[CentOS] CentOS-announce Digest, Vol 2, Issue 10

Thu Apr 21 12:00:07 UTC 2005
centos-announce-request at centos.org <centos-announce-request at centos.org>

Send CentOS-announce mailing list submissions to
	centos-announce at centos.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
	centos-announce-request at centos.org

You can reach the person managing the list at
	centos-announce-owner at centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CESA-2005:332 Low CentOS 4 i386 and x86_64	xloadimage -
      security update (Johnny Hughes)
   2. CESA-2005:366 Important CentOS 4 i386 and x86_64	kernel -
      security update (Johnny Hughes)
   3. CESA-2005:392 Critical CentOS 4 i386 and x86_64	HelixPlayer -
      security update (Johnny Hughes)
   4. CESA-2005:383 Important CentOS 4 ia64 firefox -	security
      update (Pasi Pirhonen)


----------------------------------------------------------------------

Message: 1
Date: Wed, 20 Apr 2005 09:34:08 -0500
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2005:332 Low CentOS 4 i386 and x86_64
	xloadimage - security update
To: centos-announce at centos.org
Message-ID: <1114007648.5594.35.camel at myth.home.local>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2005:332 for i386 and x86_64

https://rhn.redhat.com/errata/RHSA-2005-332.html refers:

The following updated files have been uploaded and are currently
syncing to the mirrors:

i386:
xloadimage-4.1-34.RHEL4.i386.rpm

x86_64:
xloadimage-4.1-34.RHEL4.x86_64.rpm

src:
xloadimage-4.1-34.RHEL4.src.rpm

install with this command:

yum update xloadimage

Thanks,
Johnny Hughes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos-announce/attachments/20050420/d12fc964/attachment-0001.bin

------------------------------

Message: 2
Date: Wed, 20 Apr 2005 09:50:55 -0500
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2005:366 Important CentOS 4 i386 and
	x86_64	kernel - security update
To: centos-announce at centos.org
Message-ID: <1114008655.5594.49.camel at myth.home.local>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2005:366 for i386 and x86_64

https://rhn.redhat.com/errata/RHSA-2005-366.html refers,

The following updated files have been uploaded and are currently
syncing to the mirrors:

i386:
kernel-2.6.9-5.0.5.EL.i586.rpm
kernel-2.6.9-5.0.5.EL.i686.rpm
kernel-devel-2.6.9-5.0.5.EL.i586.rpm
kernel-devel-2.6.9-5.0.5.EL.i686.rpm
kernel-doc-2.6.9-5.0.5.EL.noarch.rpm
kernel-hugemem-2.6.9-5.0.5.EL.i686.rpm
kernel-hugemem-devel-2.6.9-5.0.5.EL.i686.rpm
kernel-smp-2.6.9-5.0.5.EL.i586.rpm
kernel-smp-2.6.9-5.0.5.EL.i686.rpm
kernel-smp-devel-2.6.9-5.0.5.EL.i586.rpm
kernel-smp-devel-2.6.9-5.0.5.EL.i686.rpm
kernel-sourcecode-2.6.9-5.0.5.EL.noarch.rpm

x86_64:
kernel-2.6.9-5.0.5.EL.x86_64.rpm
kernel-devel-2.6.9-5.0.5.EL.x86_64.rpm
kernel-doc-2.6.9-5.0.5.EL.noarch.rpm
kernel-hugemem-devel-2.6.9-5.0.5.EL.i686.rpm
kernel-smp-2.6.9-5.0.5.EL.x86_64.rpm
kernel-smp-devel-2.6.9-5.0.5.EL.x86_64.rpm
kernel-sourcecode-2.6.9-5.0.5.EL.noarch.rpm

src:
kernel-2.6.9-5.0.5.EL.src.rpm


To get the update do:

yum update kernel-*

-------------------------------------------
This is a very important update, as some of the security issues are
concerning ... specifically these three:

A flaw in fragment queuing was discovered that affected the Linux kernel
netfilter subsystem. On systems configured to filter or process network
packets (e.g. firewalling), a remote attacker could send a carefully
crafted set of fragmented packets to a machine and cause a denial of
service (system crash). In order to successfully exploit this flaw, the
attacker would need to know or guess some aspects of the firewall
ruleset on the target system. (CAN-2005-0449)


A flaw was discovered in the bluetooth driver system. On systems where
the bluetooth modules are loaded, a local user could use this flaw to
gain elevated (root) privileges. (CAN-2005-0750)


A race condition was discovered that affected the Radeon DRI driver. A
local user who has DRI privileges on a Radeon graphics card may be able
to use this flaw to gain root privileges. (CAN-2005-0767)

Thanks,
Johnny Hughes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos-announce/attachments/20050420/30818e78/attachment-0001.bin

------------------------------

Message: 3
Date: Wed, 20 Apr 2005 15:07:21 -0500
From: Johnny Hughes <mailing-lists at hughesjr.com>
Subject: [CentOS-announce] CESA-2005:392 Critical CentOS 4 i386 and
	x86_64	HelixPlayer - security update
To: centos-announce at centos.org
Message-ID: <1114027641.3236.10.camel at myth.home.local>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2005:392 for i386 and x86_64

http://rhn.redhat.com/errata/RHSA-2005-392.html refers

The following updated files have been uploaded and are currently
syncing to the mirrors:

i386:
HelixPlayer-1.0.4-1.1.EL4.2.i386.rpm

x86_64:
HelixPlayer-1.0.4-1.1.EL4.2.i386.rpm

src:
HelixPlayer-1.0.4-1.1.EL4.2.src.rpm


Get with the command:

yum update HelixPlayer

Thanks,
Johnny Hughes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos-announce/attachments/20050420/80924126/attachment-0001.bin

------------------------------

Message: 4
Date: Thu, 21 Apr 2005 14:02:39 +0300
From: Pasi Pirhonen <upi at iki.fi>
Subject: [CentOS-announce] CESA-2005:383 Important CentOS 4 ia64
	firefox -	security update
To: centos-announce at centos.org
Message-ID: <20050421110239.GB11443 at core.upi.iki.fi>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory CESA-2005:383

https://rhn.redhat.com/errata/RHSA-2005-383.html

The following updated files have been uploaded and are currently
syncing to the mirrors:

files:
updates/ia64/RPMS/firefox-1.0.3-1.4.1.centos4.ia64.rpm


-- 
Pasi Pirhonen - upi at iki.fi - http://iki.fi/upi/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.centos.org/pipermail/centos-announce/attachments/20050421/37419349/attachment-0001.bin

------------------------------

_______________________________________________
CentOS-announce mailing list
CentOS-announce at centos.org
http://lists.centos.org/mailman/listinfo/centos-announce


End of CentOS-announce Digest, Vol 2, Issue 10
**********************************************