Fedora EPEL 6 Update: carbon-c-relay-0.39-2.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2015-1590
2015-04-06 01:22:36
--------------------------------------------------------------------------------
Name : carbon-c-relay
Product : Fedora EPEL 6
Version : 0.39
Release : 2.el6
URL : https://github.com/grobian/carbon-c-relay
Summary : Enhanced C implementation of Carbon relay, aggregator and rewriter
Description :
Carbon-like Graphite line mode relay. This project aims to be a replacement of
the original Carbon relay. The main reason to build a replacement is
performance and configurability. Carbon is single threaded, and sending
metrics to multiple consistent-hash clusters requires chaining of relays. This
project provides a multithreaded relay which can address multiple targets and
clusters for each and every metric based on pattern matches.
--------------------------------------------------------------------------------
Update Information:
fix filepath in logrotate
update to latest upsream 0.39
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1190390 - Review Request: carbon-c-relay - Enhanced C implementation of Carbon relay, aggregator and rewriter
https://bugzilla.redhat.com/show_bug.cgi?id=1190390
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update carbon-c-relay' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 1 month
Fedora EPEL 7 Update: librx-1.5-24.el7
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2015-1482
2015-04-01 00:16:30
--------------------------------------------------------------------------------
Name : librx
Product : Fedora EPEL 7
Version : 1.5
Release : 24.el7
URL : http://www.gnu.org/software/rx/rx.html
Summary : POSIX regexp functions
Description :
Rx is, among other things, an implementation of the interface
specified by POSIX for programming with regular expressions. Some
other implementations are GNU regex.c and Henry Spencer's regex
library.
--------------------------------------------------------------------------------
Update Information:
Fix scriplet bug, update arch macros
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1205816 - librx package needs source update for epel7 ppc64le
https://bugzilla.redhat.com/show_bug.cgi?id=1205816
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update librx' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 1 month
[SECURITY] Fedora EPEL 5 Update: perl-Test-Signature-1.11-1.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2015-5740
2015-04-09 15:41:05
--------------------------------------------------------------------------------
Name : perl-Test-Signature
Product : Fedora EPEL 5
Version : 1.11
Release : 1.el5
URL : http://search.cpan.org/dist/Test-Signature/
Summary : Automated SIGNATURE testing
Description :
Module::Signature allows you to verify that a distribution has not been
tampered with. Test::Signature lets that be tested as part of the
distribution's test suite.
--------------------------------------------------------------------------------
Update Information:
This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a "skip" parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behavior is included in this update.
Security issues:
* Module::Signature before version 0.75 could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries.
* When verifying the contents of a CPAN module, Module::Signature before version 0.75 ignored some files in the extracted tarball that were not listed in the signature file. This included some files in the t/ directory that would execute
automatically during "make test".
* Module::Signature before version 0.75 used two argument open() calls to read the files when generating checksums from the signed manifest. This allowed embedding arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process.
* Module::Signature before version 0.75 has been loading several modules at runtime inside the extracted module directory. Modules like Text::Diff are not guaranteed to be available on all platforms and could be added to a malicious
module so that they would load from the '.' path in @INC.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209911 - CVE-2015-3406 perl-Module-Signature: unsigned files interpreted as signed in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1209911
[ 2 ] Bug #1209915 - CVE-2015-3407 perl-Module-Signature: arbitrary code execution during test phase
https://bugzilla.redhat.com/show_bug.cgi?id=1209915
[ 3 ] Bug #1209917 - CVE-2015-3408 perl-Module-Signature: arbitrary code execution when verifying module signatures
https://bugzilla.redhat.com/show_bug.cgi?id=1209917
[ 4 ] Bug #1209918 - CVE-2015-3409 perl-Module-Signature: arbitrary modules loading in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1209918
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update perl-Test-Signature' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 1 month
[SECURITY] Fedora EPEL 5 Update: perl-Module-Signature-0.78-1.el5
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2015-5740
2015-04-09 15:41:05
--------------------------------------------------------------------------------
Name : perl-Module-Signature
Product : Fedora EPEL 5
Version : 0.78
Release : 1.el5
URL : http://search.cpan.org/dist/Module-Signature/
Summary : CPAN signature management utilities and modules
Description :
This package contains a command line tool and module for checking and creating
SIGNATURE files for Perl CPAN distributions.
--------------------------------------------------------------------------------
Update Information:
This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a "skip" parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behavior is included in this update.
Security issues:
* Module::Signature before version 0.75 could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries.
* When verifying the contents of a CPAN module, Module::Signature before version 0.75 ignored some files in the extracted tarball that were not listed in the signature file. This included some files in the t/ directory that would execute
automatically during "make test".
* Module::Signature before version 0.75 used two argument open() calls to read the files when generating checksums from the signed manifest. This allowed embedding arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process.
* Module::Signature before version 0.75 has been loading several modules at runtime inside the extracted module directory. Modules like Text::Diff are not guaranteed to be available on all platforms and could be added to a malicious
module so that they would load from the '.' path in @INC.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209911 - CVE-2015-3406 perl-Module-Signature: unsigned files interpreted as signed in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1209911
[ 2 ] Bug #1209915 - CVE-2015-3407 perl-Module-Signature: arbitrary code execution during test phase
https://bugzilla.redhat.com/show_bug.cgi?id=1209915
[ 3 ] Bug #1209917 - CVE-2015-3408 perl-Module-Signature: arbitrary code execution when verifying module signatures
https://bugzilla.redhat.com/show_bug.cgi?id=1209917
[ 4 ] Bug #1209918 - CVE-2015-3409 perl-Module-Signature: arbitrary modules loading in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1209918
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update perl-Module-Signature' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 1 month
Fedora EPEL 7 Update: ntfs-3g-2015.3.14-1.el7
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2015-5706
2015-04-08 17:31:26
--------------------------------------------------------------------------------
Name : ntfs-3g
Product : Fedora EPEL 7
Version : 2015.3.14
Release : 1.el7
URL : http://www.ntfs-3g.org/
Summary : Linux NTFS userspace driver
Description :
NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS
driver for Linux and many other operating systems. It provides safe
handling of the Windows XP, Windows Server 2003, Windows 2000, Windows
Vista, Windows Server 2008 and Windows 7 NTFS file systems. NTFS-3G can
create, remove, rename, move files, directories, hard links, and streams;
it can read and write normal and transparently compressed files, including
streams and sparse files; it can handle special files like symbolic links,
devices, and FIFOs, ACL, extended attributes; moreover it provides full
file access right and ownership support.
--------------------------------------------------------------------------------
Update Information:
Update ntfs-3g to 2015.3.14. Rebuild testdisk against it.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update ntfs-3g' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 1 month
Fedora EPEL 7 Update: testdisk-6.14-4.el7
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2015-5706
2015-04-08 17:31:26
--------------------------------------------------------------------------------
Name : testdisk
Product : Fedora EPEL 7
Version : 6.14
Release : 4.el7
URL : http://www.cgsecurity.org/wiki/TestDisk
Summary : Tool to check and undelete partition, PhotoRec recovers lost files
Description :
Tool to check and undelete partition. Works with FAT12, FAT16, FAT32,
NTFS, ext2, ext3, ext4, btrfs, BeFS, CramFS, HFS, JFS, Linux Raid, Linux
Swap, LVM, LVM2, NSS, ReiserFS, UFS, XFS.
PhotoRec is a signature based file recovery utility. It handles more than
440 file formats including JPG, MSOffice, OpenOffice documents.
--------------------------------------------------------------------------------
Update Information:
Update ntfs-3g to 2015.3.14. Rebuild testdisk against it.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update testdisk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 1 month
[SECURITY] Fedora EPEL 6 Update: perl-Module-Signature-0.78-1.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2015-5739
2015-04-09 15:41:01
--------------------------------------------------------------------------------
Name : perl-Module-Signature
Product : Fedora EPEL 6
Version : 0.78
Release : 1.el6
URL : http://search.cpan.org/dist/Module-Signature/
Summary : CPAN signature management utilities and modules
Description :
This package contains a command line tool and module for checking and creating
SIGNATURE files for Perl CPAN distributions.
--------------------------------------------------------------------------------
Update Information:
This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a "skip" parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behavior is included in this update.
Security issues:
* Module::Signature before version 0.75 could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries.
* When verifying the contents of a CPAN module, Module::Signature before version 0.75 ignored some files in the extracted tarball that were not listed in the signature file. This included some files in the t/ directory that would execute
automatically during "make test".
* Module::Signature before version 0.75 used two argument open() calls to read the files when generating checksums from the signed manifest. This allowed embedding arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process.
* Module::Signature before version 0.75 has been loading several modules at runtime inside the extracted module directory. Modules like Text::Diff are not guaranteed to be available on all platforms and could be added to a malicious
module so that they would load from the '.' path in @INC.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209911 - CVE-2015-3406 perl-Module-Signature: unsigned files interpreted as signed in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1209911
[ 2 ] Bug #1209915 - CVE-2015-3407 perl-Module-Signature: arbitrary code execution during test phase
https://bugzilla.redhat.com/show_bug.cgi?id=1209915
[ 3 ] Bug #1209917 - CVE-2015-3408 perl-Module-Signature: arbitrary code execution when verifying module signatures
https://bugzilla.redhat.com/show_bug.cgi?id=1209917
[ 4 ] Bug #1209918 - CVE-2015-3409 perl-Module-Signature: arbitrary modules loading in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1209918
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update perl-Module-Signature' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 1 month
[SECURITY] Fedora EPEL 6 Update: perl-Test-Signature-1.11-1.el6
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2015-5739
2015-04-09 15:41:01
--------------------------------------------------------------------------------
Name : perl-Test-Signature
Product : Fedora EPEL 6
Version : 1.11
Release : 1.el6
URL : http://search.cpan.org/dist/Test-Signature/
Summary : Automated SIGNATURE testing
Description :
Module::Signature allows you to verify that a distribution has not been
tampered with. Test::Signature lets that be tested as part of the
distribution's test suite.
--------------------------------------------------------------------------------
Update Information:
This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a "skip" parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behavior is included in this update.
Security issues:
* Module::Signature before version 0.75 could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries.
* When verifying the contents of a CPAN module, Module::Signature before version 0.75 ignored some files in the extracted tarball that were not listed in the signature file. This included some files in the t/ directory that would execute
automatically during "make test".
* Module::Signature before version 0.75 used two argument open() calls to read the files when generating checksums from the signed manifest. This allowed embedding arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process.
* Module::Signature before version 0.75 has been loading several modules at runtime inside the extracted module directory. Modules like Text::Diff are not guaranteed to be available on all platforms and could be added to a malicious
module so that they would load from the '.' path in @INC.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209911 - CVE-2015-3406 perl-Module-Signature: unsigned files interpreted as signed in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1209911
[ 2 ] Bug #1209915 - CVE-2015-3407 perl-Module-Signature: arbitrary code execution during test phase
https://bugzilla.redhat.com/show_bug.cgi?id=1209915
[ 3 ] Bug #1209917 - CVE-2015-3408 perl-Module-Signature: arbitrary code execution when verifying module signatures
https://bugzilla.redhat.com/show_bug.cgi?id=1209917
[ 4 ] Bug #1209918 - CVE-2015-3409 perl-Module-Signature: arbitrary modules loading in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1209918
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update perl-Test-Signature' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 1 month
Fedora EPEL 7 Update: nginx-1.6.3-1.el7
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2015-5752
2015-04-10 17:29:10
--------------------------------------------------------------------------------
Name : nginx
Product : Fedora EPEL 7
Version : 1.6.3
Release : 1.el7
URL : http://nginx.org/
Summary : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.
--------------------------------------------------------------------------------
Update Information:
update to upstream release 1.6.3
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update nginx' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 1 month
Fedora EPEL 7 Update: perl-Template-GD-2.66-21.el7
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2015-1519
2015-04-01 00:17:51
--------------------------------------------------------------------------------
Name : perl-Template-GD
Product : Fedora EPEL 7
Version : 2.66
Release : 21.el7
URL : http://search.cpan.org/dist/Template-GD/
Summary : GD plugin(s) for the Template Toolkit
Description :
The Template-GD distribution provides a number of Template Toolkit
plugin modules to interface with Lincoln Stein's GD modules. These in
turn provide an interface to Thomas Boutell's GD graphics library.
These plugins were distributed as part of the Template Toolkit until
version 2.15 released in February 2006. At this time they were
extracted into this separate distribution.
--------------------------------------------------------------------------------
Update Information:
Build for EPEL7.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1204689 - Please release it for EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1204689
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update perl-Template-GD' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
9 years, 1 month