Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Advisories, February 26, 2007

Feb 27, 2007, 04:45 (0 Talkback[s])

Fedora Core


Fedora Update Notification
FEDORA-2007-278
2007-02-26

Product : Fedora Core 5
Name : nspr
Version : 4.6.5
Release : 0.5.0.fc5
Summary : Netscape Portable Runtime

Description :
NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic memory management (malloc and free) and shared library linking.


Update Information:

This update fixes two security vulnerabilities with SSL 2 (CVE-2007-0008, CVE-2007-0009).

All users of NSS, which includes users of Firefox, Thunderbird, Seamonkey, and other mozilla.org products, are recommended to update to this package.


  • Sat Feb 24 2007 Kai Engert <kengert@redhat.com>
    • 4.6.5-0.5.0
    • Update to 4.6.5
    • Update to latest ipv6 upstream patch
    • Add upstream patch to fix a thread cleanup issue
    • Now requires pkgconfig
  • Tue Jan 16 2007 Kai Engert <kengert@redhat.com> - 4.6.4-0.5.1
    • Include upstream patch to fix ipv6 support (rhbz 222554)
  • Tue Nov 21 2006 Kai Engert <kengert@redhat.com> - 4.6.4-0.5
    • Update to 4.6.4
  • Thu Sep 14 2006 Kai Engert <kengert@redhat.com> - 4.6.3-0.5.fc5
    • Update to 4.6.3
    • Tweak nspr-config to be identical on all platforms.

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

a5b919dc86a7c830c90702ded69bc26aaa37a3d6 SRPMS/nspr-4.6.5-0.5.0.fc5.src.rpm
a5b919dc86a7c830c90702ded69bc26aaa37a3d6 noarch/nspr-4.6.5-0.5.0.fc5.src.rpm
546d4649656f5e9b86a0d6226048986700526364 ppc/debug/nspr-debuginfo-4.6.5-0.5.0.fc5.ppc.rpm
f78719616e303fa8ea2c6bf89d866dfd09b5d06b ppc/nspr-4.6.5-0.5.0.fc5.ppc.rpm
dcc0e134845945a5c4590a4c89ec0149abc29065 ppc/nspr-devel-4.6.5-0.5.0.fc5.ppc.rpm
82733b2ee3d3759984d92e8345c9bd286e54ded3 x86_64/nspr-devel-4.6.5-0.5.0.fc5.x86_64.rpm
94f6e4e79fc36ae27218599fd7ec21d4e91e12e4 x86_64/nspr-4.6.5-0.5.0.fc5.x86_64.rpm
60863070f2c587034fc2ae8a8d0540fe6e5883b3 x86_64/debug/nspr-debuginfo-4.6.5-0.5.0.fc5.x86_64.rpm
c79172cdc360174c3308f637ebc390562834b73a i386/nspr-4.6.5-0.5.0.fc5.i386.rpm
ee2490cc1de564813e76349e6a3f1c3c28751658 i386/debug/nspr-debuginfo-4.6.5-0.5.0.fc5.i386.rpm
7ca65f3597c5c2d26cc3ecd12760227574fc941a i386/nspr-devel-4.6.5-0.5.0.fc5.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.


Fedora Update Notification
FEDORA-2007-278
2007-02-26

Product : Fedora Core 5
Name : nss
Version : 3.11.5
Release : 0.5.0.fc5
Summary : Network Security Services

Description :
Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.


Update Information:

This update fixes two security vulnerabilities with SSL 2 (CVE-2007-0008, CVE-2007-0009).

All users of NSS, which includes users of Firefox, Thunderbird, Seamonkey, and other mozilla.org products, are recommended to update to this package.


  • Sat Feb 24 2007 Kai Engert <kengert@redhat.com> - 3.11.5-0.5.0
    • Update to 3.11.5
    • This update fixes two security vulnerabilities with SSL 2
  • Tue Nov 21 2006 Kai Engert <kengert@redhat.com> - 3.11.4-0.5
    • Update to 3.11.4
  • Thu Sep 14 2006 Kai Engert <kengert@redhat.com> - 3.11.3-0.5.fc5
    • Enable executable bit on shared libs, also fixes debug info.
    • Update to 3.11.3
  • Mon Jun 19 2006 Kai Engert <kengert@redhat.com> - 3.11.1-1.fc5
    • Update to 3.11.1
    • Include upstream patch to limit curves

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

368c7aa782b30694b2d55b7f73d6edf83a8b60da SRPMS/nss-3.11.5-0.5.0.fc5.src.rpm
368c7aa782b30694b2d55b7f73d6edf83a8b60da noarch/nss-3.11.5-0.5.0.fc5.src.rpm
897f65facbc63f478e73337d532432396e0bb852 ppc/debug/nss-debuginfo-3.11.5-0.5.0.fc5.ppc.rpm
6c45d3c3519caa2d237f4838dea38ad9de81d28f ppc/nss-3.11.5-0.5.0.fc5.ppc.rpm
415a9e58dcd370bd82d777642a54338283763aec ppc/nss-devel-3.11.5-0.5.0.fc5.ppc.rpm
b74e0f0b91ae52ba282c707bd3ff04d8c8b48b1e ppc/nss-tools-3.11.5-0.5.0.fc5.ppc.rpm
dbe829bad2636624e9c9c6237ecfbe5255e33889 ppc/nss-pkcs11-devel-3.11.5-0.5.0.fc5.ppc.rpm
3ff476a3a3a98a08b948404d145238de413b1213 x86_64/nss-3.11.5-0.5.0.fc5.x86_64.rpm
dbc45436ddae3537b1b9340ea4cf9b75a45f7126 x86_64/nss-devel-3.11.5-0.5.0.fc5.x86_64.rpm
d13521df9c751045678fae046f9994978aae9eca x86_64/nss-tools-3.11.5-0.5.0.fc5.x86_64.rpm
2204c661866144da5c908277e30496ddc424eda1 x86_64/debug/nss-debuginfo-3.11.5-0.5.0.fc5.x86_64.rpm
346896338c3b29bcada0bcd50f793f54799bd478 x86_64/nss-pkcs11-devel-3.11.5-0.5.0.fc5.x86_64.rpm
e4c229680358be487dd31bd40fe37683e0964cc2 i386/nss-tools-3.11.5-0.5.0.fc5.i386.rpm
20b97cb01b4e6d0ad3fa9d9b48d1d091ccefdb45 i386/nss-devel-3.11.5-0.5.0.fc5.i386.rpm
e1e91a0800d363327c5523c75b3e2a77d33d6085 i386/debug/nss-debuginfo-3.11.5-0.5.0.fc5.i386.rpm
b2d598386f50b51e5d6641c146ea4b5e14ff52d0 i386/nss-3.11.5-0.5.0.fc5.i386.rpm
43fb0c25d819a024d6be9a363dfda60b93dd1db4 i386/nss-pkcs11-devel-3.11.5-0.5.0.fc5.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.


