headers
John Morris | 1 Mar 2004 21:55

[WBSA-2004:058-01] Updated mod_python packages fix denial of service vulnerability


----------------------------------------------------------------------
                   Security Advisory

Synopsis:          Updated mod_python packages fix denial of service vulnerability
Advisory ID:       WBSA-2004:058-01
Issue date:        2004-02-26
Updated on:        2004-03-01
Product:           White Box Enterprise Linux 3.0 (i386)
Keywords:          mod_python DoS
Cross references:  
Obsoletes:         
CVE Names:         CAN-2003-0973
----------------------------------------------------------------------

Updated mod_python packages that fix a denial of service vulnerability are
now available.

More information is available in Red Hat, Inc's original advisory 
available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-February/msg00014.html

To install this new package on your White Box Enterprise Linux system
use the Up2Date Network or Yum.

Note: Be sure to change the default Up2Date or Yum server from the
initial location to prevent undue load to the whiteboxlinux.org
server, which doesn't have a lot of outbound bandwidth.  The config
files already have entries for mirror sites commented out.
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Morris | 1 Mar 2004 21:58

[WBSA-2004:090-01] Updated libxml2 packages fix security vulnerability


----------------------------------------------------------------------
                   Security Advisory

Synopsis:          Updated libxml2 packages fix security vulnerability
Advisory ID:       WBSA-2004:090-01
Issue date:        2004-02-26
Updated on:        2004-03-01
Product:           White Box Enterprise Linux 3.0 (i386)
Keywords:          
Cross references:  
Obsoletes:         
CVE Names:         CAN-2004-0110
----------------------------------------------------------------------

Updated libxml2 packages that fix an overflow when parsing remote
resources are now available.

More information is available in Red Hat, Inc's original advisory 
available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-February/msg00015.html

To install this new package on your White Box Enterprise Linux system
use the Up2Date Network or Yum.

Note: Be sure to change the default Up2Date or Yum server from the
initial location to prevent undue load to the whiteboxlinux.org
server, which doesn't have a lot of outbound bandwidth.  The config
files already have entries for mirror sites commented out.
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Morris | 16 Mar 2004 01:07

[WBSA-2004:103-01] Updated gdk-pixbuf packages fix crash


----------------------------------------------------------------------
                   Security Advisory

Synopsis:          Updated gdk-pixbuf packages fix crash
Advisory ID:       WBSA-2004:103-01
Issue date:        2004-03-10
Updated on:        2004-03-15
Product:           White Box Enterprise Linux 3.0 (i386)
Keywords:          DoS
Cross references:  
Obsoletes:         
CVE Names:         CAN-2004-0111
----------------------------------------------------------------------

Updated gdk-pixbuf packages that fix a crash are now available.

More information is available in Red Hat, Inc's original advisory 
available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-March/msg00002.html

To install this new package on your White Box Enterprise Linux system
use the Up2Date Network or Yum.

Note: Be sure to change the default Up2Date or Yum server from the
initial location to prevent undue load to the whiteboxlinux.org
server, which doesn't have a lot of outbound bandwidth.  The config
files already have entries for mirror sites commented out.
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Morris | 16 Mar 2004 01:14

[WBSA-2004:053-01] Updated sysstat packages fix security vulnerabilities


----------------------------------------------------------------------
                   Security Advisory

Synopsis:          Updated sysstat packages fix security vulnerabilities
Advisory ID:       WBSA-2004:053-01
Issue date:        2004-03-10
Updated on:        2004-03-10
Product:           White Box Enterprise Linux 3.0 (i386)
Keywords:          
Cross references:  
Obsoletes:         
CVE Names:         CAN-2004-0107 CAN-2004-0108
----------------------------------------------------------------------

Updated sysstat packages that fix various bugs and security issues are now
available.

NOTE: This errata package also picks up a patch for the /lib64 problem
which required a .WB1 package. This means that as of this release there is
no longer any functional difference between the RHEL and WBEL package.  
The name is still a .WB2 so that up2date will notice it is newer.  
(Thanks to Dragan D. Vecerina who noticed this naming problem over the
weekend when the first errata version appeared.)

