Ithaca, NY Today Fedora Commons released version 2.2.3 of the popular Fedora software that includes the repair of a serious security defect and several bug fixes. Dan Davis, Chief Software Architect, Fedora Commons, explained, “Every installation of Fedora 2 should update to 2.2.3 due to the security update. There have been no exploits that have been discovered but it is important to maintain repositories at the latest security update level.” Fedora 2.2.3 is strictly a maintenance update; new features may be found in Fedora 3.0 which was released for general availability on July 29th. Also, the license has been changed to the familiar Apache License 2.0 for Fedora 2.2.3. Fedora 2 will be maintained until August 2009 and thereafter be placed in an “end of life” status. At least one more release of Fedora 2 is planned though there may be additional releases to fix critical defects. The software is available at http://www.fedora-commons.org/ and at http://sourceforge.net/projects/fedora-commons.
Security Bug Fix
The Fedora development team has discovered a serious security flaw in Fedora 2.2.2 and below. If exploited, this bug could allow unauthorized reading and writing of files on the server hosting your Fedora instance.
Although we are not aware of any malicious exploits of the vulnerability at this time, we strongly recommend all administrators of Fedora 2 repositories to upgrade to Fedora 2.2.3 as soon as possible.
Please see the migration guide for instructions on upgrading to Fedora 2.2.3.
The following minor bugs have also been fixed in this release:
- Bug #1896583: Incorrect behavior when exception thrown during download
- Bug #1927677: Tomcat shutdown error (bundled Tomcat updated to 5.5.26)
- Bug #1938493: Adding a datastream fails with RC=503
- Bug #2024248: MIMETypedStream finalizer prematurely closes