[SECURITY] Fedora EPEL 5 Update: drupal7-7.4-1.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2011-3679
2011-06-30 17:15:39
--------------------------------------------------------------------------------
Name : drupal7
Product : Fedora EPEL 5
Version : 7.4
Release : 1.el5
URL : http://www.drupal.org
Summary : An open-source content-management platform
Description :
Equipped with a powerful blend of features, Drupal is a Content Management
System written in PHP that can support a variety of websites ranging from
personal weblogs to large community-driven websites. Drupal is highly
configurable, skinnable, and secure.
--------------------------------------------------------------------------------
Update Information:
Remember to log in as user 1 prior to the RPM update, to perform the DB upgrade via http://yoursite/update.php.
* Advisory ID: DRUPAL-SA-CORE-2011-002
* Project: Drupal core [1]
* Version: 7.x
* Date: 2011-JUNE-29
* Security risk: Highly critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
-------- DESCRIPTION
---------------------------------------------------------
.... Access bypass in node listings
Listings showing nodes but not JOINing the node table show all nodes
regardless of restrictions imposed by the node_access system. In core, this
affects the taxonomy and the forum subsystem.
Note that fixing this issue in contributed modules requires a
backwards-compatible API change for modules listing nodes. See
http://drupal.org/node/1204572 [3] for more details.
This issue affects Drupal 7.x only.
-------- VERSIONS AFFECTED
---------------------------------------------------
* Drupal 7.0, 7.1 and 7.2.
-------- SOLUTION
------------------------------------------------------------
Install the latest version:
* If you are running Drupal 7.x then upgrade to Drupal 7.3 or 7.4.
The Security Team has released both a pure security update without other bug
fixes and a security update combined with other bug fixes and improvements.
You can choose to either only include the security update for an immediate
fix (which might require less quality assurance and testing) or more fixes
and improvements alongside the security fixes by choosing between Drupal 7.3
and Drupal 7.4. Read the announcement [4] for more information.
See also the Drupal core [5] project page.
-------- REPORTED BY
---------------------------------------------------------
* The access bypass was reported independently by numerous people, including
Sascha Grossenbacher [6], Khaled Alhourani [7], and Ben Ford [8].
-------- FIXED BY
------------------------------------------------------------
* The access bypass was fixed by Károly Négyesi [9], member of the Drupal
security team
-------- CONTACT AND MORE INFORMATION
----------------------------------------
The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [10].
Learn more about the Drupal Security team and their policies [11], writing
secure code for Drupal [12], and securing your site [13].
[1] http://drupal.org/project/drupal
[2] http://drupal.org/security-team/risk-levels
[3] http://drupal.org/node/1204572
[4] http://drupal.org/drupal-7.4
[5] http://drupal.org/project/drupal
[6] http://drupal.org/user/214652
[7] http://drupal.org/user/265439
[8] http://drupal.org/user/12534
[9] http://drupal.org/user/9446
[10] http://drupal.org/contact
[11] http://drupal.org/security-team
[12] http://drupal.org/writing-secure-code
[13] http://drupal.org/security/secure-configuration
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #717874 - CVE-2011-2687 Remote access bypass vulnerability in Drupal 7
https://bugzilla.redhat.com/show_bug.cgi?id=717874
[ 2 ] Bug #706736 - Put modules and themes directories under /etc/drupal7/all/
https://bugzilla.redhat.com/show_bug.cgi?id=706736
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update drupal7' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
12 years, 11 months
Fedora EPEL 6 Update: xrootd-3.0.4-2.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2011-3649
2011-06-29 17:59:31
--------------------------------------------------------------------------------
Name : xrootd
Product : Fedora EPEL 6
Version : 3.0.4
Release : 2.el6
URL : http://xrootd.org/
Summary : Extended ROOT file server
Description :
The Extended root file server consists of a file server called xrootd
and a cluster management server called cmsd.
The xrootd server was developed for the root analysis framework to
serve root files. However, the server is agnostic to file types and
provides POSIX-like access to any type of file.
The cmsd server is the next generation version of the olbd server,
originally developed to cluster and load balance Objectivity/DB AMS
database servers. It provides enhanced capability along with lower
latency and increased throughput.
--------------------------------------------------------------------------------
Update Information:
Update of xrootd to version 3.0.4. For a list of new features and fixed bugs see: http://www.xrootd.org/download/ReleaseNotes.html
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #716843 - RFE: Please update to 3.0.4
https://bugzilla.redhat.com/show_bug.cgi?id=716843
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update xrootd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
12 years, 11 months
Fedora EPEL 5 Update: fetch-crl3-3.0.7-1.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2011-3657
2011-06-29 17:59:52
--------------------------------------------------------------------------------
Name : fetch-crl3
Product : Fedora EPEL 5
Version : 3.0.7
Release : 1.el5
URL : http://www.nikhef.nl/grid/gridwiki/index.php/FetchCRL3
Summary : Downloads Certificate Revocation Lists
Description :
This tool and associated cron entry ensure that Certificate Revocation
Lists (CRLs) are periodically retrieved from the web sites of the respective
Certification Authorities.
It assumes that the installed CA files follow the hash.crl_url convention.
--------------------------------------------------------------------------------
Update Information:
Changes in 3.0.7-1
----------------------
* CRL modofication time heuristic inadvertently modified file name templates (solves issue kindly reported by Elan Ruusamae)
* Expanded representation of tokenisation characters in strings to work around bug in file(1) (rhbz#699546, works around RedHat Bugzilla 699548)
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update fetch-crl3' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
12 years, 11 months
Fedora EPEL 5 Update: pidgin-privacy-please-0.7.0-1.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2011-3638
2011-06-28 15:32:02
--------------------------------------------------------------------------------
Name : pidgin-privacy-please
Product : Fedora EPEL 5
Version : 0.7.0
Release : 1.el5
URL : http://code.google.com/p/pidgin-privacy-please/
Summary : Security and Privacy plugin for Pidgin
Description :
pidgin-privacy-please is a Pidgin plugin to stop spammers from annoying you.
It offers the following features:
- Block individual users
- Auto-reply to blocked messages
- Block messages from people who are not on your contact list (with an
optional auto-reply)
- Block messages using regular expressions, either against the message
sender, the message content, or both
- Suppress repeated/all authorization requests
- Suppress OSCAR (ICQ/AIM) authorization requests
- Automatically show user info on authorization requests
- Block jabber headline messages (eg. alerts from the MSN transport)
- Block AOL system messages
- Challenge-response bot-check
--------------------------------------------------------------------------------
Update Information:
Upstream 0.7.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #716875 - pidgin-privacy-please-0.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=716875
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update pidgin-privacy-please' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
12 years, 11 months
Fedora EPEL 5 Update: python-argparse-1.2.1-2.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2011-3655
2011-06-29 17:59:48
--------------------------------------------------------------------------------
Name : python-argparse
Product : Fedora EPEL 5
Version : 1.2.1
Release : 2.el5
URL : http://code.google.com/p/argparse/
Summary : Optparse inspired command line parser for Python
Description :
The argparse module is an optparse-inspired command line parser that
improves on optparse by:
* handling both optional and positional arguments
* supporting parsers that dispatch to sub-parsers
* producing more informative usage messages
* supporting actions that consume any number of command-line args
* allowing types and actions to be specified with simple callables
instead of hacking class attributes like STORE_ACTIONS or CHECK_METHODS
as well as including a number of other more minor improvements on the
optparse API.
--------------------------------------------------------------------------------
Update Information:
* Add the LICENSE.txt file
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update python-argparse' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
12 years, 11 months
Fedora EPEL 5 Update: php-voms-admin-0.6-1.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2011-3601
2011-06-21 16:19:06
--------------------------------------------------------------------------------
Name : php-voms-admin
Product : Fedora EPEL 5
Version : 0.6
Release : 1.el5
URL : http://grid.org.ua/development/pva/
Summary : Web based interface to control VOMS parameters written in PHP
Description :
PHP VOMS-Admin (PVA) originally implemented the same functions as the
traditional JAVA-based VOMS-Admin (v.2.0.18) interface for Apache
Tomcat. It was designed to be more flexible and stable, provide easy
scalability and minimize resource usage. PVA is fully compatible with
the vomsd mysql backend.
--------------------------------------------------------------------------------
Update Information:
PHP VOMS-Admin (PVA) originally implemented the same functions as the traditional JAVA-based VOMS-Admin (v.2.0.18) interface for Apache Tomcat. It was designed to be more flexible and stable, provide easy scalability and minimize resource usage. PVA is fully compatible with the vomsd mysql backend.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #603346 - Review Request: php-voms-admin - Web based interface to control VOMS parameters written in PHP
https://bugzilla.redhat.com/show_bug.cgi?id=603346
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update php-voms-admin' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
12 years, 11 months
[SECURITY] Fedora EPEL 6 Update: mingw32-libpng-1.2.37-3.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2011-3670
2011-06-29 18:00:19
--------------------------------------------------------------------------------
Name : mingw32-libpng
Product : Fedora EPEL 6
Version : 1.2.37
Release : 3.el6
URL : http://www.libpng.org/pub/png/
Summary : MinGW Windows Libpng library
Description :
MinGW Windows Libpng library.
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2011-2501.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #717513 - CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=717513
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update mingw32-libpng' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
12 years, 11 months
Fedora EPEL 5 Update: R-qtl-1.21.2-1.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2011-3650
2011-06-29 17:59:36
--------------------------------------------------------------------------------
Name : R-qtl
Product : Fedora EPEL 5
Version : 1.21.2
Release : 1.el5
URL : http://www.rqtl.org/
Summary : Tools for analyzing QTL experiments
Description :
R-qtl is an extensible, interactive environment for mapping
quantitative trait loci (QTLs) in experimental crosses. Our goal is to
make complex QTL mapping methods widely accessible and allow users to
focus on modeling rather than computing.
A key component of computational methods for QTL mapping is the hidden
Markov model (HMM) technology for dealing with missing genotype
data. We have implemented the main HMM algorithms, with allowance for
the presence of genotyping errors, for backcrosses, intercrosses, and
phase-known four-way crosses.
The current version of R-qtl includes facilities for estimating
genetic maps, identifying genotyping errors, and performing single-QTL
genome scans and two-QTL, two-dimensional genome scans, by interval
mapping (with the EM algorithm), Haley-Knott regression, and multiple
imputation. All of this may be done in the presence of covariates
(such as sex, age or treatment). One may also fit higher-order QTL
models by multiple imputation and Haley-Knott regression.
--------------------------------------------------------------------------------
Update Information:
New version from http://www.rqtl.org/
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update R-qtl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
12 years, 11 months
Fedora EPEL 6 Update: bowtie-0.12.7-2.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2011-3648
2011-06-28 15:32:32
--------------------------------------------------------------------------------
Name : bowtie
Product : Fedora EPEL 6
Version : 0.12.7
Release : 2.el6
URL : http://bowtie-bio.sourceforge.net/index.shtml
Summary : An ultrafast, memory-efficient short read aligner
Description :
Bowtie, an ultrafast, memory-efficient short read aligner for short
DNA sequences (reads) from next-gen sequencers. Please cite: Langmead
B, et al. Ultrafast and memory-efficient alignment of short DNA
sequences to the human genome. Genome Biol 10:R25.
--------------------------------------------------------------------------------
Update Information:
First build of new package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #627936 - Review Request: bowtie - An ultrafast, memory-efficient short read aligner
https://bugzilla.redhat.com/show_bug.cgi?id=627936
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update bowtie' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
12 years, 11 months
Fedora EPEL 6 Update: python-argparse-1.2.1-2.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2011-3658
2011-06-29 17:59:54
--------------------------------------------------------------------------------
Name : python-argparse
Product : Fedora EPEL 6
Version : 1.2.1
Release : 2.el6
URL : http://code.google.com/p/argparse/
Summary : Optparse inspired command line parser for Python
Description :
The argparse module is an optparse-inspired command line parser that
improves on optparse by:
* handling both optional and positional arguments
* supporting parsers that dispatch to sub-parsers
* producing more informative usage messages
* supporting actions that consume any number of command-line args
* allowing types and actions to be specified with simple callables
instead of hacking class attributes like STORE_ACTIONS or CHECK_METHODS
as well as including a number of other more minor improvements on the
optparse API.
--------------------------------------------------------------------------------
Update Information:
* Add the LICENSE.txt file
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update python-argparse' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
12 years, 11 months