centos-announce-request at centos.org
2005-Nov-11 12:00 UTC
[CentOS] CentOS-announce Digest, Vol 9, Issue 6
Send CentOS-announce mailing list submissions to
centos-announce at centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-request at centos.org
You can reach the person managing the list at
centos-announce-owner at centos.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."
Today's Topics:
1. CESA-2005:806-01: Low CentOS 2 i386 cpio security update
(John Newbigin)
2. CESA-2005:838-01: Moderate CentOS 2 i386 php security update
(John Newbigin)
3. CESA-2005:831 Moderate CentOS 3 i386 php - security update
(Lance Davis)
4. CESA-2005:831 Moderate CentOS 4 x86_64 php - security update
(Johnny Hughes)
5. CESA-2005:831 Moderate CentOS 4 i386 php - security update
(Johnny Hughes)
6. CESA-2005:825 Low CentOS 4 i386 lm_sensors - security update
(Johnny Hughes)
7. CESA-2005:825 Low CentOS 4 x86_64 lm_sensors - security
update (Johnny Hughes)
8. CESA-2005:1110-001 Moderate CentOS 4 i386 php - security
update (CENTOSPLUS only) (Johnny Hughes)
9. CESA-2005:1110-001 Moderate CentOS 4 x86_64 php - security
update (CENTOSPLUS only) (Johnny Hughes)
----------------------------------------------------------------------
Message: 1
Date: Fri, 11 Nov 2005 10:44:34 +1100
From: John Newbigin <jnewbigin at ict.swin.edu.au>
Subject: [CentOS-announce] CESA-2005:806-01: Low CentOS 2 i386 cpio
security update
To: centos-announce at centos.org
Message-ID: <4373DB62.5030009 at ict.swin.edu.au>
Content-Type: text/plain; charset=us-ascii; format=flowed
The following errata for CentOS-2 have been built and uploaded to the
centos mirror:
RHSA-2005:806-01 Low: cpio security update
Files available:
cpio-2.4.2-25.i386.rpm
More details are available from the RedHat web site at
https://rhn.redhat.com/errata/rh21as-errata.html
The easy way to make sure you are up to date with all the latest patches
is to run:
# yum update
--
John Newbigin
Computer Systems Officer
Faculty of Information and Communication Technologies
Swinburne University of Technology
Melbourne, Australia
http://www.ict.swin.edu.au/staff/jnewbigin
------------------------------
Message: 2
Date: Fri, 11 Nov 2005 10:45:48 +1100
From: John Newbigin <jnewbigin at ict.swin.edu.au>
Subject: [CentOS-announce] CESA-2005:838-01: Moderate CentOS 2 i386
php security update
To: centos-announce at centos.org
Message-ID: <4373DBAC.7000102 at ict.swin.edu.au>
Content-Type: text/plain; charset=us-ascii; format=flowed
The following errata for CentOS-2 have been built and uploaded to the
centos mirror:
RHSA-2005:838-01 Moderate: php security update
Files available:
php-4.1.2-2.3.i386.rpm
php-devel-4.1.2-2.3.i386.rpm
php-imap-4.1.2-2.3.i386.rpm
php-ldap-4.1.2-2.3.i386.rpm
php-manual-4.1.2-2.3.i386.rpm
php-mysql-4.1.2-2.3.i386.rpm
php-odbc-4.1.2-2.3.i386.rpm
php-pgsql-4.1.2-2.3.i386.rpm
More details are available from the RedHat web site at
https://rhn.redhat.com/errata/rh21as-errata.html
The easy way to make sure you are up to date with all the latest patches
is to run:
# yum update
--
John Newbigin
Computer Systems Officer
Faculty of Information and Communication Technologies
Swinburne University of Technology
Melbourne, Australia
http://www.ict.swin.edu.au/staff/jnewbigin
------------------------------
Message: 3
Date: Fri, 11 Nov 2005 01:54:54 +0000
From: Lance Davis <lance at uklinux.net>
Subject: [CentOS-announce] CESA-2005:831 Moderate CentOS 3 i386 php -
security update
To: centos-announce at centos.org
Message-ID: <1131674093.4655.47.camel at centos3.wellhouse>
Content-Type: text/plain; charset="us-ascii"
CentOS Errata and Security Advisory CESA-2005:831
php security update for CentOS 3 i386:
https://rhn.redhat.com/errata/RHSA-2005-831.html refers
The following updated files have been uploaded and are currently syncing
to the mirrors:
i386:
updates/i386/RPMS/php-4.3.2-26.ent.i386.rpm
updates/i386/RPMS/php-devel-4.3.2-26.ent.i386.rpm
updates/i386/RPMS/php-imap-4.3.2-26.ent.i386.rpm
updates/i386/RPMS/php-ldap-4.3.2-26.ent.i386.rpm
updates/i386/RPMS/php-mysql-4.3.2-26.ent.i386.rpm
updates/i386/RPMS/php-odbc-4.3.2-26.ent.i386.rpm
updates/i386/RPMS/php-pgsql-4.3.2-26.ent.i386.rpm
source:
updates/SRPMS/php-4.3.2-26.ent.src.rpm
You may update your CentOS-3 i386 installations by running the command:
yum update php
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.centos.org/pipermail/centos-announce/attachments/20051111/28a9d170/attachment-0001.bin
------------------------------
Message: 4
Date: Thu, 10 Nov 2005 21:28:30 -0600
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2005:831 Moderate CentOS 4 x86_64 php
- security update
To: CentOS-Announce <centos-announce at centos.org>
Message-ID: <1131679710.3912.12.camel at myth.home.local>
Content-Type: text/plain; charset="us-ascii"
CentOS Errata and Security Advisory CESA-2005:831
php security update for CentOS 4 x86_64:
https://rhn.redhat.com/errata/RHSA-2005-831.html refers
The following updated files have been uploaded and are currently syncing
to the mirrors:
x86_64:
php-4.3.9-3.9.x86_64.rpm
php-devel-4.3.9-3.9.x86_64.rpm
php-domxml-4.3.9-3.9.x86_64.rpm
php-gd-4.3.9-3.9.x86_64.rpm
php-imap-4.3.9-3.9.x86_64.rpm
php-ldap-4.3.9-3.9.x86_64.rpm
php-mbstring-4.3.9-3.9.x86_64.rpm
php-mysql-4.3.9-3.9.x86_64.rpm
php-ncurses-4.3.9-3.9.x86_64.rpm
php-odbc-4.3.9-3.9.x86_64.rpm
php-pear-4.3.9-3.9.x86_64.rpm
php-pgsql-4.3.9-3.9.x86_64.rpm
php-snmp-4.3.9-3.9.x86_64.rpm
php-xmlrpc-4.3.9-3.9.x86_64.rpm
src:
php-4.3.9-3.9.src.rpm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.centos.org/pipermail/centos-announce/attachments/20051110/081c65e7/attachment-0001.bin
------------------------------
Message: 5
Date: Thu, 10 Nov 2005 21:28:42 -0600
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2005:831 Moderate CentOS 4 i386 php -
security update
To: CentOS-Announce <centos-announce at centos.org>
Message-ID: <1131679722.3912.13.camel at myth.home.local>
Content-Type: text/plain; charset="us-ascii"
CentOS Errata and Security Advisory CESA-2005:831
php security update for CentOS 4 i386:
https://rhn.redhat.com/errata/RHSA-2005-831.html refers
The following updated files have been uploaded and are currently syncing
to the mirrors:
i386:
php-4.3.9-3.9.i386.rpm
php-devel-4.3.9-3.9.i386.rpm
php-domxml-4.3.9-3.9.i386.rpm
php-gd-4.3.9-3.9.i386.rpm
php-imap-4.3.9-3.9.i386.rpm
php-ldap-4.3.9-3.9.i386.rpm
php-mbstring-4.3.9-3.9.i386.rpm
php-mysql-4.3.9-3.9.i386.rpm
php-ncurses-4.3.9-3.9.i386.rpm
php-odbc-4.3.9-3.9.i386.rpm
php-pear-4.3.9-3.9.i386.rpm
php-pgsql-4.3.9-3.9.i386.rpm
php-snmp-4.3.9-3.9.i386.rpm
php-xmlrpc-4.3.9-3.9.i386.rpm
src:
php-4.3.9-3.9.src.rpm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.centos.org/pipermail/centos-announce/attachments/20051110/e696abed/attachment-0001.bin
------------------------------
Message: 6
Date: Thu, 10 Nov 2005 21:34:35 -0600
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2005:825 Low CentOS 4 i386 lm_sensors
- security update
To: CentOS-Announce <centos-announce at centos.org>
Message-ID: <1131680075.3912.20.camel at myth.home.local>
Content-Type: text/plain; charset="us-ascii"
CentOS Errata and Security Advisory CESA-2005:825
lm_sensors security update for CentOS 4 i386:
https://rhn.redhat.com/errata/RHSA-2005-825.html refers
The following updated files have been uploaded and are currently syncing
to the mirrors:
i386:
lm_sensors-2.8.7-2.40.3.i386.rpm
lm_sensors-devel-2.8.7-2.40.3.i386.rpm
src:
lm_sensors-2.8.7-2.40.3.src.rpm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.centos.org/pipermail/centos-announce/attachments/20051110/ead1e4c1/attachment-0001.bin
------------------------------
Message: 7
Date: Thu, 10 Nov 2005 21:34:37 -0600
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2005:825 Low CentOS 4 x86_64
lm_sensors - security update
To: CentOS-Announce <centos-announce at centos.org>
Message-ID: <1131680077.3912.21.camel at myth.home.local>
Content-Type: text/plain; charset="us-ascii"
CentOS Errata and Security Advisory CESA-2005:825
lm_sensors security update for CentOS 4 x86_64:
https://rhn.redhat.com/errata/RHSA-2005-825.html refers
The following updated files have been uploaded and are currently syncing
to the mirrors:
x86_64:
lm_sensors-2.8.7-2.40.3.i386.rpm
lm_sensors-2.8.7-2.40.3.x86_64.rpm
lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm
src:
lm_sensors-2.8.7-2.40.3.src.rpm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.centos.org/pipermail/centos-announce/attachments/20051110/045ea7b1/attachment-0001.bin
------------------------------
Message: 8
Date: Thu, 10 Nov 2005 21:54:29 -0600
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2005:1110-001 Moderate CentOS 4 i386
php - security update (CENTOSPLUS only)
To: CentOS-Announce <centos-announce at centos.org>
Message-ID: <1131681269.3912.41.camel at myth.home.local>
Content-Type: text/plain; charset="us-ascii"
CentOS Errata and Security Advisory 2005:1110-001
Moderate CentOS 4 i386 php - security update
This CESA is for the version of php is that is included in the
centosplus repo for CentOS-4 ... this is not an update to the main
CentOS-4 repo.
------------------
Name : php
Version : 5.0.4 Vendor: CentOS
Release : 4.centos4 Build Date: Fri 11 Nov 2005
Install Date: (not installed) Build Host: build-i386
Group : Development/Languages
Source RPM: php-5.0.4-4.centos4.src.rpm
License: The PHP License
Packager : Johnny Hughes <johnny at centos.org>
Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext
Preprocessor)
------------------
Update Information:
This update is considered moderate by the CentOS Development Team.
This update includes several security fixes:
- fixes for prevent malicious requests from overwriting the
GLOBALS array (CVE-2005-3390)
- a fix to stop the parse_str() function from enabling the
register_globals setting (CVE-2005-3389)
- fixes for Cross-Site Scripting flaws in the phpinfo()
output (CVE-2005-3388)
- a fix for a denial of service (process crash) in EXIF
image parsing (CVE-2005-3353)
All Users of PHP-5 from the CentOSPlus Repo should upgrade to these
updated packages.
