Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > August 2005 > Fedora - Four Update Notifications

August 2005

Fedora - Four Update Notifications

ID: 00716
Ref: 660/05
Date: 23 August 2005:13:43:04
Version: 1
Title: Fedora - Four Update Notifications
Abstract:
Vendors affected: Fedora
Operating systems affected: Fedora
Applications affected: Fedora

Title
=====

Fedora - Four Update Notifications:
1. Fedora Core 4 Update: slocate-2.7-22.fc4.1 [FEDORA-2005-770]
2. Fedora Core 4 Update:squirrelmail-1.4.6-0.cvs20050812.1.fc4 [FEDORA-2005-780]
3. Fedora Core 3 Update: slocate-2.7-12.fc3.1 [FEDORA-2005-771]
4. Fedora Core 3 Update:squirrelmail-1.4.6-0.cvs20050812.1.fc3 [FEDORA-2005-779]


Detail
======

Update notification summaries:

1. A carefully prepared directory structure could stop the
updatedb file system scan, resulting in an incomplete slocate
database.

2. It appears that Fedora have released an update to version 1.4.6 of
Squirrelmail due to perceived problems with the public version 1.4.5.

3. A carefully prepared directory structure could stop the
updatedb file system scan, resulting in an incomplete slocate
database.

4. It appears that Fedora have released an update to version 1.4.6 of
Squirrelmail due to perceived problems with the public version 1.4.5.


Update notification content follows:


1.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-770
2005-08-22
- ---------------------------------------------------------------------

Product : Fedora Core 4
Name : slocate
Version : 2.7
Release : 22.fc4.1
Summary : Finds files on a system via a central database.
Description :
Slocate is a security-enhanced version of locate. Just like locate,
slocate searches through a central database (which is updated nightly)
for files that match a given pattern. Slocate allows you to quickly
find files anywhere on your system.

- ---------------------------------------------------------------------
Update Information:

A carefully prepared directory structure could stop the
updatedb file system scan, resulting in an incomplete slocate
database. The Common Vulnerabilities and Exposures project has
assigned the name CAN-2005-2499 to this issue.

- ---------------------------------------------------------------------
* Tue Aug 9 2005 Miloslav Trmac - 2.7-22.fc4.1
- - Replace sl_fs.[ch] by glibc-derived versions
- - Skip subtrees with paths longer than 32k


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

be933a409ee095e558d20b56e6c3aac5 SRPMS/slocate-2.7-22.fc4.1.src.rpm
4456c2873f2cc9a75afa6a9989445d4e ppc/slocate-2.7-22.fc4.1.ppc.rpm
7cb7dfde2ee74b9b282b4ff002d3eb8c ppc/debug/slocate-debuginfo-2.7-22.fc4.1.ppc.rpm
76bddbbc65171d8060a6f2c1a8bfa62d x86_64/slocate-2.7-22.fc4.1.x86_64.rpm
856ef7ffcef6e41eef0e93f23fc57998 x86_64/debug/slocate-debuginfo-2.7-22.fc4.1.x86_64.rpm
50b3461440c9efe25d55f34d79a0272a i386/slocate-2.7-22.fc4.1.i386.rpm
b35ba3b183c2e37773ddf07147b1a98d i386/debug/slocate-debuginfo-2.7-22.fc4.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




2.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-780
2005-08-22
- ---------------------------------------------------------------------

Product : Fedora Core 4
Name : squirrelmail
Version : 1.4.6
Release : 0.cvs20050812.1.fc4
Summary : SquirrelMail webmail client
Description :
SquirrelMail is a standards-based webmail package written in PHP4. It
includes built-in pure PHP support for the IMAP and SMTP protocols, and
all pages render in pure HTML 4.0 (with no Javascript) for maximum
compatibility across browsers. It has very few requirements and is very
easy to configure and install. SquirrelMail has all the functionality
you would want from an email client, including strong MIME support,
address books, and folder manipulation.

- ---------------------------------------------------------------------
Update Information:

It probably is not a good idea to push a CVS snapshot here,
but upstream screwed up their 1.4.5 release and CVS contains
further fixes like PHP5 related stuff that might make
squirrelmail usable on FC4. This snapshot worked on my
personal server for the past week, so hopefully it will be
good for everyone else too.

CAN-2005-1769 and CAN-2005-2095 security issues are solved
in this update.