Fedora Update Notification
FEDORA-2007-279
2007-02-26

Product : Fedora Core 6
Name : nspr
Version : 4.6.5
Release : 0.6.0.fc6
Summary : Netscape Portable Runtime

Description :
NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic memory management (malloc and free) and shared library linking.


Update Information:

This update fixes two security vulnerabilities with SSL 2 (CVE-2007-0008, CVE-2007-0009).

All users of NSS, which includes users of Firefox, Thunderbird, Seamonkey, and other mozilla.org products, are recommended to update to this package.


  • Sat Feb 24 2007 Kai Engert <kengert@redhat.com> - 4.6.5-2
    • Update to 4.6.5
    • Update to latest ipv6 upstream patch
    • Add upstream patch to fix a thread cleanup issue
    • Now requires pkgconfig

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

9f59ab433f57f7052d6ab2c9f68b7a4c04757064 SRPMS/nspr-4.6.5-0.6.0.fc6.src.rpm
9f59ab433f57f7052d6ab2c9f68b7a4c04757064 noarch/nspr-4.6.5-0.6.0.fc6.src.rpm
a54af3cd02b1115d883d193475128e048e015f97 ppc/nspr-4.6.5-0.6.0.fc6.ppc.rpm
d5ec408496920ccb8f2fc8d758ad590e45137a1e ppc/debug/nspr-debuginfo-4.6.5-0.6.0.fc6.ppc.rpm
d6405fe8482923f4a9b8dde610d50f9aeb99cf05 ppc/nspr-devel-4.6.5-0.6.0.fc6.ppc.rpm
e30637814be3c35fc18c6aa294bd6ab2a824882b x86_64/nspr-devel-4.6.5-0.6.0.fc6.x86_64.rpm
fcd45fcbe62f9c60aeb9f0330d20d37a1add9180 x86_64/nspr-4.6.5-0.6.0.fc6.x86_64.rpm
98fc17685219014f392e2716200517c15a6202c4 x86_64/debug/nspr-debuginfo-4.6.5-0.6.0.fc6.x86_64.rpm
4d3367d841aff0094a84e8d3b61bbde051916556 i386/nspr-4.6.5-0.6.0.fc6.i386.rpm
bbde215f04551371db4f9bf29dac24aaacda1788 i386/debug/nspr-debuginfo-4.6.5-0.6.0.fc6.i386.rpm
a275dfd9fafb3db3a60607f9b9724f42a82f7e40 i386/nspr-devel-4.6.5-0.6.0.fc6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.


Fedora Update Notification
FEDORA-2007-279
2007-02-26

Product : Fedora Core 6
Name : nss
Version : 3.11.5
Release : 0.6.0.fc6
Summary : Network Security Services

Description :
Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.


Update Information:

This update fixes two security vulnerabilities with SSL 2 (CVE-2007-0008, CVE-2007-0009).

All users of NSS, which includes users of Firefox, Thunderbird, Seamonkey, and other mozilla.org products, are recommended to update to this package.


  • Sat Feb 24 2007 Kai Engert <kengert@redhat.com> - 3.11.5-0.6.0
    • Update to 3.11.5
    • This update fixes two security vulnerabilities with SSL 2
    • Added several unsupported tools to tools package
  • Tue Jan 9 2007 Bob Relyea <rrelyea@redhat.com> - 3.11.4-0.7
    • disable ECC, cleanout dead code

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

e08dc5803b83b36c224987c2a5039a1a9c3adb7c SRPMS/nss-3.11.5-0.6.0.fc6.src.rpm
e08dc5803b83b36c224987c2a5039a1a9c3adb7c noarch/nss-3.11.5-0.6.0.fc6.src.rpm
8a5bae5ea58c3592a0ebd75598e5496f01335922 ppc/nss-3.11.5-0.6.0.fc6.ppc.rpm
f4ac5629aa41ea0678720b33fb792f28cd93cc69 ppc/nss-pkcs11-devel-3.11.5-0.6.0.fc6.ppc.rpm
5dcc068be8b9a2c517cc9a7b20ccdce1d3142c9e ppc/debug/nss-debuginfo-3.11.5-0.6.0.fc6.ppc.rpm
f91a3c60a82b383e17f2c1efda0756b363779241 ppc/nss-tools-3.11.5-0.6.0.fc6.ppc.rpm
4b306b84f687caa3462fcd89291e7aa8f12c05d9 ppc/nss-devel-3.11.5-0.6.0.fc6.ppc.rpm
99ff96d8561b542726b2104d704a679a9ef7be08 x86_64/debug/nss-debuginfo-3.11.5-0.6.0.fc6.x86_64.rpm
33997287945a474632fe404231e7a06185f626f9 x86_64/nss-pkcs11-devel-3.11.5-0.6.0.fc6.x86_64.rpm
1a22450f4cd51f282126cd030c023c07c058999a x86_64/nss-3.11.5-0.6.0.fc6.x86_64.rpm
ae7d34d969e47f444cd7e8043f652e29b148f511 x86_64/nss-tools-3.11.5-0.6.0.fc6.x86_64.rpm
3c44c678d0670276c98cf77c6777377db295f571 x86_64/nss-devel-3.11.5-0.6.0.fc6.x86_64.rpm
5f75c3672ac90bc48632f0d697bbc175c1e3e665 i386/nss-tools-3.11.5-0.6.0.fc6.i386.rpm
8a180e3cf3dee9d19ce6e0a9d6d7cf121722cead i386/nss-3.11.5-0.6.0.fc6.i386.rpm
cfef7d660bf5ae51305dbb285e1d044c4a180a20 i386/nss-devel-3.11.5-0.6.0.fc6.i386.rpm
240e4d47acbb5f5be44f6799718fd6a291bbaf00 i386/debug/nss-debuginfo-3.11.5-0.6.0.fc6.i386.rpm
3c6753faac9a66a30028e056005f8a7232a6fcee i386/nss-pkcs11-devel-3.11.5-0.6.0.fc6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.


Fedora Update Notification
FEDORA-2007-281
2007-02-26

Product : Fedora Core 5
Name : firefox
Version : 1.5.0.10
Release : 1.fc5
Summary : Mozilla Firefox Web browser.

Description :
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.


  • Thu Feb 22 2007 Martin Stransky <stransky@redhat.com> - 1.5.0.10-1
    • Update to 1.5.0.10
  • Wed Dec 20 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.9-1
    • Update to 1.5.0.9
  • Tue Nov 7 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.8-1
    • Update to 1.5.0.8
    • Fix up a few items in the download manager
    • Use the bullet character for password fields.
    • Add pango printing patch from Behdad.
  • Wed Sep 13 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.7-1
    • Update to 1.5.0.7
    • Bring in pango patches from rawhide to fix MathML and cursor positioning
  • Tue Aug 8 2006 Jesse Keating <jkeating@redhat.com> - 1.5.0.6-2
    • Use dist tag
    • rebuild
  • Thu Aug 3 2006 Kai Engert <kengert@redhat.com> - 1.5.0.6-1.1.fc5
    • Update to 1.5.0.6
  • Thu Jul 27 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.5-1.1.fc5
    • Update to 1.5.0.5
  • Wed Jun 14 2006 Kai Engert <kengert@redhat.com> - 1.5.0.4-1.2.fc5
    • Force "gmake -j1" on ppc ppc64 s390 s390x
  • Mon Jun 12 2006 Kai Engert <kengert@redhat.com> - 1.5.0.4-1.1.fc5
    • Firefox 1.5.0.4

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

878681447ec0a3aee8371baf9785da5b6cf16e18 SRPMS/firefox-1.5.0.10-1.fc5.src.rpm
878681447ec0a3aee8371baf9785da5b6cf16e18 noarch/firefox-1.5.0.10-1.fc5.src.rpm
d65e9d03fb4e72933243fd9c27dae0682cd525cf ppc/debug/firefox-debuginfo-1.5.0.10-1.fc5.ppc.rpm
b076ca6f17fef459dfae6914c6009f6dbf70f50b ppc/firefox-1.5.0.10-1.fc5.ppc.rpm
92c942d39253a30f76669a7ca53ad95ae49cb071 x86_64/firefox-1.5.0.10-1.fc5.x86_64.rpm
380b8577d291bf62c3678dc76b153ec8d5717c14 x86_64/debug/firefox-debuginfo-1.5.0.10-1.fc5.x86_64.rpm
0d97b7e224025d35b2ad4acee4fe72ddf70a894d i386/firefox-1.5.0.10-1.fc5.i386.rpm
fdde6acd22cb4ffae7703f0e4d489e03c78f6d6e i386/debug/firefox-debuginfo-1.5.0.10-1.fc5.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.


Fedora Update Notification
FEDORA-2007-281
2007-02-26

Product : Fedora Core 5
Name : firefox
Version : 1.5.0.10
Release : 1.fc5
Summary : Mozilla Firefox Web browser.

Description :
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.


  • Thu Feb 22 2007 Martin Stransky <stransky@redhat.com> - 1.5.0.10-1
    • Update to 1.5.0.10
  • Wed Dec 20 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.9-1
    • Update to 1.5.0.9
  • Tue Nov 7 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.8-1
    • Update to 1.5.0.8
    • Fix up a few items in the download manager
    • Use the bullet character for password fields.
    • Add pango printing patch from Behdad.
  • Wed Sep 13 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.7-1
    • Update to 1.5.0.7
    • Bring in pango patches from rawhide to fix MathML and cursor positioning
  • Tue Aug 8 2006 Jesse Keating <jkeating@redhat.com> - 1.5.0.6-2
    • Use dist tag
    • rebuild
  • Thu Aug 3 2006 Kai Engert <kengert@redhat.com> - 1.5.0.6-1.1.fc5
    • Update to 1.5.0.6
  • Thu Jul 27 2006 Christopher Aillon <caillon@redhat.com> - 1.5.0.5-1.1.fc5
    • Update to 1.5.0.5
  • Wed Jun 14 2006 Kai Engert <kengert@redhat.com> - 1.5.0.4-1.2.fc5
    • Force "gmake -j1" on ppc ppc64 s390 s390x
  • Mon Jun 12 2006 Kai Engert <kengert@redhat.com> - 1.5.0.4-1.1.fc5
    • Firefox 1.5.0.4

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

878681447ec0a3aee8371baf9785da5b6cf16e18 SRPMS/firefox-1.5.0.10-1.fc5.src.rpm
878681447ec0a3aee8371baf9785da5b6cf16e18 noarch/firefox-1.5.0.10-1.fc5.src.rpm
d65e9d03fb4e72933243fd9c27dae0682cd525cf ppc/debug/firefox-debuginfo-1.5.0.10-1.fc5.ppc.rpm
b076ca6f17fef459dfae6914c6009f6dbf70f50b ppc/firefox-1.5.0.10-1.fc5.ppc.rpm
92c942d39253a30f76669a7ca53ad95ae49cb071 x86_64/firefox-1.5.0.10-1.fc5.x86_64.rpm
380b8577d291bf62c3678dc76b153ec8d5717c14 x86_64/debug/firefox-debuginfo-1.5.0.10-1.fc5.x86_64.rpm
0d97b7e224025d35b2ad4acee4fe72ddf70a894d i386/firefox-1.5.0.10-1.fc5.i386.rpm
fdde6acd22cb4ffae7703f0e4d489e03c78f6d6e i386/debug/firefox-debuginfo-1.5.0.10-1.fc5.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.


Fedora Update Notification
FEDORA-2007-287
2007-02-26

Product : Fedora Core 5
Name : php
Version : 5.1.6
Release : 1.4
Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)

Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages.


Update Information:

This update fixes a number of security issues in PHP.

A number of buffer overflow flaws were found in the PHP session extension, the str_replace() function, and the imap_mail_compose() function. If very long strings under the control of an attacker are passed to the str_replace() function then an integer overflow could occur in memory allocation. If a script uses the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker who is able to access a PHP application affected by any these issues could trigger these flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906)

If unserializing untrusted data on 64-bit platforms, the zend_hash_init() function can be forced to enter an infinite loop, consuming CPU resources for a limited length of time, until the script timeout alarm aborts execution of the script. (CVE-2007-0988)

If the wddx extension is used to import WDDX data from an untrusted source, certain WDDX input packets may allow a random portion of heap memory to be exposed. (CVE-2007-0908)

If the odbc_result_all() function is used to display data from a database, and the contents of the database table are under the control of an attacker, a format string vulnerability is possible which could lead to the execution of arbitrary code. (CVE-2007-0909)

A one byte memory read will always occur before the beginning of a buffer, which could be triggered for example by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907)

Several flaws in PHP could allows attackers to "clobber" certain super-global variables via unspecified vectors. (CVE-2007-0910)

The Fedora Project would like to thank Stefan Esser for his help diagnosing these issues.


  • Fri Feb 23 2007 Joe Orton <jorton@redhat.com> 5.1.6-1.4
    • fix pdo-abi provide
  • Tue Feb 20 2007 Joe Orton <jorton@redhat.com> 5.1.6-1.3
    • add security fixes for: CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 (#228011)
  • Fri Nov 3 2006 Joe Orton <jorton@redhat.com> 5.1.6-1.2
    • add security fix for CVE-2006-5465 (#213732)
  • Fri Oct 6 2006 Joe Orton <jorton@redhat.com> 5.1.6-1.1
    • update to 5.1.6 (#201767, #204995)
    • add fix for upstream #38801
    • add security fix for CVE-2006-4812
    • drop Obsoletes for mod_php (#194590)
    • add php-pdo-abi versioning (#193202)
    • move php{-config,ize} man pages to -devel (#199382)

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

3b061f65b70b34fbef62f1f65a3fa4333e41ab36 SRPMS/php-5.1.6-1.4.src.rpm
3b061f65b70b34fbef62f1f65a3fa4333e41ab36 noarch/php-5.1.6-1.4.src.rpm
5a24afb3d013455ced3218c8f523d8f84c25e0bb ppc/php-xml-5.1.6-1.4.ppc.rpm
fbac82de6d56570922fb8fa8acc5d19b8e2eaac5 ppc/php-dba-5.1.6-1.4.ppc.rpm
54d559127fec3e1768c77c72ec8fc5b7beef18e9 ppc/php-ldap-5.1.6-1.4.ppc.rpm
c8bc707f9aa2d1c306e21ac1aa22ff7bb48e1956 ppc/debug/php-debuginfo-5.1.6-1.4.ppc.rpm
26cc27f8f20800e022e4855c16fe6f7dd2b6b687 ppc/php-devel-5.1.6-1.4.ppc.rpm
f299be701a27f58a62452fca8fb8d3a8c3116049 ppc/php-gd-5.1.6-1.4.ppc.rpm
abf6d49a87cd7fa5ed94fe47b06e9b94dcbc720b ppc/php-mysql-5.1.6-1.4.ppc.rpm
edeac14484f1609e4966283556970c5d78985a35 ppc/php-imap-5.1.6-1.4.ppc.rpm
cdebab22f3df6b56801b3a6d828f0431a7840670 ppc/php-mbstring-5.1.6-1.4.ppc.rpm
ef6704adc6b52bf60acefa5a40fe8820dd260985 ppc/php-odbc-5.1.6-1.4.ppc.rpm
7913e46a19cc00212b81540872da77dd90ed93fe ppc/php-soap-5.1.6-1.4.ppc.rpm
12fae23a7b9b22d281d6de822d9bd34ec9073c1b ppc/php-bcmath-5.1.6-1.4.ppc.rpm
dabcbedca192d691affa5e1b6e8fabdcd9a09699 ppc/php-pdo-5.1.6-1.4.ppc.rpm
4d080964aae1aabab21cc771d3234d052974a03a ppc/php-snmp-5.1.6-1.4.ppc.rpm
2cbef2bc81e6b723ac3123fa19d35cb31704306f ppc/php-ncurses-5.1.6-1.4.ppc.rpm
d5831de4dd6f97dd5e50b1e35c0b5d3d94c549b3 ppc/php-xmlrpc-5.1.6-1.4.ppc.rpm
c41ae9293ff357a569f90e41f5ffdbe370e78981 ppc/php-5.1.6-1.4.ppc.rpm
25ccdd34065887149bdc76f4433609f3990bcbf2 ppc/php-pgsql-5.1.6-1.4.ppc.rpm
f7342fc8a87b31c7769341038be009453e57969e x86_64/php-xml-5.1.6-1.4.x86_64.rpm
4094d3cddd923db58e3a9d35539c38ec007c30ae x86_64/php-snmp-5.1.6-1.4.x86_64.rpm
c00a3e4d87c1903d9ace44c82952a69cf748ae3a x86_64/php-dba-5.1.6-1.4.x86_64.rpm
92cfd6eee0a9f69432ae033963071339bf41bded x86_64/debug/php-debuginfo-5.1.6-1.4.x86_64.rpm
79b95535324568f59a90cabafff598ce681cefe3 x86_64/php-odbc-5.1.6-1.4.x86_64.rpm
3f3d2724105055a14eb3e5ae84a4bd6f78d51dfb x86_64/php-mbstring-5.1.6-1.4.x86_64.rpm
583a38aa3e5eba89b750e992c837907686707b38 x86_64/php-soap-5.1.6-1.4.x86_64.rpm
23b0902bd5031e7f17f8ed49e1915ccad8e2756c x86_64/php-ncurses-5.1.6-1.4.x86_64.rpm
26589ce878963b6f01816bc80fcd233619a12531 x86_64/php-pgsql-5.1.6-1.4.x86_64.rpm
2bb6f903f4d09589195b8bfa0ea2d4b05ddff522 x86_64/php-5.1.6-1.4.x86_64.rpm
8ae38b5104656752920f26f62023959e3aaff3a2 x86_64/php-mysql-5.1.6-1.4.x86_64.rpm
2cb9256ffaa99045934bdc55a91f859c2026aea5 x86_64/php-gd-5.1.6-1.4.x86_64.rpm
dfb4127a9e9bdd09f7ea41be49299b70d9e14547 x86_64/php-xmlrpc-5.1.6-1.4.x86_64.rpm
54bcf579c5bb9d6ea0fa45546acadf2e3303a6dc x86_64/php-bcmath-5.1.6-1.4.x86_64.rpm
c92791ccc84d497821fc98f59ec40ff83acadf45 x86_64/php-imap-5.1.6-1.4.x86_64.rpm
cf32946c0300070d55dae8f46a87579da2303689 x86_64/php-pdo-5.1.6-1.4.x86_64.rpm
d40876346a93f3b9f38f8dc803bdd19b3b7f3cf5 x86_64/php-devel-5.1.6-1.4.x86_64.rpm
ca3c44aeea84297a96d42facdd31df442d06e316 x86_64/php-ldap-5.1.6-1.4.x86_64.rpm
9f0f3806b77b7936acfd4d3977a9364ee167c76a i386/php-xml-5.1.6-1.4.i386.rpm
f74abb78eae104c405cdfe158ab68ee3b52b7b9b i386/php-ldap-5.1.6-1.4.i386.rpm
cef9f63236317fad46ccb8009314054a7507369e i386/php-pdo-5.1.6-1.4.i386.rpm
2953d1aa54f7bbe01a13433742f5303747606107 i386/php-xmlrpc-5.1.6-1.4.i386.rpm
688e979d9625c287ff04ab732a7a157da8976f2a i386/php-mbstring-5.1.6-1.4.i386.rpm
86fd40c463190725748d8a0ff35a26e40cef8d40 i386/php-5.1.6-1.4.i386.rpm
6014c512fe4ef0512f0ca1f850fc8d06951b5aea i386/php-odbc-5.1.6-1.4.i386.rpm
00f9574c62f0f767762ec94b85e6ff65e991f56b i386/php-snmp-5.1.6-1.4.i386.rpm
8195b41ba6e9b60c1a0694cfa0b30e232061ee98 i386/debug/php-debuginfo-5.1.6-1.4.i386.rpm
2716cbc9275df6555673ccae4e33624e01fb50f4 i386/php-soap-5.1.6-1.4.i386.rpm
ab52b2c0e9ee2b5e9995eecfc42acb84d259b464 i386/php-dba-5.1.6-1.4.i386.rpm
aa0fbf478c12b0176693475831c41149f467f39b i386/php-devel-5.1.6-1.4.i386.rpm
de5fb54e3497c36f32517693f10c1147c291cf5a i386/php-gd-5.1.6-1.4.i386.rpm
032a7a160711274d5815447bd4e258d80eb375e3 i386/php-ncurses-5.1.6-1.4.i386.rpm
871275a31e13729362db4a83d1e4464cfcd0338f i386/php-bcmath-5.1.6-1.4.i386.rpm
4bb0aed5c2ffcc87a71d14d7609e31d60453b7e1 i386/php-pgsql-5.1.6-1.4.i386.rpm
ad9b8790b30146d5be9184f951628c22e903bd1e i386/php-mysql-5.1.6-1.4.i386.rpm
5fc2d3423da640a14cace07b14340405cb44c07e i386/php-imap-5.1.6-1.4.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.


Fedora Update Notification
FEDORA-2007-289
2007-02-26

Product : Fedora Core 5
Name : seamonkey
Version : 1.0.8
Release : 0.5.1.fc5
Summary : Web browser and mail reader

Description :
SeaMonkey (former Mozilla) is an open-source web browser, designed for standards compliance, performance and portability.


  • Thu Feb 15 2007 Martin Stransky <stransky@redhat.com> 1.0.8-0.5.1
    • Update to 1.0.8
  • Thu Jan 18 2007 Martin Stransky <stransky@redhat.com> 1.0.7-0.6.0.1
    • created a link in /usr/bin/seamonkey
    • fixed mozilla-rebuild-databases.pl script, was called in %post with an incorrect path
    • fixed mozilla-config script
    • added a configuration from former extras seamonkey (#223848)
  • Thu Jan 4 2007 Martin Stransky <stransky@redhat.com> 1.0.7-0.6
    • Release bump
  • Thu Dec 21 2006 Martin Stransky <stransky@redhat.com> 1.0.7-0.1
    • Update to 1.0.7
  • Tue Dec 19 2006 Martin Stransky <stransky@redhat.com> 1.0.6-0.3
    • added dependencies on nspr-devel,nss-devel to seamonkey-devel package
  • Thu Dec 14 2006 Martin Stransky <stransky@redhat.com> 1.0.6-0.2.fc6
    • added ppc64 to arches
  • Fri Nov 10 2006 Martin Stransky <stransky@redhat.com> 1.0.6-0.1.fc6
    • moved to core
    • replaced nspr/nss with packages from core
  • Sun Nov 5 2006 Christopher Aillon <caillon@redhat.com> 1.0.6-0.1.el4
    • Update to 1.0.6 (RC)
  • Mon Sep 11 2006 Christopher Aillon <caillon@redhat.com> 1.0.5-0.1.el4
    • Update to 1.0.5
  • Wed Jul 26 2006 Christopher Aillon <caillon@redhat.com> 1.0.3-0.el4.1
    • Update to 1.0.3
  • Wed Jun 28 2006 Warren Togami <wtogami@redhat.com> 1.0.2-0.1.0.EL4
    • Prevent obsolete script from replacing mozilla-xremote-client (#192639)
    • 1.0.2 security fixes
    • remove unused patches
  • Mon May 22 2006 Christopher Aillon <caillon@redhat.com> 1.0.1-0.1.3.EL4
    • Fix the -devel packages and pkg-config files
  • Fri May 19 2006 Christopher Aillon <caillon@redhat.com> 1.0.1-0.1.2.EL4
    • Import some fixes from the RHEL3 package
  • Fri May 12 2006 Christopher Aillon <caillon@redhat.com> 1.0.1-0.1.1.EL4
    • Initial Seamonkey RPM

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

7dc006e0089d1759a08186e0bbfaadb059e34857 SRPMS/seamonkey-1.0.8-0.5.1.fc5.src.rpm
7dc006e0089d1759a08186e0bbfaadb059e34857 noarch/seamonkey-1.0.8-0.5.1.fc5.src.rpm
0b2433e304a1f92ad416df9737596a8be68581f4 ppc/seamonkey-js-debugger-1.0.8-0.5.1.fc5.ppc.rpm
c189004dead809b63123f575b764833af8b18de8 ppc/debug/seamonkey-debuginfo-1.0.8-0.5.1.fc5.ppc.rpm
65797fa9bdc38faab7ef410bf7d823424cf18f56 ppc/seamonkey-chat-1.0.8-0.5.1.fc5.ppc.rpm
f0cf3d4fec5b82e4d7f7b1d4e35cd2662aef1257 ppc/seamonkey-dom-inspector-1.0.8-0.5.1.fc5.ppc.rpm
5074545f03f00502223b8330ab21d234312d558b ppc/seamonkey-1.0.8-0.5.1.fc5.ppc.rpm
95b66dcc02f51bd675084fad9a73751047017fda ppc/seamonkey-devel-1.0.8-0.5.1.fc5.ppc.rpm
83bee51b1ab5223151032dbc206f20c54d77749a ppc/seamonkey-mail-1.0.8-0.5.1.fc5.ppc.rpm
dc558552b28485bcae91bab2295a8f57aaf9c9e4 x86_64/seamonkey-1.0.8-0.5.1.fc5.x86_64.rpm
da34bfda06901e873987c60dd8832a1b25a33e14 x86_64/seamonkey-mail-1.0.8-0.5.1.fc5.x86_64.rpm
b861231a6ab4efc807feb13ecca812361a5c864d x86_64/seamonkey-chat-1.0.8-0.5.1.fc5.x86_64.rpm
d322438be71b49abcf047d6a0274c1848eb949f5 x86_64/seamonkey-js-debugger-1.0.8-0.5.1.fc5.x86_64.rpm
bdbc136475df169335c6a748c68cb0038737c3f0 x86_64/seamonkey-devel-1.0.8-0.5.1.fc5.x86_64.rpm
826c47718f94c08cf0462aef56c234693d6dc477 x86_64/seamonkey-dom-inspector-1.0.8-0.5.1.fc5.x86_64.rpm
d6abec8647574a26acd7d05e51f985ee1f75a552 x86_64/debug/seamonkey-debuginfo-1.0.8-0.5.1.fc5.x86_64.rpm
010fb86cbf3bd0941a1c6436e5988ca1b73d13b9 i386/seamonkey-js-debugger-1.0.8-0.5.1.fc5.i386.rpm
39856c94da10756190bf54cc6bd5980f9e22a46d i386/seamonkey-1.0.8-0.5.1.fc5.i386.rpm
cb66f129ed0d14e44f4e77d481cd37803faa259f i386/seamonkey-devel-1.0.8-0.5.1.fc5.i386.rpm
236fc04707dbec49773d7e35f1d967f80aeeb533 i386/seamonkey-mail-1.0.8-0.5.1.fc5.i386.rpm
257cabea69041217abd57f497cfd8d07495a6bed i386/seamonkey-chat-1.0.8-0.5.1.fc5.i386.rpm
c22fe14bcba51a6ea3e19c350bfa6fea6164c759 i386/seamonkey-dom-inspector-1.0.8-0.5.1.fc5.i386.rpm
890ef53c3441833331fb367c94e92ec326727d26 i386/debug/seamonkey-debuginfo-1.0.8-0.5.1.fc5.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.


Fedora Update Notification
FEDORA-2007-289
2007-02-26

Product : Fedora Core 5
Name : epiphany
Version : 2.14.3
Release : 4.fc5
Summary : GNOME web browser based on the Mozilla rendering engine

Description :
epiphany is a simple GNOME web browser based on the Mozilla rendering engine


  • Fri Feb 16 2007 Martin Stransky <stransky@redhat.com> - 2.14.3-4
    • Rebuild against seamonkey
  • Fri Dec 22 2006 Martin Stransky <stransky@redhat.com> - 2.14.3-3
    • Rebuild against seamonkey
  • Mon Nov 13 2006 Martin Stransky <stransky@redhat.com> - 2.14.3-2
    • Rebuild against seamonkey
  • Wed Aug 2 2006 Matthias Clasen <mclasen@redhat.com> - 2.14.3-1.fc5
    • Update to 2.14.3
  • Mon May 29 2006 Matthias Clasen <mclasen@redhat.com> - 2.14.2.1-1.fc5.1
    • Update to 2.14.2.1
  • Sun May 28 2006 Matthias Clasen <mclasen@redhat.com> - 2.14.2-1.fc5.1
    • Update to 2.14.2

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

3c9e74278909210b5bb84032df973069b1627887 SRPMS/epiphany-2.14.3-4.fc5.src.rpm
3c9e74278909210b5bb84032df973069b1627887 noarch/epiphany-2.14.3-4.fc5.src.rpm
99ddbf9e678608d8cdd0049de7c23796e82afcba ppc/debug/epiphany-debuginfo-2.14.3-4.fc5.ppc.rpm
4c8a5b2c66a805886d62292319f7100b62885fc1 ppc/epiphany-devel-2.14.3-4.fc5.ppc.rpm
fe61aadc3b77aa47ee8750d33d831a60e11f934c ppc/epiphany-2.14.3-4.fc5.ppc.rpm
b963ace654680546994cb47f226c73106d31d7cf x86_64/epiphany-devel-2.14.3-4.fc5.x86_64.rpm
f029c79a797cc60ae69118eb6c3fd163d64199f1 x86_64/debug/epiphany-debuginfo-2.14.3-4.fc5.x86_64.rpm
e148c7395b0f417d211c0c003615656000db4099 x86_64/epiphany-2.14.3-4.fc5.x86_64.rpm
b8ded53919b3c44d1a2ecef72899905c67746535 i386/epiphany-2.14.3-4.fc5.i386.rpm
d76465dfd81098e086b70f5bbba6ab4c72f2e3d4 i386/epiphany-devel-2.14.3-4.fc5.i386.rpm
d02dba4dc90e4abf7e0421f37601252e52ad3d21 i386/debug/epiphany-debuginfo-2.14.3-4.fc5.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.


Fedora Update Notification
FEDORA-2007-289
2007-02-26

Product : Fedora Core 5
Name : yelp
Version : 2.14.3
Release : 4.fc5
Summary : A system documentation reader from the Gnome project.

Description :
Yelp is the Gnome 2 help/documentation browser. It is designed to help you browse all the documentation on your system in one central tool.


  • Fri Feb 16 2007 Martin Stransky <stransky@redhat.com> - 2.14.3-4
    • Rebuild against seamonkey
  • Fri Dec 22 2006 Martin Stransky <stransky@redhat.com> - 2.14.3-3
    • Rebuild against seamonkey
  • Tue Nov 14 2006 Martin Stransky <stransky@redhat.com> - 2.14.3-2
    • Rebuild against seamonkey
  • Wed Aug 2 2006 Matthias Clasen <mclasen@redhat.com> - 2.14.3-1.fc5
    • Update to 2.14.3
  • Mon May 29 2006 Matthias Clasen <mclasen@redhat.com> - 2.14.2-1
    • Update to 2.14.2

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

708a780584a66bcf93205d3c1f2d07ff851d0086 SRPMS/yelp-2.14.3-4.fc5.src.rpm
708a780584a66bcf93205d3c1f2d07ff851d0086 noarch/yelp-2.14.3-4.fc5.src.rpm
df92c1e2c44114804687681f66c2681bc6a591ab ppc/debug/yelp-debuginfo-2.14.3-4.fc5.ppc.rpm
9e0f8805dd1a13bd97280ca658caa48eea39cf19 ppc/yelp-2.14.3-4.fc5.ppc.rpm
d3ebc17e1454154a1198e62a46eca509613eb07c x86_64/debug/yelp-debuginfo-2.14.3-4.fc5.x86_64.rpm
d8150575189caa3ff3256eddd0deb7257d9f6b64 x86_64/yelp-2.14.3-4.fc5.x86_64.rpm
615e6176b72df8d45ac11136419566468d25e873 i386/debug/yelp-debuginfo-2.14.3-4.fc5.i386.rpm
b3ff75761b1cb46049b10cebd2d6a862279de091 i386/yelp-2.14.3-4.fc5.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.


Fedora Update Notification
FEDORA-2007-289
2007-02-26

Product : Fedora Core 5
Name : devhelp
Version : 0.11
Release : 6.fc5
Summary : API document browser

Description :
An API document browser for GNOME 2.


  • Fri Feb 16 2007 Martin Stransky <stransky@redhat.com> - 0.11-6
    • Rebuild against seamonkey
  • Fri Dec 22 2006 Martin Stransky <stransky@redhat.com> - 0.11-5
    • Rebuild against seamonkey
  • Mon Nov 13 2006 Martin Stransky <stransky@redhat.com> - 0.11-4
    • Rebuild against seamonkey

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

cb81110c14facebe52c0fd19a1de436c0cf94843 SRPMS/devhelp-0.11-6.fc5.src.rpm
cb81110c14facebe52c0fd19a1de436c0cf94843 noarch/devhelp-0.11-6.fc5.src.rpm
29b0df56a266a328a73480265dc3e97378f88c59 ppc/debug/devhelp-debuginfo-0.11-6.fc5.ppc.rpm
fe147368215d70fad0345304b0aeeb86bef7b354 ppc/devhelp-devel-0.11-6.fc5.ppc.rpm
d4903c867c5eb37722d14dff20407003e8638103 ppc/devhelp-0.11-6.fc5.ppc.rpm
42113f53a41944091bc0fd5a57325bddbea5a869 x86_64/devhelp-0.11-6.fc5.x86_64.rpm
10e4c29695944b6f01ea7a3b56091284a2a89fe3 x86_64/devhelp-devel-0.11-6.fc5.x86_64.rpm
cb46bcead55a91b8dff32defbd0389588cec6c2f x86_64/debug/devhelp-debuginfo-0.11-6.fc5.x86_64.rpm
484ef2cd617111bea13c1a274f05d874bea1d7aa i386/devhelp-0.11-6.fc5.i386.rpm
21cf308a41773f82c9f0aa28fae524f089c4fb41 i386/devhelp-devel-0.11-6.fc5.i386.rpm
a52dca08828d05b2fc2baa9cdd5f18661996cc79 i386/debug/devhelp-debuginfo-0.11-6.fc5.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200702-09

http://security.gentoo.org/


Severity: Normal
Title: Nexuiz: Multiple vulnerabilities
Date: February 25, 2007
Bugs: #166044
ID: 200702-09


Synopsis

Two separate vulnerabilities have been found in Nexuiz allowing the remote execution of arbitrary code and a Denial of Service.

Background

Nexuiz is a multi-player FPS game which uses a modified version of the Quake 1 engine.

Affected packages


     Package           /  Vulnerable  /                     Unaffected

  1  games-fps/nexuiz       < 2.2.1                           >= 2.2.1

Description

Nexuiz fails to correctly validate input within "clientcommands". There is also a failure to correctly handle connection attempts from remote hosts.

Impact

Using a specially crafted "clientcommand" a remote attacker can cause a buffer overflow in Nexuiz which could result in the execution of arbitrary code. Additionally, there is a Denial of Service vulnerability in Nexuiz allowing an attacker to cause Nexuiz to crash or to run out of resources by overloading it with specially crafted connection requests.

Workaround

There is no known workaround at this time.

Resolution

All Nexuiz users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=games-fps/nexuiz-2.2.1"

References

[ 1 ] CVE-2006-6609

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6609

[ 2 ] CVE-2006-6610

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6610

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200702-09.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200702-10

http://security.gentoo.org/


Severity: Normal
Title: UFO2000: Multiple vulnerabilities
Date: February 25, 2007
Bugs: #142392
ID: 200702-10


Synopsis

Multiple vulnerabilities have been found in the network components of UFO2000 that could result in the remote execution of arbitrary code.

Background

UFO2000 is a multi-player, turn-based tactical simulation.

Affected packages


     Package                 /  Vulnerable  /               Unaffected

  1  games-strategy/ufo2000     < 0.7.1062                 >= 0.7.1062

Description

Five vulnerabilities were found: a buffer overflow in recv_add_unit(); a problem with improperly trusting user-supplied string information in decode_stringmap(); several issues with array manipulation via various commands during play; an SQL injection in server_protocol.cpp; and finally, a second buffer overflow in recv_map_data().

Impact

An attacker could send crafted network traffic as part of a multi-player game that could result in remote code execution on the remote opponent or the server. A remote attacker could also run arbitrary SQL queries against the server account database, and perform a Denial of Service on a remote opponent by causing the game to crash.

Workaround

There is no known workaround at this time.

Resolution

UFO2000 currently depends on the dumb-0.9.2 library, which has been removed from portage due to security problems (GLSA 200608-14) . Because of this, UFO2000 has been masked, and we recommend unmerging the package until the next beta release can remove the dependency on dumb.

    # emerge --ask --verbose --unmerge ufo2000

References

[ 1 ] CVE-2006-3788

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3788

[ 2 ] CVE-2006-3789

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3789

[ 3 ] CVE-2006-3790

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3790

[ 4 ] CVE-2006-3791

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3791

[ 5 ] CVE-2006-3792

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3792

[ 6 ] GLSA 200608-14

http://www.gentoo.org/security/en/glsa/glsa-200608-14.xml

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200702-10.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

rPath Linux

rPath Security Advisory: 2007-0040-1
Published: 2007-02-26
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification: Indirect User Deterministic Unauthorized Access
Updated Versions: firefox=/conary.rpath.com@rpl:devel//1/1.5.0.10-0.1-1
References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077 CVE-2007-0008
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0776
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777 CVE-2007-0778
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995
https://issues.rpath.com/browse/RPL-1081
Description: Previous versions of the firefox package are vulnerable to several types of attacks, some of which are understood to allow compromised or malicious sites to run arbitrary code as the user running the firefox browser.