July 2011 - epel-package-announce - Fedora Mailing-Lists

[SECURITY] Fedora EPEL 5 Update: drupal7-7.4-1.el5

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3679 2011-06-30 17:15:39 -------------------------------------------------------------------------------- Name : drupal7 Product : Fedora EPEL 5 Version : 7.4 Release : 1.el5 URL : http://www.drupal.org Summary : An open-source content-management platform Description : Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. -------------------------------------------------------------------------------- Update Information: Remember to log in as user 1 prior to the RPM update, to perform the DB upgrade via http://yoursite/update.php. * Advisory ID: DRUPAL-SA-CORE-2011-002 * Project: Drupal core [1] * Version: 7.x * Date: 2011-JUNE-29 * Security risk: Highly critical [2] * Exploitable from: Remote * Vulnerability: Access bypass -------- DESCRIPTION --------------------------------------------------------- .... Access bypass in node listings Listings showing nodes but not JOINing the node table show all nodes regardless of restrictions imposed by the node_access system. In core, this affects the taxonomy and the forum subsystem. Note that fixing this issue in contributed modules requires a backwards-compatible API change for modules listing nodes. See http://drupal.org/node/1204572 [3] for more details. This issue affects Drupal 7.x only. -------- VERSIONS AFFECTED --------------------------------------------------- * Drupal 7.0, 7.1 and 7.2. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you are running Drupal 7.x then upgrade to Drupal 7.3 or 7.4. The Security Team has released both a pure security update without other bug fixes and a security update combined with other bug fixes and improvements. You can choose to either only include the security update for an immediate fix (which might require less quality assurance and testing) or more fixes and improvements alongside the security fixes by choosing between Drupal 7.3 and Drupal 7.4. Read the announcement [4] for more information. See also the Drupal core [5] project page. -------- REPORTED BY --------------------------------------------------------- * The access bypass was reported independently by numerous people, including Sascha Grossenbacher [6], Khaled Alhourani [7], and Ben Ford [8]. -------- FIXED BY ------------------------------------------------------------ * The access bypass was fixed by Károly Négyesi [9], member of the Drupal security team -------- CONTACT AND MORE INFORMATION ---------------------------------------- The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [10]. Learn more about the Drupal Security team and their policies [11], writing secure code for Drupal [12], and securing your site [13]. [1] http://drupal.org/project/drupal [2] http://drupal.org/security-team/risk-levels [3] http://drupal.org/node/1204572 [4] http://drupal.org/drupal-7.4 [5] http://drupal.org/project/drupal [6] http://drupal.org/user/214652 [7] http://drupal.org/user/265439 [8] http://drupal.org/user/12534 [9] http://drupal.org/user/9446 [10] http://drupal.org/contact [11] http://drupal.org/security-team [12] http://drupal.org/writing-secure-code [13] http://drupal.org/security/secure-configuration -------------------------------------------------------------------------------- References: [ 1 ] Bug #717874 - CVE-2011-2687 Remote access bypass vulnerability in Drupal 7 https://bugzilla.redhat.com/show_bug.cgi?id=717874 [ 2 ] Bug #706736 - Put modules and themes directories under /etc/drupal7/all/ https://bugzilla.redhat.com/show_bug.cgi?id=706736 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update drupal7' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

12 years, 11 months

1
0
0 / 0

Fedora EPEL 6 Update: xrootd-3.0.4-2.el6

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3649 2011-06-29 17:59:31 -------------------------------------------------------------------------------- Name : xrootd Product : Fedora EPEL 6 Version : 3.0.4 Release : 2.el6 URL : http://xrootd.org/ Summary : Extended ROOT file server Description : The Extended root file server consists of a file server called xrootd and a cluster management server called cmsd. The xrootd server was developed for the root analysis framework to serve root files. However, the server is agnostic to file types and provides POSIX-like access to any type of file. The cmsd server is the next generation version of the olbd server, originally developed to cluster and load balance Objectivity/DB AMS database servers. It provides enhanced capability along with lower latency and increased throughput. -------------------------------------------------------------------------------- Update Information: Update of xrootd to version 3.0.4. For a list of new features and fixed bugs see: http://www.xrootd.org/download/ReleaseNotes.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #716843 - RFE: Please update to 3.0.4 https://bugzilla.redhat.com/show_bug.cgi?id=716843 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update xrootd' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

12 years, 11 months

1
0
0 / 0

Fedora EPEL 5 Update: fetch-crl3-3.0.7-1.el5

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3657 2011-06-29 17:59:52 -------------------------------------------------------------------------------- Name : fetch-crl3 Product : Fedora EPEL 5 Version : 3.0.7 Release : 1.el5 URL : http://www.nikhef.nl/grid/gridwiki/index.php/FetchCRL3 Summary : Downloads Certificate Revocation Lists Description : This tool and associated cron entry ensure that Certificate Revocation Lists (CRLs) are periodically retrieved from the web sites of the respective Certification Authorities. It assumes that the installed CA files follow the hash.crl_url convention. -------------------------------------------------------------------------------- Update Information: Changes in 3.0.7-1 ---------------------- * CRL modofication time heuristic inadvertently modified file name templates (solves issue kindly reported by Elan Ruusamae) * Expanded representation of tokenisation characters in strings to work around bug in file(1) (rhbz#699546, works around RedHat Bugzilla 699548) -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update fetch-crl3' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

12 years, 11 months

1
0
0 / 0

Fedora EPEL 5 Update: pidgin-privacy-please-0.7.0-1.el5

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3638 2011-06-28 15:32:02 -------------------------------------------------------------------------------- Name : pidgin-privacy-please Product : Fedora EPEL 5 Version : 0.7.0 Release : 1.el5 URL : http://code.google.com/p/pidgin-privacy-please/ Summary : Security and Privacy plugin for Pidgin Description : pidgin-privacy-please is a Pidgin plugin to stop spammers from annoying you. It offers the following features: - Block individual users - Auto-reply to blocked messages - Block messages from people who are not on your contact list (with an optional auto-reply) - Block messages using regular expressions, either against the message sender, the message content, or both - Suppress repeated/all authorization requests - Suppress OSCAR (ICQ/AIM) authorization requests - Automatically show user info on authorization requests - Block jabber headline messages (eg. alerts from the MSN transport) - Block AOL system messages - Challenge-response bot-check -------------------------------------------------------------------------------- Update Information: Upstream 0.7.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #716875 - pidgin-privacy-please-0.7.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=716875 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update pidgin-privacy-please' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

12 years, 11 months

1
0
0 / 0

Fedora EPEL 5 Update: python-argparse-1.2.1-2.el5

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3655 2011-06-29 17:59:48 -------------------------------------------------------------------------------- Name : python-argparse Product : Fedora EPEL 5 Version : 1.2.1 Release : 2.el5 URL : http://code.google.com/p/argparse/ Summary : Optparse inspired command line parser for Python Description : The argparse module is an optparse-inspired command line parser that improves on optparse by: * handling both optional and positional arguments * supporting parsers that dispatch to sub-parsers * producing more informative usage messages * supporting actions that consume any number of command-line args * allowing types and actions to be specified with simple callables instead of hacking class attributes like STORE_ACTIONS or CHECK_METHODS as well as including a number of other more minor improvements on the optparse API. -------------------------------------------------------------------------------- Update Information: * Add the LICENSE.txt file -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update python-argparse' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

12 years, 11 months

1
0
0 / 0

Fedora EPEL 5 Update: php-voms-admin-0.6-1.el5

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3601 2011-06-21 16:19:06 -------------------------------------------------------------------------------- Name : php-voms-admin Product : Fedora EPEL 5 Version : 0.6 Release : 1.el5 URL : http://grid.org.ua/development/pva/ Summary : Web based interface to control VOMS parameters written in PHP Description : PHP VOMS-Admin (PVA) originally implemented the same functions as the traditional JAVA-based VOMS-Admin (v.2.0.18) interface for Apache Tomcat. It was designed to be more flexible and stable, provide easy scalability and minimize resource usage. PVA is fully compatible with the vomsd mysql backend. -------------------------------------------------------------------------------- Update Information: PHP VOMS-Admin (PVA) originally implemented the same functions as the traditional JAVA-based VOMS-Admin (v.2.0.18) interface for Apache Tomcat. It was designed to be more flexible and stable, provide easy scalability and minimize resource usage. PVA is fully compatible with the vomsd mysql backend. -------------------------------------------------------------------------------- References: [ 1 ] Bug #603346 - Review Request: php-voms-admin - Web based interface to control VOMS parameters written in PHP https://bugzilla.redhat.com/show_bug.cgi?id=603346 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update php-voms-admin' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

12 years, 11 months

1
0
0 / 0

[SECURITY] Fedora EPEL 6 Update: mingw32-libpng-1.2.37-3.el6

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3670 2011-06-29 18:00:19 -------------------------------------------------------------------------------- Name : mingw32-libpng Product : Fedora EPEL 6 Version : 1.2.37 Release : 3.el6 URL : http://www.libpng.org/pub/png/ Summary : MinGW Windows Libpng library Description : MinGW Windows Libpng library. -------------------------------------------------------------------------------- Update Information: Fix for CVE-2011-2501. -------------------------------------------------------------------------------- References: [ 1 ] Bug #717513 - CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+ [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=717513 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update mingw32-libpng' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

12 years, 11 months

1
0
0 / 0

Fedora EPEL 5 Update: R-qtl-1.21.2-1.el5

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3650 2011-06-29 17:59:36 -------------------------------------------------------------------------------- Name : R-qtl Product : Fedora EPEL 5 Version : 1.21.2 Release : 1.el5 URL : http://www.rqtl.org/ Summary : Tools for analyzing QTL experiments Description : R-qtl is an extensible, interactive environment for mapping quantitative trait loci (QTLs) in experimental crosses. Our goal is to make complex QTL mapping methods widely accessible and allow users to focus on modeling rather than computing. A key component of computational methods for QTL mapping is the hidden Markov model (HMM) technology for dealing with missing genotype data. We have implemented the main HMM algorithms, with allowance for the presence of genotyping errors, for backcrosses, intercrosses, and phase-known four-way crosses. The current version of R-qtl includes facilities for estimating genetic maps, identifying genotyping errors, and performing single-QTL genome scans and two-QTL, two-dimensional genome scans, by interval mapping (with the EM algorithm), Haley-Knott regression, and multiple imputation. All of this may be done in the presence of covariates (such as sex, age or treatment). One may also fit higher-order QTL models by multiple imputation and Haley-Knott regression. -------------------------------------------------------------------------------- Update Information: New version from http://www.rqtl.org/ -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update R-qtl' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

12 years, 11 months

1
0
0 / 0

Fedora EPEL 6 Update: bowtie-0.12.7-2.el6

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3648 2011-06-28 15:32:32 -------------------------------------------------------------------------------- Name : bowtie Product : Fedora EPEL 6 Version : 0.12.7 Release : 2.el6 URL : http://bowtie-bio.sourceforge.net/index.shtml Summary : An ultrafast, memory-efficient short read aligner Description : Bowtie, an ultrafast, memory-efficient short read aligner for short DNA sequences (reads) from next-gen sequencers. Please cite: Langmead B, et al. Ultrafast and memory-efficient alignment of short DNA sequences to the human genome. Genome Biol 10:R25. -------------------------------------------------------------------------------- Update Information: First build of new package -------------------------------------------------------------------------------- References: [ 1 ] Bug #627936 - Review Request: bowtie - An ultrafast, memory-efficient short read aligner https://bugzilla.redhat.com/show_bug.cgi?id=627936 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update bowtie' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

12 years, 11 months

1
0
0 / 0

Fedora EPEL 6 Update: python-argparse-1.2.1-2.el6

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2011-3658 2011-06-29 17:59:54 -------------------------------------------------------------------------------- Name : python-argparse Product : Fedora EPEL 6 Version : 1.2.1 Release : 2.el6 URL : http://code.google.com/p/argparse/ Summary : Optparse inspired command line parser for Python Description : The argparse module is an optparse-inspired command line parser that improves on optparse by: * handling both optional and positional arguments * supporting parsers that dispatch to sub-parsers * producing more informative usage messages * supporting actions that consume any number of command-line args * allowing types and actions to be specified with simple callables instead of hacking class attributes like STORE_ACTIONS or CHECK_METHODS as well as including a number of other more minor improvements on the optparse API. -------------------------------------------------------------------------------- Update Information: * Add the LICENSE.txt file -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update python-argparse' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

12 years, 11 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

epel-package-announce July 2011