------------------------------------------------------------------------
The Debian Project http://www.debian.org/
Updated Debian 6.0: 6.0.6 released press@debian.org
September 29th, 2012 http://www.debian.org/News/2012/20120929
------------------------------------------------------------------------
The Debian project is pleased to announce the sixth update of its
stable distribution Debian 6.0 (codename "squeeze"). This update
mainly adds corrections for security problems to the stable release,
along with a few adjustments for serious problems. Security advisories
were already published separately and are referenced where available.
Please note that this update does not constitute a new version of
Debian 6.0 but only updates some of the packages included. There is no
need to throw away 6.0 CDs or DVDs but only to update via an up-to-date
Debian mirror after an installation, to cause any out of date packages
to be updated.
Those who frequently install updates from security.debian.org won't
have to update many packages and most updates from security.debian.org
are included in this update.
New installation media and CD and DVD images containing updated
packages will be available soon at the regular locations.
Upgrading to this revision online is usually done by pointing the
aptitude (or apt) package tool (see the sources.list(5) manual page) to
one of Debian's many FTP or HTTP mirrors. A comprehensive list of
mirrors is available at:
Saturday, September 29, 2012
Friday, September 28, 2012
[opensuse-announce] GNOME 3.6 now also for openSUSE 12.2
Hello GNOMEs!
It's official: GNOME 3.6 has been published for openSUSE 12.2.
Want to read more? Head over to
http://dominique.leuenberger.net/blog/2012/09/gnome-3-6-for-opensuse-12-2/
Enjoy it!
Dominique
It's official: GNOME 3.6 has been published for openSUSE 12.2.
Want to read more? Head over to
http://dominique.leuenberger.net/blog/2012/09/gnome-3-6-for-opensuse-12-2/
Enjoy it!
Dominique
[USN-1551-2] Thunderbird regressions
========================================================================
Ubuntu Security Notice USN-1551-2
September 28, 2012
thunderbird regressions
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
USN-1551-1 introduced regressions in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
USN-1551-1 fixed vulnerabilities in Thunderbird. The new package caused a
regression in the message editor and certain performance regressions as
well. This update fixes the problems.
Original advisory details:
Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew
Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel
Holbert discovered memory safety issues affecting Thunderbird. If the user
were tricked into opening a specially crafted E-Mail, an attacker could
exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking
Thunderbird. (CVE-2012-1970, CVE-2012-1971)
Abhishek Arya discovered multiple use-after-free vulnerabilities. If the
user were tricked into opening a specially crafted E-Mail, an attacker
could exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking
Thunderbird. (CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975,
CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959,
CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)
Ubuntu Security Notice USN-1551-2
September 28, 2012
thunderbird regressions
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
USN-1551-1 introduced regressions in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
USN-1551-1 fixed vulnerabilities in Thunderbird. The new package caused a
regression in the message editor and certain performance regressions as
well. This update fixes the problems.
Original advisory details:
Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew
Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel
Holbert discovered memory safety issues affecting Thunderbird. If the user
were tricked into opening a specially crafted E-Mail, an attacker could
exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking
Thunderbird. (CVE-2012-1970, CVE-2012-1971)
Abhishek Arya discovered multiple use-after-free vulnerabilities. If the
user were tricked into opening a specially crafted E-Mail, an attacker
could exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking
Thunderbird. (CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975,
CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959,
CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)
Thursday, September 27, 2012
Planned Outage: Server reboots - 2012-10-01 21:00 UTC
Planned Outage: Server reboots - 2012-10-01 21:00 UTC
There will be an outage starting at 2012-10-01 21:00 UTC, which will
last approximately 2 hours.
To convert UTC to your local time, take a look at
http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run:
date -d '2012-10-01 21:00 UTC'
Reason for outage:
We will be rebooting servers to pick up on the latest errata/updates.
Services may be up and down during the window, although each service
should only be down for a short time as hosts are rebooted and returned
to service.
Additionally we will be cleaning up the wiki database to correct some
issues from the last upgrade and fix Interwiki results. During this
cleanup the wiki will be offline.
Affected Services:
There will be an outage starting at 2012-10-01 21:00 UTC, which will
last approximately 2 hours.
To convert UTC to your local time, take a look at
http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run:
date -d '2012-10-01 21:00 UTC'
Reason for outage:
We will be rebooting servers to pick up on the latest errata/updates.
Services may be up and down during the window, although each service
should only be down for a short time as hosts are rebooted and returned
to service.
Additionally we will be cleaning up the wiki database to correct some
issues from the last upgrade and fix Interwiki results. During this
cleanup the wiki will be offline.
Affected Services:
Planned Outage: Buildsystem server reboots - 2012-10-02 21:00 UTC
Planned Outage: Buildsystem server reboots - 2012-10-02 21:00 UTC
There will be an outage starting at 2012-10-02 21:00 UTC, which will
last approximately 2 hours.
To convert UTC to your local time, take a look at
http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run:
date -d '2012-10-02 21:00 UTC'
Reason for outage:
We will be rebooting servers to bring them up to the latest
updates/errata.
Affected Services:
There will be an outage starting at 2012-10-02 21:00 UTC, which will
last approximately 2 hours.
To convert UTC to your local time, take a look at
http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run:
date -d '2012-10-02 21:00 UTC'
Reason for outage:
We will be rebooting servers to bring them up to the latest
updates/errata.
Affected Services:
Ubuntu 12.10 (Quantal Quetzal) Beta 2 Released!
The Ubuntu team is pleased to announce the final beta release of Ubuntu
12.10 Desktop, Server, Cloud, and Core products.
Codenamed "Quantal Quetzal", 12.10 continues Ubuntu's proud tradition
of integrating the latest and greatest open source technologies into a
high-quality, easy-to-use Linux distribution. The team has been hard
at work through this cycle, introducing new features and fixing bugs.
With Ubuntu 12.10, Kubuntu, Edubuntu, Lubuntu, Xubuntu and
Ubuntu Studio also reached Beta 2 status today. These images will
continue to have daily updates for the remainder of the release.
Ubuntu Changes
--------------
Some of the new features available since Beta 1 are:
* Quantal Beta-2 includes the 3.5.0-15.23 Ubuntu Linux kernel which
is based on the v3.5.4 upstream Linux kernel.
* Unity has been updated to version 6.6 which contains the new
default web application in the launcher, a new shopping lens,
improvements to the dash and multiple bug fixes.
* GNOME has been updated to 3.5.92 for most components (some to 3.6.0)
* Accessibility is turned on by default.
Please see http://www.ubuntu.com/testing/ for details.
Ubuntu Server and Cloud Images
------------------------------
12.10 Desktop, Server, Cloud, and Core products.
Codenamed "Quantal Quetzal", 12.10 continues Ubuntu's proud tradition
of integrating the latest and greatest open source technologies into a
high-quality, easy-to-use Linux distribution. The team has been hard
at work through this cycle, introducing new features and fixing bugs.
With Ubuntu 12.10, Kubuntu, Edubuntu, Lubuntu, Xubuntu and
Ubuntu Studio also reached Beta 2 status today. These images will
continue to have daily updates for the remainder of the release.
Ubuntu Changes
--------------
Some of the new features available since Beta 1 are:
* Quantal Beta-2 includes the 3.5.0-15.23 Ubuntu Linux kernel which
is based on the v3.5.4 upstream Linux kernel.
* Unity has been updated to version 6.6 which contains the new
default web application in the launcher, a new shopping lens,
improvements to the dash and multiple bug fixes.
* GNOME has been updated to 3.5.92 for most components (some to 3.6.0)
* Accessibility is turned on by default.
Please see http://www.ubuntu.com/testing/ for details.
Ubuntu Server and Cloud Images
------------------------------
[USN-1587-1] libxml2 vulnerability
========================================================================
Ubuntu Security Notice USN-1587-1
September 27, 2012
libxml2 vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Applications using libxml2 could be made to crash or run programs as your
login if they opened a specially crafted file.
Software Description:
- libxml2: GNOME XML library
Details:
Juri Aedla discovered that libxml2 incorrectly handled certain memory
operations. If a user or application linked against libxml2 were tricked
into opening a specially crafted XML file, an attacker could cause the
application to crash or possibly execute arbitrary code with the privileges
of the user invoking the program.
Ubuntu Security Notice USN-1587-1
September 27, 2012
libxml2 vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Applications using libxml2 could be made to crash or run programs as your
login if they opened a specially crafted file.
Software Description:
- libxml2: GNOME XML library
Details:
Juri Aedla discovered that libxml2 incorrectly handled certain memory
operations. If a user or application linked against libxml2 were tricked
into opening a specially crafted XML file, an attacker could cause the
application to crash or possibly execute arbitrary code with the privileges
of the user invoking the program.
[USN-1586-1] Emacs vulnerabilities
========================================================================
Ubuntu Security Notice USN-1586-1
September 27, 2012
emacs23 vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
Summary:
Emacs could be made to run programs as your login if it opened a specially
crafted file.
Software Description:
- emacs23: The GNU Emacs editor (with GTK+ user interface)
Details:
Hiroshi Oota discovered that Emacs incorrectly handled search paths. If a
user were tricked into opening a file with Emacs, a local attacker could
execute arbitrary Lisp code with the privileges of the user invoking the
program. (CVE-2012-0035)
Paul Ling discovered that Emacs incorrectly handled certain eval forms in
local-variable sections. If a user were tricked into opening a specially
crafted file with Emacs, a remote attacker could execute arbitrary Lisp
code with the privileges of the user invoking the program. (CVE-2012-3479)
Ubuntu Security Notice USN-1586-1
September 27, 2012
emacs23 vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
Summary:
Emacs could be made to run programs as your login if it opened a specially
crafted file.
Software Description:
- emacs23: The GNU Emacs editor (with GTK+ user interface)
Details:
Hiroshi Oota discovered that Emacs incorrectly handled search paths. If a
user were tricked into opening a file with Emacs, a local attacker could
execute arbitrary Lisp code with the privileges of the user invoking the
program. (CVE-2012-0035)
Paul Ling discovered that Emacs incorrectly handled certain eval forms in
local-variable sections. If a user were tricked into opening a specially
crafted file with Emacs, a remote attacker could execute arbitrary Lisp
code with the privileges of the user invoking the program. (CVE-2012-3479)
Wednesday, September 26, 2012
[opensuse-announce] Downtime of some openSUSE services on 2012-09-27
Hi,
During the maintenance window on 2012-09-27 from 06:00 UTC to 09:00 UTC
the following services might experience some downtime to move them to
new hardware:
tracker.opensuse.org
apparmor.opensuse.org
connect.opensuse.org
retro.opensuse.org
openbuildservice.org
beans.opensuse.org
The individual downtimes should not be longer than 30minutes.
with kind regards
your openSUSE admin team
--
openSUSE - SUSE Linux is my linux
openSUSE is good for you
www.opensuse.org
During the maintenance window on 2012-09-27 from 06:00 UTC to 09:00 UTC
the following services might experience some downtime to move them to
new hardware:
tracker.opensuse.org
apparmor.opensuse.org
connect.opensuse.org
retro.opensuse.org
openbuildservice.org
beans.opensuse.org
The individual downtimes should not be longer than 30minutes.
with kind regards
your openSUSE admin team
--
openSUSE - SUSE Linux is my linux
openSUSE is good for you
www.opensuse.org
[USN-1585-1] FreeRADIUS vulnerability
========================================================================
Ubuntu Security Notice USN-1585-1
September 26, 2012
freeradius vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
Summary:
FreeRADIUS could be made to crash or run programs if it received
specially crafted network traffic.
Software Description:
- freeradius: a high-performance and highly configurable RADIUS server
Details:
Timo Warns discovered that FreeRADIUS incorrectly handled certain long
timestamps in client certificates. A remote attacker could exploit this
flaw and cause the FreeRADIUS server to crash, resulting in a denial of
service, or possibly execute arbitrary code.
The default compiler options for affected releases should reduce the
vulnerability to a denial of service.
Ubuntu Security Notice USN-1585-1
September 26, 2012
freeradius vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
Summary:
FreeRADIUS could be made to crash or run programs if it received
specially crafted network traffic.
Software Description:
- freeradius: a high-performance and highly configurable RADIUS server
Details:
Timo Warns discovered that FreeRADIUS incorrectly handled certain long
timestamps in client certificates. A remote attacker could exploit this
flaw and cause the FreeRADIUS server to crash, resulting in a denial of
service, or possibly execute arbitrary code.
The default compiler options for affected releases should reduce the
vulnerability to a denial of service.
[USN-1584-1] Transmission vulnerability
========================================================================
Ubuntu Security Notice USN-1584-1
September 26, 2012
transmission vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Transmission could be made to expose sensitive information over the
network.
Software Description:
- transmission: lightweight BitTorrent client
Details:
Justin C. Klein Keane discovered that the Transmission web client
incorrectly escaped certain strings. If a user were tricked into opening a
specially crafted torrent file, an attacker could possibly exploit this to
conduct cross-site scripting (XSS) attacks.
Ubuntu Security Notice USN-1584-1
September 26, 2012
transmission vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Transmission could be made to expose sensitive information over the
network.
Software Description:
- transmission: lightweight BitTorrent client
Details:
Justin C. Klein Keane discovered that the Transmission web client
incorrectly escaped certain strings. If a user were tricked into opening a
specially crafted torrent file, an attacker could possibly exploit this to
conduct cross-site scripting (XSS) attacks.
[CentOS-announce] CEBA-2012:1313 CentOS 6 rpmdevtools FASTTRACK Update
CentOS Errata and Bugfix Advisory 2012:1313
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1313.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
de1c8a5ae9a58359162629d7584516f1c6462724fb083b248a17f07e9af0f978 rpmdevtools-7.5-2.el6.noarch.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1313.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
de1c8a5ae9a58359162629d7584516f1c6462724fb083b248a17f07e9af0f978 rpmdevtools-7.5-2.el6.noarch.rpm
[CentOS-announce] CEBA-2012:1311 CentOS 6 gnome-terminal FASTTRACK Update
CentOS Errata and Bugfix Advisory 2012:1311
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1311.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
2df9f8c69f3528230cadfb12187e616590018854dd8498dc523341e110d889b9 gnome-terminal-2.31.3-8.el6.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1311.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
2df9f8c69f3528230cadfb12187e616590018854dd8498dc523341e110d889b9 gnome-terminal-2.31.3-8.el6.i686.rpm
[CentOS-announce] CEBA-2012:1312 CentOS 6 telnet Update
CentOS Errata and Bugfix Advisory 2012:1312
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1312.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
9bdc032546d3c0bcd7872d43ac8108cf271308ed6dfc7a6b958ea2f3a4b6cfe3 telnet-0.17-47.el6_3.1.i686.rpm
f869d44bc180729c9be861d207d10f891844d5f3d050c60799ef095feb0bfae0 telnet-server-0.17-47.el6_3.1.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1312.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
9bdc032546d3c0bcd7872d43ac8108cf271308ed6dfc7a6b958ea2f3a4b6cfe3 telnet-0.17-47.el6_3.1.i686.rpm
f869d44bc180729c9be861d207d10f891844d5f3d050c60799ef095feb0bfae0 telnet-server-0.17-47.el6_3.1.i686.rpm
Tuesday, September 25, 2012
[USN-1583-1] Ruby vulnerabilities
========================================================================
Ubuntu Security Notice USN-1583-1
September 26, 2012
ruby1.9.1 vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in ruby1.9.1
Software Description:
- ruby1.9.1: Interpreter of object-oriented scripting language Ruby
Details:
It was discovered that Ruby incorrectly allowed untainted strings to be
modified in protective safe levels. An attacker could use this flaw to bypass
intended access restrictions. (CVE-2011-1005)
John Firebaugh discovered that the RubyGems remote gem fetcher did not properly
verify SSL certificates. A remote attacker could exploit this to perform a man
in the middle attack to alter gem files being downloaded for installation.
(CVE-2012-2126)
John Firebaugh discovered that the RubyGems remote gem fetcher allowed
redirection from HTTPS to HTTP. A remote attacker could exploit this to perform
a man in the middle attack to alter gem files being downloaded for
installation. (CVE-2012-2125)
Ubuntu Security Notice USN-1583-1
September 26, 2012
ruby1.9.1 vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in ruby1.9.1
Software Description:
- ruby1.9.1: Interpreter of object-oriented scripting language Ruby
Details:
It was discovered that Ruby incorrectly allowed untainted strings to be
modified in protective safe levels. An attacker could use this flaw to bypass
intended access restrictions. (CVE-2011-1005)
John Firebaugh discovered that the RubyGems remote gem fetcher did not properly
verify SSL certificates. A remote attacker could exploit this to perform a man
in the middle attack to alter gem files being downloaded for installation.
(CVE-2012-2126)
John Firebaugh discovered that the RubyGems remote gem fetcher allowed
redirection from HTTPS to HTTP. A remote attacker could exploit this to perform
a man in the middle attack to alter gem files being downloaded for
installation. (CVE-2012-2125)
[USN-1582-1] RubyGems vulnerabilities
========================================================================
Ubuntu Security Notice USN-1582-1
September 26, 2012
rubygems vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
RubyGems could be made to download and install malicious gem files.
Software Description:
- rubygems: package management framework for Ruby libraries/applications
Details:
John Firebaugh discovered that the RubyGems remote gem fetcher did not properly
verify SSL certificates. A remote attacker could exploit this to perform a man
in the middle attack to alter gem files being downloaded for installation.
(CVE-2012-2126)
John Firebaugh discovered that the RubyGems remote gem fetcher allowed
redirection from HTTPS to HTTP. A remote attacker could exploit this to perform
a man in the middle attack to alter gem files being downloaded for
installation. (CVE-2012-2125)
Ubuntu Security Notice USN-1582-1
September 26, 2012
rubygems vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
RubyGems could be made to download and install malicious gem files.
Software Description:
- rubygems: package management framework for Ruby libraries/applications
Details:
John Firebaugh discovered that the RubyGems remote gem fetcher did not properly
verify SSL certificates. A remote attacker could exploit this to perform a man
in the middle attack to alter gem files being downloaded for installation.
(CVE-2012-2126)
John Firebaugh discovered that the RubyGems remote gem fetcher allowed
redirection from HTTPS to HTTP. A remote attacker could exploit this to perform
a man in the middle attack to alter gem files being downloaded for
installation. (CVE-2012-2125)
[CentOS-announce] CESA-2012:1304 Moderate CentOS 6 kernel Update
CentOS Errata and Security Advisory 2012:1304 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1304.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
30847f09d53179063a07bd1011e1ffa1c81795533b91b308883d7eb7ceab0e5d kernel-2.6.32-279.9.1.el6.i686.rpm
915c029d6d6143368fbb574d38eb35cf54e6127143e568476497aa2c4e61462e kernel-debug-2.6.32-279.9.1.el6.i686.rpm
852ea4a7b9b439c269d671d08ab09989e3dcaa6684994ef5dcd4200152ab7d17 kernel-debug-devel-2.6.32-279.9.1.el6.i686.rpm
aa0c2a110fb9ffbb9fc2294d96fbaaab41b6b3e4326423103fbab37d82fa46b9 kernel-devel-2.6.32-279.9.1.el6.i686.rpm
d4cea4f1ababa6896440209d4450aae094f1a7cf2797a8afcbb47ac659f863b2 kernel-doc-2.6.32-279.9.1.el6.noarch.rpm
ff38d879cfa8f156ab20dc672442bcc17156262e4f18b1606e963a922728af02 kernel-firmware-2.6.32-279.9.1.el6.noarch.rpm
2cdb2a60730195b7186d546b6f1c938ff454b06b80062b683d859b9d0e894b05 kernel-headers-2.6.32-279.9.1.el6.i686.rpm
35ebfaaa7019f1fefdbb086bdf1e74f56fd62a3dbfcba071f4611e8447cc4b45 perf-2.6.32-279.9.1.el6.i686.rpm
a1c0181c22510e1455380e467adde728bd073467a8234471dc37d5cac02f41e9 python-perf-2.6.32-279.9.1.el6.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1304.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
30847f09d53179063a07bd1011e1ffa1c81795533b91b308883d7eb7ceab0e5d kernel-2.6.32-279.9.1.el6.i686.rpm
915c029d6d6143368fbb574d38eb35cf54e6127143e568476497aa2c4e61462e kernel-debug-2.6.32-279.9.1.el6.i686.rpm
852ea4a7b9b439c269d671d08ab09989e3dcaa6684994ef5dcd4200152ab7d17 kernel-debug-devel-2.6.32-279.9.1.el6.i686.rpm
aa0c2a110fb9ffbb9fc2294d96fbaaab41b6b3e4326423103fbab37d82fa46b9 kernel-devel-2.6.32-279.9.1.el6.i686.rpm
d4cea4f1ababa6896440209d4450aae094f1a7cf2797a8afcbb47ac659f863b2 kernel-doc-2.6.32-279.9.1.el6.noarch.rpm
ff38d879cfa8f156ab20dc672442bcc17156262e4f18b1606e963a922728af02 kernel-firmware-2.6.32-279.9.1.el6.noarch.rpm
2cdb2a60730195b7186d546b6f1c938ff454b06b80062b683d859b9d0e894b05 kernel-headers-2.6.32-279.9.1.el6.i686.rpm
35ebfaaa7019f1fefdbb086bdf1e74f56fd62a3dbfcba071f4611e8447cc4b45 perf-2.6.32-279.9.1.el6.i686.rpm
a1c0181c22510e1455380e467adde728bd073467a8234471dc37d5cac02f41e9 python-perf-2.6.32-279.9.1.el6.i686.rpm
[opensuse-announce] GNOME 3.6 Enters GNOME:Factory
(Originally posted by Dominique Leuenberger)
Hi GNOMEs!
I know you are all eagerly awaiting it!
* AND IT JUST HAPPENED *
GNOME 3.6 (at least what has been released so far; official release date
is tomorrow, so there can still some more packages appear) has been
submitted and accepted into GNOME:Factory.
* FACTORY USERS *
GNOME:Factory, as you all know, is the staging project where all
packages are being tested against each other and, once deemed working,
be forwarded to openSUSE:Factory, to be included into our next release
of openSUSE.
GNOME:Factory is NOT compatible to 12.2 (due to dependencies).
* BUT *
Hi GNOMEs!
I know you are all eagerly awaiting it!
* AND IT JUST HAPPENED *
GNOME 3.6 (at least what has been released so far; official release date
is tomorrow, so there can still some more packages appear) has been
submitted and accepted into GNOME:Factory.
* FACTORY USERS *
GNOME:Factory, as you all know, is the staging project where all
packages are being tested against each other and, once deemed working,
be forwarded to openSUSE:Factory, to be included into our next release
of openSUSE.
GNOME:Factory is NOT compatible to 12.2 (due to dependencies).
* BUT *
[CentOS-announce] CEBA-2012:1309 CentOS 6 lm_sensors FASTTRACK Update
CentOS Errata and Bugfix Advisory 2012:1309
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1309.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
a41983848e162aabb0fe146db72c0aa38189dde131820336cc550c29f2a7cd43 lm_sensors-3.1.1-17.el6.i686.rpm
2bd420a94bd6855291835a29e709feb134cd028f2321b16045022bc28a52c2d6 lm_sensors-devel-3.1.1-17.el6.i686.rpm
fc9c610f6bcec312fd60d296fed218177721b6468735679bfbe6e640361c300a lm_sensors-libs-3.1.1-17.el6.i686.rpm
7a3679c29097b24e69a045730782e89b7a9cc9af278795e572651e8a35517b69 lm_sensors-sensord-3.1.1-17.el6.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1309.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
a41983848e162aabb0fe146db72c0aa38189dde131820336cc550c29f2a7cd43 lm_sensors-3.1.1-17.el6.i686.rpm
2bd420a94bd6855291835a29e709feb134cd028f2321b16045022bc28a52c2d6 lm_sensors-devel-3.1.1-17.el6.i686.rpm
fc9c610f6bcec312fd60d296fed218177721b6468735679bfbe6e640361c300a lm_sensors-libs-3.1.1-17.el6.i686.rpm
7a3679c29097b24e69a045730782e89b7a9cc9af278795e572651e8a35517b69 lm_sensors-sensord-3.1.1-17.el6.i686.rpm
Fedora 18 for Power Alpha Announcement
In quick succession to the Fedora 18 "Spherical Cow" Alpha release on primary architectures the Fedora Secondary Arch team proudly presents the Fedora 18 "Spherical Cow" PowerPC Alpha release!
Already mooo-tivated to give F18 Alpha a try? Great! We still hope that you'll read onwards; there are fabulous features in this release you may want to know about, as well as important information regarding specific, common F18 Alpha installation issues and bugs, all of which are detailed in this release announcement.
*** What is the Alpha Release? ***
Fedora 18 adds many new and improved features for a variety of audiences. The release annoucement for the primary architecture already listed all the cool new features and commone known issues
and bugs, so please refer to http://lists.fedoraproject.org/pipermail/test-announce/2012-September/000518.html for the details.
The highlight on the feature side for the PowerPC side this time is
*** Known Issues and Bugs for PowerPC ***
We know that many of you are moo-tivated to download and try the Alpha release of "Spherical Cow"; to help you avoid stepping into any sticky issues, we'd like to highlight a few specific issues, before you moooove on to the downloads page. Information about these, and other common bugs, including bug reports and workarounds for known issues where available, are detailed on the Common F18 Bugs page, as well as in the Alpha release notes; links to both pages are provided below.
**** Common issues ****
**** PowerPC specific issues ****
*** Contributing ***
Great releases like Fedora 18 don't get made in a vacuum. We can't do it without you! Bug reports are especially helpful as we move from the theory to the applied physics. If you encounter any issues, please report them!
Fedora is a fantastic, friendly community, and we have many ways in which you can contribute, including Documentation, Marketing, Design, QA, Development, and more.
To learn how to help us, visit: http://join.fedoraproject.org/
If you're specifically interested in contacting the Fedora Secondary Arch team for PowerPC feel free to pay us a visit on the #fedora-ppc IRC channel on FreeNode and via our email list:
https://admin.fedoraproject.org/mailman/listinfo/ppc
And we have our Secondary Arch wiki with (decently) updated information: http://fedoraproject.org/wiki/Architectures/PowerPC And last but not least, a big thanks to the whole team and everyone else contributing to making this release happen.
Thanks & regards, Phil
--
Philipp Knirsch | Tel.: +49-711-96437-470
Manager Core Services | Fax.: +49-711-96437-111
Red Hat GmbH | Email: Phil Knirsch <pknirsch@redhat.com>
Hauptstaetterstr. 58 | Web: http://www.redhat.com/
D-70178 Stuttgart, Germany
Already mooo-tivated to give F18 Alpha a try? Great! We still hope that you'll read onwards; there are fabulous features in this release you may want to know about, as well as important information regarding specific, common F18 Alpha installation issues and bugs, all of which are detailed in this release announcement.
*** What is the Alpha Release? ***
Fedora 18 adds many new and improved features for a variety of audiences. The release annoucement for the primary architecture already listed all the cool new features and commone known issues
and bugs, so please refer to http://lists.fedoraproject.org/pipermail/test-announce/2012-September/000518.html for the details.
The highlight on the feature side for the PowerPC side this time is
- Power7 optimized ppc64p7 is added as a supported platform for Fedora 18 packages.
- The installer uses tmux to switch between the installer window, a bash prompt, and other windows which capture log files. Read more about tmux here: http://tmux.sourceforge.net/
- The installer's command line parameters are changing. Read more about the change here: http://wwoods.fedorapeople.org/doc/boot-options.html
- The name of the package group has changed from @base to @standard. This will affect kickstart files as well.
*** Known Issues and Bugs for PowerPC ***
We know that many of you are moo-tivated to download and try the Alpha release of "Spherical Cow"; to help you avoid stepping into any sticky issues, we'd like to highlight a few specific issues, before you moooove on to the downloads page. Information about these, and other common bugs, including bug reports and workarounds for known issues where available, are detailed on the Common F18 Bugs page, as well as in the Alpha release notes; links to both pages are provided below.
**** Common issues ****
- Utilizing automatic partitioning during installation will reformat all selected disks on which to install without any further warning; ALL EXISTING DATA ON THE DISKS WILL BE LOST. At this time, there is no option presented to use free space on the disks, or to resize existing partitions. A workaround solution exists.
- This release features a new user interface for the anaconda installer, which will significantly enhance the end-user installation experience. Known issues relating to the new installer user interface include:
- For non-graphical installations, a root password must be set to be able to login; for graphical installations, the first user should be set as an adminstrative user. This is currently the default setup during installation.
- There is no anaconda-based upgrade or preupgrade to F18 Alpha; if you must upgrade an installed system, you should use yum.
- The new installer user interface is still undergoing work; the Alpha release may not necessarily duplicate exactly the implementation seen in the Final release of Fedora 18 in November.
**** PowerPC specific issues ****
- Due to a missing check in lorax the install images are currently being built with a ppc64p7 kernel, so booting the install images on anything smaller than Power7 will fail at the moment. This is something we're going to fix asap after Alpha, so for Beta and RC the install images will again contain the generic ppc64 kernel. A possible workaround for older systems is to skip the install via anaconda and update a Fedora 17 to a Fedora 18 Alpha.
- Installation fails on multipath devices.
- If you want to install graphically using vnc, you must pass the 'inst.vnc' parameter to anaconda at boot time. The screen to start vnc is no longer in anaconda
- It is not required to set the root password in the anaconda installer. However, there is a defect where the firstboot utility is not performed in text console boot after install. Therefore, you must set the root password during install For more information, including information about other common and known bugs, tips on how to report bugs, and the official release schedule,
- please refer to the release notes: http://fedoraproject.org/wiki/Fedora_18_Alpha_release_notes and for the PowerPC specific issues please check out https://fedoraproject.org/wiki/Fedora_18_Alpha_PPC_release_notes
- A shorter list of common bugs can be found here: http://fedoraproject.org/wiki/Common_F18_bugs
*** Contributing ***
Great releases like Fedora 18 don't get made in a vacuum. We can't do it without you! Bug reports are especially helpful as we move from the theory to the applied physics. If you encounter any issues, please report them!
Fedora is a fantastic, friendly community, and we have many ways in which you can contribute, including Documentation, Marketing, Design, QA, Development, and more.
To learn how to help us, visit: http://join.fedoraproject.org/
If you're specifically interested in contacting the Fedora Secondary Arch team for PowerPC feel free to pay us a visit on the #fedora-ppc IRC channel on FreeNode and via our email list:
https://admin.fedoraproject.org/mailman/listinfo/ppc
And we have our Secondary Arch wiki with (decently) updated information: http://fedoraproject.org/wiki/Architectures/PowerPC And last but not least, a big thanks to the whole team and everyone else contributing to making this release happen.
Thanks & regards, Phil
--
Philipp Knirsch | Tel.: +49-711-96437-470
Manager Core Services | Fax.: +49-711-96437-111
Red Hat GmbH | Email: Phil Knirsch <pknirsch@redhat.com>
Hauptstaetterstr. 58 | Web: http://www.redhat.com/
D-70178 Stuttgart, Germany
Monday, September 24, 2012
[USN-1581-1] Ghostscript vulnerability
=======================================================================
Ubuntu Security Notice USN-1581-1
September 24, 2012
ghostscript vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Ghostscript could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- ghostscript: The GPL Ghostscript PostScript/PDF interpreter
Details:
Marc Schönefeld discovered that Ghostscript did not correctly handle
certain image files. If a user or automated system were tricked into
opening a specially crafted file, an attacker could cause a denial of
service and possibly execute arbitrary code with user privileges.
Ubuntu Security Notice USN-1581-1
September 24, 2012
ghostscript vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Ghostscript could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- ghostscript: The GPL Ghostscript PostScript/PDF interpreter
Details:
Marc Schönefeld discovered that Ghostscript did not correctly handle
certain image files. If a user or automated system were tricked into
opening a specially crafted file, an attacker could cause a denial of
service and possibly execute arbitrary code with user privileges.
[CentOS-announce] CEBA-2012:1305 CentOS 6 openswan Update
CentOS Errata and Bugfix Advisory 2012:1305
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1305.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
aef3aa508dc0572473995acf4426362144f32b80db3db3ff61e37f9e393d8bca openswan-2.6.32-19.el6_3.i686.rpm
62dc21493f42dc9213701c182bcdff77f2cae02a230ea4b779edce94d0030686 openswan-doc-2.6.32-19.el6_3.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1305.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
aef3aa508dc0572473995acf4426362144f32b80db3db3ff61e37f9e393d8bca openswan-2.6.32-19.el6_3.i686.rpm
62dc21493f42dc9213701c182bcdff77f2cae02a230ea4b779edce94d0030686 openswan-doc-2.6.32-19.el6_3.i686.rpm
Friday, September 21, 2012
[USN-1580-1] Linux kernel (OMAP4) vulnerabilities
========================================================================
Ubuntu Security Notice USN-1580-1
September 21, 2012
linux-ti-omap4 vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4
Details:
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
Ubuntu Security Notice USN-1580-1
September 21, 2012
linux-ti-omap4 vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4
Details:
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
[USN-1579-1] Linux kernel vulnerabilities
========================================================================
Ubuntu Security Notice USN-1579-1
September 21, 2012
linux vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
Ubuntu Security Notice USN-1579-1
September 21, 2012
linux vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
[USN-1578-1] Linux kernel (OMAP4) vulnerabilities
========================================================================
Ubuntu Security Notice USN-1578-1
September 21, 2012
linux-ti-omap4 vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4
Details:
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
Ubuntu Security Notice USN-1578-1
September 21, 2012
linux-ti-omap4 vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4
Details:
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
[opensuse-announce] Announcing Vincent Untz as new openSUSE Board Charman
This week Alan Clark announced to the openSUSE Board that he is stepping
down from his position as Board Chair. His duties in SUSE keep him
increasingly busy and SUSE has decided, after almost two years, the time has
come for someone else to take on his role.
So, after thinking about what skills are most relevant for the openSUSE
Board right now and who would fit in best, SUSE managers Michael Miller
(Marketing and Product Management) and Ralf Flaxa (Engineering) have brought
in former GNOME Foundation Chairman Vincent Untz to take on the role as
chair. The Board is very pleased having someone with the skills and
experience of Vincent on board!
down from his position as Board Chair. His duties in SUSE keep him
increasingly busy and SUSE has decided, after almost two years, the time has
come for someone else to take on his role.
So, after thinking about what skills are most relevant for the openSUSE
Board right now and who would fit in best, SUSE managers Michael Miller
(Marketing and Product Management) and Ralf Flaxa (Engineering) have brought
in former GNOME Foundation Chairman Vincent Untz to take on the role as
chair. The Board is very pleased having someone with the skills and
experience of Vincent on board!
[USN-1577-1] Linux kernel (OMAP4) vulnerabilities
-========================================================================
Ubuntu Security Notice USN-1577-1
September 21, 2012
linux-ti-omap4 vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4
Details:
A flaw was discovered in the Linux kernel's KVM (kernel virtual machine).
An administrative user in the guest OS could leverage this flaw to cause a
denial of service in the host OS. (CVE-2012-2121)
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
A flaw was discovered in the madvise feature of the Linux kernel's memory
subsystem. An unprivileged local use could exploit the flaw to cause a
denial of service (crash the system). (CVE-2012-3511)
Ubuntu Security Notice USN-1577-1
September 21, 2012
linux-ti-omap4 vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-ti-omap4: Linux kernel for OMAP4
Details:
A flaw was discovered in the Linux kernel's KVM (kernel virtual machine).
An administrative user in the guest OS could leverage this flaw to cause a
denial of service in the host OS. (CVE-2012-2121)
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
A flaw was discovered in the madvise feature of the Linux kernel's memory
subsystem. An unprivileged local use could exploit the flaw to cause a
denial of service (crash the system). (CVE-2012-3511)
[CentOS-announce] CEBA-2012:1302 CentOS 6 cvs FASTTRACK Update
CentOS Errata and Bugfix Advisory 2012:1302
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1302.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
cef98ad1b8da26a05f54c89b93922c3362bbf6c4ec40078fdaef5cf32d90b4d5 cvs-1.11.23-15.el6.i686.rpm
085a80bda8cf4627a71ddcb078f4a5c13fdf7b69da5faf4b8fbbee43febd11ea cvs-inetd-1.11.23-15.el6.noarch.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1302.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
cef98ad1b8da26a05f54c89b93922c3362bbf6c4ec40078fdaef5cf32d90b4d5 cvs-1.11.23-15.el6.i686.rpm
085a80bda8cf4627a71ddcb078f4a5c13fdf7b69da5faf4b8fbbee43febd11ea cvs-inetd-1.11.23-15.el6.noarch.rpm
[CentOS-announce] CEBA-2012:1303 CentOS 5 perl-LDAP Update
CentOS Errata and Bugfix Advisory 2012:1303
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1303.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
ecedb15f467cd4069263127e663047c2aa10b5e2db886e56a6c948b8e07c3f80 perl-LDAP-0.33-4.el5_8.noarch.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1303.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
ecedb15f467cd4069263127e663047c2aa10b5e2db886e56a6c948b8e07c3f80 perl-LDAP-0.33-4.el5_8.noarch.rpm
Thursday, September 20, 2012
[USN-1576-1] DBus vulnerability
========================================================================
Ubuntu Security Notice USN-1576-1
September 20, 2012
dbus vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
DBus could be made to run programs as an administrator.
Software Description:
- dbus: simple interprocess messaging system
Ubuntu Security Notice USN-1576-1
September 20, 2012
dbus vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
DBus could be made to run programs as an administrator.
Software Description:
- dbus: simple interprocess messaging system
[CentOS-announce] CESA-2012:1288 Moderate CentOS 6 libxml2 Update
CentOS Errata and Security Advisory 2012:1288 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1288.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
2b6de2c0535cb046fe2f14403593c7bf861642a053c3d3bc8a33de2bf7bf7195 libxml2-2.7.6-8.el6_3.3.i686.rpm
02aa9a568651f51b4e5e8703afa54ea3019a855183e4573922c2bdd0a27b6b4a libxml2-devel-2.7.6-8.el6_3.3.i686.rpm
02f314003fd9b49cc0c0ab68b02da4f6e1ffdaf0d0a66317218d2b1f8a8c7a0a libxml2-python-2.7.6-8.el6_3.3.i686.rpm
75c282ddd44ef390f20a2fce1cf17a74241fb99edf30785508d2bed1b954fc7c libxml2-static-2.7.6-8.el6_3.3.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1288.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
2b6de2c0535cb046fe2f14403593c7bf861642a053c3d3bc8a33de2bf7bf7195 libxml2-2.7.6-8.el6_3.3.i686.rpm
02aa9a568651f51b4e5e8703afa54ea3019a855183e4573922c2bdd0a27b6b4a libxml2-devel-2.7.6-8.el6_3.3.i686.rpm
02f314003fd9b49cc0c0ab68b02da4f6e1ffdaf0d0a66317218d2b1f8a8c7a0a libxml2-python-2.7.6-8.el6_3.3.i686.rpm
75c282ddd44ef390f20a2fce1cf17a74241fb99edf30785508d2bed1b954fc7c libxml2-static-2.7.6-8.el6_3.3.i686.rpm
Wednesday, September 19, 2012
[CentOS-announce] CESA-2012:1269 Moderate CentOS 6 qpid Update
CentOS Errata and Security Advisory 2012:1269 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1269.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
293df4e212d169d2c52478b2370a4836f6e9583c04397bf087edb7a2c306946c python-qpid-0.14-11.el6_3.noarch.rpm
da4549ce7efea26c92b7df8e91188f561c5cd189a46ee497bce517ed34c11ef2 python-qpid-qmf-0.14-14.el6_3.i686.rpm
c19ed1370e192a03712489857eff1fdbad8c7d5812fd7b4fed1156d0d211d57d qpid-cpp-client-0.14-22.el6_3.i686.rpm
187ad34dabd277e532218cb08d6d6d0746b3fe773c0462867b6a26c7f47c2d8c qpid-cpp-client-devel-0.14-22.el6_3.i686.rpm
fcad512736d954705997f3390a672fdb1e362b93e078a23a227e0ff7e52ca8d1 qpid-cpp-client-devel-docs-0.14-22.el6_3.noarch.rpm
676aa2646560a854b1d66597ad777d931aa653d63aef82959add591a44e29141 qpid-cpp-client-rdma-0.14-22.el6_3.i686.rpm
1067307efa95a62dbc53f502a547b080afaf698b46ea9baa8e0a8c4da895fd47 qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm
351b2c45b98b6632fd470ea60c35182405ba2e6bc2445bb4aaac37ab41f2307d qpid-cpp-server-0.14-22.el6_3.i686.rpm
760c8ec7212bd3a0775b6cf4d62e53c8c8bf6a5f87920c9c73a8753d2205734c qpid-cpp-server-cluster-0.14-22.el6_3.i686.rpm
0a9d3b9906dab99e86c60c1ce5d6b2977ad1b23e1d9628ee70fa2046dd8b440e qpid-cpp-server-devel-0.14-22.el6_3.i686.rpm
8e17fd53d67f0220bb3e8858406069b4d727c044ff89150589a7b5c9d30101e6 qpid-cpp-server-rdma-0.14-22.el6_3.i686.rpm
9a9df61841991f2ad15ccbd2c84a41ea14a5d4b43a0358249c941abd9c016960 qpid-cpp-server-ssl-0.14-22.el6_3.i686.rpm
dc05460b3acd710f55c04a2012f1cc20441eecf23cb1c7c8e6fdac9c3fde13c7 qpid-cpp-server-store-0.14-22.el6_3.i686.rpm
e8a201b5fbb71f5daf26a1dbdae19200d207b856882c42283c20a121a062077d qpid-cpp-server-xml-0.14-22.el6_3.i686.rpm
51e2bd60d84c08d917cdd0cd9932dd064e5f6a3fa04f76b6f4394225cfd71887 qpid-qmf-0.14-14.el6_3.i686.rpm
f98a886f92f3f5ea3737dd1a2d537be355df7f1ced42c3e2f0a59f665f03bf82 qpid-qmf-devel-0.14-14.el6_3.i686.rpm
4e322cf51b601076ed84bb3ba735962a40397891db425b73b3130b7aacc18170 qpid-tools-0.14-6.el6_3.noarch.rpm
f36117dff040729d7c4aa58edc2d3019293f0962e8cea6491ad0d8e602f7a0f7 rh-qpid-cpp-tests-0.14-22.el6_3.i686.rpm
753a489ca9df4fc7352c3e0b0abd075682a13a690a94d43f51c2efe61b267f50 ruby-qpid-qmf-0.14-14.el6_3.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1269.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
293df4e212d169d2c52478b2370a4836f6e9583c04397bf087edb7a2c306946c python-qpid-0.14-11.el6_3.noarch.rpm
da4549ce7efea26c92b7df8e91188f561c5cd189a46ee497bce517ed34c11ef2 python-qpid-qmf-0.14-14.el6_3.i686.rpm
c19ed1370e192a03712489857eff1fdbad8c7d5812fd7b4fed1156d0d211d57d qpid-cpp-client-0.14-22.el6_3.i686.rpm
187ad34dabd277e532218cb08d6d6d0746b3fe773c0462867b6a26c7f47c2d8c qpid-cpp-client-devel-0.14-22.el6_3.i686.rpm
fcad512736d954705997f3390a672fdb1e362b93e078a23a227e0ff7e52ca8d1 qpid-cpp-client-devel-docs-0.14-22.el6_3.noarch.rpm
676aa2646560a854b1d66597ad777d931aa653d63aef82959add591a44e29141 qpid-cpp-client-rdma-0.14-22.el6_3.i686.rpm
1067307efa95a62dbc53f502a547b080afaf698b46ea9baa8e0a8c4da895fd47 qpid-cpp-client-ssl-0.14-22.el6_3.i686.rpm
351b2c45b98b6632fd470ea60c35182405ba2e6bc2445bb4aaac37ab41f2307d qpid-cpp-server-0.14-22.el6_3.i686.rpm
760c8ec7212bd3a0775b6cf4d62e53c8c8bf6a5f87920c9c73a8753d2205734c qpid-cpp-server-cluster-0.14-22.el6_3.i686.rpm
0a9d3b9906dab99e86c60c1ce5d6b2977ad1b23e1d9628ee70fa2046dd8b440e qpid-cpp-server-devel-0.14-22.el6_3.i686.rpm
8e17fd53d67f0220bb3e8858406069b4d727c044ff89150589a7b5c9d30101e6 qpid-cpp-server-rdma-0.14-22.el6_3.i686.rpm
9a9df61841991f2ad15ccbd2c84a41ea14a5d4b43a0358249c941abd9c016960 qpid-cpp-server-ssl-0.14-22.el6_3.i686.rpm
dc05460b3acd710f55c04a2012f1cc20441eecf23cb1c7c8e6fdac9c3fde13c7 qpid-cpp-server-store-0.14-22.el6_3.i686.rpm
e8a201b5fbb71f5daf26a1dbdae19200d207b856882c42283c20a121a062077d qpid-cpp-server-xml-0.14-22.el6_3.i686.rpm
51e2bd60d84c08d917cdd0cd9932dd064e5f6a3fa04f76b6f4394225cfd71887 qpid-qmf-0.14-14.el6_3.i686.rpm
f98a886f92f3f5ea3737dd1a2d537be355df7f1ced42c3e2f0a59f665f03bf82 qpid-qmf-devel-0.14-14.el6_3.i686.rpm
4e322cf51b601076ed84bb3ba735962a40397891db425b73b3130b7aacc18170 qpid-tools-0.14-6.el6_3.noarch.rpm
f36117dff040729d7c4aa58edc2d3019293f0962e8cea6491ad0d8e602f7a0f7 rh-qpid-cpp-tests-0.14-22.el6_3.i686.rpm
753a489ca9df4fc7352c3e0b0abd075682a13a690a94d43f51c2efe61b267f50 ruby-qpid-qmf-0.14-14.el6_3.i686.rpm
[USN-1575-1] Linux kernel (Oneiric backport) vulnerabilities
========================================================================
Ubuntu Security Notice USN-1575-1
September 19, 2012
linux-lts-backport-oneiric vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-lts-backport-oneiric: Linux kernel backport from Oneiric
Details:
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
Ubuntu Security Notice USN-1575-1
September 19, 2012
linux-lts-backport-oneiric vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-lts-backport-oneiric: Linux kernel backport from Oneiric
Details:
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
[USN-1574-1] Linux kernel (Natty backport) vulnerabilities
========================================================================
Ubuntu Security Notice USN-1574-1
September 19, 2012
linux-lts-backport-natty vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-lts-backport-natty: Linux kernel backport from Natty
Details:
A flaw was found in how the Linux kernel passed the replacement session
keyring to a child process. An unprivileged local user could exploit this
flaw to cause a denial of service (panic). (CVE-2012-2745)
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
A flaw was discovered in the madvise feature of the Linux kernel's memory
subsystem. An unprivileged local use could exploit the flaw to cause a
denial of service (crash the system). (CVE-2012-3511)
Ubuntu Security Notice USN-1574-1
September 19, 2012
linux-lts-backport-natty vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-lts-backport-natty: Linux kernel backport from Natty
Details:
A flaw was found in how the Linux kernel passed the replacement session
keyring to a child process. An unprivileged local user could exploit this
flaw to cause a denial of service (panic). (CVE-2012-2745)
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
A flaw was discovered in the madvise feature of the Linux kernel's memory
subsystem. An unprivileged local use could exploit the flaw to cause a
denial of service (crash the system). (CVE-2012-3511)
[CentOS-announce] CEBA-2012:1294 CentOS 6 krb5 Update
CentOS Errata and Bugfix Advisory 2012:1294
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1294.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
bddbfdc239fd2988eb95cccaf70621f82953f6ae9b6c30b6a2dd90509cb41369 krb5-devel-1.9-33.el6_3.3.i686.rpm
5f9c37ec8d795b54670acbab5a94cb7a6719d6a93b5f388d676eaca0a3d9fb2c krb5-libs-1.9-33.el6_3.3.i686.rpm
09be3a3e518892dfdb25ea424550b151591f9e27c1624be369fae21c29f7dc4a krb5-pkinit-openssl-1.9-33.el6_3.3.i686.rpm
1f57e952024b8e7d9c795660cee2461ca06eea68c564da9936134a89be167d5c krb5-server-1.9-33.el6_3.3.i686.rpm
79d8704ca6a3847d6059bcd020c4af1684e0158c12edcc0c0b113bb21c730d97 krb5-server-ldap-1.9-33.el6_3.3.i686.rpm
524d09fb4b49146a63f907e02ef9290b27831316aab4927ae08f2ecd00cf526d krb5-workstation-1.9-33.el6_3.3.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1294.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
bddbfdc239fd2988eb95cccaf70621f82953f6ae9b6c30b6a2dd90509cb41369 krb5-devel-1.9-33.el6_3.3.i686.rpm
5f9c37ec8d795b54670acbab5a94cb7a6719d6a93b5f388d676eaca0a3d9fb2c krb5-libs-1.9-33.el6_3.3.i686.rpm
09be3a3e518892dfdb25ea424550b151591f9e27c1624be369fae21c29f7dc4a krb5-pkinit-openssl-1.9-33.el6_3.3.i686.rpm
1f57e952024b8e7d9c795660cee2461ca06eea68c564da9936134a89be167d5c krb5-server-1.9-33.el6_3.3.i686.rpm
79d8704ca6a3847d6059bcd020c4af1684e0158c12edcc0c0b113bb21c730d97 krb5-server-ldap-1.9-33.el6_3.3.i686.rpm
524d09fb4b49146a63f907e02ef9290b27831316aab4927ae08f2ecd00cf526d krb5-workstation-1.9-33.el6_3.3.i686.rpm
[CentOS-announce] CEBA-2012:1290 CentOS 6 squid Update
CentOS Errata and Bugfix Advisory 2012:1290
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1290.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
f703f859c8dafd5b2b416ae0d38d6a77773e975dcbd6deac0a8325cb4bd8de67 squid-3.1.10-9.el6_3.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1290.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
f703f859c8dafd5b2b416ae0d38d6a77773e975dcbd6deac0a8325cb4bd8de67 squid-3.1.10-9.el6_3.i686.rpm
[CentOS-announce] CEBA-2012:1291 CentOS 6 graphviz FASTTRACK Update
CentOS Errata and Bugfix Advisory 2012:1291
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1291.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
9812d525ecf3118212738fef6c4d38695ea1fe156850a21742ded07e27f85c5d graphviz-2.26.0-10.el6.i686.rpm
f90968fca755311cb8a7ba7765d09de63173e18697def129f073ce6b3cebc334 graphviz-devel-2.26.0-10.el6.i686.rpm
f537028d80619a565f60465f52db062df0e7e1e3b05c78a991a988ea5c7d1747 graphviz-doc-2.26.0-10.el6.i686.rpm
5ea8784a710270805dd104de9108f8625c229d06f5a3c68033814d435d915d99 graphviz-gd-2.26.0-10.el6.i686.rpm
6c31939c02a749d2243439cc66a29ee51f5b4ac7f7a05ddf14d88ffc98c91568 graphviz-graphs-2.26.0-10.el6.i686.rpm
649614243ffdf697a9f6751f476d5277acd3c1f7375a18baea287537e3a5d1f8 graphviz-guile-2.26.0-10.el6.i686.rpm
06e4d5bf24b6ef9633c2f5064b11237896cdf69355f787b9842c4ee5b1b93c69 graphviz-java-2.26.0-10.el6.i686.rpm
4f53bef4ddd68e662c1e6ae24855a2d1f488606a29164ec6b917e1cf39f2d1ba graphviz-lua-2.26.0-10.el6.i686.rpm
671a1a0d505a56c67b2faeb1665a9223521fe485aab199c1dbfc7e392d9823f4 graphviz-perl-2.26.0-10.el6.i686.rpm
0aed5d6bf21b1f3f3a24186fbb180b3b2640137969b39faa13e321a83cd31083 graphviz-php-2.26.0-10.el6.i686.rpm
ae0faa9acbf4cca48791f43f1eddb56136d2d5e5a4d8880cefdb4bbd698d318e graphviz-python-2.26.0-10.el6.i686.rpm
90b54963d203f965fbd540de6967b43f3bb232d0d18a23a9ba985ca81fb16501 graphviz-ruby-2.26.0-10.el6.i686.rpm
dbac710caf0e0daa77f249926251136b3501e962565b3f01ee234f69c5263336 graphviz-tcl-2.26.0-10.el6.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1291.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
9812d525ecf3118212738fef6c4d38695ea1fe156850a21742ded07e27f85c5d graphviz-2.26.0-10.el6.i686.rpm
f90968fca755311cb8a7ba7765d09de63173e18697def129f073ce6b3cebc334 graphviz-devel-2.26.0-10.el6.i686.rpm
f537028d80619a565f60465f52db062df0e7e1e3b05c78a991a988ea5c7d1747 graphviz-doc-2.26.0-10.el6.i686.rpm
5ea8784a710270805dd104de9108f8625c229d06f5a3c68033814d435d915d99 graphviz-gd-2.26.0-10.el6.i686.rpm
6c31939c02a749d2243439cc66a29ee51f5b4ac7f7a05ddf14d88ffc98c91568 graphviz-graphs-2.26.0-10.el6.i686.rpm
649614243ffdf697a9f6751f476d5277acd3c1f7375a18baea287537e3a5d1f8 graphviz-guile-2.26.0-10.el6.i686.rpm
06e4d5bf24b6ef9633c2f5064b11237896cdf69355f787b9842c4ee5b1b93c69 graphviz-java-2.26.0-10.el6.i686.rpm
4f53bef4ddd68e662c1e6ae24855a2d1f488606a29164ec6b917e1cf39f2d1ba graphviz-lua-2.26.0-10.el6.i686.rpm
671a1a0d505a56c67b2faeb1665a9223521fe485aab199c1dbfc7e392d9823f4 graphviz-perl-2.26.0-10.el6.i686.rpm
0aed5d6bf21b1f3f3a24186fbb180b3b2640137969b39faa13e321a83cd31083 graphviz-php-2.26.0-10.el6.i686.rpm
ae0faa9acbf4cca48791f43f1eddb56136d2d5e5a4d8880cefdb4bbd698d318e graphviz-python-2.26.0-10.el6.i686.rpm
90b54963d203f965fbd540de6967b43f3bb232d0d18a23a9ba985ca81fb16501 graphviz-ruby-2.26.0-10.el6.i686.rpm
dbac710caf0e0daa77f249926251136b3501e962565b3f01ee234f69c5263336 graphviz-tcl-2.26.0-10.el6.i686.rpm
Tuesday, September 18, 2012
[USN-1573-1] Linux kernel (EC2) vulnerabilities
========================================================================
Ubuntu Security Notice USN-1573-1
September 19, 2012
linux-ec2 vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-ec2: Linux kernel for EC2
Details:
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
A flaw was discovered in the madvise feature of the Linux kernel's memory
subsystem. An unprivileged local use could exploit the flaw to cause a
denial of service (crash the system). (CVE-2012-3511)
Ubuntu Security Notice USN-1573-1
September 19, 2012
linux-ec2 vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-ec2: Linux kernel for EC2
Details:
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
A flaw was discovered in the madvise feature of the Linux kernel's memory
subsystem. An unprivileged local use could exploit the flaw to cause a
denial of service (crash the system). (CVE-2012-3511)
[USN-1572-1] Linux kernel vulnerabilities
========================================================================
Ubuntu Security Notice USN-1572-1
September 19, 2012
linux vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
A flaw was discovered in the madvise feature of the Linux kernel's memory
subsystem. An unprivileged local use could exploit the flaw to cause a
denial of service (crash the system). (CVE-2012-3511)
Ubuntu Security Notice USN-1572-1
September 19, 2012
linux vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
A flaw was discovered in the madvise feature of the Linux kernel's memory
subsystem. An unprivileged local use could exploit the flaw to cause a
denial of service (crash the system). (CVE-2012-3511)
[CentOS-announce] CESA-2012:1288 Moderate CentOS 5 libxml2 Update
CentOS Errata and Security Advisory 2012:1288 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1288.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
5dfc8775c5e2c3d80bbf2156d92133f47bd1c91a0849e85089e0599136e5837e libxml2-2.6.26-2.1.15.el5_8.5.i386.rpm
d3dedacc7907db3d6afe3baef3d731a672c3d7038c84fb80fddb4a777b9f5d69 libxml2-devel-2.6.26-2.1.15.el5_8.5.i386.rpm
0804e858c34f2be76953295e353939b0b6e78d3c86ec88f3f846964ce4e960a2 libxml2-python-2.6.26-2.1.15.el5_8.5.i386.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1288.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
5dfc8775c5e2c3d80bbf2156d92133f47bd1c91a0849e85089e0599136e5837e libxml2-2.6.26-2.1.15.el5_8.5.i386.rpm
d3dedacc7907db3d6afe3baef3d731a672c3d7038c84fb80fddb4a777b9f5d69 libxml2-devel-2.6.26-2.1.15.el5_8.5.i386.rpm
0804e858c34f2be76953295e353939b0b6e78d3c86ec88f3f846964ce4e960a2 libxml2-python-2.6.26-2.1.15.el5_8.5.i386.rpm
Announcing the release of Fedora 18 Alpha!!
The Fedora 18 "Spherical Cow" Alpha release is plumping up! This release
offers a preview of some of the best free and open source technology
currently under development. Model a glimpse of the future:
http://fedoraproject.org/get-prerelease
Already mooo-tivated to give F18 Alpha a try? Great! We still hope that
you'll read onwards; there are fabulous features in this release you may
want to know about, as well as important information regarding specific,
common F18 Alpha installation issues and bugs, all of which are detailed
in this release announcement.
*** What is the Alpha Release? ***
Fedora 18 adds many new and improved features for a variety of
audiences. A small sample is included below; the full list of features
for this release can be seen on the Fedora 18 Feature List, here:
offers a preview of some of the best free and open source technology
currently under development. Model a glimpse of the future:
http://fedoraproject.org/get-prerelease
Already mooo-tivated to give F18 Alpha a try? Great! We still hope that
you'll read onwards; there are fabulous features in this release you may
want to know about, as well as important information regarding specific,
common F18 Alpha installation issues and bugs, all of which are detailed
in this release announcement.
*** What is the Alpha Release? ***
Fedora 18 adds many new and improved features for a variety of
audiences. A small sample is included below; the full list of features
for this release can be seen on the Fedora 18 Feature List, here:
[CentOS-announce] CEBA-2012:1286 CentOS 6 kdebase-workspace FASTTRACK Update
CentOS Errata and Bugfix Advisory 2012:1286
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1286.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
b20c80f390b9d6b5938c855793bfd0d86d2d1a12f4ba961cae85997a6f8dcf60 kdebase-workspace-4.3.4-24.el6.i686.rpm
c8125dabc93ba54a58227fc1b23bb2078e63752022b7c98550a63e4d46bce768 kdebase-workspace-akonadi-4.3.4-24.el6.i686.rpm
ca9a4e72e15c99e302d21f3d2aa34964f7a98b0d8c5af0aa9c5da2cbbcb57a80 kdebase-workspace-devel-4.3.4-24.el6.i686.rpm
69ba776cb51ec74309c4dd39b55a1e358c3fea4e1276c93c4cbcf0dd89c506d8 kdebase-workspace-libs-4.3.4-24.el6.i686.rpm
c90ad23f84fe18eb014598d747e65f0b9126071240add7141211eca955ac0c03 kdebase-workspace-python-applet-4.3.4-24.el6.i686.rpm
c00e12749621fec71d5986b8c519e8625daf072bf89d97ed94675454c153d41b kdebase-workspace-wallpapers-4.3.4-24.el6.noarch.rpm
1014bc05b8324162e533abc91195746f78cf10d0f5424431af0429b12904087f kdm-4.3.4-24.el6.i686.rpm
ae0df4612b4435374fc0c60eab7a6d725887e6725011e35f7f4265b03c7b092e ksysguardd-4.3.4-24.el6.i686.rpm
b9c5bf0d5d3c284c9e4237f9a1c81b64dfee742916f331507b21426463717626 oxygen-cursor-themes-4.3.4-24.el6.noarch.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1286.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
b20c80f390b9d6b5938c855793bfd0d86d2d1a12f4ba961cae85997a6f8dcf60 kdebase-workspace-4.3.4-24.el6.i686.rpm
c8125dabc93ba54a58227fc1b23bb2078e63752022b7c98550a63e4d46bce768 kdebase-workspace-akonadi-4.3.4-24.el6.i686.rpm
ca9a4e72e15c99e302d21f3d2aa34964f7a98b0d8c5af0aa9c5da2cbbcb57a80 kdebase-workspace-devel-4.3.4-24.el6.i686.rpm
69ba776cb51ec74309c4dd39b55a1e358c3fea4e1276c93c4cbcf0dd89c506d8 kdebase-workspace-libs-4.3.4-24.el6.i686.rpm
c90ad23f84fe18eb014598d747e65f0b9126071240add7141211eca955ac0c03 kdebase-workspace-python-applet-4.3.4-24.el6.i686.rpm
c00e12749621fec71d5986b8c519e8625daf072bf89d97ed94675454c153d41b kdebase-workspace-wallpapers-4.3.4-24.el6.noarch.rpm
1014bc05b8324162e533abc91195746f78cf10d0f5424431af0429b12904087f kdm-4.3.4-24.el6.i686.rpm
ae0df4612b4435374fc0c60eab7a6d725887e6725011e35f7f4265b03c7b092e ksysguardd-4.3.4-24.el6.i686.rpm
b9c5bf0d5d3c284c9e4237f9a1c81b64dfee742916f331507b21426463717626 oxygen-cursor-themes-4.3.4-24.el6.noarch.rpm
[CentOS-announce] CEBA-2012:1287 CentOS 6 kdepim FASTTRACK Update
CentOS Errata and Bugfix Advisory 2012:1287
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1287.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
904875956d12115257c84fdb71ea140d929dd129bde60c9a56c641b96de6289d kdepim-4.3.4-6.el6.i686.rpm
4288987387b2b0af1ca5407f34ec3eb2b2ba0d34ce4b825e014c8b01728b84bf kdepim-devel-4.3.4-6.el6.i686.rpm
e86ae691f69822409813c300dddc3d1c4e516658e07e206d079d87c2d55df9ef kdepim-libs-4.3.4-6.el6.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1287.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
904875956d12115257c84fdb71ea140d929dd129bde60c9a56c641b96de6289d kdepim-4.3.4-6.el6.i686.rpm
4288987387b2b0af1ca5407f34ec3eb2b2ba0d34ce4b825e014c8b01728b84bf kdepim-devel-4.3.4-6.el6.i686.rpm
e86ae691f69822409813c300dddc3d1c4e516658e07e206d079d87c2d55df9ef kdepim-libs-4.3.4-6.el6.i686.rpm
[USN-1571-1] DHCP vulnerability
========================================================================
Ubuntu Security Notice USN-1571-1
September 18, 2012
dhcp3, isc-dhcp vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
DHCP could be made to crash if it received specially crafted network
traffic.
Software Description:
- isc-dhcp: DHCP server and client
- dhcp3: DHCP server and client
Details:
Glen Eustace discovered that the DHCP server incorrectly handled IPv6
expiration times. A remote attacker could use this issue to cause DHCP to
crash, resulting in a denial of service. This issue only affected Ubuntu
11.04, Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-3955)
Dan Rosenberg discovered that the DHCP AppArmor profile could be escaped by
using environment variables. This update mitigates the issue by sanitizing
certain variables in the DHCP shell scripts.
Ubuntu Security Notice USN-1571-1
September 18, 2012
dhcp3, isc-dhcp vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
DHCP could be made to crash if it received specially crafted network
traffic.
Software Description:
- isc-dhcp: DHCP server and client
- dhcp3: DHCP server and client
Details:
Glen Eustace discovered that the DHCP server incorrectly handled IPv6
expiration times. A remote attacker could use this issue to cause DHCP to
crash, resulting in a denial of service. This issue only affected Ubuntu
11.04, Ubuntu 11.10 and Ubuntu 12.04 LTS. (CVE-2012-3955)
Dan Rosenberg discovered that the DHCP AppArmor profile could be escaped by
using environment variables. This update mitigates the issue by sanitizing
certain variables in the DHCP shell scripts.
[CentOS-announce] CentOS-6.3 / x86_64 UEFI Installer Released
The regular installer we released for CentOS-6.3 does not work for UEFI
enabled machine instances that do not have a BIOS fallback mode ( this
includes physical machines as well as some virtualised environments ).
To address this problem, we are releasing another minimal install image
for CentOS-6.3/x86_64. This image has been tested on various IBM, HP and
Dell hardware along with VMWare and VirtualBox virtualisation products.
---------------------------
ISO Name:
CentOS-6.3-x86_64-minimal-EFI.iso
Sha256Sum:
b6bcf0c7050458dcaccf40a05b08e3625d823d8e4d77ff0f67fb7b96655f043f
If you are unable to verify the image using sha256, you can also get
other checkums :
md5 : http://mirror.centos.org/centos/6/isos/x86_64/md5sum.txt.asc
sha1: http://mirror.centos.org/centos/6/isos/x86_64/sha1sum.txt.asc
sha256: http://mirror.centos.org/centos/6/isos/x86_64/sha256sum.txt.asc
---------------------------
I'm trying to make sure that we do enough testing and have enough
resources for UEFI testing to ensure that the next and subsequent
releases do not have a problem in this environment. In the mean time,
the installer buildsystem for CentOS-6 has been updated to also build
and test the UEFI requirements in sync with the rest of the installer
build process.
Thanks to the guys at VMware for working through this issue with us. As
well as Christoph Galuschka and Pasi Kärkkäinen from the CentOS QA team
for helping test this image.
Feedback is welcome via either the issue tracker[1] or the centos-devel
list[2]. And we are always looking for more people to come and join the
testing effort, specially on platforms and environments we dont have
exposure to at the moment. Want to help on that front ? Drop in on
#centos-devel on irc.freenode.net and say hi.
[1]: http://bugs.centos.org
[2]: http://lists.centos.org/mailman/listinfo/centos-devel
--
Karanbir Singh, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
enabled machine instances that do not have a BIOS fallback mode ( this
includes physical machines as well as some virtualised environments ).
To address this problem, we are releasing another minimal install image
for CentOS-6.3/x86_64. This image has been tested on various IBM, HP and
Dell hardware along with VMWare and VirtualBox virtualisation products.
---------------------------
ISO Name:
CentOS-6.3-x86_64-minimal-EFI.iso
Sha256Sum:
b6bcf0c7050458dcaccf40a05b08e3625d823d8e4d77ff0f67fb7b96655f043f
If you are unable to verify the image using sha256, you can also get
other checkums :
md5 : http://mirror.centos.org/centos/6/isos/x86_64/md5sum.txt.asc
sha1: http://mirror.centos.org/centos/6/isos/x86_64/sha1sum.txt.asc
sha256: http://mirror.centos.org/centos/6/isos/x86_64/sha256sum.txt.asc
---------------------------
I'm trying to make sure that we do enough testing and have enough
resources for UEFI testing to ensure that the next and subsequent
releases do not have a problem in this environment. In the mean time,
the installer buildsystem for CentOS-6 has been updated to also build
and test the UEFI requirements in sync with the rest of the installer
build process.
Thanks to the guys at VMware for working through this issue with us. As
well as Christoph Galuschka and Pasi Kärkkäinen from the CentOS QA team
for helping test this image.
Feedback is welcome via either the issue tracker[1] or the centos-devel
list[2]. And we are always looking for more people to come and join the
testing effort, specially on platforms and environments we dont have
exposure to at the moment. Want to help on that front ? Drop in on
#centos-devel on irc.freenode.net and say hi.
[1]: http://bugs.centos.org
[2]: http://lists.centos.org/mailman/listinfo/centos-devel
--
Karanbir Singh, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Monday, September 17, 2012
F18 Release Notes
Greetings!
As the Fedora Documentation Project prepares the release notes for
Fedora 18, we'd like to ask for your help. Each Fedora release marks
the inclusion of new features and the retirement of others, and with
the help of the development community, we won't skip a beat. The Docs
team would like you to assign us some homework.
The release notes are divided up into categories, or 'beats.' Each
beat is kept by a volunteer who follows mailing lists, changelogs,
announcements, and features in the space. Many beats also have a
developer point of contact for technical questions and cooperation. We
track these responsibilities with
http://fedoraproject.org/wiki/Category:Documentation_beats , which
includes links out to wiki pages for each individual beat. As we
reach the end of the release cycle, developers and docs maintainers
populate these pages, then they are converted from wiki markup to
Docbook XML and published. With a little help, we can put out release
notes that can't be beat.
As the Fedora Documentation Project prepares the release notes for
Fedora 18, we'd like to ask for your help. Each Fedora release marks
the inclusion of new features and the retirement of others, and with
the help of the development community, we won't skip a beat. The Docs
team would like you to assign us some homework.
The release notes are divided up into categories, or 'beats.' Each
beat is kept by a volunteer who follows mailing lists, changelogs,
announcements, and features in the space. Many beats also have a
developer point of contact for technical questions and cooperation. We
track these responsibilities with
http://fedoraproject.org/wiki/Category:Documentation_beats , which
includes links out to wiki pages for each individual beat. As we
reach the end of the release cycle, developers and docs maintainers
populate these pages, then they are converted from wiki markup to
Docbook XML and published. With a little help, we can put out release
notes that can't be beat.
[CentOS-announce] CEBA-2012:1285 CentOS 6 cups Update
CentOS Errata and Bugfix Advisory 2012:1285
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1285.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
d4d22bfd144c4ea8a34a40791f81af850b129f87996d585be549213c32848808 cups-1.4.2-48.el6_3.1.i686.rpm
4db13566bec5354096e8e71bcc2438d7b829c90e04f781df1d934e87a532cf75 cups-devel-1.4.2-48.el6_3.1.i686.rpm
27e8503e3fbbb036f6df28b3bbf0051b4f6c79f7590c23ffe077fbe3bbd51645 cups-libs-1.4.2-48.el6_3.1.i686.rpm
51cfccc812bed59c48afe7f1b94640b4a95929c1d0d2eed3471d1729305334fa cups-lpd-1.4.2-48.el6_3.1.i686.rpm
243c206a9df4641221c5f893a948515d425d75ccf1632f72e07b7f0dece18337 cups-php-1.4.2-48.el6_3.1.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1285.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
d4d22bfd144c4ea8a34a40791f81af850b129f87996d585be549213c32848808 cups-1.4.2-48.el6_3.1.i686.rpm
4db13566bec5354096e8e71bcc2438d7b829c90e04f781df1d934e87a532cf75 cups-devel-1.4.2-48.el6_3.1.i686.rpm
27e8503e3fbbb036f6df28b3bbf0051b4f6c79f7590c23ffe077fbe3bbd51645 cups-libs-1.4.2-48.el6_3.1.i686.rpm
51cfccc812bed59c48afe7f1b94640b4a95929c1d0d2eed3471d1729305334fa cups-lpd-1.4.2-48.el6_3.1.i686.rpm
243c206a9df4641221c5f893a948515d425d75ccf1632f72e07b7f0dece18337 cups-php-1.4.2-48.el6_3.1.i686.rpm
[CentOS-announce] CESA-2012:1284 Moderate CentOS 6 spice-gtk Update
CentOS Errata and Security Advisory 2012:1284 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1284.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
7fbeb404ddebbc96d1d2752fc2b6d44517ec8f60aad8551270b166aa30cd407f spice-glib-0.11-11.el6_3.1.i686.rpm
543225d75c630f94f2c4e629c1bba42b07423398015651208fe9b87c77416046 spice-glib-devel-0.11-11.el6_3.1.i686.rpm
e6be03931260b41ee8814f4476818f953d6ec61b57310a3b233e1415f0b38082 spice-gtk-0.11-11.el6_3.1.i686.rpm
9be68304305a77c8f2b2fa03e15ab84631d78749ca9371a0cc018217a50f197c spice-gtk-devel-0.11-11.el6_3.1.i686.rpm
a240793a4f7a6100019b0bf7c1507398f5a4d47cee14f786141fa0772470aeea spice-gtk-python-0.11-11.el6_3.1.i686.rpm
bbc07c77f821df54687d6d2526658464d612c731e40caff76d6cde8c2c8b7ece spice-gtk-tools-0.11-11.el6_3.1.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1284.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
7fbeb404ddebbc96d1d2752fc2b6d44517ec8f60aad8551270b166aa30cd407f spice-glib-0.11-11.el6_3.1.i686.rpm
543225d75c630f94f2c4e629c1bba42b07423398015651208fe9b87c77416046 spice-glib-devel-0.11-11.el6_3.1.i686.rpm
e6be03931260b41ee8814f4476818f953d6ec61b57310a3b233e1415f0b38082 spice-gtk-0.11-11.el6_3.1.i686.rpm
9be68304305a77c8f2b2fa03e15ab84631d78749ca9371a0cc018217a50f197c spice-gtk-devel-0.11-11.el6_3.1.i686.rpm
a240793a4f7a6100019b0bf7c1507398f5a4d47cee14f786141fa0772470aeea spice-gtk-python-0.11-11.el6_3.1.i686.rpm
bbc07c77f821df54687d6d2526658464d612c731e40caff76d6cde8c2c8b7ece spice-gtk-tools-0.11-11.el6_3.1.i686.rpm
[CentOS-announce] CESA-2012:1283 Important CentOS 6 openjpeg Update
CentOS Errata and Security Advisory 2012:1283 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1283.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
9cab51c5d2a7e1148b91b046682f4d12f38bbbaa5b86799aecffff957d1d9197 openjpeg-1.3-9.el6_3.i686.rpm
a1c060c110d7b0ad8e222c031f5ab04e3fe318a2d3838262b3f5a3e17b8f73f9 openjpeg-devel-1.3-9.el6_3.i686.rpm
a81104ee5212e9c509647c36ab1b8dcdd90fc316caebb172fc8dcb6963e96765 openjpeg-libs-1.3-9.el6_3.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1283.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
9cab51c5d2a7e1148b91b046682f4d12f38bbbaa5b86799aecffff957d1d9197 openjpeg-1.3-9.el6_3.i686.rpm
a1c060c110d7b0ad8e222c031f5ab04e3fe318a2d3838262b3f5a3e17b8f73f9 openjpeg-devel-1.3-9.el6_3.i686.rpm
a81104ee5212e9c509647c36ab1b8dcdd90fc316caebb172fc8dcb6963e96765 openjpeg-libs-1.3-9.el6_3.i686.rpm
[USN-1570-1] GnuPG vulnerability
==========================================================================
Ubuntu Security Notice USN-1570-1
September 17, 2012
gnupg, gnupg2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
GnuPG could be tricked into downloading a different key when downloading
from a key server.
Software Description:
- gnupg: GNU privacy guard - a free PGP replacement
- gnupg2: GNU privacy guard - a free PGP replacement
Details:
It was discovered that GnuPG used a short ID when downloading keys from a
keyserver, even if a long ID was requested. An attacker could possibly use
this to return a different key with a duplicate short key id.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
gnupg 1.4.11-3ubuntu2.1
gnupg2 2.0.17-2ubuntu2.12.04.1
Ubuntu 11.10:
gnupg 1.4.11-3ubuntu1.11.10.1
gnupg2 2.0.17-2ubuntu2.11.10.1
Ubuntu 11.04:
gnupg 1.4.11-3ubuntu1.11.04.1
gnupg2 2.0.14-2ubuntu1.2
Ubuntu 10.04 LTS:
gnupg 1.4.10-2ubuntu1.1
gnupg2 2.0.14-1ubuntu1.4
Ubuntu 8.04 LTS:
gnupg 1.4.6-2ubuntu5.1
gnupg2 2.0.7-1ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1570-1
https://launchpad.net/bugs/1016643
Package Information:
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.1
https://launchpad.net/ubuntu/+source/gnupg2/2.0.17-2ubuntu2.12.04.1
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu1.11.10.1
https://launchpad.net/ubuntu/+source/gnupg2/2.0.17-2ubuntu2.11.10.1
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu1.11.04.1
https://launchpad.net/ubuntu/+source/gnupg2/2.0.14-2ubuntu1.2
https://launchpad.net/ubuntu/+source/gnupg/1.4.10-2ubuntu1.1
https://launchpad.net/ubuntu/+source/gnupg2/2.0.14-1ubuntu1.4
https://launchpad.net/ubuntu/+source/gnupg/1.4.6-2ubuntu5.1
https://launchpad.net/ubuntu/+source/gnupg2/2.0.7-1ubuntu0.2
Ubuntu Security Notice USN-1570-1
September 17, 2012
gnupg, gnupg2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
GnuPG could be tricked into downloading a different key when downloading
from a key server.
Software Description:
- gnupg: GNU privacy guard - a free PGP replacement
- gnupg2: GNU privacy guard - a free PGP replacement
Details:
It was discovered that GnuPG used a short ID when downloading keys from a
keyserver, even if a long ID was requested. An attacker could possibly use
this to return a different key with a duplicate short key id.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
gnupg 1.4.11-3ubuntu2.1
gnupg2 2.0.17-2ubuntu2.12.04.1
Ubuntu 11.10:
gnupg 1.4.11-3ubuntu1.11.10.1
gnupg2 2.0.17-2ubuntu2.11.10.1
Ubuntu 11.04:
gnupg 1.4.11-3ubuntu1.11.04.1
gnupg2 2.0.14-2ubuntu1.2
Ubuntu 10.04 LTS:
gnupg 1.4.10-2ubuntu1.1
gnupg2 2.0.14-1ubuntu1.4
Ubuntu 8.04 LTS:
gnupg 1.4.6-2ubuntu5.1
gnupg2 2.0.7-1ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1570-1
https://launchpad.net/bugs/1016643
Package Information:
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.1
https://launchpad.net/ubuntu/+source/gnupg2/2.0.17-2ubuntu2.12.04.1
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu1.11.10.1
https://launchpad.net/ubuntu/+source/gnupg2/2.0.17-2ubuntu2.11.10.1
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu1.11.04.1
https://launchpad.net/ubuntu/+source/gnupg2/2.0.14-2ubuntu1.2
https://launchpad.net/ubuntu/+source/gnupg/1.4.10-2ubuntu1.1
https://launchpad.net/ubuntu/+source/gnupg2/2.0.14-1ubuntu1.4
https://launchpad.net/ubuntu/+source/gnupg/1.4.6-2ubuntu5.1
https://launchpad.net/ubuntu/+source/gnupg2/2.0.7-1ubuntu0.2
[USN-1569-1] PHP vulnerabilities
==========================================================================
Ubuntu Security Notice USN-1569-1
September 17, 2012
php5 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Several security issues were fixed in PHP.
Software Description:
- php5: HTML-embedded scripting language interpreter
Details:
It was discovered that PHP incorrectly handled certain character sequences
when applying HTTP response-splitting protection. A remote attacker could
create a specially-crafted URL and inject arbitrary headers.
(CVE-2011-1398, CVE-2012-4388)
It was discovered that PHP incorrectly handled directories with a large
number of files. This could allow a remote attacker to execute arbitrary
code with the privileges of the web server, or to perform a denial of
service. (CVE-2012-2688)
It was discovered that PHP incorrectly parsed certain PDO prepared
statements. A remote attacker could use this flaw to cause PHP to crash,
leading to a denial of service. (CVE-2012-3450)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
php5 5.3.10-1ubuntu3.4
Ubuntu 11.10:
php5 5.3.6-13ubuntu3.9
Ubuntu 11.04:
php5 5.3.5-1ubuntu7.11
Ubuntu 10.04 LTS:
php5 5.3.2-1ubuntu4.18
Ubuntu 8.04 LTS:
php5 5.2.4-2ubuntu5.26
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1569-1
CVE-2011-1398, CVE-2012-2688, CVE-2012-3450, CVE-2012-4388
Package Information:
https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.4
https://launchpad.net/ubuntu/+source/php5/5.3.6-13ubuntu3.9
https://launchpad.net/ubuntu/+source/php5/5.3.5-1ubuntu7.11
https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.18
https://launchpad.net/ubuntu/+source/php5/5.2.4-2ubuntu5.26
Ubuntu Security Notice USN-1569-1
September 17, 2012
php5 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Several security issues were fixed in PHP.
Software Description:
- php5: HTML-embedded scripting language interpreter
Details:
It was discovered that PHP incorrectly handled certain character sequences
when applying HTTP response-splitting protection. A remote attacker could
create a specially-crafted URL and inject arbitrary headers.
(CVE-2011-1398, CVE-2012-4388)
It was discovered that PHP incorrectly handled directories with a large
number of files. This could allow a remote attacker to execute arbitrary
code with the privileges of the web server, or to perform a denial of
service. (CVE-2012-2688)
It was discovered that PHP incorrectly parsed certain PDO prepared
statements. A remote attacker could use this flaw to cause PHP to crash,
leading to a denial of service. (CVE-2012-3450)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
php5 5.3.10-1ubuntu3.4
Ubuntu 11.10:
php5 5.3.6-13ubuntu3.9
Ubuntu 11.04:
php5 5.3.5-1ubuntu7.11
Ubuntu 10.04 LTS:
php5 5.3.2-1ubuntu4.18
Ubuntu 8.04 LTS:
php5 5.2.4-2ubuntu5.26
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1569-1
CVE-2011-1398, CVE-2012-2688, CVE-2012-3450, CVE-2012-4388
Package Information:
https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.4
https://launchpad.net/ubuntu/+source/php5/5.3.6-13ubuntu3.9
https://launchpad.net/ubuntu/+source/php5/5.3.5-1ubuntu7.11
https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.18
https://launchpad.net/ubuntu/+source/php5/5.2.4-2ubuntu5.26
[CentOS-announce] CEBA-2012:1276 CentOS 6 rdesktop FASTTRACK Update
CentOS Errata and Bugfix Advisory 2012:1276
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1276.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
f9bc5ccb56651850cf42fef88683135f85b4d90ff391a5227f22d8ddbe75e9e2 rdesktop-1.6.0-10.el6.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1276.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
f9bc5ccb56651850cf42fef88683135f85b4d90ff391a5227f22d8ddbe75e9e2 rdesktop-1.6.0-10.el6.i686.rpm
[CentOS-announce] CEBA-2012:1274 CentOS 6 gd FASTTRACK Update
CentOS Errata and Bugfix Advisory 2012:1274
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1274.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
2f0c3d3936b225e90b6a1eb9a337a657989ea035b9014d21381cd95be05a0361 gd-2.0.35-11.el6.i686.rpm
79a5e7b18a985841d6f83d2e0f8b9c4544d59159520b893a26f57d2de24e9b33 gd-devel-2.0.35-11.el6.i686.rpm
8e77737cb518217f9c8383001ed0c303e9a259c9cd39f9b0c8883a68b0a2dca0 gd-progs-2.0.35-11.el6.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1274.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
2f0c3d3936b225e90b6a1eb9a337a657989ea035b9014d21381cd95be05a0361 gd-2.0.35-11.el6.i686.rpm
79a5e7b18a985841d6f83d2e0f8b9c4544d59159520b893a26f57d2de24e9b33 gd-devel-2.0.35-11.el6.i686.rpm
8e77737cb518217f9c8383001ed0c303e9a259c9cd39f9b0c8883a68b0a2dca0 gd-progs-2.0.35-11.el6.i686.rpm
[CentOS-announce] CEBA-2012:1273 CentOS 6 libburn FASTTRACK Update
CentOS Errata and Bugfix Advisory 2012:1273
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1273.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
9acc09b48630968453d433afb1be68900883be0509dc45fd8faf1c2dc2003d61 cdrskin-0.7.0-2.el6.i686.rpm
5baa1ca51a47a4d60948ea8e82264d3d774815564cf121734417f20900fa0e8b libburn-0.7.0-2.el6.i686.rpm
4e9ad6de5feea6825ee1044feed7c85b8297321a473975adbae10a5c9c4d3497 libburn-devel-0.7.0-2.el6.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1273.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
9acc09b48630968453d433afb1be68900883be0509dc45fd8faf1c2dc2003d61 cdrskin-0.7.0-2.el6.i686.rpm
5baa1ca51a47a4d60948ea8e82264d3d774815564cf121734417f20900fa0e8b libburn-0.7.0-2.el6.i686.rpm
4e9ad6de5feea6825ee1044feed7c85b8297321a473975adbae10a5c9c4d3497 libburn-devel-0.7.0-2.el6.i686.rpm
[CentOS-announce] CEBA-2012:1275 CentOS 6 initscripts Update
CentOS Errata and Bugfix Advisory 2012:1275
Upstream details at : http://rhn.redhat.com/errata/RHBA-2012-1275.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
b2eca8d3ee6291e7bf1ea93b575eec9414ef80b771f5ba2e4871daa14723fc51 debugmode-9.03.31-2.el6.centos.1.i686.rpm
4faa693fb537ef3c3ba69989a1bb8277a24e5765ba96056c806d308a11773014 initscripts-9.03.31-2.el6.centos.1.i686.rpm
Upstream details at : http://rhn.redhat.com/errata/RHBA-2012-1275.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
b2eca8d3ee6291e7bf1ea93b575eec9414ef80b771f5ba2e4871daa14723fc51 debugmode-9.03.31-2.el6.centos.1.i686.rpm
4faa693fb537ef3c3ba69989a1bb8277a24e5765ba96056c806d308a11773014 initscripts-9.03.31-2.el6.centos.1.i686.rpm
[CentOS-announce] CEBA-2012:1270 CentOS 5 sudo Update
CentOS Errata and Bugfix Advisory 2012:1270
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1270.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
57af4e07cff2be6edaf4badd91e299277ac1ce29e47e8348d0c5bc540a8b0536 sudo-1.7.2p1-14.el5_8.4.i386.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1270.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
57af4e07cff2be6edaf4badd91e299277ac1ce29e47e8348d0c5bc540a8b0536 sudo-1.7.2p1-14.el5_8.4.i386.rpm
[CentOS-announce] CEBA-2012:1271 CentOS 5 linuxwacom Update
CentOS Errata and Bugfix Advisory 2012:1271
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1271.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
2ce0f000e3078aa5b0a791fe6ee75f6b54da45296fa8174410561ca24bf25f94 linuxwacom-0.7.8.3-11.2.el5_8.i386.rpm
87191ce057c95039ca449190b1c5a69d54ef7bf89381e4af1adc5354900928c3 linuxwacom-0.7.8.3-11.2.el5_8.i686.rpm
235b668164c7bff1672f18168e8a0193df8bfc85a9ad8191fab36f5109a234a5 linuxwacom-devel-0.7.8.3-11.2.el5_8.i386.rpm
ec855c51c1508349e2982a6e9f64726755296b22fc294434e3ca8d04d16d38de linuxwacom-devel-0.7.8.3-11.2.el5_8.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1271.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
2ce0f000e3078aa5b0a791fe6ee75f6b54da45296fa8174410561ca24bf25f94 linuxwacom-0.7.8.3-11.2.el5_8.i386.rpm
87191ce057c95039ca449190b1c5a69d54ef7bf89381e4af1adc5354900928c3 linuxwacom-0.7.8.3-11.2.el5_8.i686.rpm
235b668164c7bff1672f18168e8a0193df8bfc85a9ad8191fab36f5109a234a5 linuxwacom-devel-0.7.8.3-11.2.el5_8.i386.rpm
ec855c51c1508349e2982a6e9f64726755296b22fc294434e3ca8d04d16d38de linuxwacom-devel-0.7.8.3-11.2.el5_8.i686.rpm
[CentOS-announce] CEBA-2012:1272 CentOS 5 kexec-tools Update
CentOS Errata and Bugfix Advisory 2012:1272
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1272.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
5e6bed0a3b15b7a2d996b43801a4006840bb1f92bc4ca0b8c70174c0a0212497 kexec-tools-1.102pre-154.el5_8.1.i386.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1272.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
5e6bed0a3b15b7a2d996b43801a4006840bb1f92bc4ca0b8c70174c0a0212497 kexec-tools-1.102pre-154.el5_8.1.i386.rpm
Sunday, September 16, 2012
Ubuntu 11.04 (Natty Narwhal) reaches end-of-life on October 28, 2012
Ubuntu announced its 11.04 (Natty Narwhal) release almost 18 months
ago, on April 28, 2011. As with the earlier releases,
Ubuntu committed to ongoing security and critical fixes for a period
of 18 months. The support period is now nearing its end and Ubuntu 11.04
will reach end of life on Sunday, October 28. At that time, Ubuntu
Security Notices will no longer include information or updated packages
for Ubuntu 11.04.
ago, on April 28, 2011. As with the earlier releases,
Ubuntu committed to ongoing security and critical fixes for a period
of 18 months. The support period is now nearing its end and Ubuntu 11.04
will reach end of life on Sunday, October 28. At that time, Ubuntu
Security Notices will no longer include information or updated packages
for Ubuntu 11.04.
[opensuse-announce] Planned maintenance downtime of rsync.opensuse.org, Monday 2012-09-17
Hi
Our public rsync server 'rsync.opensuse.org' will be not available on
Monday, 2012-09-17, starting 11:00 local time (CEST) which is 17th of
September, 09:00 UTC. The downtime is expected to last for three hours.
Please have a look at our webpage with local mirrors:
http://mirrors.opensuse.org/ of our distribution and choose one of the
closest to your region/country.
With kind regards,
Your openSUSE admin team
--
Lars Vogdt <Lars.Vogdt@suse.com>
- OPS Engineering Services Team Lead -
SUSE Linux Products GmbH - GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer
Maxfeldstraße 5, 90409 Nuernberg, Germany - HRB 16746 (AG Nuernberg)
Our public rsync server 'rsync.opensuse.org' will be not available on
Monday, 2012-09-17, starting 11:00 local time (CEST) which is 17th of
September, 09:00 UTC. The downtime is expected to last for three hours.
Please have a look at our webpage with local mirrors:
http://mirrors.opensuse.org/ of our distribution and choose one of the
closest to your region/country.
With kind regards,
Your openSUSE admin team
--
Lars Vogdt <Lars.Vogdt@suse.com>
- OPS Engineering Services Team Lead -
SUSE Linux Products GmbH - GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer
Maxfeldstraße 5, 90409 Nuernberg, Germany - HRB 16746 (AG Nuernberg)
Friday, September 14, 2012
[USN-1568-1] Linux kernel vulnerabilities
========================================================================
Ubuntu Security Notice USN-1568-1
September 14, 2012
linux vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
Ubuntu Security Notice USN-1568-1
September 14, 2012
linux vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
[USN-1567-1] Linux kernel vulnerabilities
========================================================================
Ubuntu Security Notice USN-1567-1
September 14, 2012
linux vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
A flaw was found in how the Linux kernel passed the replacement session
keyring to a child process. An unprivileged local user could exploit this
flaw to cause a denial of service (panic). (CVE-2012-2745)
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
A flaw was discovered in the madvise feature of the Linux kernel's memory
subsystem. An unprivileged local use could exploit the flaw to cause a
denial of service (crash the system). (CVE-2012-3511)
Ubuntu Security Notice USN-1567-1
September 14, 2012
linux vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Details:
A flaw was found in how the Linux kernel passed the replacement session
keyring to a child process. An unprivileged local user could exploit this
flaw to cause a denial of service (panic). (CVE-2012-2745)
Ben Hutchings reported a flaw in the Linux kernel with some network drivers
that support TSO (TCP segment offload). A local or peer user could exploit
this flaw to to cause a denial of service. (CVE-2012-3412)
Jay Fenlason and Doug Ledford discovered a bug in the Linux kernel
implementation of RDS sockets. A local unprivileged user could potentially
use this flaw to read privileged information from the kernel.
(CVE-2012-3430)
A flaw was discovered in the madvise feature of the Linux kernel's memory
subsystem. An unprivileged local use could exploit the flaw to cause a
denial of service (crash the system). (CVE-2012-3511)
[CentOS-announce] CESA-2012:1268 Important CentOS 6 bind Update
CentOS Errata and Security Advisory 2012:1268 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1268.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
177a20dfa81e8aa52f1dfd0b32be6fe90d1c9741e4440a39d31338ec9dcd4f48 bind-9.8.2-0.10.rc1.el6_3.3.i686.rpm
a7bcc8677edc77a551924353952e331b2ac84facff5c4f0e0a3c5ef14f35f476 bind-chroot-9.8.2-0.10.rc1.el6_3.3.i686.rpm
6d1b677ab0c3c15f19372e1ed0e593a5f1b848f2f8a5ca39550f5555dfd4afca bind-devel-9.8.2-0.10.rc1.el6_3.3.i686.rpm
3d0386a69a83a42f3f32cde9386c00ffb391c3d5f29626b6e4ff27d92d08e25c bind-libs-9.8.2-0.10.rc1.el6_3.3.i686.rpm
c2e5d1d45d34d6839d9f3e00f2d414ee106d4a3e082d5fe6f7818d92dadf7de9 bind-sdb-9.8.2-0.10.rc1.el6_3.3.i686.rpm
f0d7cc2d8b296f1ebf1eceb4502e80067a73e9a76b6fb7935af7e303a0691cc7 bind-utils-9.8.2-0.10.rc1.el6_3.3.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1268.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
177a20dfa81e8aa52f1dfd0b32be6fe90d1c9741e4440a39d31338ec9dcd4f48 bind-9.8.2-0.10.rc1.el6_3.3.i686.rpm
a7bcc8677edc77a551924353952e331b2ac84facff5c4f0e0a3c5ef14f35f476 bind-chroot-9.8.2-0.10.rc1.el6_3.3.i686.rpm
6d1b677ab0c3c15f19372e1ed0e593a5f1b848f2f8a5ca39550f5555dfd4afca bind-devel-9.8.2-0.10.rc1.el6_3.3.i686.rpm
3d0386a69a83a42f3f32cde9386c00ffb391c3d5f29626b6e4ff27d92d08e25c bind-libs-9.8.2-0.10.rc1.el6_3.3.i686.rpm
c2e5d1d45d34d6839d9f3e00f2d414ee106d4a3e082d5fe6f7818d92dadf7de9 bind-sdb-9.8.2-0.10.rc1.el6_3.3.i686.rpm
f0d7cc2d8b296f1ebf1eceb4502e80067a73e9a76b6fb7935af7e303a0691cc7 bind-utils-9.8.2-0.10.rc1.el6_3.3.i686.rpm
[CentOS-announce] CESA-2012:1267 Important CentOS 5 bind Update
CentOS Errata and Security Advisory 2012:1267 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1267.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
39c8c9238abf9b335f1ed003f35d9e9e3f6b3305308178579825ecc610dfe5d6 bind-9.3.6-20.P1.el5_8.4.i386.rpm
7418897dbc146eb801df3aac10e98fe3e4f77bfe8c56c9cc9a0d7a4389599873 bind-chroot-9.3.6-20.P1.el5_8.4.i386.rpm
611d515d65dd3486568482afc045786e40749d42d5ed689f56fbe40980a0da49 bind-devel-9.3.6-20.P1.el5_8.4.i386.rpm
3228f24ee3c1a30c2a44bd4b8aa122722108e3a112cf835d3582dfb8b03cb486 bind-libbind-devel-9.3.6-20.P1.el5_8.4.i386.rpm
fe18d6ce4364979bc39fe72fd321b55ade17cba945d4769b1570c66a5c3d6806 bind-libs-9.3.6-20.P1.el5_8.4.i386.rpm
c3bf71bf6c52a36bab641f622a119249ac0f3f240bb7589c6dfcb78394892149 bind-sdb-9.3.6-20.P1.el5_8.4.i386.rpm
5c75bec8f7a212244480835cbc0fff342c72c588b7e0946e2afbcf7c4e2716d0 bind-utils-9.3.6-20.P1.el5_8.4.i386.rpm
8d62ed78cce8e4616edd4093fc5769fec881de4725def0bae7195f5b7d2c7dce caching-nameserver-9.3.6-20.P1.el5_8.4.i386.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1267.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
39c8c9238abf9b335f1ed003f35d9e9e3f6b3305308178579825ecc610dfe5d6 bind-9.3.6-20.P1.el5_8.4.i386.rpm
7418897dbc146eb801df3aac10e98fe3e4f77bfe8c56c9cc9a0d7a4389599873 bind-chroot-9.3.6-20.P1.el5_8.4.i386.rpm
611d515d65dd3486568482afc045786e40749d42d5ed689f56fbe40980a0da49 bind-devel-9.3.6-20.P1.el5_8.4.i386.rpm
3228f24ee3c1a30c2a44bd4b8aa122722108e3a112cf835d3582dfb8b03cb486 bind-libbind-devel-9.3.6-20.P1.el5_8.4.i386.rpm
fe18d6ce4364979bc39fe72fd321b55ade17cba945d4769b1570c66a5c3d6806 bind-libs-9.3.6-20.P1.el5_8.4.i386.rpm
c3bf71bf6c52a36bab641f622a119249ac0f3f240bb7589c6dfcb78394892149 bind-sdb-9.3.6-20.P1.el5_8.4.i386.rpm
5c75bec8f7a212244480835cbc0fff342c72c588b7e0946e2afbcf7c4e2716d0 bind-utils-9.3.6-20.P1.el5_8.4.i386.rpm
8d62ed78cce8e4616edd4093fc5769fec881de4725def0bae7195f5b7d2c7dce caching-nameserver-9.3.6-20.P1.el5_8.4.i386.rpm
[CentOS-announce] CESA-2012:1266 Important CentOS 5 bind97 Update
CentOS Errata and Security Advisory 2012:1266 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1266.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
bd2a22c259f0b45cd5731e071f025014fe32afc8db9496408efb3b89427008b3 bind97-9.7.0-10.P2.el5_8.3.i386.rpm
d2cf078f7432a704546e401a3781663f0c43cb0b40de0b1817a5725178788bae bind97-chroot-9.7.0-10.P2.el5_8.3.i386.rpm
8914931e1cb6b5d63313b238552f86cf10000c4dc971cff1b9ffa04309481963 bind97-devel-9.7.0-10.P2.el5_8.3.i386.rpm
2ac1acb17b5aa8ce18fc99bbf485db81d84e2aafedcaabd765a2710c0c96d48c bind97-libs-9.7.0-10.P2.el5_8.3.i386.rpm
aac09b86630f7bf90fa5b88ae848bbd2295130dbc0559f1efd019e4aacf81019 bind97-utils-9.7.0-10.P2.el5_8.3.i386.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1266.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
bd2a22c259f0b45cd5731e071f025014fe32afc8db9496408efb3b89427008b3 bind97-9.7.0-10.P2.el5_8.3.i386.rpm
d2cf078f7432a704546e401a3781663f0c43cb0b40de0b1817a5725178788bae bind97-chroot-9.7.0-10.P2.el5_8.3.i386.rpm
8914931e1cb6b5d63313b238552f86cf10000c4dc971cff1b9ffa04309481963 bind97-devel-9.7.0-10.P2.el5_8.3.i386.rpm
2ac1acb17b5aa8ce18fc99bbf485db81d84e2aafedcaabd765a2710c0c96d48c bind97-libs-9.7.0-10.P2.el5_8.3.i386.rpm
aac09b86630f7bf90fa5b88ae848bbd2295130dbc0559f1efd019e4aacf81019 bind97-utils-9.7.0-10.P2.el5_8.3.i386.rpm
Thursday, September 13, 2012
Fedora 18 Alpha is hereby declared GOLD
At the F18 Alpha Go/No-Go Meeting that just occurred, the Fedora 18
Alpha release was declared GOLD. F18 Alpha will be released Tuesday,
September 18, 2012.
Thanks to everyone who helped to make it possible, to ship Spherical
Cow out of the doors to the wild journey for Beta and GA!
Meeting details can be seen here:
Minutes: http://meetbot.fedoraproject.org/fedora-meeting-1/2012-09-13/f18_alpha_gono-go_meeting.2012-09-13-19.00.html
Log: http://meetbot.fedoraproject.org/fedora-meeting-1/2012-09-13/f18_alpha_gono-go_meeting.2012-09-13-19.00.log.html
Btw. documentation is requested for common bugs page, see Go/No-Go log + latest Blocker Review Meeting log.
Jaroslav
Your very happy schedule wrangler
Alpha release was declared GOLD. F18 Alpha will be released Tuesday,
September 18, 2012.
Thanks to everyone who helped to make it possible, to ship Spherical
Cow out of the doors to the wild journey for Beta and GA!
Meeting details can be seen here:
Minutes: http://meetbot.fedoraproject.org/fedora-meeting-1/2012-09-13/f18_alpha_gono-go_meeting.2012-09-13-19.00.html
Log: http://meetbot.fedoraproject.org/fedora-meeting-1/2012-09-13/f18_alpha_gono-go_meeting.2012-09-13-19.00.log.html
Btw. documentation is requested for common bugs page, see Go/No-Go log + latest Blocker Review Meeting log.
Jaroslav
Your very happy schedule wrangler
[CentOS-announce] CESA-2012:1263 Moderate CentOS 6 postgresql Update
CentOS Errata and Security Advisory 2012:1263 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1263.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
961ef503db4cbdaa64686c64b44051509c36efefbb0b6d4e7ae02af9e12811ed postgresql-8.4.13-1.el6_3.i686.rpm
21f78a399d765b4801f21cc29b96fb4587b0135d90f13bd9e7c5d6b77d863d0f postgresql-contrib-8.4.13-1.el6_3.i686.rpm
bb2492f52e028dcacfc7ee66f04512b212676cc6cd24378bde4ffeeaf3e1f5d0 postgresql-devel-8.4.13-1.el6_3.i686.rpm
e952c7166e69a632feca63cfa6febe2eaa4d5bbac339b716292717d0915a54c4 postgresql-docs-8.4.13-1.el6_3.i686.rpm
45bcd2662b5db057be9ef8a7a7cece0c27613bec4c3fb58484aa6791845703a8 postgresql-libs-8.4.13-1.el6_3.i686.rpm
29d8fa9a519d2b660819a2ea26ec70926691f2ceaf07247219f4cc231cdc9d68 postgresql-plperl-8.4.13-1.el6_3.i686.rpm
069ad26cd163b64864f86a0b1a87d6e3a98bae1b627740bd4118e47ad080cf4a postgresql-plpython-8.4.13-1.el6_3.i686.rpm
b98419aff2821fcacdb876db7386bd8c9462c1e8c02e76cbbdb47dcbc7791805 postgresql-pltcl-8.4.13-1.el6_3.i686.rpm
5315b12b4922f8223e6f7f3740c20d61fe1629f6af748f524e39cd01980c1d75 postgresql-server-8.4.13-1.el6_3.i686.rpm
3151288b83e70fbdba7657ad8cfacaba1df1a09bc5022025f0b5431bf5c450d8 postgresql-test-8.4.13-1.el6_3.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1263.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
961ef503db4cbdaa64686c64b44051509c36efefbb0b6d4e7ae02af9e12811ed postgresql-8.4.13-1.el6_3.i686.rpm
21f78a399d765b4801f21cc29b96fb4587b0135d90f13bd9e7c5d6b77d863d0f postgresql-contrib-8.4.13-1.el6_3.i686.rpm
bb2492f52e028dcacfc7ee66f04512b212676cc6cd24378bde4ffeeaf3e1f5d0 postgresql-devel-8.4.13-1.el6_3.i686.rpm
e952c7166e69a632feca63cfa6febe2eaa4d5bbac339b716292717d0915a54c4 postgresql-docs-8.4.13-1.el6_3.i686.rpm
45bcd2662b5db057be9ef8a7a7cece0c27613bec4c3fb58484aa6791845703a8 postgresql-libs-8.4.13-1.el6_3.i686.rpm
29d8fa9a519d2b660819a2ea26ec70926691f2ceaf07247219f4cc231cdc9d68 postgresql-plperl-8.4.13-1.el6_3.i686.rpm
069ad26cd163b64864f86a0b1a87d6e3a98bae1b627740bd4118e47ad080cf4a postgresql-plpython-8.4.13-1.el6_3.i686.rpm
b98419aff2821fcacdb876db7386bd8c9462c1e8c02e76cbbdb47dcbc7791805 postgresql-pltcl-8.4.13-1.el6_3.i686.rpm
5315b12b4922f8223e6f7f3740c20d61fe1629f6af748f524e39cd01980c1d75 postgresql-server-8.4.13-1.el6_3.i686.rpm
3151288b83e70fbdba7657ad8cfacaba1df1a09bc5022025f0b5431bf5c450d8 postgresql-test-8.4.13-1.el6_3.i686.rpm
[CentOS-announce] CESA-2012:1265 Important CentOS 6 libxslt Update
CentOS Errata and Security Advisory 2012:1265 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1265.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
6bffce617e831fcf49d21ff048e6fb1a439d5890c5b8a8a9588d71d6cda6b5f8 libxslt-1.1.26-2.el6_3.1.i686.rpm
768adfca5b9e5ba2c409cbddb3b5586413c9c1ca9ceddffa3106173ff10365d6 libxslt-devel-1.1.26-2.el6_3.1.i686.rpm
a789fe0222628645577c9a3497bf9294f1878c6804b51395e6299f7c26ebd771 libxslt-python-1.1.26-2.el6_3.1.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1265.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
6bffce617e831fcf49d21ff048e6fb1a439d5890c5b8a8a9588d71d6cda6b5f8 libxslt-1.1.26-2.el6_3.1.i686.rpm
768adfca5b9e5ba2c409cbddb3b5586413c9c1ca9ceddffa3106173ff10365d6 libxslt-devel-1.1.26-2.el6_3.1.i686.rpm
a789fe0222628645577c9a3497bf9294f1878c6804b51395e6299f7c26ebd771 libxslt-python-1.1.26-2.el6_3.1.i686.rpm
[CentOS-announce] CESA-2012:1261 Moderate CentOS 6 dbus Update
CentOS Errata and Security Advisory 2012:1261 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1261.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
e7122caa753db24dfea9a7ecb266b6d5db218c5e340994115947fc8f6d4da5db dbus-1.2.24-7.el6_3.i686.rpm
1e030d4e4a088d37ce2d445c885bef7a62ce85ea0213f76786aae030749c0704 dbus-devel-1.2.24-7.el6_3.i686.rpm
ae93d3f4cd861234307dabb171a29fd395268f02045bf596ddd753daf0182760 dbus-doc-1.2.24-7.el6_3.noarch.rpm
ec0af9c242c73008cf1b26e2ae3d132f62d8a6b9c866bfb463b6ea9d2eea71ab dbus-libs-1.2.24-7.el6_3.i686.rpm
eae4eec0b61d8d2de6ee5f1277d01afb9e71fa46f522fdfe7cb0de27fb9f167c dbus-x11-1.2.24-7.el6_3.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1261.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
e7122caa753db24dfea9a7ecb266b6d5db218c5e340994115947fc8f6d4da5db dbus-1.2.24-7.el6_3.i686.rpm
1e030d4e4a088d37ce2d445c885bef7a62ce85ea0213f76786aae030749c0704 dbus-devel-1.2.24-7.el6_3.i686.rpm
ae93d3f4cd861234307dabb171a29fd395268f02045bf596ddd753daf0182760 dbus-doc-1.2.24-7.el6_3.noarch.rpm
ec0af9c242c73008cf1b26e2ae3d132f62d8a6b9c866bfb463b6ea9d2eea71ab dbus-libs-1.2.24-7.el6_3.i686.rpm
eae4eec0b61d8d2de6ee5f1277d01afb9e71fa46f522fdfe7cb0de27fb9f167c dbus-x11-1.2.24-7.el6_3.i686.rpm
[CentOS-announce] CESA-2012:1265 Important CentOS 5 libxslt Update
CentOS Errata and Security Advisory 2012:1265 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1265.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
734626b9379a6d8930953042b7ff828ca94ab49eba0d28e4577a6f0c73eba7f4 libxslt-1.1.17-4.el5_8.3.i386.rpm
43833823f5ca89611cd20fcf95fe0d70608174300130c5ead75501ce70e61e51 libxslt-devel-1.1.17-4.el5_8.3.i386.rpm
391e8bf9a8eaea51f204783765cce929662fa61e0dc620d91aa1ae8702f82876 libxslt-python-1.1.17-4.el5_8.3.i386.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1265.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
734626b9379a6d8930953042b7ff828ca94ab49eba0d28e4577a6f0c73eba7f4 libxslt-1.1.17-4.el5_8.3.i386.rpm
43833823f5ca89611cd20fcf95fe0d70608174300130c5ead75501ce70e61e51 libxslt-devel-1.1.17-4.el5_8.3.i386.rpm
391e8bf9a8eaea51f204783765cce929662fa61e0dc620d91aa1ae8702f82876 libxslt-python-1.1.17-4.el5_8.3.i386.rpm
[CentOS-announce] CESA-2012:1263 Moderate CentOS 5 postgresql84 Update
CentOS Errata and Security Advisory 2012:1263 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1263.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
9e8b6362b15b2844ddc8b00c18a78d1d2d0baaf505eeef15228722668c37dfdf postgresql84-8.4.13-1.el5_8.i386.rpm
388b304ebc88f115ee15a2b4e5e59dcd4c7b6df6bd220c9011cf39438509ea03 postgresql84-contrib-8.4.13-1.el5_8.i386.rpm
4d5c4abb00cebbb39541b7cd76600f5a80db434a8aa4ddab9f6ee7583ec6fcd7 postgresql84-devel-8.4.13-1.el5_8.i386.rpm
25740e1688436587dcec1846b00593ec7ac7f1062bad253602e947e43ba40044 postgresql84-docs-8.4.13-1.el5_8.i386.rpm
63e70f6be7e7893dc4ef98acbee36e861e939d65e4226fa2c8b86378fa0b0dd7 postgresql84-libs-8.4.13-1.el5_8.i386.rpm
2718b23f222027064cd5e551400f8dca44eca311eca30077f9638916f23dbebd postgresql84-plperl-8.4.13-1.el5_8.i386.rpm
a8d2ad6e23f752f9aa4b0464cf30f8c8d9624e17438bc23b49c5f78af430dc06 postgresql84-plpython-8.4.13-1.el5_8.i386.rpm
db0815c1f4406bf21a86eca685e810c319d44ea8e3710b2be55205257645d48c postgresql84-pltcl-8.4.13-1.el5_8.i386.rpm
896b9a282bbedc466e218e48906f54671138ff7f8044c09dbaa026cb7c262244 postgresql84-python-8.4.13-1.el5_8.i386.rpm
55126ff0c08bacbfc2bd369cc1c49aeb7764c87b2ff12290c312d37a06390e54 postgresql84-server-8.4.13-1.el5_8.i386.rpm
44e5cdf95596f2209a9029a3a8dfa1570735e79a102531af3a5f2be25970d1e8 postgresql84-tcl-8.4.13-1.el5_8.i386.rpm
a74252b2c78a2394b780b27c2e2d66a3d79d6229cd2960637e08276e00c11acf postgresql84-test-8.4.13-1.el5_8.i386.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1263.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
9e8b6362b15b2844ddc8b00c18a78d1d2d0baaf505eeef15228722668c37dfdf postgresql84-8.4.13-1.el5_8.i386.rpm
388b304ebc88f115ee15a2b4e5e59dcd4c7b6df6bd220c9011cf39438509ea03 postgresql84-contrib-8.4.13-1.el5_8.i386.rpm
4d5c4abb00cebbb39541b7cd76600f5a80db434a8aa4ddab9f6ee7583ec6fcd7 postgresql84-devel-8.4.13-1.el5_8.i386.rpm
25740e1688436587dcec1846b00593ec7ac7f1062bad253602e947e43ba40044 postgresql84-docs-8.4.13-1.el5_8.i386.rpm
63e70f6be7e7893dc4ef98acbee36e861e939d65e4226fa2c8b86378fa0b0dd7 postgresql84-libs-8.4.13-1.el5_8.i386.rpm
2718b23f222027064cd5e551400f8dca44eca311eca30077f9638916f23dbebd postgresql84-plperl-8.4.13-1.el5_8.i386.rpm
a8d2ad6e23f752f9aa4b0464cf30f8c8d9624e17438bc23b49c5f78af430dc06 postgresql84-plpython-8.4.13-1.el5_8.i386.rpm
db0815c1f4406bf21a86eca685e810c319d44ea8e3710b2be55205257645d48c postgresql84-pltcl-8.4.13-1.el5_8.i386.rpm
896b9a282bbedc466e218e48906f54671138ff7f8044c09dbaa026cb7c262244 postgresql84-python-8.4.13-1.el5_8.i386.rpm
55126ff0c08bacbfc2bd369cc1c49aeb7764c87b2ff12290c312d37a06390e54 postgresql84-server-8.4.13-1.el5_8.i386.rpm
44e5cdf95596f2209a9029a3a8dfa1570735e79a102531af3a5f2be25970d1e8 postgresql84-tcl-8.4.13-1.el5_8.i386.rpm
a74252b2c78a2394b780b27c2e2d66a3d79d6229cd2960637e08276e00c11acf postgresql84-test-8.4.13-1.el5_8.i386.rpm
[CentOS-announce] CESA-2012:1264 Moderate CentOS 5 postgresql Update
CentOS Errata and Security Advisory 2012:1264 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1264.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
5e29c038ddc1527fa9a0ff5353b041274f1644a410b81ba069ec3ec95ecb3b21 postgresql-8.1.23-6.el5_8.i386.rpm
a58c64037613971a9cdcb83056a81d5f0edf332ced7c4e83ac36a64194bdca02 postgresql-contrib-8.1.23-6.el5_8.i386.rpm
c5e667e47db03af38ed6988e223a44472bda4894e53c21b596cca694692f0fa0 postgresql-devel-8.1.23-6.el5_8.i386.rpm
4a626b64d9e865ae15fe6f034dec8b4ee8614731b927704d714d96538b480287 postgresql-docs-8.1.23-6.el5_8.i386.rpm
93acab4c6ad4cf9297772bdc0b5f02fca740ca5827e66b201f47fe5e2230b009 postgresql-libs-8.1.23-6.el5_8.i386.rpm
960c3b5d486839d33fa478eeeeb3050178b4d3e2c1b6d120b061ac604204d33e postgresql-pl-8.1.23-6.el5_8.i386.rpm
e89f46c0a96e26d4e41c9e95895d0a3fb42e70bf63041bbe7af5022559d1a999 postgresql-python-8.1.23-6.el5_8.i386.rpm
85e084c5c4c1ee384b804f53c0554adc4acbf339de5bb8cf3c4e89c00ce43028 postgresql-server-8.1.23-6.el5_8.i386.rpm
01af2108a07bc008df7ff6b64ae900827790e6e1783030d282cedd1df324753b postgresql-tcl-8.1.23-6.el5_8.i386.rpm
af0adbcee037a92554d22391031acedb22622d802bc2c8e15e1992a4fd34ccbb postgresql-test-8.1.23-6.el5_8.i386.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1264.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
5e29c038ddc1527fa9a0ff5353b041274f1644a410b81ba069ec3ec95ecb3b21 postgresql-8.1.23-6.el5_8.i386.rpm
a58c64037613971a9cdcb83056a81d5f0edf332ced7c4e83ac36a64194bdca02 postgresql-contrib-8.1.23-6.el5_8.i386.rpm
c5e667e47db03af38ed6988e223a44472bda4894e53c21b596cca694692f0fa0 postgresql-devel-8.1.23-6.el5_8.i386.rpm
4a626b64d9e865ae15fe6f034dec8b4ee8614731b927704d714d96538b480287 postgresql-docs-8.1.23-6.el5_8.i386.rpm
93acab4c6ad4cf9297772bdc0b5f02fca740ca5827e66b201f47fe5e2230b009 postgresql-libs-8.1.23-6.el5_8.i386.rpm
960c3b5d486839d33fa478eeeeb3050178b4d3e2c1b6d120b061ac604204d33e postgresql-pl-8.1.23-6.el5_8.i386.rpm
e89f46c0a96e26d4e41c9e95895d0a3fb42e70bf63041bbe7af5022559d1a999 postgresql-python-8.1.23-6.el5_8.i386.rpm
85e084c5c4c1ee384b804f53c0554adc4acbf339de5bb8cf3c4e89c00ce43028 postgresql-server-8.1.23-6.el5_8.i386.rpm
01af2108a07bc008df7ff6b64ae900827790e6e1783030d282cedd1df324753b postgresql-tcl-8.1.23-6.el5_8.i386.rpm
af0adbcee037a92554d22391031acedb22622d802bc2c8e15e1992a4fd34ccbb postgresql-test-8.1.23-6.el5_8.i386.rpm
[USN-1566-1] Bind vulnerability
==========================================================================
Ubuntu Security Notice USN-1566-1
September 13, 2012
bind9 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Bind could be made to crash or if it received specially crafted network
traffic.
Software Description:
- bind9: Internet Domain Name Server
Details:
It was discovered that Bind incorrectly handled certain specially crafted
long resource records. A remote attacker could use this flaw to cause Bind
to crash, resulting in a denial of service.
Ubuntu Security Notice USN-1566-1
September 13, 2012
bind9 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Bind could be made to crash or if it received specially crafted network
traffic.
Software Description:
- bind9: Internet Domain Name Server
Details:
It was discovered that Bind incorrectly handled certain specially crafted
long resource records. A remote attacker could use this flaw to cause Bind
to crash, resulting in a denial of service.
[USN-1565-1] OpenStack Horizon vulnerability
========================================================================
Ubuntu Security Notice USN-1565-1
September 13, 2012
horizon vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
OpenStack Horizon could help expose sensitive information.
Software Description:
- horizon: Web interface for OpenStack cloud infrastructure
Details:
Thomas Biege discovered that the Horizon authentication mechanism
did not validate the next parameter. An attacker could use this to
construct a link to legitimate OpenStack web dashboard that redirected
the user to a malicious website after authentication.
Ubuntu Security Notice USN-1565-1
September 13, 2012
horizon vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
OpenStack Horizon could help expose sensitive information.
Software Description:
- horizon: Web interface for OpenStack cloud infrastructure
Details:
Thomas Biege discovered that the Horizon authentication mechanism
did not validate the next parameter. An attacker could use this to
construct a link to legitimate OpenStack web dashboard that redirected
the user to a malicious website after authentication.
[USN-1564-1] OpenStack Keystone vulnerability
========================================================================
Ubuntu Security Notice USN-1564-1
September 13, 2012
keystone vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
OpenStack Keystone did not properly handle user role changes
Software Description:
- keystone: OpenStack identity service
Details:
Dolph Mathews discovered that when roles are granted and revoked to
users in Keystone, pre-existing tokens were not updated or invalidated
to take the new roles into account. An attacker could use this to
continue to access resources that have been revoked.
Ubuntu Security Notice USN-1564-1
September 13, 2012
keystone vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
OpenStack Keystone did not properly handle user role changes
Software Description:
- keystone: OpenStack identity service
Details:
Dolph Mathews discovered that when roles are granted and revoked to
users in Keystone, pre-existing tokens were not updated or invalidated
to take the new roles into account. An attacker could use this to
continue to access resources that have been revoked.
Wednesday, September 12, 2012
[CentOS-announce] CESA-2012:1259 Moderate CentOS 6 quagga Update
CentOS Errata and Security Advisory 2012:1259 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1259.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
3c6e15ef1b49d41a5998c59e0ed1269c0e8a4847190e376528860de8114e1fa8 quagga-0.99.15-7.el6_3.2.i686.rpm
a1df0a8bc7151c943ad92f0dbc33397b14bbf5c11efe00d5c2ca0b5096ccbd63 quagga-contrib-0.99.15-7.el6_3.2.i686.rpm
0c4f326e942640131b7a6aa287eeb7dea5acaddcda31fa18457b7f7dc2200b85 quagga-devel-0.99.15-7.el6_3.2.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1259.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
3c6e15ef1b49d41a5998c59e0ed1269c0e8a4847190e376528860de8114e1fa8 quagga-0.99.15-7.el6_3.2.i686.rpm
a1df0a8bc7151c943ad92f0dbc33397b14bbf5c11efe00d5c2ca0b5096ccbd63 quagga-contrib-0.99.15-7.el6_3.2.i686.rpm
0c4f326e942640131b7a6aa287eeb7dea5acaddcda31fa18457b7f7dc2200b85 quagga-devel-0.99.15-7.el6_3.2.i686.rpm
[CentOS-announce] CEBA-2012:1260 CentOS 5 mod_nss Update
CentOS Errata and Bugfix Advisory 2012:1260
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1260.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
32947fe2088513a27dcedcec7ef658ceeecd63bf6e99899343db0220acbe20a9 mod_nss-1.0.8-4.el5_8.2.i386.rpm
x86_64:
ced1146e2aae34c6d5f240d292b45a62cec49daa5f0cf3073c64fb5de4b168bf mod_nss-1.0.8-4.el5_8.2.x86_64.rpm
Source:
205a21f2777841d97280656a3df1475d46500b53a59b55c56f58dfad2e73d00b mod_nss-1.0.8-4.el5_8.2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1260.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
32947fe2088513a27dcedcec7ef658ceeecd63bf6e99899343db0220acbe20a9 mod_nss-1.0.8-4.el5_8.2.i386.rpm
x86_64:
ced1146e2aae34c6d5f240d292b45a62cec49daa5f0cf3073c64fb5de4b168bf mod_nss-1.0.8-4.el5_8.2.x86_64.rpm
Source:
205a21f2777841d97280656a3df1475d46500b53a59b55c56f58dfad2e73d00b mod_nss-1.0.8-4.el5_8.2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
[CentOS-announce] CESA-2012:1258 Moderate CentOS 5 quagga Update
CentOS Errata and Security Advisory 2012:1258 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1258.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
9e44ffefa5dd2c51c5671edc8f39b336d2ac6230025e8dd3e2f7411ea9f233e9 quagga-0.98.6-7.el5_8.1.i386.rpm
e220b0c56c1e15755ea5e793bc2f4b7054cc7c9e030578941d62ab685fa3d6b2 quagga-contrib-0.98.6-7.el5_8.1.i386.rpm
0fd7b63c30861fcc848011e0c06ce1d1fae86806bfddccb093edeecd3b9e750f quagga-devel-0.98.6-7.el5_8.1.i386.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1258.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
9e44ffefa5dd2c51c5671edc8f39b336d2ac6230025e8dd3e2f7411ea9f233e9 quagga-0.98.6-7.el5_8.1.i386.rpm
e220b0c56c1e15755ea5e793bc2f4b7054cc7c9e030578941d62ab685fa3d6b2 quagga-contrib-0.98.6-7.el5_8.1.i386.rpm
0fd7b63c30861fcc848011e0c06ce1d1fae86806bfddccb093edeecd3b9e750f quagga-devel-0.98.6-7.el5_8.1.i386.rpm
Reminder: Go/No-Go Meeting Thursday September 13 3 PM EDT (19:00 UTC)
Join us on irc.freenode.net in #fedora-meeting-1 for this important
meeting, wherein we shall determine the readiness of the Fedora 18 Alpha.
Thursday, September 13, 2012 @19:00 UTC (15:00 EDT/21:00 CEST)
"Before each public release Development, QA and Release Engineering meet
to determine if the release criteria are met for a particular release.
This meeting is called the Go/No-Go Meeting."
"Verifying that the Release criteria are met is the responsibility of
the QA Team."
For more details about this meeting see: https://fedoraproject.org/wiki/Go_No_Go_Meeting
In the meantime, keep an eye on the Fedora 18 Alpha Blocker list:
http://qa.fedoraproject.org/blockerbugs/current
--
Jaroslav Řezník <jreznik@redhat.com>
Your schedule wrangler
Office: +420 532 294 275
Mobile: +420 602 797 774
Red Hat, Inc. http://www.redhat.com/
meeting, wherein we shall determine the readiness of the Fedora 18 Alpha.
Thursday, September 13, 2012 @19:00 UTC (15:00 EDT/21:00 CEST)
"Before each public release Development, QA and Release Engineering meet
to determine if the release criteria are met for a particular release.
This meeting is called the Go/No-Go Meeting."
"Verifying that the Release criteria are met is the responsibility of
the QA Team."
For more details about this meeting see: https://fedoraproject.org/wiki/Go_No_Go_Meeting
In the meantime, keep an eye on the Fedora 18 Alpha Blocker list:
http://qa.fedoraproject.org/blockerbugs/current
--
Jaroslav Řezník <jreznik@redhat.com>
Your schedule wrangler
Office: +420 532 294 275
Mobile: +420 602 797 774
Red Hat, Inc. http://www.redhat.com/
[CentOS-announce] CEBA-2012:1257 CentOS 5 gdb Update
CentOS Errata and Bugfix Advisory 2012:1257
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1257.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
65ccb670e911b8a2f0d74fe63af3956b6e058c679dfedf9a848555da0b297875 gdb-7.0.1-42.el5.centos.1.i386.rpm
Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1257.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
65ccb670e911b8a2f0d74fe63af3956b6e058c679dfedf9a848555da0b297875 gdb-7.0.1-42.el5.centos.1.i386.rpm
Tuesday, September 11, 2012
[CentOS-announce] CESA-2012:1256 Moderate CentOS 6 ghostscript Update
CentOS Errata and Security Advisory 2012:1256 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1256.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
2b429b5fca404716e399f9b4560ce523c54ebf47664bd47c0f803bd44db1ed95 ghostscript-8.70-14.el6_3.1.i686.rpm
4438885ebf07bbb64352d435720715c41ee4d0a8c3c7b81534759b2d34b5d8e8 ghostscript-devel-8.70-14.el6_3.1.i686.rpm
7c89d2ba7021e06a8a4e98d9ea951bd2972cda4265da1ec191619d7b07b53c85 ghostscript-doc-8.70-14.el6_3.1.i686.rpm
3cd22c84b41c8813e29c0ae75d9e80c7ea0c61183f02066d55024bd13d41d50d ghostscript-gtk-8.70-14.el6_3.1.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1256.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
2b429b5fca404716e399f9b4560ce523c54ebf47664bd47c0f803bd44db1ed95 ghostscript-8.70-14.el6_3.1.i686.rpm
4438885ebf07bbb64352d435720715c41ee4d0a8c3c7b81534759b2d34b5d8e8 ghostscript-devel-8.70-14.el6_3.1.i686.rpm
7c89d2ba7021e06a8a4e98d9ea951bd2972cda4265da1ec191619d7b07b53c85 ghostscript-doc-8.70-14.el6_3.1.i686.rpm
3cd22c84b41c8813e29c0ae75d9e80c7ea0c61183f02066d55024bd13d41d50d ghostscript-gtk-8.70-14.el6_3.1.i686.rpm
[CentOS-announce] CESA-2012:1255 Moderate CentOS 6 libexif Update
CentOS Errata and Security Advisory 2012:1255 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1255.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
44415b6b347b99d9c106904c516300aefd48e8036760afec5677abe05232058b libexif-0.6.21-5.el6_3.i686.rpm
e73cf39a46dc12dfeea72c51308feb3ad584ab01a2c8247971abd0f8ed282be6 libexif-devel-0.6.21-5.el6_3.i686.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1255.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
44415b6b347b99d9c106904c516300aefd48e8036760afec5677abe05232058b libexif-0.6.21-5.el6_3.i686.rpm
e73cf39a46dc12dfeea72c51308feb3ad584ab01a2c8247971abd0f8ed282be6 libexif-devel-0.6.21-5.el6_3.i686.rpm
[CentOS-announce] CESA-2012:1256 Moderate CentOS 5 ghostscript Update
CentOS Errata and Security Advisory 2012:1256 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1256.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
c37e5d457aa9fb770067dd2b5618c3cb9d3f4f4d3543b0944cbca0aa94febf84 ghostscript-8.70-14.el5_8.1.i386.rpm
33e8daf57bfea8f784a4e5cb06a00c0f3335b5279377383fdecee07f67eee340 ghostscript-devel-8.70-14.el5_8.1.i386.rpm
e48b731904f96fe0ca865a83f2fd851980d110f4626895c9f37691f72d0e2112 ghostscript-gtk-8.70-14.el5_8.1.i386.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1256.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
c37e5d457aa9fb770067dd2b5618c3cb9d3f4f4d3543b0944cbca0aa94febf84 ghostscript-8.70-14.el5_8.1.i386.rpm
33e8daf57bfea8f784a4e5cb06a00c0f3335b5279377383fdecee07f67eee340 ghostscript-devel-8.70-14.el5_8.1.i386.rpm
e48b731904f96fe0ca865a83f2fd851980d110f4626895c9f37691f72d0e2112 ghostscript-gtk-8.70-14.el5_8.1.i386.rpm
[CentOS-announce] CESA-2012:1255 Moderate CentOS 5 libexif Update
CentOS Errata and Security Advisory 2012:1255 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1255.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
6e920af8d43a148f5deedf517892bc443b3fabbc4f122b867171138cd9993793 libexif-0.6.21-1.el5_8.i386.rpm
ef67490ae71d02173aaef9ba1db91fe7eac393dffb920a91a589325571696722 libexif-devel-0.6.21-1.el5_8.i386.rpm
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1255.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
6e920af8d43a148f5deedf517892bc443b3fabbc4f122b867171138cd9993793 libexif-0.6.21-1.el5_8.i386.rpm
ef67490ae71d02173aaef9ba1db91fe7eac393dffb920a91a589325571696722 libexif-devel-0.6.21-1.el5_8.i386.rpm
[USN-1548-2] Firefox regression
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAlBPQHoACgkQTniv4aqX/VmS6wCeIbYjrs8CB5VREjRK3ke+KWor
k+sAoIaQ2NhCQCzhJ7GQMnBqyJqIZg3Y
=ABe/
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1548-2
September 11, 2012
firefox regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
USN-1548-1 introduced a regression in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
USN-1548-1 fixed vulnerabilities in Firefox. The new package caused a
regression in Private Browsing which could leak sites visited to the
browser cache. This update fixes the problem.
Original advisory details:
Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew
Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel
Holbert discovered memory safety issues affecting Firefox. If the user were
tricked into opening a specially crafted page, an attacker could exploit
these to cause a denial of service via application crash, or potentially
execute code with the privileges of the user invoking Firefox.
(CVE-2012-1970, CVE-2012-1971)
Abhishek Arya discovered multiple use-after-free vulnerabilities. If the
user were tricked into opening a specially crafted page, an attacker could
exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976,
CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960,
CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)
Mariusz Mlynsk discovered that it is possible to shadow the location object
using Object.defineProperty. This could potentially result in a cross-site
scripting (XSS) attack against plugins. With cross-site scripting
vulnerabilities, if a user were tricked into viewing a specially crafted
page, a remote attacker could exploit this to modify the contents or steal
confidential data within the same domain. (CVE-2012-1956)
Mariusz Mlynski discovered an escalation of privilege vulnerability through
about:newtab. This could possibly lead to potentially code execution with
the privileges of the user invoking Firefox. (CVE-2012-3965)
Frédéric Hoguin discovered that bitmap format images with a negative height
could potentially result in memory corruption. If the user were tricked
into opening a specially crafted image, an attacker could exploit
this to cause a denial of service via application crash, or potentially
execute code with the privileges of the user invoking Firefox.
(CVE-2012-3966)
It was discovered that Firefox's WebGL implementation was vulnerable to
multiple memory safety issues. If the user were tricked into opening a
specially crafted page, an attacker could exploit these to cause a denial
of service via application crash, or potentially execute code with the
privileges of the user invoking Firefox. (CVE-2012-3967, CVE-2012-3968)
Arthur Gerkis discovered multiple memory safety issues in Firefox's
Scalable Vector Graphics (SVG) implementation. If the user were tricked
into opening a specially crafted image, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-3969,
CVE-2012-3970)
Christoph Diehl discovered multiple memory safety issues in the bundled
Graphite 2 library. If the user were tricked into opening a specially
crafted page, an attacker could exploit these to cause a denial of service
via application crash, or potentially execute code with the privileges of
the user invoking Firefox. (CVE-2012-3971)
Nicolas Grégoire discovered an out-of-bounds read in the format-number
feature of XSLT. This could potentially cause inaccurate formatting of
numbers and information leakage. (CVE-2012-3972)
Mark Goodwin discovered that under certain circumstances, Firefox's
developer tools could allow remote debugging even when disabled.
(CVE-2012-3973)
It was discovered that when the DOMParser is used to parse text/html data
in a Firefox extension, linked resources within this HTML data will be
loaded. If the data being parsed in the extension is untrusted, it could
lead to information leakage and potentially be combined with other attacks
to become exploitable. (CVE-2012-3975)
Mark Poticha discovered that under certain circumstances incorrect SSL
certificate information can be displayed on the addressbar, showing the SSL
data for a previous site while another has been loaded. This could
potentially be used for phishing attacks. (CVE-2012-3976)
It was discovered that, in some instances, certain security checks in the
location object could be bypassed. This could allow for the loading of
restricted content and can potentially be combined with other issues to
become exploitable. (CVE-2012-3978)
Colby Russell discovered that eval in the web console can execute injected
code with chrome privileges, leading to the running of malicious code in a
privileged context. If the user were tricked into opening a specially
crafted page, an attacker could exploit this to cause a denial of service
via application crash, or potentially execute code with the privileges of
the user invoking Firefox. (CVE-2012-3980)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
firefox 15.0.1+build1-0ubuntu0.12.04.1
Ubuntu 11.10:
firefox 15.0.1+build1-0ubuntu0.11.10.1
Ubuntu 11.04:
firefox 15.0.1+build1-0ubuntu0.11.04.1
Ubuntu 10.04 LTS:
firefox 15.0.1+build1-0ubuntu0.10.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1548-2
http://www.ubuntu.com/usn/usn-1548-1
https://launchpad.net/bugs/1047667
Package Information:
https://launchpad.net/ubuntu/+source/firefox/15.0.1+build1-0ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/firefox/15.0.1+build1-0ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/firefox/15.0.1+build1-0ubuntu0.11.04.1
https://launchpad.net/ubuntu/+source/firefox/15.0.1+build1-0ubuntu0.10.04.1
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAlBPQHoACgkQTniv4aqX/VmS6wCeIbYjrs8CB5VREjRK3ke+KWor
k+sAoIaQ2NhCQCzhJ7GQMnBqyJqIZg3Y
=ABe/
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1548-2
September 11, 2012
firefox regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
USN-1548-1 introduced a regression in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
USN-1548-1 fixed vulnerabilities in Firefox. The new package caused a
regression in Private Browsing which could leak sites visited to the
browser cache. This update fixes the problem.
Original advisory details:
Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew
Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel
Holbert discovered memory safety issues affecting Firefox. If the user were
tricked into opening a specially crafted page, an attacker could exploit
these to cause a denial of service via application crash, or potentially
execute code with the privileges of the user invoking Firefox.
(CVE-2012-1970, CVE-2012-1971)
Abhishek Arya discovered multiple use-after-free vulnerabilities. If the
user were tricked into opening a specially crafted page, an attacker could
exploit these to cause a denial of service via application crash, or
potentially execute code with the privileges of the user invoking Firefox.
(CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976,
CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960,
CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)
Mariusz Mlynsk discovered that it is possible to shadow the location object
using Object.defineProperty. This could potentially result in a cross-site
scripting (XSS) attack against plugins. With cross-site scripting
vulnerabilities, if a user were tricked into viewing a specially crafted
page, a remote attacker could exploit this to modify the contents or steal
confidential data within the same domain. (CVE-2012-1956)
Mariusz Mlynski discovered an escalation of privilege vulnerability through
about:newtab. This could possibly lead to potentially code execution with
the privileges of the user invoking Firefox. (CVE-2012-3965)
Frédéric Hoguin discovered that bitmap format images with a negative height
could potentially result in memory corruption. If the user were tricked
into opening a specially crafted image, an attacker could exploit
this to cause a denial of service via application crash, or potentially
execute code with the privileges of the user invoking Firefox.
(CVE-2012-3966)
It was discovered that Firefox's WebGL implementation was vulnerable to
multiple memory safety issues. If the user were tricked into opening a
specially crafted page, an attacker could exploit these to cause a denial
of service via application crash, or potentially execute code with the
privileges of the user invoking Firefox. (CVE-2012-3967, CVE-2012-3968)
Arthur Gerkis discovered multiple memory safety issues in Firefox's
Scalable Vector Graphics (SVG) implementation. If the user were tricked
into opening a specially crafted image, an attacker could exploit these to
cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-3969,
CVE-2012-3970)
Christoph Diehl discovered multiple memory safety issues in the bundled
Graphite 2 library. If the user were tricked into opening a specially
crafted page, an attacker could exploit these to cause a denial of service
via application crash, or potentially execute code with the privileges of
the user invoking Firefox. (CVE-2012-3971)
Nicolas Grégoire discovered an out-of-bounds read in the format-number
feature of XSLT. This could potentially cause inaccurate formatting of
numbers and information leakage. (CVE-2012-3972)
Mark Goodwin discovered that under certain circumstances, Firefox's
developer tools could allow remote debugging even when disabled.
(CVE-2012-3973)
It was discovered that when the DOMParser is used to parse text/html data
in a Firefox extension, linked resources within this HTML data will be
loaded. If the data being parsed in the extension is untrusted, it could
lead to information leakage and potentially be combined with other attacks
to become exploitable. (CVE-2012-3975)
Mark Poticha discovered that under certain circumstances incorrect SSL
certificate information can be displayed on the addressbar, showing the SSL
data for a previous site while another has been loaded. This could
potentially be used for phishing attacks. (CVE-2012-3976)
It was discovered that, in some instances, certain security checks in the
location object could be bypassed. This could allow for the loading of
restricted content and can potentially be combined with other issues to
become exploitable. (CVE-2012-3978)
Colby Russell discovered that eval in the web console can execute injected
code with chrome privileges, leading to the running of malicious code in a
privileged context. If the user were tricked into opening a specially
crafted page, an attacker could exploit this to cause a denial of service
via application crash, or potentially execute code with the privileges of
the user invoking Firefox. (CVE-2012-3980)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
firefox 15.0.1+build1-0ubuntu0.12.04.1
Ubuntu 11.10:
firefox 15.0.1+build1-0ubuntu0.11.10.1
Ubuntu 11.04:
firefox 15.0.1+build1-0ubuntu0.11.04.1
Ubuntu 10.04 LTS:
firefox 15.0.1+build1-0ubuntu0.10.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1548-2
http://www.ubuntu.com/usn/usn-1548-1
https://launchpad.net/bugs/1047667
Package Information:
https://launchpad.net/ubuntu/+source/firefox/15.0.1+build1-0ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/firefox/15.0.1+build1-0ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/firefox/15.0.1+build1-0ubuntu0.11.04.1
https://launchpad.net/ubuntu/+source/firefox/15.0.1+build1-0ubuntu0.10.04.1
Subscribe to:
Posts (Atom)