More information is available in Red Hat, Inc's original advisory 
available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-March/msg00003.html
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Morris | 16 Mar 2004 01:22

[WBEL Errata]: nfs-utils


nfs-utils-1.0.6 appeared in RedHat's updates directory so a rebuild is now 
available.  Here are the entries from the changelog in the .spec:

%changelog
* Fri Feb 13 2004 Elliot Lee <sopwith <at> redhat.com>
rebuilt

* Thu Feb 12 2004 Thomas Woerner <twoerner <at> redhat.com>
make rpc.lockd, rpc.statd, rpc.mountd and rpc.nfsd pie

* Wed Jan 28 2004 Steve Dickson <SteveD <at> RedHat.com>
Added the NFSv4 bits

* Mon Dec 29 2003 Steve Dickson <SteveD <at> RedHat.com>
Added the -z flag to nfsstat

* Wed Dec 24 2003  Steve Dickson <SteveD <at> RedHat.com>
Fixed lockd port setting in nfs.int script

* Wed Oct 22 2003 Steve Dickson <SteveD <at> RedHat.com>
Upgrated to 1.0.6
Commented out the acl path for fedora

The NFSv4 bits are turned off at the top of the .spec file so I'd say it 
is safe to ignore the Jan 28 2004 entry.

To install this new package on your White Box Enterprise Linux system
use the Up2Date Network or Yum.
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Morris | 23 Mar 2004 00:11

[WBSA-2004:120-01] Updated OpenSSL packages fix vulnerabilities


----------------------------------------------------------------------
                   Security Advisory

Synopsis:          Updated OpenSSL packages fix vulnerabilities
Advisory ID:       WBSA-2004:120-01
Issue date:        2004-03-17
Updated on:        2004-03-22
Product:           White Box Enterprise Linux 3.0 (i386)
Keywords:          DoS
Cross references:  
Obsoletes:         WBBA-2003:295
CVE Names:         CAN-2004-0079 CAN-2004-0081 CAN-2004-0112
----------------------------------------------------------------------

Updated OpenSSL packages that fix several remote denial of service
vulnerabilities are available.

More information is available in Red Hat, Inc's original advisory 
available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-March/msg00005.html

To install this new package on your White Box Enterprise Linux system
use the Up2Date Network or Yum.

Note: Be sure to change the default Up2Date or Yum server from the
initial location to prevent undue load to the whiteboxlinux.org
server, which doesn't have a lot of outbound bandwidth.  The config
files already have entries for mirror sites commented out.
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Morris | 24 Mar 2004 02:22

[WBSA-2004:084-01] Updated httpd packages fix mod_ssl security issue


----------------------------------------------------------------------
                   Security Advisory

Synopsis:          Updated httpd packages fix mod_ssl security issue
Advisory ID:       WBSA-2004:084-01
Issue date:        2004-03-23
Updated on:        2004-03-23
Product:           White Box Enterprise Linux 3.0 (i386)
Keywords:          Apache httpd DoS SSL
Cross references:  
Obsoletes:         
CVE Names:         CAN-2004-0113
----------------------------------------------------------------------

Updated httpd packages are now available that fix a denial of service
vulnerability in mod_ssl and include various other bug fixes.

More information is available in Red Hat, Inc's original advisory 
available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-March/msg00006.html

To install this new package on your White Box Enterprise Linux system
use the Up2Date Network or Yum.

Note: Be sure to change the default Up2Date or Yum server from the
initial location to prevent undue load to the whiteboxlinux.org
server, which doesn't have a lot of outbound bandwidth.  The config
files already have entries for mirror sites commented out.
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Morris | 30 Mar 2004 06:26

[WBSA-2004:110-01] Updated Mozilla packages fix security issues


----------------------------------------------------------------------
                   Security Advisory

Synopsis:          Updated Mozilla packages fix security issues
Advisory ID:       [WBSA-2004:110-01]
Issue date:        2004-03-29
Updated on:        2004-03-29
Product:           White Box Enterprise Linux 3.0 (i386)
Keywords:          nss mozilla
Cross references:  
Obsoletes:         
CVE Names:         CAN-2003-0564 CAN-2003-0594 CAN-2004-019
----------------------------------------------------------------------

Updated Mozilla packages that fix vulnerabilities in S/MIME parsing as
well as other issues and bugs are now available.

More information is available in Red Hat, Inc's original advisory 
available on their site at:

http://www.redhat.com/archives/enterprise-watch-list/2004-March/msg00007.html

To install this new package on your White Box Enterprise Linux system
use the Up2Date Network or Yum.

Note: Be sure to change the default Up2Date or Yum server from the
initial location to prevent undue load to the whiteboxlinux.org
server, which doesn't have a lot of outbound bandwidth.  The config
files already have entries for mirror sites commented out.
(Continue reading)

Permalink | Reply | 0 comments |

Gmane