Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CESA-2005:332 Low CentOS 4 i386 and x86_64 xloadimage - security update (Johnny Hughes) 2. CESA-2005:366 Important CentOS 4 i386 and x86_64 kernel - security update (Johnny Hughes) 3. CESA-2005:392 Critical CentOS 4 i386 and x86_64 HelixPlayer - security update (Johnny Hughes) 4. CESA-2005:383 Important CentOS 4 ia64 firefox - security update (Pasi Pirhonen) ---------------------------------------------------------------------- Message: 1 Date: Wed, 20 Apr 2005 09:34:08 -0500 From: Johnny Hughes <johnny at centos.org> Subject: [CentOS-announce] CESA-2005:332 Low CentOS 4 i386 and x86_64 xloadimage - security update To: centos-announce at centos.org Message-ID: <1114007648.5594.35.camel at myth.home.local> Content-Type: text/plain; charset="us-ascii" CentOS Errata and Security Advisory CESA-2005:332 for i386 and x86_64 https://rhn.redhat.com/errata/RHSA-2005-332.html refers: The following updated files have been uploaded and are currently syncing to the mirrors: i386: xloadimage-4.1-34.RHEL4.i386.rpm x86_64: xloadimage-4.1-34.RHEL4.x86_64.rpm src: xloadimage-4.1-34.RHEL4.src.rpm install with this command: yum update xloadimage Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.centos.org/pipermail/centos-announce/attachments/20050420/d12fc964/attachment-0001.bin ------------------------------ Message: 2 Date: Wed, 20 Apr 2005 09:50:55 -0500 From: Johnny Hughes <johnny at centos.org> Subject: [CentOS-announce] CESA-2005:366 Important CentOS 4 i386 and x86_64 kernel - security update To: centos-announce at centos.org Message-ID: <1114008655.5594.49.camel at myth.home.local> Content-Type: text/plain; charset="us-ascii" CentOS Errata and Security Advisory CESA-2005:366 for i386 and x86_64 https://rhn.redhat.com/errata/RHSA-2005-366.html refers, The following updated files have been uploaded and are currently syncing to the mirrors: i386: kernel-2.6.9-5.0.5.EL.i586.rpm kernel-2.6.9-5.0.5.EL.i686.rpm kernel-devel-2.6.9-5.0.5.EL.i586.rpm kernel-devel-2.6.9-5.0.5.EL.i686.rpm kernel-doc-2.6.9-5.0.5.EL.noarch.rpm kernel-hugemem-2.6.9-5.0.5.EL.i686.rpm kernel-hugemem-devel-2.6.9-5.0.5.EL.i686.rpm kernel-smp-2.6.9-5.0.5.EL.i586.rpm kernel-smp-2.6.9-5.0.5.EL.i686.rpm kernel-smp-devel-2.6.9-5.0.5.EL.i586.rpm kernel-smp-devel-2.6.9-5.0.5.EL.i686.rpm kernel-sourcecode-2.6.9-5.0.5.EL.noarch.rpm x86_64: kernel-2.6.9-5.0.5.EL.x86_64.rpm kernel-devel-2.6.9-5.0.5.EL.x86_64.rpm kernel-doc-2.6.9-5.0.5.EL.noarch.rpm kernel-hugemem-devel-2.6.9-5.0.5.EL.i686.rpm kernel-smp-2.6.9-5.0.5.EL.x86_64.rpm kernel-smp-devel-2.6.9-5.0.5.EL.x86_64.rpm kernel-sourcecode-2.6.9-5.0.5.EL.noarch.rpm src: kernel-2.6.9-5.0.5.EL.src.rpm To get the update do: yum update kernel-* ------------------------------------------- This is a very important update, as some of the security issues are concerning ... specifically these three: A flaw in fragment queuing was discovered that affected the Linux kernel netfilter subsystem. On systems configured to filter or process network packets (e.g. firewalling), a remote attacker could send a carefully crafted set of fragmented packets to a machine and cause a denial of service (system crash). In order to successfully exploit this flaw, the attacker would need to know or guess some aspects of the firewall ruleset on the target system. (CAN-2005-0449) A flaw was discovered in the bluetooth driver system. On systems where the bluetooth modules are loaded, a local user could use this flaw to gain elevated (root) privileges. (CAN-2005-0750) A race condition was discovered that affected the Radeon DRI driver. A local user who has DRI privileges on a Radeon graphics card may be able to use this flaw to gain root privileges. (CAN-2005-0767) Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.centos.org/pipermail/centos-announce/attachments/20050420/30818e78/attachment-0001.bin ------------------------------ Message: 3 Date: Wed, 20 Apr 2005 15:07:21 -0500 From: Johnny Hughes <mailing-lists at hughesjr.com> Subject: [CentOS-announce] CESA-2005:392 Critical CentOS 4 i386 and x86_64 HelixPlayer - security update To: centos-announce at centos.org Message-ID: <1114027641.3236.10.camel at myth.home.local> Content-Type: text/plain; charset="us-ascii" CentOS Errata and Security Advisory CESA-2005:392 for i386 and x86_64 http://rhn.redhat.com/errata/RHSA-2005-392.html refers The following updated files have been uploaded and are currently syncing to the mirrors: i386: HelixPlayer-1.0.4-1.1.EL4.2.i386.rpm x86_64: HelixPlayer-1.0.4-1.1.EL4.2.i386.rpm src: HelixPlayer-1.0.4-1.1.EL4.2.src.rpm Get with the command: yum update HelixPlayer Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.centos.org/pipermail/centos-announce/attachments/20050420/80924126/attachment-0001.bin ------------------------------ Message: 4 Date: Thu, 21 Apr 2005 14:02:39 +0300 From: Pasi Pirhonen <upi at iki.fi> Subject: [CentOS-announce] CESA-2005:383 Important CentOS 4 ia64 firefox - security update To: centos-announce at centos.org Message-ID: <20050421110239.GB11443 at core.upi.iki.fi> Content-Type: text/plain; charset="us-ascii" CentOS Errata and Security Advisory CESA-2005:383 https://rhn.redhat.com/errata/RHSA-2005-383.html The following updated files have been uploaded and are currently syncing to the mirrors: files: updates/ia64/RPMS/firefox-1.0.3-1.4.1.centos4.ia64.rpm -- Pasi Pirhonen - upi at iki.fi - http://iki.fi/upi/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.centos.org/pipermail/centos-announce/attachments/20050421/37419349/attachment-0001.bin ------------------------------ _______________________________________________ CentOS-announce mailing list CentOS-announce at centos.org http://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 2, Issue 10 **********************************************