348333a270a0fc8b03065aa93dd4e1404f085c5cfb16e035df3b5df selinux-policy-3.7.19-155.el6_3.13.noarch.rpm
7b891c2840e85440e106723489985f50f24c5764cbdf99f605ea2331156c0d83 selinux-policy-doc-3.7.19-155.el6_3.13.noarch.rpm
11c1753caefb29036d889da2f1f8ccb290016bdce9dcc9182bff6e434338732a selinux-policy-minimum-3.7.19-155.el6_3.13.noarch.rpm
133f4e518fea37a8d7f5347fb9df63391f3ddc47a5c11d691371baa0811cd18d selinux-policy-mls-3.7.19-155.el6_3.13.noarch.rpm
5081b403b0db4d1a6aa2d2d4bb992d6daed8dfda7d2d2bc64d1bf3e7218dfc04 selinux-policy-targeted-3.7.19-155.el6_3.13.noarch.rpm
Source:
adfd2d9a56f1a82244d2351586b093c680472dbb44ddf894c8e50a6c27c9a3f8 selinux-policy-3.7.19-155.el6_3.13.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Monday, December 17, 2012
[USN-1668-1] Apport update
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQz6vcAAoJEFHb3FjMVZVzzf4QALb91sxOtP4T1iuRGv4FhCqO
eqXS+q7Qt84eoT92Nfa2LoSdEFayIU4mQLvwQ2jMPEFJvUIXOnjw2Uu0lpaTmgtJ
VdW6TI57zuCGfNL7sj/Rg1q7baqr/AquV4HiAEBzlMIT6kv6vt846JEdGw5fnAqd
Pv1EfWplZf0vk3vYgll3HcHFVZZISJzaGHtWtvIdffEgsxgHJVHF3fTm50pAsgch
7H6xLbmKb2POkSjDmHurEkLNYFmTfZSnSJ8ZgFjNWx9+OVB3qPiipg7Z03CKgJ8+
RNjIWCqRr/Zw+CYTiPqYdkfGu5BqQ7zV/Waeyl7jbD7nX7QLgDuhVcvL33g+DJRa
HC/nh3LXECjusT73sKkVXgxOtukv+vYK5IskqWZif3ufWIA0aoS3XISspNKpvxEZ
Y8+YdneSIN4BLfkJehtIzHxdJ0Y8NSGXu8Aa46rCjgeW8OnXwCBREzWBanXKP/2h
Cu6fQE418W2wALCGRRCBGxHqc2DAMavwQTbjs587aCeRArRo3zofy52/oMfc8wHX
CvGYrUWg6MeGHqMyHmcnZOOJTXLLyh2d0iuFHz8F8HbkcYCG2yGKzUlWxlRMhn2J
LoJH3cXE8kJzXVLPoQQbXnP9ZlOBkk4wi9taSLs8n7T5U/4WYKlibl780/ETRphv
/GeY/G4Wa5l3MBWW56KN
=XdOm
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1668-1
December 17, 2012
apport update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
Summary:
A hardening measure was added to apport.
Software Description:
- apport: automatically generate crash reports for debugging
Details:
Dan Rosenberg discovered that an application running under an AppArmor
profile that allowed unconfined execution of apport-bug could escape
confinement by calling apport-bug with a crafted environment. While not a
vulnerability in apport itself, this update mitigates the issue by
sanitizing certain variables in the apport-bug shell script.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
apport 2.0.1-0ubuntu15.1
Ubuntu 11.10:
apport 1.23-0ubuntu4.1
Ubuntu 10.04 LTS:
apport 1.13.3-0ubuntu2.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1668-1
https://launchpad.net/bugs/1045986
Package Information:
https://launchpad.net/ubuntu/+source/apport/2.0.1-0ubuntu15.1
https://launchpad.net/ubuntu/+source/apport/1.23-0ubuntu4.1
https://launchpad.net/ubuntu/+source/apport/1.13.3-0ubuntu2.2
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQz6vcAAoJEFHb3FjMVZVzzf4QALb91sxOtP4T1iuRGv4FhCqO
eqXS+q7Qt84eoT92Nfa2LoSdEFayIU4mQLvwQ2jMPEFJvUIXOnjw2Uu0lpaTmgtJ
VdW6TI57zuCGfNL7sj/Rg1q7baqr/AquV4HiAEBzlMIT6kv6vt846JEdGw5fnAqd
Pv1EfWplZf0vk3vYgll3HcHFVZZISJzaGHtWtvIdffEgsxgHJVHF3fTm50pAsgch
7H6xLbmKb2POkSjDmHurEkLNYFmTfZSnSJ8ZgFjNWx9+OVB3qPiipg7Z03CKgJ8+
RNjIWCqRr/Zw+CYTiPqYdkfGu5BqQ7zV/Waeyl7jbD7nX7QLgDuhVcvL33g+DJRa
HC/nh3LXECjusT73sKkVXgxOtukv+vYK5IskqWZif3ufWIA0aoS3XISspNKpvxEZ
Y8+YdneSIN4BLfkJehtIzHxdJ0Y8NSGXu8Aa46rCjgeW8OnXwCBREzWBanXKP/2h
Cu6fQE418W2wALCGRRCBGxHqc2DAMavwQTbjs587aCeRArRo3zofy52/oMfc8wHX
CvGYrUWg6MeGHqMyHmcnZOOJTXLLyh2d0iuFHz8F8HbkcYCG2yGKzUlWxlRMhn2J
LoJH3cXE8kJzXVLPoQQbXnP9ZlOBkk4wi9taSLs8n7T5U/4WYKlibl780/ETRphv
/GeY/G4Wa5l3MBWW56KN
=XdOm
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1668-1
December 17, 2012
apport update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
Summary:
A hardening measure was added to apport.
Software Description:
- apport: automatically generate crash reports for debugging
Details:
Dan Rosenberg discovered that an application running under an AppArmor
profile that allowed unconfined execution of apport-bug could escape
confinement by calling apport-bug with a crafted environment. While not a
vulnerability in apport itself, this update mitigates the issue by
sanitizing certain variables in the apport-bug shell script.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
apport 2.0.1-0ubuntu15.1
Ubuntu 11.10:
apport 1.23-0ubuntu4.1
Ubuntu 10.04 LTS:
apport 1.13.3-0ubuntu2.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1668-1
https://launchpad.net/bugs/1045986
Package Information:
https://launchpad.net/ubuntu/+source/apport/2.0.1-0ubuntu15.1
https://launchpad.net/ubuntu/+source/apport/1.23-0ubuntu4.1
https://launchpad.net/ubuntu/+source/apport/1.13.3-0ubuntu2.2
Introducing the new FAmSCo chairs
My fellow ambassadors,
I have been serving as FAmSCo chair for a year now and it's time for me
to pass the torch (the buck?) to somebody else.
I am happy to announce that in today's FAmSCo meeting Jiri Eischmann [1]
was elected. I think he really deserves it because he was very active
and effectively ran FAmSCo while I was busy with my dayjob.
As FAmSCo chair, Jiri was to appoint the vice chair and I am glad he
picked Clint Savage [2]. This means we now have two of the most active
members of the two biggest communities leading FAmSCo and I am looking
forward to work with them.
Kind regards,
Christoph
[1] https://fedoraproject.org/wiki/User:Eischmann
[2] https://fedoraproject.org/wiki/User:Herlo
--
announce mailing list
announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce
[USN-1667-1] bogofilter vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQz0V8AAoJEGVp2FWnRL6TN1EP/i1Ya0cEpqXNita2DLdjtqYj
FqEPWAMyJhZIvBDXwCXQ1lntaSGJUleuozknevAnoQYTR1qksMFZvMcVgnjttRMr
XfgIjU9qznqoGRf5tDAjMRYvjccARsU5asZWSM+6pTuLf7Z8RUOYJKofnHrd3S7I
PuV/hLDw5BRvKfUwCIrq5cr3CjwzC0kGmVE7R5oUWp69lb4eHW8I+9bM1Xlosp3I
KG0cHzRrbRWUrvGQGFo8dl2p6coThDvrwphQ3OnBWqbg7q/X7TO3dPi7fbhsuys/
MG6QcdMIUwaHuGyz34gMMkUAOPDa5O7zsU7W53Vi9jtXyFJOJb4ZpDrbizy0T9y2
kcYfoTE7C1KD1UH8X31U1wypXQUxTfcTlqTyTzhtVsCo37P97MWjosFwFrvgll2m
PE48/tigB3Qwp4ShveblPyciBe5q1VsdLJLFj6hD9kA26oIR3WGFI0X5lnPMoMwq
kkDMxa42qYyndnd0FdMzhFgvyl/fDzYXqDj0LVCbx86SF96EkZTSw1h+51xhKGzq
u+P5hprvu+Uh12+9PedjN1A3pONcbknKP4F+OqyQ86zwogMaojqgY41iyW7sCryo
uD1u0C6MJtSpjTu43+ski4pilkfAMQXl197lek6cPbNBtSiDAKFc3eDjWbyozmEF
I3f++SGxUfjIbcMCQbkc
=GQFn
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1667-1
December 17, 2012
bogofilter vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
bogofilter could be made to crash or run programs if it processed a
specially crafted email.
Software Description:
- bogofilter: a fast Bayesian spam filter
Details:
Julius Plenz discovered that bogofilter incorrectly handled certain
invalid base64 code. By sending a specially crafted email, a remote
attacker could exploit this and cause bogofilter to crash, resulting in a
denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
bogofilter-bdb 1.2.1-0ubuntu1.2
bogofilter-sqlite 1.2.1-0ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1667-1
CVE-2012-5468
Package Information:
https://launchpad.net/ubuntu/+source/bogofilter/1.2.1-0ubuntu1.2
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQz0V8AAoJEGVp2FWnRL6TN1EP/i1Ya0cEpqXNita2DLdjtqYj
FqEPWAMyJhZIvBDXwCXQ1lntaSGJUleuozknevAnoQYTR1qksMFZvMcVgnjttRMr
XfgIjU9qznqoGRf5tDAjMRYvjccARsU5asZWSM+6pTuLf7Z8RUOYJKofnHrd3S7I
PuV/hLDw5BRvKfUwCIrq5cr3CjwzC0kGmVE7R5oUWp69lb4eHW8I+9bM1Xlosp3I
KG0cHzRrbRWUrvGQGFo8dl2p6coThDvrwphQ3OnBWqbg7q/X7TO3dPi7fbhsuys/
MG6QcdMIUwaHuGyz34gMMkUAOPDa5O7zsU7W53Vi9jtXyFJOJb4ZpDrbizy0T9y2
kcYfoTE7C1KD1UH8X31U1wypXQUxTfcTlqTyTzhtVsCo37P97MWjosFwFrvgll2m
PE48/tigB3Qwp4ShveblPyciBe5q1VsdLJLFj6hD9kA26oIR3WGFI0X5lnPMoMwq
kkDMxa42qYyndnd0FdMzhFgvyl/fDzYXqDj0LVCbx86SF96EkZTSw1h+51xhKGzq
u+P5hprvu+Uh12+9PedjN1A3pONcbknKP4F+OqyQ86zwogMaojqgY41iyW7sCryo
uD1u0C6MJtSpjTu43+ski4pilkfAMQXl197lek6cPbNBtSiDAKFc3eDjWbyozmEF
I3f++SGxUfjIbcMCQbkc
=GQFn
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1667-1
December 17, 2012
bogofilter vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
bogofilter could be made to crash or run programs if it processed a
specially crafted email.
Software Description:
- bogofilter: a fast Bayesian spam filter
Details:
Julius Plenz discovered that bogofilter incorrectly handled certain
invalid base64 code. By sending a specially crafted email, a remote
attacker could exploit this and cause bogofilter to crash, resulting in a
denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
bogofilter-bdb 1.2.1-0ubuntu1.2
bogofilter-sqlite 1.2.1-0ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1667-1
CVE-2012-5468
Package Information:
https://launchpad.net/ubuntu/+source/bogofilter/1.2.1-0ubuntu1.2
[FreeBSD-Announce] Faces of FreeBSD - Dan Langille
Dear FreeBSD Community,
Thank you for the tremendous amount of support you've given us over
this past week! You guys have been amazing giving us over 900 donations
in a week. These donations have helped us raise $335,000 towards our goal of $500,000.
We are excited to share our next story for our Faces of FreeBSD Series. This is a
chance for us to spotlight different people who contribute to FreeBSD
and have received funding from us to work on development projects, run
conferences, travel to conferences, and advocate for FreeBSD.
Let us introduce you to Dan Langille. We helped him by sponsoring BSDCan
since 2006. Here's his story:
http://freebsdfoundation.blogspot.com/2012/12/faces-of-freebsd-dan-langille_17.html
Please consider making a donation to help us continue and increase our
support of the FreeBSD Project and community worldwide! To make a
donation go to:
http://www.freebsdfoundation.org/donate/
Thank You,
The FreeBSD Foundation
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Thank you for the tremendous amount of support you've given us over
this past week! You guys have been amazing giving us over 900 donations
in a week. These donations have helped us raise $335,000 towards our goal of $500,000.
We are excited to share our next story for our Faces of FreeBSD Series. This is a
chance for us to spotlight different people who contribute to FreeBSD
and have received funding from us to work on development projects, run
conferences, travel to conferences, and advocate for FreeBSD.
Let us introduce you to Dan Langille. We helped him by sponsoring BSDCan
since 2006. Here's his story:
http://freebsdfoundation.blogspot.com/2012/12/faces-of-freebsd-dan-langille_17.html
Please consider making a donation to help us continue and increase our
support of the FreeBSD Project and community worldwide! To make a
donation go to:
http://www.freebsdfoundation.org/donate/
Thank You,
The FreeBSD Foundation
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
[USN-1589-2] GNU C Library regression
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQzyluAAoJEGVp2FWnRL6TrXMQAK6RW3mqaQcS3K96t4E/MJYy
bAFeyFZSXSzlf1dvyk1J/PObXhRlfNcQYuA7uEOOYGs9I+DWIj4d4shLsGWGMOYJ
/4mAs4Q1gO+zg5ICDskqeSCIoFFO26gk0xU49DHF1fiOZIA42iE2aeuxBEStITnR
JHCTzwfoTSWXC1fcNRYd7PWySeznIEv4i+2Wvlkq3NHji7NFVJFK2NtZ1/3u6bHT
D1CTZ3wGvTM/1S7RnQ/unhWZJxtLOnhsMe0n6Yj/JK7hcuSe7EEvdzNLvlpX2gWa
OkQDypqlXysBC20XgkiE2Watye8+nYH0Hl0812s3zUlU5QkuK97f947YnzlMoJZ1
jOjxLRHsaQnqv+I9H2Ly23iIYQVrZ1UzdD4HuhAQ7fSmhq7bUOQFGEcQo0yMRGdY
Zd31xP6T2iGVtu+6QoMRo+CW4/GQ+PMGe53s7fSGcHPDpaAOgO3iPQDapxiXqPPh
B9I32MG/C/THwWKiSHy65PC/ggSXwQxcJLL4bBEanVXXm3KoaBLIxsub0yO7IxAa
MM/C76lBkp4sLQUR2keNucgfkFxrxRMWK5fITCCw5aP/+vQ0pbh7Cebpes7UlwzK
aW+/h7HostUwDkPNAE/wXq5w2obzSFf9YgIYbhxCkUwOsL2SlekE7quOhwRzlhL1
zsdViBhikdi9/UEIUe5E
=Thi3
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1589-2
December 17, 2012
glibc regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.04 LTS
Summary:
USN-1589-1 exposed a regression in the GNU C Library floating point parser.
Software Description:
- glibc: GNU C Library
Details:
USN-1589-1 fixed vulnerabilities in the GNU C Library. One of the updates
exposed a regression in the floating point parser. This update fixes the
problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that positional arguments to the printf() family
of functions were not handled properly in the GNU C Library. An
attacker could possibly use this to cause a stack-based buffer
overflow, creating a denial of service or possibly execute arbitrary
code. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406)
It was discovered that multiple integer overflows existed in the
strtod(), strtof() and strtold() functions in the GNU C Library. An
attacker could possibly use this to trigger a stack-based buffer
overflow, creating a denial of service or possibly execute arbitrary
code. (CVE-2012-3480)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 8.04 LTS:
libc6 2.7-10ubuntu8.3
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1589-2
http://www.ubuntu.com/usn/usn-1589-1
CVE-2012-3480
Package Information:
https://launchpad.net/ubuntu/+source/glibc/2.7-10ubuntu8.3
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQzyluAAoJEGVp2FWnRL6TrXMQAK6RW3mqaQcS3K96t4E/MJYy
bAFeyFZSXSzlf1dvyk1J/PObXhRlfNcQYuA7uEOOYGs9I+DWIj4d4shLsGWGMOYJ
/4mAs4Q1gO+zg5ICDskqeSCIoFFO26gk0xU49DHF1fiOZIA42iE2aeuxBEStITnR
JHCTzwfoTSWXC1fcNRYd7PWySeznIEv4i+2Wvlkq3NHji7NFVJFK2NtZ1/3u6bHT
D1CTZ3wGvTM/1S7RnQ/unhWZJxtLOnhsMe0n6Yj/JK7hcuSe7EEvdzNLvlpX2gWa
OkQDypqlXysBC20XgkiE2Watye8+nYH0Hl0812s3zUlU5QkuK97f947YnzlMoJZ1
jOjxLRHsaQnqv+I9H2Ly23iIYQVrZ1UzdD4HuhAQ7fSmhq7bUOQFGEcQo0yMRGdY
Zd31xP6T2iGVtu+6QoMRo+CW4/GQ+PMGe53s7fSGcHPDpaAOgO3iPQDapxiXqPPh
B9I32MG/C/THwWKiSHy65PC/ggSXwQxcJLL4bBEanVXXm3KoaBLIxsub0yO7IxAa
MM/C76lBkp4sLQUR2keNucgfkFxrxRMWK5fITCCw5aP/+vQ0pbh7Cebpes7UlwzK
aW+/h7HostUwDkPNAE/wXq5w2obzSFf9YgIYbhxCkUwOsL2SlekE7quOhwRzlhL1
zsdViBhikdi9/UEIUe5E
=Thi3
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1589-2
December 17, 2012
glibc regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.04 LTS
Summary:
USN-1589-1 exposed a regression in the GNU C Library floating point parser.
Software Description:
- glibc: GNU C Library
Details:
USN-1589-1 fixed vulnerabilities in the GNU C Library. One of the updates
exposed a regression in the floating point parser. This update fixes the
problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that positional arguments to the printf() family
of functions were not handled properly in the GNU C Library. An
attacker could possibly use this to cause a stack-based buffer
overflow, creating a denial of service or possibly execute arbitrary
code. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406)
It was discovered that multiple integer overflows existed in the
strtod(), strtof() and strtold() functions in the GNU C Library. An
attacker could possibly use this to trigger a stack-based buffer
overflow, creating a denial of service or possibly execute arbitrary
code. (CVE-2012-3480)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 8.04 LTS:
libc6 2.7-10ubuntu8.3
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1589-2
http://www.ubuntu.com/usn/usn-1589-1
CVE-2012-3480
Package Information:
https://launchpad.net/ubuntu/+source/glibc/2.7-10ubuntu8.3
[USN-1666-1] Aptdaemon vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQzymAAAoJEGVp2FWnRL6T8TkQAKC1VjCFR/23hbfDtFxkzMe0
43IySjrRarI+8cOpmsY7liVtg7yPA4bPKZZVyoTG1p4fViHkR6t5h1hzNl93PRwI
kt/FEWrpk7LgKIhyl5aOyseI+/bzr1yVIOwIcqx3dgMU78KHWxZO8hN+5iaEknIK
j/FPadFcWo+k6S24KhhVgDDvfbmm+/EQAdSxoZpqZI3IDlg/DFeO1tu61YD9h7Wn
hKQOPQDORZAES0TJDORhTaytLp5w47tf/jBFgm/T+nwCUEwY0gGBExkE/jLJ3+FH
KVPYyhPSS19vxFPBP204aXiNnf4eh6QSAQ6AAZfT6ap+8zIWBbEyxc8uG05TEoz5
kiS1ow8bggUlLeBzw/ZIpOzq8MYVa/YEc8+/dz45mtQ4lxILjf0seeYHqTvmECX2
YaHd3qrMKn0hGzLqg3H2+TWn6Xbwiwt5kUpjyecyUF2EZvalBxjsock0kd0OR7X6
0LJL+nJ99fNh4ik/x+5FZvIJZEf9+O55+C0IUjzaY5p2jPjHKDe8PQaiqn33SShB
Sft3tdja7WTvo97NSvlI/dgNlVngbtCCqPwGHc+c5hci9iOmSC8QhMkqWkylmCnx
VE9Kk/8cQviA2NmER0Yr+1NIfinlztzMgc30UIt56UL1EPR10QMBQKIMLreH5zFQ
p5Dof88SDDSTjZut44FA
=k6Jx
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1666-1
December 17, 2012
aptdaemon vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
Summary:
Aptdaemon could be tricked into installing arbitrary PPA GPG keys.
Software Description:
- aptdaemon: transaction based package management service
Details:
It was discovered that Aptdaemon incorrectly validated PPA GPG keys when
importing from a keyserver. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to install altered
package repository GPG keys.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
aptdaemon 0.43+bzr805-0ubuntu7
Ubuntu 11.10:
aptdaemon 0.43+bzr697-0ubuntu1.3
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1666-1
CVE-2012-0962
Package Information:
https://launchpad.net/ubuntu/+source/aptdaemon/0.43+bzr805-0ubuntu7
https://launchpad.net/ubuntu/+source/aptdaemon/0.43+bzr697-0ubuntu1.3
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQzymAAAoJEGVp2FWnRL6T8TkQAKC1VjCFR/23hbfDtFxkzMe0
43IySjrRarI+8cOpmsY7liVtg7yPA4bPKZZVyoTG1p4fViHkR6t5h1hzNl93PRwI
kt/FEWrpk7LgKIhyl5aOyseI+/bzr1yVIOwIcqx3dgMU78KHWxZO8hN+5iaEknIK
j/FPadFcWo+k6S24KhhVgDDvfbmm+/EQAdSxoZpqZI3IDlg/DFeO1tu61YD9h7Wn
hKQOPQDORZAES0TJDORhTaytLp5w47tf/jBFgm/T+nwCUEwY0gGBExkE/jLJ3+FH
KVPYyhPSS19vxFPBP204aXiNnf4eh6QSAQ6AAZfT6ap+8zIWBbEyxc8uG05TEoz5
kiS1ow8bggUlLeBzw/ZIpOzq8MYVa/YEc8+/dz45mtQ4lxILjf0seeYHqTvmECX2
YaHd3qrMKn0hGzLqg3H2+TWn6Xbwiwt5kUpjyecyUF2EZvalBxjsock0kd0OR7X6
0LJL+nJ99fNh4ik/x+5FZvIJZEf9+O55+C0IUjzaY5p2jPjHKDe8PQaiqn33SShB
Sft3tdja7WTvo97NSvlI/dgNlVngbtCCqPwGHc+c5hci9iOmSC8QhMkqWkylmCnx
VE9Kk/8cQviA2NmER0Yr+1NIfinlztzMgc30UIt56UL1EPR10QMBQKIMLreH5zFQ
p5Dof88SDDSTjZut44FA
=k6Jx
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1666-1
December 17, 2012
aptdaemon vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
Summary:
Aptdaemon could be tricked into installing arbitrary PPA GPG keys.
Software Description:
- aptdaemon: transaction based package management service
Details:
It was discovered that Aptdaemon incorrectly validated PPA GPG keys when
importing from a keyserver. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to install altered
package repository GPG keys.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
aptdaemon 0.43+bzr805-0ubuntu7
Ubuntu 11.10:
aptdaemon 0.43+bzr697-0ubuntu1.3
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1666-1
CVE-2012-0962
Package Information:
https://launchpad.net/ubuntu/+source/aptdaemon/0.43+bzr805-0ubuntu7
https://launchpad.net/ubuntu/+source/aptdaemon/0.43+bzr697-0ubuntu1.3
[opensuse-announce] The New 2013 openSUSE Board Members are:
As of 23:00 UTC on 16 December, 2012, the openSUSE Project's members
completed the Fifth election of the openSUSE Board. At stake were two
seats of the five electable seats. With 8 candidates, the community
definitely had a broad choice of qualified candidates to choose from.
In the end, the two top vote-getters were Raymond Wooninck (tittiacoke)
and Robert Schweikert, (robjo) respectively. They will join the
openSUSE Board on January 9th during the transitional meeting of the
regularly scheduled Project meeting heldon the Freenode IRC Channel at
17:00 UTC.
The Election Officials would like to congratulate all of thecandidates
for a great campaign season. These candidates included Matt Barringer,
Richard Brown, Carl Fletcher, Manu Gupta, Chuck Payne and Stefan
Seyfried. All of these candidates demonstrated a commitment to the
Project and exemplified the Guiding Principles which the Project, as a
whole, is founded upon.
We join the rest of the community in looking forward to an exciting year
to come as the new Board embarks on new initiatives and directions. And
we thank the community for giving us the opportunity to serve as members
of the election committee.
Sincerely,
The openSUSE Election Committee
- Izabel Valverde
- Thomas Schmidt
- Bryen M Yunashko
--
To unsubscribe, e-mail: opensuse-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-announce+help@opensuse.org
completed the Fifth election of the openSUSE Board. At stake were two
seats of the five electable seats. With 8 candidates, the community
definitely had a broad choice of qualified candidates to choose from.
In the end, the two top vote-getters were Raymond Wooninck (tittiacoke)
and Robert Schweikert, (robjo) respectively. They will join the
openSUSE Board on January 9th during the transitional meeting of the
regularly scheduled Project meeting heldon the Freenode IRC Channel at
17:00 UTC.
The Election Officials would like to congratulate all of thecandidates
for a great campaign season. These candidates included Matt Barringer,
Richard Brown, Carl Fletcher, Manu Gupta, Chuck Payne and Stefan
Seyfried. All of these candidates demonstrated a commitment to the
Project and exemplified the Guiding Principles which the Project, as a
whole, is founded upon.
We join the rest of the community in looking forward to an exciting year
to come as the new Board embarks on new initiatives and directions. And
we thank the community for giving us the opportunity to serve as members
of the election committee.
Sincerely,
The openSUSE Election Committee
- Izabel Valverde
- Thomas Schmidt
- Bryen M Yunashko
--
To unsubscribe, e-mail: opensuse-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-announce+help@opensuse.org
[CentOS-announce] CEEA-2012:1576 CentOS 6 pch_gbe Update
CentOS Errata and Enhancement Advisory 2012:1576
Upstream details at : https://rhn.redhat.com/errata/RHEA-2012-1576.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
3a5658cd4a78854913abca43d027d646a9dc5da048c8f85a3673ab724893d788 kmod-pch_gbe-1.01-2.el6_3.i686.rpm
x86_64:
9490c2e793a1ba27e0371e8de77b50439cfe6e2ca1b09492e0994cc7f0e6be1d kmod-pch_gbe-1.01-2.el6_3.x86_64.rpm
Source:
fbda05b0a808a0c0b1662eb1a92cce7754b5ac820486bfb23e4d5164fa5bb0c3 pch_gbe-1.01-2.el6_3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHEA-2012-1576.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
3a5658cd4a78854913abca43d027d646a9dc5da048c8f85a3673ab724893d788 kmod-pch_gbe-1.01-2.el6_3.i686.rpm
x86_64:
9490c2e793a1ba27e0371e8de77b50439cfe6e2ca1b09492e0994cc7f0e6be1d kmod-pch_gbe-1.01-2.el6_3.x86_64.rpm
Source:
fbda05b0a808a0c0b1662eb1a92cce7754b5ac820486bfb23e4d5164fa5bb0c3 pch_gbe-1.01-2.el6_3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Saturday, December 15, 2012
[FreeBSD-Announce] FreeBSD Development Snapshot Availability
I am pleased to announce the re-availability of FreeBSD development
snapshots provided by the FreeBSD Project.
As with any development branch, these snapshots are not intended
for use on production systems. However, we do encourage testing on
non-production systems as much as possible.
At this time, installation images are available for:
- 10.0-CURRENT/amd64
- 10.0-CURRENT/i386
- 10.0-CURRENT/powerpc
- 10.0-CURRENT/powerpc64
- 9.1-PRERELEASE/amd64
- 9.1-PRERELEASE/i386
Snapshots for the stable/8 branch are currently not available.
Please note, the 9.1-PRERELEASE images are the stable/9 branch,
not what will be 9.1-RELEASE.
Also note, the 10.0-CURRENT powerpc and powerpc64 builds do not
currently include a memstick image.
Users interested in testing the development branches are also
encouraged to subscribe to the freebsd-snapshots@ mailing list,
where new snapshot availability, including corresponding
installation image checksums, and any additional noteworthy
information about the images will be announced.
The list subscription URL is:
http://lists.freebsd.org/mailman/listinfo/freebsd-snapshots
Snapshots may be downloaded from the corresponding architecture
subdirectory over FTP:
ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/
Please be patient if your local FTP mirror has not yet caught
up with the changes.
Problems, bug reports, or regression reports should be reported
through the GNATS PR system or the appropriate mailing list, such
as -current@ or -stable@ .
Checksums for the current set of snapshots:
o 10.0-CURRENT amd64:
MD5 (FreeBSD-10.0-CURRENT-amd64-20121209-bootonly.iso) = c98f99312f9da7dcf94e571da759583d
MD5 (FreeBSD-10.0-CURRENT-amd64-20121209-memstick) = eb7bcf8dcfae35d772b9b20ce64c7399
MD5 (FreeBSD-10.0-CURRENT-amd64-20121209-release.iso) = 239bdf4de6774a47ccc11ca1d378e1ef
SHA256 (FreeBSD-10.0-CURRENT-amd64-20121209-bootonly.iso) = 20998c1272115dde8ef032ea58471e7aafd6c41284d81a65b9e407d3884c5d1f
SHA256 (FreeBSD-10.0-CURRENT-amd64-20121209-memstick) = 2429ba78a4647324b2a0009037e0400df06e2e10a2a9547b5c7a8ac3b28629b9
SHA256 (FreeBSD-10.0-CURRENT-amd64-20121209-release.iso) = 9d0dc08bdae87e9dd883afa5e0448b85491345124c0a8a0741559d6599b720bf
o 10.0-CURRENT i386:
MD5 (FreeBSD-10.0-CURRENT-i386-20121209-bootonly.iso) = 6ef0f61e42e0554f8128bfe468840451
MD5 (FreeBSD-10.0-CURRENT-i386-20121209-memstick) = 1af85be9389e43b373c67c7aa3e5c550
MD5 (FreeBSD-10.0-CURRENT-i386-20121209-release.iso) = cae4bc258aaf94c056a9e818ca7393fa
SHA256 (FreeBSD-10.0-CURRENT-i386-20121209-bootonly.iso) = d576dcae22df226a59dbe2d4e25efee335c85f62b9551936e2f1c1a973dbb3fb
SHA256 (FreeBSD-10.0-CURRENT-i386-20121209-memstick) = c828b881f2587cebd7746033e774767894555968bbf0052237a55ee1697b71c2
SHA256 (FreeBSD-10.0-CURRENT-i386-20121209-release.iso) = e8745fb4ed6efa9aa4eb4e4873e4dcf39d97d381c983326758eb001954ac8405
o 10.0-CURRENT powerpc:
MD5 (FreeBSD-10.0-CURRENT-powerpc-20121211-bootonly.iso) = 6767d524c12c7963dc788b451a7a8384
MD5 (FreeBSD-10.0-CURRENT-powerpc-20121211-release.iso) = 7374f919c36dbd52966db35b86a58f78
SHA256 (FreeBSD-10.0-CURRENT-powerpc-20121211-bootonly.iso) = 509f7e0d9e795ca7fda95e6c68fc94afa914b24eaaddf463a82183475e9d2dc1
SHA256 (FreeBSD-10.0-CURRENT-powerpc-20121211-release.iso) = 2a8955dbb1937cffd205bb518be43dea5c33353bfb44606fabed6f719b9680b0
o 10.0-CURRENT powerpc64:
MD5 (FreeBSD-10.0-CURRENT-powerpc64-20121210-bootonly.iso) = 066fb4da4339b67cb7d33bc7c0947f54
MD5 (FreeBSD-10.0-CURRENT-powerpc64-20121210-release.iso) = db30b252b78fd85eefdbfddd37c91797
SHA256 (FreeBSD-10.0-CURRENT-powerpc64-20121210-bootonly.iso) = 2e3b725f9101afa87932bb3688dcc1ec9ceb40d419d7c7bd5ab808bb85f43513
SHA256 (FreeBSD-10.0-CURRENT-powerpc64-20121210-release.iso) = 36cd42219618524239906bedeb6b9571b1dae41471f9cb025d1dfec8618bf1c4
o 9.1-PRERELEASE amd64:
MD5 (FreeBSD-9.1-PRERELEASE-amd64-20121209-bootonly.iso) = 10e970db2eb68107eed0d010798f30cc
MD5 (FreeBSD-9.1-PRERELEASE-amd64-20121209-memstick) = 07b0422e45a8836daff9e052bd973e1a
MD5 (FreeBSD-9.1-PRERELEASE-amd64-20121209-release.iso) = 1e7f7836d1ad519c5fd01775c7bb7576
SHA256 (FreeBSD-9.1-PRERELEASE-amd64-20121209-bootonly.iso) = 5359dc27d388da44163e5d0b9ecef1dda2eb4a4e83469849c86ad967ff74e26a
SHA256 (FreeBSD-9.1-PRERELEASE-amd64-20121209-memstick) = c6a8c4e5ffffc1a56a4f6efcdbef2736d265d2270693b763ed4171ffea9f94a5
SHA256 (FreeBSD-9.1-PRERELEASE-amd64-20121209-release.iso) = ca180c8958902c32e01629b01b2db4c826aa5817ab1abf03512103f948e87492
o 9.1-PRERELEASE i386:
MD5 (FreeBSD-9.1-PRERELEASE-i386-20121209-bootonly.iso) = 05511515a607399037de2227284aa119
MD5 (FreeBSD-9.1-PRERELEASE-i386-20121209-memstick) = 9b12248a2eb06e5c7f34d48684d3979d
MD5 (FreeBSD-9.1-PRERELEASE-i386-20121209-release.iso) = f4c880b3d6d124d1943e37bc4b5d51a3
SHA256 (FreeBSD-9.1-PRERELEASE-i386-20121209-bootonly.iso) = 1d5e6f52b3567c78c384df34d80ab90fd594d26f8064955118477964a1278939
SHA256 (FreeBSD-9.1-PRERELEASE-i386-20121209-memstick) = 33d86994013df47970e8b780a94649505fc41ca43f922bf3014a6b425dbc80f0
SHA256 (FreeBSD-9.1-PRERELEASE-i386-20121209-release.iso) = 1e8998f069ce885c0d6a8d267d5fe14da9b33ed2dc90a52b501197d67f28090b
Regards,
Glen
--
One OS to rule them all,
On FTP, we'll host them.
One machine to build them all,
And any bugs, we'll find them.
snapshots provided by the FreeBSD Project.
As with any development branch, these snapshots are not intended
for use on production systems. However, we do encourage testing on
non-production systems as much as possible.
At this time, installation images are available for:
- 10.0-CURRENT/amd64
- 10.0-CURRENT/i386
- 10.0-CURRENT/powerpc
- 10.0-CURRENT/powerpc64
- 9.1-PRERELEASE/amd64
- 9.1-PRERELEASE/i386
Snapshots for the stable/8 branch are currently not available.
Please note, the 9.1-PRERELEASE images are the stable/9 branch,
not what will be 9.1-RELEASE.
Also note, the 10.0-CURRENT powerpc and powerpc64 builds do not
currently include a memstick image.
Users interested in testing the development branches are also
encouraged to subscribe to the freebsd-snapshots@ mailing list,
where new snapshot availability, including corresponding
installation image checksums, and any additional noteworthy
information about the images will be announced.
The list subscription URL is:
http://lists.freebsd.org/mailman/listinfo/freebsd-snapshots
Snapshots may be downloaded from the corresponding architecture
subdirectory over FTP:
ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/
Please be patient if your local FTP mirror has not yet caught
up with the changes.
Problems, bug reports, or regression reports should be reported
through the GNATS PR system or the appropriate mailing list, such
as -current@ or -stable@ .
Checksums for the current set of snapshots:
o 10.0-CURRENT amd64:
MD5 (FreeBSD-10.0-CURRENT-amd64-20121209-bootonly.iso) = c98f99312f9da7dcf94e571da759583d
MD5 (FreeBSD-10.0-CURRENT-amd64-20121209-memstick) = eb7bcf8dcfae35d772b9b20ce64c7399
MD5 (FreeBSD-10.0-CURRENT-amd64-20121209-release.iso) = 239bdf4de6774a47ccc11ca1d378e1ef
SHA256 (FreeBSD-10.0-CURRENT-amd64-20121209-bootonly.iso) = 20998c1272115dde8ef032ea58471e7aafd6c41284d81a65b9e407d3884c5d1f
SHA256 (FreeBSD-10.0-CURRENT-amd64-20121209-memstick) = 2429ba78a4647324b2a0009037e0400df06e2e10a2a9547b5c7a8ac3b28629b9
SHA256 (FreeBSD-10.0-CURRENT-amd64-20121209-release.iso) = 9d0dc08bdae87e9dd883afa5e0448b85491345124c0a8a0741559d6599b720bf
o 10.0-CURRENT i386:
MD5 (FreeBSD-10.0-CURRENT-i386-20121209-bootonly.iso) = 6ef0f61e42e0554f8128bfe468840451
MD5 (FreeBSD-10.0-CURRENT-i386-20121209-memstick) = 1af85be9389e43b373c67c7aa3e5c550
MD5 (FreeBSD-10.0-CURRENT-i386-20121209-release.iso) = cae4bc258aaf94c056a9e818ca7393fa
SHA256 (FreeBSD-10.0-CURRENT-i386-20121209-bootonly.iso) = d576dcae22df226a59dbe2d4e25efee335c85f62b9551936e2f1c1a973dbb3fb
SHA256 (FreeBSD-10.0-CURRENT-i386-20121209-memstick) = c828b881f2587cebd7746033e774767894555968bbf0052237a55ee1697b71c2
SHA256 (FreeBSD-10.0-CURRENT-i386-20121209-release.iso) = e8745fb4ed6efa9aa4eb4e4873e4dcf39d97d381c983326758eb001954ac8405
o 10.0-CURRENT powerpc:
MD5 (FreeBSD-10.0-CURRENT-powerpc-20121211-bootonly.iso) = 6767d524c12c7963dc788b451a7a8384
MD5 (FreeBSD-10.0-CURRENT-powerpc-20121211-release.iso) = 7374f919c36dbd52966db35b86a58f78
SHA256 (FreeBSD-10.0-CURRENT-powerpc-20121211-bootonly.iso) = 509f7e0d9e795ca7fda95e6c68fc94afa914b24eaaddf463a82183475e9d2dc1
SHA256 (FreeBSD-10.0-CURRENT-powerpc-20121211-release.iso) = 2a8955dbb1937cffd205bb518be43dea5c33353bfb44606fabed6f719b9680b0
o 10.0-CURRENT powerpc64:
MD5 (FreeBSD-10.0-CURRENT-powerpc64-20121210-bootonly.iso) = 066fb4da4339b67cb7d33bc7c0947f54
MD5 (FreeBSD-10.0-CURRENT-powerpc64-20121210-release.iso) = db30b252b78fd85eefdbfddd37c91797
SHA256 (FreeBSD-10.0-CURRENT-powerpc64-20121210-bootonly.iso) = 2e3b725f9101afa87932bb3688dcc1ec9ceb40d419d7c7bd5ab808bb85f43513
SHA256 (FreeBSD-10.0-CURRENT-powerpc64-20121210-release.iso) = 36cd42219618524239906bedeb6b9571b1dae41471f9cb025d1dfec8618bf1c4
o 9.1-PRERELEASE amd64:
MD5 (FreeBSD-9.1-PRERELEASE-amd64-20121209-bootonly.iso) = 10e970db2eb68107eed0d010798f30cc
MD5 (FreeBSD-9.1-PRERELEASE-amd64-20121209-memstick) = 07b0422e45a8836daff9e052bd973e1a
MD5 (FreeBSD-9.1-PRERELEASE-amd64-20121209-release.iso) = 1e7f7836d1ad519c5fd01775c7bb7576
SHA256 (FreeBSD-9.1-PRERELEASE-amd64-20121209-bootonly.iso) = 5359dc27d388da44163e5d0b9ecef1dda2eb4a4e83469849c86ad967ff74e26a
SHA256 (FreeBSD-9.1-PRERELEASE-amd64-20121209-memstick) = c6a8c4e5ffffc1a56a4f6efcdbef2736d265d2270693b763ed4171ffea9f94a5
SHA256 (FreeBSD-9.1-PRERELEASE-amd64-20121209-release.iso) = ca180c8958902c32e01629b01b2db4c826aa5817ab1abf03512103f948e87492
o 9.1-PRERELEASE i386:
MD5 (FreeBSD-9.1-PRERELEASE-i386-20121209-bootonly.iso) = 05511515a607399037de2227284aa119
MD5 (FreeBSD-9.1-PRERELEASE-i386-20121209-memstick) = 9b12248a2eb06e5c7f34d48684d3979d
MD5 (FreeBSD-9.1-PRERELEASE-i386-20121209-release.iso) = f4c880b3d6d124d1943e37bc4b5d51a3
SHA256 (FreeBSD-9.1-PRERELEASE-i386-20121209-bootonly.iso) = 1d5e6f52b3567c78c384df34d80ab90fd594d26f8064955118477964a1278939
SHA256 (FreeBSD-9.1-PRERELEASE-i386-20121209-memstick) = 33d86994013df47970e8b780a94649505fc41ca43f922bf3014a6b425dbc80f0
SHA256 (FreeBSD-9.1-PRERELEASE-i386-20121209-release.iso) = 1e8998f069ce885c0d6a8d267d5fe14da9b33ed2dc90a52b501197d67f28090b
Regards,
Glen
--
One OS to rule them all,
On FTP, we'll host them.
One machine to build them all,
And any bugs, we'll find them.
Friday, December 14, 2012
[CentOS-announce] CEEA-2012:1574 CentOS 6 lvm2 Update
CentOS Errata and Enhancement Advisory 2012:1574
Upstream details at : https://rhn.redhat.com/errata/RHEA-2012-1574.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
ba24fc9095930435187b10b930490ce71db6886c1f52b08f8d6610823368a34f cmirror-2.02.95-10.el6_3.3.i686.rpm
d70e3e087de028bec162f52b7a96f9a88553a4750f573a5c9a16ec40ffdb44a6 device-mapper-1.02.74-10.el6_3.3.i686.rpm
15f66f41e661f44d143b961c73b2bcb1fc8a062cfd6a60e2d60ea2590df3b30b device-mapper-devel-1.02.74-10.el6_3.3.i686.rpm
a95f783972e1947dc249374c4c01054987b3f9349cdfd1b83694f8c871499143 device-mapper-event-1.02.74-10.el6_3.3.i686.rpm
2ac7c8ae745e5eef5778da3b652e115c923c79ad400cc16800a754f6556b290a device-mapper-event-devel-1.02.74-10.el6_3.3.i686.rpm
a750e6a9373248e59609fff40fdee368c9f25ddc4f26fe8dac63d6d1705abaf6 device-mapper-event-libs-1.02.74-10.el6_3.3.i686.rpm
ab13af5ccdc1d7a4b20b6c9352a0307ed2f9da3b88874c26eac50c48b8880cf3 device-mapper-libs-1.02.74-10.el6_3.3.i686.rpm
044eea11becb1bacb3436462bb35e0ae0e8c738c54378c5fd434f18ee7647aad lvm2-2.02.95-10.el6_3.3.i686.rpm
45e5d8fa1618ccb6d1798f9ed861356bf7bb59baea0091953f979757fb0c7909 lvm2-cluster-2.02.95-10.el6_3.3.i686.rpm
e3afb23a244b5485918bea9098c5f4d9b869e726be625c23e22f14b75606897a lvm2-devel-2.02.95-10.el6_3.3.i686.rpm
dad61c6a16de262f2140c9fdcd0e686109f0ca2817219d9bbdf618d353506040 lvm2-libs-2.02.95-10.el6_3.3.i686.rpm
x86_64:
3b453125427048216a9347fa6c61ff739137905ac9c2212e2ae7a1bb63a7b2f3 cmirror-2.02.95-10.el6_3.3.x86_64.rpm
daf65bba025ded2fad20df08d8a4db6740a45180cd2ee70f2e5f4d1fe9058f2d device-mapper-1.02.74-10.el6_3.3.x86_64.rpm
15f66f41e661f44d143b961c73b2bcb1fc8a062cfd6a60e2d60ea2590df3b30b device-mapper-devel-1.02.74-10.el6_3.3.i686.rpm
e97b9210b321c9db8487f55a4bda2e9b4cb9d058af38398c6a7d01c826f68d20 device-mapper-devel-1.02.74-10.el6_3.3.x86_64.rpm
73115ca23eb4060db6aae0de3fa3a15efecc6fbfe17e8c3ddff57ccd386375a2 device-mapper-event-1.02.74-10.el6_3.3.x86_64.rpm
2ac7c8ae745e5eef5778da3b652e115c923c79ad400cc16800a754f6556b290a device-mapper-event-devel-1.02.74-10.el6_3.3.i686.rpm
7fd8cf699f1ed1591b9588e5115e60a1763c50c96e0cca44183cc30863b8a851 device-mapper-event-devel-1.02.74-10.el6_3.3.x86_64.rpm
a750e6a9373248e59609fff40fdee368c9f25ddc4f26fe8dac63d6d1705abaf6 device-mapper-event-libs-1.02.74-10.el6_3.3.i686.rpm
e1333c24983b50574ca9dc3c6c247f9c6a3afffd1cf381032c7682159fc1d693 device-mapper-event-libs-1.02.74-10.el6_3.3.x86_64.rpm
ab13af5ccdc1d7a4b20b6c9352a0307ed2f9da3b88874c26eac50c48b8880cf3 device-mapper-libs-1.02.74-10.el6_3.3.i686.rpm
087f6cd7debd0d9d6cbd1299b1a264dc4619a8af0d2b934c814e9b0d5882ef31 device-mapper-libs-1.02.74-10.el6_3.3.x86_64.rpm
bf21b8b4c0a0c383fd78f8295079bc68ddccbcca60ac34920da3525a7574dc07 lvm2-2.02.95-10.el6_3.3.x86_64.rpm
615ed84db76d65af442436ddfb40868980a440ceee64194da707fdc0da9b8e57 lvm2-cluster-2.02.95-10.el6_3.3.x86_64.rpm
e3afb23a244b5485918bea9098c5f4d9b869e726be625c23e22f14b75606897a lvm2-devel-2.02.95-10.el6_3.3.i686.rpm
4f851ea3fddfebf2b4f8504c8d0a0eb86352ad0111d8f7147451115615be915a lvm2-devel-2.02.95-10.el6_3.3.x86_64.rpm
dad61c6a16de262f2140c9fdcd0e686109f0ca2817219d9bbdf618d353506040 lvm2-libs-2.02.95-10.el6_3.3.i686.rpm
08577a92a0b10158d07a0249edd85dff1171ba82989329ee487204fe054984bb lvm2-libs-2.02.95-10.el6_3.3.x86_64.rpm
Source:
0a805019fb956d3ad0cb8bc76fd70802d93232eaf1abbfdfcd5a8fa883104a20 lvm2-2.02.95-10.el6_3.3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHEA-2012-1574.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
ba24fc9095930435187b10b930490ce71db6886c1f52b08f8d6610823368a34f cmirror-2.02.95-10.el6_3.3.i686.rpm
d70e3e087de028bec162f52b7a96f9a88553a4750f573a5c9a16ec40ffdb44a6 device-mapper-1.02.74-10.el6_3.3.i686.rpm
15f66f41e661f44d143b961c73b2bcb1fc8a062cfd6a60e2d60ea2590df3b30b device-mapper-devel-1.02.74-10.el6_3.3.i686.rpm
a95f783972e1947dc249374c4c01054987b3f9349cdfd1b83694f8c871499143 device-mapper-event-1.02.74-10.el6_3.3.i686.rpm
2ac7c8ae745e5eef5778da3b652e115c923c79ad400cc16800a754f6556b290a device-mapper-event-devel-1.02.74-10.el6_3.3.i686.rpm
a750e6a9373248e59609fff40fdee368c9f25ddc4f26fe8dac63d6d1705abaf6 device-mapper-event-libs-1.02.74-10.el6_3.3.i686.rpm
ab13af5ccdc1d7a4b20b6c9352a0307ed2f9da3b88874c26eac50c48b8880cf3 device-mapper-libs-1.02.74-10.el6_3.3.i686.rpm
044eea11becb1bacb3436462bb35e0ae0e8c738c54378c5fd434f18ee7647aad lvm2-2.02.95-10.el6_3.3.i686.rpm
45e5d8fa1618ccb6d1798f9ed861356bf7bb59baea0091953f979757fb0c7909 lvm2-cluster-2.02.95-10.el6_3.3.i686.rpm
e3afb23a244b5485918bea9098c5f4d9b869e726be625c23e22f14b75606897a lvm2-devel-2.02.95-10.el6_3.3.i686.rpm
dad61c6a16de262f2140c9fdcd0e686109f0ca2817219d9bbdf618d353506040 lvm2-libs-2.02.95-10.el6_3.3.i686.rpm
x86_64:
3b453125427048216a9347fa6c61ff739137905ac9c2212e2ae7a1bb63a7b2f3 cmirror-2.02.95-10.el6_3.3.x86_64.rpm
daf65bba025ded2fad20df08d8a4db6740a45180cd2ee70f2e5f4d1fe9058f2d device-mapper-1.02.74-10.el6_3.3.x86_64.rpm
15f66f41e661f44d143b961c73b2bcb1fc8a062cfd6a60e2d60ea2590df3b30b device-mapper-devel-1.02.74-10.el6_3.3.i686.rpm
e97b9210b321c9db8487f55a4bda2e9b4cb9d058af38398c6a7d01c826f68d20 device-mapper-devel-1.02.74-10.el6_3.3.x86_64.rpm
73115ca23eb4060db6aae0de3fa3a15efecc6fbfe17e8c3ddff57ccd386375a2 device-mapper-event-1.02.74-10.el6_3.3.x86_64.rpm
2ac7c8ae745e5eef5778da3b652e115c923c79ad400cc16800a754f6556b290a device-mapper-event-devel-1.02.74-10.el6_3.3.i686.rpm
7fd8cf699f1ed1591b9588e5115e60a1763c50c96e0cca44183cc30863b8a851 device-mapper-event-devel-1.02.74-10.el6_3.3.x86_64.rpm
a750e6a9373248e59609fff40fdee368c9f25ddc4f26fe8dac63d6d1705abaf6 device-mapper-event-libs-1.02.74-10.el6_3.3.i686.rpm
e1333c24983b50574ca9dc3c6c247f9c6a3afffd1cf381032c7682159fc1d693 device-mapper-event-libs-1.02.74-10.el6_3.3.x86_64.rpm
ab13af5ccdc1d7a4b20b6c9352a0307ed2f9da3b88874c26eac50c48b8880cf3 device-mapper-libs-1.02.74-10.el6_3.3.i686.rpm
087f6cd7debd0d9d6cbd1299b1a264dc4619a8af0d2b934c814e9b0d5882ef31 device-mapper-libs-1.02.74-10.el6_3.3.x86_64.rpm
bf21b8b4c0a0c383fd78f8295079bc68ddccbcca60ac34920da3525a7574dc07 lvm2-2.02.95-10.el6_3.3.x86_64.rpm
615ed84db76d65af442436ddfb40868980a440ceee64194da707fdc0da9b8e57 lvm2-cluster-2.02.95-10.el6_3.3.x86_64.rpm
e3afb23a244b5485918bea9098c5f4d9b869e726be625c23e22f14b75606897a lvm2-devel-2.02.95-10.el6_3.3.i686.rpm
4f851ea3fddfebf2b4f8504c8d0a0eb86352ad0111d8f7147451115615be915a lvm2-devel-2.02.95-10.el6_3.3.x86_64.rpm
dad61c6a16de262f2140c9fdcd0e686109f0ca2817219d9bbdf618d353506040 lvm2-libs-2.02.95-10.el6_3.3.i686.rpm
08577a92a0b10158d07a0249edd85dff1171ba82989329ee487204fe054984bb lvm2-libs-2.02.95-10.el6_3.3.x86_64.rpm
Source:
0a805019fb956d3ad0cb8bc76fd70802d93232eaf1abbfdfcd5a8fa883104a20 lvm2-2.02.95-10.el6_3.3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Thursday, December 13, 2012
Fedora Project OpenID Security issue
Greetings,
On 2012-12-12 we discovered a bug in the Fedora Project OpenID
provider. This bug was pulled in with a fix on 2012-10-23. We patched
this problem on 2012-12-12, shortly after its discovery.
While the bug was present, anyone with a valid Fedora Account System
(FAS) account who tried to log into a remote website using any FAS
OpenID identity would have that identity validated by FAS even if the
identity belonged to a *different FAS user*. The fix we put in place
rejects the attempt if the user who logs in does not own the identity
that they requested.
Potentially affected accounts have been notified directly with a list of
their OpenID site requests with time and date for review.
Note that the only applications that Fedora Infrastructure runs that are
a consumer of OpenID are ask.fedoraproject.org and the FUDCon Lawrence
registration app that runs on OpenShift. This bug in no way affected any
of the rest of Fedora Infrastructure.
We have taken the following steps moving forward:
* The bug has been hotfixed. The OpenID provider will now disallow using
an id different from your Fedora Account System id.
* We are working on upstream fixes to the account system to more
robustly handle cases around OpenID.
* We are working upstream to add additional logging so we can more
easily identify issues like this.
For more information about the Fedora Project OpenID provider, see:
http://fedoraproject.org/wiki/OpenID
We apologize for any inconvenience caused by this issue.
If you have any concerns or questions, please contact
admin@fedoraproject.org.
-Robyn Bergeron
--
announce mailing list
announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce
[USN-1665-1] unity-firefox-extension vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQyejvAAoJEGVp2FWnRL6T3OYQAJO+hPT1PESrc5fqjfJT5uLF
ZBaeTryrxMm2+u6Kq83paDgOiB45fVIxMTGcv9VPc2a7UAKVrCwu8j3oOupN//8f
DkvDwI4rnhKZV0dwOYgKDkkaG1YMYgIf5lSvVtG/0tS0dTX6L/4DwII9y7jBD2Sw
Fyp/F2e5+6c+C0qwF4JNHFY+uHu25UFokXDhju96GWkIQ8VFtlVXmbEdG+sgTOio
Sy5Sy5aL9lqsUiBOMVn+YMzwDgyAT3H90Sz+zSzM8/3fbZzdvpR1cCO4GW4B452z
0zgEX5n07fq80Plg5BkQ+mRm7zzpSnZFkBGZDjRzUNQUpQcyqiiH62qE2l0xhW2y
rft4x5IznR8JZceeC5FSqAFTx+6vwDTcV26qG1qoKWMXHgSml5MVYN3rnvrb7ZDy
PF7AZvBofDWmX1WvwWxuS8g24kLt3Syno4j5ioZWMPSnvfBEaof7FaiB3AbPHJUH
C7X3voZInpyYdlS0VexI1m72z4VJM9+asQ6jGFzjGOQdqF/pGzR3xAFLn1eR1wyN
op0XQmTxfNTbN00Cq98uq4ASkveB2qX9T+I1OV3LXYoL7e+NHFcqpb+SMP/eVvyF
XezJ37AhsIcZnwYCiTuU+VG23BY+Ql+QE1tEsO5rSN0vsBvMV/8C7U9ct9YzCaWX
jfK3jyuy2TOdgYZJgeb7
=JWtc
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1665-1
December 13, 2012
unity-firefox-extension vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
Summary:
unity-firefox-extension could be made to expose sensitive information over
the network.
Software Description:
- unity-firefox-extension: Firefox extension: Unity Integration
Details:
It was discovered that unity-firefox-extension bypassed the same origin
policy checks in certain circumstances. If a user were tricked into opening
a malicious page, an attacker could exploit this to steal confidential data
or perform other security-sensitive operations.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
xul-ext-unity 2.4.1-0ubuntu1.2
After a standard system update you need to restart Firefox to make all the
necessary changes.
References:
http://www.ubuntu.com/usn/usn-1665-1
CVE-2012-0958
Package Information:
https://launchpad.net/ubuntu/+source/unity-firefox-extension/2.4.1-0ubuntu1.2
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQyejvAAoJEGVp2FWnRL6T3OYQAJO+hPT1PESrc5fqjfJT5uLF
ZBaeTryrxMm2+u6Kq83paDgOiB45fVIxMTGcv9VPc2a7UAKVrCwu8j3oOupN//8f
DkvDwI4rnhKZV0dwOYgKDkkaG1YMYgIf5lSvVtG/0tS0dTX6L/4DwII9y7jBD2Sw
Fyp/F2e5+6c+C0qwF4JNHFY+uHu25UFokXDhju96GWkIQ8VFtlVXmbEdG+sgTOio
Sy5Sy5aL9lqsUiBOMVn+YMzwDgyAT3H90Sz+zSzM8/3fbZzdvpR1cCO4GW4B452z
0zgEX5n07fq80Plg5BkQ+mRm7zzpSnZFkBGZDjRzUNQUpQcyqiiH62qE2l0xhW2y
rft4x5IznR8JZceeC5FSqAFTx+6vwDTcV26qG1qoKWMXHgSml5MVYN3rnvrb7ZDy
PF7AZvBofDWmX1WvwWxuS8g24kLt3Syno4j5ioZWMPSnvfBEaof7FaiB3AbPHJUH
C7X3voZInpyYdlS0VexI1m72z4VJM9+asQ6jGFzjGOQdqF/pGzR3xAFLn1eR1wyN
op0XQmTxfNTbN00Cq98uq4ASkveB2qX9T+I1OV3LXYoL7e+NHFcqpb+SMP/eVvyF
XezJ37AhsIcZnwYCiTuU+VG23BY+Ql+QE1tEsO5rSN0vsBvMV/8C7U9ct9YzCaWX
jfK3jyuy2TOdgYZJgeb7
=JWtc
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1665-1
December 13, 2012
unity-firefox-extension vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
Summary:
unity-firefox-extension could be made to expose sensitive information over
the network.
Software Description:
- unity-firefox-extension: Firefox extension: Unity Integration
Details:
It was discovered that unity-firefox-extension bypassed the same origin
policy checks in certain circumstances. If a user were tricked into opening
a malicious page, an attacker could exploit this to steal confidential data
or perform other security-sensitive operations.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
xul-ext-unity 2.4.1-0ubuntu1.2
After a standard system update you need to restart Firefox to make all the
necessary changes.
References:
http://www.ubuntu.com/usn/usn-1665-1
CVE-2012-0958
Package Information:
https://launchpad.net/ubuntu/+source/unity-firefox-extension/2.4.1-0ubuntu1.2
Subscribe to:
Posts (Atom)