[CentOS] CentOS-announce Digest, Vol 5, Issue 1
centos-announce-request at centos.org
centos-announce-request at centos.orgWed Jul 6 12:00:05 UTC 2005
- Previous message: [CentOS] Re: Opteron Mobo Suggestions -- nForce Pro 2200+2050 Single Opteron for $245?
- Next message: [CentOS] does anyone have mysql 4.1 rpms for centos 3
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CESA-2005:0705-001 Critical CentOS 4 x86_64 php - security update (CENTOSPLUS only) (Johnny Hughes) 2. CESA-2005:0705-001 Critical CentOS 4 i386 php - security update (CENTOSPLUS only) (Johnny Hughes) ---------------------------------------------------------------------- Message: 1 Date: Tue, 05 Jul 2005 18:43:12 -0500 From: Johnny Hughes <johnny at centos.org> Subject: [CentOS-announce] CESA-2005:0705-001 Critical CentOS 4 x86_64 php - security update (CENTOSPLUS only) To: centos-announce at centos.org Message-ID: <1120606992.10579.43.camel at myth.home.local> Content-Type: text/plain; charset="us-ascii" CentOS Errata and Security Advisory 2005:0705-001 Critical CentOS 4 x86_64 php - security update This CESA is for the version of php is that is included in the centosplus repo for CentOS-4 ... this is not an update to the main CentOS-4 repo. -------------------------- Name : php Relocations: (not relocatable) Version : 5.0.4 Vendor: CentOS Release : 2.centos4 Build Date: 05Jul2005 04:15:18PM CDT Install Date: (not installed) Build Host: x8664-build Group : Development/Languages Source RPM : php-5.0.4-2.centos4.src.rpm Packager : Johnny Hughes <johnny at centos.org> URL : http://www.php.net/ Summary : The PHP HTML-embedded scripting language. ------------------------ Update Information: This update is considered critical by the CentOS Development Team, and exploitation of the vulnerability can lead to remote code execution. Anyone using php-5 from the centosplus repo is highly encouraged to upgrade their installation immediately. This update includes the PEAR XML_RPC 1.3.1 package, which fixes a security issue in the XML_RPC server implementation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1921 to this issue. The bundled version of shtool is also updated, to fix some temporary file handling races. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1751 to this issue. Bug fixes for the dom, ldap, and gd extensions are also included in this update. ------------------------ References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1751 https://www.redhat.com/archives/fedora-announce-list/2005-July/msg00011.html ------------------------ The following updated files have been uploaded and are currently syncing to the mirrors: x86_64: php-5.0.4-2.centos4.x86_64.rpm php-bcmath-5.0.4-2.centos4.x86_64.rpm php-dba-5.0.4-2.centos4.x86_64.rpm php-devel-5.0.4-2.centos4.x86_64.rpm php-gd-5.0.4-2.centos4.x86_64.rpm php-imap-5.0.4-2.centos4.x86_64.rpm php-ldap-5.0.4-2.centos4.x86_64.rpm php-mbstring-5.0.4-2.centos4.x86_64.rpm php-mysql-5.0.4-2.centos4.x86_64.rpm php-ncurses-5.0.4-2.centos4.x86_64.rpm php-odbc-5.0.4-2.centos4.x86_64.rpm php-pear-5.0.4-2.centos4.x86_64.rpm php-pgsql-5.0.4-2.centos4.x86_64.rpm php-snmp-5.0.4-2.centos4.x86_64.rpm php-soap-5.0.4-2.centos4.x86_64.rpm php-xml-5.0.4-2.centos4.x86_64.rpm php-xmlrpc-5.0.4-2.centos4.x86_64.rpm src: php-5.0.4-2.centos4.src.rpm -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.centos.org/pipermail/centos-announce/attachments/20050705/45d09013/attachment-0001.bin ------------------------------ Message: 2 Date: Tue, 05 Jul 2005 18:43:06 -0500 From: Johnny Hughes <johnny at centos.org> Subject: [CentOS-announce] CESA-2005:0705-001 Critical CentOS 4 i386 php - security update (CENTOSPLUS only) To: centos-announce at centos.org Message-ID: <1120606986.10579.42.camel at myth.home.local> Content-Type: text/plain; charset="us-ascii" CentOS Errata and Security Advisory 2005:0705-001 Critical CentOS 4 i386 php - security update This CESA is for the version of php is that is included in the centosplus repo for CentOS-4 ... this is not an update to the main CentOS-4 repo. -------------------------- Name : php Relocations: (not relocatable) Version : 5.0.4 Vendor: CentOS Release : 2.centos4 Build Date: 05Jul2005 03:46:00PM CDT Install Date: (not installed) Build Host: i386-build Group : Development/Languages Source RPM : php-5.0.4-2.centos4.src.rpm Packager : Johnny Hughes <johnny at centos.org> URL : http://www.php.net/ Summary : The PHP HTML-embedded scripting language. ------------------------ Update Information: This update is considered critical by the CentOS Development Team, and exploitation of the vulnerability can lead to remote code execution. Anyone using php-5 from the centosplus repo is highly encouraged to upgrade their installation immediately. This update includes the PEAR XML_RPC 1.3.1 package, which fixes a security issue in the XML_RPC server implementation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1921 to this issue. The bundled version of shtool is also updated, to fix some temporary file handling races. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1751 to this issue. Bug fixes for the dom, ldap, and gd extensions are also included in this update. ------------------------ References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1751 https://www.redhat.com/archives/fedora-announce-list/2005-July/msg00011.html ------------------------ The following updated files have been uploaded and are currently syncing to the mirrors: i386: php-5.0.4-2.centos4.i386.rpm php-bcmath-5.0.4-2.centos4.i386.rpm php-dba-5.0.4-2.centos4.i386.rpm php-devel-5.0.4-2.centos4.i386.rpm php-gd-5.0.4-2.centos4.i386.rpm php-imap-5.0.4-2.centos4.i386.rpm php-ldap-5.0.4-2.centos4.i386.rpm php-mbstring-5.0.4-2.centos4.i386.rpm php-mysql-5.0.4-2.centos4.i386.rpm php-ncurses-5.0.4-2.centos4.i386.rpm php-odbc-5.0.4-2.centos4.i386.rpm php-pear-5.0.4-2.centos4.i386.rpm php-pgsql-5.0.4-2.centos4.i386.rpm php-snmp-5.0.4-2.centos4.i386.rpm php-soap-5.0.4-2.centos4.i386.rpm php-xml-5.0.4-2.centos4.i386.rpm php-xmlrpc-5.0.4-2.centos4.i386.rpm src: php-5.0.4-2.centos4.src.rpm -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.centos.org/pipermail/centos-announce/attachments/20050705/27446c33/attachment-0001.bin ------------------------------ _______________________________________________ CentOS-announce mailing list CentOS-announce at centos.org http://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 5, Issue 1 *********************************************
- Previous message: [CentOS] Re: Opteron Mobo Suggestions -- nForce Pro 2200+2050 Single Opteron for $245?
- Next message: [CentOS] does anyone have mysql 4.1 rpms for centos 3
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list