FAQ   Search   Memberlist  
Profile    Log in to check your private messages    Register    Log in
[SECURITY] 30k Update 2005-04-15: vixie-cron-4.1-33_FC3

Post new topic   Reply to topic    BLAG Forum Index -> announcements
View previous topic :: View next topic  
Author Message
PostPosted: Sat Apr 16, 2005 3:40 am    Post subject: [SECURITY] 30k Update 2005-04-15: vixie-cron-4.1-33_FC3 Reply with quote

Fedora Update Notification

Product : Fedora Core 3
Name : vixie-cron
Version : 4.1
Release : 33_FC3
Summary : The Vixie cron daemon for executing specified programs at set times.
Description :
The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.
Vixie cron adds better security and more powerful configuration
options to the standard version of cron.


o Fixes security vulnerability CAN-2005-1038
( http://www.securityfocus.com/archive/1/395093 )

o Makes filename and command line length constraints
correspond to system limits

o Improved PAM support


* Thu Apr 14 2005 Jason Vas Dias - 4.1-33_FC3

- fix bug 154922 / CAN-2005-1038: check that new crontab is
regular file after editor session ends.
- fix bug 154575: use PATH_MAX (4096) as max filename length; also make
limits on command line and env.var. lengths sensible (131072).

* Fri Apr 8 2005 Jason Vas Dias - 4.1-33_FC3

- do pam_close_session and pam_setcred(pamh, PAM_DELETE_CRED)
- if fork fails

* Thu Apr 7 2005 Jason Vas Dias - 4.1-33_FC3

- fix bug 154065: crontab’s job control broken: by
- xpid = waitpid(pid,&waiter,WUNTRACED);…
- if( WIFSTOPPED(waiter) )… kill(getpid(),WSTOPSIG(waiter));
- crontab should not kill itself with SIGSTOP if its child
- gets SIGSTOP; hence it does not need the waitpid WUNTRACED flag.

* Tue Apr 5 2005 Jason Vas Dias - 4.1-33_FC3

- Required for EAL Audit certification:
- If pam_setcred should fail, the pam_session could fail to be
- closed, leaving autofs user directories still mounted.

* Tue Mar 15 2005 Jason Vas Dias - 4.1-33_FC3

- fix bug 151145: segfault if cronjob runs without any SELinux user
- security context (eg. in a broken chroot environment)

This update can be downloaded from:

fbc4cd5b0250e100d7248a8918db3db2 SRPMS/vixie-cron-4.1-33_FC3.src.rpm
61dabc38f4d172c9324e1e5325967477 x86_64/vixie-cron-4.1-33_FC3.x86_64.rpm
97a09afc99217befd111ff3b6ec807d7 x86_64/debug/vixie-cron-debuginfo-4.1-33_FC3.x86_64.rpm
007fbd960d6905a8371cc30a11cbed93 i386/vixie-cron-4.1-33_FC3.i386.rpm
fa82ed54e99044febcfbaa00c8215763 i386/debug/vixie-cron-debuginfo-4.1-33_FC3.i386.rpm

Display posts from previous:   
Post new topic   Reply to topic    BLAG Forum Index -> announcements
Page 1 of 1

Protected by Anti-Spam ACP