More info is available at:
https://www.redhat.com/archives/fedora-announce-list/2005-November/msg00022.html
https://rhn.redhat.com/errata/RHSA-2005-831.html
------------------------
The following updated files have been uploaded and are currently
syncing to the mirrors:
i386:
php-5.0.4-4.centos4.i386.rpm
php-bcmath-5.0.4-4.centos4.i386.rpm
php-dba-5.0.4-4.centos4.i386.rpm
php-devel-5.0.4-4.centos4.i386.rpm
php-gd-5.0.4-4.centos4.i386.rpm
php-imap-5.0.4-4.centos4.i386.rpm
php-ldap-5.0.4-4.centos4.i386.rpm
php-mbstring-5.0.4-4.centos4.i386.rpm
php-mysql-5.0.4-4.centos4.i386.rpm
php-ncurses-5.0.4-4.centos4.i386.rpm
php-odbc-5.0.4-4.centos4.i386.rpm
php-pear-5.0.4-4.centos4.i386.rpm
php-pgsql-5.0.4-4.centos4.i386.rpm
php-snmp-5.0.4-4.centos4.i386.rpm
php-soap-5.0.4-4.centos4.i386.rpm
php-xml-5.0.4-4.centos4.i386.rpm
php-xmlrpc-5.0.4-4.centos4.i386.rpm
src:
php-5.0.4-4.centos4.src.rpm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.centos.org/pipermail/centos-announce/attachments/20051110/0c2f1fd2/attachment-0001.bin
------------------------------
Message: 9
Date: Thu, 10 Nov 2005 21:55:21 -0600
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2005:1110-001 Moderate CentOS 4 x86_64
php - security update (CENTOSPLUS only)
To: CentOS-Announce <centos-announce at centos.org>
Message-ID: <1131681322.3912.42.camel at myth.home.local>
Content-Type: text/plain; charset="us-ascii"
CentOS Errata and Security Advisory 2005:1110-001
Moderate CentOS 4 x86_64 php - security update
This CESA is for the version of php is that is included in the
centosplus repo for CentOS-4 ... this is not an update to the main
CentOS-4 repo.
-------------------
Name : php
Version : 5.0.4 Vendor: CentOS
Release : 4.centos4 Build Date: Fri 11 Nov 2005
Install Date: (not installed) Build Host: build-i386
Group : Development/Languages
Source RPM: php-5.0.4-4.centos4.src.rpm
License: The PHP License
Packager : Johnny Hughes <johnny at centos.org>
Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext
Preprocessor)
------------------
Update Information:
This update is considered moderate by the CentOS Development Team.
This update includes several security fixes:
- fixes for prevent malicious requests from overwriting the
GLOBALS array (CVE-2005-3390)
- a fix to stop the parse_str() function from enabling the
register_globals setting (CVE-2005-3389)
- fixes for Cross-Site Scripting flaws in the phpinfo()
output (CVE-2005-3388)
- a fix for a denial of service (process crash) in EXIF
image parsing (CVE-2005-3353)
All Users of PHP-5 from the CentOSPlus Repo should upgrade to these
updated packages.
More info is available at:
https://www.redhat.com/archives/fedora-announce-list/2005-November/msg00022.html
https://rhn.redhat.com/errata/RHSA-2005-831.html
------------------------
The following updated files have been uploaded and are currently
syncing to the mirrors:
x86_64:
php-5.0.4-4.centos4.x86_64.rpm
php-bcmath-5.0.4-4.centos4.x86_64.rpm
php-dba-5.0.4-4.centos4.x86_64.rpm
php-devel-5.0.4-4.centos4.x86_64.rpm
php-gd-5.0.4-4.centos4.x86_64.rpm
php-imap-5.0.4-4.centos4.x86_64.rpm
php-ldap-5.0.4-4.centos4.x86_64.rpm
php-mbstring-5.0.4-4.centos4.x86_64.rpm
php-mysql-5.0.4-4.centos4.x86_64.rpm
php-ncurses-5.0.4-4.centos4.x86_64.rpm
php-odbc-5.0.4-4.centos4.x86_64.rpm
php-pear-5.0.4-4.centos4.x86_64.rpm
php-pgsql-5.0.4-4.centos4.x86_64.rpm
php-snmp-5.0.4-4.centos4.x86_64.rpm
php-soap-5.0.4-4.centos4.x86_64.rpm
php-xml-5.0.4-4.centos4.x86_64.rpm
php-xmlrpc-5.0.4-4.centos4.x86_64.rpm
src:
php-5.0.4-4.centos4.src.rpm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.centos.org/pipermail/centos-announce/attachments/20051110/63467c32/attachment-0001.bin
------------------------------
_______________________________________________
CentOS-announce mailing list
CentOS-announce at centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
End of CentOS-announce Digest, Vol 9, Issue 6
*********************************************
Reasonably Related Threads
- CentOS-announce Digest, Vol 9, Issue 8
- CESA-2005:1110-001 Moderate CentOS 4 i386 php - security update (CENTOSPLUS only)
- CESA-2005:1110-001 Moderate CentOS 4 x86_64 php - security update (CENTOSPLUS only)
- CESA-2005:825 Low CentOS 4 x86_64 lm_sensors - security update
- CESA-2005:825 Low CentOS 4 i386 lm_sensors - security update
Wisdom of the Ancients
