Unix News Tutorials Events and Stuff: October 2012

Wednesday, October 31, 2012

[Guidelines Change] Changes to the Packaging Guidelines

Some changes to the Fedora Packaging Guidelines have been made:

---

In the specific case where multiple software components generate
identically named (but incompatible) binaries, Fedora Packagers should
make every effort to convince the upstreams to rename the binaries to
resolve the conflict (see: Packaging:Conflicts#Binary_Name_Conflicts).
However, if neither upstream is willing to rename the binaries to
resolve the conflict, AND the binaries are not viable candidates for
alternatives or environment modules (incompatible runtimes), as long as
there are no clear cases for both packages to be installed
simultaneously, explicit Conflicts are permitted at the packager's
discretion. Both packages must carry Conflicts in this case.

Be aware, adding explicit Conflicts means that if any other packages
depend on your package, you may be creating a chain-of-conflicts that
could cause user pain. Please consider this as a last resort.

https://fedoraproject.org/wiki/Packaging:Conflicts#Incompatible_Binary_Files_with_Conflicting_Naming_.28and_stubborn_upstreams.29

---

The PEAR section of the PHP Guidelines has been updated to reflect the
existence of a new macro, %{pear_metadir}, along with an example of how
it is to be used, and a new EPEL specific section relating to the fact
that %{pear_metadir} does not exist in RHEL php builds.

https://fedoraproject.org/wiki/Packaging:PHP#PEAR_Modules

---

The MPI Guidelines have been updated to install the module files under a
"mpi" sub-directory and adds "conflict mpi" to the module files to avoid
being able to load multiple mpi modules at one time.

https://fedoraproject.org/wiki/Packaging:MPI

---

These guideline changes were approved by the Fedora Packaging
Committee (FPC).

Many thanks to Remi Collet, Orion Poplawski, Michal Sekletar, and all of
the members of the FPC, for assisting in drafting, refining, and passing
these guidelines.

As a reminder: The Fedora Packaging Guidelines are living documents! If
you find something missing, incorrect, or in need of revision, you can
suggest a draft change. The procedure for this is documented here:
https://fedoraproject.org/wiki/Packaging/Committee#GuidelineChangeProcedure

Thanks,

~tom

_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel-announce

OpenBSD mailing list policy change

Since its inception, the OpenBSD mailing lists have allowed postings
from any address, regardless of whether or not the sender was a
member of the mailing list. As the years have gone by, more and
more spam has gotten through, evading both grey listing and
SpamAssassin.

To address this problem, the OpenBSD list server will start requiring
that posts be made from an address that is subscribed to the mailing
list, or an address that is marked as an "alias" in the sender's
majordomo settings. Messages that don't meet this criteria will
have to be confirmed by the sender (not the moderator) via an
automated message sent by the list server.

This change will take effect the morning of November 1, shortly
after OpenBSD 5.2 is released.

I realize that there are a number of people who post from an address
different from the one that they are subscribed with. It is easy
to add extra addresses as "aliases" in your majordomo settings which
will allow you to post from that address without requiring confirmation.
The simplest way to do this is via the web interface at

https://lists.openbsd.org/cgi-bin/mj_wwwusr?func=show

After logging in, if you scroll down past your subscriptions list
you will see a section titled "Other E-mail Addresses". Simply
enter the address you wish to post from in the "Other address:" box
and click the "alias" button.

For those of you who read the lists via alternate means (web-based
list archive, Usenet, carrier pigeon, etc), if you wish to be able
to post to a list without confirming each message you will need to
subscribe so that you are "known" to majordomo. You can set the
"delivery class" on the settings page (same url as above) to "no
messages" if you do not wish to receive postings via email.

Alias additions and delivery settings can also be changed via the
email interface if you are so inclined. Send majordomo@openbsd.org
"help alias" and/or "help set" commands to receive the relevant
help files.

- todd

Tuesday, October 30, 2012

[arch-announce] ConsoleKit replaced by logind

Allan McRae wrote:

With GNOME 3.6, polkit and networkmanager moving to [extra], ConsoleKit has now
been removed from the repositories. Any package that previously depended on it
now relies on systemd-logind instead. That means that the system must be booted
with systemd to be fully functional.

In addition to GNOME, both KDE and XFCE are also affected by this change.

URL: https://www.archlinux.org/news/consolekit-replaced-by-logind/
_______________________________________________
arch-announce mailing list
arch-announce@archlinux.org
https://mailman.archlinux.org/mailman/listinfo/arch-announce

[CentOS-announce] CESA-2012:1416 Critical CentOS 6 kdelibs Update

CentOS Errata and Security Advisory 2012:1416 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1416.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
33036271c59622de9d1e41292b439bcd431b2301062e06105b34dfee7f3d5e84 kdelibs-4.3.4-14.el6_3.2.i686.rpm
b9352b421bec617bb0a3cad8625d135881d0c6d65aa3b21116eaee253352426f kdelibs-apidocs-4.3.4-14.el6_3.2.noarch.rpm
9d15714194d7863d58e66f513cf550d3e47cbc738effa02482d1e9239d541504 kdelibs-common-4.3.4-14.el6_3.2.i686.rpm
5b37bac40f3c5fc62a525db25a60a545fc673eefc064fa1be9fb77252fc2886b kdelibs-devel-4.3.4-14.el6_3.2.i686.rpm

x86_64:
33036271c59622de9d1e41292b439bcd431b2301062e06105b34dfee7f3d5e84 kdelibs-4.3.4-14.el6_3.2.i686.rpm
e451694e3640fd0fa9f86ec4c19532ff9bbdcf22177375cc408774b19c6b1dce kdelibs-4.3.4-14.el6_3.2.x86_64.rpm
9b4042d66d14495a87b1c59e869a09250ec53f2e31381efaf3c47bd9f3ab8e93 kdelibs-apidocs-4.3.4-14.el6_3.2.noarch.rpm
0e1206fa157f02aa6c4c4e683c93d177556173f9dd883f55ba58a4f896865be8 kdelibs-common-4.3.4-14.el6_3.2.x86_64.rpm
5b37bac40f3c5fc62a525db25a60a545fc673eefc064fa1be9fb77252fc2886b kdelibs-devel-4.3.4-14.el6_3.2.i686.rpm
80f25fcb9dc1626920daa8e48d6a2e0ab335532445953b443629bd3c47d39fba kdelibs-devel-4.3.4-14.el6_3.2.x86_64.rpm

Source:
9dcfe5dc7574d7383dc7de6a0e3c730b096078a779d11765b4765e57630d9d12 kdelibs-4.3.4-14.el6_3.2.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2012:1418 Critical CentOS 6 kdelibs Update

CentOS Errata and Security Advisory 2012:1418 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1418.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
f0bcc463cb9d74facf1c009c2b85c78518656ea3abb753a30a5ad1f1cf3f4ff7 kdelibs-4.3.4-19.el6.i686.rpm
10d6ebf979951bf85977556eee1ed95be2967280ddb503930f04cb93c7fe2090 kdelibs-apidocs-4.3.4-19.el6.noarch.rpm
4e124abd1619704f54bacc0c412748e80caa7575fa131cc9a64a918f17dc409a kdelibs-common-4.3.4-19.el6.i686.rpm
bbbd930179a87d61f2e428b5322105afc1089a1dbfcdf03d1392ad00432fe048 kdelibs-devel-4.3.4-19.el6.i686.rpm

x86_64:
f0bcc463cb9d74facf1c009c2b85c78518656ea3abb753a30a5ad1f1cf3f4ff7 kdelibs-4.3.4-19.el6.i686.rpm
ff4166dbbff91f24965d6e069d1c1d3e6cb381e52476e661706858dd3c7cda0e kdelibs-4.3.4-19.el6.x86_64.rpm
4a964466bf565023103383af20ce52a1996ede295a478d46d8289b7940c60907 kdelibs-apidocs-4.3.4-19.el6.noarch.rpm
70a7a40fa59f6854ab7b001429423d1667326520474eb22e8525c1e86d8e7384 kdelibs-common-4.3.4-19.el6.x86_64.rpm
bbbd930179a87d61f2e428b5322105afc1089a1dbfcdf03d1392ad00432fe048 kdelibs-devel-4.3.4-19.el6.i686.rpm
f0411e459b75bdaa279e9d956fe49a75823f6b51a622ab828aed8d5399448b66 kdelibs-devel-4.3.4-19.el6.x86_64.rpm

Source:
8dcdfde834684d0e729e214dc830d052d370e7d7cf497195ef380dc56616996b kdelibs-4.3.4-19.el6.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2012:1414 CentOS 6 cpio Update

CentOS Errata and Bugfix Advisory 2012:1414

Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1414.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
5eaf7281527b422bf50b5859a39f4710adeb5a102a4cd5453458a3894aae8f9a cpio-2.10-11.el6_3.i686.rpm

x86_64:
70a6dcb83fac5fa7dab1f38c4df5ca45a4a1049110d1e13a35eab247967add66 cpio-2.10-11.el6_3.x86_64.rpm

Source:
5f127aac9866889f869f3c73a9a21bf73e12680a329cecc786b192af5a0087c0 cpio-2.10-11.el6_3.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEEA-2012:1415 CentOS 5 iptables Update

CentOS Errata and Enhancement Advisory 2012:1415

Upstream details at : https://rhn.redhat.com/errata/RHEA-2012-1415.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
8a286c64f5164b17b5a7a24683c898c1b71f5f20b77a7ceba7d56df3e652a0a2 iptables-1.3.5-9.2.el5_8.i386.rpm
fe8d9da60dbd7fb33e6f2e4838ab58d51086bd6e2e950bd1409bab849de6e8c0 iptables-devel-1.3.5-9.2.el5_8.i386.rpm
086e5ebdd6fd576fda7d2cece6ec9b0decd2e512c8ce8ae824ba6c51750dc099 iptables-ipv6-1.3.5-9.2.el5_8.i386.rpm

x86_64:
01e65d5f3769bee51085fb6479d3649ac90239d2eae240f6211b4dfde999dbf8 iptables-1.3.5-9.2.el5_8.x86_64.rpm
fe8d9da60dbd7fb33e6f2e4838ab58d51086bd6e2e950bd1409bab849de6e8c0 iptables-devel-1.3.5-9.2.el5_8.i386.rpm
29605e1c164e837afc2441d6d1eb19bc4fc09757e5beb14c7b4958b1dae25abb iptables-devel-1.3.5-9.2.el5_8.x86_64.rpm
e528dc9f548f987375989717fb55d06a7b8f5f1685ce7dd3293591a0e77a3047 iptables-ipv6-1.3.5-9.2.el5_8.x86_64.rpm

Source:
d2a9851af4916aca244ee5b62149bf140d1192a8c1e2f0a1c80e4de439ce9586 iptables-1.3.5-9.2.el5_8.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

Fedora 18 Beta Go/No-Go Meeting, Thursday, November 01 @ 17:00 UTC (1pm Eastern, 10am Pacific)

Join us on irc.freenode.net in #fedora-meeting-1 for this important
meeting, wherein we shall determine the readiness of the Fedora 18 Beta.

Thursday, November 01, 2012 @17:00 UTC (13:00 EDT/10:00 PDT/18:00 CET)

"Before each public release Development, QA and Release Engineering meet
to determine if the release criteria are met for a particular release.
This meeting is called the Go/No-Go Meeting."

"Verifying that the Release criteria are met is the responsibility of
the QA Team."

For more details about this meeting see:
https://fedoraproject.org/wiki/Go_No_Go_Meeting

In the meantime, keep an eye on the Fedora 18 Beta Blocker list:
http://qa.fedoraproject.org/blockerbugs/milestone/18/beta/buglist

Reminder: Fedora 18 Beta readiness meeting follows the Go/No-Go meeting
in two hours (19:00 UTC, 3pm Eastern, 12pm Pacific).

Btw. please check time against UTC as we are during the daylight saving
time change period...

Jaroslav
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel-announce

[CentOS-announce] CESA-2012:1413 Important CentOS 6 thunderbird Update

CentOS Errata and Security Advisory 2012:1413 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1413.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
91ede5966de441eba302bd659447f5efc2b7183aedcda117376edf62fdc9cb4a thunderbird-10.0.10-1.el6.centos.i686.rpm

x86_64:
043cdc5dd7042ce32f99de86223aa888f2f3f04aef4f8dbbb55e4773cfe6ea52 thunderbird-10.0.10-1.el6.centos.x86_64.rpm

Source:
dbe2d9aacfc23d42ce2649778e4c03db5fa67cdb05162f3e0a36459faca2d047 thunderbird-10.0.10-1.el6.centos.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

Monday, October 29, 2012

[CentOS-announce] CESA-2012:1413 Important CentOS 5 thunderbird Update

CentOS Errata and Security Advisory 2012:1413 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1413.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
9f016ba63b0980ddf4355c0cf56cc79c3ed68f18e59b693f5db862ed4645bde4 thunderbird-10.0.10-1.el5.centos.i386.rpm

x86_64:
92b59ac5c11685fc6f5468bc0e9bda74fafdde930e1f9f32b3b4ccda0211602a thunderbird-10.0.10-1.el5.centos.x86_64.rpm

Source:
bede21c9f106cecc158407c4c89cbf6a9c4dd05b563407e06c5b5c3af73eb3b4 thunderbird-10.0.10-1.el5.centos.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[USN-1620-2] Thunderbird vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlCPLdgACgkQTniv4aqX/Vn/owCaAyDDzcoNBS2z4o3XBCwoZwzo
bbgAoIj6IrSMmRyW9pKDaA7STR0KGiQ1
=k1Kn
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1620-2
October 30, 2012

thunderbird vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in Thunderbird.

Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

USN-1620-1 fixed vulnerabilities in Firefox. This update provides the
corresponding updates for Thunderbird. Please note that Thunderbird is only
affected by window.location issues through RSS feeds and extensions that
load web content.

Original advisory details:

Mariusz Mlynski and others discovered several flaws in Firefox that allowed
a remote attacker to conduct cross-site scripting (XSS) attacks.
(CVE-2012-4194, CVE-2012-4195)

Antoine Delignat-Lavaud discovered a flaw in the way Firefox handled the
Location object. If a user were tricked into opening a specially crafted
page, a remote attacker could exploit this to bypass security protections
and perform cross-origin reading of the Location object. (CVE-2012-4196)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
thunderbird 16.0.2+build1-0ubuntu0.12.10.1

Ubuntu 12.04 LTS:
thunderbird 16.0.2+build1-0ubuntu0.12.04.1

Ubuntu 11.10:
thunderbird 16.0.2+build1-0ubuntu0.11.10.1

Ubuntu 10.04 LTS:
thunderbird 16.0.2+build1-0ubuntu0.10.04.1

After a standard system update you need to restart Thunderbird to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1620-2
http://www.ubuntu.com/usn/usn-1620-1
CVE-2012-4194, CVE-2012-4195, CVE-2012-4196, https://launchpad.net/bugs/1072362

Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/16.0.2+build1-0ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/thunderbird/16.0.2+build1-0ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/thunderbird/16.0.2+build1-0ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/thunderbird/16.0.2+build1-0ubuntu0.10.04.1

[CentOS-announce] CEBA-2012:1409 CentOS 6 mt-st FASTTRACK Update

CentOS Errata and Bugfix Advisory 2012:1409

Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1409.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
073a6206cedecbf2602816b3e06129688c891f45b460335aa390e164396e5712 mt-st-1.1-5.el6.i686.rpm

x86_64:
6660763209ee2f92af6314fefe73d10bd129cfdd04735f8ad419f917977ba930 mt-st-1.1-5.el6.x86_64.rpm

Source:
c7e6ee8c19e00d9d859ce142dfda7f9c988f4a7950ba60fa9c6063d77dd232c8 mt-st-1.1-5.el6.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2012:1411 CentOS 5 perl Update

CentOS Errata and Bugfix Advisory 2012:1411

Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1411.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
24081b99412aee2fd7d43ccd0a661dd5e197c4c55d68c850309186fa2246cf6e perl-5.8.8-38.el5_8.i386.rpm
84290d921e45c6425bbd595d72398458074b306938ad9c9e7c352b27f24a1b87 perl-suidperl-5.8.8-38.el5_8.i386.rpm

x86_64:
e51507a9828202aaf346c4b6d8530942157e029b67ed1b91bd7c3d0c3865452b perl-5.8.8-38.el5_8.x86_64.rpm
03cca64f455488fbd32394404ae9a9eeed43a324a9466cefb4f0b550c07c8786 perl-suidperl-5.8.8-38.el5_8.x86_64.rpm

Source:
a5f9f2733154326657b7d9c8fa0f8857ba052452ab5a6d4bcce03f6df8134b9c perl-5.8.8-38.el5_8.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

Sunday, October 28, 2012

Ubuntu 11.04 (Natty Narwhal) end-of-life reached on October 28, 2012

This note is just to confirm that the support period for Ubuntu 11.04
(Natty Narwhal) formally ends on October 28, 2012 and Ubuntu Security
Notices no longer includes information or updated packages for
Ubuntu 11.04.

The supported upgrade path from Ubuntu 11.04 is via Ubuntu 11.10
(Oneiric Ocelot). Instructions and caveats for the upgrade may be
found at https://help.ubuntu.com/community/OneiricUpgrades. Note
that upgrades to version 11.10 and beyond are only supported in
multiple steps, via an upgrade first to 11.10, then to 12.04.
Both Ubuntu 11.10 and Ubuntu 12.04 continue to be actively
supported with security updates and select high-impact bug fixes.
All announcements of official security updates for Ubuntu releases
are sent to the ubuntu-security-announce mailing list, information
about which may be found at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce.

Since its launch in October 2004 Ubuntu has become one of the most
highly regarded Linux distributions with millions of users in homes,
schools, businesses and governments around the world. Ubuntu is Open
Source software, costs nothing to download, and users are free to
customize or alter their software in order to meet their needs.

on behalf of the Release Team,
Kate Stewart

--
ubuntu-announce mailing list
ubuntu-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-announce

Friday, October 26, 2012

[CentOS-announce] CESA-2012:1407 Critical CentOS 6 firefox Update

CentOS Errata and Security Advisory 2012:1407 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1407.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
a8e41c9ef6fb785688196721fa8e9a46d6799a0a93236c7d93f9a1935568792c firefox-10.0.10-1.el6.centos.i686.rpm
e57f929a8a042e57659b2a47f88b377f28d50a61c1ee0c55d685ddfc23f6b6d7 xulrunner-10.0.10-1.el6.centos.i686.rpm
65e922618c64117049421d5eacd6c5b7e507795f71192e0b39ece5129ad8d5b9 xulrunner-devel-10.0.10-1.el6.centos.i686.rpm

x86_64:
a8e41c9ef6fb785688196721fa8e9a46d6799a0a93236c7d93f9a1935568792c firefox-10.0.10-1.el6.centos.i686.rpm
0e3c396caebdee19ebc157c849676f8baa9367e58d5ac6257ca031d022851bd9 firefox-10.0.10-1.el6.centos.x86_64.rpm
e57f929a8a042e57659b2a47f88b377f28d50a61c1ee0c55d685ddfc23f6b6d7 xulrunner-10.0.10-1.el6.centos.i686.rpm
36eafb32c1fd090e022a9d07c8123ea867368ad6f8ae202285f9b7256c2816c1 xulrunner-10.0.10-1.el6.centos.x86_64.rpm
65e922618c64117049421d5eacd6c5b7e507795f71192e0b39ece5129ad8d5b9 xulrunner-devel-10.0.10-1.el6.centos.i686.rpm
25ac125059654f35dd80b7cba6d9487a7814ffb8c95e39f7eeba901aa3c46d84 xulrunner-devel-10.0.10-1.el6.centos.x86_64.rpm

Source:
9d75078914cd286c15e200011dbae86f3073c8c6de4a9cb1394cc3ca8f121926 firefox-10.0.10-1.el6.centos.src.rpm
f134ca4c997e765ddc12160706b00297fbf8922d89d7f8ac6a812c30c810f7de xulrunner-10.0.10-1.el6.centos.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2012:1407 Critical CentOS 5 firefox Update

CentOS Errata and Security Advisory 2012:1407 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1407.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
72895342418334b24ba109554669900b2f2ec1e3815cafe5f35b3a4cd15b8245 firefox-10.0.10-1.el5.centos.i386.rpm
8a4b0d478a7772ead69ad21090185a15c3eab4b797dc42cc6ad5b6e588a9bbd5 xulrunner-10.0.10-1.el5_8.i386.rpm
f930e8fb9019926eeb2a318cef41e45e6d2a77b82621a7188a02a4e0fb2d21ed xulrunner-devel-10.0.10-1.el5_8.i386.rpm

x86_64:
72895342418334b24ba109554669900b2f2ec1e3815cafe5f35b3a4cd15b8245 firefox-10.0.10-1.el5.centos.i386.rpm
f67786930970a5b091cc886b18cb8bb8ee90b5d1a911141d8dd4ead99771248d firefox-10.0.10-1.el5.centos.x86_64.rpm
8a4b0d478a7772ead69ad21090185a15c3eab4b797dc42cc6ad5b6e588a9bbd5 xulrunner-10.0.10-1.el5_8.i386.rpm
8b4f3b899d7f558231350a402a80ebec91afec2ec989897eb9e2cd9f2e068912 xulrunner-10.0.10-1.el5_8.x86_64.rpm
f930e8fb9019926eeb2a318cef41e45e6d2a77b82621a7188a02a4e0fb2d21ed xulrunner-devel-10.0.10-1.el5_8.i386.rpm
9284c592791c0885881c2e704eeb6d5a54040fa82568605c95683dfbb1948940 xulrunner-devel-10.0.10-1.el5_8.x86_64.rpm

Source:
bf155b83e3e322a5dc5b850ca3aa4f43f6443ace31e38d1fa24b24479c1a1af9 firefox-10.0.10-1.el5.centos.src.rpm
6cfad3f390d35e19a2e584052e1df8d6b9d792bc2ea376b2d2fbe3584fc9509d xulrunner-10.0.10-1.el5_8.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[USN-1620-1] Firefox vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQiwKNAAoJEFHb3FjMVZVzMIEQAJ02V/T+I31ldROWPc/oTys7
MLs7XYOkaX+/lL6sR50J+XdYes1YWQ4mtw1RDhXQT3Btbd61nD/kAmR2V0SV9N6Q
azswVvxumXIeropVSUN3EbSZ4vrU8fDVh0Mb5BVF2+bh+hUlF3oI1taT4xMK85eg
7bRYQMpwr7AdF/p9FymcUVjfzKg1GrtDCMvr8pmu3XQnGPxx+1MT7fISqYZenU1W
FdWrlMcCQ8BNSEEhltO/aEQSDsYOrC0hBT0aMQ2+HLjrgxjygikRRvobW+gcxqBI
9JDYa/gj5n2vmKyGu4elZsjyG3NAA+sXGjEjKmXDoj/CrHAKzQmebZ0ilZxkqoqj
raZ3T0pn833R24yUj+5KBhzxeum0+JV7PO6yJ4yCzWUd6GQs5eOYRhYFaWpLrVTF
zUqpO906uZQGMoAq13CEsG5CbnnQKiSdzu2jVRwfAmugjDueO3qGUNR41ad/r/hg
Vxl1avboiCkHNsHMKvuudN9RiXBLC24A7l5ilNEK7VpXHSOsduxxZrX/WLBNtuOV
RR8zIkUvVKRPz8b3TJmLMKP4lmu/dYIL7nUG5EWf86SEaD8/GyjR+m6DrWL5PmL/
TauQZeHe3Y+iWLJUOpfHgzcXC/f+v0rq9iYZ8YC7zAK0ibYWdWp6KfGa/cTYqppQ
7A98ruxjNVck2XLyA3VR
=iNZs
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1620-1
October 26, 2012

firefox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in Firefox.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

Mariusz Mlynski and others discovered several flaws in Firefox that allowed
a remote attacker to conduct cross-site scripting (XSS) attacks.
(CVE-2012-4194, CVE-2012-4195)

Antoine Delignat-Lavaud discovered a flaw in the way Firefox handled the
Location object. If a user were tricked into opening a specially crafted
page, a remote attacker could exploit this to bypass security protections
and perform cross-origin reading of the Location object. (CVE-2012-4196)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
firefox 16.0.2+build1-0ubuntu0.12.10.1

Ubuntu 12.04 LTS:
firefox 16.0.2+build1-0ubuntu0.12.04.1

Ubuntu 11.10:
firefox 16.0.2+build1-0ubuntu0.11.10.1

Ubuntu 11.04:
firefox 16.0.2+build1-0ubuntu0.11.04.1

Ubuntu 10.04 LTS:
firefox 16.0.2+build1-0ubuntu0.10.04.1

After a standard system update you need to restart Firefox to make all the
necessary changes.

References:
http://www.ubuntu.com/usn/usn-1620-1
CVE-2012-4194, CVE-2012-4195, CVE-2012-4196

Package Information:

https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.12.10.1

https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.12.04.1

https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.11.10.1

https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.11.04.1

https://launchpad.net/ubuntu/+source/firefox/16.0.2+build1-0ubuntu0.10.04.1

[USN-1619-1] OpenJDK vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQirSsAAoJEFHb3FjMVZVzH4UP/jBePFCO/jWd7IKnIi4nksGB
T9Bw/UVSm0zXoMmE3PrxMwuaq6rTC/h+h2So1S8NqEc+JFHhLKO3QE5QG+h21xQJ
6y7JSHp7CyUMAyZA6aW0SHHF22/lweAy4h+VyV8V6zMfNiK5Sl++CD/qraPGivzk
vL4VXuopP1Mu5Ma+4Kd+Bn0VwFB+lJGZrrqBINFrCJAiOrMgNyHPer9vf6jOL5tv
10C9B5rEsu1leBGKIA/PRXXHNUdZJY6SEwLsHJ4JStL/Egsv9l5+XqYph48+7Z58
FNd0tfrmQTt5an0epBYkZe/u3rDy8c+03bxEr68DuQq+hnsZM2f3ECG3OJeyHbU/
Ec+G3qXqThbYi7jj9lmJpovR6ITqiaBxQ+/MizF+PIPQHtMkVk4leYlBHxli+3zm
5iLSQNlUlWv4iEzCeetKT4eYF9WtsAKJLR6mklvoM5/aY66lzS0JPEdZiuH5E2OA
n/MFlstyEh5E4wdvhou+YQvoacd3rTcjcJVSwFg3YG2VAt6nypE88Z0uqBbMfPr3
hD3Xp88B35ttwwZgBUfne/Dv8AIom0CrD0ezhJNW+c6Ub7luzquOjQsV1VWT14vy
x3I33gaaR/VRDI6bwvCA1XeBUEL7M4izCW5N25qwq2yX1Dxo/v0sU5QlLyolDE9W
Cr4eAw2uZkExS7jwp4Jc
=fP46
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1619-1
October 26, 2012

openjdk-6, openjdk-7 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in OpenJDK.

Software Description:
- openjdk-7: Open Source Java implementation
- openjdk-6: Open Source Java implementation

Details:

Several information disclosure vulnerabilities were discovered in the
OpenJDK JRE. (CVE-2012-3216, CVE-2012-5069, CVE-2012-5072, CVE-2012-5075,
CVE-2012-5077, CVE-2012-5085)

Vulnerabilities were discovered in the OpenJDK JRE related to information
disclosure and data integrity. (CVE-2012-4416, CVE-2012-5071)

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to cause a denial of service. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,
CVE-2012-3143, CVE-2012-3159, CVE-2012-5068, CVE-2012-5083, CVE-2012-5084,
CVE-2012-5086, CVE-2012-5089)

Information disclosure vulnerabilities were discovered in the OpenJDK JRE.
These issues only affected Ubuntu 12.10. (CVE-2012-5067, CVE-2012-5070)

Vulnerabilities were discovered in the OpenJDK JRE related to data
integrity. (CVE-2012-5073, CVE-2012-5079)

A vulnerability was discovered in the OpenJDK JRE related to information
disclosure and data integrity. This issue only affected Ubuntu 12.10.
(CVE-2012-5074)

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure and data integrity. An attacker could exploit these
to cause a denial of service. These issues only affected Ubuntu 12.10.
(CVE-2012-5076, CVE-2012-5087, CVE-2012-5088)

A denial of service vulnerability was found in OpenJDK. (CVE-2012-5081)

Please see the following for more information:
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
icedtea-7-jre-cacao 7u9-2.3.3-0ubuntu1~12.10.1
icedtea-7-jre-jamvm 7u9-2.3.3-0ubuntu1~12.10.1
openjdk-7-jre 7u9-2.3.3-0ubuntu1~12.10.1
openjdk-7-jre-headless 7u9-2.3.3-0ubuntu1~12.10.1
openjdk-7-jre-lib 7u9-2.3.3-0ubuntu1~12.10.1
openjdk-7-jre-zero 7u9-2.3.3-0ubuntu1~12.10.1

Ubuntu 12.04 LTS:
icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~12.04.1
icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~12.04.1
openjdk-6-jre 6b24-1.11.5-0ubuntu1~12.04.1
openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~12.04.1
openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~12.04.1
openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~12.04.1

Ubuntu 11.10:
icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~11.10.1
icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~11.10.1
openjdk-6-jre 6b24-1.11.5-0ubuntu1~11.10.1
openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~11.10.1
openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~11.10.1
openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~11.10.1

Ubuntu 11.04:
icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~11.04.1
icedtea-6-jre-jamvm 6b24-1.11.5-0ubuntu1~11.04.1
openjdk-6-jre 6b24-1.11.5-0ubuntu1~11.04.1
openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~11.04.1
openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~11.04.1
openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~11.04.1

Ubuntu 10.04 LTS:
icedtea-6-jre-cacao 6b24-1.11.5-0ubuntu1~10.04.2
openjdk-6-jre 6b24-1.11.5-0ubuntu1~10.04.2
openjdk-6-jre-headless 6b24-1.11.5-0ubuntu1~10.04.2
openjdk-6-jre-lib 6b24-1.11.5-0ubuntu1~10.04.2
openjdk-6-jre-zero 6b24-1.11.5-0ubuntu1~10.04.2

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1619-1
CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143,
CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5067,
CVE-2012-5068, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071,
CVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075,
CVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081,
CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086,
CVE-2012-5087, CVE-2012-5088, CVE-2012-5089

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-7/7u9-2.3.3-0ubuntu1~12.10.1

https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~12.04.1

https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~11.10.1

https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~11.04.1

https://launchpad.net/ubuntu/+source/openjdk-6/6b24-1.11.5-0ubuntu1~10.04.2

[CentOS-announce] CEBA-2012:1406 CentOS 5 OpenIPMI Update

CentOS Errata and Bugfix Advisory 2012:1406

Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1406.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
87377122e21131d17afd7bb396e9fb111c8fa671ef7f9344a53385136ca42e96 OpenIPMI-2.0.16-13.el5_8.i386.rpm
28455971ffa3fe1da71157c98a395749b5e9423cb84e41e6ce29443849efeffc OpenIPMI-devel-2.0.16-13.el5_8.i386.rpm
c3a38ca2fc252585a1eedc27d3a5b4451d422e0519c92cc8d895fc29c54710b3 OpenIPMI-gui-2.0.16-13.el5_8.i386.rpm
da9cb46f1d049b85a23ac78d2aaf8f613671654f078c2b1dab7ec26458d10d73 OpenIPMI-libs-2.0.16-13.el5_8.i386.rpm
cf1139adbcf53b3459b868b609e85d58de57d7862fb7df22cc853d349029c02c OpenIPMI-perl-2.0.16-13.el5_8.i386.rpm
c679ead28de19e3f6754c700d6cbe192e066189bd3ece31966f695b362637c9e OpenIPMI-python-2.0.16-13.el5_8.i386.rpm
698c22337f08fee241d4fa44e86a574b51230c3c802455ce3fee3d1830a42e67 OpenIPMI-tools-2.0.16-13.el5_8.i386.rpm

x86_64:
3be25eaaa34c9b065c78436b4cb7e41e3e109eb5c3473d437e3e176316b984a1 OpenIPMI-2.0.16-13.el5_8.x86_64.rpm
28455971ffa3fe1da71157c98a395749b5e9423cb84e41e6ce29443849efeffc OpenIPMI-devel-2.0.16-13.el5_8.i386.rpm
a5411f3d455d0107ba85d0c83a4b43ea95b945f3c9484691f0d6b31a1e15738f OpenIPMI-devel-2.0.16-13.el5_8.x86_64.rpm
437627589479ca5dedf223736875bc081bd910eb66c302c4e34f4dd55fdf5235 OpenIPMI-gui-2.0.16-13.el5_8.x86_64.rpm
da9cb46f1d049b85a23ac78d2aaf8f613671654f078c2b1dab7ec26458d10d73 OpenIPMI-libs-2.0.16-13.el5_8.i386.rpm
9aa1cf8fbbd2f76405925a9272ccdb853a47c2b121ce5e8e92270fd441c6f662 OpenIPMI-libs-2.0.16-13.el5_8.x86_64.rpm
7046d0388010bdf7b08cf3c4212eae1e853a1e70bd0d9d9b49be75f8ab8b71c2 OpenIPMI-perl-2.0.16-13.el5_8.x86_64.rpm
69546f96da947197deaad035a58c40677f39a07f703f9df13429cab40980805d OpenIPMI-python-2.0.16-13.el5_8.x86_64.rpm
0f71bfa4010152c6e5c2cda9d38e00bac3617e46cfee62414fb8f66fcb1a732a OpenIPMI-tools-2.0.16-13.el5_8.x86_64.rpm

Source:
d6b5d3d12c378574457be9720a2c31702b6654e0bbdd7799856f2408ae609f38 OpenIPMI-2.0.16-13.el5_8.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2012:1405 CentOS 6 openmotif Update

CentOS Errata and Bugfix Advisory 2012:1405

Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1405.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
f261f53192577f1045aa82e13a11f3900f0fbbc94f1b07a2f40aee2c8016dfec openmotif-2.3.3-5.el6_3.i686.rpm
9d4f7c5135d686206896ff10737f18705c3b5eb6f542917220bc4a888e7b63a2 openmotif-devel-2.3.3-5.el6_3.i686.rpm

x86_64:
f261f53192577f1045aa82e13a11f3900f0fbbc94f1b07a2f40aee2c8016dfec openmotif-2.3.3-5.el6_3.i686.rpm
5e4baeed410fdbb1f092ffb7ff4a0c0d002c0a1ca09e1bc8388830a149e92aeb openmotif-2.3.3-5.el6_3.x86_64.rpm
9d4f7c5135d686206896ff10737f18705c3b5eb6f542917220bc4a888e7b63a2 openmotif-devel-2.3.3-5.el6_3.i686.rpm
43ff18a31720650f87fc8a7fe50f0040527ba457fba35e8696eb11a39210104e openmotif-devel-2.3.3-5.el6_3.x86_64.rpm

Source:
b9e8d9ffa512ed7cb3fcb4f3f38a105bd2f53c41faa5a7cf47b0c4be19d07494 openmotif-2.3.3-5.el6_3.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[USN-1618-1] Exim vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQin/jAAoJEGVp2FWnRL6TSOQP/jHbZhBtCLj3nQ9VTxgda/v0
8J2dhX8oNWznNuMQt38X00kwsUaqJxEUV77gICWbPN7Pa3+s4XQ0qYUpNMe3MeRk
TfstBbGKN0BnvRKwf0cH5//wtBpCAAtLYQTM5XDEBts8WIyTDcKcyxMRhqlNYeMB
w0E3fI+oAm6wObo9DL+cYeKtdR77DpUwCMlJlyT87rSuVmEiLMjEIPWRMY8U/ICV
P6NBXRWtR9kAKiSJkyZ4XSQlGr8PKI3YGg/Zj0X4DxngBNcrSyh8w6jJbAiOuyM4
QsaaKJsp489/xOlMevEnCV3yA+oSdI+X6B6ZQ8DRQ8/4tQ956BmC+l5cM2BFuDs0
Tw+tkdH5vy+ZlNfqGJuBbu8ORrvsIsbSP6GRdzaB/RRCckLIjEwZd1IfOI7Gg07i
+FsrYi2KPoWLeUbA1/Ouc1NUcIbkDbl5kWCnwhHitVo6nQTLUmm9o0QVmV9qIl2X
Flbmorlx1ODl84RusEdln1UcordXbg7Z0QaJcAS29PEuvvsz/zXcYQYbbJbwwwT6
osRwGzEnPlBLJN9XLgBcUBov0AvTYJiggRlKWcrso4MtxsF14Itk/5zsfCVMNSyG
dDfV3YLdwgCELVefSBfoXP91YoKoednEzmFCTAFV656ofmGzGLGSRVB3CbvH9wvi
vpGOqTaCw8u6kIeOlXvm
=eAEi
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1618-1
October 26, 2012

exim4 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

Exim could be made to run programs if it received specially crafted network
traffic.

Software Description:
- exim4: Exim is a mail transport agent

Details:

It was discovered that Exim incorrectly handled DKIM DNS decoding. This
flaw could allow a remote attacker to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
exim4-daemon-custom 4.80-3ubuntu1.1
exim4-daemon-heavy 4.80-3ubuntu1.1
exim4-daemon-light 4.80-3ubuntu1.1

Ubuntu 12.04 LTS:
exim4-daemon-custom 4.76-3ubuntu3.1
exim4-daemon-heavy 4.76-3ubuntu3.1
exim4-daemon-light 4.76-3ubuntu3.1

Ubuntu 11.10:
exim4-daemon-custom 4.76-2ubuntu1.1
exim4-daemon-heavy 4.76-2ubuntu1.1
exim4-daemon-light 4.76-2ubuntu1.1

Ubuntu 11.04:
exim4-daemon-custom 4.74-1ubuntu1.3
exim4-daemon-heavy 4.74-1ubuntu1.3
exim4-daemon-light 4.74-1ubuntu1.3

Ubuntu 10.04 LTS:
exim4-daemon-custom 4.71-3ubuntu1.4
exim4-daemon-heavy 4.71-3ubuntu1.4
exim4-daemon-light 4.71-3ubuntu1.4

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1618-1
CVE-2012-5671

Package Information:
https://launchpad.net/ubuntu/+source/exim4/4.80-3ubuntu1.1
https://launchpad.net/ubuntu/+source/exim4/4.76-3ubuntu3.1
https://launchpad.net/ubuntu/+source/exim4/4.76-2ubuntu1.1
https://launchpad.net/ubuntu/+source/exim4/4.74-1ubuntu1.3
https://launchpad.net/ubuntu/+source/exim4/4.71-3ubuntu1.4

Thursday, October 25, 2012

[USN-1617-1] WebKit vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlCJeGAACgkQTniv4aqX/VmT/ACaAg46EcaUyKThtQL7Cglc9APN
OG4An29fqCXQ8iu9GmZ2kb7Akx1Tq8Fy
=VLb1
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1617-1
October 25, 2012

webkit vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

Multiple security vulnerabilities were fixed in WebKit.

Software Description:
- webkit: Web content engine library for GTK+

Details:

A large number of security issues were discovered in the WebKit browser and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of
service attacks, and arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
libjavascriptcoregtk-1.0-0 1.8.3-0ubuntu0.12.04.1
libjavascriptcoregtk-3.0-0 1.8.3-0ubuntu0.12.04.1
libwebkitgtk-1.0-0 1.8.3-0ubuntu0.12.04.1
libwebkitgtk-3.0-0 1.8.3-0ubuntu0.12.04.1

After a standard system update you need to restart your session to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1617-1
CVE-2011-3031, CVE-2011-3038, CVE-2011-3042, CVE-2011-3043,
CVE-2011-3044, CVE-2011-3051, CVE-2011-3053, CVE-2011-3059,
CVE-2011-3060, CVE-2011-3064, CVE-2011-3067, CVE-2011-3076,
CVE-2011-3081, CVE-2011-3086, CVE-2011-3090, CVE-2012-1521,
CVE-2012-3598, CVE-2012-3601, CVE-2012-3604, CVE-2012-3611,
CVE-2012-3612, CVE-2012-3617, CVE-2012-3625, CVE-2012-3626,
CVE-2012-3627, CVE-2012-3628, CVE-2012-3645, CVE-2012-3652,
CVE-2012-3657, CVE-2012-3669, CVE-2012-3670, CVE-2012-3671,
CVE-2012-3672, CVE-2012-3674, CVE-2012-3674, https://launchpad.net/bugs/1058339

Package Information:
https://launchpad.net/ubuntu/+source/webkit/1.8.3-0ubuntu0.12.04.1

Fedora 18 now in Beta freeze

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQIcBAEBAgAGBQJQiW4uAAoJEEs3sNgP+7teCh8P/iqhn0k5ocxrax1M2W8HB03H
IdLDC5eA+UpkpwXkkucLvRlSTA8CGSVRa4fSxWaV9ZUX3oLroPXfdJujdr8LbBlr
KV/vEQJX83ply3asE3706eWhBdZXC+ogHYj0VzQ8GVhIS1ihD561B7lohJiam1Hm
/sFBZh1CEcgtoHP7/rHrtZKo7A+uageT2QEOs2qJB9nxPo+9co0U5rcbfzgMbDPr
2WqIVYFm+p2otEePeJS9PSu9scOSwhY42olQQdAxKUofp076XvgDJSiDW4FH1rxR
zdyuAToY0GNEJkfSdiRB7elSyhIw0s0InDX0lTozhTMn2VaM5NzgNxyfXb3QB03U
Dvui9+guAhOFyqFxtxDdjy98bzKg0WXqeUdfs8N9c91P23yfoxDoKmL7Q4G9n7Vq
e4p/HPTqWzeuqrpY3gMR+BjzYdM28U4lXHZ3kGMJdnJ7VVVnu9MMtPfVX8C6uM2b
X+TPrkNXaPdeAZC3MWOw/dcovP7sajxs9cn+q6k4mrP62q02I0XnNLo7i6tSYMQt
Fub9l9jqN2QLcp3tjAy1r8pDMbFs62TPdLAjMhgjwU0Qb6UVgu7b2Jvod4FtojxV
9MenISB/XaXHoNNmT8dAR8HQ7v3M+dyDbYIn7M++3xQKhMHTLazcqVZ39XmVSIL7
/DoZuZCOuBPxa7LpYSeh
=3W5v
-----END PGP SIGNATURE-----
Greetings.

Fedora 18 is now in freeze and the Beta change deadline is
upon us.

Updates will land in updates-testing after being pushed.
Updates that fix accepted blocker and accepted NTH bugs for the Beta
release will be pushed into the base repo when stable.

We are in the Pre Beta section of the release, so the Pre Beta
to pre-release updates policy applies:

http://fedoraproject.org/wiki/Updates_Policy#Pre_Beta

Please see:

http://fedoraproject.org/wiki/Branch_Freeze_Policy

http://fedoraproject.org/wiki/Change_deadlines

http://fedoraproject.org/wiki/QA:SOP_blocker_bug_process

http://fedoraproject.org/wiki/QA:SOP_nth_bug_process

For more details.

kevin

[CentOS-announce] CEBA-2012:1404 CentOS 6 cpuspeed FASTTRACK Update

CentOS Errata and Bugfix Advisory 2012:1404

Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1404.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
686fe5a60a795c893044494c8c9cb64b33aff5927b8cdb548929e5f03ca56f98 cpuspeed-1.5-18.el6.i686.rpm

x86_64:
166241d991a314a7de0eec5c7cb25ba9050c23a7fbd7f7714e83ecc5d0fe1932 cpuspeed-1.5-18.el6.x86_64.rpm

Source:
281567ad21e9d9dde4b900a618ca96e506f6c0686d6bcedc5cf2366dd1303230 cpuspeed-1.5-18.el6.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

Wednesday, October 24, 2012

[USN-1616-1] Python 3.1 vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQiB+tAAoJEFHb3FjMVZVzrbsP/3lBmedckiSddvu2DDvnLQc1
KSjaxahRBSODjPwWtFV8+MdowtyBD9NByPC2y1jE+uaeT0zT7wbEp6w1kCyd99Lf
j4ivD6kDAIL4w06sqdAsofSMte/JsL0ODBblBukxqA1dNBjiWxyvOi75QLkBmMAM
UgT78J85NvyrW8s1SAPN5D70txK1j9k99I2g8YWBjSYfPiWjRJdzGgiSRZrgz5S2
mAmWc4Rvy0/8OvH6vtMkCU6JcLm+QbLeHpaGxbJyF1KyNYDLIjkVVf2P+78ro95A
LvAobSZ6QPIg/K/dj8WI11akgHI/si7CAWSJg+nI4eU5mpQWZxfH0dR4vDa3qj2T
xYGX7Fc2qd1MMsYVH9tEBcYDK9gqdvEZ8aJqT0I9HYpO8Msgq9i//NakG2REMpW7
6g8fNKVeYXahvUKmkW54OYT09aHfru2FYnXi5MXHrYhPZIfRq0eV4Sebryw5h0+w
XWDsKpCapoL65WzwoDjXE/Z/av6jPQcaSwfl/sNlmSa6Gq+bdS9/TDRhOVV3zTeI
B3bGMZxA5tDb9+sntbor8f8f3IxoTe9PkchCpgPHsbnHZCNoVIAFlsDCzSmO3oi8
7uLPuaBV5r/tGHAzNRtZvhjk2tqlC5M9TN5lPvUzg+fCs4uBPyu3QHFs7b98wYpd
5WHTarBlV1lyRhsULMbN
=6ENH
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1616-1
October 24, 2012

python3.1 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in Python 3.1.

Software Description:
- python3.1: An interactive high-level object-oriented language (version
3.1)

Details:

It was discovered that Python would prepend an empty string to sys.path
under certain circumstances. A local attacker with write access to the
current working directory could exploit this to execute arbitrary code.
This issue only affected Ubuntu 10.04 LTS. (CVE-2008-5983)

It was discovered that the audioop module did not correctly perform input
validation. If a user or automatated system were tricked into opening a
crafted audio file, an attacker could cause a denial of service via
application crash. These issues only affected Ubuntu 10.04 LTS.
(CVE-2010-1634, CVE-2010-2089)

It was discovered that Python distutils contained a race condition when
creating the ~/.pypirc file. A local attacker could exploit this to obtain
sensitive information. (CVE-2011-4944)

It was discovered that SimpleXMLRPCServer did not properly validate its
input when handling HTTP POST requests. A remote attacker could exploit
this to cause a denial of service via excessive CPU utilization.
(CVE-2012-0845)

It was discovered that Python was susceptible to hash algorithm attacks.
An attacker could cause a denial of service under certian circumstances.
This update adds the '-R' command line option and honors setting the
PYTHONHASHSEED environment variable to 'random' to salt str and datetime
objects with an unpredictable value. (CVE-2012-1150)

Serhiy Storchaka discovered that the UTF16 decoder in Python did not
properly reset internal variables after error handling. An attacker could
exploit this to cause a denial of service via memory corruption.
(CVE-2012-2135)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
python3.1 3.1.3-1ubuntu1.2
python3.1-minimal 3.1.3-1ubuntu1.2

Ubuntu 10.04 LTS:
python3.1 3.1.2-0ubuntu3.2
python3.1-minimal 3.1.2-0ubuntu3.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1616-1
CVE-2008-5983, CVE-2010-1634, CVE-2010-2089, CVE-2011-4944,
CVE-2012-0845, CVE-2012-1150, CVE-2012-2135

Package Information:
https://launchpad.net/ubuntu/+source/python3.1/3.1.3-1ubuntu1.2
https://launchpad.net/ubuntu/+source/python3.1/3.1.2-0ubuntu3.2

Update to Binary Firmware Exceptions

Two minor exceptions have been added to the Licensing Guidelines:

A new exception has been added to permit prebuilt binary QEMU ROMs
implementing BIOS or Firmware for QEMU system targets to be packaged in
those situations where it is not practical or possible to build them
from source, as long as the corresponding source code is also included
in the Source RPM package.

https://fedoraproject.org/wiki/Licensing:SoftwareTypes#QEMU_ROMs

The wording of the Binary Firmware exception has been amended slightly
to permit the packaging and inclusion of firmware files which are
necessary to boot Fedora on some devices (e.g. raspberrypi), as long as
the standard exception criteria are met.

https://fedoraproject.org/wiki/Licensing:SoftwareTypes#Binary_Firmware

Thanks,

~tom

==
Fedora Project
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel-announce

Tuesday, October 23, 2012

[CentOS-announce] CEBA-2012:1399 CentOS 6 lvm2 Update

CentOS Errata and Bugfix Advisory 2012:1399

Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1399.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
feca04fc38b06a4ff4cca91a195e999cdd65db81b6397a9605482d01a07871ea cmirror-2.02.95-10.el6_3.2.i686.rpm
820bce104e3e485d9adb704eec80a8cc487b7ca015756ffab0fafcaec20be4a0 device-mapper-1.02.74-10.el6_3.2.i686.rpm
860ad02bc5659f31d16de91fb70234c0724577187a8086bd9f7670a3a348bc81 device-mapper-devel-1.02.74-10.el6_3.2.i686.rpm
ec0596f15fee582caa9d1d3abf1023e880ba62fd0cc55a0e6459fafeca25edbe device-mapper-event-1.02.74-10.el6_3.2.i686.rpm
5b69cdd032e0cddbd6f9dafc2f3b081b7b19159418df63c3f890aa5c0dd108c3 device-mapper-event-devel-1.02.74-10.el6_3.2.i686.rpm
e5378b28d50bb8961519447c69e52ebb6f32acd95e1bf770bb035edfd3ad528c device-mapper-event-libs-1.02.74-10.el6_3.2.i686.rpm
6c6bd9e1ad0fc9e9f9a19c0f8b95502991e2c02b33f287c88ab7399d7f27e3e5 device-mapper-libs-1.02.74-10.el6_3.2.i686.rpm
d5d23a78e2881a05634e92963e46512fc3dd2b8f6eee1cb3d6aa146df8234146 lvm2-2.02.95-10.el6_3.2.i686.rpm
a62008882234cb850a668545d56d7ed35791daf416de30b053d964b10f666771 lvm2-cluster-2.02.95-10.el6_3.2.i686.rpm
727ff681977a0b6a79fca65f76b85f3ff3fe54d3a0f251482f3708f060892f75 lvm2-devel-2.02.95-10.el6_3.2.i686.rpm
c68a8460066dde323715bf614df0eae90f2005f929e442092cab9c12b6dec8b1 lvm2-libs-2.02.95-10.el6_3.2.i686.rpm

x86_64:
f78f2f7d726df57555825322fb913efb0cdb194deca03225320ca7c7eacc08c6 cmirror-2.02.95-10.el6_3.2.x86_64.rpm
60e4671d7ac6d87e882824cc2f5a96bb7a184fa98ceaebc14184dd5b62b31b34 device-mapper-1.02.74-10.el6_3.2.x86_64.rpm
860ad02bc5659f31d16de91fb70234c0724577187a8086bd9f7670a3a348bc81 device-mapper-devel-1.02.74-10.el6_3.2.i686.rpm
19560b0aeca3c820d0ed08ce95d676f48096566bcd4468ab2b72258f62e38d24 device-mapper-devel-1.02.74-10.el6_3.2.x86_64.rpm
286cd2db283315f420b25331286743e261e25867ad1309fe91911154e6acbc02 device-mapper-event-1.02.74-10.el6_3.2.x86_64.rpm
5b69cdd032e0cddbd6f9dafc2f3b081b7b19159418df63c3f890aa5c0dd108c3 device-mapper-event-devel-1.02.74-10.el6_3.2.i686.rpm
122af42f772bdba3d4db970cc84e2b4356dd00b3179a09810f71214da03b21cc device-mapper-event-devel-1.02.74-10.el6_3.2.x86_64.rpm
e5378b28d50bb8961519447c69e52ebb6f32acd95e1bf770bb035edfd3ad528c device-mapper-event-libs-1.02.74-10.el6_3.2.i686.rpm
cdd1c74cde730a9f4f9a8c064891ec7dd588e1dec502cee5bb2496705245ba01 device-mapper-event-libs-1.02.74-10.el6_3.2.x86_64.rpm
6c6bd9e1ad0fc9e9f9a19c0f8b95502991e2c02b33f287c88ab7399d7f27e3e5 device-mapper-libs-1.02.74-10.el6_3.2.i686.rpm
77c0c2a77388dbade4d2fc566f31611f9ad1aefb5fe89e5c1ece6dfcebd292c8 device-mapper-libs-1.02.74-10.el6_3.2.x86_64.rpm
e004f68d8bd11df66de601a67f9009f35c8ed5fcac1741cf633353c9472c0532 lvm2-2.02.95-10.el6_3.2.x86_64.rpm
cbeba58d390691e48ae1636b790ac91e51c60207f5d061a4a1b098a76159c480 lvm2-cluster-2.02.95-10.el6_3.2.x86_64.rpm
727ff681977a0b6a79fca65f76b85f3ff3fe54d3a0f251482f3708f060892f75 lvm2-devel-2.02.95-10.el6_3.2.i686.rpm
15652b236bee326de6af0a26fd81bf05a4076e2a50b571ecb4c1fc7a8ba7c601 lvm2-devel-2.02.95-10.el6_3.2.x86_64.rpm
c68a8460066dde323715bf614df0eae90f2005f929e442092cab9c12b6dec8b1 lvm2-libs-2.02.95-10.el6_3.2.i686.rpm
967ac24f484626bf9ab4176e49cdf17e0b3ebe70b47d6ea7197efc3f4412561b lvm2-libs-2.02.95-10.el6_3.2.x86_64.rpm

Source:
f709977c75f1fb3ebe08df88e5bc308dd46d9639e37b09333d829ea9a64ec48d lvm2-2.02.95-10.el6_3.2.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[USN-1615-1] Python 3.2 vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQhvBNAAoJEFHb3FjMVZVzCJgP/0YQiCLASLQcsbnpPxAj7QwC
ohCx7OG+s+AoShQRqtKsKRKfa20KaFBeWq19QOuoYkGM7u0Nhnl6H86e9P3pnS6w
Ou2kzOwSGw52vb0ZYg6F+NdrmkdQ7xlj8r3lrNCH0/08OAdxgRjbKgBQzeSNee1E
8o/Ywy7qU6YmW8+hiG5D+ZsyDqHnE+Rvbp/Ln9JRLnfotKv5AzjNqXEVCxNDa27u
b1O2HlCRCF0kfN4GLp9a3AE3mGsR9cWuy9b/Oy9+QFyQOqVonImRqIcjVuvpOIxK
BtVyrvWgzl+LM2M5opRxaWWcLnq+KhI/mHh659pbxwSXZWHUDBJwiK3IACXxGy6Y
KDnMvD+KbtgggO603gP0iq60ZY137PVNHTtjeJRRYjDdZ8GpAO7RkBscE3R0g8ow
YX39c3CESlmtLLi8EpNwGDKe6UNqU/JhEZxB5wqW0xPLw4/yVZKKblfOBmYysBRJ
4flOkqX/O4fKa+buydq4H3P/00bhyTUO6gXZDhUbQUzk36wdvNK9wqhRm57Yikar
GAE8rlEdfDC8l/0M7bXDpNdNdoBvRbqrNbN8PuMNW4095kLrXA3+kI+qzJxRA3Qi
ZQCfdEKq1ZzceEbRrOe5KM9LwYc3rFHCLwVwkqSfkHPk2xUW4d/2MxEPNNgjRs75
5hunTZoeEZe4BkYTTGZ5
=Oiyt
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1615-1
October 23, 2012

python3.2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04

Summary:

Several security issues were fixed in Python 3.2.

Software Description:
- python3.2: Interactive high-level object-oriented language (version 3.2)

Details:

It was discovered that Python distutils contained a race condition when
creating the ~/.pypirc file. A local attacker could exploit this to obtain
sensitive information. (CVE-2011-4944)

It was discovered that SimpleXMLRPCServer did not properly validate its
input when handling HTTP POST requests. A remote attacker could exploit
this to cause a denial of service via excessive CPU utilization. This issue
only affected Ubuntu 11.04 and 11.10. (CVE-2012-0845)

It was discovered that Python was susceptible to hash algorithm attacks.
An attacker could cause a denial of service under certian circumstances.
This updates adds the '-R' command line option and honors setting the
PYTHONHASHSEED environment variable to 'random' to salt str and datetime
objects with an unpredictable value. This issue only affected Ubuntu 11.04
and 11.10. (CVE-2012-1150)

Serhiy Storchaka discovered that the UTF16 decoder in Python did not
properly reset internal variables after error handling. An attacker could
exploit this to cause a denial of service via memory corruption. This issue
did not affect Ubuntu 12.10. (CVE-2012-2135)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
python3.2 3.2.3-6ubuntu3.1
python3.2-minimal 3.2.3-6ubuntu3.1

Ubuntu 12.04 LTS:
python3.2 3.2.3-0ubuntu3.2
python3.2-minimal 3.2.3-0ubuntu3.2

Ubuntu 11.10:
python3.2 3.2.2-0ubuntu1.1
python3.2-minimal 3.2.2-0ubuntu1.1

Ubuntu 11.04:
python3.2 3.2-1ubuntu1.2
python3.2-minimal 3.2-1ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1615-1
CVE-2011-4944, CVE-2012-0845, CVE-2012-1150, CVE-2012-2135

Package Information:
https://launchpad.net/ubuntu/+source/python3.2/3.2.3-6ubuntu3.1
https://launchpad.net/ubuntu/+source/python3.2/3.2.3-0ubuntu3.2
https://launchpad.net/ubuntu/+source/python3.2/3.2.2-0ubuntu1.1
https://launchpad.net/ubuntu/+source/python3.2/3.2-1ubuntu1.2

Distribution Servers Downtime - 190 minutes on Thurs. Oct 25 2012 03:00am CDT - 05:30am CDT

Hello,

The distribution servers rsync.scientificlinux.org,
ftp.scientificlinux.org, ftp1.scientificlinux.org, and
ftp2.scientificlinux.org will be going down on:

Thursday October 25, 2012 at 03:00am CDT (Chicago)

Affected Machines:
* rsync.scientificlinux.org
* ftp.scientificlinux.org
* ftp1.scientificlinux.org
* ftp2.scientificlinux.org

Begin Downtime:
October 25, 2012 at 03:00am CDT (Chicago)

The downtime is expected to last for 190 minutes.

End Downtime:
October 25, 2011 at 05:30am CDT (Chicago)

Why Downtime:
Our data storage back-end will be updated to the latest firmware.
This update requires taking the storage off-line while the firmware
is updated.

For your local time you can run date -d '2012-10-25 03:00 CDT'

Thank you for your patience while we perform this maintenance.

Monday, October 22, 2012

[USN-1603-2] Ruby vulnerabilities

==========================================================================
Ubuntu Security Notice USN-1603-2
October 23, 2012

ruby1.8 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10

Summary:

Ruby could allow excessive access in untrusted programs.

Software Description:
- ruby1.8: Interpreter of object-oriented scripting language Ruby 1.8

Details:

USN-1603-1 fixed vulnerabilities in Ruby. This update provides the
corresponding updates for Ubuntu 12.10.

Original advisory details:

Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted
strings to be modified in protective safe levels. An attacker could use this
flaw to bypass intended access restrictions. (CVE-2012-4466, CVE-2012-4481)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
libruby1.8 1.8.7.358-4ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1603-2
http://www.ubuntu.com/usn/usn-1603-1
CVE-2012-4466, CVE-2012-4481

Package Information:
https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-4ubuntu0.1

[USN-1614-1] Ruby vulnerabilities

==========================================================================
Ubuntu Security Notice USN-1614-1
October 23, 2012

ruby1.9.1 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in Ruby.

Software Description:
- ruby1.9.1: Interpreter of object-oriented scripting language Ruby

Details:

Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted
strings to be modified in protective safe levels. An attacker could use this
flaw to bypass intended access restrictions. USN-1602-1 fixed these
vulnerabilities in other Ubuntu releases. This update provides the
corresponding updates for Ubuntu 12.10. (CVE-2012-4464, CVE-2012-4466)

Peter Bex discovered that Ruby incorrectly handled file path strings when
opening files. An attacker could use this flaw to open or create unexpected
files. (CVE-2012-4522)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
libruby1.9.1 1.9.3.194-1ubuntu1.2

Ubuntu 12.04 LTS:
libruby1.9.1 1.9.3.0-1ubuntu2.4

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1614-1
CVE-2012-4464, CVE-2012-4466, CVE-2012-4522

Package Information:
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-1ubuntu1.2
https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.0-1ubuntu2.4

[CentOS-announce] CEBA-2012:1397 CentOS 6 geronimo-specs FASTTRACK Update

CentOS Errata and Bugfix Advisory 2012:1397

Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1397.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
c15a831cc51ec45360bb6a58a87db1da80c797ca4eb6c6eee56c903f860b6980 geronimo-specs-1.0-3.5.M2.el6.noarch.rpm
ecf420df858b29a5259d1d636582ef0c8b6cd5924538e4c00df796f74a683d0c geronimo-specs-compat-1.0-3.5.M2.el6.noarch.rpm

x86_64:
0b8e7b451a4bf44a88858c7907ae8e34b3b5d27976b90bb33a130ec5e2cab70d geronimo-specs-1.0-3.5.M2.el6.noarch.rpm
ecf420df858b29a5259d1d636582ef0c8b6cd5924538e4c00df796f74a683d0c geronimo-specs-compat-1.0-3.5.M2.el6.noarch.rpm

Source:
c9013e54fb0e5c8484c00388368bf19436109553ff86477d3649be582a6d6c65 geronimo-specs-1.0-3.5.M2.el6.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

Saturday, October 20, 2012

[opensuse-announce] Live streams from the openSUSE Conference

Hi,

I want to announce the availability of 4 live streams from the openSUSE
Conference currently taking place in Prague.

Just visit our "openSUSE-TV Channel" on Bambuser here:
http://bambuser.com/channel/opensusetv

and choose the room you like to see. Maybe combine this with the
official schedule here:
http://bootstrapping-awesome.org/schedule/

Let's have a lot of fun...!

With kind regards,
Lars

Friday, October 19, 2012

FAS update is live

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJQgdeeAAoJEAAnELDa098OlK4IAJhxgvsI1lrvh5zGBdAuUWBE
vjbmX390hRhmjG0Cwdr1ivNP9gs9sDGTHnHIm2083C7o4I8KyF/uks/PwMVrkozY
AUT1x8JhGnecsNf66YDy55iHKJPGdwt5Ar3geDgOQ5mIvsoZ1NUeRqbAWL/rMYju
e/VYa/vbjVkWKKTREGPtQTapCe/5l/mYalu7XYbckYXm2bJKoig6bRiMPfZvDY6t
txhICk8m8U04f3kdwcmtc6qIVAC4Aylzhh5hknXw+LFR/24K+pnWh6V8cOkOF3Ik
23QZm9eKc15o5yarbGvRU7VYd+tutKYF3/jGc/LVEdCRN4EoZUmzWY+QqHXe4Zs=
=hMHC
-----END PGP SIGNATURE-----
Greetings all,

This afternoon we deployed an update to the Fedora Accounts System
(FAS), which can be seen live at https://admin.fedoraproject.org/accounts/

Some of the changes you will be able to see are as follows:

* You can now store a secret question and answer. This will be used in
the event of a forgotten password. The answer to the questions are GPG
encrypted, and will be manually decrypted by a FAS administrator, in the
event of a user needing to regain access to their own FAS account.
(Implemented by Patrick Uiterwijk)

To use this feature, you can log in to FAS using the link above, click
"My Account" from the sidebar, then click "Change" next to the "Security
question" label.

* FAS groups now show all users in the group, right on the group
information page, if there are less than 10 users in the group. This
prevents having to click past the information page to see the user
listing, if it is small enough to show right up front. (Implemented by
Pierre-Yves Chibon)

* Passwords are now checked against libpwquality, when they are changed.
(Implemented by Christos T)

* This release also marks the start of FAS integration with fedmsg - the
Fedora Messaging Bus. (http://www.fedmsg.com/en/latest/) (Implemented by
Ralph Bean)

If you experience any issues using these features, or you notice that
something isn't working right due to the upgrade, please either file a
bug report on the FAS trac (https://fedorahosted.org/fas/) or
contact us on irc.freenode.net in #fedora-apps.

Thank you to all contributors who have made this release possible. A
full changelog can be found in the NEWS file, within the FAS repo, or
here: http://git.fedorahosted.org/cgit/fas.git/tree/NEWS

We hope you enjoy using the new features.

-Ricky, on behalf of Fedora Infrastructure

FUDCon Lawrence hotel block open

Good news, everyone! You can now officially reserve your room for FUDCon Lawrence. We have a block at the Springhill Suites for $119/night. All rooms include free wifi and breakfast buffet. The block will be held until December 14.

Here's all the info: https://fedoraproject.org/wiki/FUDCon:Lawrence_2013#Lodging

Note that Marriott has had some website problems today, so if at first you don't succeed, try, try again.

In addition, if you haven't done so already, *please register for FUDCon now.* This helps us plan things like how much food we're going to need and how large of a space for FUDpub. Thanks!

Registration: http://fudconlawrence-ianweller.rhcloud.com/

See you in Kansas!

Ruth

[CentOS-announce] CEBA-2012:1393 CentOS 6 gnome-screensaver Update

CentOS Errata and Bugfix Advisory 2012:1393

Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1393.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
a71c06144a5cb54e138e8ff86185f1904b33c52ec3f81f69833f6d22ea031b4c gnome-screensaver-2.28.3-18.el6_3.1.i686.rpm

x86_64:
9984b5b386ec13d1f8da48805c4b1090bf93fa743e419c0070c4b07b6796e37b gnome-screensaver-2.28.3-18.el6_3.1.x86_64.rpm

Source:
76a228ec446c8379017dea37d956c00c82f5eda64efb5a53a7d18afdc2616049 gnome-screensaver-2.28.3-18.el6_3.1.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

Thursday, October 18, 2012

Ubuntu 12.10 (Quantal Quetzal) released!

"Doing is a quantum leap from imagining. Thinking about swimming
isn't much like actually getting in the water. Actually getting
in the water can take your breath away. The defense force inside
of us wants us to be cautious, to stay away from anything as
intense as a new kind of action. Its job is to protect us, and
it categorically avoids anything resembling danger. But it's
often wrong. Anything worth doing is worth doing too soon."
- Barbara Sher

With this release, the development teams decided to dive in and focus on
introducing some of the new innovations we've been imagining for
the upcoming LTS cycle, and so are very pleased to be able to announce
the release of Ubuntu 12.10 for Desktop, Server, Cloud, and Core
products.
Codenamed "Quantal Quetzal", 12.10 continues Ubuntu's proud tradition
of integrating the latest and greatest open source technologies into a
high-quality, easy-to-use Linux distribution.
Ubuntu 12.10 introduces innovations that bring together desktop and
cloud-based experiences, representing the next stage in the transition
to a multi-device, cloud-based world. New Previews give large, clear
previews of content as it appears in the Dash search results, giving
users a quick way to get more information to help find what they are
looking for. The new Web Apps feature makes frequently used web
applications available through the desktop. A new remote log-in
option now lets Ubuntu 12.10 be used as a thin client by businesses
that want to virtualise their desktop applications and deliver them
to users over the network.

[CentOS-announce] CEBA-2012:1388 CentOS 6 perl-SOAP-Lite FASTTRACK Update

CentOS Errata and Bugfix Advisory 2012:1388

Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1388.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
868964f0467b4d452b2afe91e97af5ce4576abb53c9341d9b3b7f1891bfc1df1 perl-SOAP-Lite-0.710.10-3.el6.noarch.rpm

[CentOS-announce] CEBA-2012:1389 CentOS 6 mod_authz_ldap FASTTRACK Update

CentOS Errata and Bugfix Advisory 2012:1389

Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1389.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
e8ea60470d2672aa5a791157b464b3c3437adff9a0a4eb89dd264b547907cade mod_authz_ldap-0.26-16.el6.i686.rpm

[CentOS-announce] CEBA-2012:1387 CentOS 6 system-config-users FASTTRACK Update

CentOS Errata and Bugfix Advisory 2012:1387

Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1387.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
712c4b68fd8d7552e0b77562995f1edcad8e5be78b965563aa14179cc962dc12 system-config-users-1.2.106-7.el6.noarch.rpm

OpenBSD mailing list downtime Sat October 20th

The machine room the mailing list server resides in will be undergoing
maintenance on the 20th from 5am to 7pm MDT. As a result, the
OpenBSD mailing lists will be unavailable for part (possibly all)
of that time.

- todd

Wednesday, October 17, 2012

[CentOS-announce] CESA-2012:1385 Important CentOS 5 java-1.6.0-openjdk Update

CentOS Errata and Security Advisory 2012:1385 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1385.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
79f110ffe20135bca3e1c9df3ac6fd8697018b9886d2b071cfef8415f87197a9 java-1.6.0-openjdk-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm
c1b12963e8d6337a6c6e66108ddbe94de0f6752bc3cd5882d5389eda2933ebae java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm
cba4a4b2b120943e8c4164b6995e6f55259afbcd37c257f2ce2f7d9bbdd043b1 java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm
c9cde9a0c515b82f6bf779a115df55fdfaadc528dbb5919a1ffc83b31d430833 java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm
0bb4603186128e5afca7288d918bd86283de024d9a0eb977e5d8d3952d7b500a java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm

[CentOS-announce] CESA-2012:1386 Important CentOS 6 java-1.7.0-openjdk Update

CentOS Errata and Security Advisory 2012:1386 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1386.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
399c7a3029469bb0aa4e56191fd2915e0e3f57c48c01b7f81462e6fb1f955065 java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.i686.rpm
3391b19128d053d2f92564be1735f3bf8450bc978b9557dba98862923e7b0b79 java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.el6_3.1.i686.rpm
4690a2efe37b964d72814bebe689dac9ecd9c85ba288e61029425bb1ccab4d6e java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.el6_3.1.i686.rpm
fc1f4d8d08392be3ccaf05313d3e837e3bd26198b59de1178be9a9c9d8c83149 java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.3.el6_3.1.noarch.rpm
9a9a0cb0ed8a99a1cfe429f7e76bebe89ee4e7091d01954053ed3ff140b92e25 java-1.7.0-openjdk-src-1.7.0.9-2.3.3.el6_3.1.i686.rpm

[CentOS-announce] CESA-2012:1384 Critical CentOS 6 java-1.6.0-openjdk Update

CentOS Errata and Security Advisory 2012:1384 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1384.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
50cb8ee6fd2b3aea00712e04123a09ed28564ef4afa56402cbdffa843bd25643 java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm
92e23075dcf6b4404aaddf9b1b47f9b8497bb556afe0876563b274ddd336b7d6 java-1.6.0-openjdk-demo-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm
4376382c52276c7c8eb3e75562c87e739313d1b94cdcbbf06fa44670cc2748b7 java-1.6.0-openjdk-devel-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm
0319859e9c0e5d6a0d95667e890943990ffb988a95b2a9b8641fa72d44033208 java-1.6.0-openjdk-javadoc-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm
05836ee26e3059993f0c1096ede3e60b2315a698bf29f6c6baa42353fc75449a java-1.6.0-openjdk-src-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm

[USN-1613-2] Python 2.4 vulnerabilities

========================================================================
Ubuntu Security Notice USN-1613-2
October 17, 2012

python2.4 vulnerabilities
========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 8.04 LTS

Summary:

Several security issues were fixed in Python 2.4.

Software Description:
- python2.4: An interactive high-level object-oriented language (version
2.4)

Details:

USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the
corresponding updates for Python 2.4.

Original advisory details:

It was discovered that Python would prepend an empty string to sys.path
under certain circumstances. A local attacker with write access to the
current working directory could exploit this to execute arbitrary code.
(CVE-2008-5983)

It was discovered that the audioop module did not correctly perform input
validation. If a user or automatated system were tricked into opening a
crafted audio file, an attacker could cause a denial of service via
application crash. (CVE-2010-1634, CVE-2010-2089)

Giampaolo Rodola discovered several race conditions in the smtpd module.
A remote attacker could exploit this to cause a denial of service via
daemon outage. (CVE-2010-3493)

It was discovered that the CGIHTTPServer module did not properly perform
input validation on certain HTTP GET requests. A remote attacker could
potentially obtain access to CGI script source files. (CVE-2011-1015)

Niels Heinen discovered that the urllib and urllib2 modules would process
Location headers that specify a redirection to file: URLs. A remote
attacker could exploit this to obtain sensitive information or cause a
denial of service. (CVE-2011-1521)

It was discovered that SimpleHTTPServer did not use a charset parameter in
the Content-Type HTTP header. An attacker could potentially exploit this
to conduct cross-site scripting (XSS) attacks against Internet Explorer 7
users. (CVE-2011-4940)

It was discovered that Python distutils contained a race condition when
creating the ~/.pypirc file. A local attacker could exploit this to obtain
sensitive information. (CVE-2011-4944)

It was discovered that SimpleXMLRPCServer did not properly validate its
input when handling HTTP POST requests. A remote attacker could exploit
this to cause a denial of service via excessive CPU utilization.
(CVE-2012-0845)

It was discovered that the Expat module in Python 2.5 computed hash values
without restricting the ability to trigger hash collisions predictably. If
a user or application using pyexpat were tricked into opening a crafted XML
file, an attacker could cause a denial of service by consuming excessive
CPU resources. (CVE-2012-0876)

Tim Boddy discovered that the Expat module in Python 2.5 did not properly
handle memory reallocation when processing XML files. If a user or
application using pyexpat were tricked into opening a crafted XML file, an
attacker could cause a denial of service by consuming excessive memory
resources. (CVE-2012-1148)

[USN-1613-1] Python 2.5 vulnerabilities

========================================================================
Ubuntu Security Notice USN-1613-1
October 17, 2012

python2.5 vulnerabilities
========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 8.04 LTS

Summary:

Several security issues were fixed in Python 2.5.

Software Description:
- python2.5: An interactive high-level object-oriented language (version
2.5)

Details:

It was discovered that Python would prepend an empty string to sys.path
under certain circumstances. A local attacker with write access to the
current working directory could exploit this to execute arbitrary code.
(CVE-2008-5983)

[CentOS-announce] CEBA-2012:1381 CentOS 6 dash FASTTRACK Update

CentOS Errata and Bugfix Advisory 2012:1381

Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1381.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
e2c14dd4f35711f657e62a96b53835e9d4a2a99fec3f0a9913f799b547ae0b8a dash-0.5.5.1-4.el6.i686.rpm

[CentOS-announce] CESA-2012:1366 Important CentOS 6 kernel Update

CentOS Errata and Security Advisory 2012:1366 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1366.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
e44885b7ab12ce6c9bcb6203902cff6a7b25c4aaddf12b5071093218960d8df3 kernel-2.6.32-279.11.1.el6.i686.rpm
81fb4b95474f1b083604016d1c89644f26ec554b41eca356e70524045a07524e kernel-debug-2.6.32-279.11.1.el6.i686.rpm
ff3e9a34b22194265232a632a434bcfa4e0fdeb585d1d2fd7bf81a8dd04a4bde kernel-debug-devel-2.6.32-279.11.1.el6.i686.rpm
23371cce0ea6bb5399b9d6ddf35f8a6f979712ec527db86a9cca32e22fa30323 kernel-devel-2.6.32-279.11.1.el6.i686.rpm
c0aa2fafad68144f00a25aa64c391812c596f0772abda885ba22945ed27bd387 kernel-doc-2.6.32-279.11.1.el6.noarch.rpm
77358acf075f0b1e101fe2296c7943405babbd3d596bea951ffe92d6316dbbd5 kernel-firmware-2.6.32-279.11.1.el6.noarch.rpm
1c95920525d056f86fa9ac690f0f55512152528d6e233f8a77db986432cdb91a kernel-headers-2.6.32-279.11.1.el6.i686.rpm
0e1461accd92af9875bb1c1f2576717b078882dc1f9bc06fee70878d04acd387 perf-2.6.32-279.11.1.el6.i686.rpm
2f97b61ee7deb2e351d73ab4620cb83233ee1e80b5e4358933411c87bdca04f7 python-perf-2.6.32-279.11.1.el6.i686.rpm

Last call for F19 naming proposals (deadline today 23:59 UTC!)

Hi everybody,

This is the final reminder that the Fedora 19 naming collection ends
today at 23:59 UTC. That means you have 5 hours left to propose a name
at http://fedoraproject.org/wiki/Name_suggestions_for_Fedora_19

Before proposing a name, please read the guidelines at
http://fedoraproject.org/wiki/Guidelines_for_release_names

Kind regards,
Christoph

[opensuse-announce] Advance SUSE support discontinuation notice for openSUSE 11.4 - Evergreen goes on!

Dear opensuse-announce subscribers and openSUSE users,

SUSE Security and the openSUSE Maintenance Team announce that
the SUSE sponsored security and maintenance teams will stop
releasing updates for openSUSE 11.4 soon.

Having provided both security and bug fixes for the last two releases
and two months, we will stop releasing updates after November 5th 2012.

However, the community Evergreen team plans to provide ongoing maintenance
for openSUSE 11.4. More details on this will be published when they are known.

As a consequence, the openSUSE 11.4 distribution directory on our
server download.opensuse.org will be removed from /distribution/11.4/
to free space on our mirror sites. The 11.4 directory in the update tree
/update/11.4 will follow, as soon as all updates have been published.

Also the openSUSE buildservice repositories containing openSUSE 11.4
will be moved to DISCONTINUED:openSUSE:11.4 and building against
openSUSE 11.4 will be disabled and removed in all buildservice projects.

Fedora 18 Beta Change Deadline pushed back by one week

FESCo, in cooperation with Fedora QA and Fedora Program Manager,
decided to push back Fedora 18 Beta Change Deadline by one week due to
unfinished/non testable functionality required for the Beta release.

For more information (and voting results) see FESCo ticket #946,
"Fedora 18 Beta freeze readiness: is major functionality in place?" [1].

Beta Change Deadline/Features 100% Complete is now 2012-10-23.

There are still a few unfinished features [2], please update/postpone
(to F19) your features before reaching the deadline.

As a result, ALL MAJOR MILESTONES, and their dependent tasks,
will be pushed out by one week [3].

Jaroslav

[1] https://fedorahosted.org/fesco/ticket/946
[2] https://fedoraproject.org/wiki/Releases/18/FeatureList
[3] https://fedoraproject.org/wiki/Releases/18/Schedule

--
Jaroslav Řezník <jreznik@redhat.com>
Your schedule wrangler
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel-announce

[CentOS-announce] CEBA-2012:1371 CentOS 6 kdebase FASTTRACK Update

CentOS Errata and Bugfix Advisory 2012:1371

Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1371.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
155af7e3dfc0a447a1e83d264c3c57b2ca5b9a3e23ed943c088a5c7fe9cdb3b5 kdebase-4.3.4-6.el6.i686.rpm
e480abdca79413133b54ccf6bcdb949094270f67b9bfa6f39e79ab300083d36b kdebase-devel-4.3.4-6.el6.i686.rpm
7f7ad9722069383910a94a29334550fbc7e64bee35ad154799d2ad17f2244b82 kdebase-libs-4.3.4-6.el6.i686.rpm

x86_64:
80f4d28925b4e94f7fef6bbc3b00d698d28cb5b3543a27198a3a104d7cad7dc1 kdebase-4.3.4-6.el6.x86_64.rpm
e480abdca79413133b54ccf6bcdb949094270f67b9bfa6f39e79ab300083d36b kdebase-devel-4.3.4-6.el6.i686.rpm
448a14bfa0a118632cad0424e1c0e9073bf451fb0ec08af1d2e88a9a05115a6c kdebase-devel-4.3.4-6.el6.x86_64.rpm
7f7ad9722069383910a94a29334550fbc7e64bee35ad154799d2ad17f2244b82 kdebase-libs-4.3.4-6.el6.i686.rpm
9233d7bc9f7ad71e6fd3d033203cf1eadd5b5225d6b7750a966b54f88edd3c67 kdebase-libs-4.3.4-6.el6.x86_64.rpm

Source:
0b46972d6d2bb165474552a1376ac07de076e95f3c71285aaeb043cbc4fcaf58 kdebase-4.3.4-6.el6.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2012:1372 CentOS 6 tar FASTTRACK Update

CentOS Errata and Bugfix Advisory 2012:1372

Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1372.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
009c3119174ae5eb9741aeb48d0d5b2702b33c9b50c7c9473792523a75b24cde tar-1.23-9.el6.i686.rpm

x86_64:
1ddfaa60e939880f95a1d5bf178a5950efeb42b431bdaa93bf5e0f5a05d2ca14 tar-1.23-9.el6.x86_64.rpm

Source:
e6fffbfdc8183b425b18fc66c7cf3db9928710622c50112da6c4a2fd5c85e27f tar-1.23-9.el6.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

Monday, October 15, 2012

[CentOS-announce] CEBA-2012:1367 CentOS 6 setup FASTTRACK Update

CentOS Errata and Bugfix Advisory 2012:1367

Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1367.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
d4257fb7919125c8b4366385c263c105e9284e51d3744077a89f0a7bd5e40f32 setup-2.8.14-20.el6.noarch.rpm

x86_64:
e919022a28a2da4ce1e0e65ae21a2449f3b4cd8d042fd02519d3023d5edb507b setup-2.8.14-20.el6.noarch.rpm

Source:
34b56a659ff50390845fd6f93ca8463df88439f7a4b6f823b540e39bf1f30316 setup-2.8.14-20.el6.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce