An updated libaio packages is available for Fedora Core 3
----------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-147
2005-03-29
----------------------------------------------------------------------
Product : Fedora Core 3
Name : libaio
Version : 0.3.103
Release : 5
Summary : Linux-native asynchronous I/O access library
Description :
The Linux-native asynchronous I/O facility ("async I/O", or "aio") has a richer API and capability set than the simple POSIX async I/O facility. This library, libaio, provides the Linux-native API for async I/O. The POSIX async I/O facility requires this library in order to provide kernel-accelerated async I/O capabilities, as do applications which require the Linux-native async I/O API.
----------------------------------------------------------------------
Update Information:
The SONAME for libaio was inadvertantly changed from libaio.so.1 to libaio.so.1.0.0. While applications linked with libaio.so.1 would still load, they would fail upon looking up a symbol in libaio. This also introduced an RPM dependency that could not be solved. Application RPMs which were built against the old package would not install as well.
The solution for this was to revert the SONAME to its old value, and to provide a compat library for those packages that were built against the library with the wrong SONAME.
A sylpheed update has been released for Fedora Core 3
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-264
2005-03-29
---------------------------------------------------------------------
Product : Fedora Core 3
Name : sylpheed
Version : 1.0.4
Release : 0.fc3
Summary : A GTK+ based, lightweight, and fast email client.
Description :
This program is an X based fast email client which has features like:
o user-friendly and intuitive interface
o integrated NetNews client (partially implemented)
o ability of keyboard-only operation
o Mew/Wanderlust-like key bind
o multipart MIME
o unlimited multiple account handling
o message queueing
o assortment function
o XML-based address book
See /usr/share/doc/sylpheed*/README for more information.
A sylpheed update has been released for Fedora Core 2
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-263
2005-03-29
---------------------------------------------------------------------
Product : Fedora Core 2
Name : sylpheed
Version : 1.0.4
Release : 0.fc2
Summary : A GTK+ based, lightweight, and fast email client.
Description :
This program is an X based fast email client which has features like:
o user-friendly and intuitive interface
o integrated NetNews client (partially implemented)
o ability of keyboard-only operation
o Mew/Wanderlust-like key bind
o multipart MIME
o unlimited multiple account handling
o message queueing
o assortment function
o XML-based address book
See /usr/share/doc/sylpheed*/README for more information.
Updated mozilla packages are available for Fedora Core 2
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-271
2005-03-28
---------------------------------------------------------------------
Product : Fedora Core 2
Name : mozilla
Version : 1.7.6
Release : 1.2.5
Summary : Web browser and mail reader
Description :
Mozilla is an open-source web browser, designed for standards compliance, performance and portability.
---------------------------------------------------------------------
Update Information:
This update supercedes the previous 1.7.6-1.2.2 which mistakenly had dependencies on FC3.
OSNews has published hints and tips for Fedora Core x86-64
A spamassassin update has been released for Fedora Core 3
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-261
2005-03-28
---------------------------------------------------------------------
Product : Fedora Core 3
Name : spamassassin
Version : 3.0.2
Release : 0.fc3
Summary : Spam filter for email which can be invoked from mail
delivery agents.
Description :
SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email (SPAM) from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring system to identify messages which look spammy, then adds headers to the message so they can be filtered by the user's mail reading software. This distribution includes the spamd/spamc components which create a server that considerably speeds processing of mail.
To enable spamassassin, if you are receiving mail locally, simply add this line to your ~/.procmailrc:
INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc
To filter spam for all users, add that line to /etc/procmailrc (creating if necessary).
A squirrelmail security update is available for Fedora Core 2
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-259
2005-03-28
---------------------------------------------------------------------
Product : Fedora Core 2
Name : squirrelmail
Version : 1.4.4
Release : 1.FC2
Summary : SquirrelMail webmail client
Description :
SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation.
A squirrelmail security update has been released for Fedora Core 3
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-260
2005-03-28
---------------------------------------------------------------------
Product : Fedora Core 3
Name : squirrelmail
Version : 1.4.4
Release : 1.FC3
Summary : SquirrelMail webmail client
Description :
SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no Javascript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation.
A new kernel update is available for Fedora Core 2
---------------------------------------------------------------------
Fedora Security Update Notification
FEDORA-2005-262
2005-03-28
---------------------------------------------------------------------
Product : Fedora Core 2
Name : kernel
Version : 2.6.10
Release : 1.771_FC2
Summary : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
An updated devhelp package is available for Fedora Core 2
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-251
2005-03-25
---------------------------------------------------------------------
Product : Fedora Core 2
Name : devhelp
Version : 0.9.1
Release : 0.2.5
Summary : API document browser
Description :
A API document browser for GNOME 2.
---------------------------------------------------------------------
Update Information:
There were several security flaws found in the mozilla package, which devhelp depends on. Users of devhelp are advised to upgrade to this updated package which has been rebuilt against a later version of mozilla which is not vulnerable to these flaws.
An epiphany security update is available for Fedora Core 2
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-253
2005-03-25
---------------------------------------------------------------------
Product : Fedora Core 2
Name : epiphany
Version : 1.2.10
Release : 0.2.1
Summary : GNOME web browser based on the Mozilla rendering engine
Description :
epiphany is a simple GNOME web browser based on the Mozilla rendering engine
---------------------------------------------------------------------
Update Information:
There were several security flaws found in the mozilla package, which epiphany depends on. Users of epiphany are advised to upgrade to this updated package which has been rebuilt against a later version of mozilla which is not vulnerable to these flaws.
A mozilla security update is available for Fedora Core 2
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-248
2005-03-25
---------------------------------------------------------------------
Product : Fedora Core 2
Name : mozilla
Version : 1.7.6
Release : 1.2.2
Summary : Web browser and mail reader
Description :
Mozilla is an open-source web browser, designed for standards compliance, performance and portability.
---------------------------------------------------------------------
Update Information:
A buffer overflow bug was found in the way Mozilla processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0399 to this issue.
A bug was found in the way Mozilla responds to proxy auth requests. It is possible for a malicious webserver to steal credentials from a victims browser by issuing a 407 proxy authentication request. (CAN-2005-0147)
A bug was found in the way Mozilla displays dialog windows. It is possible that a malicious web page which is being displayed in a background tab could present the user with a dialog window appearing to come from the active page. (CAN-2004-1380)
A bug was found in the way Mozilla Mail handles cookies when loading content over HTTP regardless of the user's preference. It is possible that a particular user could be tracked through the use of malicious mail messages which load content over HTTP. (CAN-2005-0149)
A flaw was found in the way Mozilla displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not.
(CAN-2005-0233)
A bug was found in the way Mozilla handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CAN-2004-1156)
A bug was found in the way Mozilla saves temporary files. Temporary files are saved with world readable permissions, which could allow a local malicious user to view potentially sensitive data. (CAN-2005-0142)
A bug was found in the way Mozilla handles synthetic middle click events. It is possible for a malicious web page to steal the contents of a victims clipboard. (CAN-2005-0146)
A bug was found in the way Mozilla processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. (CAN-2005-0401)
A bug was found in the way Mozilla loads links in a new tab which are middle clicked. A malicious web page could read local files or modify privileged chrom settings. (CAN-2005-0141)
A bug was found in the way Mozilla displays the secure site icon. A malicious web page can use a view-source URL targetted at a secure page, while loading an insecure page, yet the secure site icon shows the previous secure state. (CAN-2005-0144)
A bug was found in the way Mozilla displays the secure site icon. A malicious web page can display the secure site icon by loading a binary file from a secured site. (CAN-2005-0143)
A bug was found in the way Mozilla displays the download dialog window. A malicious site can obfuscate the content displayed in the source field, tricking a user into thinking they are downloading content from a trusted source. (CAN-2005-0585)
Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.7.6 to correct these issues.
A thunderbird update is available for Fedora Core 3
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-257
2005-03-24
---------------------------------------------------------------------
Product : Fedora Core 3
Name : thunderbird
Version : 1.0.2
Release : 1.3.2
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
---------------------------------------------------------------------
Update Information:
There was an issue with a patch being incorrectly applied which caused the Advanced Preferences panel to fail to load.
There was an issue where thunderbird requested the incorrect system colors from GTK, causing grey to be the default background color for many people.
Users of Thunderbird are advised to upgrade to this updated package which contains fixes for these issues.
A selinux-policy-targeted update has been released for Fedora Core 3
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-238
2005-03-24
---------------------------------------------------------------------
Product : Fedora Core 3
Name : selinux-policy-targeted
Version : 1.17.30
Release : 2.90
Summary : SELinux targeted policy configuration
Description :
Security-enhanced Linux is a patch of the Linux

kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linuxkernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement

, Role-based Access
Control, and Multi-level Security.
This package contains the SELinux example policy configuration along with the Flask configuration information and the application configuration files.
A lsof update has been released for Fedora Core 3
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-243
2005-03-24
---------------------------------------------------------------------
Product : Fedora Core 3
Name : lsof
Version : 4.72
Release : 2.2
Summary : A utility which lists open files on a Linux/UNIX system.
Description :
Lsof stands for LiSt Open Files, and it does just that: it lists information about files that are open by the processes running on a UNIX system.
An evolution security update has been released for Fedora Core 3
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-255
2005-03-23
---------------------------------------------------------------------
Product : Fedora Core 3
Name : evolution
Version : 2.0.4
Release : 2
Summary : GNOME's next-generation groupware suite
Description :
Evolution is the GNOME mailer, calendar, contact manager and
communications tool. The tools which make up Evolution will
be tightly integrated with one another and act as a seamless
personal information-management tool.
An epiphany security update is available for Fedora Core 3
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-254
2005-03-23
---------------------------------------------------------------------
Product : Fedora Core 3
Name : epiphany
Version : 1.4.4
Release : 4.3.1
Summary : GNOME web browser based on the Mozilla rendering engine
Description :
epiphany is a simple GNOME web browser based on the Mozilla rendering engine
A devhelp security update has been released for Fedora Core 3
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-252
2005-03-23
---------------------------------------------------------------------
Product : Fedora Core 3
Name : devhelp
Version : 0.9.2
Release : 2.3.1
Summary : API document browser
Description :
A API document browser for GNOME 2.
A mozilla security update has been released for Fedora Core 3
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-249
2005-03-23
---------------------------------------------------------------------
Product : Fedora Core 3
Name : mozilla
Version : 1.7.6
Release : 1.3.2
Summary : Web browser and mail reader
Description :
Mozilla is an open-source web browser, designed for standards compliance, performance and portability.
A thunderbird security update is available for Fedora Core 3
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-247
2005-03-23
---------------------------------------------------------------------
Product : Fedora Core 3
Name : thunderbird
Version : 1.0.2
Release : 1.3.1
Summary : Mozilla Thunderbird mail/newsgroup client
Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.
---------------------------------------------------------------------
Update Information:
A buffer overflow bug was found in the way Thunderbird processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0399 to this issue.
A bug was found in the Thunderbird string handling functions. If a malicious website is able to exhaust a system's memory, it becomes possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0255 to
this issue.
Users of Thunderbird are advised to upgrade to this updated package which contains Thunderbird version 1.0.2 and is not vulnerable to these issues.
This update enables pango rendering by default.