Product : Fedora Core 2
Name : gaim
Version : 1.2.1
Release : 1.fc2
Summary : A Gtk+ based multiprotocol instant messaging client
Description :
Gaim allows you to talk to anyone using a variety of messaging
protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!,
MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These
protocols are implemented using a modular, easy to use design.
To use a protocol, just add an account using the account editor.
Gaim supports many common features of other clients, as well as many
unique features, such as perl scripting and C plugins.
Gaim is NOT affiliated with or endorsed by America Online, Inc.,
Microsoft Corporation, or Yahoo! Inc. or other messaging service
providers.
Product : Fedora Core 3
Name : gaim
Version : 1.2.1
Release : 1.fc3
Summary : A Gtk+ based multiprotocol instant messaging client
Description :
Gaim allows you to talk to anyone using a variety of messaging
protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!,
MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These
protocols are implemented using a modular, easy to use design.
To use a protocol, just add an account using the account editor.
Gaim supports many common features of other clients, as well as many
unique features, such as perl scripting and C plugins.
Gaim is NOT affiliated with or endorsed by America Online, Inc.,
Microsoft Corporation, or Yahoo! Inc. or other messaging service
providers.
Product : Fedora Core 3
Name : mysql
Version : 3.23.58
Release : 16.FC3.1
Summary : MySQL client programs and shared libraries.
Description :
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries.
Sat Apr 2 2005 Tom Lane <tgl@redhat.com> 3.23.58-16.FC3.1
Repair uninitialized variable in security2 patch.
Enable testing on 64-bit arches; continue to exclude s390x which still
has issues.
Sat Mar 19 2005 Tom Lane <tgl@redhat.com> 3.23.58-15.FC3.1
Backpatch repair for CAN-2005-0709, CAN-2005-0710, CAN-2005-0711 (bz#151051).
Run 'make test' only on the archs we support for FC-3.
Product : Fedora Core 2
Name : mysql
Version : 3.23.58
Release : 16.FC2.1
Summary : MySQL client programs and shared libraries.
Description :
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld)
and many different client programs and libraries.
Sat Apr 2 2005 Tom Lane <tgl@redhat.com> 3.23.58-16.FC2.1
Repair uninitialized variable in security2 patch.
Enable testing on 64-bit arches; continue to exclude s390x which still
has issues.
Fri Mar 18 2005 Tom Lane <tgl@redhat.com> 3.23.58-15.FC2.1
Backpatch repair for CAN-2005-0709, CAN-2005-0710, CAN-2005-0711 (bz#151051).
Fix init script to not need a valid username for startup check (bz#142328)
Don't assume /etc/my.cnf will specify pid-file (bz#143724)
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
Trustix Secure Linux
Trustix Secure Linux Security Advisory #2005-0011
Package name: kernel
Summary: Various security bugs
Date: 2005-04-05
Affected versions: Trustix Secure Linux 2.1
Trustix Secure Linux 2.2
Trustix Operating System - Enterprise Server 2
Package description:
The kernel package contains the Linux kernel (vmlinuz), the core of your
Trustix Secure Linux operating system. The kernel handles the basic
functions of the operating system: memory allocation, process allocation,
device input and output, etc.
Problem description:
Mathieu Lafon didcovered an information leak in the ext2 mkdir() function
where random kernel memory is written to disk.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has
assigned the name CAN-2005-0400 to this issue.
Herbert Xu discovered a potential DOS in load_elf_library.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has
assigned the name CAN-2005-0749 to this issue.
Ilja van Sprundel discovered an exploitable integer overflow in
af_bluetooth which could lead to priviliege escalation.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has
assigned the name CAN-2005-0750 to this issue.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libapache2-mod-php4
php4-cgi
The problem can be corrected by upgrading the affected package to
version 4:4.3.8-3ubuntu7.7. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Two Denial of Service vulnerabilities have been discovered in the
getimagesize() function. getimagesize() uses format specific internal
functions php_handle_iff() and php_handle_jpeg() which get stuck in
infinite loops when certain (invalid) size parameters are read from
the image. In web applications that allow users to upload arbitrary
image files, a remote attacker could render the server unavailable by
uploading specially crafted images.
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
gaim
The problem can be corrected by upgrading the affected package to
version 1:1.0.0-1ubuntu1.3. You have to restart gaim after a standard
system upgrade to effect the necessary changes.=20
Details follow:
Jean-Yves Lefort discovered a buffer overflow in the
gaim_markup_strip_html() function. This caused Gaim to crash when
receiving certain malformed HTML messages. (CAN-2005-0965)
Jean-Yves Lefort also noticed that many functions that handle IRC
commands do not escape received HTML metacharacters; this allowed
remote attackers to cause a Denial of Service by injecting arbitrary
HTML code into the conversation window, popping up arbitrarily many
empty dialog boxes, or even causing Gaim to crash. (CAN-2005-0966)
Ubuntu Security Notice USN-107-1 April 05, 2005
ipsec-tools vulnerability
CAN-2005-0398
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
racoon
The problem can be corrected by upgrading the affected package to
version 0.3.3-1ubuntu0.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Sebastian Krahmer discovered a Denial of Service vulnerability in the
racoon daemon. By sending specially crafted ISAKMP packets, a remote
attacker could trigger a buffer overflow which caused racoon to crash.
This update does not introduce any source code changes affecting the
ipsec-tools package. It is necessary to update the version number of
the package in order to support an update to the "racoon" package.
Please note that racoon is not officially supported by Ubuntu (it is
in the "universe" component of the archive).
