Unix News Tutorials Events and Stuff

Wednesday, April 3, 2013

[CentOS-announce] CESA-2013:0696 Critical CentOS 6 xulrunner Update

CentOS Errata and Security Advisory 2013:0696 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0696.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
26b0caa52bf4e7b4d7c261e00ee743e5685299182aeae1a42b5847b04e91caca xulrunner-17.0.5-1.el6.centos.i686.rpm
567ba526b9b75803d9db5b33293ec8c88cd61184e8d09176320c4f009b70232d xulrunner-devel-17.0.5-1.el6.centos.i686.rpm

x86_64:
26b0caa52bf4e7b4d7c261e00ee743e5685299182aeae1a42b5847b04e91caca xulrunner-17.0.5-1.el6.centos.i686.rpm
896b11cd54e4ca8bd52dd4ae9efdb430e6b7e4b379d835d8a687c949e0cfe39d xulrunner-17.0.5-1.el6.centos.x86_64.rpm
567ba526b9b75803d9db5b33293ec8c88cd61184e8d09176320c4f009b70232d xulrunner-devel-17.0.5-1.el6.centos.i686.rpm
822aa2efab665cfe10d7c7a3e39c803110438c39cdeeb1c1c4e0035b574d9343 xulrunner-devel-17.0.5-1.el6.centos.x86_64.rpm

Source:
b6128f2140cfe782f2b9e66678cfd594e1b9e37ac754704e3c92d4aa3a539325 xulrunner-17.0.5-1.el6.centos.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

Tuesday, April 2, 2013

[CentOS-announce] CESA-2013:0696 Critical CentOS 5 firefox Update

CentOS Errata and Security Advisory 2013:0696 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0696.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
5109c5f8f4fa396f006575dd4b6e750f46086cc5eb0660323eed5955ff2cc4b8 firefox-17.0.5-1.el5.centos.i386.rpm

x86_64:
5109c5f8f4fa396f006575dd4b6e750f46086cc5eb0660323eed5955ff2cc4b8 firefox-17.0.5-1.el5.centos.i386.rpm
ef8883f10686e40aa942710dc9cad2e10d22519157f6721af00884967dc9cb11 firefox-17.0.5-1.el5.centos.x86_64.rpm

Source:
d776604c90449284fec01988d730a832fd724c95a5b1f320c34680b8f465d7cf firefox-17.0.5-1.el5.centos.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2013:0697 Critical CentOS 5 thunderbird Update

CentOS Errata and Security Advisory 2013:0697 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0697.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
3c5fc2abc05ea43daf472aa1ca1a909fdff250ad1097d64887fd95819eb85647 thunderbird-17.0.5-1.el5.centos.i386.rpm

x86_64:
f81334bd93d83b8950946d40c092ad7c63aadde3e088eb520c76b06bad158002 thunderbird-17.0.5-1.el5.centos.x86_64.rpm

Source:
aa25c6cce823137c043d45a239df568b67eb5aaeadad4a9bbe79fc4ccaa6f5d3 thunderbird-17.0.5-1.el5.centos.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2013:0696 Critical CentOS 5 xulrunner Update

CentOS Errata and Security Advisory 2013:0696 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2013-0696.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
5597aea4d37eead49f184cac9daced824d6a332f4b67b254461ddf18a77d9e83 xulrunner-17.0.5-1.el5_9.i386.rpm
88229ce133be5b613d10676ab7f0d996f260a143008f44cd1a684efd1f662ebb xulrunner-devel-17.0.5-1.el5_9.i386.rpm

x86_64:
5597aea4d37eead49f184cac9daced824d6a332f4b67b254461ddf18a77d9e83 xulrunner-17.0.5-1.el5_9.i386.rpm
bbe3f667ed00c4860ef80b267722c64c8fa91cd573d2d8a1fbcff3a06bd9a386 xulrunner-17.0.5-1.el5_9.x86_64.rpm
88229ce133be5b613d10676ab7f0d996f260a143008f44cd1a684efd1f662ebb xulrunner-devel-17.0.5-1.el5_9.i386.rpm
ce7201c9a7842693ad51db54305e1b28cdc3e8572413f6f3fd9f7d87876bf925 xulrunner-devel-17.0.5-1.el5_9.x86_64.rpm

Source:
e9dfb2eb020e83b0c2ee2d23fef5500c6f70bad833cbdd29003fdd5e0b5ac597 xulrunner-17.0.5-1.el5_9.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[USN-1787-1] Linux kernel vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRWytJAAoJEAUvNnAY1cPYdD4QAJL2/3ggik0CIy0wxy5ysKoP
3dogKBI3n0v7f/ZSjFVHs8WlBZrD3fj7iu74V3p8HQzvog3JguUUHlhKpgv8a9sE
SFjwi+rPYn8dO/ljEL/d5VTpJfMWzLVpRElOtY8L5wU8IFJIH7MUDa3/fSqxRlQX
JYiY/9LPW/28KyE519kEoia1c8SzgXHOym2Kr9QQRMmAiHKFgNvq/cyUakruQ4Z6
fDjNi9WKigciw1Z/nRV4EengMhYL/+2l2F4S9q3PjKWtQhC5URT0aGv0R2EAYXdp
S4bRqFDGXJ0tyHm6oF31+FaJuIdlMVkjqqvhkYM7p0dfuicwg14XnjF4F5zqo/Nc
X+pN2aD6vJHs0qHfKK9Y+uxpHWb8nvl6zFodnn+DYTz7gHS6Z+q8HwDsX/ewDhIt
IBRh/S0G0Y6a34SHkQHtZIZi8QaFbiq9Kczum/qMlAWb8z/f/4+OeimByaq8e846
wQhtZv6mEuoGC8U5vR4qD9EuDj6HbrFiiCsFehJrOOxP4arxiWfiaxR4jQWIWkXT
ibxLtG/ESt56LBj0NwEREv2Snk6jTQVeUpju8lnsAG8g+xm/+zIb6v/l5KKE8rSN
3cyoB3pSVNaOKecrJ/01Zau580vLcFkyC9zeCUKywn7aMQzu1zexRwMm2dvoa0Tf
OCIWml1G5kd7zQQ3mOpB
=lpj+
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1787-1
April 02, 2013

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10

Summary:

Several security issues were fixed in the kernel.

Software Description:
- linux: Linux kernel

Details:

Emese Revfy discovered that in the Linux kernel signal handlers could leak
address information across an exec, making it possible to bypass ASLR
(Address Space Layout Randomization). A local user could use this flaw to
by pass ASLR to reliably deliver an exploit payload that would otherwise be
stopped (by ASLR). (CVE-2013-0914)

A memoery use after free error was discover in the Linux kernel's tmpfs
filesystem. A local user could exploit this flaw to gain privileges or
cause a denial of service (system crash). (CVE-2013-1767)

Mateusz Guzik discovered a race in the Linux kernel's keyring. A local user
could exploit this flaw to cause a denial of service (system crash).
(CVE-2013-1792)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
linux-image-3.0.0-32-generic 3.0.0-32.51
linux-image-3.0.0-32-generic-pae 3.0.0-32.51
linux-image-3.0.0-32-omap 3.0.0-32.51
linux-image-3.0.0-32-powerpc 3.0.0-32.51
linux-image-3.0.0-32-powerpc-smp 3.0.0-32.51
linux-image-3.0.0-32-powerpc64-smp 3.0.0-32.51
linux-image-3.0.0-32-server 3.0.0-32.51
linux-image-3.0.0-32-virtual 3.0.0-32.51

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1787-1
CVE-2013-0914, CVE-2013-1767, CVE-2013-1792

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.0.0-32.51

[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-13:04.bind

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-SA-13:04.bind Security Advisory
The FreeBSD Project

Topic: BIND remote denial of service

Category: contrib
Module: bind
Announced: 2013-04-02
Credits: Matthew Horsfall of Dyn, Inc.
Affects: FreeBSD 8.4-BETA1 and FreeBSD 9.x
Corrected: 2013-03-28 05:35:46 UTC (stable/8, 8.4-BETA1)
2013-03-28 05:39:45 UTC (stable/9, 9.1-STABLE)
2013-04-02 17:34:42 UTC (releng/9.0, 9.0-RELEASE-p7)
2013-04-02 17:34:42 UTC (releng/9.1, 9.1-RELEASE-p2)
CVE Name: CVE-2013-2266

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I. Background

BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server. The libdns
library is a library of DNS protocol support functions.

II. Problem Description

A flaw in a library used by BIND allows an attacker to deliberately
cause excessive memory consumption by the named(8) process. This
affects both recursive and authoritative servers.

III. Impact

A remote attacker can cause the named(8) daemon to consume all available
memory and crash, resulting in a denial of service. Applications linked
with the libdns library, for instance dig(1), may also be affected.

IV. Workaround

No workaround is available, but systems not running named(8) service
and not using base system DNS utilities are not affected.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch
# fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch.asc
# gpg --verify bind.patch.asc

b) Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

Recompile the operating system using buildworld and installworld as
described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.

Restart the named daemon, or reboot the system.

3) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

VI. Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r248807
stable/9/ r248808
releng/9.0/ r249029
releng/9.1/ r249029
- -------------------------------------------------------------------------

VII. References

https://kb.isc.org/article/AA-00871

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266

The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-13:04.bind.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iEYEARECAAYFAlFbGYYACgkQFdaIBMps37J4eACeNzJtWElzKJZCqXdzhrHEB+pu
1eoAn0oD7xcjoPOnB7H3xZbIeHldgGcI
=BX1M
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"

[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-13:03.openssl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-SA-13:03.openssl Security Advisory
The FreeBSD Project

Topic: OpenSSL multiple vulnerabilities

Category: contrib
Module: openssl
Announced: 2013-04-02
Affects: All supported versions of FreeBSD.
Corrected: 2013-03-08 17:28:40 UTC (stable/8, 8.3-STABLE)
2013-04-02 17:34:42 UTC (releng/8.3, 8.3-RELEASE-p7)
2013-03-14 17:48:07 UTC (stable/9, 9.1-STABLE)
2013-04-02 17:34:42 UTC (releng/9.0, 9.0-RELEASE-p7)
2013-04-02 17:34:42 UTC (releng/9.1, 9.1-RELEASE-p2)
CVE Name: CVE-2013-0166, CVE-2013-0169

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.

II. Problem Description

A flaw in the OpenSSL handling of OCSP response verification could be exploited
to cause a denial of service attack. [CVE-2013-0166]

OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and
DTLS. The weakness could reveal plaintext in a timing attack. [CVE-2013-0169]

III. Impact

The Denial of Service could be caused in the OpenSSL server application by
using an invalid key. [CVE-2013-0166]

A remote attacker could recover sensitive information by conducting
an attack via statistical analysis of timing data with crafted packets.
[CVE-2013-0169]

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated dated after the correction
date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

[FreeBSD 8.3 and 9.0]
# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl.patch
# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl.patch.asc
# gpg --verify openssl.patch.asc

[FreeBSD 9.1]
# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl-9.1.patch
# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl-9.1.patch.asc
# gpg --verify openssl-9.1.patch.asc

b) Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

Recompile the operating system using buildworld and installworld as
described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.

Restart the all deamons using the library, or reboot your the system.

3) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

VI. Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r248057
releng/8.3/ r249029
stable/9/ r248272
releng/9.0/ r249029
releng/9.1/ r249029
- -------------------------------------------------------------------------

VII. References

CVE Name:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166

The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-13:03.openssl.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iEYEARECAAYFAlFbGXYACgkQFdaIBMps37ISqACcCovc+NpuH57guiROqIbTfw3P
4RMAn22ppeZnRVfje8up3cyOx/D8CCmI
=rQqV
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"

[announce] NYC*BUG Tomorrow: MIPS Loongson on OpenBSD

April 3 @ 6:45 - Location: Suspenders

MIPS on OpenBSD, Brian Callahan

Everyone knows the BSDs provide a stable, feature-rich Operating System
for the big name and "in the news" CPUs. What you may not know is that
you can expect an equally excellent experience on the lesser-known CPUs.

This talk will provide an in-depth look at the Loongson CPU, a mips64el
CPU, on OpenBSD. We'll explore its history on OpenBSD and its support
for third-party software through OpenBSD's excellent ports system. We'll
examine the unique challenges that come with ports and packages on
lesser-used CPUs. Finally, we'll discuss the future of MIPS support,
including embedded MIPS.

About the speaker:

Brian is a graduate student at Monmouth University studying
Anthropology. He is an OpenBSD developer, working primarily on mips64el
(Loongson) ports.
_______________________________________________
announce mailing list
announce@lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/announce

[CentOS-announce] CEBA-2013:0692 CentOS 6 boost Update

CentOS Errata and Bugfix Advisory 2013:0692

Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0692.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

i386:
6a3f17870bbb92811dd4886fc308d7d20cabd17a712604559f1c4762b1938c11 boost-1.41.0-17.el6_4.i686.rpm
f59960fb9396d813304defe24c4bdede149442a934c994ff5af63c935741d995 boost-date-time-1.41.0-17.el6_4.i686.rpm
7780102c45f5893e4c7fd030563427ba95481e3c2f7a48ca8d87fba2fc698d1f boost-devel-1.41.0-17.el6_4.i686.rpm
c20af3a70e1e333e455eaf13c5bad2c9d4aa7f65a0e78877be7f07a1f2db1d5d boost-doc-1.41.0-17.el6_4.i686.rpm
700eef24e99b84d1fcd43101bc45e5aa2c7c2addce1c0eb399fd28e533c6c61e boost-filesystem-1.41.0-17.el6_4.i686.rpm
f2cc7bf10407da92c2f990ae939099b9abcdcca29816b176e8eca375a2c85fd5 boost-graph-1.41.0-17.el6_4.i686.rpm
b5ca862fdfdc3ac1c8da7e9cce4fc804796ead79db1d7e85463ee197321817c3 boost-graph-mpich2-1.41.0-17.el6_4.i686.rpm
658ed676f6feba3fe362d3f6808fc4ecc0e404647392c53b2fd92c946e6e63c9 boost-graph-openmpi-1.41.0-17.el6_4.i686.rpm
2e907650c17616a22be5524ac6aa771b6a4b308a6227928dc82574fa1cfa6eb3 boost-iostreams-1.41.0-17.el6_4.i686.rpm
5547a19e1d017018da944a009a5f925991d589dc4ea7c2d58097f3241e680ba5 boost-math-1.41.0-17.el6_4.i686.rpm
b44a501828a094f49a72586579017e9b0d109ff4f1768fbe36d6999693e58129 boost-mpich2-1.41.0-17.el6_4.i686.rpm
f3fda215bb380e3bf9ff8a75bfc845a64d7fc38cd5d69050c7ac742d27c606ae boost-mpich2-devel-1.41.0-17.el6_4.i686.rpm
eefd0ee1ac9bef33cceaf31aab10235913465a80fb78fbf73e17a6b1d2ef71f9 boost-mpich2-python-1.41.0-17.el6_4.i686.rpm
308237f14aa3e02393404d7798f58a8dfbd9dc002db148c58c2a7d7b8c1ceff9 boost-openmpi-1.41.0-17.el6_4.i686.rpm
d1ed3f323a9a2358d551bce6ffcd37358deff5cf9a4f8c9025f2910b2312f2c2 boost-openmpi-devel-1.41.0-17.el6_4.i686.rpm
30f9723381078d5b56c3f8f4f21926814e3055be91c812040f6f94859bf5d181 boost-openmpi-python-1.41.0-17.el6_4.i686.rpm
83ff052460d5875aa41731c1f0947a1f0aaf99b806de3ad1bfb616841720641d boost-program-options-1.41.0-17.el6_4.i686.rpm
b69efa50b01fded1cd134668ec4434b3f4f4e31616638287ab6bcb7b4d93e430 boost-python-1.41.0-17.el6_4.i686.rpm
935ab133eda12f8acdc0391e0e0c93449591774e26a59e3a24f4b20bfdb45cea boost-regex-1.41.0-17.el6_4.i686.rpm
dd770d79c0642323d34d82dc88691bd90cfad08a5d9ccce4919feb4f7bee6008 boost-serialization-1.41.0-17.el6_4.i686.rpm
3f973ac7ecb1ec95e29f77a6e8a1f6f6e46c065cb339230c567ca6ab80749da7 boost-signals-1.41.0-17.el6_4.i686.rpm
b18a6ca27832c90e77b27f1f5fbec206ef54818b27b798d305f99b603a0d7393 boost-static-1.41.0-17.el6_4.i686.rpm
02f9f48c876644587fe5b91e85bce74289c46f37b1a45b75f1828aec13b63f72 boost-system-1.41.0-17.el6_4.i686.rpm
4de1ed018ae95dd2daa9b54f2ca64a055a3d7d24c66e14a35bcb9d0a1a366b70 boost-test-1.41.0-17.el6_4.i686.rpm
a6947757a659321cedc585d4b74c7e738ef42f5ff68a4b59aef62ab9fd0ce35f boost-thread-1.41.0-17.el6_4.i686.rpm
bd3b6c1db628d5cdf88b203b8eb7b8365816682fdb342fa7cfc0722834d0e4f7 boost-wave-1.41.0-17.el6_4.i686.rpm

x86_64:
86944f00bea3725ac2e61e2ae93b7fc30b0bc2bfc454a8ce61d2a95e4c0271f5 boost-1.41.0-17.el6_4.x86_64.rpm
f59960fb9396d813304defe24c4bdede149442a934c994ff5af63c935741d995 boost-date-time-1.41.0-17.el6_4.i686.rpm
193cc8b631dd07b9743ee6d01d17ac508267e4137747044303b4e738f0b8ecaa boost-date-time-1.41.0-17.el6_4.x86_64.rpm
7780102c45f5893e4c7fd030563427ba95481e3c2f7a48ca8d87fba2fc698d1f boost-devel-1.41.0-17.el6_4.i686.rpm
2f6f6f23f2cbf26cb27303a286fa77b910326a8a2108ddceeb3bfd8e9b4a66a4 boost-devel-1.41.0-17.el6_4.x86_64.rpm
96789e28220d31866ebe6d4e4001e24d3d270ade1b107eac34787de1679201bc boost-doc-1.41.0-17.el6_4.x86_64.rpm
700eef24e99b84d1fcd43101bc45e5aa2c7c2addce1c0eb399fd28e533c6c61e boost-filesystem-1.41.0-17.el6_4.i686.rpm
3bb68a23603638b05072167fd8b032b487ff8946dc31d43111bdbc4ab2176f57 boost-filesystem-1.41.0-17.el6_4.x86_64.rpm
f2cc7bf10407da92c2f990ae939099b9abcdcca29816b176e8eca375a2c85fd5 boost-graph-1.41.0-17.el6_4.i686.rpm
d9541028e57d3e99ec385f34ede753ea9f7cd39525c3cef8211cf10d477ce86a boost-graph-1.41.0-17.el6_4.x86_64.rpm
b5ca862fdfdc3ac1c8da7e9cce4fc804796ead79db1d7e85463ee197321817c3 boost-graph-mpich2-1.41.0-17.el6_4.i686.rpm
1e0f4a6d73dcecb575b42896be8feb069e42fbb8b97a50fde8f739eba470e5d2 boost-graph-mpich2-1.41.0-17.el6_4.x86_64.rpm
9c0b4fba7299cd13568b09444ddd71b58c55d7794225fcc093ee1ad797dfa92a boost-graph-openmpi-1.41.0-17.el6_4.x86_64.rpm
2e907650c17616a22be5524ac6aa771b6a4b308a6227928dc82574fa1cfa6eb3 boost-iostreams-1.41.0-17.el6_4.i686.rpm
d89a6f644fe814d38f1b57568ad17e52828cea17b095f80d17204a6cf167e4d5 boost-iostreams-1.41.0-17.el6_4.x86_64.rpm
8ec30afa4c4b8173019fc5d3fdf3f541bfad4c52ceeb5e0fd86e1dc1a3bf5fb2 boost-math-1.41.0-17.el6_4.x86_64.rpm
b44a501828a094f49a72586579017e9b0d109ff4f1768fbe36d6999693e58129 boost-mpich2-1.41.0-17.el6_4.i686.rpm
4720beeb7f99bdaf70749fe8a9eb4d9789523b6d11a5826ddf5769251e24012d boost-mpich2-1.41.0-17.el6_4.x86_64.rpm
f3fda215bb380e3bf9ff8a75bfc845a64d7fc38cd5d69050c7ac742d27c606ae boost-mpich2-devel-1.41.0-17.el6_4.i686.rpm
08f2e29c6b55c24ceed0eb9a9f52c96661f63b4e017addf3eb4293e54f93868a boost-mpich2-devel-1.41.0-17.el6_4.x86_64.rpm
eefd0ee1ac9bef33cceaf31aab10235913465a80fb78fbf73e17a6b1d2ef71f9 boost-mpich2-python-1.41.0-17.el6_4.i686.rpm
395159d1ddf88991348cc00a5b178527bb2a050cbb1fae710930651388be4047 boost-mpich2-python-1.41.0-17.el6_4.x86_64.rpm
38a13faf691b5def011884d6d0a55bb942a2dec27e016c12436333df6d2cda4a boost-openmpi-1.41.0-17.el6_4.x86_64.rpm
d1ed3f323a9a2358d551bce6ffcd37358deff5cf9a4f8c9025f2910b2312f2c2 boost-openmpi-devel-1.41.0-17.el6_4.i686.rpm
8e74afbcb4d4261be59731fa3fb47851a2a658eb74f2d26010d63e530b03c736 boost-openmpi-devel-1.41.0-17.el6_4.x86_64.rpm
0a253ec42d9995b2417cb13a9c339622941d0c27fd251aa8ef36d1fae695c279 boost-openmpi-python-1.41.0-17.el6_4.x86_64.rpm
83ff052460d5875aa41731c1f0947a1f0aaf99b806de3ad1bfb616841720641d boost-program-options-1.41.0-17.el6_4.i686.rpm
c42132a36b12a585c3c24033246a653941ed9c0ffefe5383839ff2c5de974606 boost-program-options-1.41.0-17.el6_4.x86_64.rpm
b69efa50b01fded1cd134668ec4434b3f4f4e31616638287ab6bcb7b4d93e430 boost-python-1.41.0-17.el6_4.i686.rpm
dfe5109e82fed65544b136abbd21dcb215cf814d866b3765b0c8dbe0263a9b33 boost-python-1.41.0-17.el6_4.x86_64.rpm
935ab133eda12f8acdc0391e0e0c93449591774e26a59e3a24f4b20bfdb45cea boost-regex-1.41.0-17.el6_4.i686.rpm
22ea8cc215313dee92dea9082861c65813751cdd4bf67f6804aacbdea8a9f5fe boost-regex-1.41.0-17.el6_4.x86_64.rpm
dd770d79c0642323d34d82dc88691bd90cfad08a5d9ccce4919feb4f7bee6008 boost-serialization-1.41.0-17.el6_4.i686.rpm
035d708c958c280e84e0792e77cc23f90296cc616b565746a99fc421917f3960 boost-serialization-1.41.0-17.el6_4.x86_64.rpm
3f973ac7ecb1ec95e29f77a6e8a1f6f6e46c065cb339230c567ca6ab80749da7 boost-signals-1.41.0-17.el6_4.i686.rpm
46b81147f05e002128263dc3d271ac2d4c384818b2eaf5dcc143ea3ce42d0ca3 boost-signals-1.41.0-17.el6_4.x86_64.rpm
82e0828a4f8fb84070c38db56c0fda41e26a296e791e24bc3a1e4449545b48a0 boost-static-1.41.0-17.el6_4.x86_64.rpm
02f9f48c876644587fe5b91e85bce74289c46f37b1a45b75f1828aec13b63f72 boost-system-1.41.0-17.el6_4.i686.rpm
782735948658cb91bb356b76405ff900b3040e895af2aa8a7e020611f84489c6 boost-system-1.41.0-17.el6_4.x86_64.rpm
4de1ed018ae95dd2daa9b54f2ca64a055a3d7d24c66e14a35bcb9d0a1a366b70 boost-test-1.41.0-17.el6_4.i686.rpm
00969eecba17cbe7f8eaa15a671a96ad5ff290f501864fb7aa70d32201ada493 boost-test-1.41.0-17.el6_4.x86_64.rpm
a6947757a659321cedc585d4b74c7e738ef42f5ff68a4b59aef62ab9fd0ce35f boost-thread-1.41.0-17.el6_4.i686.rpm
0e34ae08acbd6cfe9e7d26cf8e877ba598bf2b2ccd265a6aee566cda3ac77dfd boost-thread-1.41.0-17.el6_4.x86_64.rpm
bd3b6c1db628d5cdf88b203b8eb7b8365816682fdb342fa7cfc0722834d0e4f7 boost-wave-1.41.0-17.el6_4.i686.rpm
975eabe0c1d71c280b34f290608ee579d5ff161ad7c679ce7017165333b9772a boost-wave-1.41.0-17.el6_4.x86_64.rpm

Source:
120d83c2811ce5d951e2ebf84709a232f2d072007e04eea50c45b8081165afd2 boost-1.41.0-17.el6_4.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce

[USN-1785-1] poppler vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRWtU9AAoJEGVp2FWnRL6TcJkQALv7L3F8q0nbV+7IjsKlI9PE
LX4/lXyjFIgCpv2KUNs/tRzifAaTibm+3MZEPOcp5tU7HcLh+acVFG873CZBCgui
Ql4cM9t+q79MREBc/Vtf2h2CY4yNmkMYrpNyuJ4fpc0FRfpijlORf9w2QVFXjBNA
VEvCyHOSJY4Q5HYN0sTPiFXzsBrlu3A3Sz4hlrfimHImHbHw28NU3Xd3XE180ZJx
8UwdykcLrn0o1fJez65e4cIyYJZdVyoEBMN7L0/dLThUNcbbXVY/csO8dD99lXIk
g6ChTJxn/6Y0871KnhAyib7LAKknAvSjK38vFA5NbUU5Pb+pLJk+C5d7+mkOxW0D
lOWvNdzZ+gzNAWBXCPeDYk5k3I11i6J73Rm1tXSuwk1iI0qFSEB17lXybZFS0bTE
Oz1J5pDMf2/KHFyHC/J7TdP10RoRPzvDrQtR4WO6DymOeOtal3ie4c6anjJIRp25
f1EWgWU0jcXRdhp1LxvaUvz81TEpA+kZF2om5sRPLBmInjQRdYx06CznDwc6h+6C
GqigjQFRevL7+FOCvi/HZPsdMCB6E/dxgAL7mmkRXJ/NoNP25Inz6wIEZh/eq/AJ
UX1bUWNqgdBTIMTtHqCaMcbvk92iIx+AheD9AszbDGBwOuJIDT4qdlol4zZpG4Ar
xXa37zDA+eSqolghtRMp
=GtT3
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1785-1
April 02, 2013

poppler vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

Applications using poppler could be made to crash or possibly run programs
as your login if they opened a specially crafted file.

Software Description:
- poppler: PDF rendering library

Details:

It was discovered that poppler contained multiple security issues when
parsing malformed PDF documents. If a user or automated system were tricked
into opening a crafted PDF file, an attacker could cause a denial of
service or possibly execute arbitrary code with privileges of the user
invoking the program.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
libpoppler-glib8 0.20.4-0ubuntu1.2
libpoppler28 0.20.4-0ubuntu1.2

Ubuntu 12.04 LTS:
libpoppler-glib8 0.18.4-1ubuntu3.1
libpoppler19 0.18.4-1ubuntu3.1

Ubuntu 11.10:
libpoppler-glib6 0.16.7-2ubuntu2.1
libpoppler13 0.16.7-2ubuntu2.1

Ubuntu 10.04 LTS:
libpoppler-glib4 0.12.4-0ubuntu5.3
libpoppler5 0.12.4-0ubuntu5.3

Ubuntu 8.04 LTS:
libpoppler-glib2 0.6.4-1ubuntu3.6
libpoppler2 0.6.4-1ubuntu3.6

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1785-1
CVE-2013-1788, CVE-2013-1789, CVE-2013-1790

Package Information:
https://launchpad.net/ubuntu/+source/poppler/0.20.4-0ubuntu1.2
https://launchpad.net/ubuntu/+source/poppler/0.18.4-1ubuntu3.1
https://launchpad.net/ubuntu/+source/poppler/0.16.7-2ubuntu2.1
https://launchpad.net/ubuntu/+source/poppler/0.12.4-0ubuntu5.3
https://launchpad.net/ubuntu/+source/poppler/0.6.4-1ubuntu3.6

[USN-1784-1] libxslt vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRWs5fAAoJEGVp2FWnRL6TaFoQAJepsgd+kegTAiS/0vpdFes6
3TvInwwtdafM8nHeqARQO38whWif7eHmakF9ouCZwNE4NYzcGpx1shxNigtpG6bA
f8Wsl3iNXAy1WaEQ1lEQYIIfkaZWyEIepQg/DHBmVUXbWZMqKwLi8t2bZD6iiEPQ
ZUcXhvsbNtUJJvbhc+E+xoDfu30jvp2YsxBEvU9wdlflgEoOJwhZ9NZnZ8BWoGC9
KTs+izR+ncA6S9YvHuf3naZcqlpcKIkltvTcBGhd5udta4zuOjY1sNhzueh3iyDm
WAKndRoHux41GbV0BKmbO1haYEaWO4sSIgi0g1KTbMTTfFtJTOzGDq3SKmvPF1Ch
MYl4LCX2xD9ICAfG8/SmFTNvNNuX2uyxSzuItjaIVM7SiDdQsOr2ablgfKUA8XjV
rSAlk6nXvms5UxdeVkGGkxVfixU3FAI3XALBzMAkyHkeVhPoYqDu8L1lSXumuu+N
y9eIRcxZmJQJdeq+ZTYz/cgMzcfyY2imbymRyV1+Vr2Gvd/58i0YKgDkyCtJ6cg7
KkVvaAAORcNb4vq0xlZfLKp5hABBCQy9WTJqDhGT0635k05L11Waw8vD4REIDvMn
NbzyewEdw5F39h/915hHkjlICvh7rmEaJ9ZGNLNYsdKjn/XAfYrf+vSQ6awkIBqN
xQ2QlXYALug4RGEU3X/t
=skl8
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1784-1
April 02, 2013

libxslt vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

Applications using libxslt could be made to crash if they processed a
specially crafted file.

Software Description:
- libxslt: XSLT processing library

Details:

Nicholas Gregoire discovered that libxslt incorrectly handled certain empty
values. If a user or automated system were tricked into processing a
specially crafted XSLT document, a remote attacker could cause libxslt to
crash, causing a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
libxslt1.1 1.1.26-14ubuntu0.1

Ubuntu 12.04 LTS:
libxslt1.1 1.1.26-8ubuntu1.3

Ubuntu 11.10:
libxslt1.1 1.1.26-7ubuntu0.2

Ubuntu 10.04 LTS:
libxslt1.1 1.1.26-1ubuntu1.2

Ubuntu 8.04 LTS:
libxslt1.1 1.1.22-1ubuntu1.4

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1784-1
CVE-2012-6139

Package Information:
https://launchpad.net/ubuntu/+source/libxslt/1.1.26-14ubuntu0.1
https://launchpad.net/ubuntu/+source/libxslt/1.1.26-8ubuntu1.3
https://launchpad.net/ubuntu/+source/libxslt/1.1.26-7ubuntu0.2
https://launchpad.net/ubuntu/+source/libxslt/1.1.26-1ubuntu1.2
https://launchpad.net/ubuntu/+source/libxslt/1.1.22-1ubuntu1.4

Monday, April 1, 2013

Fedora 19 Alpha Change freeze

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

as the Fedora 19 schedule[1] states the Alpha change freeze is upon
us. As we are now at the change freeze bodhi has been enabled for f19
now. it means all builds will now need an update cretaed and as we are
at Alpha freeze only accepted exceptions[2] will be allowed in.

we are at the pre beta stage of release, so the Pre-beta[3] stage of the
updates policy applies

Regards

Dennis

[1] http://fedorapeople.org/groups/schedule/f-19/f-19-devel-tasks.html
[2] http://fedoraproject.org/wiki/QA:SOP_freeze_exception_bug_process
[3] http://fedoraproject.org/wiki/Updates_Policy#Pre_Beta
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iEYEARECAAYFAlFaRS8ACgkQkSxm47BaWfc6SgCggi4O6rq1c8stA0sSxRwJ2bOr
hcwAnRl/igl6NV3j2wASwx8qV4RvJhah
=Cq0D
-----END PGP SIGNATURE-----
_______________________________________________
devel-announce mailing list
devel-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel-announce