LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Wednesday's security updates

[Posted September 10, 2008 by corbet]

Fedora has opened the floodgates, inflicting hundreds of updates upon its users. The security updates include fedora-release (F8, F9: new signing keys), adminutil (F8, F9: buffer overflow), amarok (F8, F9: temporary file vulnerability), awstats (F8, F9: cross-site scripting), bitlbee (F8: account name hijacking), bluez-libs (F9: "payload processing vulnerability"), bluez-utils (F9: ditto), django (F8, F9: cross-site request forgery), drupal (F8, F9: lots of vulnerabilities), gnome-packagekit (F9: new signing keys), libtiff (F8, F9: "decoding vulnerabilities), libxml2 (F8, F9: denial of service), openoffice.org (F8, F9: "numeric truncation error"), packagekit (F9: new signing keys), R (F8, F9: temporary file vulnerability), rpy (F8, F9: temporary file vulnerability), wordpress (F8: SSL enforcement), xastir (F9: temporary file vulnerability), xine-lib (F8, F9: multiple vulnerabilities), and yelp (F8: format string vulnerability).

Mandriva has updated clamav (multiple vulnerabilities).

(Log in to post comments)

Wednesday's security updates

Posted Sep 10, 2008 19:33 UTC (Wed) by dwheeler (guest, #1216) [Link]

Some people may see this error:
Error: Missing Dependency: yum >= 3.2.19 is needed by package yum-utils-1.1.16-1.fc9.noarch (updates-newkey)

This appears to be a problem with getting mirrors sync'ed up. A solution is to invoke yum on the command line, like this, to temporarily avoid this problem (run as root):
yum update --except yum\*
or more generally:
yum --skip-broken upgrade

Hopefully this problem will disappear soon.

More info here:
http://fedoraproject.org/w/index.php?title=Enabling_new_s...

Wednesday's security updates

Posted Sep 10, 2008 20:31 UTC (Wed) by dwheeler (guest, #1216) [Link]

Sorry, the "skip-broken" command should use "update", not "upgrade".

So that would be:
yum --skip-broken update

Wednesday's security updates

Posted Sep 10, 2008 23:25 UTC (Wed) by proski (subscriber, #104) [Link]

"upgrade" is working too.

Wednesday's security updates

Posted Sep 10, 2008 21:03 UTC (Wed) by skvidal (subscriber, #3094) [Link]

This problem is already fixed. Some packages were pushed to stable late and didn't get in the first batch.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds