LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Wednesday's security updates

[Posted September 10, 2008 by corbet]

Fedora has opened the floodgates, inflicting hundreds of updates upon its users. The security updates include fedora-release (F8, F9: new signing keys), adminutil (F8, F9: buffer overflow), amarok (F8, F9: temporary file vulnerability), awstats (F8, F9: cross-site scripting), bitlbee (F8: account name hijacking), bluez-libs (F9: "payload processing vulnerability"), bluez-utils (F9: ditto), django (F8, F9: cross-site request forgery), drupal (F8, F9: lots of vulnerabilities), gnome-packagekit (F9: new signing keys), libtiff (F8, F9: "decoding vulnerabilities), libxml2 (F8, F9: denial of service), openoffice.org (F8, F9: "numeric truncation error"), packagekit (F9: new signing keys), R (F8, F9: temporary file vulnerability), rpy (F8, F9: temporary file vulnerability), wordpress (F8: SSL enforcement), xastir (F9: temporary file vulnerability), xine-lib (F8, F9: multiple vulnerabilities), and yelp (F8: format string vulnerability).

Mandriva has updated clamav (multiple vulnerabilities).

(Log in to post comments)

Wednesday's security updates

Posted Sep 10, 2008 19:33 UTC (Wed) by dwheeler (guest, #1216) [Link]

Some people may see this error:
Error: Missing Dependency: yum >= 3.2.19 is needed by package yum-utils-1.1.16-1.fc9.noarch (updates-newkey)

This appears to be a problem with getting mirrors sync'ed up. A solution is to invoke yum on the command line, like this, to temporarily avoid this problem (run as root):
yum update --except yum\*
or more generally:
yum --skip-broken upgrade

Hopefully this problem will disappear soon.

More info here:
http://fedoraproject.org/w/index.php?title=Enabling_new_s...

Wednesday's security updates

Posted Sep 10, 2008 20:31 UTC (Wed) by dwheeler (guest, #1216) [Link]

Sorry, the "skip-broken" command should use "update", not "upgrade".

So that would be:
yum --skip-broken update

Wednesday's security updates

Posted Sep 10, 2008 23:25 UTC (Wed) by proski (subscriber, #104) [Link]

"upgrade" is working too.

Wednesday's security updates

Posted Sep 10, 2008 21:03 UTC (Wed) by skvidal (subscriber, #3094) [Link]

This problem is already fixed. Some packages were pushed to stable late and didn't get in the first batch.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds