[CentOS] CentOS-announce Digest, Vol 9, Issue 6

centos-announce-request at centos.org centos-announce-request at centos.org
Fri Nov 11 12:00:06 UTC 2005


Send CentOS-announce mailing list submissions to
	centos-announce at centos.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
	centos-announce-request at centos.org

You can reach the person managing the list at
	centos-announce-owner at centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CESA-2005:806-01: Low CentOS 2 i386 cpio security	update
      (John Newbigin)
   2. CESA-2005:838-01: Moderate CentOS 2 i386 php	security update
      (John Newbigin)
   3. CESA-2005:831 Moderate CentOS 3 i386 php -	security update
      (Lance Davis)
   4. CESA-2005:831 Moderate CentOS 4 x86_64 php -	security update
      (Johnny Hughes)
   5. CESA-2005:831 Moderate CentOS 4 i386 php -	security update
      (Johnny Hughes)
   6. CESA-2005:825 Low CentOS 4 i386 lm_sensors -	security update
      (Johnny Hughes)
   7. CESA-2005:825 Low CentOS 4 x86_64 lm_sensors -	security
      update (Johnny Hughes)
   8. CESA-2005:1110-001 Moderate CentOS 4 i386 php -	security
      update (CENTOSPLUS only) (Johnny Hughes)
   9. CESA-2005:1110-001 Moderate CentOS 4 x86_64 php -	security
      update (CENTOSPLUS only) (Johnny Hughes)


----------------------------------------------------------------------

Message: 1
Date: Fri, 11 Nov 2005 10:44:34 +1100
From: John Newbigin <jnewbigin at ict.swin.edu.au>
Subject: [CentOS-announce] CESA-2005:806-01: Low CentOS 2 i386 cpio
	security	update
To: centos-announce at centos.org
Message-ID: <4373DB62.5030009 at ict.swin.edu.au>
Content-Type: text/plain; charset=us-ascii; format=flowed

The following errata for CentOS-2 have been built and uploaded to the
centos mirror:

RHSA-2005:806-01 Low: cpio security update

Files available:
cpio-2.4.2-25.i386.rpm

More details are available from the RedHat web site at
https://rhn.redhat.com/errata/rh21as-errata.html

The easy way to make sure you are up to date with all the latest patches
is to run:
# yum update

-- 
John Newbigin
Computer Systems Officer
Faculty of Information and Communication Technologies
Swinburne University of Technology
Melbourne, Australia
http://www.ict.swin.edu.au/staff/jnewbigin










------------------------------

Message: 2
Date: Fri, 11 Nov 2005 10:45:48 +1100
From: John Newbigin <jnewbigin at ict.swin.edu.au>
Subject: [CentOS-announce] CESA-2005:838-01: Moderate CentOS 2 i386
	php	security update
To: centos-announce at centos.org
Message-ID: <4373DBAC.7000102 at ict.swin.edu.au>
Content-Type: text/plain; charset=us-ascii; format=flowed

The following errata for CentOS-2 have been built and uploaded to the
centos mirror:

RHSA-2005:838-01 Moderate: php security update

Files available:
php-4.1.2-2.3.i386.rpm
php-devel-4.1.2-2.3.i386.rpm
php-imap-4.1.2-2.3.i386.rpm
php-ldap-4.1.2-2.3.i386.rpm
php-manual-4.1.2-2.3.i386.rpm
php-mysql-4.1.2-2.3.i386.rpm
php-odbc-4.1.2-2.3.i386.rpm
php-pgsql-4.1.2-2.3.i386.rpm

More details are available from the RedHat web site at
https://rhn.redhat.com/errata/rh21as-errata.html

The easy way to make sure you are up to date with all the latest patches
is to run:
# yum update

-- 
John Newbigin
Computer Systems Officer
Faculty of Information and Communication Technologies
Swinburne University of Technology
Melbourne, Australia
http://www.ict.swin.edu.au/staff/jnewbigin









------------------------------

Message: 3
Date: Fri, 11 Nov 2005 01:54:54 +0000
From: Lance Davis <lance at uklinux.net>
Subject: [CentOS-announce] CESA-2005:831 Moderate CentOS 3 i386 php -
	security update
To: centos-announce at centos.org
Message-ID: <1131674093.4655.47.camel at centos3.wellhouse>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2005:831
 
php security update for CentOS 3 i386:
https://rhn.redhat.com/errata/RHSA-2005-831.html refers
                                                                                                                                                             
The following updated files have been uploaded and are currently syncing
to the mirrors:
                                                                                                                                                             
i386:
updates/i386/RPMS/php-4.3.2-26.ent.i386.rpm
updates/i386/RPMS/php-devel-4.3.2-26.ent.i386.rpm
updates/i386/RPMS/php-imap-4.3.2-26.ent.i386.rpm
updates/i386/RPMS/php-ldap-4.3.2-26.ent.i386.rpm
updates/i386/RPMS/php-mysql-4.3.2-26.ent.i386.rpm
updates/i386/RPMS/php-odbc-4.3.2-26.ent.i386.rpm
updates/i386/RPMS/php-pgsql-4.3.2-26.ent.i386.rpm

source:
updates/SRPMS/php-4.3.2-26.ent.src.rpm
                                                                                                                                                             
You may update your CentOS-3 i386 installations by running the command:
                                                                                                                                                             
        yum update php

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos-announce/attachments/20051111/28a9d170/attachment-0001.bin

------------------------------

Message: 4
Date: Thu, 10 Nov 2005 21:28:30 -0600
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2005:831 Moderate CentOS 4 x86_64 php
	-	security update
To: CentOS-Announce <centos-announce at centos.org>
Message-ID: <1131679710.3912.12.camel at myth.home.local>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2005:831
 
php security update for CentOS 4 x86_64:
https://rhn.redhat.com/errata/RHSA-2005-831.html refers
                                                                                                                                                             
The following updated files have been uploaded and are currently syncing
to the mirrors:

x86_64:
php-4.3.9-3.9.x86_64.rpm
php-devel-4.3.9-3.9.x86_64.rpm
php-domxml-4.3.9-3.9.x86_64.rpm
php-gd-4.3.9-3.9.x86_64.rpm
php-imap-4.3.9-3.9.x86_64.rpm
php-ldap-4.3.9-3.9.x86_64.rpm
php-mbstring-4.3.9-3.9.x86_64.rpm
php-mysql-4.3.9-3.9.x86_64.rpm
php-ncurses-4.3.9-3.9.x86_64.rpm
php-odbc-4.3.9-3.9.x86_64.rpm
php-pear-4.3.9-3.9.x86_64.rpm
php-pgsql-4.3.9-3.9.x86_64.rpm
php-snmp-4.3.9-3.9.x86_64.rpm
php-xmlrpc-4.3.9-3.9.x86_64.rpm

src:
php-4.3.9-3.9.src.rpm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos-announce/attachments/20051110/081c65e7/attachment-0001.bin

------------------------------

Message: 5
Date: Thu, 10 Nov 2005 21:28:42 -0600
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2005:831 Moderate CentOS 4 i386 php -
	security update
To: CentOS-Announce <centos-announce at centos.org>
Message-ID: <1131679722.3912.13.camel at myth.home.local>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2005:831
 
php security update for CentOS 4 i386:
https://rhn.redhat.com/errata/RHSA-2005-831.html refers
                                                                                                                                                             
The following updated files have been uploaded and are currently syncing
to the mirrors:

i386:
php-4.3.9-3.9.i386.rpm
php-devel-4.3.9-3.9.i386.rpm
php-domxml-4.3.9-3.9.i386.rpm
php-gd-4.3.9-3.9.i386.rpm
php-imap-4.3.9-3.9.i386.rpm
php-ldap-4.3.9-3.9.i386.rpm
php-mbstring-4.3.9-3.9.i386.rpm
php-mysql-4.3.9-3.9.i386.rpm
php-ncurses-4.3.9-3.9.i386.rpm
php-odbc-4.3.9-3.9.i386.rpm
php-pear-4.3.9-3.9.i386.rpm
php-pgsql-4.3.9-3.9.i386.rpm
php-snmp-4.3.9-3.9.i386.rpm
php-xmlrpc-4.3.9-3.9.i386.rpm

src:
php-4.3.9-3.9.src.rpm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos-announce/attachments/20051110/e696abed/attachment-0001.bin

------------------------------

Message: 6
Date: Thu, 10 Nov 2005 21:34:35 -0600
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2005:825 Low CentOS 4 i386 lm_sensors
	-	security update
To: CentOS-Announce <centos-announce at centos.org>
Message-ID: <1131680075.3912.20.camel at myth.home.local>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2005:825
 
lm_sensors security update for CentOS 4 i386:
https://rhn.redhat.com/errata/RHSA-2005-825.html refers
                                                                                                                                                             
The following updated files have been uploaded and are currently syncing
to the mirrors:

i386:
lm_sensors-2.8.7-2.40.3.i386.rpm
lm_sensors-devel-2.8.7-2.40.3.i386.rpm

src:
lm_sensors-2.8.7-2.40.3.src.rpm



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos-announce/attachments/20051110/ead1e4c1/attachment-0001.bin

------------------------------

Message: 7
Date: Thu, 10 Nov 2005 21:34:37 -0600
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2005:825 Low CentOS 4 x86_64
	lm_sensors -	security update
To: CentOS-Announce <centos-announce at centos.org>
Message-ID: <1131680077.3912.21.camel at myth.home.local>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2005:825
 
lm_sensors security update for CentOS 4 x86_64:
https://rhn.redhat.com/errata/RHSA-2005-825.html refers
                                                                                                                                                             
The following updated files have been uploaded and are currently syncing
to the mirrors:

x86_64:
lm_sensors-2.8.7-2.40.3.i386.rpm
lm_sensors-2.8.7-2.40.3.x86_64.rpm
lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm

src:
lm_sensors-2.8.7-2.40.3.src.rpm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos-announce/attachments/20051110/045ea7b1/attachment-0001.bin

------------------------------

Message: 8
Date: Thu, 10 Nov 2005 21:54:29 -0600
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2005:1110-001 Moderate CentOS 4 i386
	php -	security update (CENTOSPLUS only)
To: CentOS-Announce <centos-announce at centos.org>
Message-ID: <1131681269.3912.41.camel at myth.home.local>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory 2005:1110-001

Moderate CentOS 4 i386 php - security update

This CESA is for the version of php is that is included in the
centosplus repo for CentOS-4 ... this is not an update to the main
CentOS-4 repo.
------------------
Name        : php
Version     : 5.0.4                  Vendor: CentOS
Release     : 4.centos4              Build Date: Fri 11 Nov 2005
Install Date: (not installed)        Build Host: build-i386
Group       : Development/Languages  
Source RPM: php-5.0.4-4.centos4.src.rpm
License: The PHP License
Packager    : Johnny Hughes <johnny at centos.org>
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext
Preprocessor)
------------------

Update Information:

This update is considered moderate by the CentOS Development Team.

This update includes several security fixes:

- fixes for prevent malicious requests from overwriting the
GLOBALS array (CVE-2005-3390)

- a fix to stop the parse_str() function from enabling the
register_globals setting (CVE-2005-3389)

- fixes for Cross-Site Scripting flaws in the phpinfo()
output (CVE-2005-3388)

- a fix for a denial of service (process crash) in EXIF
image parsing (CVE-2005-3353)

All Users of PHP-5 from the CentOSPlus Repo should upgrade to these
updated packages.

More info is available at:

https://www.redhat.com/archives/fedora-announce-list/2005-November/msg00022.html

https://rhn.redhat.com/errata/RHSA-2005-831.html
------------------------
The following updated files have been uploaded and are currently
syncing to the mirrors:

i386:
php-5.0.4-4.centos4.i386.rpm
php-bcmath-5.0.4-4.centos4.i386.rpm
php-dba-5.0.4-4.centos4.i386.rpm
php-devel-5.0.4-4.centos4.i386.rpm
php-gd-5.0.4-4.centos4.i386.rpm
php-imap-5.0.4-4.centos4.i386.rpm
php-ldap-5.0.4-4.centos4.i386.rpm
php-mbstring-5.0.4-4.centos4.i386.rpm
php-mysql-5.0.4-4.centos4.i386.rpm
php-ncurses-5.0.4-4.centos4.i386.rpm
php-odbc-5.0.4-4.centos4.i386.rpm
php-pear-5.0.4-4.centos4.i386.rpm
php-pgsql-5.0.4-4.centos4.i386.rpm
php-snmp-5.0.4-4.centos4.i386.rpm
php-soap-5.0.4-4.centos4.i386.rpm
php-xml-5.0.4-4.centos4.i386.rpm
php-xmlrpc-5.0.4-4.centos4.i386.rpm

src:
php-5.0.4-4.centos4.src.rpm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos-announce/attachments/20051110/0c2f1fd2/attachment-0001.bin

------------------------------

Message: 9
Date: Thu, 10 Nov 2005 21:55:21 -0600
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2005:1110-001 Moderate CentOS 4 x86_64
	php -	security update (CENTOSPLUS only)
To: CentOS-Announce <centos-announce at centos.org>
Message-ID: <1131681322.3912.42.camel at myth.home.local>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory 2005:1110-001

Moderate CentOS 4 x86_64 php - security update

This CESA is for the version of php is that is included in the
centosplus repo for CentOS-4 ... this is not an update to the main
CentOS-4 repo.
-------------------
Name        : php
Version     : 5.0.4                  Vendor: CentOS
Release     : 4.centos4              Build Date: Fri 11 Nov 2005
Install Date: (not installed)        Build Host: build-i386
Group       : Development/Languages  
Source RPM: php-5.0.4-4.centos4.src.rpm
License: The PHP License
Packager    : Johnny Hughes <johnny at centos.org>
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext
Preprocessor)
------------------

Update Information:

This update is considered moderate by the CentOS Development Team.

This update includes several security fixes:

- fixes for prevent malicious requests from overwriting the
GLOBALS array (CVE-2005-3390)

- a fix to stop the parse_str() function from enabling the
register_globals setting (CVE-2005-3389)

- fixes for Cross-Site Scripting flaws in the phpinfo()
output (CVE-2005-3388)

- a fix for a denial of service (process crash) in EXIF
image parsing (CVE-2005-3353)

All Users of PHP-5 from the CentOSPlus Repo should upgrade to these
updated packages.

More info is available at:

https://www.redhat.com/archives/fedora-announce-list/2005-November/msg00022.html

https://rhn.redhat.com/errata/RHSA-2005-831.html
------------------------
The following updated files have been uploaded and are currently
syncing to the mirrors:

x86_64:
php-5.0.4-4.centos4.x86_64.rpm
php-bcmath-5.0.4-4.centos4.x86_64.rpm
php-dba-5.0.4-4.centos4.x86_64.rpm
php-devel-5.0.4-4.centos4.x86_64.rpm
php-gd-5.0.4-4.centos4.x86_64.rpm
php-imap-5.0.4-4.centos4.x86_64.rpm
php-ldap-5.0.4-4.centos4.x86_64.rpm
php-mbstring-5.0.4-4.centos4.x86_64.rpm
php-mysql-5.0.4-4.centos4.x86_64.rpm
php-ncurses-5.0.4-4.centos4.x86_64.rpm
php-odbc-5.0.4-4.centos4.x86_64.rpm
php-pear-5.0.4-4.centos4.x86_64.rpm
php-pgsql-5.0.4-4.centos4.x86_64.rpm
php-snmp-5.0.4-4.centos4.x86_64.rpm
php-soap-5.0.4-4.centos4.x86_64.rpm
php-xml-5.0.4-4.centos4.x86_64.rpm
php-xmlrpc-5.0.4-4.centos4.x86_64.rpm

src:
php-5.0.4-4.centos4.src.rpm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos-announce/attachments/20051110/63467c32/attachment-0001.bin

------------------------------

_______________________________________________
CentOS-announce mailing list
CentOS-announce at centos.org
http://lists.centos.org/mailman/listinfo/centos-announce


End of CentOS-announce Digest, Vol 9, Issue 6
*********************************************



More information about the CentOS mailing list