Please report regressions in behavior from our previous
1.4.4 package to Red Hat Bugzilla, product Fedora Core. All
other squirrelmail bugs please report upstream.
- ---------------------------------------------------------------------
* Sun Aug 14 2005 Warren Togami 1.4.6-0.cvs20050812.1
- - snapshot of 1.4.6 because 1.4.5 upstream was a bad release
this hopefully will also work on PHP5 too...

* Mon Jun 20 2005 Warren Togami 1.4.5-0.rc1
- - 1.4.5-0.rc1


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

508ddbe3e2fadfd928529173321aecb4 SRPMS/squirrelmail-1.4.6-0.cvs20050812.1.fc4.src.rpm
8de6255428c1ba23029430ca8a4e0e43 x86_64/squirrelmail-1.4.6-0.cvs20050812.1.fc4.noarch.rpm
8de6255428c1ba23029430ca8a4e0e43 i386/squirrelmail-1.4.6-0.cvs20050812.1.fc4.noarch.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




3.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-771
2005-08-22
- ---------------------------------------------------------------------

Product : Fedora Core 3
Name : slocate
Version : 2.7
Release : 12.fc3.1
Summary : Finds files on a system via a central database.
Description :
Slocate is a security-enhanced version of locate. Just like locate,
slocate searches through a central database (which is updated nightly)
for files that match a given pattern. Slocate allows you to quickly
find files anywhere on your system.

- ---------------------------------------------------------------------
Update Information:

A carefully prepared directory structure could stop the
updatedb file system scan, resulting in an incomplete slocate
database. The Common Vulnerabilities and Exposures project has
assigned the name CAN-2005-2499 to this issue.
- ---------------------------------------------------------------------
* Wed Aug 10 2005 Miloslav Trmac - 2.7-12.fc3.1
- - s/Copyright/License/
- - Skip subtrees with paths longer than 32k
- - Drop the ineffective fts patch


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

858e1b03ea946b5c03e00721dc1709dd SRPMS/slocate-2.7-12.fc3.1.src.rpm
dd00e1dc7ec8e90b51e404f2cae597e3 x86_64/slocate-2.7-12.fc3.1.x86_64.rpm
48d65ce1efe5f1e303b05ba46f74f7d7 x86_64/debug/slocate-debuginfo-2.7-12.fc3.1.x86_64.rpm
c83bfb7641c6c2e6bfc6209ea33f0157 i386/slocate-2.7-12.fc3.1.i386.rpm
364b3432b2b09a96b7a447f0fcd6aa23 i386/debug/slocate-debuginfo-2.7-12.fc3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




4.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-779
2005-08-22
- ---------------------------------------------------------------------

Product : Fedora Core 3
Name : squirrelmail
Version : 1.4.6
Release : 0.cvs20050812.1.fc3
Summary : SquirrelMail webmail client
Description :
SquirrelMail is a standards-based webmail package written in PHP4. It
includes built-in pure PHP support for the IMAP and SMTP protocols, and
all pages render in pure HTML 4.0 (with no Javascript) for maximum
compatibility across browsers. It has very few requirements and is very
easy to configure and install. SquirrelMail has all the functionality
you would want from an email client, including strong MIME support,
address books, and folder manipulation.

- ---------------------------------------------------------------------
Update Information:

It probably is not a good idea to push a CVS snapshot here,
but upstream screwed up their 1.4.5 release and CVS contains
further fixes like PHP5 related stuff that might make
squirrelmail usable on FC4. This snapshot worked on my
personal server for the past week, so hopefully it will be
good for everyone else too.

CAN-2005-1769 and CAN-2005-2095 security issues are solved
in this update.

Please report regressions in behavior from our previous
1.4.4 package to Red Hat Bugzilla, product Fedora Core. All
other squirrelmail bugs please report upstream.
- ---------------------------------------------------------------------
* Sun Aug 14 2005 Warren Togami 1.4.6-0.cvs20050812.1
- - snapshot of 1.4.6 because 1.4.5 upstream was a bad release
this hopefully will also work on PHP5 too...

* Mon Jun 20 2005 Warren Togami 1.4.5-0.rc1
- - 1.4.5-0.rc1


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

eedfb9666898895bb5dded84697d0b1a SRPMS/squirrelmail-1.4.6-0.cvs20050812.1.fc3.src.rpm
843b6ffb98c87b5cb992a2c674410ad3 x86_64/squirrelmail-1.4.6-0.cvs20050812.1.fc3.noarch.rpm
843b6ffb98c87b5cb992a2c674410ad3 i386/squirrelmail-1.4.6-0.cvs20050812.1.fc3.noarch.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |