March 2006

ID: 00221
Ref: 221
Date: 22 March 2006:10:15:44
Version: 1

---

Title: UNIRAS Brief - 221/06 - Two Fedora Update Notifications: FEDORA-2006-188, FEDORA-2006-189
Abstract: Two updates are available.
Vendors affected: Redhat
Operating systems affected: Redhat
Applications affected: Redhat

---

1.

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-188
2006-03-21
---------------------------------------------------------------------

Product : Fedora Core 5
Name : beagle
Version : 0.2.3
Release : 4
Summary : The Beagle Search Infrastructure
Description :
A general infrastructure for making your data easy to find.

---------------------------------------------------------------------
Update Information:

Some of the wrapper scripts (including beagle-status) looked
in the current directory for files with a specific name and
ran that instead of the binary in the path. All such cases
have been fixed in this release.
---------------------------------------------------------------------
* Tue Mar 21 2006 Alexander Larsson - 0.2.3-4
- Remove more instances of wrapper scripts starting apps in cwd.
Fixes bug #185981, and CVE-2006-1296
* Fri Mar 17 2006 Ray Strode - 0.2.3-3
- use /sbin/nologin instead of /bin/nologin for beagle user
shell
* Fri Mar 17 2006 Ray Strode - 0.2.3-2
- use /bin/nologin instead of /bin/false for beagle user
shell
* Fri Mar 17 2006 Ray Strode - 0.2.3-1
- Update to 0.2.3

---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

031b14c13c1da8a0ad078d29e7c8997f81edc108 SRPMS/beagle-0.2.3-4.src.rpm
9c05aceec3352a5822bd715bb8f1d7a7ab3b1c15 ppc/beagle-0.2.3-4.ppc.rpm
fa966f7a58099c9b24324e776d5bd3bba0ed6737 ppc/libbeagle-0.2.3-4.ppc.rpm
4faf4d0a15ab3a81a75e6b518fa6d447701c5ff7 ppc/libbeagle-devel-0.2.3-4.ppc.rpm
baedc9ecbace7961d15d42020225d1ccf5618a49 ppc/libbeagle-python-0.2.3-4.ppc.rpm
76d01133208326bd31062a9c00f70675fb74b4eb ppc/debug/beagle-debuginfo-0.2.3-4.ppc.rpm
3dd3cd525eb4c94ac2337efcf01006d3e9490a0c x86_64/beagle-0.2.3-4.x86_64.rpm
e782635126ed098076b88a037f04865ea5218d6c x86_64/libbeagle-0.2.3-4.x86_64.rpm
bfecb57a38e4a948517871c350e45aabd86e87cc x86_64/libbeagle-devel-0.2.3-4.x86_64.rpm
25559cbdf4a17e9ab98029a0a4087ec62001c38e x86_64/libbeagle-python-0.2.3-4.x86_64.rpm
724c8bf195af380c55b0ec3e72f1791962f35e63 x86_64/debug/beagle-debuginfo-0.2.3-4.x86_64.rpm
c02e35f99532418d379804a05a9b0f24dd102ae5 i386/beagle-0.2.3-4.i386.rpm
73653a24af6b10772afe5e2c24723c698750ad96 i386/libbeagle-0.2.3-4.i386.rpm
3cbcfc28429f3cd5911c6990110f40b0963d29d3 i386/libbeagle-devel-0.2.3-4.i386.rpm
340d500ecd5c38a8fc3c640b4151d2d2b547d7b8 i386/libbeagle-python-0.2.3-4.i386.rpm
8b42aa3907319ed3d0ac53eb303aa3291a734831 i386/debug/beagle-debuginfo-0.2.3-4.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------


2.


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-189
2006-03-21
---------------------------------------------------------------------

Product : Fedora Core 5
Name : curl
Version : 7.15.1
Release : 3
Summary : A utility for getting files from remote servers (FTP, HTTP, and others).
Description :
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and
Dict servers, using any of the supported protocols. cURL is designed
to work without user interaction or any kind of interactivity. cURL
offers many useful capabilities, like proxy support, user
authentication, FTP upload, HTTP post, and file transfer resume.

---------------------------------------------------------------------
Update Information:

This curl update fixes security vulnerability CVE-2006-1061 -
curl can overflow a heap-based memory buffer if very long
TFTP URL with valid host name is passed to curl.
This update fixes instalation problems on multilib
architectures, too.
---------------------------------------------------------------------
* Mon Mar 20 2006 Ivana Varekova - 7.15.1-3
- fix multilib problem using pkg-config
- fix cve-2006-1061 problem - cURL tftp buffer overflow
* Thu Feb 23 2006 Ivana Varekova - 7.15.1-2
- fix multilib problem - #181290 -
curl-devel.i386 not installable together with curl-devel.x86-64

---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

22d285846edc9415777275be1a4040a182abb1b4 SRPMS/curl-7.15.1-3.src.rpm
89b873c628d9f9c3cf0e031571dba23a02ca47e1 ppc/curl-7.15.1-3.ppc.rpm
d9a98e61bddf2a976bcd0bbca3f567dd2f971b0b ppc/curl-devel-7.15.1-3.ppc.rpm
64fd2d8247ddcea9ead35a579eacb76825a95f0e ppc/debug/curl-debuginfo-7.15.1-3.ppc.rpm
b0f239c8622507a072776d2764be959445827487 x86_64/curl-7.15.1-3.x86_64.rpm
8240e70642da75927e081787266ce1c0dfb64fa6 x86_64/curl-devel-7.15.1-3.x86_64.rpm
b5bdf46987d7d1169b3034d2395f3129c3ab1300 x86_64/debug/curl-debuginfo-7.15.1-3.x86_64.rpm
d776e7f0b98d697ec747819d68f4fb5a97fb595c i386/curl-7.15.1-3.i386.rpm
aafda2d4f423cf2821fb3361aadb59b8c80d63dd i386/curl-devel-7.15.1-3.i386.rpm
d4a454a27855497b2e01a19486dd045f1a7009da i386/debug/curl-debuginfo-7.15.1-3.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------