The following Fedora EPEL 4 Security updates need testing:

https://admin.fedoraproject.org/updates/mod_fcgid-2.2-11.el4 https://admin.fedoraproject.org/updates/gnucash-2.0.5-4.el4 https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.el4

The following builds have been pushed to Fedora EPEL 4 updates-testing

mod_fcgid-2.2-11.el4

Details about builds:

================================================================================ mod_fcgid-2.2-11.el4 (FEDORA-EPEL-2010-3646) Apache2 module for high-performance server-side scripting -------------------------------------------------------------------------------- Update Information:

This update includes a back-ported fix from upstream version 2.3.6 addressing a possible stack buffer overwrite (CVE-2010-3872), plus another back-ported fix for making the server return a 500 error code instead of segfaulting if a FastCGI application returns no data for a request.

-------------------------------------------------------------------------------- ChangeLog:

* Fri Nov 5 2010 Paul Howarth paul@city-fan.org 2.2-11 - Fix possible stack buffer overwrite (CVE-2010-3872) - Return 500 instead of segfaulting if application returns no data - Explicitly use /var/run/mod_fcgid as "run" directory rather than following /etc/httpd/run symlink - Conflict with selinux-policy versions prior to EL 5.5 as earlier ones didn't work properly - Re-order sources - Minor documentation updates * Mon Apr 6 2009 Paul Howarth paul@city-fan.org 2.2-10 - EL 5.3 now has SELinux support in the main selinux-policy package so handle that release as per Fedora >= 8, except that the RHEL selinux-policy package doesn't Obsolete/Provide mod_fcgid-selinux like the Fedora version, so do the obsoletion here instead * Thu Feb 26 2009 Paul Howarth paul@city-fan.org 2.2-9 - Update documentation for MoinMoin, Rails (#476658), and SELinux * Wed Feb 25 2009 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.2-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Wed Nov 12 2008 Paul Howarth paul@city-fan.org 2.2-7 - SELinux policy module no longer built for Fedora 8 onwards as it is obsoleted by the main selinux-policy package - Conflicts for selinux-policy packages older than the releases where mod_fcgid policy was incorporated have been added for Fedora 8, 9, and 10 versions, to ensure that SELinux support will work if installed * Tue Oct 21 2008 Paul Howarth paul@city-fan.org 2.2-6 - SELinux policy module rewritten to merge fastcgi and system script domains in preparation for merge into main selinux-policy package (#462318) - Try to determine supported SELinux policy types by reading /etc/selinux/config * Thu Jul 24 2008 Paul Howarth paul@city-fan.org 2.2-5 - Tweak selinux-policy version detection macro to work with current Rawhide --------------------------------------------------------------------------------