Fedora 9 Update: trickle-1.07-7.fc9
Summary
trickle is a portable lightweight userspace bandwidth shaper.
It can run in collaborative mode or in stand alone mode.
trickle works by taking advantage of the unix loader preloading.
Essentially it provides, to the application,
a new version of the functionality that is required
to send and receive data through sockets.
It then limits traffic based on delaying the sending
and receiving of data over a socket.
trickle runs entirely in userspace and does not require root privileges.
New patch for CVE-2009-0415 Fix for #484065 - CVE-2009-0415 trickle: Possibility
to load arbitrary code from current working directory
* Thu Feb 12 2009 Nicoleau Fabien
- Replace sed with a patch for #484065 (CVE-2009-0415)
* Fri Feb 6 2009 Nicoleau Fabien
- Add a fix for bug #484065 (CVE-2009-0415)
* Thu Aug 28 2008 Manuel Wolfshant
- modify trickle-1.07-include_netdb.patch to adjust for building with fuzz=0
* Sun Jun 29 2008 Nicoleau Fabien
- rebuild for new libevent
[ 1 ] Bug #484065 - CVE-2009-0415 trickle: Possibility to load arbitrary code from current working directory
https://bugzilla.redhat.com/show_bug.cgi?id=484065
su -c 'yum update trickle' at the command line.
For more information, refer to "Managing Software with yum",
available at .
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
FEDORA-2009-1675 2009-02-13 20:56:39 Product : Fedora 9 Version : 1.07 Release : 7.fc9 URL : https://monkey.org/~marius/pages/ Summary : Portable lightweight userspace bandwidth shaper Description : trickle is a portable lightweight userspace bandwidth shaper. It can run in collaborative mode or in stand alone mode. trickle works by taking advantage of the unix loader preloading. Essentially it provides, to the application, a new version of the functionality that is required to send and receive data through sockets. It then limits traffic based on delaying the sending and receiving of data over a socket. trickle runs entirely in userspace and does not require root privileges. New patch for CVE-2009-0415 Fix for #484065 - CVE-2009-0415 trickle: Possibility to load arbitrary code from current working directory * Thu Feb 12 2009 Nicoleau Fabien 1.07-7 - Replace sed with a patch for #484065 (CVE-2009-0415) * Fri Feb 6 2009 Nicoleau Fabien 1.07-6 - Add a fix for bug #484065 (CVE-2009-0415) * Thu Aug 28 2008 Manuel Wolfshant 1.07-5 - modify trickle-1.07-include_netdb.patch to adjust for building with fuzz=0 * Sun Jun 29 2008 Nicoleau Fabien 1.07-4 - rebuild for new libevent [ 1 ] Bug #484065 - CVE-2009-0415 trickle: Possibility to load arbitrary code from current working directory https://bugzilla.redhat.com/show_bug.cgi?id=484065 su -c 'yum update trickle' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce
Change Log
References