Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > October 2005 > Fedora - Ten Update Notifications

October 2005

Fedora - Ten Update Notifications

ID: 00930
Ref: 870/05
Date: 24 October 2005:16:29:35
Version: 1
Title: Fedora - Ten Update Notifications
Abstract:
Vendors affected: Fedora
Operating systems affected: Fedora
Applications affected: Fedora

Title
=====
Fedora - Ten Update Notifications:
1. Fedora Core 4 Update: lynx-2.8.5-23.1 [FEDORA-2005-994]
2. Fedora Core 4 Update: squid-2.5.STABLE11-3.FC4 [FEDORA-2005-1009]
3. Fedora Core 4 Update: ethereal-0.10.13-1.FC4.2 [FEDORA-2005-1011]
4. Fedora Core 4 Update: kernel-2.6.13-1.1532_FC4 [FEDORA-2005-1013]
5. Fedora Core 3 Update: lynx-2.8.5-18.0.1 [FEDORA-2005-993]
6. Fedora Core 3 Update: wget-1.10.2-0.fc3 [FEDORA-2005-996]
7. Fedora Core 3 Update: curl-7.12.3-4.fc3 [FEDORA-2005-1000]
8. Fedora Core 3 Update: kernel-2.6.12-1.1380_FC3 [FEDORA-2005-1007]
9. Fedora Core 3 Update: ethereal-0.10.13-1.FC3.1 [FEDORA-2005-1008]
10. Fedora Core 3 Update: squid-2.5.STABLE11-3.FC3 [FEDORA-2005-1010]


Detail
======

Update notification summaries:

1. This package fixes a security bug (CAN-2005-3120) when
handling connections to NNTP (news) servers.

2. Fix for #171213 - CVE-2005-3258 Squid crash due to malformed FTP response.

3. CAN-2005-3241 Multiple ethereal issues fixed (#171063).

4. Multiple Kernel issues fixed.

5. Apply patch to fix CAN-2005-3120 (bug #170253).

6. Update to 1.10.2

7. Fix bug 170682 CAN-2005-3185 NTLM buffer overflow

8. This update fixes the outstanding kernel security issues for
FC3, and fixes a number of regressions in the previous
update kernel.

9. CAN-2005-3241 Multiple ethereal issues fixed (#171063)

10. Fix for #171213 - CVE-2005-3258 Squid crash due to malformed FTP response


Update notification content follows:


1.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-994
2005-10-17
- ---------------------------------------------------------------------

Product : Fedora Core 4
Name : lynx
Version : 2.8.5
Release : 23.1
Summary : A text-based Web browser.
Description :
Lynx is a text-based Web browser. Lynx does not display any images,
but it does support frames, tables, and most other HTML tags. One
advantage Lynx has over graphical browsers is speed; Lynx starts and
exits quickly and swiftly displays webpages.

- ---------------------------------------------------------------------
Update Information:

This package fixes a security bug (CAN-2005-3120) when
handling connections to NNTP (news) servers.
- ---------------------------------------------------------------------
* Tue Oct 11 2005 Tim Waugh 2.8.5-23.1
- - Apply patch to fix CAN-2005-3120 (bug #170253).


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

0aff3f237d549faf4761df85fa7b5292 SRPMS/lynx-2.8.5-23.1.src.rpm
f35975eed95b9d3f54c04acbbc3ccde8 ppc/lynx-2.8.5-23.1.ppc.rpm
efdd58234b1ad7d5aa4cc74b92b3cd19 ppc/debug/lynx-debuginfo-2.8.5-23.1.ppc.rpm
491d61c1e642df2d97eeb68089875521 x86_64/lynx-2.8.5-23.1.x86_64.rpm
d5430134a3f81dd79c58467385f0ab1d x86_64/debug/lynx-debuginfo-2.8.5-23.1.x86_64.rpm
00b31da69c3edb8fe480f0017013386d i386/lynx-2.8.5-23.1.i386.rpm
d89bc8b6a3f3f8d74416b57a08d214f5 i386/debug/lynx-debuginfo-2.8.5-23.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




2.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1009
2005-10-20
- ---------------------------------------------------------------------

Product : Fedora Core 4
Name : squid
Version : 2.5.STABLE11
Release : 3.FC4
Summary : The Squid proxy caching server.
Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.

- ---------------------------------------------------------------------

* Thu Oct 20 2005 Martin Stransky 7:2.5.STABLE11-3.FC4
- - fix for #171213 - CVE-2005-3258 Squid crash due to malformed FTP response
- - more fixes from upstream


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

6327dc0e09ab56f785dad26b46b2362e SRPMS/squid-2.5.STABLE11-3.FC4.src.rpm
c7312399c3dbdcaa0afb6c42e5528708 ppc/squid-2.5.STABLE11-3.FC4.ppc.rpm
830786073cfd48ccdf2e857fad309c70 ppc/debug/squid-debuginfo-2.5.STABLE11-3.FC4.ppc.rpm
ee191771c2fa577cdee8d716849bb405 x86_64/squid-2.5.STABLE11-3.FC4.x86_64.rpm
1c398f895495bcdd241a3314c9f66172 x86_64/debug/squid-debuginfo-2.5.STABLE11-3.FC4.x86_64.rpm
4ba15c7cf3d88de8b7a7c8f6d12b7da4 i386/squid-2.5.STABLE11-3.FC4.i386.rpm
224b6910ef11e0db87b88355853cdac3 i386/debug/squid-debuginfo-2.5.STABLE11-3.FC4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




3.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1011
2005-10-20
- ---------------------------------------------------------------------

Product : Fedora Core 4
Name : ethereal
Version : 0.10.13
Release : 1.FC4.2
Summary : Network traffic analyzer
Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for ethereal. A graphical user interface is packaged
separately to GTK+ package.

- ---------------------------------------------------------------------
Update Information:

Ethereal 0.10.13 fixes the following issues:

The ISAKMP dissector could exhaust system memory.
(CAN-2005-3241)
Fixed in: r15163
Bug IDs: none
Versions affected: 0.10.11 to 0.10.12.

The FC-FCS dissector could exhaust system memory.
(CAN-2005-3241)
Fixed in: r15204
Bug IDs: 312
Versions affected: 0.9.0 to 0.10.12.

The RSVP dissector could exhaust system memory.
(CAN-2005-3241)
Fixed in: r15206, r15600
Bug IDs: 311, 314, 382
Versions affected: 0.9.4 to 0.10.12.

The ISIS LSP dissector could exhaust system memory.
(CAN-2005-3241)
Fixed in: r15245
Bug IDs: 320, 326
Versions affected: 0.8.18 to 0.10.12.

The IrDA dissector could crash. (CAN-2005-3242)
Fixed in: r15265, r15267
Bug IDs: 328, 329, 330, 334, 335, 336
Versions affected: 0.10.0 to 0.10.12.

The SLIMP3 dissector could overflow a buffer. (CAN-2005-3243)
Fixed in: r15279
Bug IDs: 327
Versions affected: 0.9.1 to 0.10.12.

The BER dissector was susceptible to an infinite loop.
(CAN-2005-3244)
Fixed in: r15292
Bug IDs: none
Versions affected: 0.10.3 to 0.10.12.

The SCSI dissector could dereference a null pointer and
crash. (CAN-2005-3246)
Fixed in: r15289
Bug IDs: none
Versions affected: 0.10.3 to 0.10.12.

If the "Dissect unknown RPC program numbers" option was
enabled,
the ONC RPC dissector might be able to exhaust system memory.
This option is disabled by default. (CAN-2005-3245)
Fixed in: r15290
Bug IDs: none
Versions affected: 0.7.7 to 0.10.12.

The sFlow dissector could dereference a null pointer and
crash (CAN-2005-3246)
Fixed in: r15375
Bug IDs: 356
Versions affected: 0.9.14 to 0.10.12.

The RTnet dissector could dereference a null pointer and
crash (CAN-2005-3246)
Fixed in: r15673
Bug IDs: none
Versions affected: 0.10.8 to 0.10.12.

The SigComp UDVM could go into an infinite loop or crash.
(CAN-2005-3247)
Fixed in: r15715, r15901, r15919
Bug IDs: none
Versions affected: 0.10.12.

If SMB transaction payload reassembly is enabled the SMB
dissector could crash. This preference is disabled by
default. (CAN-2005-3242)
Fixed in: r15789
Bug IDs: 421
Versions affected: 0.9.7 to 0.10.12.

The X11 dissector could attempt to divide by zero.
(CAN-2005-3248)
Fixed in: r15927
Bug IDs: none
Versions affected: 0.10.1 to 0.10.12.

The AgentX dissector could overflow a buffer. (CAN-2005-3243)
Fixed in: r16003
Bug IDs: none
Versions affected: 0.10.10 to 0.10.12.

The WSP dissector could free an invalid pointer.
(CAN-2005-3249)
Fixed in: r16220
Bug IDs: none
Versions affected: 0.10.1 to 0.10.12.

iDEFENSE found a buffer overflow in the SRVLOC dissector.
(CAN-2005-3184)
Fixed in: r16206
Bug IDs: none
Versions affected: 0.10.0 to 0.10.12.
- ---------------------------------------------------------------------
* Thu Oct 20 2005 Radek Vokal 0.10.13-1.FC4.2
- - fix pcre dependecy

* Thu Oct 20 2005 Radek Vokal 0.10.13-1.FC4.1
- - upgrade to 0.10.13
- - CAN-2005-3241 Multiple ethereal issues fixed (#171063)


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

a7988a499de1a8032d16152096748d27 SRPMS/ethereal-0.10.13-1.FC4.2.src.rpm
bdbbb8ada1db07d2146a51fc6f096b2c ppc/ethereal-0.10.13-1.FC4.2.ppc.rpm
3ea8f33a29cedcb02a2c6e11fb560536 ppc/ethereal-gnome-0.10.13-1.FC4.2.ppc.rpm
70c1bf089688d414953bace144e870a9 ppc/debug/ethereal-debuginfo-0.10.13-1.FC4.2.ppc.rpm
e2d2f0ed02c33d4c08669befff4e5689 x86_64/ethereal-0.10.13-1.FC4.2.x86_64.rpm
9ada6864fb21578e66fb8a7097d935a1 x86_64/ethereal-gnome-0.10.13-1.FC4.2.x86_64.rpm
034aa897c43bfc15cedc3629f441d00c x86_64/debug/ethereal-debuginfo-0.10.13-1.FC4.2.x86_64.rpm
ab6bf0fb7318a1025afeaaa40eb37953 i386/ethereal-0.10.13-1.FC4.2.i386.rpm
cc57d85cc21689de6bfe20fc25491f4f i386/ethereal-gnome-0.10.13-1.FC4.2.i386.rpm
201c93fb3ebb00098b61100f7a0e92d7 i386/debug/ethereal-debuginfo-0.10.13-1.FC4.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




4.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1013
2005-10-20
- ---------------------------------------------------------------------

Product : Fedora Core 4
Name : kernel
Version : 2.6.13
Release : 1.1532_FC4
Summary : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

- ---------------------------------------------------------------------

* Wed Oct 19 2005 Dave Jones [2.6.13-1.1532_FC4]
- - Fix CAN-2005-2973 (ipv6 infinite loop)
- - Disable ACPI burst again, it's still problematic.
- - Update to the final upstream variant of the IDE/SATA fix.

* Sun Oct 16 2005 Dave Jones [2.6.13-1.1531_FC4]
- - Stop IDE claiming legacy ports before libata in combined mode.

* Sun Oct 16 2005 Dave Jones [2.6.13-1.1530_FC4]
- - Enable ACPI EC burst.
- - Reenable change of timesource default.

* Tue Oct 11 2005 Dave Jones [2.6.13-1.1529_FC4]
- - 2.6.13.4

* Thu Oct 6 2005 Dave Jones
- - Fix information leak in orinoco driver.

* Wed Oct 5 2005 Dave Jones
- - Further fixing to the 8139too suspend/resume problem.

* Mon Oct 3 2005 Dave Jones [2.6.13-1.1528_FC4]
- - 2.6.13.3

* Sun Oct 2 2005 Dave Jones [2.6.13-1.1527_FC4]
- - Disable debug messages in w83781d sensor driver. (#169695)
- - Re-add a bunch of patches that got accidentally dropped in last update.
- Fix suspend/resume with 8139too
- Fix usbhid/wireless security lock clash (#147479)
- Missing check condition in ide scsi (#160868)
- Fix nosense error with transcend usb keys (#162559)
- Fix sk98lin vpd problem. (#136158)
- - Fix IDE floppy eject. (#158548)

* Fri Sep 30 2005 Dave Jones
- - irda-driver smsc-ircc2 needs pnp-functionality. (#153970)
- - Reenable /proc/acpi/sleep (#169650)
- - Silence some selinux messages. (#167852)


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

0f7703b95fb10eea8ba98fe867b82420 SRPMS/kernel-2.6.13-1.1532_FC4.src.rpm
7e3ad0a0e7a6e37cbae3776000e11c33 ppc/kernel-2.6.13-1.1532_FC4.ppc.rpm
3f2a8e75dac0cec3c90b034d7383611c ppc/kernel-devel-2.6.13-1.1532_FC4.ppc.rpm
d19ec852ccbc3690abf31d9c9c6a9760 ppc/kernel-smp-2.6.13-1.1532_FC4.ppc.rpm
062795f1071ac14c3be8550a8dea7da1 ppc/kernel-smp-devel-2.6.13-1.1532_FC4.ppc.rpm
155ef19342f4e6a2f7101571d94a806b ppc/debug/kernel-debuginfo-2.6.13-1.1532_FC4.ppc.rpm
7a6512ba50c89027f29f9ee6287b0c52 ppc/kernel-2.6.13-1.1532_FC4.ppc64.rpm
de5f9dbd2f92c109e6716f0be46ee927 ppc/kernel-devel-2.6.13-1.1532_FC4.ppc64.rpm
927afe801c27c63b978b56301874741e x86_64/kernel-2.6.13-1.1532_FC4.x86_64.rpm
39e31c3cd1e3d1fc0ac5d28883b4bc08 x86_64/kernel-devel-2.6.13-1.1532_FC4.x86_64.rpm
7fb1e1c29c22272094f69f91698b3445 x86_64/kernel-smp-2.6.13-1.1532_FC4.x86_64.rpm
5f6ba16565169dd9c20273a0ce834b1b x86_64/kernel-smp-devel-2.6.13-1.1532_FC4.x86_64.rpm
14c9b85f3373eb754d2611a450eff2ef x86_64/debug/kernel-debuginfo-2.6.13-1.1532_FC4.x86_64.rpm
cfe12770e33239b793e4546f773d1c0a x86_64/kernel-doc-2.6.13-1.1532_FC4.noarch.rpm
e69850944046a4d0e3ebca7e9e5733ad i386/kernel-2.6.13-1.1532_FC4.i586.rpm
e1bf283bb61abfbf567ea9580020cda5 i386/kernel-devel-2.6.13-1.1532_FC4.i586.rpm
e1e6f867ff5f53b084c00cb5bc4bcba0 i386/debug/kernel-debuginfo-2.6.13-1.1532_FC4.i586.rpm
02b9690c11f38be3b2b524c22d975812 i386/kernel-2.6.13-1.1532_FC4.i686.rpm
2da650f41f0f5cfa360a447f8d81f676 i386/kernel-devel-2.6.13-1.1532_FC4.i686.rpm
756af7f9309326f6ee1535feb9a67ff2 i386/kernel-smp-2.6.13-1.1532_FC4.i686.rpm
4a3027b0eb9aa06447d64f12c63af92b i386/kernel-smp-devel-2.6.13-1.1532_FC4.i686.rpm
5bbf11f714cda26731276905919e9d95 i386/kernel-xen0-2.6.13-1.1532_FC4.i686.rpm
d69f77d7176ba9d8f8d4950bcf1160df i386/kernel-xen0-devel-2.6.13-1.1532_FC4.i686.rpm
ac59450e8d94759a27c3e3b4a3ee5284 i386/kernel-xenU-2.6.13-1.1532_FC4.i686.rpm
73ed6e93745c5a45133e00de78606a53 i386/kernel-xenU-devel-2.6.13-1.1532_FC4.i686.rpm
835e768c70b2469e828a2086cdca588b i386/debug/kernel-debuginfo-2.6.13-1.1532_FC4.i686.rpm
cfe12770e33239b793e4546f773d1c0a i386/kernel-doc-2.6.13-1.1532_FC4.noarch.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




5.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-993
2005-10-17
- ---------------------------------------------------------------------

Product : Fedora Core 3
Name : lynx
Version : 2.8.5
Release : 18.0.1
Summary : A text-based Web browser.
Description :
Lynx is a text-based Web browser. Lynx does not display any images,
but it does support frames, tables, and most other HTML tags. One
advantage Lynx has over graphical browsers is speed; Lynx starts and
exits quickly and swiftly displays webpages.

- ---------------------------------------------------------------------
Update Information:

This package fixes a security bug (CAN-2005-3120) when
handling connections to NNTP (news) servers.
- ---------------------------------------------------------------------
* Tue Oct 11 2005 Tim Waugh 2.8.5-18.0.1
- - Apply patch to fix CAN-2005-3120 (bug #170253).


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

fdbaaff433cb649b3885b831cfe9d538 SRPMS/lynx-2.8.5-18.0.1.src.rpm
2335e89d1ed378a38a12dcb9402f3cec x86_64/lynx-2.8.5-18.0.1.x86_64.rpm
5b7385421cadb7094250ea302a08ab24 x86_64/debug/lynx-debuginfo-2.8.5-18.0.1.x86_64.rpm
632c6928877f4e7c1922d06c79a3444f i386/lynx-2.8.5-18.0.1.i386.rpm
4d1d7a88b9782979c697e95dd4fc8386 i386/debug/lynx-debuginfo-2.8.5-18.0.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




6.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-996
2005-10-17
- ---------------------------------------------------------------------

Product : Fedora Core 3
Name : wget
Version : 1.10.2
Release : 0.fc3
Summary : A utility for retrieving files using the HTTP or FTP protocols.
Description :
GNU Wget is a file retrieval utility which can use either the HTTP or
FTP protocols. Wget features include the ability to work in the
background while you are logged out, recursive retrieval of
directories, file name wildcard matching, remote file timestamp
storage and comparison, use of Rest with FTP servers and Range with
HTTP servers to retrieve files over slow or unstable connections,
support for Proxy servers, and configurability.

- ---------------------------------------------------------------------
Update Information:

This package fixes a buffer overflow bug in the NTLM
authentication code of wget (CAN-2005-3185).
- ---------------------------------------------------------------------
* Mon Oct 17 2005 Karsten Hopp 1.10.2-0.fc3
- - update to 1.10.2


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

661fa23091aaef489317c4f854daf7ad SRPMS/wget-1.10.2-0.fc3.src.rpm
7b325efc3362fb5865d2d697612cffd9 x86_64/wget-1.10.2-0.fc3.x86_64.rpm
3a2349f1bb3e20f6e085f6cf9481b7dd x86_64/debug/wget-debuginfo-1.10.2-0.fc3.x86_64.rpm
1a77b2601aa6587b14dc8aca9a864a28 i386/wget-1.10.2-0.fc3.i386.rpm
f511fda5923e62ddfdbdfd8d5f09c005 i386/debug/wget-debuginfo-1.10.2-0.fc3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




7.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1000
2005-10-18
- ---------------------------------------------------------------------

Product : Fedora Core 3
Name : curl
Version : 7.12.3
Release : 4.fc3
Summary : A utility for getting files from remote servers (FTP, HTTP, and others).
Description :
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and
Dict servers, using any of the supported protocols. cURL is designed
to work without user interaction or any kind of interactivity. cURL
offers many useful capabilities, like proxy support, user
authentication, FTP upload, HTTP post, and file transfer resume.

- ---------------------------------------------------------------------
Update Information:

This package fixes a buffer overflow bug in NTLM
authentication code of curl (CAN-2005-3185).
- ---------------------------------------------------------------------
* Tue Oct 18 2005 Ivana Varekova 7.12.3.4.fc3
- - fix bug 170682 CAN-2005-3185 NTLM buffer overflow


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

cfe56d0b45d31bafe71f166360931eb8 SRPMS/curl-7.12.3-4.fc3.src.rpm
0cbeb4c1f65e1cf21992cdda8cd78134 x86_64/curl-7.12.3-4.fc3.x86_64.rpm
39e0ff077a453a7a7869f0027286f988 x86_64/curl-devel-7.12.3-4.fc3.x86_64.rpm
9c31f946e0821befba9c2e52fbf4868d x86_64/debug/curl-debuginfo-7.12.3-4.fc3.x86_64.rpm
723a4786b312c859cf627c7a64f1035e x86_64/curl-7.12.3-4.fc3.i386.rpm
723a4786b312c859cf627c7a64f1035e i386/curl-7.12.3-4.fc3.i386.rpm
a235e0390394f3647649e3aa821ea0d0 i386/curl-devel-7.12.3-4.fc3.i386.rpm
a0601fce1eea8b5fcf0702985b86eda8 i386/debug/curl-debuginfo-7.12.3-4.fc3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




8.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1007
2005-10-20
- ---------------------------------------------------------------------

Product : Fedora Core 3
Name : kernel
Version : 2.6.12
Release : 1.1380_FC3
Summary : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

- ---------------------------------------------------------------------
Update Information:

This update fixes the outstanding kernel security issues for
FC3, and fixes a number of regressions in the previous
update kernel.

- ---------------------------------------------------------------------
* Wed Oct 19 2005 Dave Jones [2.6.12-1.1380_FC3]
- - CAN-2005-2973 (ipv6 infinite loop)
- - CAN-2005-3179 (world writable drm sysfs file)
- - CAN-2005-3180 (orinoco driver information leakage)
- - CAN-2005-3181 (names_cache memory leak)
- - Stop IDE claiming SATA ports in combined mode.

* Thu Oct 6 2005 Dave Jones
- - Fix information leak in orinoco driver.

* Sun Oct 2 2005 Dave Jones
- - Readd /proc/acpi/sleep

* Fri Sep 30 2005 Dave Jones
- - fix no blue/fuzzy video on ibmcam (#148832)

* Fri Sep 30 2005 Dave Jones
- - cut down stack usage in md layer. (#167173)

* Mon Sep 26 2005 Dave Jones [2.6.12-1.1379_FC3]
- - Fix asm-x86_64 dependancy on asm-i386. (#150266)

* Sat Sep 24 2005 Dave Jones
- - Remove bogus BUG_ON() in fs/exec.c (#160121)
- - Power up pwc cameras by default. (#140258)

* Fri Sep 23 2005 Dave Jones
- - Fix problem with toshiba_acpi. (#167218)


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

b318d73186fd0fd67d766ed99a94cec4 SRPMS/kernel-2.6.12-1.1380_FC3.src.rpm
ff038e4704db0ee2db693d050099be8f x86_64/kernel-2.6.12-1.1380_FC3.x86_64.rpm
09286bbbde2549cd1900c457a2e3d660 x86_64/kernel-smp-2.6.12-1.1380_FC3.x86_64.rpm
523374734813254de7467001ee674466 x86_64/debug/kernel-debuginfo-2.6.12-1.1380_FC3.x86_64.rpm
445848618621530b6cc7baad2ef26d19 x86_64/kernel-doc-2.6.12-1.1380_FC3.noarch.rpm
d4a8de75b9266120516aa5b98c6e487d i386/kernel-2.6.12-1.1380_FC3.i586.rpm
3d73f07924f5bbfde019a125973d6629 i386/kernel-smp-2.6.12-1.1380_FC3.i586.rpm
3184729a9389d73853b45821a7f4e7c1 i386/debug/kernel-debuginfo-2.6.12-1.1380_FC3.i586.rpm
033ec1afcf74a67ef3bd0406683fc94d i386/kernel-2.6.12-1.1380_FC3.i686.rpm
ad156d8dd242346a518319402cde0025 i386/kernel-smp-2.6.12-1.1380_FC3.i686.rpm
8e1448a177888193f6db238f842acb92 i386/debug/kernel-debuginfo-2.6.12-1.1380_FC3.i686.rpm
445848618621530b6cc7baad2ef26d19 i386/kernel-doc-2.6.12-1.1380_FC3.noarch.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




9.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1008
2005-10-20
- ---------------------------------------------------------------------

Product : Fedora Core 3
Name : ethereal
Version : 0.10.13
Release : 1.FC3.1
Summary : Network traffic analyzer
Description :
Ethereal is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for ethereal. A graphical user interface is packaged
separately to GTK+ package.

- ---------------------------------------------------------------------
Update Information:

Ethereal 0.10.13 is scheduled to be released, which fixes
the following issues:

The ISAKMP dissector could exhaust system memory.
(CAN-2005-3241)
Fixed in: r15163
Bug IDs: none
Versions affected: 0.10.11 to 0.10.12.

The FC-FCS dissector could exhaust system memory.
(CAN-2005-3241)
Fixed in: r15204
Bug IDs: 312
Versions affected: 0.9.0 to 0.10.12.

The RSVP dissector could exhaust system memory.
(CAN-2005-3241)
Fixed in: r15206, r15600
Bug IDs: 311, 314, 382
Versions affected: 0.9.4 to 0.10.12.

The ISIS LSP dissector could exhaust system memory.
(CAN-2005-3241)
Fixed in: r15245
Bug IDs: 320, 326
Versions affected: 0.8.18 to 0.10.12.

The IrDA dissector could crash. (CAN-2005-3242)
Fixed in: r15265, r15267
Bug IDs: 328, 329, 330, 334, 335, 336
Versions affected: 0.10.0 to 0.10.12.

The SLIMP3 dissector could overflow a buffer. (CAN-2005-3243)
Fixed in: r15279
Bug IDs: 327
Versions affected: 0.9.1 to 0.10.12.

The BER dissector was susceptible to an infinite loop.
(CAN-2005-3244)
Fixed in: r15292
Bug IDs: none
Versions affected: 0.10.3 to 0.10.12.

The SCSI dissector could dereference a null pointer and
crash. (CAN-2005-3246)
Fixed in: r15289
Bug IDs: none
Versions affected: 0.10.3 to 0.10.12.

If the "Dissect unknown RPC program numbers" option was
enabled,
the ONC RPC dissector might be able to exhaust system memory.
This option is disabled by default. (CAN-2005-3245)
Fixed in: r15290
Bug IDs: none
Versions affected: 0.7.7 to 0.10.12.

The sFlow dissector could dereference a null pointer and
crash (CAN-2005-3246)
Fixed in: r15375
Bug IDs: 356
Versions affected: 0.9.14 to 0.10.12.

The RTnet dissector could dereference a null pointer and
crash (CAN-2005-3246)
Fixed in: r15673
Bug IDs: none
Versions affected: 0.10.8 to 0.10.12.

The SigComp UDVM could go into an infinite loop or crash.
(CAN-2005-3247)
Fixed in: r15715, r15901, r15919
Bug IDs: none
Versions affected: 0.10.12.

If SMB transaction payload reassembly is enabled the SMB
dissector could crash. This preference is disabled by
default. (CAN-2005-3242)
Fixed in: r15789
Bug IDs: 421
Versions affected: 0.9.7 to 0.10.12.

The X11 dissector could attempt to divide by zero.
(CAN-2005-3248)
Fixed in: r15927
Bug IDs: none
Versions affected: 0.10.1 to 0.10.12.

The AgentX dissector could overflow a buffer. (CAN-2005-3243)
Fixed in: r16003
Bug IDs: none
Versions affected: 0.10.10 to 0.10.12.

The WSP dissector could free an invalid pointer.
(CAN-2005-3249)
Fixed in: r16220
Bug IDs: none
Versions affected: 0.10.1 to 0.10.12.

iDEFENSE found a buffer overflow in the SRVLOC dissector.
(CAN-2005-3184)
Fixed in: r16206
Bug IDs: none
Versions affected: 0.10.0 to 0.10.12.
- ---------------------------------------------------------------------
* Thu Oct 20 2005 Radek Vokal 0.10.13-1.FC3.1
- - upgrade to 0.10.13
- - CAN-2005-3241 Multiple ethereal issues fixed (#171063)


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

a48b54c05b43bac981d78c992ea76641 SRPMS/ethereal-0.10.13-1.FC3.1.src.rpm
a252cae35dcb8e250a4a8c7669ddc030 x86_64/ethereal-0.10.13-1.FC3.1.x86_64.rpm
385a3d9c59228e4f9bbe4a04f8204959 x86_64/ethereal-gnome-0.10.13-1.FC3.1.x86_64.rpm
7906202c0c483919a7f58097e0d173de x86_64/debug/ethereal-debuginfo-0.10.13-1.FC3.1.x86_64.rpm
2766dbd98a42cf92ec6e2aa0d7bc22ef i386/ethereal-0.10.13-1.FC3.1.i386.rpm
9dcca59c62f74348d72ffd6fa9239c1e i386/ethereal-gnome-0.10.13-1.FC3.1.i386.rpm
320f27a1a0c393d9e21b3c2a7ca65a1b i386/debug/ethereal-debuginfo-0.10.13-1.FC3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




10.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1010
2005-10-20
- ---------------------------------------------------------------------

Product : Fedora Core 3
Name : squid
Version : 2.5.STABLE11
Release : 3.FC3
Summary : The Squid proxy caching server.
Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.

- ---------------------------------------------------------------------

* Thu Oct 20 2005 Martin Stransky 7:2.5.STABLE11-3.FC3
- - fix for #171213 - CVE-2005-3258 Squid crash due to malformed FTP response
- - more fixes from upstream


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

5c0802fc0f79615f7c72331494517784 SRPMS/squid-2.5.STABLE11-3.FC3.src.rpm
51fc3069fea73f26db7152f948da5e76 x86_64/squid-2.5.STABLE11-3.FC3.x86_64.rpm
29b421f9c2de9dafb8b7476915e8146b x86_64/debug/squid-debuginfo-2.5.STABLE11-3.FC3.x86_64.rpm
7690f495c6fe9419960393961d822028 i386/squid-2.5.STABLE11-3.FC3.i386.rpm
d5d4092dc22ea02d0da490cb9ef1f06b i386/debug/squid-debuginfo-2.5.STABLE11-3.FC3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |