CentOS Errata and Bugfix Advisory 2013:1002
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-1002.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
bb69bcab8ee4a6dacc319970d7b3ff8b80cb74d0e3e2de6609bd22abb75a30fa system-config-users-docs-1.0.8-2.el6.noarch.rpm
x86_64:
bb69bcab8ee4a6dacc319970d7b3ff8b80cb74d0e3e2de6609bd22abb75a30fa system-config-users-docs-1.0.8-2.el6.noarch.rpm
Source:
ca7dd10e963a78e03362c1a3537ca253afcbbeffe3b5024426609fb1d4523f89 system-config-users-docs-1.0.8-2.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Saturday, June 29, 2013
[CentOS-announce] CEBA-2013:1003 CentOS 6 sysvinit FASTTRACK Update
CentOS Errata and Bugfix Advisory 2013:1003
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-1003.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
8b79e3d6537dcdd1e5a3fd7f10499e8b41fad608ece91d828fa5759b192cdc96 sysvinit-tools-2.87-5.dsf.el6.i686.rpm
x86_64:
e835dea1b3bbf2ae99f22fe0e427d519f09d4c5065bcb6cfe27e513230acce92 sysvinit-tools-2.87-5.dsf.el6.x86_64.rpm
Source:
bfcef5e9d4cf9a2db4f9b4f57463c1ad4a1f8b3f242f24871ebb9b6a6ceea202 sysvinit-2.87-5.dsf.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-1003.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
8b79e3d6537dcdd1e5a3fd7f10499e8b41fad608ece91d828fa5759b192cdc96 sysvinit-tools-2.87-5.dsf.el6.i686.rpm
x86_64:
e835dea1b3bbf2ae99f22fe0e427d519f09d4c5065bcb6cfe27e513230acce92 sysvinit-tools-2.87-5.dsf.el6.x86_64.rpm
Source:
bfcef5e9d4cf9a2db4f9b4f57463c1ad4a1f8b3f242f24871ebb9b6a6ceea202 sysvinit-2.87-5.dsf.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Friday, June 28, 2013
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-13:02.vtnet
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-EN-13:02.vtnet Errata Notice
The FreeBSD Project
Topic: vtnet(4) network interface issue on QEMU 1.4.0 and later
Category: core
Modules: sys_dev
Announced: 2013-06-28
Credits: Julian Stecklina and Bryan Venteicher
Affects: FreeBSD 8.4
Corrected: 2013-06-15 03:55:04 UTC (head, 10.0-CURRENT)
2013-06-25 04:42:16 UTC (stable/9, 9.1-STABLE)
2013-06-25 04:42:43 UTC (stable/8, 8.4-STABLE)
2013-06-28 05:21:59 UTC (releng/8.4, 8.4-RELEASE-p2)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.
I. Background
VirtIO is a specification for para-virtualized I/O in a virtual
machine. The vtnet(4) network interface driver supports VirtIO
emulated Ethernet device.
QEMU is a generic and open source machine emulator and virtualizer.
It is included as a third-party package in FreeBSD Ports Collection
(emulators/qemu).
II. Problem Description
The vtnet(4) network interface driver displays the following message
upon configuration when using QEMU 1.4.0 or later:
vtnet0: error setting host MAC filter table
The interface works normally when the interface has one MAC address.
However, if it has two or more MAC addresses configured, frames to
those additional MAC addresses are not forwarded to the vtnet(4)
interface. Thus, only the first MAC address works.
III. Impact
A vtnet(4) network interface with two or more MAC addresses configured
on it cannot receive frames to the addresses except for the first one
when the FreeBSD kernel is running on QEMU 1.4.0 or later. For the
first MAC address, the vtnet(4) interface works without problem even
though the error message is displayed.
The vtnet(4) driver is included in GENERIC kernel in FreeBSD
8.4-RELEASE.
IV. Workaround
The additional MAC addresses can work by setting the vtnet(4) network
interface in promiscuous mode. The following command sets vtnet0 in
promiscuous mode:
# ifconfig vtnet0 promisc
Note that this may lead to performance degradation.
Or, the fixed version of the vtnet(4) driver can be installed as
kernel module by using the Ports Collection (emulators/virtio-kmod).
To use it on 8.4-RELEASE, the GENERIC kernel has to be recompiled by
removing all of the virtio(4) drivers before installing
emulators/virtio-kmod. The following lines in kernel configuration
file disable the drivers:
nodevice virtio
nodevice virtio_pci
nodevice vtnet
nodevice virtio_blk
nodevice virtio_scsi
nodevice virtio_balloon
After recompilation and installing the new kernel and
emulators/virtio-kmod, add the following lines to /boot/loader.conf.
This enables the drivers by loading kernel modules which are installed
by emulators/virtio-kmod at boot time.
virtio_load="YES"
virtio_pci_load="YES"
virtio_blk_load="YES"
if_vtnet_load="YES"
virtio_balloon_load="YES"
V. Solution
Perform one of the following:
1) Upgrade your system to 8-STABLE, or 9-STABLE, or to the releng/8.4
security branch dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 8.4 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/EN-13:02/vtnet.patch
# fetch http://security.FreeBSD.org/patches/EN-13:02/vtnet.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
3) To update your vulnerable system via a binary patch:
Systems running 8.4-RELEASE on the i386 or amd64 platforms can be updated
via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch/path Revision
- -------------------------------------------------------------------------
head r251769
stable/9/ r252193
stable/8/ r252194
releng/8.4/ r252334
- -------------------------------------------------------------------------
VII. References
The latest revision of this Errata Notice is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-13:02.vtnet.asc
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlHNI4MACgkQFdaIBMps37L8DACfVzTAigMRbtT38pltWZ23IFUw
O3kAn0R36RIBdh45I+g/BPzjTimKMPza
=8wlc
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA1
=============================================================================
FreeBSD-EN-13:02.vtnet Errata Notice
The FreeBSD Project
Topic: vtnet(4) network interface issue on QEMU 1.4.0 and later
Category: core
Modules: sys_dev
Announced: 2013-06-28
Credits: Julian Stecklina and Bryan Venteicher
Affects: FreeBSD 8.4
Corrected: 2013-06-15 03:55:04 UTC (head, 10.0-CURRENT)
2013-06-25 04:42:16 UTC (stable/9, 9.1-STABLE)
2013-06-25 04:42:43 UTC (stable/8, 8.4-STABLE)
2013-06-28 05:21:59 UTC (releng/8.4, 8.4-RELEASE-p2)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.
I. Background
VirtIO is a specification for para-virtualized I/O in a virtual
machine. The vtnet(4) network interface driver supports VirtIO
emulated Ethernet device.
QEMU is a generic and open source machine emulator and virtualizer.
It is included as a third-party package in FreeBSD Ports Collection
(emulators/qemu).
II. Problem Description
The vtnet(4) network interface driver displays the following message
upon configuration when using QEMU 1.4.0 or later:
vtnet0: error setting host MAC filter table
The interface works normally when the interface has one MAC address.
However, if it has two or more MAC addresses configured, frames to
those additional MAC addresses are not forwarded to the vtnet(4)
interface. Thus, only the first MAC address works.
III. Impact
A vtnet(4) network interface with two or more MAC addresses configured
on it cannot receive frames to the addresses except for the first one
when the FreeBSD kernel is running on QEMU 1.4.0 or later. For the
first MAC address, the vtnet(4) interface works without problem even
though the error message is displayed.
The vtnet(4) driver is included in GENERIC kernel in FreeBSD
8.4-RELEASE.
IV. Workaround
The additional MAC addresses can work by setting the vtnet(4) network
interface in promiscuous mode. The following command sets vtnet0 in
promiscuous mode:
# ifconfig vtnet0 promisc
Note that this may lead to performance degradation.
Or, the fixed version of the vtnet(4) driver can be installed as
kernel module by using the Ports Collection (emulators/virtio-kmod).
To use it on 8.4-RELEASE, the GENERIC kernel has to be recompiled by
removing all of the virtio(4) drivers before installing
emulators/virtio-kmod. The following lines in kernel configuration
file disable the drivers:
nodevice virtio
nodevice virtio_pci
nodevice vtnet
nodevice virtio_blk
nodevice virtio_scsi
nodevice virtio_balloon
After recompilation and installing the new kernel and
emulators/virtio-kmod, add the following lines to /boot/loader.conf.
This enables the drivers by loading kernel modules which are installed
by emulators/virtio-kmod at boot time.
virtio_load="YES"
virtio_pci_load="YES"
virtio_blk_load="YES"
if_vtnet_load="YES"
virtio_balloon_load="YES"
V. Solution
Perform one of the following:
1) Upgrade your system to 8-STABLE, or 9-STABLE, or to the releng/8.4
security branch dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 8.4 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/EN-13:02/vtnet.patch
# fetch http://security.FreeBSD.org/patches/EN-13:02/vtnet.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
3) To update your vulnerable system via a binary patch:
Systems running 8.4-RELEASE on the i386 or amd64 platforms can be updated
via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch/path Revision
- -------------------------------------------------------------------------
head r251769
stable/9/ r252193
stable/8/ r252194
releng/8.4/ r252334
- -------------------------------------------------------------------------
VII. References
The latest revision of this Errata Notice is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-13:02.vtnet.asc
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlHNI4MACgkQFdaIBMps37L8DACfVzTAigMRbtT38pltWZ23IFUw
O3kAn0R36RIBdh45I+g/BPzjTimKMPza
=8wlc
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-13:01.fxp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-EN-13:01.fxp Errata Notice
The FreeBSD Project
Topic: dhclient(8) utility issue on fxp(4) network interface
Category: core
Modules: sys_dev
Announced: 2013-06-28
Credits: Michael L. Squires and YongHyeon PYUN
Affects: FreeBSD 8.4
Corrected: 2013-06-10 07:31:50 UTC (head, 10.0-CURRENT)
2013-06-17 04:40:27 UTC (stable/9, 9.1-STABLE)
2013-06-17 04:42:02 UTC (stable/8, 8.4-STABLE)
2013-06-28 05:21:59 UTC (releng/8.4, 8.4-RELEASE-p1)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.
I. Background
The dhclient(8) utility is a Dynamic Host Configuration Protocol (DHCP)
client, which is used for configuring network interfaces.
The fxp(4) network interface driver supports Intel EtherExpress
PRO/100 Ethernet adapters based on the Intel i82557, i82558, i82559,
i82550, i82551, and i82562 chips.
II. Problem Description
When the dhclient(8) utility is used on an fxp(4) network interface,
configuration of the interface could fail with the following warning
messages displayed:
fxp0: link state changed to UP
fxp0: link state changed to DOWN
The cause is that the fxp(4) network interface driver resets the controller
chip twice upon initialization, and the dhclient(8) utility falsely
recognizes the second reset as a link down and attempts reinitialize
the interface. As a result, the dhclient(8) utility keeps trying to
initialize the interface forever.
III. Impact
A machine which has an fxp(4) network interface does not work with
the dhclient(8) utility.
IV. Workaround
There is no workaround. Note that this issue occurs only when the
dhclient(8) utility is used with an fxp(4) interface. A static
configuration by using the ifconfig(8) utility works.
V. Solution
Perform one of the following:
1) Upgrade your system to 8-STABLE, or 9-STABLE, or to the releng/8.4
security branch dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 8.4 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/EN-13:01/fxp_init.patch
# fetch http://security.FreeBSD.org/patches/EN-13:01/fxp_init.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
system.
3) To update your vulnerable system via a binary patch:
Systems running 8.4-RELEASE on the i386 or amd64 platforms can be updated
via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch/path Revision
- -------------------------------------------------------------------------
head r251600
stable/9/ r251829
stable/8/ r251830
releng/8.4/ r252334
- -------------------------------------------------------------------------
VII. References
The latest revision of this Errata Notice is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-13:01.fxp.asc
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlHNI3sACgkQFdaIBMps37IlNwCghqzRtILy5k7Bc4u0NsUhWLfb
Qz8An2kbVTqnveuS+apxaAf5Wg4wp3ey
=mArf
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA1
=============================================================================
FreeBSD-EN-13:01.fxp Errata Notice
The FreeBSD Project
Topic: dhclient(8) utility issue on fxp(4) network interface
Category: core
Modules: sys_dev
Announced: 2013-06-28
Credits: Michael L. Squires and YongHyeon PYUN
Affects: FreeBSD 8.4
Corrected: 2013-06-10 07:31:50 UTC (head, 10.0-CURRENT)
2013-06-17 04:40:27 UTC (stable/9, 9.1-STABLE)
2013-06-17 04:42:02 UTC (stable/8, 8.4-STABLE)
2013-06-28 05:21:59 UTC (releng/8.4, 8.4-RELEASE-p1)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.
I. Background
The dhclient(8) utility is a Dynamic Host Configuration Protocol (DHCP)
client, which is used for configuring network interfaces.
The fxp(4) network interface driver supports Intel EtherExpress
PRO/100 Ethernet adapters based on the Intel i82557, i82558, i82559,
i82550, i82551, and i82562 chips.
II. Problem Description
When the dhclient(8) utility is used on an fxp(4) network interface,
configuration of the interface could fail with the following warning
messages displayed:
fxp0: link state changed to UP
fxp0: link state changed to DOWN
The cause is that the fxp(4) network interface driver resets the controller
chip twice upon initialization, and the dhclient(8) utility falsely
recognizes the second reset as a link down and attempts reinitialize
the interface. As a result, the dhclient(8) utility keeps trying to
initialize the interface forever.
III. Impact
A machine which has an fxp(4) network interface does not work with
the dhclient(8) utility.
IV. Workaround
There is no workaround. Note that this issue occurs only when the
dhclient(8) utility is used with an fxp(4) interface. A static
configuration by using the ifconfig(8) utility works.
V. Solution
Perform one of the following:
1) Upgrade your system to 8-STABLE, or 9-STABLE, or to the releng/8.4
security branch dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 8.4 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/EN-13:01/fxp_init.patch
# fetch http://security.FreeBSD.org/patches/EN-13:01/fxp_init.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
system.
3) To update your vulnerable system via a binary patch:
Systems running 8.4-RELEASE on the i386 or amd64 platforms can be updated
via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch/path Revision
- -------------------------------------------------------------------------
head r251600
stable/9/ r251829
stable/8/ r251830
releng/8.4/ r252334
- -------------------------------------------------------------------------
VII. References
The latest revision of this Errata Notice is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-13:01.fxp.asc
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlHNI3sACgkQFdaIBMps37IlNwCghqzRtILy5k7Bc4u0NsUhWLfb
Qz8An2kbVTqnveuS+apxaAf5Wg4wp3ey
=mArf
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Thursday, June 27, 2013
[CentOS-announce] CEBA-2013:1000 CentOS 6 selinux-policy Update
CentOS Errata and Bugfix Advisory 2013:1000
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-1000.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
b34414f3b32e305cd44d67ee6e8b0133d562c34a00fd4523ed3d0525c3355741 selinux-policy-3.7.19-195.el6_4.12.noarch.rpm
f9ded549547d6917c2c5821dc83f051781c01ad08577052250672daaec824ca7 selinux-policy-doc-3.7.19-195.el6_4.12.noarch.rpm
c4c0c09190718a73a035e3762052eaddcc124746218e47987488f17d186b9f87 selinux-policy-minimum-3.7.19-195.el6_4.12.noarch.rpm
6c036b5074c6d82d046e249694e2948d110366d59ad82600d09aaf6d471e4d10 selinux-policy-mls-3.7.19-195.el6_4.12.noarch.rpm
9037e512390c08d09df340afda9f5884005d1b7e9b56a2c620966142d972ab85 selinux-policy-targeted-3.7.19-195.el6_4.12.noarch.rpm
x86_64:
b34414f3b32e305cd44d67ee6e8b0133d562c34a00fd4523ed3d0525c3355741 selinux-policy-3.7.19-195.el6_4.12.noarch.rpm
f9ded549547d6917c2c5821dc83f051781c01ad08577052250672daaec824ca7 selinux-policy-doc-3.7.19-195.el6_4.12.noarch.rpm
c4c0c09190718a73a035e3762052eaddcc124746218e47987488f17d186b9f87 selinux-policy-minimum-3.7.19-195.el6_4.12.noarch.rpm
6c036b5074c6d82d046e249694e2948d110366d59ad82600d09aaf6d471e4d10 selinux-policy-mls-3.7.19-195.el6_4.12.noarch.rpm
9037e512390c08d09df340afda9f5884005d1b7e9b56a2c620966142d972ab85 selinux-policy-targeted-3.7.19-195.el6_4.12.noarch.rpm
Source:
fa9f0b1019814f9bbcb36843b63cc6baf0b7a6e4a949c8c073c0999f3960eab1 selinux-policy-3.7.19-195.el6_4.12.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-1000.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
b34414f3b32e305cd44d67ee6e8b0133d562c34a00fd4523ed3d0525c3355741 selinux-policy-3.7.19-195.el6_4.12.noarch.rpm
f9ded549547d6917c2c5821dc83f051781c01ad08577052250672daaec824ca7 selinux-policy-doc-3.7.19-195.el6_4.12.noarch.rpm
c4c0c09190718a73a035e3762052eaddcc124746218e47987488f17d186b9f87 selinux-policy-minimum-3.7.19-195.el6_4.12.noarch.rpm
6c036b5074c6d82d046e249694e2948d110366d59ad82600d09aaf6d471e4d10 selinux-policy-mls-3.7.19-195.el6_4.12.noarch.rpm
9037e512390c08d09df340afda9f5884005d1b7e9b56a2c620966142d972ab85 selinux-policy-targeted-3.7.19-195.el6_4.12.noarch.rpm
x86_64:
b34414f3b32e305cd44d67ee6e8b0133d562c34a00fd4523ed3d0525c3355741 selinux-policy-3.7.19-195.el6_4.12.noarch.rpm
f9ded549547d6917c2c5821dc83f051781c01ad08577052250672daaec824ca7 selinux-policy-doc-3.7.19-195.el6_4.12.noarch.rpm
c4c0c09190718a73a035e3762052eaddcc124746218e47987488f17d186b9f87 selinux-policy-minimum-3.7.19-195.el6_4.12.noarch.rpm
6c036b5074c6d82d046e249694e2948d110366d59ad82600d09aaf6d471e4d10 selinux-policy-mls-3.7.19-195.el6_4.12.noarch.rpm
9037e512390c08d09df340afda9f5884005d1b7e9b56a2c620966142d972ab85 selinux-policy-targeted-3.7.19-195.el6_4.12.noarch.rpm
Source:
fa9f0b1019814f9bbcb36843b63cc6baf0b7a6e4a949c8c073c0999f3960eab1 selinux-policy-3.7.19-195.el6_4.12.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2013:0989 CentOS 6 python-dmidecode Update
CentOS Errata and Bugfix Advisory 2013:0989
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0989.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
ec8625fbf908361af91cffc693a6adf0e81a0f77674bc40f1fea8c595bad9d63 python-dmidecode-3.10.13-3.el6_4.i686.rpm
x86_64:
3ee47dd167703e0c274e8bdf5783d5e771b0fdfcf04f85caa7c9fc6a82bfa210 python-dmidecode-3.10.13-3.el6_4.x86_64.rpm
Source:
7a6e92f5df874d84b7f71ef5b177fa69781c35a6f83d8238b4154f06f75b3426 python-dmidecode-3.10.13-3.el6_4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0989.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
ec8625fbf908361af91cffc693a6adf0e81a0f77674bc40f1fea8c595bad9d63 python-dmidecode-3.10.13-3.el6_4.i686.rpm
x86_64:
3ee47dd167703e0c274e8bdf5783d5e771b0fdfcf04f85caa7c9fc6a82bfa210 python-dmidecode-3.10.13-3.el6_4.x86_64.rpm
Source:
7a6e92f5df874d84b7f71ef5b177fa69781c35a6f83d8238b4154f06f75b3426 python-dmidecode-3.10.13-3.el6_4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2013:0986 CentOS 6 libnl Update
CentOS Errata and Bugfix Advisory 2013:0986
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0986.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
8446769f2d8d32ede0d35015b701780f947c563f79443d8d1bdc0aa5973f7d62 libnl-1.1.4-1.el6_4.i686.rpm
00c64f222792b8074d79c4d012a8953e6436670c82b3bbaff0940e60c20ba67c libnl-devel-1.1.4-1.el6_4.i686.rpm
x86_64:
8446769f2d8d32ede0d35015b701780f947c563f79443d8d1bdc0aa5973f7d62 libnl-1.1.4-1.el6_4.i686.rpm
236e77e88553c5d4b76e30d65aaa42208671554e7f755ec155212dbe6254fa78 libnl-1.1.4-1.el6_4.x86_64.rpm
00c64f222792b8074d79c4d012a8953e6436670c82b3bbaff0940e60c20ba67c libnl-devel-1.1.4-1.el6_4.i686.rpm
ff01762cd1061bdf93800705ce4b490792e2ccf42a7aea4c8ec53176c89f4cfb libnl-devel-1.1.4-1.el6_4.x86_64.rpm
Source:
2e475e640d90a4de760eb6818384c254c6c95130533e59fc3d42f0fb1fd2b6e6 libnl-1.1.4-1.el6_4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0986.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
8446769f2d8d32ede0d35015b701780f947c563f79443d8d1bdc0aa5973f7d62 libnl-1.1.4-1.el6_4.i686.rpm
00c64f222792b8074d79c4d012a8953e6436670c82b3bbaff0940e60c20ba67c libnl-devel-1.1.4-1.el6_4.i686.rpm
x86_64:
8446769f2d8d32ede0d35015b701780f947c563f79443d8d1bdc0aa5973f7d62 libnl-1.1.4-1.el6_4.i686.rpm
236e77e88553c5d4b76e30d65aaa42208671554e7f755ec155212dbe6254fa78 libnl-1.1.4-1.el6_4.x86_64.rpm
00c64f222792b8074d79c4d012a8953e6436670c82b3bbaff0940e60c20ba67c libnl-devel-1.1.4-1.el6_4.i686.rpm
ff01762cd1061bdf93800705ce4b490792e2ccf42a7aea4c8ec53176c89f4cfb libnl-devel-1.1.4-1.el6_4.x86_64.rpm
Source:
2e475e640d90a4de760eb6818384c254c6c95130533e59fc3d42f0fb1fd2b6e6 libnl-1.1.4-1.el6_4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2013:0987 CentOS 6 xfsprogs Update
CentOS Errata and Bugfix Advisory 2013:0987
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0987.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
913a469fcb72eb3de668ae39c1cfa33b57e45b341d353e2ede3ca8aed09e13d1 xfsprogs-3.1.1-10.el6_4.1.i686.rpm
46aa543ea99dc5691288a318a2b9b13a7549b5495966ecabf831c5883815a0c2 xfsprogs-devel-3.1.1-10.el6_4.1.i686.rpm
3e24d6ea9f25349cd5fe121aa3f41b567a5a86c38bace2ee0801cfd5a41b74e3 xfsprogs-qa-devel-3.1.1-10.el6_4.1.i686.rpm
x86_64:
913a469fcb72eb3de668ae39c1cfa33b57e45b341d353e2ede3ca8aed09e13d1 xfsprogs-3.1.1-10.el6_4.1.i686.rpm
704223966b55ea1d496aeab6b0b37346a3284a9cebbe2b0d610712a7a94e13fc xfsprogs-3.1.1-10.el6_4.1.x86_64.rpm
46aa543ea99dc5691288a318a2b9b13a7549b5495966ecabf831c5883815a0c2 xfsprogs-devel-3.1.1-10.el6_4.1.i686.rpm
1e3cd8d60c848769c0ddb99edbcb94f558048aa8ba2fc2df8dce255c24732973 xfsprogs-devel-3.1.1-10.el6_4.1.x86_64.rpm
3e24d6ea9f25349cd5fe121aa3f41b567a5a86c38bace2ee0801cfd5a41b74e3 xfsprogs-qa-devel-3.1.1-10.el6_4.1.i686.rpm
b2bbb28ddda200acbb227dc2b5bdabfe817afbbbee9e8490bc1c7bf131248040 xfsprogs-qa-devel-3.1.1-10.el6_4.1.x86_64.rpm
Source:
d59b36a2e01d642fa9686e2965c8733719593a3b96f493671554c6746fb2ff97 xfsprogs-3.1.1-10.el6_4.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0987.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
913a469fcb72eb3de668ae39c1cfa33b57e45b341d353e2ede3ca8aed09e13d1 xfsprogs-3.1.1-10.el6_4.1.i686.rpm
46aa543ea99dc5691288a318a2b9b13a7549b5495966ecabf831c5883815a0c2 xfsprogs-devel-3.1.1-10.el6_4.1.i686.rpm
3e24d6ea9f25349cd5fe121aa3f41b567a5a86c38bace2ee0801cfd5a41b74e3 xfsprogs-qa-devel-3.1.1-10.el6_4.1.i686.rpm
x86_64:
913a469fcb72eb3de668ae39c1cfa33b57e45b341d353e2ede3ca8aed09e13d1 xfsprogs-3.1.1-10.el6_4.1.i686.rpm
704223966b55ea1d496aeab6b0b37346a3284a9cebbe2b0d610712a7a94e13fc xfsprogs-3.1.1-10.el6_4.1.x86_64.rpm
46aa543ea99dc5691288a318a2b9b13a7549b5495966ecabf831c5883815a0c2 xfsprogs-devel-3.1.1-10.el6_4.1.i686.rpm
1e3cd8d60c848769c0ddb99edbcb94f558048aa8ba2fc2df8dce255c24732973 xfsprogs-devel-3.1.1-10.el6_4.1.x86_64.rpm
3e24d6ea9f25349cd5fe121aa3f41b567a5a86c38bace2ee0801cfd5a41b74e3 xfsprogs-qa-devel-3.1.1-10.el6_4.1.i686.rpm
b2bbb28ddda200acbb227dc2b5bdabfe817afbbbee9e8490bc1c7bf131248040 xfsprogs-qa-devel-3.1.1-10.el6_4.1.x86_64.rpm
Source:
d59b36a2e01d642fa9686e2965c8733719593a3b96f493671554c6746fb2ff97 xfsprogs-3.1.1-10.el6_4.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2013:0988 CentOS 6 suitesparse FASTTRACK Update
CentOS Errata and Bugfix Advisory 2013:0988
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0988.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
35f5f6123c3f12d11fc675f50f698c7bbb8e4cad6fd339222d41e7a7c591cf21 suitesparse-3.4.0-8.el6.i686.rpm
7d327ba6e92f55f5082df2ab679515c2e2880f57e6f644b6087c920c83084ac4 suitesparse-devel-3.4.0-8.el6.i686.rpm
9636dd34ef9aedcb205f58c81fdf0001d13b522a7360a5f0efeb32bdb9591af5 suitesparse-doc-3.4.0-8.el6.noarch.rpm
dcc997afb72117d9865702f5a74bf3c6878c0c67e3becbbc7f0a47544bd1b3ec suitesparse-static-3.4.0-8.el6.i686.rpm
x86_64:
8b9a1c9aca4ba97870617120a0986a8e0e37e6c2d0518bfc4b49313163f072b0 suitesparse-3.4.0-8.el6.x86_64.rpm
e90c469cc8b9c0cd476c623397f2e8ff5ea740149509ba4d68c5b7d89bcb133d suitesparse-devel-3.4.0-8.el6.x86_64.rpm
9636dd34ef9aedcb205f58c81fdf0001d13b522a7360a5f0efeb32bdb9591af5 suitesparse-doc-3.4.0-8.el6.noarch.rpm
2b4d308e77aa58db4263e5afe3c55026edb5d2a6e4f04e27c9a9ee14a9563337 suitesparse-static-3.4.0-8.el6.x86_64.rpm
Source:
42b75ae4fb6a3243ce3ff7993d7f28f3082bbebd7529b3d5ea340f30ad50097c suitesparse-3.4.0-8.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0988.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
35f5f6123c3f12d11fc675f50f698c7bbb8e4cad6fd339222d41e7a7c591cf21 suitesparse-3.4.0-8.el6.i686.rpm
7d327ba6e92f55f5082df2ab679515c2e2880f57e6f644b6087c920c83084ac4 suitesparse-devel-3.4.0-8.el6.i686.rpm
9636dd34ef9aedcb205f58c81fdf0001d13b522a7360a5f0efeb32bdb9591af5 suitesparse-doc-3.4.0-8.el6.noarch.rpm
dcc997afb72117d9865702f5a74bf3c6878c0c67e3becbbc7f0a47544bd1b3ec suitesparse-static-3.4.0-8.el6.i686.rpm
x86_64:
8b9a1c9aca4ba97870617120a0986a8e0e37e6c2d0518bfc4b49313163f072b0 suitesparse-3.4.0-8.el6.x86_64.rpm
e90c469cc8b9c0cd476c623397f2e8ff5ea740149509ba4d68c5b7d89bcb133d suitesparse-devel-3.4.0-8.el6.x86_64.rpm
9636dd34ef9aedcb205f58c81fdf0001d13b522a7360a5f0efeb32bdb9591af5 suitesparse-doc-3.4.0-8.el6.noarch.rpm
2b4d308e77aa58db4263e5afe3c55026edb5d2a6e4f04e27c9a9ee14a9563337 suitesparse-static-3.4.0-8.el6.x86_64.rpm
Source:
42b75ae4fb6a3243ce3ff7993d7f28f3082bbebd7529b3d5ea340f30ad50097c suitesparse-3.4.0-8.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Fedora 19 status is ALIVE, GA on July 02, 2013
At the Fedora 19 Final Go/No-Go Meeting that just occurred, it was
agreed to Go with the Fedora 19 by Fedora QA, development, release
engineering and FPM.
agreed to Go with the Fedora 19 by Fedora QA, development, release
engineering and FPM.
Fedora 19 will be publicly available on Tuesday, July 02, 2013.
Thank you everyone for heroic effort on this release!
Meeting details can be seen here:
Minutes: http://bit.ly/12oSkZZ
Log: http://bit.ly/1csjMro
The Cat: http://bit.ly/11M5q3V
Jaroslav
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel-announce
[USN-1893-1] Subversion vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRzHqpAAoJEGVp2FWnRL6TORgQALemikAKP47ayzIkQayT/XYh
Cn4pIb11ZRpCasknJppz8OKklVivxuJF/FKUMehLE59NwqsBK4RYDO6Vat8fKuJf
czjvi7dFD42CMDPBTVuOF2XIsu7UErLuegzdLBzQYMYttoN63xkQ2MOgiN4dTDcW
FzQgoKC3S5aaSjkJcauwcik51XP8gICDuKv7o7XG7RanF35J9P2nDYjgWnpFG9oY
Ldbq+H4mWrsNwDHr+zps7Vyg698RMagQa5+huwESMoh0kIa9ARastm8UN8LkI925
jh3m+8rdQCj9eJ/LtnmCfGJghfZPJH7oJALcGB2ypLdUr1zKkqYjC47e9al4r4wo
kEWVnfKezc7cvZ5EBV4pbdX6GbRNN6BuN5knNLKoE/BkiBe3SMydSGQlciOzx/EF
tsqtLdwYlIdMZTb3XXCX6c7hkK7BNCTC0/8wpETciHLV10q6bWkBXH/EOLb/93K/
Dn1RbICe3w5Uhl8KnreAyo9UAKJ900BmEC5rtJEdrSP3DXmnHERD+1zLMPoSW+R1
Dxd/yWhqi07vm5o33nFW1z+rFC8P8AZGg58ClTGVEF3KQ4x7LZDAjF1KuHrR9pER
75RC7MnyJb023KO9PX/Z5Dr7av98uS05Ma8LAAX8UY36ckbQ+XzsjcFP5T0J9B9w
uCPJeTytHbHyWihjzELF
=wBhR
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1893-1
June 27, 2013
subversion vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Subversion.
Software Description:
- subversion: Advanced version control system
Details:
Alexander Klink discovered that the Subversion mod_dav_svn module for
Apache did not properly handle a large number of properties. A remote
authenticated attacker could use this flaw to cause memory consumption,
leading to a denial of service. (CVE-2013-1845)
Ben Reser discovered that the Subversion mod_dav_svn module for
Apache did not properly handle certain LOCKs. A remote authenticated
attacker could use this flaw to cause Subversion to crash, leading to a
denial of service. (CVE-2013-1846)
Philip Martin and Ben Reser discovered that the Subversion mod_dav_svn
module for Apache did not properly handle certain LOCKs. A remote
attacker could use this flaw to cause Subversion to crash, leading to a
denial of service. (CVE-2013-1847)
It was discovered that the Subversion mod_dav_svn module for Apache did not
properly handle certain PROPFIND requests. A remote attacker could use this
flaw to cause Subversion to crash, leading to a denial of service.
(CVE-2013-1849)
Greg McMullin, Stefan Fuhrmann, Philip Martin, and Ben Reser discovered
that the Subversion mod_dav_svn module for Apache did not properly handle
certain log REPORT requests. A remote attacker could use this flaw to cause
Subversion to crash, leading to a denial of service. This issue only
affected Ubuntu 12.10 and Ubuntu 13.04. (CVE-2013-1884)
Stefan Sperling discovered that Subversion incorrectly handled newline
characters in filenames. A remote authenticated attacker could use this
flaw to corrupt FSFS repositories. (CVE-2013-1968)
Boris Lytochkin discovered that Subversion incorrectly handled TCP
connections that were closed early. A remote attacker could use this flaw
to cause Subversion to crash, leading to a denial of service.
(CVE-2013-2112)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
libapache2-svn 1.7.5-1ubuntu3.1
libsvn1 1.7.5-1ubuntu3.1
Ubuntu 12.10:
libapache2-svn 1.7.5-1ubuntu2.1
libsvn1 1.7.5-1ubuntu2.1
Ubuntu 12.04 LTS:
libapache2-svn 1.6.17dfsg-3ubuntu3.3
libsvn1 1.6.17dfsg-3ubuntu3.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1893-1
CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849,
CVE-2013-1884, CVE-2013-1968, CVE-2013-2112
Package Information:
https://launchpad.net/ubuntu/+source/subversion/1.7.5-1ubuntu3.1
https://launchpad.net/ubuntu/+source/subversion/1.7.5-1ubuntu2.1
https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.3
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRzHqpAAoJEGVp2FWnRL6TORgQALemikAKP47ayzIkQayT/XYh
Cn4pIb11ZRpCasknJppz8OKklVivxuJF/FKUMehLE59NwqsBK4RYDO6Vat8fKuJf
czjvi7dFD42CMDPBTVuOF2XIsu7UErLuegzdLBzQYMYttoN63xkQ2MOgiN4dTDcW
FzQgoKC3S5aaSjkJcauwcik51XP8gICDuKv7o7XG7RanF35J9P2nDYjgWnpFG9oY
Ldbq+H4mWrsNwDHr+zps7Vyg698RMagQa5+huwESMoh0kIa9ARastm8UN8LkI925
jh3m+8rdQCj9eJ/LtnmCfGJghfZPJH7oJALcGB2ypLdUr1zKkqYjC47e9al4r4wo
kEWVnfKezc7cvZ5EBV4pbdX6GbRNN6BuN5knNLKoE/BkiBe3SMydSGQlciOzx/EF
tsqtLdwYlIdMZTb3XXCX6c7hkK7BNCTC0/8wpETciHLV10q6bWkBXH/EOLb/93K/
Dn1RbICe3w5Uhl8KnreAyo9UAKJ900BmEC5rtJEdrSP3DXmnHERD+1zLMPoSW+R1
Dxd/yWhqi07vm5o33nFW1z+rFC8P8AZGg58ClTGVEF3KQ4x7LZDAjF1KuHrR9pER
75RC7MnyJb023KO9PX/Z5Dr7av98uS05Ma8LAAX8UY36ckbQ+XzsjcFP5T0J9B9w
uCPJeTytHbHyWihjzELF
=wBhR
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1893-1
June 27, 2013
subversion vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Subversion.
Software Description:
- subversion: Advanced version control system
Details:
Alexander Klink discovered that the Subversion mod_dav_svn module for
Apache did not properly handle a large number of properties. A remote
authenticated attacker could use this flaw to cause memory consumption,
leading to a denial of service. (CVE-2013-1845)
Ben Reser discovered that the Subversion mod_dav_svn module for
Apache did not properly handle certain LOCKs. A remote authenticated
attacker could use this flaw to cause Subversion to crash, leading to a
denial of service. (CVE-2013-1846)
Philip Martin and Ben Reser discovered that the Subversion mod_dav_svn
module for Apache did not properly handle certain LOCKs. A remote
attacker could use this flaw to cause Subversion to crash, leading to a
denial of service. (CVE-2013-1847)
It was discovered that the Subversion mod_dav_svn module for Apache did not
properly handle certain PROPFIND requests. A remote attacker could use this
flaw to cause Subversion to crash, leading to a denial of service.
(CVE-2013-1849)
Greg McMullin, Stefan Fuhrmann, Philip Martin, and Ben Reser discovered
that the Subversion mod_dav_svn module for Apache did not properly handle
certain log REPORT requests. A remote attacker could use this flaw to cause
Subversion to crash, leading to a denial of service. This issue only
affected Ubuntu 12.10 and Ubuntu 13.04. (CVE-2013-1884)
Stefan Sperling discovered that Subversion incorrectly handled newline
characters in filenames. A remote authenticated attacker could use this
flaw to corrupt FSFS repositories. (CVE-2013-1968)
Boris Lytochkin discovered that Subversion incorrectly handled TCP
connections that were closed early. A remote attacker could use this flaw
to cause Subversion to crash, leading to a denial of service.
(CVE-2013-2112)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
libapache2-svn 1.7.5-1ubuntu3.1
libsvn1 1.7.5-1ubuntu3.1
Ubuntu 12.10:
libapache2-svn 1.7.5-1ubuntu2.1
libsvn1 1.7.5-1ubuntu2.1
Ubuntu 12.04 LTS:
libapache2-svn 1.6.17dfsg-3ubuntu3.3
libsvn1 1.6.17dfsg-3ubuntu3.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1893-1
CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849,
CVE-2013-1884, CVE-2013-1968, CVE-2013-2112
Package Information:
https://launchpad.net/ubuntu/+source/subversion/1.7.5-1ubuntu3.1
https://launchpad.net/ubuntu/+source/subversion/1.7.5-1ubuntu2.1
https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.3
[USN-1892-1] ubuntu-release-upgrader vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRzHqWAAoJEGVp2FWnRL6TpNcQAJqXN19DX084UMbG31mSFiBk
S53vp39eDTPpPxnosX+S8RMG80lOrxqRGfciLEqLIHYytPf1b+oDaJoibEJpAp08
5EOlORAHh3UypBTN20J3p8IB9saH4+rfYWeRIcfc9xxr8WFZyF+xlZNmMoR3X8vt
V+lGNJ6FuknMTLGOEejcvKg9e+aRDjRVDfuKKZ0QDr6HmGmYLK8tObN1N0g9bZ1h
1PF2VhzR1pMMYCTzfljjUjkSv+KKG6XcG0se7q5IIdklEqgobBrabyFRlSX6jo9q
EZn3CDaythfqaCukCOtRx2JIxP+tk21tgWJj2DwtDCeUfyCZJcK9pCEqWFfAJl4g
7+P9WIAZwfaW4M/Z/c2KJmeMx0ExjCCmQ6HUEU70GtKrnlezj7T+/BVPCEYtklPT
U+I7+d9CdS5uFr4k88xJBvMwakLmBpqihYolhPMkVyUsRGwVQtOYwdDKm4eqzHE/
kuuMNIlhgHdGYiz8wr/PnIAR2xsvd50BqFneR3PaVmVZn/J8RIvlNMCokPMZQPQO
Q4twFyIy0QNVW+W9wX+IcWgHGpSgsX3eYkjOenGf7trDQAUkNVKbFCgqojWxRpzt
EHOGfChj4g8NbW5yI8Y+e9jROsVB2agdqmJhFaqQVsRCU/3XE/cUT8PrZeyZhffh
20M87Yx3rlY2nQFVFH8W
=Oss9
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1892-1
June 27, 2013
ubuntu-release-upgrader vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
Summary:
ubuntu-release-upgrader would crash when attempting to upgrade.
Software Description:
- ubuntu-release-upgrader: manage release upgrades
Details:
It was discovered that ubuntu-release-upgrader would fail when a user
requested an upgrade to Ubuntu 13.04. This would prevent a user from
migrating easily to Ubuntu 13.04 before the Ubuntu 12.10 support period
ended.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
ubuntu-release-upgrader-gtk 1:0.190.7
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1892-1
https://launchpad.net/bugs/1094777
Package Information:
https://launchpad.net/ubuntu/+source/ubuntu-release-upgrader/1:0.190.7
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRzHqWAAoJEGVp2FWnRL6TpNcQAJqXN19DX084UMbG31mSFiBk
S53vp39eDTPpPxnosX+S8RMG80lOrxqRGfciLEqLIHYytPf1b+oDaJoibEJpAp08
5EOlORAHh3UypBTN20J3p8IB9saH4+rfYWeRIcfc9xxr8WFZyF+xlZNmMoR3X8vt
V+lGNJ6FuknMTLGOEejcvKg9e+aRDjRVDfuKKZ0QDr6HmGmYLK8tObN1N0g9bZ1h
1PF2VhzR1pMMYCTzfljjUjkSv+KKG6XcG0se7q5IIdklEqgobBrabyFRlSX6jo9q
EZn3CDaythfqaCukCOtRx2JIxP+tk21tgWJj2DwtDCeUfyCZJcK9pCEqWFfAJl4g
7+P9WIAZwfaW4M/Z/c2KJmeMx0ExjCCmQ6HUEU70GtKrnlezj7T+/BVPCEYtklPT
U+I7+d9CdS5uFr4k88xJBvMwakLmBpqihYolhPMkVyUsRGwVQtOYwdDKm4eqzHE/
kuuMNIlhgHdGYiz8wr/PnIAR2xsvd50BqFneR3PaVmVZn/J8RIvlNMCokPMZQPQO
Q4twFyIy0QNVW+W9wX+IcWgHGpSgsX3eYkjOenGf7trDQAUkNVKbFCgqojWxRpzt
EHOGfChj4g8NbW5yI8Y+e9jROsVB2agdqmJhFaqQVsRCU/3XE/cUT8PrZeyZhffh
20M87Yx3rlY2nQFVFH8W
=Oss9
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1892-1
June 27, 2013
ubuntu-release-upgrader vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
Summary:
ubuntu-release-upgrader would crash when attempting to upgrade.
Software Description:
- ubuntu-release-upgrader: manage release upgrades
Details:
It was discovered that ubuntu-release-upgrader would fail when a user
requested an upgrade to Ubuntu 13.04. This would prevent a user from
migrating easily to Ubuntu 13.04 before the Ubuntu 12.10 support period
ended.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
ubuntu-release-upgrader-gtk 1:0.190.7
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1892-1
https://launchpad.net/bugs/1094777
Package Information:
https://launchpad.net/ubuntu/+source/ubuntu-release-upgrader/1:0.190.7
Wednesday, June 26, 2013
Election Results for Fedora Board, FAmSCo, and FESCo seats
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
Greetings, extra-patient friends:
The elections for the Fedora Board, Fedora Engineering Steering
Committee (FESCo), and Fedora Ambassadors Steering Committee (FAmSCo)
have concluded, and the results are shown below.
* * *
FESCo is electing 5 seats this cycle. A total of 166 ballots were
cast, meaning a candidate could accumulate up to 1162 votes (166 *
7). The results for the FESCo elections are as follows:
# votes | name
- --------+----------------------
833 | Kevin Fenzi (FAS: kevin, IRC: nirik)
742 | Bill Nottingham (FAS: notting, IRC: notting)
605 | Tomáš Mráz (FAS: tmraz, IRC: t8m)
541 | Matthew Miller (FAS: mattdm, IRC: mattdm)
537 | Peter Jones (FAS: pjones, IRC: pjones)
- -------------------------------
511 | Josh Boyer (FAS: jwboyer, IRC: jwb)
408 | Kalev Lember (FAS: kalev, IRC: kalev)
Therefore, Kevin Fenzi, Bill Nottingham, Tomáš Mráz, Matthew Miller,
and Peter Jones are each elected to FESCo for a full two-release term.
* * *
FAmSCo is electing 4 seats this cycle. A total of 175 ballots were cast,
meaning a candidate could accumulate up to 875 votes (175 * 5).
# votes | name
- --------------------------------------------------------------------------------
552 | Jiri Eischmann (FAS: eischmann)
468 | Christoph Wickert (FAS: cwickert, IRC: cwickert)
355 | Luis Enrique Bazán De León (FAS: lbazan, IRC: LoKoMurdoK)
321 | Robert Mayr (FAS: robyduck, IRC: robyduck)
- --------------------------------------------------------------------------------
207 | Wolnei Cândido Tomazelli Junior (FAS: wolnei, IRC: Wolnei)
Therefore, Jiri Eischmann, Christoph Wickert, Luis Enrique Bazán De León,
and Robert Mayr are each elected to FAmSCo for a full two-release term.
== Important note ==
After every election, an election admin is asked to sanity check the results
of the election. In this famsco election a duplicate ballot was discovered.
This was traced to a bug in the elections code which allowed a double click
on the submit button to record the ballot twice if the database was slow to
record a ballot. A change has been put in place to prevent this from
reoccurring with the current election code.
Due to the difference in votes received between each famsco candidate, the
duplicate ballot would not have caused any difference in the outcome of the
election but the duplicate ballot was not factored into the results
posted here.
* * *
The Fedora Board is electing 3 seats this cycle. A total of 157 ballots
were cast, meaning a candidate could accumulate up to 785 votes (157 *
5).
# votes | name
- --------------------------------------------------------------------------------
524 | Matthew Garrett (FAS: mjg59, IRC: mjg59)
515 | Josh Boyer (FAS: jwboyer, IRC: jwb)
421 | Eric Christensen (FAS: sparks, IRC: Sparks)
- --------------------------------------------------------------------------------
321 | Haïkel Guémar (FAS: hguemar, IRC: number80)
246 | Dan Mashal (FAS: vicodan, IRC: dan408)
Therefore: Matthew Garrett, Josh Boyer, and Eric Christensen are elected to the
Board for a full two-release term.
* * *
Congratulations to the winning candidates, and a hearty thank-you to
all nominees for running and participating in this elections cycle.
- -- Eric
- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project - Red Hat
sparks@redhat.com - sparks@fedoraproject.org
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iQGcBAEBCgAGBQJRyz99AAoJEB/kgVGp2CYvPU0L/2wMVPiHA6u0yZU1la1cx6NU
MJwAbOz2wcp54ZMNLpouu4bFSMbupVnql8B1jGSyhj6k2useZd0oSW98Q/VCm9Ov
LLuvvnImyS0cVgt+DMu0j3+MbEfd3WIZcb3Y8Bvouhb7JMS6lCAzIB8JXBseoJFx
HhIWx9wJaRXKowIKtXXDg1JJzhKaqY+uG3jsUbVAtt3HIG6kiLn0xg7bEZLmPmnk
2w7kktbgQWVHnrsx8Ba1lpgKz1yi8dD1SDN18bhNTncYsoPTL88efZij2S1anNXu
axGv9gqA0OpaMd6lvj4X9tO2o/HKKazr2u1lbrYZGM7li8stoKZwsyYPGX6KmFx4
Y4XewhCj6ywQvUDu+v5O+unffnvne8u6Qff5oPo4uaqy7MQea5ym75bG7f3odXf1
cy8NWIDYPzvXic8ZqD0xao396znxJ9j0oqsMzB3vTrUExjuornQoFRWlr/xcRmXo
5Kbk5KSJF6IPQ9Sjdp++4NKHc8+tAkdm0HwiHSzQFQ==
=x4Fr
-----END PGP SIGNATURE-----
--
announce mailing list
announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce
[USN-1891-1] Thunderbird vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird-Trunk - http://www.enigmail.net/
iQEcBAEBAgAGBQJRyyDdAAoJEGEfvezVlG4PrTYH/RNiCAiBKJGRFJ7eugRSEAu9
pU5ItifLD4fZBfdzGTo68nqXmqfCR7fYDINELz2IVvrcVYymJo88olzuzIXaNlTk
ftgkkW4Q3nYVlINZISeM8wq69iab0qRn1EaF6Lq9Vjy711ReSJpkw3//+oPRFdKe
uWhgSQyRq09GiC9DU7mysOQmw4XTWuMwUnL88/Nm3SAUBk2Kir7NESpQwXkypR5j
qCOpcbv8dYy7YjWMkG4+DYA5A/ut9U6iBysKaAzP6JmOTRBDpaSj4VSh/e08WXyd
i5Pw6QT+Ie3op5pu25UgTZnckO/pLePhwukTF59K2KNLD2M5YDJYD+qtAVolpks=
=ieZ/
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1891-1
June 26, 2013
thunderbird vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Multiple memory safety issues were discovered in Thunderbird. If the user
were tricked into opening a specially crafted message with scripting
enabled, an attacker could possibly exploit these to cause a denial of
service via application crash, or potentially execute arbitrary code with
the privileges of the user invoking Thunderbird. (CVE-2013-1682)
Abhishek Arya discovered multiple use-after-free bugs. If the user were
tricked into opening a specially crafted message with scripting enabled,
an attacker could possibly exploit these to execute arbitrary code with
the privileges of the user invoking Thunderbird. (CVE-2013-1684,
CVE-2013-1685, CVE-2013-1686)
Mariusz Mlynski discovered that user defined code within the XBL scope of
an element could be made to bypass System Only Wrappers (SOW). If a user
had scripting enabled, an attacker could potentially exploit this to
execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2013-1687)
A crash was discovered when reloading a page that contained content using
the onreadystatechange event. If a user had scripting enabled, an attacker
could potentially exploit this to execute arbitrary code with the
privileges of the user invoking Thunderbird. (CVE-2013-1690)
Johnathan Kuskos discovered that Thunderbird sent data in the body of
XMLHttpRequest HEAD requests. If a user had scripting enabled, an attacker
could exploit this to conduct Cross-Site Request Forgery (CSRF) attacks.
(CVE-2013-1692)
Paul Stone discovered a timing flaw in the processing of SVG images with
filters. If a user had scripting enabled, an attacker could exploit this
to view sensitive information. (CVE-2013-1693)
Boris Zbarsky discovered a flaw in PreserveWrapper. If a user had
scripting enabled, an attacker could potentially exploit this to cause
a denial of service via application crash, or execute code with the
privileges of the user invoking Thunderbird. (CVE-2013-1694)
It was discovered that XrayWrappers could be bypassed to call
content-defined methods in certain circumstances. If a user had scripting
enabled, an attacker could exploit this to cause undefined behaviour.
(CVE-2013-1697)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
thunderbird 17.0.7+build1-0ubuntu0.13.04.1
Ubuntu 12.10:
thunderbird 17.0.7+build1-0ubuntu0.12.10.1
Ubuntu 12.04 LTS:
thunderbird 17.0.7+build1-0ubuntu0.12.04.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1891-1
CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686,
CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693,
CVE-2013-1694, CVE-2013-1697, https://launchpad.net/bugs/1193919
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/17.0.7+build1-0ubuntu0.13.04.1
https://launchpad.net/ubuntu/+source/thunderbird/17.0.7+build1-0ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/thunderbird/17.0.7+build1-0ubuntu0.12.04.1
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird-Trunk - http://www.enigmail.net/
iQEcBAEBAgAGBQJRyyDdAAoJEGEfvezVlG4PrTYH/RNiCAiBKJGRFJ7eugRSEAu9
pU5ItifLD4fZBfdzGTo68nqXmqfCR7fYDINELz2IVvrcVYymJo88olzuzIXaNlTk
ftgkkW4Q3nYVlINZISeM8wq69iab0qRn1EaF6Lq9Vjy711ReSJpkw3//+oPRFdKe
uWhgSQyRq09GiC9DU7mysOQmw4XTWuMwUnL88/Nm3SAUBk2Kir7NESpQwXkypR5j
qCOpcbv8dYy7YjWMkG4+DYA5A/ut9U6iBysKaAzP6JmOTRBDpaSj4VSh/e08WXyd
i5Pw6QT+Ie3op5pu25UgTZnckO/pLePhwukTF59K2KNLD2M5YDJYD+qtAVolpks=
=ieZ/
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1891-1
June 26, 2013
thunderbird vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Multiple memory safety issues were discovered in Thunderbird. If the user
were tricked into opening a specially crafted message with scripting
enabled, an attacker could possibly exploit these to cause a denial of
service via application crash, or potentially execute arbitrary code with
the privileges of the user invoking Thunderbird. (CVE-2013-1682)
Abhishek Arya discovered multiple use-after-free bugs. If the user were
tricked into opening a specially crafted message with scripting enabled,
an attacker could possibly exploit these to execute arbitrary code with
the privileges of the user invoking Thunderbird. (CVE-2013-1684,
CVE-2013-1685, CVE-2013-1686)
Mariusz Mlynski discovered that user defined code within the XBL scope of
an element could be made to bypass System Only Wrappers (SOW). If a user
had scripting enabled, an attacker could potentially exploit this to
execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2013-1687)
A crash was discovered when reloading a page that contained content using
the onreadystatechange event. If a user had scripting enabled, an attacker
could potentially exploit this to execute arbitrary code with the
privileges of the user invoking Thunderbird. (CVE-2013-1690)
Johnathan Kuskos discovered that Thunderbird sent data in the body of
XMLHttpRequest HEAD requests. If a user had scripting enabled, an attacker
could exploit this to conduct Cross-Site Request Forgery (CSRF) attacks.
(CVE-2013-1692)
Paul Stone discovered a timing flaw in the processing of SVG images with
filters. If a user had scripting enabled, an attacker could exploit this
to view sensitive information. (CVE-2013-1693)
Boris Zbarsky discovered a flaw in PreserveWrapper. If a user had
scripting enabled, an attacker could potentially exploit this to cause
a denial of service via application crash, or execute code with the
privileges of the user invoking Thunderbird. (CVE-2013-1694)
It was discovered that XrayWrappers could be bypassed to call
content-defined methods in certain circumstances. If a user had scripting
enabled, an attacker could exploit this to cause undefined behaviour.
(CVE-2013-1697)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
thunderbird 17.0.7+build1-0ubuntu0.13.04.1
Ubuntu 12.10:
thunderbird 17.0.7+build1-0ubuntu0.12.10.1
Ubuntu 12.04 LTS:
thunderbird 17.0.7+build1-0ubuntu0.12.04.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1891-1
CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686,
CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693,
CVE-2013-1694, CVE-2013-1697, https://launchpad.net/bugs/1193919
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/17.0.7+build1-0ubuntu0.13.04.1
https://launchpad.net/ubuntu/+source/thunderbird/17.0.7+build1-0ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/thunderbird/17.0.7+build1-0ubuntu0.12.04.1
[CentOS-announce] CEBA-2013:0985 CentOS 6 squid Update
CentOS Errata and Bugfix Advisory 2013:0985
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0985.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
ea53c4abdee4659145833cb68c8c8e4b474914ed3831f6df92de11b2c06fafa3 squid-3.1.10-18.el6_4.i686.rpm
x86_64:
7fc40d7debab3a272d782a791a3b31b2ecd485f86317d7b6571bf0788932c98b squid-3.1.10-18.el6_4.x86_64.rpm
Source:
ce551e9cbc5889c21eb223d92bd9421a4b237066b83105cbcd6be81f4af97795 squid-3.1.10-18.el6_4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0985.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
ea53c4abdee4659145833cb68c8c8e4b474914ed3831f6df92de11b2c06fafa3 squid-3.1.10-18.el6_4.i686.rpm
x86_64:
7fc40d7debab3a272d782a791a3b31b2ecd485f86317d7b6571bf0788932c98b squid-3.1.10-18.el6_4.x86_64.rpm
Source:
ce551e9cbc5889c21eb223d92bd9421a4b237066b83105cbcd6be81f4af97795 squid-3.1.10-18.el6_4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2013:0984 CentOS 5 httpd Update
CentOS Errata and Bugfix Advisory 2013:0984
Upstream details at : http://rhn.redhat.com/errata/RHBA-2013-0984.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
284028883141d39f54f204571e71ceb39a6e91e48b69aa9d733fbeffd1fc4115 httpd-2.2.3-81.el5.centos.i386.rpm
45f358b3dffa6be6d5bb58cef6846825a613e89529a0b57735e31fd589400187 httpd-devel-2.2.3-81.el5.centos.i386.rpm
101d767ab2188de5a2b557c9c0714c2dd0b7390fbe5626df2d96c780a0fcb4e3 httpd-manual-2.2.3-81.el5.centos.i386.rpm
28b649a1598e2400a149fe1ef56d86007bb010eddb0e12704f73a2d474a2b9ea mod_ssl-2.2.3-81.el5.centos.i386.rpm
x86_64:
a20b8ed796ee571e73ca2d7e4e088bfe9dda90fff997ef7185ccb4ea5da64b6e httpd-2.2.3-81.el5.centos.x86_64.rpm
45f358b3dffa6be6d5bb58cef6846825a613e89529a0b57735e31fd589400187 httpd-devel-2.2.3-81.el5.centos.i386.rpm
15cd9ec11b6d71b2b64f01860f541b0d4c213beefa2240d31a07a5f25f4ef8c6 httpd-devel-2.2.3-81.el5.centos.x86_64.rpm
03bae79cd66471862de8792894b6d532a93f5120e5739494b949f4b026eae1bb httpd-manual-2.2.3-81.el5.centos.x86_64.rpm
1f990bc6e68f1453a02391f97094d82f5f017c2cdbe02c9d3831259635f22652 mod_ssl-2.2.3-81.el5.centos.x86_64.rpm
Source:
ba408472eaf0860c4d974dca40bb60730dc9a3579b75cbadc36b3b50c4132a54 httpd-2.2.3-81.el5.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : http://rhn.redhat.com/errata/RHBA-2013-0984.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
284028883141d39f54f204571e71ceb39a6e91e48b69aa9d733fbeffd1fc4115 httpd-2.2.3-81.el5.centos.i386.rpm
45f358b3dffa6be6d5bb58cef6846825a613e89529a0b57735e31fd589400187 httpd-devel-2.2.3-81.el5.centos.i386.rpm
101d767ab2188de5a2b557c9c0714c2dd0b7390fbe5626df2d96c780a0fcb4e3 httpd-manual-2.2.3-81.el5.centos.i386.rpm
28b649a1598e2400a149fe1ef56d86007bb010eddb0e12704f73a2d474a2b9ea mod_ssl-2.2.3-81.el5.centos.i386.rpm
x86_64:
a20b8ed796ee571e73ca2d7e4e088bfe9dda90fff997ef7185ccb4ea5da64b6e httpd-2.2.3-81.el5.centos.x86_64.rpm
45f358b3dffa6be6d5bb58cef6846825a613e89529a0b57735e31fd589400187 httpd-devel-2.2.3-81.el5.centos.i386.rpm
15cd9ec11b6d71b2b64f01860f541b0d4c213beefa2240d31a07a5f25f4ef8c6 httpd-devel-2.2.3-81.el5.centos.x86_64.rpm
03bae79cd66471862de8792894b6d532a93f5120e5739494b949f4b026eae1bb httpd-manual-2.2.3-81.el5.centos.x86_64.rpm
1f990bc6e68f1453a02391f97094d82f5f017c2cdbe02c9d3831259635f22652 mod_ssl-2.2.3-81.el5.centos.x86_64.rpm
Source:
ba408472eaf0860c4d974dca40bb60730dc9a3579b75cbadc36b3b50c4132a54 httpd-2.2.3-81.el5.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[USN-1890-1] Firefox vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird-Trunk - http://www.enigmail.net/
iQEcBAEBAgAGBQJRysQDAAoJEGEfvezVlG4PRWsH/j+HyuDP+maYe6TrYpoEENpc
F+ma2rzVeLsCrANjetxokaxXwUxUrkKWCplMSQy/AZ39oROQc5/lV5r4ODXlPzh7
cSU35hHA1pD3jgBD7ools0FdvsWs88mPBYZdeCSHQesVlFZKe+i+UGzC7ZNetPLj
JUToYIh2ujeZQAYicANQ8+JRqjYZW1nf3H0ag10Vn03tgnlmysHVAfsXu0K5boln
nWe0TU33j17aQ3uuAd1ctTXxTX2xCpx1DowdRiM14DgxvhNMpvTiS/AE9QJzhU+P
qXi+LwRQbBw48S76JFejSFweOoU5SE9RZfUvsZu0LrCEdKfhhqgCEJZpU4OJZzY=
=rK+k
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1890-1
June 26, 2013
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple memory safety issues were discovered in Firefox. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit these to cause a denial of service via application crash, or
potentially execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2013-1682, CVE-2013-1683)
Abhishek Arya discovered multiple use-after-free bugs. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit these to execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2013-1684, CVE-2013-1685, CVE-2013-1686)
Mariusz Mlynski discovered that user defined code within the XBL scope of
an element could be made to bypass System Only Wrappers (SOW). An attacker
could potentially exploit this to execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2013-1687)
Mariusz Mlynski discovered that the profiler user interface incorrectly
handled data from the profiler. If the user examined profiler output
on a specially crafted page, an attacker could potentially exploit this to
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2013-1688)
A crash was discovered when reloading a page that contained content using
the onreadystatechange event. An attacker could potentially exploit this
to execute arbitrary code with the privileges of the user invoking Firefox
(CVE-2013-1690)
Johnathan Kuskos discovered that Firefox sent data in the body of
XMLHttpRequest HEAD requests. An attacker could exploit this to conduct
Cross-Site Request Forgery (CSRF) attacks. (CVE-2013-1692)
Paul Stone discovered a timing flaw in the processing of SVG images with
filters. An attacker could exploit this to view sensitive information.
(CVE-2013-1693)
Boris Zbarsky discovered a flaw in PreserveWrapper. An attacker could
potentially exploit this to cause a denial of service via application
crash, or execute code with the privileges of the user invoking Firefox.
(CVE-2013-1694)
Bob Owen discovered that a sandboxed iframe could use a frame element
to bypass its own restrictions. (CVE-2013-1695)
Frédéric Buclin discovered that the X-Frame-Options header is ignored
in multi-part responses. An attacker could potentially exploit this
to conduct clickjacking attacks. (CVE-2013-1696)
It was discovered that XrayWrappers could be bypassed to call
content-defined methods in certain circumstances. An attacker could
exploit this to cause undefined behaviour. (CVE-2013-1697)
Matt Wobensmith discovered that the getUserMedia permission dialog
displayed the wrong domain in certain circumstances. An attacker could
potentially exploit this to trick the user in to giving a malicious
site access to their microphone or camera. (CVE-2013-1698)
It was discovered that the measures for preventing homograph attacks
using Internationalized Domain Names (IDN) were not sufficient
for certain Top Level Domains (TLD). An attacker could potentially
exploit this to conduct URL spoofing and phishing attacks.
(CVE-2013-1699)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
firefox 22.0+build2-0ubuntu0.13.04.1
Ubuntu 12.10:
firefox 22.0+build2-0ubuntu0.12.10.1
Ubuntu 12.04 LTS:
firefox 22.0+build2-0ubuntu0.12.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1890-1
CVE-2013-1682, CVE-2013-1683, CVE-2013-1684, CVE-2013-1685,
CVE-2013-1686, CVE-2013-1687, CVE-2013-1688, CVE-2013-1690,
CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1695,
CVE-2013-1696, CVE-2013-1697, CVE-2013-1698, CVE-2013-1699,
https://launchpad.net/bugs/1192913
Package Information:
https://launchpad.net/ubuntu/+source/firefox/22.0+build2-0ubuntu0.13.04.1
https://launchpad.net/ubuntu/+source/firefox/22.0+build2-0ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/firefox/22.0+build2-0ubuntu0.12.04.1
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird-Trunk - http://www.enigmail.net/
iQEcBAEBAgAGBQJRysQDAAoJEGEfvezVlG4PRWsH/j+HyuDP+maYe6TrYpoEENpc
F+ma2rzVeLsCrANjetxokaxXwUxUrkKWCplMSQy/AZ39oROQc5/lV5r4ODXlPzh7
cSU35hHA1pD3jgBD7ools0FdvsWs88mPBYZdeCSHQesVlFZKe+i+UGzC7ZNetPLj
JUToYIh2ujeZQAYicANQ8+JRqjYZW1nf3H0ag10Vn03tgnlmysHVAfsXu0K5boln
nWe0TU33j17aQ3uuAd1ctTXxTX2xCpx1DowdRiM14DgxvhNMpvTiS/AE9QJzhU+P
qXi+LwRQbBw48S76JFejSFweOoU5SE9RZfUvsZu0LrCEdKfhhqgCEJZpU4OJZzY=
=rK+k
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1890-1
June 26, 2013
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple memory safety issues were discovered in Firefox. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit these to cause a denial of service via application crash, or
potentially execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2013-1682, CVE-2013-1683)
Abhishek Arya discovered multiple use-after-free bugs. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit these to execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2013-1684, CVE-2013-1685, CVE-2013-1686)
Mariusz Mlynski discovered that user defined code within the XBL scope of
an element could be made to bypass System Only Wrappers (SOW). An attacker
could potentially exploit this to execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2013-1687)
Mariusz Mlynski discovered that the profiler user interface incorrectly
handled data from the profiler. If the user examined profiler output
on a specially crafted page, an attacker could potentially exploit this to
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2013-1688)
A crash was discovered when reloading a page that contained content using
the onreadystatechange event. An attacker could potentially exploit this
to execute arbitrary code with the privileges of the user invoking Firefox
(CVE-2013-1690)
Johnathan Kuskos discovered that Firefox sent data in the body of
XMLHttpRequest HEAD requests. An attacker could exploit this to conduct
Cross-Site Request Forgery (CSRF) attacks. (CVE-2013-1692)
Paul Stone discovered a timing flaw in the processing of SVG images with
filters. An attacker could exploit this to view sensitive information.
(CVE-2013-1693)
Boris Zbarsky discovered a flaw in PreserveWrapper. An attacker could
potentially exploit this to cause a denial of service via application
crash, or execute code with the privileges of the user invoking Firefox.
(CVE-2013-1694)
Bob Owen discovered that a sandboxed iframe could use a frame element
to bypass its own restrictions. (CVE-2013-1695)
Frédéric Buclin discovered that the X-Frame-Options header is ignored
in multi-part responses. An attacker could potentially exploit this
to conduct clickjacking attacks. (CVE-2013-1696)
It was discovered that XrayWrappers could be bypassed to call
content-defined methods in certain circumstances. An attacker could
exploit this to cause undefined behaviour. (CVE-2013-1697)
Matt Wobensmith discovered that the getUserMedia permission dialog
displayed the wrong domain in certain circumstances. An attacker could
potentially exploit this to trick the user in to giving a malicious
site access to their microphone or camera. (CVE-2013-1698)
It was discovered that the measures for preventing homograph attacks
using Internationalized Domain Names (IDN) were not sufficient
for certain Top Level Domains (TLD). An attacker could potentially
exploit this to conduct URL spoofing and phishing attacks.
(CVE-2013-1699)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
firefox 22.0+build2-0ubuntu0.13.04.1
Ubuntu 12.10:
firefox 22.0+build2-0ubuntu0.12.10.1
Ubuntu 12.04 LTS:
firefox 22.0+build2-0ubuntu0.12.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1890-1
CVE-2013-1682, CVE-2013-1683, CVE-2013-1684, CVE-2013-1685,
CVE-2013-1686, CVE-2013-1687, CVE-2013-1688, CVE-2013-1690,
CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1695,
CVE-2013-1696, CVE-2013-1697, CVE-2013-1698, CVE-2013-1699,
https://launchpad.net/bugs/1192913
Package Information:
https://launchpad.net/ubuntu/+source/firefox/22.0+build2-0ubuntu0.13.04.1
https://launchpad.net/ubuntu/+source/firefox/22.0+build2-0ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/firefox/22.0+build2-0ubuntu0.12.04.1
Tuesday, June 25, 2013
[CentOS-announce] CESA-2013:0981 Critical CentOS 5 firefox Update
CentOS Errata and Security Advisory 2013:0981 Critical
Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0981.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
c6cd7a09612368fc9bf3cacb2960d5fe3e47c4856569ba736e066d9ac3ff9d39 firefox-17.0.7-1.el5.centos.i386.rpm
x86_64:
c6cd7a09612368fc9bf3cacb2960d5fe3e47c4856569ba736e066d9ac3ff9d39 firefox-17.0.7-1.el5.centos.i386.rpm
c486a3ad7bb709f48af873739b341eaf6f096a79a42e4695ef57be84ba6a36b7 firefox-17.0.7-1.el5.centos.x86_64.rpm
Source:
9c85a19361b3943654cb256319ab7e22fbf96ba63e9eb840d0dfd387c14ae25d firefox-17.0.7-1.el5.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0981.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
c6cd7a09612368fc9bf3cacb2960d5fe3e47c4856569ba736e066d9ac3ff9d39 firefox-17.0.7-1.el5.centos.i386.rpm
x86_64:
c6cd7a09612368fc9bf3cacb2960d5fe3e47c4856569ba736e066d9ac3ff9d39 firefox-17.0.7-1.el5.centos.i386.rpm
c486a3ad7bb709f48af873739b341eaf6f096a79a42e4695ef57be84ba6a36b7 firefox-17.0.7-1.el5.centos.x86_64.rpm
Source:
9c85a19361b3943654cb256319ab7e22fbf96ba63e9eb840d0dfd387c14ae25d firefox-17.0.7-1.el5.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2013:0982 Important CentOS 5 thunderbird Update
CentOS Errata and Security Advisory 2013:0982 Important
Upstream details at : http://rhn.redhat.com/errata/RHSA-2013-0982.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
5621af744de74143a76ad259b3a3e520bfaa3907aa610cbff93542fcfb2ad0c8 thunderbird-17.0.7-1.el5.centos.i386.rpm
x86_64:
00837b6f91cafea702b89466a034f446fa0630a19ef10797862d7912fe8aac13 thunderbird-17.0.7-1.el5.centos.x86_64.rpm
Source:
710ea4f7d81b06bd9c1f9b4b239a1825dc592ed98d8ecd0bfd05053c752333fb thunderbird-17.0.7-1.el5.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : http://rhn.redhat.com/errata/RHSA-2013-0982.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
5621af744de74143a76ad259b3a3e520bfaa3907aa610cbff93542fcfb2ad0c8 thunderbird-17.0.7-1.el5.centos.i386.rpm
x86_64:
00837b6f91cafea702b89466a034f446fa0630a19ef10797862d7912fe8aac13 thunderbird-17.0.7-1.el5.centos.x86_64.rpm
Source:
710ea4f7d81b06bd9c1f9b4b239a1825dc592ed98d8ecd0bfd05053c752333fb thunderbird-17.0.7-1.el5.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2013:0981 Critical CentOS 5 xulrunner Update
CentOS Errata and Security Advisory 2013:0981 Critical
Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0981.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
6670fd76600628c298957fa17afe6ee9e511c5450e4d84152c57f644a60e8c24 xulrunner-17.0.7-1.el5_9.i386.rpm
a371a674981dd2076458a59836be8d95e6f3402e41672e4e2c0404800bff0a84 xulrunner-devel-17.0.7-1.el5_9.i386.rpm
x86_64:
6670fd76600628c298957fa17afe6ee9e511c5450e4d84152c57f644a60e8c24 xulrunner-17.0.7-1.el5_9.i386.rpm
5bfe148f6c5029e295db6ef53d778f876b1de193e7beb48bcf8c2eeeba87d154 xulrunner-17.0.7-1.el5_9.x86_64.rpm
a371a674981dd2076458a59836be8d95e6f3402e41672e4e2c0404800bff0a84 xulrunner-devel-17.0.7-1.el5_9.i386.rpm
2aa2d55f23774a5e6fc714d5bc587c71ece6286a14996467fcddbeb2ffe5c07e xulrunner-devel-17.0.7-1.el5_9.x86_64.rpm
Source:
1f99db01cdd0f96fb926ec7d4ae10c14ea39ed07094de010422a0369fcb2459e xulrunner-17.0.7-1.el5_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0981.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
6670fd76600628c298957fa17afe6ee9e511c5450e4d84152c57f644a60e8c24 xulrunner-17.0.7-1.el5_9.i386.rpm
a371a674981dd2076458a59836be8d95e6f3402e41672e4e2c0404800bff0a84 xulrunner-devel-17.0.7-1.el5_9.i386.rpm
x86_64:
6670fd76600628c298957fa17afe6ee9e511c5450e4d84152c57f644a60e8c24 xulrunner-17.0.7-1.el5_9.i386.rpm
5bfe148f6c5029e295db6ef53d778f876b1de193e7beb48bcf8c2eeeba87d154 xulrunner-17.0.7-1.el5_9.x86_64.rpm
a371a674981dd2076458a59836be8d95e6f3402e41672e4e2c0404800bff0a84 xulrunner-devel-17.0.7-1.el5_9.i386.rpm
2aa2d55f23774a5e6fc714d5bc587c71ece6286a14996467fcddbeb2ffe5c07e xulrunner-devel-17.0.7-1.el5_9.x86_64.rpm
Source:
1f99db01cdd0f96fb926ec7d4ae10c14ea39ed07094de010422a0369fcb2459e xulrunner-17.0.7-1.el5_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2013:0983 Moderate CentOS 5 curl Update
CentOS Errata and Security Advisory 2013:0983 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0983.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
7278ba0b472f1111b7569ebd5732dda4df8f4557deecb9baf55a43c3f8673941 curl-7.15.5-17.el5_9.i386.rpm
c11b39b40db86fcfc5f824bb49d149d0de20e9de9d5b3dd10b09e718752d82ae curl-devel-7.15.5-17.el5_9.i386.rpm
x86_64:
7278ba0b472f1111b7569ebd5732dda4df8f4557deecb9baf55a43c3f8673941 curl-7.15.5-17.el5_9.i386.rpm
f8e0d0f4f64f08b00e5f0de828335b1f16f9786fddb329d17b353eefbe54136d curl-7.15.5-17.el5_9.x86_64.rpm
c11b39b40db86fcfc5f824bb49d149d0de20e9de9d5b3dd10b09e718752d82ae curl-devel-7.15.5-17.el5_9.i386.rpm
084e5b375a4c27425f3ff8d9dc48cb1438ab6b08af7516e945823b4369304677 curl-devel-7.15.5-17.el5_9.x86_64.rpm
Source:
6ffd729898c4f066780c66d6d69737d8c74b6a5920b889e2810f0f4ef47cc94c curl-7.15.5-17.el5_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0983.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
7278ba0b472f1111b7569ebd5732dda4df8f4557deecb9baf55a43c3f8673941 curl-7.15.5-17.el5_9.i386.rpm
c11b39b40db86fcfc5f824bb49d149d0de20e9de9d5b3dd10b09e718752d82ae curl-devel-7.15.5-17.el5_9.i386.rpm
x86_64:
7278ba0b472f1111b7569ebd5732dda4df8f4557deecb9baf55a43c3f8673941 curl-7.15.5-17.el5_9.i386.rpm
f8e0d0f4f64f08b00e5f0de828335b1f16f9786fddb329d17b353eefbe54136d curl-7.15.5-17.el5_9.x86_64.rpm
c11b39b40db86fcfc5f824bb49d149d0de20e9de9d5b3dd10b09e718752d82ae curl-devel-7.15.5-17.el5_9.i386.rpm
084e5b375a4c27425f3ff8d9dc48cb1438ab6b08af7516e945823b4369304677 curl-devel-7.15.5-17.el5_9.x86_64.rpm
Source:
6ffd729898c4f066780c66d6d69737d8c74b6a5920b889e2810f0f4ef47cc94c curl-7.15.5-17.el5_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2013:0976 CentOS 5 dovecot Update
CentOS Errata and Bugfix Advisory 2013:0976
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0976.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
d9ef05ccde1fb90bfb2ff352fd58234fefb6a4142c737cce851bf5ebeb98c46f dovecot-1.0.7-8.el5_9.1.i386.rpm
x86_64:
6e3ce5d3214f9643517f9d77520a79f8714f551d6a0509f36b476c6252f8a97a dovecot-1.0.7-8.el5_9.1.x86_64.rpm
Source:
bd5e39601ee1170cc43d31ea79d0ead1726340b70f5f2a1a6ca209c92f3fa471 dovecot-1.0.7-8.el5_9.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0976.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
d9ef05ccde1fb90bfb2ff352fd58234fefb6a4142c737cce851bf5ebeb98c46f dovecot-1.0.7-8.el5_9.1.i386.rpm
x86_64:
6e3ce5d3214f9643517f9d77520a79f8714f551d6a0509f36b476c6252f8a97a dovecot-1.0.7-8.el5_9.1.x86_64.rpm
Source:
bd5e39601ee1170cc43d31ea79d0ead1726340b70f5f2a1a6ca209c92f3fa471 dovecot-1.0.7-8.el5_9.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2013:0977 CentOS 6 grep FASTTRACK Update
CentOS Errata and Bugfix Advisory 2013:0977
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0977.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
c7472697418af1111fb3da94a441082ef6eb0f1fa575df0e45b9413d010a8347 grep-2.6.3-4.el6.i686.rpm
x86_64:
ee2d9d87e2ee68435e981a99d9419f578febe7b041a3b1fdb7c8674051cf50bf grep-2.6.3-4.el6.x86_64.rpm
Source:
9b4dca87528eb3ffa2f6609271c13d9504b025ad395f8631c8c67553955f8e46 grep-2.6.3-4.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0977.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
c7472697418af1111fb3da94a441082ef6eb0f1fa575df0e45b9413d010a8347 grep-2.6.3-4.el6.i686.rpm
x86_64:
ee2d9d87e2ee68435e981a99d9419f578febe7b041a3b1fdb7c8674051cf50bf grep-2.6.3-4.el6.x86_64.rpm
Source:
9b4dca87528eb3ffa2f6609271c13d9504b025ad395f8631c8c67553955f8e46 grep-2.6.3-4.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2013:0975 CentOS 6 libcgroup Update
CentOS Errata and Bugfix Advisory 2013:0975
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0975.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
819f505a062cbd3c124d3d4694f454bb1c89dfd9cc3d7ffabc7cd1ee70b7764a libcgroup-0.37-7.2.el6_4.i686.rpm
1b60d5ecfdc49eab4797b1b345a399e4ae27ecd406b685176535c7e141da8e2d libcgroup-devel-0.37-7.2.el6_4.i686.rpm
451df2725ef8bb05768d8ff7360465ff4f747bc615a7408c12774b74d66fc203 libcgroup-pam-0.37-7.2.el6_4.i686.rpm
x86_64:
819f505a062cbd3c124d3d4694f454bb1c89dfd9cc3d7ffabc7cd1ee70b7764a libcgroup-0.37-7.2.el6_4.i686.rpm
6469fc6ff52d8474d8e453d1f1e9f387d48a127768d55feb0b854ffef846323a libcgroup-0.37-7.2.el6_4.x86_64.rpm
1b60d5ecfdc49eab4797b1b345a399e4ae27ecd406b685176535c7e141da8e2d libcgroup-devel-0.37-7.2.el6_4.i686.rpm
3fa322ad08b0732c91dc4a58e1b5192eb110c48c54572f75ee0e5fc555190563 libcgroup-devel-0.37-7.2.el6_4.x86_64.rpm
451df2725ef8bb05768d8ff7360465ff4f747bc615a7408c12774b74d66fc203 libcgroup-pam-0.37-7.2.el6_4.i686.rpm
580c6aa245cdd1a03f9d94c15d30c80f81978ae23add3aee82db2d33d27c7aa1 libcgroup-pam-0.37-7.2.el6_4.x86_64.rpm
Source:
6517d38668c47b55f9ea7d2ff859d186a48cf4b42e18c406a1569f60c2ad77e1 libcgroup-0.37-7.2.el6_4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0975.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
819f505a062cbd3c124d3d4694f454bb1c89dfd9cc3d7ffabc7cd1ee70b7764a libcgroup-0.37-7.2.el6_4.i686.rpm
1b60d5ecfdc49eab4797b1b345a399e4ae27ecd406b685176535c7e141da8e2d libcgroup-devel-0.37-7.2.el6_4.i686.rpm
451df2725ef8bb05768d8ff7360465ff4f747bc615a7408c12774b74d66fc203 libcgroup-pam-0.37-7.2.el6_4.i686.rpm
x86_64:
819f505a062cbd3c124d3d4694f454bb1c89dfd9cc3d7ffabc7cd1ee70b7764a libcgroup-0.37-7.2.el6_4.i686.rpm
6469fc6ff52d8474d8e453d1f1e9f387d48a127768d55feb0b854ffef846323a libcgroup-0.37-7.2.el6_4.x86_64.rpm
1b60d5ecfdc49eab4797b1b345a399e4ae27ecd406b685176535c7e141da8e2d libcgroup-devel-0.37-7.2.el6_4.i686.rpm
3fa322ad08b0732c91dc4a58e1b5192eb110c48c54572f75ee0e5fc555190563 libcgroup-devel-0.37-7.2.el6_4.x86_64.rpm
451df2725ef8bb05768d8ff7360465ff4f747bc615a7408c12774b74d66fc203 libcgroup-pam-0.37-7.2.el6_4.i686.rpm
580c6aa245cdd1a03f9d94c15d30c80f81978ae23add3aee82db2d33d27c7aa1 libcgroup-pam-0.37-7.2.el6_4.x86_64.rpm
Source:
6517d38668c47b55f9ea7d2ff859d186a48cf4b42e18c406a1569f60c2ad77e1 libcgroup-0.37-7.2.el6_4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2013:0978 CentOS 6 net-snmp Update
CentOS Errata and Bugfix Advisory 2013:0978
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0978.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
3599e56e1d84494bed76e39cb673a894953e28e3b58796afd1cd21ade6e85bb0 net-snmp-5.5-44.el6_4.2.i686.rpm
82ae792b66a8e0033269c9cac92516c4e7a5031ce6b3710e5760f293ed5aafe3 net-snmp-devel-5.5-44.el6_4.2.i686.rpm
ecba86a85e40b514cd988aca64e3cbb4b4faf41ea9d4fa71935314c6abd4762f net-snmp-libs-5.5-44.el6_4.2.i686.rpm
3d79bac250a80af72bd6efa7630008d706ab8147444ed8eead95c977155c9820 net-snmp-perl-5.5-44.el6_4.2.i686.rpm
b10cb21c9130aa1074b4b1e1d55adc48827442c587340f9cda4b78508cfa830c net-snmp-python-5.5-44.el6_4.2.i686.rpm
57b0d3cce4d50b20f7aab2d08d669f9b4dbb0df129de9aea003a5b68a55c15e9 net-snmp-utils-5.5-44.el6_4.2.i686.rpm
x86_64:
ea63941956f43f3ba9c1783cc035e1726ee65f7ecc06e0e6a072ce62d5eab6b2 net-snmp-5.5-44.el6_4.2.x86_64.rpm
82ae792b66a8e0033269c9cac92516c4e7a5031ce6b3710e5760f293ed5aafe3 net-snmp-devel-5.5-44.el6_4.2.i686.rpm
55a67b745244ad562e07094238cdd59aea0aa97883010c80423e2c92252bd323 net-snmp-devel-5.5-44.el6_4.2.x86_64.rpm
ecba86a85e40b514cd988aca64e3cbb4b4faf41ea9d4fa71935314c6abd4762f net-snmp-libs-5.5-44.el6_4.2.i686.rpm
2999757fe57d8376285c0772dc662ca4e61a4180754459ea55309e7b58402372 net-snmp-libs-5.5-44.el6_4.2.x86_64.rpm
a89f74de13e354220d99f5c8ad769f5fb2e2102724b2881c93cc57ec4fa04885 net-snmp-perl-5.5-44.el6_4.2.x86_64.rpm
528929e3928a3ace8e40d0f317e50bd19a78f901571af4929ceb5c1ad4c3e57f net-snmp-python-5.5-44.el6_4.2.x86_64.rpm
b5844c66cb430220d3a8d3a7b0643abd63d66b93219abe6b3a7aff7510f06179 net-snmp-utils-5.5-44.el6_4.2.x86_64.rpm
Source:
afb69a29a69f46fbc4d05e0965968618e6a9290211f70ac6c51cfbbdec566d02 net-snmp-5.5-44.el6_4.2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0978.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
3599e56e1d84494bed76e39cb673a894953e28e3b58796afd1cd21ade6e85bb0 net-snmp-5.5-44.el6_4.2.i686.rpm
82ae792b66a8e0033269c9cac92516c4e7a5031ce6b3710e5760f293ed5aafe3 net-snmp-devel-5.5-44.el6_4.2.i686.rpm
ecba86a85e40b514cd988aca64e3cbb4b4faf41ea9d4fa71935314c6abd4762f net-snmp-libs-5.5-44.el6_4.2.i686.rpm
3d79bac250a80af72bd6efa7630008d706ab8147444ed8eead95c977155c9820 net-snmp-perl-5.5-44.el6_4.2.i686.rpm
b10cb21c9130aa1074b4b1e1d55adc48827442c587340f9cda4b78508cfa830c net-snmp-python-5.5-44.el6_4.2.i686.rpm
57b0d3cce4d50b20f7aab2d08d669f9b4dbb0df129de9aea003a5b68a55c15e9 net-snmp-utils-5.5-44.el6_4.2.i686.rpm
x86_64:
ea63941956f43f3ba9c1783cc035e1726ee65f7ecc06e0e6a072ce62d5eab6b2 net-snmp-5.5-44.el6_4.2.x86_64.rpm
82ae792b66a8e0033269c9cac92516c4e7a5031ce6b3710e5760f293ed5aafe3 net-snmp-devel-5.5-44.el6_4.2.i686.rpm
55a67b745244ad562e07094238cdd59aea0aa97883010c80423e2c92252bd323 net-snmp-devel-5.5-44.el6_4.2.x86_64.rpm
ecba86a85e40b514cd988aca64e3cbb4b4faf41ea9d4fa71935314c6abd4762f net-snmp-libs-5.5-44.el6_4.2.i686.rpm
2999757fe57d8376285c0772dc662ca4e61a4180754459ea55309e7b58402372 net-snmp-libs-5.5-44.el6_4.2.x86_64.rpm
a89f74de13e354220d99f5c8ad769f5fb2e2102724b2881c93cc57ec4fa04885 net-snmp-perl-5.5-44.el6_4.2.x86_64.rpm
528929e3928a3ace8e40d0f317e50bd19a78f901571af4929ceb5c1ad4c3e57f net-snmp-python-5.5-44.el6_4.2.x86_64.rpm
b5844c66cb430220d3a8d3a7b0643abd63d66b93219abe6b3a7aff7510f06179 net-snmp-utils-5.5-44.el6_4.2.x86_64.rpm
Source:
afb69a29a69f46fbc4d05e0965968618e6a9290211f70ac6c51cfbbdec566d02 net-snmp-5.5-44.el6_4.2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2013:0983 Moderate CentOS 6 curl Update
CentOS Errata and Security Advisory 2013:0983 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0983.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
5393c38b98d9066a1d9c1f2ee54f643914d4da0b70f4516e90ec05fd6cb5009f curl-7.19.7-37.el6_4.i686.rpm
9d5a2fa689e12a0ff94d7c0e33effbcd2c7a5c04cd667e14e5015de786ad1b9f libcurl-7.19.7-37.el6_4.i686.rpm
3723de522247589e02c4ecbcdf0caaad56195a37fe0612206f51edda65056f45 libcurl-devel-7.19.7-37.el6_4.i686.rpm
x86_64:
61e6172ef17a756e9b4cb13cc43b1b4ce7f8814467a639f7ff06bc2afbfec488 curl-7.19.7-37.el6_4.x86_64.rpm
9d5a2fa689e12a0ff94d7c0e33effbcd2c7a5c04cd667e14e5015de786ad1b9f libcurl-7.19.7-37.el6_4.i686.rpm
3f66cabc30b7ae754c245f4c596f05ea817972c8ebd81f8918938c611d1f1482 libcurl-7.19.7-37.el6_4.x86_64.rpm
3723de522247589e02c4ecbcdf0caaad56195a37fe0612206f51edda65056f45 libcurl-devel-7.19.7-37.el6_4.i686.rpm
a11fe5611b3ab4a197e57711332aeaba9ea237d228596a52b4189bcb073b0f33 libcurl-devel-7.19.7-37.el6_4.x86_64.rpm
Source:
ecc688b0bc8cfc4f51ae9d164c3c72f20faa6a440f4a80e83dd268508f2ba7ba curl-7.19.7-37.el6_4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0983.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
5393c38b98d9066a1d9c1f2ee54f643914d4da0b70f4516e90ec05fd6cb5009f curl-7.19.7-37.el6_4.i686.rpm
9d5a2fa689e12a0ff94d7c0e33effbcd2c7a5c04cd667e14e5015de786ad1b9f libcurl-7.19.7-37.el6_4.i686.rpm
3723de522247589e02c4ecbcdf0caaad56195a37fe0612206f51edda65056f45 libcurl-devel-7.19.7-37.el6_4.i686.rpm
x86_64:
61e6172ef17a756e9b4cb13cc43b1b4ce7f8814467a639f7ff06bc2afbfec488 curl-7.19.7-37.el6_4.x86_64.rpm
9d5a2fa689e12a0ff94d7c0e33effbcd2c7a5c04cd667e14e5015de786ad1b9f libcurl-7.19.7-37.el6_4.i686.rpm
3f66cabc30b7ae754c245f4c596f05ea817972c8ebd81f8918938c611d1f1482 libcurl-7.19.7-37.el6_4.x86_64.rpm
3723de522247589e02c4ecbcdf0caaad56195a37fe0612206f51edda65056f45 libcurl-devel-7.19.7-37.el6_4.i686.rpm
a11fe5611b3ab4a197e57711332aeaba9ea237d228596a52b4189bcb073b0f33 libcurl-devel-7.19.7-37.el6_4.x86_64.rpm
Source:
ecc688b0bc8cfc4f51ae9d164c3c72f20faa6a440f4a80e83dd268508f2ba7ba curl-7.19.7-37.el6_4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2013:0981 Critical CentOS 6 xulrunner Update
CentOS Errata and Security Advisory 2013:0981 Critical
Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0981.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
4af70c52ccba977ae520c8ecb4bd6b003e820cc0ab54d4310ad8d2687e636ad2 xulrunner-17.0.7-1.el6.centos.i686.rpm
dd362a8057f34a69446bc3be166375e5646fc9e327d08c99c14a40705297b23f xulrunner-devel-17.0.7-1.el6.centos.i686.rpm
x86_64:
4af70c52ccba977ae520c8ecb4bd6b003e820cc0ab54d4310ad8d2687e636ad2 xulrunner-17.0.7-1.el6.centos.i686.rpm
5b50be97c068a30807df0d711f7e9205da3a64597df2ab5f79cd98b62bb3f05d xulrunner-17.0.7-1.el6.centos.x86_64.rpm
dd362a8057f34a69446bc3be166375e5646fc9e327d08c99c14a40705297b23f xulrunner-devel-17.0.7-1.el6.centos.i686.rpm
fe8b6fc079fc0c6c450bd7569afba8e71c6639717c6c48f566625eb251288f9d xulrunner-devel-17.0.7-1.el6.centos.x86_64.rpm
Source:
882205581ed6005594ff604ae651930c9592f6920212ce41179a6099f983e490 xulrunner-17.0.7-1.el6.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0981.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
4af70c52ccba977ae520c8ecb4bd6b003e820cc0ab54d4310ad8d2687e636ad2 xulrunner-17.0.7-1.el6.centos.i686.rpm
dd362a8057f34a69446bc3be166375e5646fc9e327d08c99c14a40705297b23f xulrunner-devel-17.0.7-1.el6.centos.i686.rpm
x86_64:
4af70c52ccba977ae520c8ecb4bd6b003e820cc0ab54d4310ad8d2687e636ad2 xulrunner-17.0.7-1.el6.centos.i686.rpm
5b50be97c068a30807df0d711f7e9205da3a64597df2ab5f79cd98b62bb3f05d xulrunner-17.0.7-1.el6.centos.x86_64.rpm
dd362a8057f34a69446bc3be166375e5646fc9e327d08c99c14a40705297b23f xulrunner-devel-17.0.7-1.el6.centos.i686.rpm
fe8b6fc079fc0c6c450bd7569afba8e71c6639717c6c48f566625eb251288f9d xulrunner-devel-17.0.7-1.el6.centos.x86_64.rpm
Source:
882205581ed6005594ff604ae651930c9592f6920212ce41179a6099f983e490 xulrunner-17.0.7-1.el6.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2013:0981 Critical CentOS 6 firefox Update
CentOS Errata and Security Advisory 2013:0981 Critical
Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0981.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
ac95ee9c3bc9c539685558a68c4303bac7ce84e992662bec25284553f1d29045 firefox-17.0.7-1.el6.centos.i686.rpm
x86_64:
ac95ee9c3bc9c539685558a68c4303bac7ce84e992662bec25284553f1d29045 firefox-17.0.7-1.el6.centos.i686.rpm
9477be4864bfdc1be7575b6a883cd1e041427a761f4dacbe349836308a81699b firefox-17.0.7-1.el6.centos.x86_64.rpm
Source:
8e62e9755fe8832029091567eda75183cf7593682ebdaf80d69ac51c6df3b114 firefox-17.0.7-1.el6.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0981.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
ac95ee9c3bc9c539685558a68c4303bac7ce84e992662bec25284553f1d29045 firefox-17.0.7-1.el6.centos.i686.rpm
x86_64:
ac95ee9c3bc9c539685558a68c4303bac7ce84e992662bec25284553f1d29045 firefox-17.0.7-1.el6.centos.i686.rpm
9477be4864bfdc1be7575b6a883cd1e041427a761f4dacbe349836308a81699b firefox-17.0.7-1.el6.centos.x86_64.rpm
Source:
8e62e9755fe8832029091567eda75183cf7593682ebdaf80d69ac51c6df3b114 firefox-17.0.7-1.el6.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2013:0982 Important CentOS 6 thunderbird Update
CentOS Errata and Security Advisory 2013:0982 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0982.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
8316b917afc6ee030b6517e957df386fae0021653367fe296710bd97bb17a098 thunderbird-17.0.7-1.el6.centos.i686.rpm
x86_64:
42e7bb11e99e1426966eecd1a8feaba5802ce68638316739f140b4dff26d00a0 thunderbird-17.0.7-1.el6.centos.x86_64.rpm
Source:
c99d38bfca1eca2d399513ecb446151eb484a68951edd293333569334adc0f98 thunderbird-17.0.7-1.el6.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0982.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
8316b917afc6ee030b6517e957df386fae0021653367fe296710bd97bb17a098 thunderbird-17.0.7-1.el6.centos.i686.rpm
x86_64:
42e7bb11e99e1426966eecd1a8feaba5802ce68638316739f140b4dff26d00a0 thunderbird-17.0.7-1.el6.centos.x86_64.rpm
Source:
c99d38bfca1eca2d399513ecb446151eb484a68951edd293333569334adc0f98 thunderbird-17.0.7-1.el6.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2013:0974 CentOS 6 mobile-broadband-provider-info FASTTRACK Update
CentOS Errata and Bugfix Advisory 2013:0974
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0974.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
01872596b1f350c91ab2d678cae7ecded9ba8f383f61f6655d8c57feb6b07955 mobile-broadband-provider-info-1.20100122-2.el6.noarch.rpm
5aa82f6e9b9dc506a39d969de7ca1706e9bd6016915f0a0f466bea3a90ebfbcb mobile-broadband-provider-info-devel-1.20100122-2.el6.noarch.rpm
x86_64:
01872596b1f350c91ab2d678cae7ecded9ba8f383f61f6655d8c57feb6b07955 mobile-broadband-provider-info-1.20100122-2.el6.noarch.rpm
5aa82f6e9b9dc506a39d969de7ca1706e9bd6016915f0a0f466bea3a90ebfbcb mobile-broadband-provider-info-devel-1.20100122-2.el6.noarch.rpm
Source:
ea6fcdcdc837686a288477d510b5ae7f401b001574ac8923f9867ebfb4733a90 mobile-broadband-provider-info-1.20100122-2.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0974.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
01872596b1f350c91ab2d678cae7ecded9ba8f383f61f6655d8c57feb6b07955 mobile-broadband-provider-info-1.20100122-2.el6.noarch.rpm
5aa82f6e9b9dc506a39d969de7ca1706e9bd6016915f0a0f466bea3a90ebfbcb mobile-broadband-provider-info-devel-1.20100122-2.el6.noarch.rpm
x86_64:
01872596b1f350c91ab2d678cae7ecded9ba8f383f61f6655d8c57feb6b07955 mobile-broadband-provider-info-1.20100122-2.el6.noarch.rpm
5aa82f6e9b9dc506a39d969de7ca1706e9bd6016915f0a0f466bea3a90ebfbcb mobile-broadband-provider-info-devel-1.20100122-2.el6.noarch.rpm
Source:
ea6fcdcdc837686a288477d510b5ae7f401b001574ac8923f9867ebfb4733a90 mobile-broadband-provider-info-1.20100122-2.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2013:0971 CentOS 6 upstart Update
CentOS Errata and Bugfix Advisory 2013:0971
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0971.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
d41a2e129a913e58e8a99dec900eae0613c3bd522924944c844e74a46cebdb4b upstart-0.6.5-12.el6_4.1.i686.rpm
x86_64:
0ed423f64f126197207d84a28c4703e129dd5f4f36d911b13807c1c8a5633fab upstart-0.6.5-12.el6_4.1.x86_64.rpm
Source:
a0fecc043ef30505ddff13366f7f29d66fb917c05cd300a1ec1553ea2b5dbc43 upstart-0.6.5-12.el6_4.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0971.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
d41a2e129a913e58e8a99dec900eae0613c3bd522924944c844e74a46cebdb4b upstart-0.6.5-12.el6_4.1.i686.rpm
x86_64:
0ed423f64f126197207d84a28c4703e129dd5f4f36d911b13807c1c8a5633fab upstart-0.6.5-12.el6_4.1.x86_64.rpm
Source:
a0fecc043ef30505ddff13366f7f29d66fb917c05cd300a1ec1553ea2b5dbc43 upstart-0.6.5-12.el6_4.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2013:0970 CentOS 6 e2fsprogs Update
CentOS Errata and Bugfix Advisory 2013:0970
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0970.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
d9a75d9cb7a4b5058a12e744a4f36ab0f7aa0dc81787b666e41c220dd82b87dc e2fsprogs-1.41.12-14.el6_4.2.i686.rpm
fa2c89ed4fe43a3a1e1705a07096d6ee29758e1acd80586c2c4e3fa4c6871f53 e2fsprogs-devel-1.41.12-14.el6_4.2.i686.rpm
7859cde45cb6b618e35893ed3746475cb66396a12f3303ebb66869e02131635b e2fsprogs-libs-1.41.12-14.el6_4.2.i686.rpm
5b5bbc863e6c574ee891846376606c86fbe54b20108fcd12fb3750947699bece libcom_err-1.41.12-14.el6_4.2.i686.rpm
4077ffa3fe186bf6f2227fca881c705804635a9110a0b111af47e6ff0b32b88d libcom_err-devel-1.41.12-14.el6_4.2.i686.rpm
55108567cf31420c6e2bf9baff1142993b889cd643b0eafb8b7354b04aa454a5 libss-1.41.12-14.el6_4.2.i686.rpm
b29790a9bbf821b55d85b0b9a1b02dbaa16c3ea65a8a3178fc5513bca1c1b1ee libss-devel-1.41.12-14.el6_4.2.i686.rpm
x86_64:
bd4dac25e03d0e6d45b9af936c8b672464462225821fb3e5d648cc5c3bb5622d e2fsprogs-1.41.12-14.el6_4.2.x86_64.rpm
fa2c89ed4fe43a3a1e1705a07096d6ee29758e1acd80586c2c4e3fa4c6871f53 e2fsprogs-devel-1.41.12-14.el6_4.2.i686.rpm
ec37d1260a2249d1127486fd98186707591a73964172369048bda73a1db37a34 e2fsprogs-devel-1.41.12-14.el6_4.2.x86_64.rpm
7859cde45cb6b618e35893ed3746475cb66396a12f3303ebb66869e02131635b e2fsprogs-libs-1.41.12-14.el6_4.2.i686.rpm
629279790afbfc9fa81922e8b09334de292ce0fc0fc50f0a9ea55b5fd5f396c3 e2fsprogs-libs-1.41.12-14.el6_4.2.x86_64.rpm
5b5bbc863e6c574ee891846376606c86fbe54b20108fcd12fb3750947699bece libcom_err-1.41.12-14.el6_4.2.i686.rpm
f63935b5baf477b3fb3b3b9ececd0f2272a7e5e219f7807472c626ed8e073b35 libcom_err-1.41.12-14.el6_4.2.x86_64.rpm
4077ffa3fe186bf6f2227fca881c705804635a9110a0b111af47e6ff0b32b88d libcom_err-devel-1.41.12-14.el6_4.2.i686.rpm
78cb2c656814d86bb322d0f568adeab31f6443ba21cc5ff68696359ce71c5a44 libcom_err-devel-1.41.12-14.el6_4.2.x86_64.rpm
55108567cf31420c6e2bf9baff1142993b889cd643b0eafb8b7354b04aa454a5 libss-1.41.12-14.el6_4.2.i686.rpm
398c748154e18380d19415c0eb669f296ae9a0bef3c582c7de57bef4f32706b8 libss-1.41.12-14.el6_4.2.x86_64.rpm
b29790a9bbf821b55d85b0b9a1b02dbaa16c3ea65a8a3178fc5513bca1c1b1ee libss-devel-1.41.12-14.el6_4.2.i686.rpm
89a0cb2d3ec3d61c1efbeb16e5d00d0c6c37c44802fd64db14c829eb8a518d64 libss-devel-1.41.12-14.el6_4.2.x86_64.rpm
Source:
3966d74226ef241dde7e517816617dba980fb8728f7691eb6577c09258470b66 e2fsprogs-1.41.12-14.el6_4.2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0970.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
d9a75d9cb7a4b5058a12e744a4f36ab0f7aa0dc81787b666e41c220dd82b87dc e2fsprogs-1.41.12-14.el6_4.2.i686.rpm
fa2c89ed4fe43a3a1e1705a07096d6ee29758e1acd80586c2c4e3fa4c6871f53 e2fsprogs-devel-1.41.12-14.el6_4.2.i686.rpm
7859cde45cb6b618e35893ed3746475cb66396a12f3303ebb66869e02131635b e2fsprogs-libs-1.41.12-14.el6_4.2.i686.rpm
5b5bbc863e6c574ee891846376606c86fbe54b20108fcd12fb3750947699bece libcom_err-1.41.12-14.el6_4.2.i686.rpm
4077ffa3fe186bf6f2227fca881c705804635a9110a0b111af47e6ff0b32b88d libcom_err-devel-1.41.12-14.el6_4.2.i686.rpm
55108567cf31420c6e2bf9baff1142993b889cd643b0eafb8b7354b04aa454a5 libss-1.41.12-14.el6_4.2.i686.rpm
b29790a9bbf821b55d85b0b9a1b02dbaa16c3ea65a8a3178fc5513bca1c1b1ee libss-devel-1.41.12-14.el6_4.2.i686.rpm
x86_64:
bd4dac25e03d0e6d45b9af936c8b672464462225821fb3e5d648cc5c3bb5622d e2fsprogs-1.41.12-14.el6_4.2.x86_64.rpm
fa2c89ed4fe43a3a1e1705a07096d6ee29758e1acd80586c2c4e3fa4c6871f53 e2fsprogs-devel-1.41.12-14.el6_4.2.i686.rpm
ec37d1260a2249d1127486fd98186707591a73964172369048bda73a1db37a34 e2fsprogs-devel-1.41.12-14.el6_4.2.x86_64.rpm
7859cde45cb6b618e35893ed3746475cb66396a12f3303ebb66869e02131635b e2fsprogs-libs-1.41.12-14.el6_4.2.i686.rpm
629279790afbfc9fa81922e8b09334de292ce0fc0fc50f0a9ea55b5fd5f396c3 e2fsprogs-libs-1.41.12-14.el6_4.2.x86_64.rpm
5b5bbc863e6c574ee891846376606c86fbe54b20108fcd12fb3750947699bece libcom_err-1.41.12-14.el6_4.2.i686.rpm
f63935b5baf477b3fb3b3b9ececd0f2272a7e5e219f7807472c626ed8e073b35 libcom_err-1.41.12-14.el6_4.2.x86_64.rpm
4077ffa3fe186bf6f2227fca881c705804635a9110a0b111af47e6ff0b32b88d libcom_err-devel-1.41.12-14.el6_4.2.i686.rpm
78cb2c656814d86bb322d0f568adeab31f6443ba21cc5ff68696359ce71c5a44 libcom_err-devel-1.41.12-14.el6_4.2.x86_64.rpm
55108567cf31420c6e2bf9baff1142993b889cd643b0eafb8b7354b04aa454a5 libss-1.41.12-14.el6_4.2.i686.rpm
398c748154e18380d19415c0eb669f296ae9a0bef3c582c7de57bef4f32706b8 libss-1.41.12-14.el6_4.2.x86_64.rpm
b29790a9bbf821b55d85b0b9a1b02dbaa16c3ea65a8a3178fc5513bca1c1b1ee libss-devel-1.41.12-14.el6_4.2.i686.rpm
89a0cb2d3ec3d61c1efbeb16e5d00d0c6c37c44802fd64db14c829eb8a518d64 libss-devel-1.41.12-14.el6_4.2.x86_64.rpm
Source:
3966d74226ef241dde7e517816617dba980fb8728f7691eb6577c09258470b66 e2fsprogs-1.41.12-14.el6_4.2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Monday, June 24, 2013
Fedora 19 Go/No-Go Meeting, Thursday, June 27 @ 17:00 UTC
Join us on irc.freenode.net in #fedora-meeting-2 for this important
meeting, wherein we shall determine the readiness of the Fedora 19.
meeting, wherein we shall determine the readiness of the Fedora 19.
Thursday, June 27, 2013 17:00 UTC (1 PM EDT, 10 AM PDT, 19:00 CEST)
"Before each public release Development, QA and Release Engineering meet
to determine if the release criteria are met for a particular release.
This meeting is called the Go/No-Go Meeting."
"Verifying that the Release criteria are met is the responsibility of
the QA Team."
For more details about this meeting see:
https://fedoraproject.org/wiki/Go_No_Go_Meeting
In the meantime, keep an eye on the Fedora 19 Blocker list:
http://qa.fedoraproject.org/blockerbugs/milestone/19/final/buglist
There are currently three unresolved accepted blockers, for full
status see mail [1] by adamw. Please help with the release of
Fedora 19, take a look on bugs assigned to you!
Reminder: the Readiness meeting follows up the Go/No-Go meeting two
hours later.
[1] https://lists.fedoraproject.org/pipermail/devel/2013-June/184345.html
Jaroslav
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel-announce
Friday, June 21, 2013
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-13:06.mmap [REVISED]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-13:06.mmap Security Advisory
The FreeBSD Project
Topic: Privilege escalation via mmap
Category: core
Module: kernel
Announced: 2013-06-18
Credits: Konstantin Belousov
Alan Cox
Affects: FreeBSD 9.0 and later
Corrected: 2013-06-18 07:04:19 UTC (stable/9, 9.1-STABLE)
2013-06-18 07:05:51 UTC (releng/9.1, 9.1-RELEASE-p4)
CVE Name: CVE-2013-2171
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
0. Revision History
v1.0 2013-06-18 Initial release.
v1.1 2013-06-21 Corrected correction date.
Added workaround information.
I. Background
The FreeBSD virtual memory system allows files to be memory-mapped.
All or parts of a file can be made available to a process via its
address space. The process can then access the file using memory
operations rather than filesystem I/O calls.
The ptrace(2) system call provides tracing and debugging facilities by
allowing one process (the tracing process) to watch and control
another (the traced process).
II. Problem Description
Due to insufficient permission checks in the virtual memory system, a
tracing process (such as a debugger) may be able to modify portions of
the traced process's address space to which the traced process itself
does not have write access.
III. Impact
This error can be exploited to allow unauthorized modification of an
arbitrary file to which the attacker has read access, but not write
access. Depending on the file and the nature of the modifications,
this can result in privilege escalation.
To exploit this vulnerability, an attacker must be able to run
arbitrary code with user privileges on the target system.
IV. Workaround
Systems that do not allow unprivileged users to use the ptrace(2)
system call are not vulnerable, this can be accomplished by setting
the sysctl variable security.bsd.unprivileged_proc_debug to zero.
Please note that this will also prevent debugging tools, for instance
gdb, truss, procstat, as well as some built-in debugging facilities in
certain scripting language like PHP, etc., from working for unprivileged
users.
The following command will set the sysctl accordingly and works until the
next reboot of the system:
sysctl security.bsd.unprivileged_proc_debug=0
To make this change persistent across reboot, the system administrator
should also add the setting into /etc/sysctl.conf:
echo 'security.bsd.unprivileged_proc_debug=0' >> /etc/sysctl.conf
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-13:06/mmap.patch
# fetch http://security.FreeBSD.org/patches/SA-13:06/mmap.patch.asc
# gpg --verify mmap.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r251902
releng/9.1/ r251903
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing XXXXXX with the revision number, on a
machine with Subversion installed:
# svn diff -cXXXXXX --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing XXXXXX with the revision number:
<URL:http://svnweb.freebsd.org/base?view=revision&revision=XXXXXX>
VII. References
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2171>
The latest revision of this advisory is available at
<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-13:06.mmap.asc>
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlHExy0ACgkQFdaIBMps37L8PwCdGXatzPm7OWjZu+GmbbXQC16/
8sgAoJ0LEmREO8Mp7f4YcLHAEwgnJtjT
=WRZD
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA1
=============================================================================
FreeBSD-SA-13:06.mmap Security Advisory
The FreeBSD Project
Topic: Privilege escalation via mmap
Category: core
Module: kernel
Announced: 2013-06-18
Credits: Konstantin Belousov
Alan Cox
Affects: FreeBSD 9.0 and later
Corrected: 2013-06-18 07:04:19 UTC (stable/9, 9.1-STABLE)
2013-06-18 07:05:51 UTC (releng/9.1, 9.1-RELEASE-p4)
CVE Name: CVE-2013-2171
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
0. Revision History
v1.0 2013-06-18 Initial release.
v1.1 2013-06-21 Corrected correction date.
Added workaround information.
I. Background
The FreeBSD virtual memory system allows files to be memory-mapped.
All or parts of a file can be made available to a process via its
address space. The process can then access the file using memory
operations rather than filesystem I/O calls.
The ptrace(2) system call provides tracing and debugging facilities by
allowing one process (the tracing process) to watch and control
another (the traced process).
II. Problem Description
Due to insufficient permission checks in the virtual memory system, a
tracing process (such as a debugger) may be able to modify portions of
the traced process's address space to which the traced process itself
does not have write access.
III. Impact
This error can be exploited to allow unauthorized modification of an
arbitrary file to which the attacker has read access, but not write
access. Depending on the file and the nature of the modifications,
this can result in privilege escalation.
To exploit this vulnerability, an attacker must be able to run
arbitrary code with user privileges on the target system.
IV. Workaround
Systems that do not allow unprivileged users to use the ptrace(2)
system call are not vulnerable, this can be accomplished by setting
the sysctl variable security.bsd.unprivileged_proc_debug to zero.
Please note that this will also prevent debugging tools, for instance
gdb, truss, procstat, as well as some built-in debugging facilities in
certain scripting language like PHP, etc., from working for unprivileged
users.
The following command will set the sysctl accordingly and works until the
next reboot of the system:
sysctl security.bsd.unprivileged_proc_debug=0
To make this change persistent across reboot, the system administrator
should also add the setting into /etc/sysctl.conf:
echo 'security.bsd.unprivileged_proc_debug=0' >> /etc/sysctl.conf
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-13:06/mmap.patch
# fetch http://security.FreeBSD.org/patches/SA-13:06/mmap.patch.asc
# gpg --verify mmap.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r251902
releng/9.1/ r251903
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing XXXXXX with the revision number, on a
machine with Subversion installed:
# svn diff -cXXXXXX --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing XXXXXX with the revision number:
<URL:http://svnweb.freebsd.org/base?view=revision&revision=XXXXXX>
VII. References
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2171>
The latest revision of this advisory is available at
<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-13:06.mmap.asc>
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlHExy0ACgkQFdaIBMps37L8PwCdGXatzPm7OWjZu+GmbbXQC16/
8sgAoJ0LEmREO8Mp7f4YcLHAEwgnJtjT
=WRZD
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
[CentOS-announce] CESA-2013:0620-01 Important Xen4CentOS kernel Update
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlHEPacACgkQTKkMgmrBY7MdYACdFvyFiqBYxh5tWqUOsv5jskcv
0YQAniZsLkmwVqGC8a/yhYhatNqRvYls
=hF/0
-----END PGP SIGNATURE-----
CentOS Errata and Security Advisory 2013:0620-01 Important (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
a8a913de2ce129fe28c1015d2be0ca72acbb70eb7b4e41ef470f8fdc3d70c6ad
kernel-3.4.50-8.el6.centos.alt.x86_64.rpm
b01179ca3023f3f3503fe71f8efbdecee9f01f6be552c2a35c91909fe652574f
kernel-devel-3.4.50-8.el6.centos.alt.x86_64.rpm
b0329ae7c178e978b5a9aecba389f4c725738ba0e7ba8af064b763cc5cb3c187
kernel-doc-3.4.50-8.el6.centos.alt.noarch.rpm
2dece2218b8bbc74844ad282287ecafa79e59bcf536ca8b39d64eeb20a98226d
kernel-firmware-3.4.50-8.el6.centos.alt.noarch.rpm
8298ad2e4ea11333e0fa216642af02d7daa2375e5ea94872125a2f1c0f456c8e
kernel-headers-3.4.50-8.el6.centos.alt.x86_64.rpm
597b8f54ab400f7f52e7c1c628d1a30cd543b8dfb559fede28570dd97a74721a
perf-3.4.50-8.el6.centos.alt.x86_64.rpm
Source:
684f12cea26b7e629f05e8a7af0f81f3e37969d9ea87a6020ead42d69a63295b
kernel-3.4.50-8.el6.centos.alt.src.rpm
==============================================
Corrected the following CentOS Bugs in this Kernel:
http://bugs.centos.org/view.php?id=6513
==============================================
Kernel Changelog info from the SPEC file:
* Thu Jun 20 2013 Johnny Hughes <johnny@centos.org> 3.4.50-8
- upgraded to upstream version 3.4.50
- removed patch 125 as it is now rolled into the upstream kernel
- added Source5 and updated Patch130 to fix CentOS bug #6513
==============================================
The following Secuirty issues have been addressed in this kernel:
CVE-2013-0231 (Medium)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0231
CVE-2013-2852 (Low)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2852
CVE-2013-2850 (Important)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2850
==============================================
The following kernel.org changelog entries are applicable since the last
kernel update:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAlHEPacACgkQTKkMgmrBY7MdYACdFvyFiqBYxh5tWqUOsv5jskcv
0YQAniZsLkmwVqGC8a/yhYhatNqRvYls
=hF/0
-----END PGP SIGNATURE-----
CentOS Errata and Security Advisory 2013:0620-01 Important (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
a8a913de2ce129fe28c1015d2be0ca72acbb70eb7b4e41ef470f8fdc3d70c6ad
kernel-3.4.50-8.el6.centos.alt.x86_64.rpm
b01179ca3023f3f3503fe71f8efbdecee9f01f6be552c2a35c91909fe652574f
kernel-devel-3.4.50-8.el6.centos.alt.x86_64.rpm
b0329ae7c178e978b5a9aecba389f4c725738ba0e7ba8af064b763cc5cb3c187
kernel-doc-3.4.50-8.el6.centos.alt.noarch.rpm
2dece2218b8bbc74844ad282287ecafa79e59bcf536ca8b39d64eeb20a98226d
kernel-firmware-3.4.50-8.el6.centos.alt.noarch.rpm
8298ad2e4ea11333e0fa216642af02d7daa2375e5ea94872125a2f1c0f456c8e
kernel-headers-3.4.50-8.el6.centos.alt.x86_64.rpm
597b8f54ab400f7f52e7c1c628d1a30cd543b8dfb559fede28570dd97a74721a
perf-3.4.50-8.el6.centos.alt.x86_64.rpm
Source:
684f12cea26b7e629f05e8a7af0f81f3e37969d9ea87a6020ead42d69a63295b
kernel-3.4.50-8.el6.centos.alt.src.rpm
==============================================
Corrected the following CentOS Bugs in this Kernel:
http://bugs.centos.org/view.php?id=6513
==============================================
Kernel Changelog info from the SPEC file:
* Thu Jun 20 2013 Johnny Hughes <johnny@centos.org> 3.4.50-8
- upgraded to upstream version 3.4.50
- removed patch 125 as it is now rolled into the upstream kernel
- added Source5 and updated Patch130 to fix CentOS bug #6513
==============================================
The following Secuirty issues have been addressed in this kernel:
CVE-2013-0231 (Medium)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0231
CVE-2013-2852 (Low)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2852
CVE-2013-2850 (Important)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2850
==============================================
The following kernel.org changelog entries are applicable since the last
kernel update:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.47
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.48
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.49
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.50
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net
[CentOS-announce] Updated AMI's for Amazon EC2 are now available
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We have refreshed all the AMI's published as official CentOS Project
images at the AMP ( ref: http://wiki.centos.org/Cloud/AWS ), to also
include CentOS-6.4
While we release images via the Amazon Market Place, there are no
charges for using these images.
+++++++++++++++++++
Direct URLS to the images:
x86_64:
CentOS-6 https://aws.amazon.com/marketplace/pp/B00A6KUVBW
CentOS-6.4 https://aws.amazon.com/marketplace/pp/B00DGYP804
CentOS-6.3 https://aws.amazon.com/marketplace/pp/B00A6L6F9I
i386:
CentOS-6 https://aws.amazon.com/marketplace/pp/B00A6KZBC6
CentOS-6.4 https://aws.amazon.com/marketplace/pp/B00DGYP7MI
CentOS-6.3 https://aws.amazon.com/marketplace/pp/B00A6L0O04
The recommended images are the ones marked as 'CentOS-6', which
include all updates released to May 27th, 2013. Point release images (
6.4 and 6.3 ) only contain content as it was on release media for that
version, which translates to :
6.4 Images contain updates to 2013-03-09
6.3 Images contain updates to 2012-07-09
+++++++++++++++++++
Getting Involved:
It would be great to see other cloud vendors come forward and work
with us to bring CentOS images into their ecosystem. The best route to
kickstart that conversation would be via the centos-virt list (
http://lists.centos.org )
We also welcome all contributions to help improve the CentOS Cloud
images, via the same mailing list.
+++++++++++++++++++
Support
These images are supported via the usual CentOS support venues listed
at the Getting Help page ( http://wiki.centos.org/GettingHelp ).
We also encourage you to sign-up with the CentOS Virt mailing list,
where discussions and notices about the CentOS Cloud efforts are
handled. ( http://lists.centos.org )
Enjoy!
- --
Karanbir Singh, Project Lead, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
GnuPG Key : http://www.karan.org/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlHEGL4ACgkQMA29nj4Tz1v0dACgtvjmiMBsZ9bk7TNP/758qYpR
zN0An1H4aodZZPXsPHiUmZLVDb2nJQIP
=/v2x
-----END PGP SIGNATURE-----
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Hash: SHA1
We have refreshed all the AMI's published as official CentOS Project
images at the AMP ( ref: http://wiki.centos.org/Cloud/AWS ), to also
include CentOS-6.4
While we release images via the Amazon Market Place, there are no
charges for using these images.
+++++++++++++++++++
Direct URLS to the images:
x86_64:
CentOS-6 https://aws.amazon.com/marketplace/pp/B00A6KUVBW
CentOS-6.4 https://aws.amazon.com/marketplace/pp/B00DGYP804
CentOS-6.3 https://aws.amazon.com/marketplace/pp/B00A6L6F9I
i386:
CentOS-6 https://aws.amazon.com/marketplace/pp/B00A6KZBC6
CentOS-6.4 https://aws.amazon.com/marketplace/pp/B00DGYP7MI
CentOS-6.3 https://aws.amazon.com/marketplace/pp/B00A6L0O04
The recommended images are the ones marked as 'CentOS-6', which
include all updates released to May 27th, 2013. Point release images (
6.4 and 6.3 ) only contain content as it was on release media for that
version, which translates to :
6.4 Images contain updates to 2013-03-09
6.3 Images contain updates to 2012-07-09
+++++++++++++++++++
Getting Involved:
It would be great to see other cloud vendors come forward and work
with us to bring CentOS images into their ecosystem. The best route to
kickstart that conversation would be via the centos-virt list (
http://lists.centos.org )
We also welcome all contributions to help improve the CentOS Cloud
images, via the same mailing list.
+++++++++++++++++++
Support
These images are supported via the usual CentOS support venues listed
at the Getting Help page ( http://wiki.centos.org/GettingHelp ).
We also encourage you to sign-up with the CentOS Virt mailing list,
where discussions and notices about the CentOS Cloud efforts are
handled. ( http://lists.centos.org )
Enjoy!
- --
Karanbir Singh, Project Lead, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
GnuPG Key : http://www.karan.org/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlHEGL4ACgkQMA29nj4Tz1v0dACgtvjmiMBsZ9bk7TNP/758qYpR
zN0An1H4aodZZPXsPHiUmZLVDb2nJQIP
=/v2x
-----END PGP SIGNATURE-----
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Thursday, June 20, 2013
[USN-1889-1] HAProxy vulnerability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRw3BkAAoJEGVp2FWnRL6TNeUP/isM70MGu+qVLtlwgLNTUskn
47KLnkOD86dCY9lBb+th/Djv9T/P5EA29sHhpNfWDDnTP6osaXe1uqOckqJ4BiuK
MMMav2mgF7BuTSodrehPkeuwudof/yqVSqN6RSs7JaK1g6tMQoqs/2g/GGvegQzh
X61Qn9sPpkZmD6MENwxxtoacaW1mdiBhzIWvUoqEgAk5xxM9rGHA/PuTKvuDEC9I
R08/tLQF5EnBrOnqVgheTzPIGczghyxyCIoic/lYjbBVLqda+vS4k2IVRWddzRkd
zKo0MiJwtExpltJURnkLbRa3QP/4/5V51rzDihvIARbiNpX/jid/XUZe4XeuYmOh
+Yf+KMPfjgF6vTtz64adR03pi1c4RffRRq0uw8NU7B4AR5W2e9eu+YJEprNq1kaB
hCQgmSj345Ifj1T5xKvKaP+O6YOm2qho4fyWKmVMPz3sV7dmuEygPKekf0mqhNwS
VlVBq2r0qSi8xlrPyXhz0JO7FhillwSiPa0rvt/xLSCTL4ePp0Rnp/Whsr9AiuK5
LJ3TPzSVay8tcDfFRDBfL7YXo3YICrUXayaQaLViWzSIJaocetaaCKnJKfiOucf3
RQK02t6qTrx2MAK5eph0MzyqvtSwhvgS5LybJD8AlOSQUAqIM+4Mg2XbEZtuBI0u
ls1GpoE0SV1eOOvEg44S
=tywQ
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1889-1
June 20, 2013
haproxy vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
HAProxy could be made to crash if it received specially crafted network
traffic.
Software Description:
- haproxy: fast and reliable load balancing reverse proxy
Details:
David Torgerson discovered that HAProxy incorrectly parsed certain HTTP
headers. A remote attacker could use this issue to cause HAProxy to stop
responding, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
haproxy 1.4.18-0ubuntu3.1
Ubuntu 12.10:
haproxy 1.4.18-0ubuntu2.2
Ubuntu 12.04 LTS:
haproxy 1.4.18-0ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1889-1
CVE-2013-2175
Package Information:
https://launchpad.net/ubuntu/+source/haproxy/1.4.18-0ubuntu3.1
https://launchpad.net/ubuntu/+source/haproxy/1.4.18-0ubuntu2.2
https://launchpad.net/ubuntu/+source/haproxy/1.4.18-0ubuntu1.2
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRw3BkAAoJEGVp2FWnRL6TNeUP/isM70MGu+qVLtlwgLNTUskn
47KLnkOD86dCY9lBb+th/Djv9T/P5EA29sHhpNfWDDnTP6osaXe1uqOckqJ4BiuK
MMMav2mgF7BuTSodrehPkeuwudof/yqVSqN6RSs7JaK1g6tMQoqs/2g/GGvegQzh
X61Qn9sPpkZmD6MENwxxtoacaW1mdiBhzIWvUoqEgAk5xxM9rGHA/PuTKvuDEC9I
R08/tLQF5EnBrOnqVgheTzPIGczghyxyCIoic/lYjbBVLqda+vS4k2IVRWddzRkd
zKo0MiJwtExpltJURnkLbRa3QP/4/5V51rzDihvIARbiNpX/jid/XUZe4XeuYmOh
+Yf+KMPfjgF6vTtz64adR03pi1c4RffRRq0uw8NU7B4AR5W2e9eu+YJEprNq1kaB
hCQgmSj345Ifj1T5xKvKaP+O6YOm2qho4fyWKmVMPz3sV7dmuEygPKekf0mqhNwS
VlVBq2r0qSi8xlrPyXhz0JO7FhillwSiPa0rvt/xLSCTL4ePp0Rnp/Whsr9AiuK5
LJ3TPzSVay8tcDfFRDBfL7YXo3YICrUXayaQaLViWzSIJaocetaaCKnJKfiOucf3
RQK02t6qTrx2MAK5eph0MzyqvtSwhvgS5LybJD8AlOSQUAqIM+4Mg2XbEZtuBI0u
ls1GpoE0SV1eOOvEg44S
=tywQ
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1889-1
June 20, 2013
haproxy vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
HAProxy could be made to crash if it received specially crafted network
traffic.
Software Description:
- haproxy: fast and reliable load balancing reverse proxy
Details:
David Torgerson discovered that HAProxy incorrectly parsed certain HTTP
headers. A remote attacker could use this issue to cause HAProxy to stop
responding, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
haproxy 1.4.18-0ubuntu3.1
Ubuntu 12.10:
haproxy 1.4.18-0ubuntu2.2
Ubuntu 12.04 LTS:
haproxy 1.4.18-0ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1889-1
CVE-2013-2175
Package Information:
https://launchpad.net/ubuntu/+source/haproxy/1.4.18-0ubuntu3.1
https://launchpad.net/ubuntu/+source/haproxy/1.4.18-0ubuntu2.2
https://launchpad.net/ubuntu/+source/haproxy/1.4.18-0ubuntu1.2
[CentOS-announce] CESA-2013:0964 Moderate CentOS 6 tomcat6 Update
CentOS Errata and Security Advisory 2013:0964 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0964.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
9ca01861f1bae9c193d68de92ab36a237705b77ab6735ec907707e4b4164f57a tomcat6-6.0.24-57.el6_4.noarch.rpm
74e28593f4c1f8e11274ca29209706283269bb5b4c0db44cb80fe02cc968d069 tomcat6-admin-webapps-6.0.24-57.el6_4.noarch.rpm
3d635c5eeb453f71e35cfa651b45ac421469a7c4d62f0967325edcb957bf17a2 tomcat6-docs-webapp-6.0.24-57.el6_4.noarch.rpm
bceb613d027c16f6687c7b686bee012ca7e6e3d8c76fbf40edbd8e52ecf56e51 tomcat6-el-2.1-api-6.0.24-57.el6_4.noarch.rpm
35664ae4dac5c1d61fefc665d004dec2f7f59e3ecfb7e18962c43231c4ed85cb tomcat6-javadoc-6.0.24-57.el6_4.noarch.rpm
e7fee0fb3aa63d4b829c2d083b102705c1b0dbfc80af3c07dc9bec0b2fa4cf09 tomcat6-jsp-2.1-api-6.0.24-57.el6_4.noarch.rpm
9233014f0068bfa380835e9081ba5c1572fd7f5f2fa6efeff990c045ca01636c tomcat6-lib-6.0.24-57.el6_4.noarch.rpm
e21a59b5527b0c67ed2704e809c4097792803b112a2335107de5f4eff98ec422 tomcat6-servlet-2.5-api-6.0.24-57.el6_4.noarch.rpm
611c33fe34744ec206594323cd1d673c0e3bda6f8cfad925bb77d5effb890b13 tomcat6-webapps-6.0.24-57.el6_4.noarch.rpm
x86_64:
9ca01861f1bae9c193d68de92ab36a237705b77ab6735ec907707e4b4164f57a tomcat6-6.0.24-57.el6_4.noarch.rpm
74e28593f4c1f8e11274ca29209706283269bb5b4c0db44cb80fe02cc968d069 tomcat6-admin-webapps-6.0.24-57.el6_4.noarch.rpm
3d635c5eeb453f71e35cfa651b45ac421469a7c4d62f0967325edcb957bf17a2 tomcat6-docs-webapp-6.0.24-57.el6_4.noarch.rpm
bceb613d027c16f6687c7b686bee012ca7e6e3d8c76fbf40edbd8e52ecf56e51 tomcat6-el-2.1-api-6.0.24-57.el6_4.noarch.rpm
35664ae4dac5c1d61fefc665d004dec2f7f59e3ecfb7e18962c43231c4ed85cb tomcat6-javadoc-6.0.24-57.el6_4.noarch.rpm
e7fee0fb3aa63d4b829c2d083b102705c1b0dbfc80af3c07dc9bec0b2fa4cf09 tomcat6-jsp-2.1-api-6.0.24-57.el6_4.noarch.rpm
9233014f0068bfa380835e9081ba5c1572fd7f5f2fa6efeff990c045ca01636c tomcat6-lib-6.0.24-57.el6_4.noarch.rpm
e21a59b5527b0c67ed2704e809c4097792803b112a2335107de5f4eff98ec422 tomcat6-servlet-2.5-api-6.0.24-57.el6_4.noarch.rpm
611c33fe34744ec206594323cd1d673c0e3bda6f8cfad925bb77d5effb890b13 tomcat6-webapps-6.0.24-57.el6_4.noarch.rpm
Source:
150d1b165a902624c9bb8bd108a7c6c2f15e0de4640ce33b236bb214f9f3014c tomcat6-6.0.24-57.el6_4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0964.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
9ca01861f1bae9c193d68de92ab36a237705b77ab6735ec907707e4b4164f57a tomcat6-6.0.24-57.el6_4.noarch.rpm
74e28593f4c1f8e11274ca29209706283269bb5b4c0db44cb80fe02cc968d069 tomcat6-admin-webapps-6.0.24-57.el6_4.noarch.rpm
3d635c5eeb453f71e35cfa651b45ac421469a7c4d62f0967325edcb957bf17a2 tomcat6-docs-webapp-6.0.24-57.el6_4.noarch.rpm
bceb613d027c16f6687c7b686bee012ca7e6e3d8c76fbf40edbd8e52ecf56e51 tomcat6-el-2.1-api-6.0.24-57.el6_4.noarch.rpm
35664ae4dac5c1d61fefc665d004dec2f7f59e3ecfb7e18962c43231c4ed85cb tomcat6-javadoc-6.0.24-57.el6_4.noarch.rpm
e7fee0fb3aa63d4b829c2d083b102705c1b0dbfc80af3c07dc9bec0b2fa4cf09 tomcat6-jsp-2.1-api-6.0.24-57.el6_4.noarch.rpm
9233014f0068bfa380835e9081ba5c1572fd7f5f2fa6efeff990c045ca01636c tomcat6-lib-6.0.24-57.el6_4.noarch.rpm
e21a59b5527b0c67ed2704e809c4097792803b112a2335107de5f4eff98ec422 tomcat6-servlet-2.5-api-6.0.24-57.el6_4.noarch.rpm
611c33fe34744ec206594323cd1d673c0e3bda6f8cfad925bb77d5effb890b13 tomcat6-webapps-6.0.24-57.el6_4.noarch.rpm
x86_64:
9ca01861f1bae9c193d68de92ab36a237705b77ab6735ec907707e4b4164f57a tomcat6-6.0.24-57.el6_4.noarch.rpm
74e28593f4c1f8e11274ca29209706283269bb5b4c0db44cb80fe02cc968d069 tomcat6-admin-webapps-6.0.24-57.el6_4.noarch.rpm
3d635c5eeb453f71e35cfa651b45ac421469a7c4d62f0967325edcb957bf17a2 tomcat6-docs-webapp-6.0.24-57.el6_4.noarch.rpm
bceb613d027c16f6687c7b686bee012ca7e6e3d8c76fbf40edbd8e52ecf56e51 tomcat6-el-2.1-api-6.0.24-57.el6_4.noarch.rpm
35664ae4dac5c1d61fefc665d004dec2f7f59e3ecfb7e18962c43231c4ed85cb tomcat6-javadoc-6.0.24-57.el6_4.noarch.rpm
e7fee0fb3aa63d4b829c2d083b102705c1b0dbfc80af3c07dc9bec0b2fa4cf09 tomcat6-jsp-2.1-api-6.0.24-57.el6_4.noarch.rpm
9233014f0068bfa380835e9081ba5c1572fd7f5f2fa6efeff990c045ca01636c tomcat6-lib-6.0.24-57.el6_4.noarch.rpm
e21a59b5527b0c67ed2704e809c4097792803b112a2335107de5f4eff98ec422 tomcat6-servlet-2.5-api-6.0.24-57.el6_4.noarch.rpm
611c33fe34744ec206594323cd1d673c0e3bda6f8cfad925bb77d5effb890b13 tomcat6-webapps-6.0.24-57.el6_4.noarch.rpm
Source:
150d1b165a902624c9bb8bd108a7c6c2f15e0de4640ce33b236bb214f9f3014c tomcat6-6.0.24-57.el6_4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[USN-1888-1] Mesa vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRwzl8AAoJEGVp2FWnRL6TfQYP/1reDqHXApnpi5TN99TDBhW6
dn3ZBTTCcw1OPoE52XHzQq8qNiOpnuF65uB+8emjkrOQ6ijPKUbf3t8W2DwjgwQl
upO/SU7YYSknpyNX0MHr+k0eSN2seDB+iQ3a2u9clciT/0q68N18lEzAPzk6vDEo
w2FSPJ4PldySvfL32bbx2ojcD/nOJWpYKZ2Sg/k8GXT+RB3MiCb3QOi/ZPtatPtn
BlUBP2HLFJXPBs/miULhFVFmayiWplEWOgFtnrVrH9e+YAwyw1XmTK3UyTkOGQgJ
IF4Ub6HKLl5dl4xIa8DD0ie7TJX2FjxJO1fEDQu/QpATougm/rgCI1SoOgTg7cjG
3n+6yYEPLSllqFLgEqeRADh6oI4Rtqtqqc5J2m/3JEl77MYORJnZcZ/Vk1fCaFud
+0tb8PB/QvdABC3VOi8vteZozZkVdAmyxDsKbmS1p37AslUZV/RdS1s5nbWkaHJU
OnF8vLPXd/1ffrXjJO9BjsmlKv0WlSPgLO0V+cV43NGLmIXxCKehWV/a+pLNUAtO
40VIpibR06oVDhRzTQQeFuvc+NliLC2CoznDIFkULF/J6+B41ekpY90gFpNsEh+5
5BZ+D4G1iyAQVgSpQqMB/m08ZxmIuUXvAxZ2c3x4wPH8f7mfoUs4WRfJtTJKF72f
iB21AKxl9dJIvrAPtjKI
=HBjR
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1888-1
June 20, 2013
mesa, mesa-lts-quantal vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
Mesa could be made to crash or run programs as your login if it received
specially crafted input.
Software Description:
- mesa: free implementation of the EGL API
- mesa-lts-quantal: free implementation of the EGL API
Details:
It was discovered that Mesa incorrectly handled certain memory
calculations. An attacker could use this flaw to cause an application to
crash, or possibly execute arbitrary code. (CVE-2013-1872)
Ilja van Sprundel discovered that Mesa incorrectly handled certain memory
calculations. An attacker could use this flaw to cause an application to
crash, or possibly execute arbitrary code. (CVE-2013-1993)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
libegl1-mesa 9.1.3-0ubuntu0.3
libgbm1 9.1.3-0ubuntu0.3
libgl1-mesa-dri 9.1.3-0ubuntu0.3
libgl1-mesa-glx 9.1.3-0ubuntu0.3
libglapi-mesa 9.1.3-0ubuntu0.3
libgles1-mesa 9.1.3-0ubuntu0.3
libgles2-mesa 9.1.3-0ubuntu0.3
libopenvg1-mesa 9.1.3-0ubuntu0.3
libosmesa6 9.1.3-0ubuntu0.3
libxatracker1 9.1.3-0ubuntu0.3
Ubuntu 12.10:
libegl1-mesa 9.0.3-0ubuntu0.2
libgbm1 9.0.3-0ubuntu0.2
libgl1-mesa-dri 9.0.3-0ubuntu0.2
libgl1-mesa-glx 9.0.3-0ubuntu0.2
libglapi-mesa 9.0.3-0ubuntu0.2
libgles1-mesa 9.0.3-0ubuntu0.2
libgles2-mesa 9.0.3-0ubuntu0.2
libopenvg1-mesa 9.0.3-0ubuntu0.2
libosmesa6 9.0.3-0ubuntu0.2
libxatracker1 9.0.3-0ubuntu0.2
Ubuntu 12.04 LTS:
libegl1-mesa 8.0.4-0ubuntu0.6
libegl1-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3
libgbm1 8.0.4-0ubuntu0.6
libgbm1-lts-quantal 9.0.3-0ubuntu0.1~precise3
libgl1-mesa-dri 8.0.4-0ubuntu0.6
libgl1-mesa-dri-lts-quantal 9.0.3-0ubuntu0.1~precise3
libgl1-mesa-glx 8.0.4-0ubuntu0.6
libgl1-mesa-glx-lts-quantal 9.0.3-0ubuntu0.1~precise3
libgl1-mesa-swx11 8.0.4-0ubuntu0.6
libglapi-mesa 8.0.4-0ubuntu0.6
libglapi-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3
libgles1-mesa 8.0.4-0ubuntu0.6
libgles1-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3
libgles2-mesa 8.0.4-0ubuntu0.6
libgles2-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3
libglu1-mesa 8.0.4-0ubuntu0.6
libopenvg1-mesa 8.0.4-0ubuntu0.6
libopenvg1-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3
libosmesa6 8.0.4-0ubuntu0.6
libxatracker1 8.0.4-0ubuntu0.6
libxatracker1-lts-quantal 9.0.3-0ubuntu0.1~precise3
After a standard system update you need to restart your session to make all
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1888-1
CVE-2013-1872, CVE-2013-1993
Package Information:
https://launchpad.net/ubuntu/+source/mesa/9.1.3-0ubuntu0.3
https://launchpad.net/ubuntu/+source/mesa/9.0.3-0ubuntu0.2
https://launchpad.net/ubuntu/+source/mesa/8.0.4-0ubuntu0.6
https://launchpad.net/ubuntu/+source/mesa-lts-quantal/9.0.3-0ubuntu0.1~precise3
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJRwzl8AAoJEGVp2FWnRL6TfQYP/1reDqHXApnpi5TN99TDBhW6
dn3ZBTTCcw1OPoE52XHzQq8qNiOpnuF65uB+8emjkrOQ6ijPKUbf3t8W2DwjgwQl
upO/SU7YYSknpyNX0MHr+k0eSN2seDB+iQ3a2u9clciT/0q68N18lEzAPzk6vDEo
w2FSPJ4PldySvfL32bbx2ojcD/nOJWpYKZ2Sg/k8GXT+RB3MiCb3QOi/ZPtatPtn
BlUBP2HLFJXPBs/miULhFVFmayiWplEWOgFtnrVrH9e+YAwyw1XmTK3UyTkOGQgJ
IF4Ub6HKLl5dl4xIa8DD0ie7TJX2FjxJO1fEDQu/QpATougm/rgCI1SoOgTg7cjG
3n+6yYEPLSllqFLgEqeRADh6oI4Rtqtqqc5J2m/3JEl77MYORJnZcZ/Vk1fCaFud
+0tb8PB/QvdABC3VOi8vteZozZkVdAmyxDsKbmS1p37AslUZV/RdS1s5nbWkaHJU
OnF8vLPXd/1ffrXjJO9BjsmlKv0WlSPgLO0V+cV43NGLmIXxCKehWV/a+pLNUAtO
40VIpibR06oVDhRzTQQeFuvc+NliLC2CoznDIFkULF/J6+B41ekpY90gFpNsEh+5
5BZ+D4G1iyAQVgSpQqMB/m08ZxmIuUXvAxZ2c3x4wPH8f7mfoUs4WRfJtTJKF72f
iB21AKxl9dJIvrAPtjKI
=HBjR
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1888-1
June 20, 2013
mesa, mesa-lts-quantal vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
Mesa could be made to crash or run programs as your login if it received
specially crafted input.
Software Description:
- mesa: free implementation of the EGL API
- mesa-lts-quantal: free implementation of the EGL API
Details:
It was discovered that Mesa incorrectly handled certain memory
calculations. An attacker could use this flaw to cause an application to
crash, or possibly execute arbitrary code. (CVE-2013-1872)
Ilja van Sprundel discovered that Mesa incorrectly handled certain memory
calculations. An attacker could use this flaw to cause an application to
crash, or possibly execute arbitrary code. (CVE-2013-1993)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.04:
libegl1-mesa 9.1.3-0ubuntu0.3
libgbm1 9.1.3-0ubuntu0.3
libgl1-mesa-dri 9.1.3-0ubuntu0.3
libgl1-mesa-glx 9.1.3-0ubuntu0.3
libglapi-mesa 9.1.3-0ubuntu0.3
libgles1-mesa 9.1.3-0ubuntu0.3
libgles2-mesa 9.1.3-0ubuntu0.3
libopenvg1-mesa 9.1.3-0ubuntu0.3
libosmesa6 9.1.3-0ubuntu0.3
libxatracker1 9.1.3-0ubuntu0.3
Ubuntu 12.10:
libegl1-mesa 9.0.3-0ubuntu0.2
libgbm1 9.0.3-0ubuntu0.2
libgl1-mesa-dri 9.0.3-0ubuntu0.2
libgl1-mesa-glx 9.0.3-0ubuntu0.2
libglapi-mesa 9.0.3-0ubuntu0.2
libgles1-mesa 9.0.3-0ubuntu0.2
libgles2-mesa 9.0.3-0ubuntu0.2
libopenvg1-mesa 9.0.3-0ubuntu0.2
libosmesa6 9.0.3-0ubuntu0.2
libxatracker1 9.0.3-0ubuntu0.2
Ubuntu 12.04 LTS:
libegl1-mesa 8.0.4-0ubuntu0.6
libegl1-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3
libgbm1 8.0.4-0ubuntu0.6
libgbm1-lts-quantal 9.0.3-0ubuntu0.1~precise3
libgl1-mesa-dri 8.0.4-0ubuntu0.6
libgl1-mesa-dri-lts-quantal 9.0.3-0ubuntu0.1~precise3
libgl1-mesa-glx 8.0.4-0ubuntu0.6
libgl1-mesa-glx-lts-quantal 9.0.3-0ubuntu0.1~precise3
libgl1-mesa-swx11 8.0.4-0ubuntu0.6
libglapi-mesa 8.0.4-0ubuntu0.6
libglapi-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3
libgles1-mesa 8.0.4-0ubuntu0.6
libgles1-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3
libgles2-mesa 8.0.4-0ubuntu0.6
libgles2-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3
libglu1-mesa 8.0.4-0ubuntu0.6
libopenvg1-mesa 8.0.4-0ubuntu0.6
libopenvg1-mesa-lts-quantal 9.0.3-0ubuntu0.1~precise3
libosmesa6 8.0.4-0ubuntu0.6
libxatracker1 8.0.4-0ubuntu0.6
libxatracker1-lts-quantal 9.0.3-0ubuntu0.1~precise3
After a standard system update you need to restart your session to make all
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1888-1
CVE-2013-1872, CVE-2013-1993
Package Information:
https://launchpad.net/ubuntu/+source/mesa/9.1.3-0ubuntu0.3
https://launchpad.net/ubuntu/+source/mesa/9.0.3-0ubuntu0.2
https://launchpad.net/ubuntu/+source/mesa/8.0.4-0ubuntu0.6
https://launchpad.net/ubuntu/+source/mesa-lts-quantal/9.0.3-0ubuntu0.1~precise3
Subscribe to:
Posts (Atom)