From bugzilla at redhat.com  Thu Dec  2 11:32:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 2 Dec 2004 06:32 -0500
Subject: [RHSA-2004:537-01] Updated openmotif packages fix image
	vulnerability
Message-ID: <200412021132.iB2BWea08820@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated openmotif packages fix image vulnerability
Advisory ID:       RHSA-2004:537-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-537.html
Issue date:        2004-12-02
Updated on:        2004-12-02
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0687 CAN-2004-0688 CAN-2004-0914
- ---------------------------------------------------------------------

1. Summary:

Updated openmotif packages that fix flaws in the Xpm image library are now
available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

OpenMotif provides libraries which implement the Motif industry standard
graphical user interface.  

During a source code audit, Chris Evans and others discovered several stack
overflow flaws and an integer overflow flaw in the libXpm library used to
decode XPM (X PixMap) images. A vulnerable version of this library was
found within OpenMotif. An attacker could create a carefully crafted
XPM file which would cause an application to crash or potentially execute
arbitrary code if opened by a victim.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names
CAN-2004-0687, CAN-2004-0688, and CAN-2004-0914 to these issues.

Users of OpenMotif are advised to upgrade to these erratum packages, which
contain backported security patches to the embedded libXpm library.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

134631 - CAN-2004-0687 libxpm flaws affect OpenMotif (CAN-2004-0688, CAN-2004-0914)

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openmotif-2.1.30-13.21AS.4.src.rpm
934693e91035b60ef8d5c9999c1b2358  openmotif-2.1.30-13.21AS.4.src.rpm

i386:
c931f464eff5908b6f4aec50b0cb41a2  openmotif-2.1.30-13.21AS.4.i386.rpm
e2e94a9a588d2d7f5a2c5f802d24ae7b  openmotif-devel-2.1.30-13.21AS.4.i386.rpm

ia64:
7bf67d78ffdab37daa13d5ff6bc52f31  openmotif-2.1.30-13.21AS.4.ia64.rpm
a6adcf1007eaca5b48667cde4e509087  openmotif-devel-2.1.30-13.21AS.4.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openmotif-2.1.30-13.21AS.4.src.rpm
934693e91035b60ef8d5c9999c1b2358  openmotif-2.1.30-13.21AS.4.src.rpm

ia64:
7bf67d78ffdab37daa13d5ff6bc52f31  openmotif-2.1.30-13.21AS.4.ia64.rpm
a6adcf1007eaca5b48667cde4e509087  openmotif-devel-2.1.30-13.21AS.4.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openmotif-2.1.30-13.21AS.4.src.rpm
934693e91035b60ef8d5c9999c1b2358  openmotif-2.1.30-13.21AS.4.src.rpm

i386:
c931f464eff5908b6f4aec50b0cb41a2  openmotif-2.1.30-13.21AS.4.i386.rpm
e2e94a9a588d2d7f5a2c5f802d24ae7b  openmotif-devel-2.1.30-13.21AS.4.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openmotif-2.1.30-13.21AS.4.src.rpm
934693e91035b60ef8d5c9999c1b2358  openmotif-2.1.30-13.21AS.4.src.rpm

i386:
c931f464eff5908b6f4aec50b0cb41a2  openmotif-2.1.30-13.21AS.4.i386.rpm
e2e94a9a588d2d7f5a2c5f802d24ae7b  openmotif-devel-2.1.30-13.21AS.4.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openmotif-2.2.3-4.RHEL3.4.src.rpm
967c888fcf57ff1a758f6971ae1fd6a5  openmotif-2.2.3-4.RHEL3.4.src.rpm
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openmotif21-2.1.30-9.RHEL3.4.src.rpm
a0ca6fe8bffb142ba092cf8b6ae45f75  openmotif21-2.1.30-9.RHEL3.4.src.rpm

i386:
24e7c10209eb33424076763c6ec48a1f  openmotif-2.2.3-4.RHEL3.4.i386.rpm
d630df4ca693f4aebfdb491a0d7aff0a  openmotif-devel-2.2.3-4.RHEL3.4.i386.rpm
30c7228d526c6697be8b2ffe3f334cdf  openmotif21-2.1.30-9.RHEL3.4.i386.rpm

ia64:
74fefe0a77b7bfb3232855481f1fc083  openmotif-2.2.3-4.RHEL3.4.ia64.rpm
24e7c10209eb33424076763c6ec48a1f  openmotif-2.2.3-4.RHEL3.4.i386.rpm
f23a071559437772dee63c6e0a87e47d  openmotif-devel-2.2.3-4.RHEL3.4.ia64.rpm
23c9973a64d22a435622e9a439cf32a8  openmotif21-2.1.30-9.RHEL3.4.ia64.rpm

ppc:
89c616208ed1094ca3e38f617b553d29  openmotif-2.2.3-4.RHEL3.4.ppc.rpm
b32ab945f39635238fe265fcf7264d6a  openmotif-2.2.3-4.RHEL3.4.ppc64.rpm
82631cc7816ba3c492fcdba9198b4235  openmotif-devel-2.2.3-4.RHEL3.4.ppc.rpm

s390:
0444b7e5f530bc3110de99a0b967cf29  openmotif-2.2.3-4.RHEL3.4.s390.rpm
406b810f6b0dd6c868d60ebdb9fbd7da  openmotif-devel-2.2.3-4.RHEL3.4.s390.rpm

s390x:
91fb177f7c04c121bfe8b54696447353  openmotif-2.2.3-4.RHEL3.4.s390x.rpm
0444b7e5f530bc3110de99a0b967cf29  openmotif-2.2.3-4.RHEL3.4.s390.rpm
2308d16cee4d5ea0b535ecbefcec2c1a  openmotif-devel-2.2.3-4.RHEL3.4.s390x.rpm

x86_64:
4578050dd8b7e640444524c04115a3b8  openmotif-2.2.3-4.RHEL3.4.x86_64.rpm
24e7c10209eb33424076763c6ec48a1f  openmotif-2.2.3-4.RHEL3.4.i386.rpm
f793165407f112b0486cf9e029bd1c04  openmotif-devel-2.2.3-4.RHEL3.4.x86_64.rpm
30c7228d526c6697be8b2ffe3f334cdf  openmotif21-2.1.30-9.RHEL3.4.i386.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openmotif-2.2.3-4.RHEL3.4.src.rpm
967c888fcf57ff1a758f6971ae1fd6a5  openmotif-2.2.3-4.RHEL3.4.src.rpm
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openmotif21-2.1.30-9.RHEL3.4.src.rpm
a0ca6fe8bffb142ba092cf8b6ae45f75  openmotif21-2.1.30-9.RHEL3.4.src.rpm

i386:
24e7c10209eb33424076763c6ec48a1f  openmotif-2.2.3-4.RHEL3.4.i386.rpm
d630df4ca693f4aebfdb491a0d7aff0a  openmotif-devel-2.2.3-4.RHEL3.4.i386.rpm
30c7228d526c6697be8b2ffe3f334cdf  openmotif21-2.1.30-9.RHEL3.4.i386.rpm

x86_64:
4578050dd8b7e640444524c04115a3b8  openmotif-2.2.3-4.RHEL3.4.x86_64.rpm
24e7c10209eb33424076763c6ec48a1f  openmotif-2.2.3-4.RHEL3.4.i386.rpm
f793165407f112b0486cf9e029bd1c04  openmotif-devel-2.2.3-4.RHEL3.4.x86_64.rpm
30c7228d526c6697be8b2ffe3f334cdf  openmotif21-2.1.30-9.RHEL3.4.i386.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openmotif-2.2.3-4.RHEL3.4.src.rpm
967c888fcf57ff1a758f6971ae1fd6a5  openmotif-2.2.3-4.RHEL3.4.src.rpm
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openmotif21-2.1.30-9.RHEL3.4.src.rpm
a0ca6fe8bffb142ba092cf8b6ae45f75  openmotif21-2.1.30-9.RHEL3.4.src.rpm

i386:
24e7c10209eb33424076763c6ec48a1f  openmotif-2.2.3-4.RHEL3.4.i386.rpm
d630df4ca693f4aebfdb491a0d7aff0a  openmotif-devel-2.2.3-4.RHEL3.4.i386.rpm
30c7228d526c6697be8b2ffe3f334cdf  openmotif21-2.1.30-9.RHEL3.4.i386.rpm

ia64:
74fefe0a77b7bfb3232855481f1fc083  openmotif-2.2.3-4.RHEL3.4.ia64.rpm
24e7c10209eb33424076763c6ec48a1f  openmotif-2.2.3-4.RHEL3.4.i386.rpm
f23a071559437772dee63c6e0a87e47d  openmotif-devel-2.2.3-4.RHEL3.4.ia64.rpm
23c9973a64d22a435622e9a439cf32a8  openmotif21-2.1.30-9.RHEL3.4.ia64.rpm

x86_64:
4578050dd8b7e640444524c04115a3b8  openmotif-2.2.3-4.RHEL3.4.x86_64.rpm
24e7c10209eb33424076763c6ec48a1f  openmotif-2.2.3-4.RHEL3.4.i386.rpm
f793165407f112b0486cf9e029bd1c04  openmotif-devel-2.2.3-4.RHEL3.4.x86_64.rpm
30c7228d526c6697be8b2ffe3f334cdf  openmotif21-2.1.30-9.RHEL3.4.i386.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openmotif-2.2.3-4.RHEL3.4.src.rpm
967c888fcf57ff1a758f6971ae1fd6a5  openmotif-2.2.3-4.RHEL3.4.src.rpm
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openmotif21-2.1.30-9.RHEL3.4.src.rpm
a0ca6fe8bffb142ba092cf8b6ae45f75  openmotif21-2.1.30-9.RHEL3.4.src.rpm

i386:
24e7c10209eb33424076763c6ec48a1f  openmotif-2.2.3-4.RHEL3.4.i386.rpm
d630df4ca693f4aebfdb491a0d7aff0a  openmotif-devel-2.2.3-4.RHEL3.4.i386.rpm
30c7228d526c6697be8b2ffe3f334cdf  openmotif21-2.1.30-9.RHEL3.4.i386.rpm

ia64:
74fefe0a77b7bfb3232855481f1fc083  openmotif-2.2.3-4.RHEL3.4.ia64.rpm
24e7c10209eb33424076763c6ec48a1f  openmotif-2.2.3-4.RHEL3.4.i386.rpm
f23a071559437772dee63c6e0a87e47d  openmotif-devel-2.2.3-4.RHEL3.4.ia64.rpm
23c9973a64d22a435622e9a439cf32a8  openmotif21-2.1.30-9.RHEL3.4.ia64.rpm

x86_64:
4578050dd8b7e640444524c04115a3b8  openmotif-2.2.3-4.RHEL3.4.x86_64.rpm
24e7c10209eb33424076763c6ec48a1f  openmotif-2.2.3-4.RHEL3.4.i386.rpm
f793165407f112b0486cf9e029bd1c04  openmotif-devel-2.2.3-4.RHEL3.4.x86_64.rpm
30c7228d526c6697be8b2ffe3f334cdf  openmotif21-2.1.30-9.RHEL3.4.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBrv1PXlSAg2UNWIIRAm3MAKCHvbsdm9dyDFl2hPtgWnOpCH2tEgCgn/ut
1Qcplx0AlMvFsgxL/XDmyJw=
=FjA9
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu Dec  2 11:32:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 2 Dec 2004 06:32 -0500
Subject: [RHSA-2004:549-01] Updated kernel packages fix security
	vulnerabilities
Message-ID: <200412021132.iB2BWpa08825@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated kernel packages fix security vulnerabilities
Advisory ID:       RHSA-2004:549-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-549.html
Issue date:        2004-12-02
Updated on:        2004-12-02
Product:           Red Hat Enterprise Linux
Keywords:          taroon kernel security errata AF_UNIX
Obsoletes:         RHBA-2004:433
CVE Names:         CAN-2004-0136 CAN-2004-0619 CAN-2004-0685 CAN-2004-0812 CAN-2004-0883 CAN-2004-0949 CAN-2004-1068 CAN-2004-1070 CAN-2004-1071 CAN-2004-1072 CAN-2004-1073
- ---------------------------------------------------------------------

1. Summary:

Updated kernel packages that fix several security issues in Red Hat
Enterprise Linux 3 are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - athlon, i386, i686, ia32e, ia64, ppc64, ppc64iseries, ppc64pseries, s390, s390x, x86_64
Red Hat Desktop version 3 - athlon, i386, i686, ia32e, x86_64
Red Hat Enterprise Linux ES version 3 - athlon, i386, i686, ia32e, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - athlon, i386, i686, ia32e, ia64, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

This update includes fixes for several security issues:

A missing serialization flaw in unix_dgram_recvmsg was discovered that
affects kernels prior to 2.4.28.  A local user could potentially make
use of a race condition in order to gain privileges.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-1068 to this issue.

Paul Starzetz of iSEC discovered various flaws in the ELF binary
loader affecting kernels prior to 2.4.28.  A local user could use thse
flaws to gain read access to executable-only binaries or possibly gain
privileges. (CAN-2004-1070, CAN-2004-1071, CAN-2004-1072, CAN-2004-1073)

A flaw when setting up TSS limits was discovered that affects AMD AMD64
and Intel EM64T architecture kernels prior to 2.4.23.  A local user could
use this flaw to cause a denial of service (crash) or possibly gain
privileges.  (CAN-2004-0812)

An integer overflow flaw was discovered in the ubsec_keysetup function
in the Broadcom 5820 cryptonet driver.  On systems using this driver,
a local user could cause a denial of service (crash) or possibly gain
elevated privileges.  (CAN-2004-0619)

Stefan Esser discovered various flaws including buffer overflows in
the smbfs driver affecting kernels prior to 2.4.28.  A local user may be
able to cause a denial of service (crash) or possibly gain privileges.
In order to exploit these flaws the user would require control of
a connected Samba server.  (CAN-2004-0883, CAN-2004-0949)

SGI discovered a bug in the elf loader that affects kernels prior to
2.4.25 which could be triggered by a malformed binary.  On
architectures other than x86, a local user could create a malicious
binary which could cause a denial of service (crash).  (CAN-2004-0136)

Conectiva discovered flaws in certain USB drivers affecting kernels
prior to 2.4.27 which used the copy_to_user function on uninitialized
structures.  These flaws could allow local users to read small amounts
of kernel memory.  (CAN-2004-0685)

All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

127258 - CAN-2004-0619 Broadcom 5820 integer overflow
127915 - CAN-2004-0136 Verify interpreter arch
127918 - CAN-2004-0685 usb sparse fixes in 2.4
133003 - CAN-2004-0812 User application with "out" instruction can crash the system
134720 - CAN-2004-0883 smbfs potential DOS (CAN-2004-0949)
134874 - CAN-2004-1070 binfmt_elf loader vulnerabilities (CAN-2004-1071 CAN-2004-1072 CAN-2004-1073)
134981 - CAN-2004-0136 Program crashes the kernel
140710 - CAN-2004-1068 Missing serialisation in unix_dgram_recvmsg

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-20.0.1.EL.src.rpm
c9e3ddfa76b6337d22ee18de622288c1  kernel-2.4.21-20.0.1.EL.src.rpm

athlon:
f8c081ece832012d2336fdd79e4deb60  kernel-2.4.21-20.0.1.EL.athlon.rpm
fdb4239f2bb030111db06b4d97db5caf  kernel-smp-2.4.21-20.0.1.EL.athlon.rpm
da055118ecfa029bdb09fdb8ebb1d955  kernel-smp-unsupported-2.4.21-20.0.1.EL.athlon.rpm
fa9407f23524f3ed308564adfcfeb175  kernel-unsupported-2.4.21-20.0.1.EL.athlon.rpm

i386:
6783573b11708147b9eeebccfadc0d82  kernel-BOOT-2.4.21-20.0.1.EL.i386.rpm
6dd1727c460491c50d3baafa9f3eb48e  kernel-doc-2.4.21-20.0.1.EL.i386.rpm
2a562d9602e88bf603315e8284be1b63  kernel-source-2.4.21-20.0.1.EL.i386.rpm

i686:
333a016b05fefae9c36edce0db8ce528  kernel-2.4.21-20.0.1.EL.i686.rpm
0880fd510254db4de758d7769c12aa22  kernel-hugemem-2.4.21-20.0.1.EL.i686.rpm
40bc41de62fd8954352271ab39d5a671  kernel-hugemem-unsupported-2.4.21-20.0.1.EL.i686.rpm
8c78b2438e867fb71842d766d0e9124d  kernel-smp-2.4.21-20.0.1.EL.i686.rpm
fc4efb54677603328eb4275f5cc13224  kernel-smp-unsupported-2.4.21-20.0.1.EL.i686.rpm
87f698bc20a97bdd8cc0d700449cb93f  kernel-unsupported-2.4.21-20.0.1.EL.i686.rpm

ia32e:
e30fe011aaec81a31ef08d318dbc0fcb  kernel-2.4.21-20.0.1.EL.ia32e.rpm
56b4bb346e1eac026ae7d68952ce2c2e  kernel-unsupported-2.4.21-20.0.1.EL.ia32e.rpm

ia64:
602204cf75227aa55af4701cc4528517  kernel-2.4.21-20.0.1.EL.ia64.rpm
999dae9a7f28e800a969f9470fd01aa9  kernel-doc-2.4.21-20.0.1.EL.ia64.rpm
a5ab35ad4ec2542009bcf798d53c1a7a  kernel-source-2.4.21-20.0.1.EL.ia64.rpm
7d3b7d3723dfa22e9587cf504da049f5  kernel-unsupported-2.4.21-20.0.1.EL.ia64.rpm

ppc64:
677ab689167f78686f91b88f36aa70a3  kernel-doc-2.4.21-20.0.1.EL.ppc64.rpm
2b0078cf957293819e11232b8d090b55  kernel-source-2.4.21-20.0.1.EL.ppc64.rpm

ppc64iseries:
b22a72441fa3b7ca93101e41f4bee003  kernel-2.4.21-20.0.1.EL.ppc64iseries.rpm
e8a2dd6770e48537a4606f5cb413a82e  kernel-unsupported-2.4.21-20.0.1.EL.ppc64iseries.rpm

ppc64pseries:
2f5724e8b26f64ac1a3b401a8ce4e55a  kernel-2.4.21-20.0.1.EL.ppc64pseries.rpm
ba54755ba36b7176270d807468232af7  kernel-unsupported-2.4.21-20.0.1.EL.ppc64pseries.rpm

s390:
2c69b4903f00b833dc6343fecb1cbc21  kernel-2.4.21-20.0.1.EL.s390.rpm
229cdd30ce01ff95e5c12660598631b3  kernel-doc-2.4.21-20.0.1.EL.s390.rpm
de76d738799e18613ff9d791e56453e9  kernel-source-2.4.21-20.0.1.EL.s390.rpm
4b75ed72fff3f4a4a6a0f05e23bdaeeb  kernel-unsupported-2.4.21-20.0.1.EL.s390.rpm

s390x:
e46dc77dc92833dea60ba5a03bf462f1  kernel-2.4.21-20.0.1.EL.s390x.rpm
d8ed930629a1292ac52eeb1a9bbd067f  kernel-doc-2.4.21-20.0.1.EL.s390x.rpm
585d443c6dd03e4ef290b637f5e7238c  kernel-source-2.4.21-20.0.1.EL.s390x.rpm
e1050dc296ba58c1b174fdf5ceb53be1  kernel-unsupported-2.4.21-20.0.1.EL.s390x.rpm

x86_64:
a7b9984ba33ef118bfac14ccf3d55a92  kernel-2.4.21-20.0.1.EL.x86_64.rpm
11d87e3ae8f05534a8863edf9609a054  kernel-doc-2.4.21-20.0.1.EL.x86_64.rpm
e91f6c5fb7353522f1e1edf4fa5ddc32  kernel-smp-2.4.21-20.0.1.EL.x86_64.rpm
ebdc738c994fcb10a81987c52070bdd0  kernel-smp-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
bc37b34ac3e62c3ae600615621d8f2d2  kernel-source-2.4.21-20.0.1.EL.x86_64.rpm
25a000e88c186cd1c53185186eb27e48  kernel-unsupported-2.4.21-20.0.1.EL.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-20.0.1.EL.src.rpm
c9e3ddfa76b6337d22ee18de622288c1  kernel-2.4.21-20.0.1.EL.src.rpm

athlon:
f8c081ece832012d2336fdd79e4deb60  kernel-2.4.21-20.0.1.EL.athlon.rpm
fdb4239f2bb030111db06b4d97db5caf  kernel-smp-2.4.21-20.0.1.EL.athlon.rpm
da055118ecfa029bdb09fdb8ebb1d955  kernel-smp-unsupported-2.4.21-20.0.1.EL.athlon.rpm
fa9407f23524f3ed308564adfcfeb175  kernel-unsupported-2.4.21-20.0.1.EL.athlon.rpm

i386:
6783573b11708147b9eeebccfadc0d82  kernel-BOOT-2.4.21-20.0.1.EL.i386.rpm
6dd1727c460491c50d3baafa9f3eb48e  kernel-doc-2.4.21-20.0.1.EL.i386.rpm
2a562d9602e88bf603315e8284be1b63  kernel-source-2.4.21-20.0.1.EL.i386.rpm

i686:
333a016b05fefae9c36edce0db8ce528  kernel-2.4.21-20.0.1.EL.i686.rpm
0880fd510254db4de758d7769c12aa22  kernel-hugemem-2.4.21-20.0.1.EL.i686.rpm
40bc41de62fd8954352271ab39d5a671  kernel-hugemem-unsupported-2.4.21-20.0.1.EL.i686.rpm
8c78b2438e867fb71842d766d0e9124d  kernel-smp-2.4.21-20.0.1.EL.i686.rpm
fc4efb54677603328eb4275f5cc13224  kernel-smp-unsupported-2.4.21-20.0.1.EL.i686.rpm
87f698bc20a97bdd8cc0d700449cb93f  kernel-unsupported-2.4.21-20.0.1.EL.i686.rpm

ia32e:
e30fe011aaec81a31ef08d318dbc0fcb  kernel-2.4.21-20.0.1.EL.ia32e.rpm
56b4bb346e1eac026ae7d68952ce2c2e  kernel-unsupported-2.4.21-20.0.1.EL.ia32e.rpm

x86_64:
a7b9984ba33ef118bfac14ccf3d55a92  kernel-2.4.21-20.0.1.EL.x86_64.rpm
11d87e3ae8f05534a8863edf9609a054  kernel-doc-2.4.21-20.0.1.EL.x86_64.rpm
e91f6c5fb7353522f1e1edf4fa5ddc32  kernel-smp-2.4.21-20.0.1.EL.x86_64.rpm
ebdc738c994fcb10a81987c52070bdd0  kernel-smp-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
bc37b34ac3e62c3ae600615621d8f2d2  kernel-source-2.4.21-20.0.1.EL.x86_64.rpm
25a000e88c186cd1c53185186eb27e48  kernel-unsupported-2.4.21-20.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-20.0.1.EL.src.rpm
c9e3ddfa76b6337d22ee18de622288c1  kernel-2.4.21-20.0.1.EL.src.rpm

athlon:
f8c081ece832012d2336fdd79e4deb60  kernel-2.4.21-20.0.1.EL.athlon.rpm
fdb4239f2bb030111db06b4d97db5caf  kernel-smp-2.4.21-20.0.1.EL.athlon.rpm
da055118ecfa029bdb09fdb8ebb1d955  kernel-smp-unsupported-2.4.21-20.0.1.EL.athlon.rpm
fa9407f23524f3ed308564adfcfeb175  kernel-unsupported-2.4.21-20.0.1.EL.athlon.rpm

i386:
6783573b11708147b9eeebccfadc0d82  kernel-BOOT-2.4.21-20.0.1.EL.i386.rpm
6dd1727c460491c50d3baafa9f3eb48e  kernel-doc-2.4.21-20.0.1.EL.i386.rpm
2a562d9602e88bf603315e8284be1b63  kernel-source-2.4.21-20.0.1.EL.i386.rpm

i686:
333a016b05fefae9c36edce0db8ce528  kernel-2.4.21-20.0.1.EL.i686.rpm
0880fd510254db4de758d7769c12aa22  kernel-hugemem-2.4.21-20.0.1.EL.i686.rpm
40bc41de62fd8954352271ab39d5a671  kernel-hugemem-unsupported-2.4.21-20.0.1.EL.i686.rpm
8c78b2438e867fb71842d766d0e9124d  kernel-smp-2.4.21-20.0.1.EL.i686.rpm
fc4efb54677603328eb4275f5cc13224  kernel-smp-unsupported-2.4.21-20.0.1.EL.i686.rpm
87f698bc20a97bdd8cc0d700449cb93f  kernel-unsupported-2.4.21-20.0.1.EL.i686.rpm

ia32e:
e30fe011aaec81a31ef08d318dbc0fcb  kernel-2.4.21-20.0.1.EL.ia32e.rpm
56b4bb346e1eac026ae7d68952ce2c2e  kernel-unsupported-2.4.21-20.0.1.EL.ia32e.rpm

ia64:
602204cf75227aa55af4701cc4528517  kernel-2.4.21-20.0.1.EL.ia64.rpm
999dae9a7f28e800a969f9470fd01aa9  kernel-doc-2.4.21-20.0.1.EL.ia64.rpm
a5ab35ad4ec2542009bcf798d53c1a7a  kernel-source-2.4.21-20.0.1.EL.ia64.rpm
7d3b7d3723dfa22e9587cf504da049f5  kernel-unsupported-2.4.21-20.0.1.EL.ia64.rpm

x86_64:
a7b9984ba33ef118bfac14ccf3d55a92  kernel-2.4.21-20.0.1.EL.x86_64.rpm
11d87e3ae8f05534a8863edf9609a054  kernel-doc-2.4.21-20.0.1.EL.x86_64.rpm
e91f6c5fb7353522f1e1edf4fa5ddc32  kernel-smp-2.4.21-20.0.1.EL.x86_64.rpm
ebdc738c994fcb10a81987c52070bdd0  kernel-smp-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
bc37b34ac3e62c3ae600615621d8f2d2  kernel-source-2.4.21-20.0.1.EL.x86_64.rpm
25a000e88c186cd1c53185186eb27e48  kernel-unsupported-2.4.21-20.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-20.0.1.EL.src.rpm
c9e3ddfa76b6337d22ee18de622288c1  kernel-2.4.21-20.0.1.EL.src.rpm

athlon:
f8c081ece832012d2336fdd79e4deb60  kernel-2.4.21-20.0.1.EL.athlon.rpm
fdb4239f2bb030111db06b4d97db5caf  kernel-smp-2.4.21-20.0.1.EL.athlon.rpm
da055118ecfa029bdb09fdb8ebb1d955  kernel-smp-unsupported-2.4.21-20.0.1.EL.athlon.rpm
fa9407f23524f3ed308564adfcfeb175  kernel-unsupported-2.4.21-20.0.1.EL.athlon.rpm

i386:
6783573b11708147b9eeebccfadc0d82  kernel-BOOT-2.4.21-20.0.1.EL.i386.rpm
6dd1727c460491c50d3baafa9f3eb48e  kernel-doc-2.4.21-20.0.1.EL.i386.rpm
2a562d9602e88bf603315e8284be1b63  kernel-source-2.4.21-20.0.1.EL.i386.rpm

i686:
333a016b05fefae9c36edce0db8ce528  kernel-2.4.21-20.0.1.EL.i686.rpm
0880fd510254db4de758d7769c12aa22  kernel-hugemem-2.4.21-20.0.1.EL.i686.rpm
40bc41de62fd8954352271ab39d5a671  kernel-hugemem-unsupported-2.4.21-20.0.1.EL.i686.rpm
8c78b2438e867fb71842d766d0e9124d  kernel-smp-2.4.21-20.0.1.EL.i686.rpm
fc4efb54677603328eb4275f5cc13224  kernel-smp-unsupported-2.4.21-20.0.1.EL.i686.rpm
87f698bc20a97bdd8cc0d700449cb93f  kernel-unsupported-2.4.21-20.0.1.EL.i686.rpm

ia32e:
e30fe011aaec81a31ef08d318dbc0fcb  kernel-2.4.21-20.0.1.EL.ia32e.rpm
56b4bb346e1eac026ae7d68952ce2c2e  kernel-unsupported-2.4.21-20.0.1.EL.ia32e.rpm

ia64:
602204cf75227aa55af4701cc4528517  kernel-2.4.21-20.0.1.EL.ia64.rpm
999dae9a7f28e800a969f9470fd01aa9  kernel-doc-2.4.21-20.0.1.EL.ia64.rpm
a5ab35ad4ec2542009bcf798d53c1a7a  kernel-source-2.4.21-20.0.1.EL.ia64.rpm
7d3b7d3723dfa22e9587cf504da049f5  kernel-unsupported-2.4.21-20.0.1.EL.ia64.rpm

x86_64:
a7b9984ba33ef118bfac14ccf3d55a92  kernel-2.4.21-20.0.1.EL.x86_64.rpm
11d87e3ae8f05534a8863edf9609a054  kernel-doc-2.4.21-20.0.1.EL.x86_64.rpm
e91f6c5fb7353522f1e1edf4fa5ddc32  kernel-smp-2.4.21-20.0.1.EL.x86_64.rpm
ebdc738c994fcb10a81987c52070bdd0  kernel-smp-unsupported-2.4.21-20.0.1.EL.x86_64.rpm
bc37b34ac3e62c3ae600615621d8f2d2  kernel-source-2.4.21-20.0.1.EL.x86_64.rpm
25a000e88c186cd1c53185186eb27e48  kernel-unsupported-2.4.21-20.0.1.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1073

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBrv1gXlSAg2UNWIIRAi/TAJ4tEWd/OWwzTKL4MH602lHlKbDyzgCfZ/+o
ntkXKUObRw3vALyUMITPSkU=
=Z8fX
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Dec  8 20:29:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 8 Dec 2004 15:29 -0500
Subject: [RHSA-2004:636-01] Updated ImageMagick packages fix security
	vulnerability
Message-ID: <200412082029.iB8KTLa17022@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated ImageMagick packages fix security vulnerability
Advisory ID:       RHSA-2004:636-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-636.html
Issue date:        2004-12-08
Updated on:        2004-12-08
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0981 CAN-2004-0827
- ---------------------------------------------------------------------

1. Summary:

Updated ImageMagick packages that fixes a buffer overflow are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

ImageMagick(TM) is an image display and manipulation tool for the X Window
System.

A buffer overflow flaw was discovered in the ImageMagick image handler.
An attacker could create a carefully crafted image file with an improper
EXIF information in such a way that it would cause ImageMagick to execute
arbitrary code when processing the image. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0981 to
this issue.

David Eisenstein has reported that our previous fix for CAN-2004-0827, a
heap overflow flaw, was incomplete.  An attacker could create a carefully
crafted BMP file in such a way that it could cause ImageMagick to execute
arbitrary code when processing the image. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0827 to
this issue.

Users of ImageMagick should upgrade to these updated packages, which
contain a backported patch, and is not vulnerable to this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

138383 - CAN-2004-0981 buffer overflow in ImageMagick's EXIF parser
130807 - CAN-2004-0827 heap overflow in BMP decoder

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ImageMagick-5.3.8-6.src.rpm
04d666060f01521d9fea24742a3f5439  ImageMagick-5.3.8-6.src.rpm

i386:
49dfa73a8b65db1b71604ff7dbed85b8  ImageMagick-5.3.8-6.i386.rpm
e1e68b14d6c637bfa9525accb884b4cb  ImageMagick-c++-5.3.8-6.i386.rpm
4fda06f1279142275c0e3f1365888590  ImageMagick-c++-devel-5.3.8-6.i386.rpm
852ce90eaa8d702e4e3c0a74b4b8ae7a  ImageMagick-devel-5.3.8-6.i386.rpm
5e35ecce0aeb39bcdcab5d307e6a289d  ImageMagick-perl-5.3.8-6.i386.rpm

ia64:
9eebb430cc2782bf8779c2b6c1ac9330  ImageMagick-5.3.8-6.ia64.rpm
03597330fda5d808c67f7e9217e6cd99  ImageMagick-c++-5.3.8-6.ia64.rpm
9a2b3cde42826d541dc25cc18b6fef82  ImageMagick-c++-devel-5.3.8-6.ia64.rpm
3ef246ab1ead8e4ac34d5fb600ba6e11  ImageMagick-devel-5.3.8-6.ia64.rpm
0f8b492a2e35876487a18cb34717530f  ImageMagick-perl-5.3.8-6.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ImageMagick-5.3.8-6.src.rpm
04d666060f01521d9fea24742a3f5439  ImageMagick-5.3.8-6.src.rpm

ia64:
9eebb430cc2782bf8779c2b6c1ac9330  ImageMagick-5.3.8-6.ia64.rpm
03597330fda5d808c67f7e9217e6cd99  ImageMagick-c++-5.3.8-6.ia64.rpm
9a2b3cde42826d541dc25cc18b6fef82  ImageMagick-c++-devel-5.3.8-6.ia64.rpm
3ef246ab1ead8e4ac34d5fb600ba6e11  ImageMagick-devel-5.3.8-6.ia64.rpm
0f8b492a2e35876487a18cb34717530f  ImageMagick-perl-5.3.8-6.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ImageMagick-5.3.8-6.src.rpm
04d666060f01521d9fea24742a3f5439  ImageMagick-5.3.8-6.src.rpm

i386:
49dfa73a8b65db1b71604ff7dbed85b8  ImageMagick-5.3.8-6.i386.rpm
e1e68b14d6c637bfa9525accb884b4cb  ImageMagick-c++-5.3.8-6.i386.rpm
4fda06f1279142275c0e3f1365888590  ImageMagick-c++-devel-5.3.8-6.i386.rpm
852ce90eaa8d702e4e3c0a74b4b8ae7a  ImageMagick-devel-5.3.8-6.i386.rpm
5e35ecce0aeb39bcdcab5d307e6a289d  ImageMagick-perl-5.3.8-6.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ImageMagick-5.3.8-6.src.rpm
04d666060f01521d9fea24742a3f5439  ImageMagick-5.3.8-6.src.rpm

i386:
49dfa73a8b65db1b71604ff7dbed85b8  ImageMagick-5.3.8-6.i386.rpm
e1e68b14d6c637bfa9525accb884b4cb  ImageMagick-c++-5.3.8-6.i386.rpm
4fda06f1279142275c0e3f1365888590  ImageMagick-c++-devel-5.3.8-6.i386.rpm
852ce90eaa8d702e4e3c0a74b4b8ae7a  ImageMagick-devel-5.3.8-6.i386.rpm
5e35ecce0aeb39bcdcab5d307e6a289d  ImageMagick-perl-5.3.8-6.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ImageMagick-5.5.6-7.src.rpm
0eca5e4139fabef268b8b94405406037  ImageMagick-5.5.6-7.src.rpm

i386:
9647bd23372123be8453f3ea2411b9d9  ImageMagick-5.5.6-7.i386.rpm
7b8262f374a5af5e62f0d6a0e7f4f45b  ImageMagick-c++-5.5.6-7.i386.rpm
15459e343c4a2bb2e651a16ae52a215c  ImageMagick-c++-devel-5.5.6-7.i386.rpm
e8ba073973164c5cb145ea3bbdca6f21  ImageMagick-devel-5.5.6-7.i386.rpm
1b048cef4ad7d7f80fe6b174304efd2f  ImageMagick-perl-5.5.6-7.i386.rpm

ia64:
e9d6b12d49f82587079d8630288d5c21  ImageMagick-5.5.6-7.ia64.rpm
76c2730209f2a419d77dcc6228bce775  ImageMagick-c++-5.5.6-7.ia64.rpm
ad56120694232886525cf73e78059d70  ImageMagick-c++-devel-5.5.6-7.ia64.rpm
5540e68ca6ad478f0c06747e0b0af6a9  ImageMagick-devel-5.5.6-7.ia64.rpm
f5d26f006e80d29379611fe429a057a5  ImageMagick-perl-5.5.6-7.ia64.rpm

ppc:
90facda803fb447e862d754a0f773a24  ImageMagick-5.5.6-7.ppc.rpm
1f7dd0b886fc4dd81f83d203cf125e1c  ImageMagick-c++-5.5.6-7.ppc.rpm
1b005351b9db9d7882bfb636d4c31d18  ImageMagick-c++-devel-5.5.6-7.ppc.rpm
a30586353d6bb70020ed3df263f1a497  ImageMagick-devel-5.5.6-7.ppc.rpm
4f2d299fb4fb9831513136d8e56ec8f9  ImageMagick-perl-5.5.6-7.ppc.rpm

s390:
7acdb99fdb3735bec4b5deaffe48638f  ImageMagick-5.5.6-7.s390.rpm
744ad5fe4fcdd1931e6a29acf52c126b  ImageMagick-c++-5.5.6-7.s390.rpm
cfb51a057018d71a439067395835434d  ImageMagick-c++-devel-5.5.6-7.s390.rpm
49aa63d472ea09bb054cd05907941f40  ImageMagick-devel-5.5.6-7.s390.rpm
fb355cd7d24232761a23231c00f9ceef  ImageMagick-perl-5.5.6-7.s390.rpm

s390x:
2c986024e9a51e4cef1157260efebc28  ImageMagick-5.5.6-7.s390x.rpm
1be22c2e7138567cd9b37f727e1eb2ad  ImageMagick-c++-5.5.6-7.s390x.rpm
557aa610b7be1d2ef6670cada21631de  ImageMagick-c++-devel-5.5.6-7.s390x.rpm
74535eac90406854a4d16432b33d9ef2  ImageMagick-devel-5.5.6-7.s390x.rpm
1120d649cfe4b12886a402280fd50b20  ImageMagick-perl-5.5.6-7.s390x.rpm

x86_64:
5dca93db805a70a5e5c63e9ad8799924  ImageMagick-5.5.6-7.x86_64.rpm
f57f942a8ed19d997f92767028a66fad  ImageMagick-c++-5.5.6-7.x86_64.rpm
c17c17e26cf6320885fb4b49a48d8d00  ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
9c7bc81a718108e2e848f0cb04223492  ImageMagick-devel-5.5.6-7.x86_64.rpm
66699a74e16e141df285f25146da7a43  ImageMagick-perl-5.5.6-7.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ImageMagick-5.5.6-7.src.rpm
0eca5e4139fabef268b8b94405406037  ImageMagick-5.5.6-7.src.rpm

i386:
9647bd23372123be8453f3ea2411b9d9  ImageMagick-5.5.6-7.i386.rpm
7b8262f374a5af5e62f0d6a0e7f4f45b  ImageMagick-c++-5.5.6-7.i386.rpm
15459e343c4a2bb2e651a16ae52a215c  ImageMagick-c++-devel-5.5.6-7.i386.rpm
e8ba073973164c5cb145ea3bbdca6f21  ImageMagick-devel-5.5.6-7.i386.rpm
1b048cef4ad7d7f80fe6b174304efd2f  ImageMagick-perl-5.5.6-7.i386.rpm

x86_64:
5dca93db805a70a5e5c63e9ad8799924  ImageMagick-5.5.6-7.x86_64.rpm
f57f942a8ed19d997f92767028a66fad  ImageMagick-c++-5.5.6-7.x86_64.rpm
c17c17e26cf6320885fb4b49a48d8d00  ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
9c7bc81a718108e2e848f0cb04223492  ImageMagick-devel-5.5.6-7.x86_64.rpm
66699a74e16e141df285f25146da7a43  ImageMagick-perl-5.5.6-7.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ImageMagick-5.5.6-7.src.rpm
0eca5e4139fabef268b8b94405406037  ImageMagick-5.5.6-7.src.rpm

i386:
9647bd23372123be8453f3ea2411b9d9  ImageMagick-5.5.6-7.i386.rpm
7b8262f374a5af5e62f0d6a0e7f4f45b  ImageMagick-c++-5.5.6-7.i386.rpm
15459e343c4a2bb2e651a16ae52a215c  ImageMagick-c++-devel-5.5.6-7.i386.rpm
e8ba073973164c5cb145ea3bbdca6f21  ImageMagick-devel-5.5.6-7.i386.rpm
1b048cef4ad7d7f80fe6b174304efd2f  ImageMagick-perl-5.5.6-7.i386.rpm

ia64:
e9d6b12d49f82587079d8630288d5c21  ImageMagick-5.5.6-7.ia64.rpm
76c2730209f2a419d77dcc6228bce775  ImageMagick-c++-5.5.6-7.ia64.rpm
ad56120694232886525cf73e78059d70  ImageMagick-c++-devel-5.5.6-7.ia64.rpm
5540e68ca6ad478f0c06747e0b0af6a9  ImageMagick-devel-5.5.6-7.ia64.rpm
f5d26f006e80d29379611fe429a057a5  ImageMagick-perl-5.5.6-7.ia64.rpm

x86_64:
5dca93db805a70a5e5c63e9ad8799924  ImageMagick-5.5.6-7.x86_64.rpm
f57f942a8ed19d997f92767028a66fad  ImageMagick-c++-5.5.6-7.x86_64.rpm
c17c17e26cf6320885fb4b49a48d8d00  ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
9c7bc81a718108e2e848f0cb04223492  ImageMagick-devel-5.5.6-7.x86_64.rpm
66699a74e16e141df285f25146da7a43  ImageMagick-perl-5.5.6-7.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ImageMagick-5.5.6-7.src.rpm
0eca5e4139fabef268b8b94405406037  ImageMagick-5.5.6-7.src.rpm

i386:
9647bd23372123be8453f3ea2411b9d9  ImageMagick-5.5.6-7.i386.rpm
7b8262f374a5af5e62f0d6a0e7f4f45b  ImageMagick-c++-5.5.6-7.i386.rpm
15459e343c4a2bb2e651a16ae52a215c  ImageMagick-c++-devel-5.5.6-7.i386.rpm
e8ba073973164c5cb145ea3bbdca6f21  ImageMagick-devel-5.5.6-7.i386.rpm
1b048cef4ad7d7f80fe6b174304efd2f  ImageMagick-perl-5.5.6-7.i386.rpm

ia64:
e9d6b12d49f82587079d8630288d5c21  ImageMagick-5.5.6-7.ia64.rpm
76c2730209f2a419d77dcc6228bce775  ImageMagick-c++-5.5.6-7.ia64.rpm
ad56120694232886525cf73e78059d70  ImageMagick-c++-devel-5.5.6-7.ia64.rpm
5540e68ca6ad478f0c06747e0b0af6a9  ImageMagick-devel-5.5.6-7.ia64.rpm
f5d26f006e80d29379611fe429a057a5  ImageMagick-perl-5.5.6-7.ia64.rpm

x86_64:
5dca93db805a70a5e5c63e9ad8799924  ImageMagick-5.5.6-7.x86_64.rpm
f57f942a8ed19d997f92767028a66fad  ImageMagick-c++-5.5.6-7.x86_64.rpm
c17c17e26cf6320885fb4b49a48d8d00  ImageMagick-c++-devel-5.5.6-7.x86_64.rpm
9c7bc81a718108e2e848f0cb04223492  ImageMagick-devel-5.5.6-7.x86_64.rpm
66699a74e16e141df285f25146da7a43  ImageMagick-perl-5.5.6-7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0827

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBt2QLXlSAg2UNWIIRApVrAJ0dQRiLpspwzrOdBQFIRjmeJopV2wCeNMyc
inITvexd2UtjjdCaN0YJfTg=
=pzpb
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Fri Dec 10 16:46:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Fri, 10 Dec 2004 11:46 -0500
Subject: [RHSA-2004:651-01] Updated imlib packages fix security
	vulnerabilities
Message-ID: <200412101646.iBAGkka01739@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated imlib packages fix security vulnerabilities
Advisory ID:       RHSA-2004:651-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-651.html
Issue date:        2004-12-10
Updated on:        2004-12-10
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-1025 CAN-2004-1026
- ---------------------------------------------------------------------

1. Summary:

Updated imlib packages that fix several integer and buffer overflows are
now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The imlib packages contain an image loading and rendering library.

Pavel Kankovsky discovered several heap overflow flaws that were found in
the imlib image handler. An attacker could create a carefully crafted image
file in such a way that it could cause an application linked with imlib to
execute arbitrary code when the file was opened by a victim. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-1025 to this issue.

Additionally, Pavel discovered several integer overflow flaws that were
found in the imlib image handler. An attacker could create a carefully
crafted image file in such a way that it could cause an application linked
with imlib to execute arbitrary code or crash when the file was opened by a
victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1026 to this issue.

Users of imlib should update to these updated packages, which contain
backported patches and are not vulnerable to this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

138516 - CAN-2004-1025 Multiple imlib issues. (CAN-2004-1026)

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/imlib-1.9.13-4.3.src.rpm
0a3c30ebe7c7bf1144a5d87762d5b691  imlib-1.9.13-4.3.src.rpm

i386:
a2efcd78207a9773eb0bd31293aa7b24  imlib-1.9.13-4.3.i386.rpm
f05e36c23fcfdc326d1734aaf50fa33c  imlib-cfgeditor-1.9.13-4.3.i386.rpm
ee58781e3e6820560b55b03554a7eab2  imlib-devel-1.9.13-4.3.i386.rpm

ia64:
d6d1ce616e19fbbec8cf3b2f06527a2c  imlib-1.9.13-4.3.ia64.rpm
79a9a717343e73a44efa4198fd8f3856  imlib-cfgeditor-1.9.13-4.3.ia64.rpm
0c87e24aba22c5ebceb6f9f409ba091c  imlib-devel-1.9.13-4.3.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/imlib-1.9.13-4.3.src.rpm
0a3c30ebe7c7bf1144a5d87762d5b691  imlib-1.9.13-4.3.src.rpm

ia64:
d6d1ce616e19fbbec8cf3b2f06527a2c  imlib-1.9.13-4.3.ia64.rpm
79a9a717343e73a44efa4198fd8f3856  imlib-cfgeditor-1.9.13-4.3.ia64.rpm
0c87e24aba22c5ebceb6f9f409ba091c  imlib-devel-1.9.13-4.3.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/imlib-1.9.13-4.3.src.rpm
0a3c30ebe7c7bf1144a5d87762d5b691  imlib-1.9.13-4.3.src.rpm

i386:
a2efcd78207a9773eb0bd31293aa7b24  imlib-1.9.13-4.3.i386.rpm
f05e36c23fcfdc326d1734aaf50fa33c  imlib-cfgeditor-1.9.13-4.3.i386.rpm
ee58781e3e6820560b55b03554a7eab2  imlib-devel-1.9.13-4.3.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/imlib-1.9.13-4.3.src.rpm
0a3c30ebe7c7bf1144a5d87762d5b691  imlib-1.9.13-4.3.src.rpm

i386:
a2efcd78207a9773eb0bd31293aa7b24  imlib-1.9.13-4.3.i386.rpm
f05e36c23fcfdc326d1734aaf50fa33c  imlib-cfgeditor-1.9.13-4.3.i386.rpm
ee58781e3e6820560b55b03554a7eab2  imlib-devel-1.9.13-4.3.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/imlib-1.9.13-13.4.src.rpm
eedcdc9bc78a0736a6db342fb7e064aa  imlib-1.9.13-13.4.src.rpm

i386:
72fad28d75c5beff7140dbe63f33e0b8  imlib-1.9.13-13.4.i386.rpm
286302f2e3965d419772b800436e23cc  imlib-devel-1.9.13-13.4.i386.rpm

ia64:
03d29e218ff542afbea20c1b1332c1ae  imlib-1.9.13-13.4.ia64.rpm
f1a6d86e5bfb55d0efa3c48cdb6e5e60  imlib-devel-1.9.13-13.4.ia64.rpm

ppc:
31e11d994855fe92c394929384ec9b45  imlib-1.9.13-13.4.ppc.rpm
90c3a55b2256f0900e2612ec97059151  imlib-devel-1.9.13-13.4.ppc.rpm

s390:
d51f954de49bafd895a65894e1b808e8  imlib-1.9.13-13.4.s390.rpm
bb4c9944ea49a8c3d865ce2bf7ea4037  imlib-devel-1.9.13-13.4.s390.rpm

s390x:
e932b3c7a39871a5c95db3392fe72c65  imlib-1.9.13-13.4.s390x.rpm
6aae3cebfbdba66a864d6c8e73f76cdb  imlib-devel-1.9.13-13.4.s390x.rpm

x86_64:
207c7bd9f6f3790c8c39a4cd5be65e3d  imlib-1.9.13-13.4.x86_64.rpm
3d2517a397c7e91399e9fe1364740503  imlib-devel-1.9.13-13.4.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/imlib-1.9.13-13.4.src.rpm
eedcdc9bc78a0736a6db342fb7e064aa  imlib-1.9.13-13.4.src.rpm

i386:
72fad28d75c5beff7140dbe63f33e0b8  imlib-1.9.13-13.4.i386.rpm
286302f2e3965d419772b800436e23cc  imlib-devel-1.9.13-13.4.i386.rpm

x86_64:
207c7bd9f6f3790c8c39a4cd5be65e3d  imlib-1.9.13-13.4.x86_64.rpm
3d2517a397c7e91399e9fe1364740503  imlib-devel-1.9.13-13.4.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/imlib-1.9.13-13.4.src.rpm
eedcdc9bc78a0736a6db342fb7e064aa  imlib-1.9.13-13.4.src.rpm

i386:
72fad28d75c5beff7140dbe63f33e0b8  imlib-1.9.13-13.4.i386.rpm
286302f2e3965d419772b800436e23cc  imlib-devel-1.9.13-13.4.i386.rpm

ia64:
03d29e218ff542afbea20c1b1332c1ae  imlib-1.9.13-13.4.ia64.rpm
f1a6d86e5bfb55d0efa3c48cdb6e5e60  imlib-devel-1.9.13-13.4.ia64.rpm

x86_64:
207c7bd9f6f3790c8c39a4cd5be65e3d  imlib-1.9.13-13.4.x86_64.rpm
3d2517a397c7e91399e9fe1364740503  imlib-devel-1.9.13-13.4.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/imlib-1.9.13-13.4.src.rpm
eedcdc9bc78a0736a6db342fb7e064aa  imlib-1.9.13-13.4.src.rpm

i386:
72fad28d75c5beff7140dbe63f33e0b8  imlib-1.9.13-13.4.i386.rpm
286302f2e3965d419772b800436e23cc  imlib-devel-1.9.13-13.4.i386.rpm

ia64:
03d29e218ff542afbea20c1b1332c1ae  imlib-1.9.13-13.4.ia64.rpm
f1a6d86e5bfb55d0efa3c48cdb6e5e60  imlib-devel-1.9.13-13.4.ia64.rpm

x86_64:
207c7bd9f6f3790c8c39a4cd5be65e3d  imlib-1.9.13-13.4.x86_64.rpm
3d2517a397c7e91399e9fe1364740503  imlib-devel-1.9.13-13.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBudLyXlSAg2UNWIIRAnPRAJ9U5+PSSClN0rQgDLsk6IrZs4NiWACeOgzv
3dTiiqthTyohvlXiAYPwVOY=
=Nxga
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon Dec 13 18:58:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 13 Dec 2004 13:58 -0500
Subject: [RHSA-2004:635-01] Updated ruby package fixes denial of service
	issue
Message-ID: <200412131858.iBDIwCa05171@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated ruby package fixes denial of service issue
Advisory ID:       RHSA-2004:635-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-635.html
Issue date:        2004-12-13
Updated on:        2004-12-13
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0983
- ---------------------------------------------------------------------

1. Summary:

An updated ruby package that fixes a denial of service issue for the CGI
instance is now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Ruby is an interpreted scripting language for object-oriented programming.

A flaw was dicovered in the CGI module of Ruby.  If empty data is sent by
the POST method to the CGI script which requires MIME type
multipart/form-data, it can get stuck in a loop.  A remote attacker could
trigger this flaw and cause a denial of service.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0983 to this issue.

Users are advised to upgrade to this erratum package, which contains a
backported patch to cgi.rb.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

138362 - CAN-2004-0983 Denial of Service in Ruby

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ruby-1.6.4-2.AS21.1.src.rpm
1c9c90f0ab2a2d99aacb3ca4b14868c2  ruby-1.6.4-2.AS21.1.src.rpm

i386:
984de6c8bd15661642cf96852eec8594  irb-1.6.4-2.AS21.1.i386.rpm
228efa4a0710253ed381d0cb7288654b  ruby-1.6.4-2.AS21.1.i386.rpm
d45f217ef393decea4bfc43822fad7b3  ruby-devel-1.6.4-2.AS21.1.i386.rpm
e2eb1318a5a5c800024859f2b8e0bf02  ruby-docs-1.6.4-2.AS21.1.i386.rpm
edea06b8999c1710ba66d6c580636934  ruby-libs-1.6.4-2.AS21.1.i386.rpm
83393ce9d2ffcaa9159c85fe2ea877f8  ruby-tcltk-1.6.4-2.AS21.1.i386.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ruby-1.6.4-2.AS21.1.src.rpm
1c9c90f0ab2a2d99aacb3ca4b14868c2  ruby-1.6.4-2.AS21.1.src.rpm

i386:
984de6c8bd15661642cf96852eec8594  irb-1.6.4-2.AS21.1.i386.rpm
228efa4a0710253ed381d0cb7288654b  ruby-1.6.4-2.AS21.1.i386.rpm
d45f217ef393decea4bfc43822fad7b3  ruby-devel-1.6.4-2.AS21.1.i386.rpm
e2eb1318a5a5c800024859f2b8e0bf02  ruby-docs-1.6.4-2.AS21.1.i386.rpm
edea06b8999c1710ba66d6c580636934  ruby-libs-1.6.4-2.AS21.1.i386.rpm
83393ce9d2ffcaa9159c85fe2ea877f8  ruby-tcltk-1.6.4-2.AS21.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ruby-1.6.4-2.AS21.1.src.rpm
1c9c90f0ab2a2d99aacb3ca4b14868c2  ruby-1.6.4-2.AS21.1.src.rpm

i386:
984de6c8bd15661642cf96852eec8594  irb-1.6.4-2.AS21.1.i386.rpm
228efa4a0710253ed381d0cb7288654b  ruby-1.6.4-2.AS21.1.i386.rpm
d45f217ef393decea4bfc43822fad7b3  ruby-devel-1.6.4-2.AS21.1.i386.rpm
e2eb1318a5a5c800024859f2b8e0bf02  ruby-docs-1.6.4-2.AS21.1.i386.rpm
edea06b8999c1710ba66d6c580636934  ruby-libs-1.6.4-2.AS21.1.i386.rpm
83393ce9d2ffcaa9159c85fe2ea877f8  ruby-tcltk-1.6.4-2.AS21.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ruby-1.6.8-9.EL3.3.src.rpm
2f01d4591ff0fc041a544a7903b1808d  ruby-1.6.8-9.EL3.3.src.rpm

i386:
f408badb2510f463b5c7872e69a90efc  irb-1.6.8-9.EL3.3.i386.rpm
28689571cc04893ae54659d3bd50600f  ruby-1.6.8-9.EL3.3.i386.rpm
6f58c9789a0215e620b07761864d49e1  ruby-devel-1.6.8-9.EL3.3.i386.rpm
f2989414a97a41d85efa0386cfd6e63d  ruby-docs-1.6.8-9.EL3.3.i386.rpm
645e9618992229a97d7e1de2dbb5c691  ruby-libs-1.6.8-9.EL3.3.i386.rpm
f39588cdce470d68cf022ef3d4b7c17d  ruby-mode-1.6.8-9.EL3.3.i386.rpm
58f1aaa85a9bb7ab46a85dd339b57004  ruby-tcltk-1.6.8-9.EL3.3.i386.rpm

ia64:
c592891960b9b93d210b6a83811c847f  irb-1.6.8-9.EL3.3.ia64.rpm
7ac0fee7db9ee459261c63e93546983e  ruby-1.6.8-9.EL3.3.ia64.rpm
33cfff0cc59df6f4bb99c6f10f7cfe42  ruby-devel-1.6.8-9.EL3.3.ia64.rpm
9646d7fac418cec6cbe503f80d61c0c4  ruby-docs-1.6.8-9.EL3.3.ia64.rpm
ac7060784a405a2f2d32c400f20981a9  ruby-libs-1.6.8-9.EL3.3.ia64.rpm
76f778eddc74e655d417cae54b6911ed  ruby-mode-1.6.8-9.EL3.3.ia64.rpm
3a61c755364d2c2fc40235ca174c4109  ruby-tcltk-1.6.8-9.EL3.3.ia64.rpm

ppc:
2e78623c3afa71514c422606dcea0eb8  irb-1.6.8-9.EL3.3.ppc.rpm
1b494554641426f9cc469bdea01b3de2  ruby-1.6.8-9.EL3.3.ppc.rpm
c12cf463dda2389c1865643c04a2f200  ruby-devel-1.6.8-9.EL3.3.ppc.rpm
77ebb60cb2b619401afb643b0e417797  ruby-docs-1.6.8-9.EL3.3.ppc.rpm
b20f57bfcdff1732a82a8e3d5f939d80  ruby-libs-1.6.8-9.EL3.3.ppc.rpm
481812301c538d031458b33ac45377ba  ruby-mode-1.6.8-9.EL3.3.ppc.rpm
1e68c1c503209d0a00b1d6c49e6f1cc7  ruby-tcltk-1.6.8-9.EL3.3.ppc.rpm

s390:
417a2dae8057853d95c01752b855a85b  irb-1.6.8-9.EL3.3.s390.rpm
fdcecea5dc82c81fa2def2dd6882be61  ruby-1.6.8-9.EL3.3.s390.rpm
101677cc586a6e0ffa2243f4d44e1690  ruby-devel-1.6.8-9.EL3.3.s390.rpm
b9c6e991d23c84cf983c0dda0218b056  ruby-docs-1.6.8-9.EL3.3.s390.rpm
551748a998a181b7aa87d64d97e959b2  ruby-libs-1.6.8-9.EL3.3.s390.rpm
331c153e38936930ee94724649129d4e  ruby-mode-1.6.8-9.EL3.3.s390.rpm
a01479d847ef53fbad6b7878ace4c326  ruby-tcltk-1.6.8-9.EL3.3.s390.rpm

s390x:
dc524b6c4b51ceb1d09fb9aa8f50bfb5  irb-1.6.8-9.EL3.3.s390x.rpm
d067c97c8f1b63216608df91b79f3346  ruby-1.6.8-9.EL3.3.s390x.rpm
ca5f632329db91a7d8b0905dfa0c4b98  ruby-devel-1.6.8-9.EL3.3.s390x.rpm
5d54cbc527a849531713ec8569b0b02a  ruby-docs-1.6.8-9.EL3.3.s390x.rpm
f184c8c8d7c83527fdc981577050416e  ruby-libs-1.6.8-9.EL3.3.s390x.rpm
77d175cda989287452933c0f419a2a1e  ruby-mode-1.6.8-9.EL3.3.s390x.rpm
69b9dd6dcea803c1e83339fa220ef441  ruby-tcltk-1.6.8-9.EL3.3.s390x.rpm

x86_64:
8ba124cf1c2c7afb3ad723a20b7d5c0d  irb-1.6.8-9.EL3.3.x86_64.rpm
08fbcb3dbbcc4f6007ff5bb553101e3a  ruby-1.6.8-9.EL3.3.x86_64.rpm
f919fb4d57ac9007db765d15169bb448  ruby-devel-1.6.8-9.EL3.3.x86_64.rpm
9c878a656d96677a21eaeffc98445862  ruby-docs-1.6.8-9.EL3.3.x86_64.rpm
f1b99550c731bb413f8f22bf2af6da95  ruby-libs-1.6.8-9.EL3.3.x86_64.rpm
4900c7792a3c986a8cfcb1ea78ce6045  ruby-mode-1.6.8-9.EL3.3.x86_64.rpm
81255d577d75df37f37461811121aa0e  ruby-tcltk-1.6.8-9.EL3.3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ruby-1.6.8-9.EL3.3.src.rpm
2f01d4591ff0fc041a544a7903b1808d  ruby-1.6.8-9.EL3.3.src.rpm

i386:
f408badb2510f463b5c7872e69a90efc  irb-1.6.8-9.EL3.3.i386.rpm
28689571cc04893ae54659d3bd50600f  ruby-1.6.8-9.EL3.3.i386.rpm
6f58c9789a0215e620b07761864d49e1  ruby-devel-1.6.8-9.EL3.3.i386.rpm
f2989414a97a41d85efa0386cfd6e63d  ruby-docs-1.6.8-9.EL3.3.i386.rpm
645e9618992229a97d7e1de2dbb5c691  ruby-libs-1.6.8-9.EL3.3.i386.rpm
f39588cdce470d68cf022ef3d4b7c17d  ruby-mode-1.6.8-9.EL3.3.i386.rpm
58f1aaa85a9bb7ab46a85dd339b57004  ruby-tcltk-1.6.8-9.EL3.3.i386.rpm

x86_64:
8ba124cf1c2c7afb3ad723a20b7d5c0d  irb-1.6.8-9.EL3.3.x86_64.rpm
08fbcb3dbbcc4f6007ff5bb553101e3a  ruby-1.6.8-9.EL3.3.x86_64.rpm
f919fb4d57ac9007db765d15169bb448  ruby-devel-1.6.8-9.EL3.3.x86_64.rpm
9c878a656d96677a21eaeffc98445862  ruby-docs-1.6.8-9.EL3.3.x86_64.rpm
f1b99550c731bb413f8f22bf2af6da95  ruby-libs-1.6.8-9.EL3.3.x86_64.rpm
4900c7792a3c986a8cfcb1ea78ce6045  ruby-mode-1.6.8-9.EL3.3.x86_64.rpm
81255d577d75df37f37461811121aa0e  ruby-tcltk-1.6.8-9.EL3.3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ruby-1.6.8-9.EL3.3.src.rpm
2f01d4591ff0fc041a544a7903b1808d  ruby-1.6.8-9.EL3.3.src.rpm

i386:
f408badb2510f463b5c7872e69a90efc  irb-1.6.8-9.EL3.3.i386.rpm
28689571cc04893ae54659d3bd50600f  ruby-1.6.8-9.EL3.3.i386.rpm
6f58c9789a0215e620b07761864d49e1  ruby-devel-1.6.8-9.EL3.3.i386.rpm
f2989414a97a41d85efa0386cfd6e63d  ruby-docs-1.6.8-9.EL3.3.i386.rpm
645e9618992229a97d7e1de2dbb5c691  ruby-libs-1.6.8-9.EL3.3.i386.rpm
f39588cdce470d68cf022ef3d4b7c17d  ruby-mode-1.6.8-9.EL3.3.i386.rpm
58f1aaa85a9bb7ab46a85dd339b57004  ruby-tcltk-1.6.8-9.EL3.3.i386.rpm

ia64:
c592891960b9b93d210b6a83811c847f  irb-1.6.8-9.EL3.3.ia64.rpm
7ac0fee7db9ee459261c63e93546983e  ruby-1.6.8-9.EL3.3.ia64.rpm
33cfff0cc59df6f4bb99c6f10f7cfe42  ruby-devel-1.6.8-9.EL3.3.ia64.rpm
9646d7fac418cec6cbe503f80d61c0c4  ruby-docs-1.6.8-9.EL3.3.ia64.rpm
ac7060784a405a2f2d32c400f20981a9  ruby-libs-1.6.8-9.EL3.3.ia64.rpm
76f778eddc74e655d417cae54b6911ed  ruby-mode-1.6.8-9.EL3.3.ia64.rpm
3a61c755364d2c2fc40235ca174c4109  ruby-tcltk-1.6.8-9.EL3.3.ia64.rpm

x86_64:
8ba124cf1c2c7afb3ad723a20b7d5c0d  irb-1.6.8-9.EL3.3.x86_64.rpm
08fbcb3dbbcc4f6007ff5bb553101e3a  ruby-1.6.8-9.EL3.3.x86_64.rpm
f919fb4d57ac9007db765d15169bb448  ruby-devel-1.6.8-9.EL3.3.x86_64.rpm
9c878a656d96677a21eaeffc98445862  ruby-docs-1.6.8-9.EL3.3.x86_64.rpm
f1b99550c731bb413f8f22bf2af6da95  ruby-libs-1.6.8-9.EL3.3.x86_64.rpm
4900c7792a3c986a8cfcb1ea78ce6045  ruby-mode-1.6.8-9.EL3.3.x86_64.rpm
81255d577d75df37f37461811121aa0e  ruby-tcltk-1.6.8-9.EL3.3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ruby-1.6.8-9.EL3.3.src.rpm
2f01d4591ff0fc041a544a7903b1808d  ruby-1.6.8-9.EL3.3.src.rpm

i386:
f408badb2510f463b5c7872e69a90efc  irb-1.6.8-9.EL3.3.i386.rpm
28689571cc04893ae54659d3bd50600f  ruby-1.6.8-9.EL3.3.i386.rpm
6f58c9789a0215e620b07761864d49e1  ruby-devel-1.6.8-9.EL3.3.i386.rpm
f2989414a97a41d85efa0386cfd6e63d  ruby-docs-1.6.8-9.EL3.3.i386.rpm
645e9618992229a97d7e1de2dbb5c691  ruby-libs-1.6.8-9.EL3.3.i386.rpm
f39588cdce470d68cf022ef3d4b7c17d  ruby-mode-1.6.8-9.EL3.3.i386.rpm
58f1aaa85a9bb7ab46a85dd339b57004  ruby-tcltk-1.6.8-9.EL3.3.i386.rpm

ia64:
c592891960b9b93d210b6a83811c847f  irb-1.6.8-9.EL3.3.ia64.rpm
7ac0fee7db9ee459261c63e93546983e  ruby-1.6.8-9.EL3.3.ia64.rpm
33cfff0cc59df6f4bb99c6f10f7cfe42  ruby-devel-1.6.8-9.EL3.3.ia64.rpm
9646d7fac418cec6cbe503f80d61c0c4  ruby-docs-1.6.8-9.EL3.3.ia64.rpm
ac7060784a405a2f2d32c400f20981a9  ruby-libs-1.6.8-9.EL3.3.ia64.rpm
76f778eddc74e655d417cae54b6911ed  ruby-mode-1.6.8-9.EL3.3.ia64.rpm
3a61c755364d2c2fc40235ca174c4109  ruby-tcltk-1.6.8-9.EL3.3.ia64.rpm

x86_64:
8ba124cf1c2c7afb3ad723a20b7d5c0d  irb-1.6.8-9.EL3.3.x86_64.rpm
08fbcb3dbbcc4f6007ff5bb553101e3a  ruby-1.6.8-9.EL3.3.x86_64.rpm
f919fb4d57ac9007db765d15169bb448  ruby-devel-1.6.8-9.EL3.3.x86_64.rpm
9c878a656d96677a21eaeffc98445862  ruby-docs-1.6.8-9.EL3.3.x86_64.rpm
f1b99550c731bb413f8f22bf2af6da95  ruby-libs-1.6.8-9.EL3.3.x86_64.rpm
4900c7792a3c986a8cfcb1ea78ce6045  ruby-mode-1.6.8-9.EL3.3.x86_64.rpm
81255d577d75df37f37461811121aa0e  ruby-tcltk-1.6.8-9.EL3.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0983

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBveYgXlSAg2UNWIIRAqF+AKCc0RlQmBtxOQrsx6h+1YUvCeC3qQCfVlRw
0jSyrFr0i0XTnpYW2VFCQdc=
=qiyt
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon Dec 13 19:36:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 13 Dec 2004 14:36 -0500
Subject: [RHSA-2004:536-01] Updated ncompress package fixes security issue
	and bug.
Message-ID: <200412131936.iBDJala07927@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated ncompress package fixes security issue and bug.
Advisory ID:       RHSA-2004:536-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-536.html
Issue date:        2004-12-13
Updated on:        2004-12-13
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2001-1413
- ---------------------------------------------------------------------

1. Summary:

An updated ncompress package that fixes a buffer overflow and problem in
the handling of files larger than 2 GB is now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

The ncompress package contains the compress and uncompress file compression
and decompression utilities, which are compatible with the original UNIX
compress utility (.Z file extensions).

A bug in the way ncompress handles long filenames has been discovered. 
ncompress versions 4.2.4 and earlier contain a stack based buffer overflow
when handling very long filenames.  It is possible that an attacker could
execute arbitrary code on a victims machine by tricking the user into
decompressing a carefully crafted filename.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2001-1413 to
this issue.

This updated ncompress package also fixes a problem in the handling of
files larger than 2 GB.

All users of ncompress should upgrade to this updated package, which
contains fixes for these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

126776 - [RHEL2.1] compress does not work if the file size is greater than 2GB
136661 - CAN-2001-1413 Stack-based buffer overflow in the comprexx function

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ncompress-4.2.4-37.src.rpm
514bcc89bdd8d5a71fc5d01ce2f2ac61  ncompress-4.2.4-37.src.rpm

i386:
b3cd3462d6a09d8d7d14c4e7b2744923  ncompress-4.2.4-37.i386.rpm

ia64:
36338acd3f00f119ed4b50fe2c67663d  ncompress-4.2.4-37.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ncompress-4.2.4-37.src.rpm
514bcc89bdd8d5a71fc5d01ce2f2ac61  ncompress-4.2.4-37.src.rpm

ia64:
36338acd3f00f119ed4b50fe2c67663d  ncompress-4.2.4-37.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ncompress-4.2.4-37.src.rpm
514bcc89bdd8d5a71fc5d01ce2f2ac61  ncompress-4.2.4-37.src.rpm

i386:
b3cd3462d6a09d8d7d14c4e7b2744923  ncompress-4.2.4-37.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ncompress-4.2.4-37.src.rpm
514bcc89bdd8d5a71fc5d01ce2f2ac61  ncompress-4.2.4-37.src.rpm

i386:
b3cd3462d6a09d8d7d14c4e7b2744923  ncompress-4.2.4-37.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://www.kb.cert.org/vuls/id/176363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1413

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBve9LXlSAg2UNWIIRAjTvAJ4jkOcSKA97x6QmELt2npgNnn7OngCfbCvB
/dwDYUQ9skpi2ucNZEN7CCk=
=OFNx
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon Dec 13 19:37:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 13 Dec 2004 14:37 -0500
Subject: [RHSA-2004:600-01] Updated apache and mod_ssl packages fix security
	vulnerabilities
Message-ID: <200412131937.iBDJbIa07962@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated apache and mod_ssl packages fix security vulnerabilities
Advisory ID:       RHSA-2004:600-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-600.html
Issue date:        2004-12-13
Updated on:        2004-12-13
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0885 CAN-2004-0940 CAN-2003-0987
- ---------------------------------------------------------------------

1. Summary:

Updated apache and mod_ssl packages that fix various minor security issues
and bugs in the Apache Web server are now available for Red Hat Enterprise
Linux 2.1.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

The Apache HTTP Server is a powerful, full-featured, efficient, and
freely-available Web server.  The mod_ssl module provides strong
cryptography for the Apache Web server via the Secure Sockets Layer (SSL)
and Transport Layer Security (TLS) protocols.

A buffer overflow was discovered in the mod_include module.  This flaw
could allow a local user who is authorized to create server-side include
(SSI) files to gain the privileges of a httpd child (user 'apache').  The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0940 to this issue.

The mod_digest module does not properly verify the nonce of a client
response by using a AuthNonce secret. This could allow a malicious user who
is able to sniff network traffic to conduct a replay attack against a
website using Digest protection. Note that mod_digest implements an older
version of the MD5 Digest Authentication specification, which is known not
to work with modern browsers. This issue does not affect mod_auth_digest. 
(CAN-2003-0987).

An issue has been discovered in the mod_ssl module when configured to use
the "SSLCipherSuite" directive in a directory or location context. If a
particular location context has been configured to require a specific set
of cipher suites, then a client is able to access that location using
any cipher suite allowed by the virtual host configuration.  (CAN-2004-0885). 

Several bugs in mod_ssl were also discovered, including:

- - memory leaks in SSL variable handling

- - possible crashes in the dbm and shmht session caches

Red Hat Enterprise Linux 2.1 users of the Apache HTTP Server should upgrade
to these erratum packages, which contains Apache version 1.3.27 with
backported patches correcting these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

131360 - RHEL 2.1 mod_ssl missing shmht fixes
134826 - CAN-2004-0885 SSLCipherSuite bypass
137417 - CAN-2004-0940 mod_include local escalation
137419 - CAN-2003-0987 mod_digest nonce checking flaw

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/apache-1.3.27-9.ent.src.rpm
5e3bb05b7fd122692c703411a5d17ab9  apache-1.3.27-9.ent.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mod_ssl-2.8.12-7.src.rpm
bbbc409c5a12a379f48ce0ebb85e2f01  mod_ssl-2.8.12-7.src.rpm

i386:
66d324070e1da4bd12d85ae3dec757c6  apache-1.3.27-9.ent.i386.rpm
b18ee6322e54c318ea8dadbd2e9daf5a  apache-devel-1.3.27-9.ent.i386.rpm
9870a429161d6e023ed6cbf15d63d37c  apache-manual-1.3.27-9.ent.i386.rpm
0f4fd06fa3a1e53ed59462514a4e9756  mod_ssl-2.8.12-7.i386.rpm

ia64:
5605186178e4162ebc88f9b1f44481ab  apache-1.3.27-9.ent.ia64.rpm
63bf0814fca717f6c47ee9cc24cc6e75  apache-devel-1.3.27-9.ent.ia64.rpm
3b537044378bc27844281897cb4b764d  apache-manual-1.3.27-9.ent.ia64.rpm
aa9a679d0ababfedc0e3916eae197be2  mod_ssl-2.8.12-7.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/apache-1.3.27-9.ent.src.rpm
5e3bb05b7fd122692c703411a5d17ab9  apache-1.3.27-9.ent.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mod_ssl-2.8.12-7.src.rpm
bbbc409c5a12a379f48ce0ebb85e2f01  mod_ssl-2.8.12-7.src.rpm

ia64:
5605186178e4162ebc88f9b1f44481ab  apache-1.3.27-9.ent.ia64.rpm
63bf0814fca717f6c47ee9cc24cc6e75  apache-devel-1.3.27-9.ent.ia64.rpm
3b537044378bc27844281897cb4b764d  apache-manual-1.3.27-9.ent.ia64.rpm
aa9a679d0ababfedc0e3916eae197be2  mod_ssl-2.8.12-7.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/apache-1.3.27-9.ent.src.rpm
5e3bb05b7fd122692c703411a5d17ab9  apache-1.3.27-9.ent.src.rpm
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mod_ssl-2.8.12-7.src.rpm
bbbc409c5a12a379f48ce0ebb85e2f01  mod_ssl-2.8.12-7.src.rpm

i386:
66d324070e1da4bd12d85ae3dec757c6  apache-1.3.27-9.ent.i386.rpm
b18ee6322e54c318ea8dadbd2e9daf5a  apache-devel-1.3.27-9.ent.i386.rpm
9870a429161d6e023ed6cbf15d63d37c  apache-manual-1.3.27-9.ent.i386.rpm
0f4fd06fa3a1e53ed59462514a4e9756  mod_ssl-2.8.12-7.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/apache-1.3.27-9.ent.src.rpm
5e3bb05b7fd122692c703411a5d17ab9  apache-1.3.27-9.ent.src.rpm
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mod_ssl-2.8.12-7.src.rpm
bbbc409c5a12a379f48ce0ebb85e2f01  mod_ssl-2.8.12-7.src.rpm

i386:
66d324070e1da4bd12d85ae3dec757c6  apache-1.3.27-9.ent.i386.rpm
b18ee6322e54c318ea8dadbd2e9daf5a  apache-devel-1.3.27-9.ent.i386.rpm
9870a429161d6e023ed6cbf15d63d37c  apache-manual-1.3.27-9.ent.i386.rpm
0f4fd06fa3a1e53ed59462514a4e9756  mod_ssl-2.8.12-7.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0987

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBve9oXlSAg2UNWIIRAvMBAJ9965t+XKWwSyhtPdJohGNIw/cDrgCdEaOp
9EMF09cQ1CkiQ/jh3R1EclI=
=494G
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon Dec 13 20:08:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 13 Dec 2004 15:08 -0500
Subject: [RHSA-2004:505-01] Updated kernel packages fix security
	vulnerability
Message-ID: <200412132008.iBDK8Ka09924@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated kernel packages fix security vulnerability
Advisory ID:       RHSA-2004:505-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-505.html
Issue date:        2004-12-13
Updated on:        2004-12-13
Product:           Red Hat Enterprise Linux
Keywords:          kernel update
Obsoletes:         RHSA-2004:044
CVE Names:         CAN-2004-0177 CAN-2004-0685 CAN-2004-0883 CAN-2004-0949 CAN-2004-1068 CAN-2004-1070 CAN-2004-1071 CAN-2004-1072 CAN-2004-1073
- ---------------------------------------------------------------------

1. Summary:

Updated kernel packages are now available as part of ongoing
support and maintenance of Red Hat Enterprise Linux version
2.1. This is the sixth regular update.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - athlon, i386, i686
Red Hat Enterprise Linux ES version 2.1 - athlon, i386, i686
Red Hat Enterprise Linux WS version 2.1 - athlon, i386, i686

3. Problem description:

The Linux kernel handles the basic functions of the operating
system.

This is the sixth regular kernel update to Red Hat Enterprise Linux version
2.1. It updates a number of device drivers, and adds much improved SATA
support.

This update includes fixes for several security issues:

Paul Starzetz of iSEC discovered various flaws in the ELF binary
loader affecting kernels prior to 2.4.28. A local user could use these
flaws to gain read access to executable-only binaries or possibly gain
privileges. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CAN-2004-1070, CAN-2004-1071,
CAN-2004-1072, and CAN-2004-1073 to these issues.

A missing serialization flaw in unix_dgram_recvmsg was discovered that
affects kernels prior to 2.4.28. A local user could potentially make
use of a race condition in order to gain privileges. (CAN-2004-1068)

Stefan Esser discovered various flaws including buffer overflows in
the smbfs driver affecting kernels before 2.4.28. A local user may be
able to cause a denial of service (crash) or possibly gain privileges.
In order to exploit these flaws the user would need to have control of
a connected smb server. (CAN-2004-0883, CAN-2004-0949)

Conectiva discovered flaws in certain USB drivers affecting kernels
before 2.4.27 which used the copy_to_user function on uninitialized
structures. These flaws could allow local users to read small
amounts of kernel memory. (CAN-2004-0685)

The ext3 code in kernels before 2.4.26 did not properly initialize journal
descriptor blocks. A privileged local user could read portions of kernel
memory. (CAN-2004-0177)

The following drivers have also been updated:

* tg3 v3.10
* e1000 v5.3.19-k2
* e100 v3.0.27-k2
* megaraid 
* megaraid2 v2.10.8.2

All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels
to the packages associated with their machine architectures and
configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate.  The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

132078 - RHEL2.1: Update Megaraid driver from 1.18a to 1.18k
112223 - RHEL 2.1 U6:  update kudzu megaraid entries to megaraid2, leaving megaraid as the deprecated driver, available but no longer the default.
113901 - RHEL 2.1 U6:  Update pcitable in the initrd.img to load megaraid2 for PERC4 cards as listed below.
75090 - [PATCH] autodetect the megaraid driver for the PERC4 RAID card
128813 - RHEL2.1 U6: cciss Driver Refresh
122776 - RHEL 2.1 U6 - BCM 5721 support in tg3 (x86, x86_64, & IPF)
130700 - RHEL 2.1 U6 x86 and IPF):  Refresh e1000 driver (v 5.3.19)
130702 - RHEL 2.1 U6 (x86 and IPF):  Refresh e100 driver (v 3.0.27)
128860 - [RHEL2.1][PATCH] Bug from xprt_create_proto of e34
129359 - [RHEL2.1][RHEL3] uncorrectable ECC memory errors do NOT halt the system
125547 - Oops when writing to /proc/scsi/scsi
126317 - [RHEL2.1] Wrong LUN size reported in \'pretty\' format
111219 - VMWare GSX Server - KERNEL PANIC
99025 - kernel: ENOMEM in journal_alloc_journal_head, retrying Dell 6650
131120 - [RHEL2.1][PATCH][RFE] /proc/cpuinfo physical id
131534 - e1000 driver not ethtool aware...
131493 - [RHEL2.1] SCSI midlayer race on scsi_devicelist
133383 - [RHEL2.1] Race with locks in add_gendisk/get_gendisk.
134802 - keyboard.c : Can't emulate raw mode for keycode 272
130926 - [PATCH] read() sometimes crashes in the second pthread_set_canceltype call
137167 - additional symbol exports needed for aio
87734 - bad pte message in boot.log
132609 - RHEL2.1 U6: Vendor/board name of Broadcom BCM5704 is not shown in /proc/pci
137446 - ioctl on HP Smart Array 532 failure
138042 - Add sparse LUN support for IBM ESS Model 2105 and 2145
138443 - Wrong Chaparral FR1422 identifier JSS224 instead of JFS224
127916 - CAN-2004-0136 Verify interpreter  (ipf)
134875 - CAN-2004-1070 binfmt_elf loader vulnerabilities (CAN-2004-1071 CAN-2004-1072 CAN-2004-1073)
140711 - CAN-2004-1068 Missing serialisation in unix_dgram_recvmsg
134721 - CAN-2004-0883 smbfs potential DOS (CAN-2004-0949)
127919 - CAN-2004-0685 usb sparse fixes in 2.4
121033 - CAN-2004-0177 ext3 infoleak

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kernel-2.4.9-e.57.src.rpm
3b8fe1d713c7d0292aa91920817fc1d4  kernel-2.4.9-e.57.src.rpm

athlon:
774ca4f6c93f8f8d068f226514c67c32  kernel-2.4.9-e.57.athlon.rpm
1cfb20abe116a544e50438205c26bb8a  kernel-smp-2.4.9-e.57.athlon.rpm

i386:
155e4c678449eb5beddd0b5679159297  kernel-BOOT-2.4.9-e.57.i386.rpm
96d97ad0758d257e74cd5d23d9f4eef7  kernel-doc-2.4.9-e.57.i386.rpm
1ef0191092b2db726cc07b229580cc81  kernel-headers-2.4.9-e.57.i386.rpm
a11d632c0e8c3018e38aa08e057d2b45  kernel-source-2.4.9-e.57.i386.rpm

i686:
beefa59a92ea530f6b6a4d406c6e43a0  kernel-2.4.9-e.57.i686.rpm
4576442470b48fbc232b71fc5b6f226c  kernel-debug-2.4.9-e.57.i686.rpm
93abdd62c05397609b7c074a69f3bf58  kernel-enterprise-2.4.9-e.57.i686.rpm
6d8c88b86917c3a6fa87e96a393b2441  kernel-smp-2.4.9-e.57.i686.rpm
61e69937daaf0087a2d8e8e964599647  kernel-summit-2.4.9-e.57.i686.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kernel-2.4.9-e.57.src.rpm
3b8fe1d713c7d0292aa91920817fc1d4  kernel-2.4.9-e.57.src.rpm

athlon:
774ca4f6c93f8f8d068f226514c67c32  kernel-2.4.9-e.57.athlon.rpm
1cfb20abe116a544e50438205c26bb8a  kernel-smp-2.4.9-e.57.athlon.rpm

i386:
155e4c678449eb5beddd0b5679159297  kernel-BOOT-2.4.9-e.57.i386.rpm
96d97ad0758d257e74cd5d23d9f4eef7  kernel-doc-2.4.9-e.57.i386.rpm
1ef0191092b2db726cc07b229580cc81  kernel-headers-2.4.9-e.57.i386.rpm
a11d632c0e8c3018e38aa08e057d2b45  kernel-source-2.4.9-e.57.i386.rpm

i686:
beefa59a92ea530f6b6a4d406c6e43a0  kernel-2.4.9-e.57.i686.rpm
4576442470b48fbc232b71fc5b6f226c  kernel-debug-2.4.9-e.57.i686.rpm
6d8c88b86917c3a6fa87e96a393b2441  kernel-smp-2.4.9-e.57.i686.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kernel-2.4.9-e.57.src.rpm
3b8fe1d713c7d0292aa91920817fc1d4  kernel-2.4.9-e.57.src.rpm

athlon:
774ca4f6c93f8f8d068f226514c67c32  kernel-2.4.9-e.57.athlon.rpm
1cfb20abe116a544e50438205c26bb8a  kernel-smp-2.4.9-e.57.athlon.rpm

i386:
155e4c678449eb5beddd0b5679159297  kernel-BOOT-2.4.9-e.57.i386.rpm
96d97ad0758d257e74cd5d23d9f4eef7  kernel-doc-2.4.9-e.57.i386.rpm
1ef0191092b2db726cc07b229580cc81  kernel-headers-2.4.9-e.57.i386.rpm
a11d632c0e8c3018e38aa08e057d2b45  kernel-source-2.4.9-e.57.i386.rpm

i686:
beefa59a92ea530f6b6a4d406c6e43a0  kernel-2.4.9-e.57.i686.rpm
4576442470b48fbc232b71fc5b6f226c  kernel-debug-2.4.9-e.57.i686.rpm
93abdd62c05397609b7c074a69f3bf58  kernel-enterprise-2.4.9-e.57.i686.rpm
6d8c88b86917c3a6fa87e96a393b2441  kernel-smp-2.4.9-e.57.i686.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1073

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBvfapXlSAg2UNWIIRAvRvAJ0amQ/FfIvl44+kIHICYe+7nlC6nQCfd9aa
uqamCKZ8M2T1a7kwrXuINCQ=
=3x5h
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon Dec 13 20:17:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 13 Dec 2004 15:17 -0500
Subject: [RHSA-2004:504-01] Updated Itanium kernel packages resolve security
	issues
Message-ID: <200412132017.iBDKHba10529@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated Itanium kernel packages resolve security issues
Advisory ID:       RHSA-2004:504-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-504.html
Issue date:        2004-12-13
Updated on:        2004-12-13
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0177 CAN-2004-0181 CAN-2004-0136 CAN-2004-0565 CAN-2004-0685 CAN-2004-0883 CAN-2004-0949 CAN-2004-1068 CAN-2004-1070 CAN-2004-1071 CAN-2004-1072 CAN-2004-1073
- ---------------------------------------------------------------------

1. Summary:

Updated Itanium kernel packages are now available as part of ongoing
support and maintenance of Red Hat Enterprise Linux version 2.1. This is
the sixth regular update.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - ia64
Red Hat Linux Advanced Workstation 2.1 - ia64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

This is the sixth regular Itanium kernel update to Red Hat Enterprise Linux
version 2.1. This kernel updates several important drivers and fixes a
number of bugs.

This update includes fixes for several security issues:

Paul Starzetz of iSEC discovered various flaws in the ELF binary
loader affecting kernels prior to 2.4.28. A local user could use these
flaws to gain read access to executable-only binaries or possibly gain
privileges.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CAN-2004-1070, CAN-2004-1071,
CAN-2004-1072, and CAN-2004-1073 to these issues.

A missing serialization flaw in unix_dgram_recvmsg was discovered that
affects kernels prior to 2.4.28. A local user could potentially make
use of a race condition in order to gain privileges. (CAN-2004-1068)

SGI discovered a bug in the elf loader that affects kernels before
2.4.25 which could be triggered by a malformed binary. On
architectures other than x86, a local user could create a malicious
binary which could cause a denial of service (crash). (CAN-2004-0136)

Stefan Esser discovered various flaws including buffer overflows in
the smbfs driver affecting kernels before 2.4.28. A local user may be
able to cause a denial of service (crash) or possibly gain privileges.
In order to exploit these flaws the user would need to have control of
a connected smb server. (CAN-2004-0883, CAN-2004-0949)

A floating point information leak was discovered in the ia64 architecture
context switch code in kernels before 2.4.27.  A local user could use this
flaw to read register values of other processes by setting the MFH bit.
(CAN-2004-0565)

Conectiva discovered flaws in certain USB drivers affecting kernels
before 2.4.27 which used the copy_to_user function on uninitialized
structures.  These flaws could allow local users to read small amounts of
kernel memory. (CAN-2004-0685)

The ext3 and jfs code in kernels before 2.4.26 did not properly initialize
journal descriptor blocks.  A privileged local user could read portions of
kernel memory.  (CAN-2004-0177, CAN-2004-0181)

The following drivers have been updated:

* fusion to 2.05.16.16.02
* e1000 to 5.3.19-k2
* e100 to 3.0.27-k2

All Red Hat Enterprise Linux 2.1 users running Itanium are advised to
upgrade their kernels to the packages listed in this erratum.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

130702 - RHEL 2.1 U6 (x86 and IPF):  Refresh e100 driver (v 3.0.27)
130700 - RHEL 2.1 U6 x86 and IPF):  Refresh e1000 driver (v 5.3.19)
127385 - Machines don't boot on LSI22320-R adapters
131392 - RHEL 2.1 U6:  Update LSI mptfusion driver to v2.05.16.02 or greater
124832 - Random stall during boot-up on RHEL 2.1 IPF
129168 - [RHEL2.1 IPF] Securepath & Oracle with RHAS2.1 / Experiencing performance problem
131493 - [RHEL2.1] SCSI midlayer race on scsi_devicelist
132609 - RHEL2.1 U6: Vendor/board name of Broadcom BCM5704 is not shown in /proc/pci
134373 - Need O_LARGEFILE when generating corefiles on ia64.
134802 - keyboard.c : Can't emulate raw mode for keycode 272
135299 - Add support for BLIST_NOSTARTONADD to derry
137446 - ioctl on HP Smart Array 532 failure
138042 - Add sparse LUN support for IBM ESS Model 2105 and 2145
138443 - Wrong Chaparral FR1422 identifier JSS224 instead of JFS224
127916 - CAN-2004-0136 Verify interpreter  (ipf)
134876 - CAN-2004-1070 binfmt_elf loader vulnerabilities (CAN-2004-1071 CAN-2004-1072 CAN-2004-1073)
140712 - CAN-2004-1068 Missing serialisation in unix_dgram_recvmsg (ia64)
134722 - CAN-2004-0883 smbfs potential DOS (CAN-2004-0949)
127920 - CAN-2004-0685 usb sparse fixes in 2.4 (ipf)
126127 - CAN-2004-0565 Information leak on Linux/ia64
121034 - CAN-2004-0177 ext3 infoleak (ipf)
121040 - CAN-2004-0181 jfs infoleak

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kernel-2.4.18-e.52.src.rpm
972767d473106d47003c0679f5247dc7  kernel-2.4.18-e.52.src.rpm

ia64:
c2964fc55400ebea4644ba58dac7c5bd  kernel-2.4.18-e.52.ia64.rpm
15b24ec2a96dda49d9725999c16f3157  kernel-doc-2.4.18-e.52.ia64.rpm
09412dcc7474cfca750b913d1dc15cf5  kernel-smp-2.4.18-e.52.ia64.rpm
d867f9313bac8181f381c2f071e12abc  kernel-source-2.4.18-e.52.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kernel-2.4.18-e.52.src.rpm
972767d473106d47003c0679f5247dc7  kernel-2.4.18-e.52.src.rpm

ia64:
c2964fc55400ebea4644ba58dac7c5bd  kernel-2.4.18-e.52.ia64.rpm
15b24ec2a96dda49d9725999c16f3157  kernel-doc-2.4.18-e.52.ia64.rpm
09412dcc7474cfca750b913d1dc15cf5  kernel-smp-2.4.18-e.52.ia64.rpm
d867f9313bac8181f381c2f071e12abc  kernel-source-2.4.18-e.52.ia64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1073

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBvfjfXlSAg2UNWIIRAvCPAKCxmHjNLte2oa82ks3lQ2svm4qxuQCgptye
Zmtvjr9bXVGfapGdRCxEFHc=
=DJCp
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu Dec 16 21:12:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 16 Dec 2004 16:12 -0500
Subject: [RHSA-2004:634-01] Updated zip package fixes security issue
Message-ID: <200412162112.iBGLCNa15396@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated zip package fixes security issue
Advisory ID:       RHSA-2004:634-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-634.html
Issue date:        2004-12-16
Updated on:        2004-12-16
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-1010
- ---------------------------------------------------------------------

1. Summary:

An updated zip package that fixes a buffer overflow vulnerability is now
available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The zip program is an archiving utility which can create ZIP-compatible
archives.

A buffer overflow bug has been discovered in zip when handling long file
names.  An attacker could create a specially crafted path which could
cause zip to crash or execute arbitrary instructions.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-1010 to this issue.

Users of zip should upgrade to this updated package, which contains
backported patches and is not vulnerable to this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

138228 - CAN-2004-1010 buffer overflow when creating archive containing very long filenames.

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/zip-2.3-10.1.src.rpm
b062c345c3d6c56ed1c042145643c8c8  zip-2.3-10.1.src.rpm

i386:
a06a150a5652173a8309cca26cc3c70f  zip-2.3-10.1.i386.rpm

ia64:
6cab305bdaca789e53e760184050fab9  zip-2.3-10.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/zip-2.3-10.1.src.rpm
b062c345c3d6c56ed1c042145643c8c8  zip-2.3-10.1.src.rpm

ia64:
6cab305bdaca789e53e760184050fab9  zip-2.3-10.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/zip-2.3-10.1.src.rpm
b062c345c3d6c56ed1c042145643c8c8  zip-2.3-10.1.src.rpm

i386:
a06a150a5652173a8309cca26cc3c70f  zip-2.3-10.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/zip-2.3-10.1.src.rpm
b062c345c3d6c56ed1c042145643c8c8  zip-2.3-10.1.src.rpm

i386:
a06a150a5652173a8309cca26cc3c70f  zip-2.3-10.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/zip-2.3-16.1.src.rpm
aa360ac25cf50772fd010cf2d1d91db7  zip-2.3-16.1.src.rpm

i386:
41fec60bfbbca5266e4bbff55f42031a  zip-2.3-16.1.i386.rpm

ia64:
0b8464b40ec9d081dd36ab9d699a4c1c  zip-2.3-16.1.ia64.rpm

ppc:
787ad3673b90f4fcb0d47c815ca984f6  zip-2.3-16.1.ppc.rpm

s390:
97c709a606b3cec173833833b24c704b  zip-2.3-16.1.s390.rpm

s390x:
4d1f10e6b1e4247cb037eb42c8fcc796  zip-2.3-16.1.s390x.rpm

x86_64:
1ed34c119e86a0c739c1c5bb706ffb69  zip-2.3-16.1.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/zip-2.3-16.1.src.rpm
aa360ac25cf50772fd010cf2d1d91db7  zip-2.3-16.1.src.rpm

i386:
41fec60bfbbca5266e4bbff55f42031a  zip-2.3-16.1.i386.rpm

x86_64:
1ed34c119e86a0c739c1c5bb706ffb69  zip-2.3-16.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/zip-2.3-16.1.src.rpm
aa360ac25cf50772fd010cf2d1d91db7  zip-2.3-16.1.src.rpm

i386:
41fec60bfbbca5266e4bbff55f42031a  zip-2.3-16.1.i386.rpm

ia64:
0b8464b40ec9d081dd36ab9d699a4c1c  zip-2.3-16.1.ia64.rpm

x86_64:
1ed34c119e86a0c739c1c5bb706ffb69  zip-2.3-16.1.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/zip-2.3-16.1.src.rpm
aa360ac25cf50772fd010cf2d1d91db7  zip-2.3-16.1.src.rpm

i386:
41fec60bfbbca5266e4bbff55f42031a  zip-2.3-16.1.i386.rpm

ia64:
0b8464b40ec9d081dd36ab9d699a4c1c  zip-2.3-16.1.ia64.rpm

x86_64:
1ed34c119e86a0c739c1c5bb706ffb69  zip-2.3-16.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://lists.netsys.com/pipermail/full-disclosure/2004-November/028379.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1010

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBwfomXlSAg2UNWIIRAmktAJ45cOaDId4VILoYxHocKcIBRhLt+QCfSLte
NjnZ24Skq6//LYtkhifJslA=
=j5+r
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu Dec 16 21:12:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 16 Dec 2004 16:12 -0500
Subject: [RHSA-2004:650-01] Updated libxml package fixes security
	vulnerabilities
Message-ID: <200412162112.iBGLCta15403@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated libxml package fixes security vulnerabilities
Advisory ID:       RHSA-2004:650-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-650.html
Issue date:        2004-12-16
Updated on:        2004-12-16
Product:           Red Hat Enterprise Linux
Cross references:  RHSA_2004:615
CVE Names:         CAN-2004-0110 CAN-2004-0989
- ---------------------------------------------------------------------

1. Summary:

An updated libxml package that fixes multiple buffer overflows is now
available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The libxml package contains a library for manipulating XML files.

Multiple buffer overflow bugs have been found in libxml versions prior to
2.6.14.  If an attacker can trick a user into passing a specially crafted
FTP URL or FTP proxy URL to an application that uses the vulnerable
functions of libxml, it could be possible to execute arbitrary code.  
Additionally, if an attacker can return a specially crafted DNS request to
libxml, it could be possible to execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0989 to this issue.

Yuuichi Teranishi discovered a flaw in libxml versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0110
to this issue.

All users are advised to upgrade to this updated package, which contains
backported patches and is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

139090 - CAN-2004-0110 multiple buffer overflows (CAN-2004-0989)

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libxml-1.8.14-3.src.rpm
8d1802bcdd2a7085e7158a7ca68ab523  libxml-1.8.14-3.src.rpm

i386:
e2ee01c57caf52c62b1ac9a229fc58f0  libxml-1.8.14-3.i386.rpm
fd04239db40f4c2d9de4cf76791c409e  libxml-devel-1.8.14-3.i386.rpm

ia64:
907f1c8f10e96b6c785d4cb5b7f7c399  libxml-1.8.14-3.ia64.rpm
a9ca532078e6b35f2d01584453a3a6fe  libxml-devel-1.8.14-3.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libxml-1.8.14-3.src.rpm
8d1802bcdd2a7085e7158a7ca68ab523  libxml-1.8.14-3.src.rpm

ia64:
907f1c8f10e96b6c785d4cb5b7f7c399  libxml-1.8.14-3.ia64.rpm
a9ca532078e6b35f2d01584453a3a6fe  libxml-devel-1.8.14-3.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libxml-1.8.14-3.src.rpm
8d1802bcdd2a7085e7158a7ca68ab523  libxml-1.8.14-3.src.rpm

i386:
e2ee01c57caf52c62b1ac9a229fc58f0  libxml-1.8.14-3.i386.rpm
fd04239db40f4c2d9de4cf76791c409e  libxml-devel-1.8.14-3.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libxml-1.8.14-3.src.rpm
8d1802bcdd2a7085e7158a7ca68ab523  libxml-1.8.14-3.src.rpm

i386:
e2ee01c57caf52c62b1ac9a229fc58f0  libxml-1.8.14-3.i386.rpm
fd04239db40f4c2d9de4cf76791c409e  libxml-devel-1.8.14-3.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libxml-1.8.17-9.2.src.rpm
0d8ee723cc5bfb46adedf334be96dcbe  libxml-1.8.17-9.2.src.rpm

i386:
1fa0e7d164a4d3d5432732060c67f985  libxml-1.8.17-9.2.i386.rpm
6747de74e075db51e9a40c02ea0905fa  libxml-devel-1.8.17-9.2.i386.rpm

ia64:
6e7730063c22539fb40658cc763a2bd3  libxml-1.8.17-9.2.ia64.rpm
594c3955d725c7aad2c3ad89194d0f4b  libxml-devel-1.8.17-9.2.ia64.rpm

ppc:
e04cb28f14a0381a7d92aa9b57b3b43a  libxml-1.8.17-9.2.ppc.rpm
b52b8e7f667842bbcb319e0c5cb9132e  libxml-devel-1.8.17-9.2.ppc.rpm

s390:
f8cb54901760145e5123832d27bf7334  libxml-1.8.17-9.2.s390.rpm
88ace5024d54b0f7a104bb6310974fd6  libxml-devel-1.8.17-9.2.s390.rpm

s390x:
7d268017ddac87e213b1b9e0d22be27b  libxml-1.8.17-9.2.s390x.rpm
eda80205b0afd05ca6aafce032a1072f  libxml-devel-1.8.17-9.2.s390x.rpm

x86_64:
140e93f6366ba860a6301629bfe71c08  libxml-1.8.17-9.2.x86_64.rpm
c3e4b6e36068b0a2ecfbe75491f2b967  libxml-devel-1.8.17-9.2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libxml-1.8.17-9.2.src.rpm
0d8ee723cc5bfb46adedf334be96dcbe  libxml-1.8.17-9.2.src.rpm

i386:
1fa0e7d164a4d3d5432732060c67f985  libxml-1.8.17-9.2.i386.rpm
6747de74e075db51e9a40c02ea0905fa  libxml-devel-1.8.17-9.2.i386.rpm

x86_64:
140e93f6366ba860a6301629bfe71c08  libxml-1.8.17-9.2.x86_64.rpm
c3e4b6e36068b0a2ecfbe75491f2b967  libxml-devel-1.8.17-9.2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libxml-1.8.17-9.2.src.rpm
0d8ee723cc5bfb46adedf334be96dcbe  libxml-1.8.17-9.2.src.rpm

i386:
1fa0e7d164a4d3d5432732060c67f985  libxml-1.8.17-9.2.i386.rpm
6747de74e075db51e9a40c02ea0905fa  libxml-devel-1.8.17-9.2.i386.rpm

ia64:
6e7730063c22539fb40658cc763a2bd3  libxml-1.8.17-9.2.ia64.rpm
594c3955d725c7aad2c3ad89194d0f4b  libxml-devel-1.8.17-9.2.ia64.rpm

x86_64:
140e93f6366ba860a6301629bfe71c08  libxml-1.8.17-9.2.x86_64.rpm
c3e4b6e36068b0a2ecfbe75491f2b967  libxml-devel-1.8.17-9.2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libxml-1.8.17-9.2.src.rpm
0d8ee723cc5bfb46adedf334be96dcbe  libxml-1.8.17-9.2.src.rpm

i386:
1fa0e7d164a4d3d5432732060c67f985  libxml-1.8.17-9.2.i386.rpm
6747de74e075db51e9a40c02ea0905fa  libxml-devel-1.8.17-9.2.i386.rpm

ia64:
6e7730063c22539fb40658cc763a2bd3  libxml-1.8.17-9.2.ia64.rpm
594c3955d725c7aad2c3ad89194d0f4b  libxml-devel-1.8.17-9.2.ia64.rpm

x86_64:
140e93f6366ba860a6301629bfe71c08  libxml-1.8.17-9.2.x86_64.rpm
c3e4b6e36068b0a2ecfbe75491f2b967  libxml-devel-1.8.17-9.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0989

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBwfpGXlSAg2UNWIIRApDgAJ9A+7X5YcenLDOxMlBZcdPTSN2KfwCeN/63
TDNtr4LnSXtxLN8hcqXmjKY=
=B9q/
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu Dec 16 21:13:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 16 Dec 2004 16:13 -0500
Subject: [RHSA-2004:670-01] Updated samba packages fix security issue
Message-ID: <200412162113.iBGLDMa15436@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated samba packages fix security issue
Advisory ID:       RHSA-2004:670-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-670.html
Issue date:        2004-12-16
Updated on:        2004-12-16
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-1154
- ---------------------------------------------------------------------

1. Summary:

Updated samba packages that fix an integer overflow vulnerability are now
available for Red Hat Enterprise Linux 3.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Samba provides file and printer sharing services to SMB/CIFS clients.

Greg MacManus of iDEFENSE Labs has discovered an integer overflow bug in
Samba versions prior to 3.0.10.  An authenticated remote user could exploit
this bug which may lead to arbitrary code execution on the Samba server. 
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1154 to this issue.

Users of Samba should upgrade to these updated packages, which contain
backported security patches, and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

142472 - CAN-2004-1154 Samba authenticated remote root

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/samba-3.0.9-1.3E.1.src.rpm
ae50e78fa90f404c8d9dad1746946ab9  samba-3.0.9-1.3E.1.src.rpm

i386:
cd169c44ab8d232dd11bf082a7325d53  samba-3.0.9-1.3E.1.i386.rpm
4a0b50c0c4264563258c5723d5194ef5  samba-client-3.0.9-1.3E.1.i386.rpm
312410d480a450c332af18fa66d04caa  samba-common-3.0.9-1.3E.1.i386.rpm
4130a07354c51c6c4875e5fd4a1ca6c2  samba-swat-3.0.9-1.3E.1.i386.rpm

ia64:
ba52218771269f05f847b356b680c161  samba-3.0.9-1.3E.1.ia64.rpm
cd169c44ab8d232dd11bf082a7325d53  samba-3.0.9-1.3E.1.i386.rpm
c4922543608a85a4309317953d4dbcd2  samba-client-3.0.9-1.3E.1.ia64.rpm
d5c60527db39738029bbe66cf4cec5e9  samba-common-3.0.9-1.3E.1.ia64.rpm
312410d480a450c332af18fa66d04caa  samba-common-3.0.9-1.3E.1.i386.rpm
2551b11025a2f53a4d508396b2a41bca  samba-swat-3.0.9-1.3E.1.ia64.rpm

ppc:
9e0dee0285ce2f0c5507077822e4b015  samba-3.0.9-1.3E.1.ppc.rpm
1fac768c276051dd5c6ca60ee70e1f83  samba-client-3.0.9-1.3E.1.ppc.rpm
447ee04a97a37e31c643cef0ab180bf4  samba-common-3.0.9-1.3E.1.ppc.rpm
547c2cb1de65b215e33580b4871c7ed1  samba-swat-3.0.9-1.3E.1.ppc.rpm

ppc64:
626a0c8698663dc1fe812402d1874b20  samba-3.0.9-1.3E.1.ppc64.rpm
5513a43f98a2797258ce4fa4f79fcb86  samba-common-3.0.9-1.3E.1.ppc64.rpm

s390:
5b373fb4b5da288f03b37fb75870860f  samba-3.0.9-1.3E.1.s390.rpm
7cae2416579a1efafaf4baa127ae65e6  samba-client-3.0.9-1.3E.1.s390.rpm
53205bbd529cb24297cac89728c38ec0  samba-common-3.0.9-1.3E.1.s390.rpm
ad2b7ea7cacedf8b3a0779ef92dc07d2  samba-swat-3.0.9-1.3E.1.s390.rpm

s390x:
3436beed69976e53992340a1ecf34398  samba-3.0.9-1.3E.1.s390x.rpm
5b373fb4b5da288f03b37fb75870860f  samba-3.0.9-1.3E.1.s390.rpm
62453debe0428f1e78b61e466d124db5  samba-client-3.0.9-1.3E.1.s390x.rpm
f0dbce9da2cd7d41b6366dde862659fa  samba-common-3.0.9-1.3E.1.s390x.rpm
53205bbd529cb24297cac89728c38ec0  samba-common-3.0.9-1.3E.1.s390.rpm
ac6874146494829a7ca3349f1e237ee5  samba-swat-3.0.9-1.3E.1.s390x.rpm

x86_64:
c6b9d4e23808e90eeeda7335e6b59752  samba-3.0.9-1.3E.1.x86_64.rpm
cd169c44ab8d232dd11bf082a7325d53  samba-3.0.9-1.3E.1.i386.rpm
c308f8c72d17d4283e0c7dae9e76ba35  samba-client-3.0.9-1.3E.1.x86_64.rpm
5f4314c703118a2afa161fc2988495eb  samba-common-3.0.9-1.3E.1.x86_64.rpm
312410d480a450c332af18fa66d04caa  samba-common-3.0.9-1.3E.1.i386.rpm
8d12d3b1fdac910e25c05a72cbc3b237  samba-swat-3.0.9-1.3E.1.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/samba-3.0.9-1.3E.1.src.rpm
ae50e78fa90f404c8d9dad1746946ab9  samba-3.0.9-1.3E.1.src.rpm

i386:
cd169c44ab8d232dd11bf082a7325d53  samba-3.0.9-1.3E.1.i386.rpm
4a0b50c0c4264563258c5723d5194ef5  samba-client-3.0.9-1.3E.1.i386.rpm
312410d480a450c332af18fa66d04caa  samba-common-3.0.9-1.3E.1.i386.rpm
4130a07354c51c6c4875e5fd4a1ca6c2  samba-swat-3.0.9-1.3E.1.i386.rpm

x86_64:
c6b9d4e23808e90eeeda7335e6b59752  samba-3.0.9-1.3E.1.x86_64.rpm
cd169c44ab8d232dd11bf082a7325d53  samba-3.0.9-1.3E.1.i386.rpm
c308f8c72d17d4283e0c7dae9e76ba35  samba-client-3.0.9-1.3E.1.x86_64.rpm
5f4314c703118a2afa161fc2988495eb  samba-common-3.0.9-1.3E.1.x86_64.rpm
312410d480a450c332af18fa66d04caa  samba-common-3.0.9-1.3E.1.i386.rpm
8d12d3b1fdac910e25c05a72cbc3b237  samba-swat-3.0.9-1.3E.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/samba-3.0.9-1.3E.1.src.rpm
ae50e78fa90f404c8d9dad1746946ab9  samba-3.0.9-1.3E.1.src.rpm

i386:
cd169c44ab8d232dd11bf082a7325d53  samba-3.0.9-1.3E.1.i386.rpm
4a0b50c0c4264563258c5723d5194ef5  samba-client-3.0.9-1.3E.1.i386.rpm
312410d480a450c332af18fa66d04caa  samba-common-3.0.9-1.3E.1.i386.rpm
4130a07354c51c6c4875e5fd4a1ca6c2  samba-swat-3.0.9-1.3E.1.i386.rpm

ia64:
ba52218771269f05f847b356b680c161  samba-3.0.9-1.3E.1.ia64.rpm
cd169c44ab8d232dd11bf082a7325d53  samba-3.0.9-1.3E.1.i386.rpm
c4922543608a85a4309317953d4dbcd2  samba-client-3.0.9-1.3E.1.ia64.rpm
d5c60527db39738029bbe66cf4cec5e9  samba-common-3.0.9-1.3E.1.ia64.rpm
312410d480a450c332af18fa66d04caa  samba-common-3.0.9-1.3E.1.i386.rpm
2551b11025a2f53a4d508396b2a41bca  samba-swat-3.0.9-1.3E.1.ia64.rpm

x86_64:
c6b9d4e23808e90eeeda7335e6b59752  samba-3.0.9-1.3E.1.x86_64.rpm
cd169c44ab8d232dd11bf082a7325d53  samba-3.0.9-1.3E.1.i386.rpm
c308f8c72d17d4283e0c7dae9e76ba35  samba-client-3.0.9-1.3E.1.x86_64.rpm
5f4314c703118a2afa161fc2988495eb  samba-common-3.0.9-1.3E.1.x86_64.rpm
312410d480a450c332af18fa66d04caa  samba-common-3.0.9-1.3E.1.i386.rpm
8d12d3b1fdac910e25c05a72cbc3b237  samba-swat-3.0.9-1.3E.1.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/samba-3.0.9-1.3E.1.src.rpm
ae50e78fa90f404c8d9dad1746946ab9  samba-3.0.9-1.3E.1.src.rpm

i386:
cd169c44ab8d232dd11bf082a7325d53  samba-3.0.9-1.3E.1.i386.rpm
4a0b50c0c4264563258c5723d5194ef5  samba-client-3.0.9-1.3E.1.i386.rpm
312410d480a450c332af18fa66d04caa  samba-common-3.0.9-1.3E.1.i386.rpm
4130a07354c51c6c4875e5fd4a1ca6c2  samba-swat-3.0.9-1.3E.1.i386.rpm

ia64:
ba52218771269f05f847b356b680c161  samba-3.0.9-1.3E.1.ia64.rpm
cd169c44ab8d232dd11bf082a7325d53  samba-3.0.9-1.3E.1.i386.rpm
c4922543608a85a4309317953d4dbcd2  samba-client-3.0.9-1.3E.1.ia64.rpm
d5c60527db39738029bbe66cf4cec5e9  samba-common-3.0.9-1.3E.1.ia64.rpm
312410d480a450c332af18fa66d04caa  samba-common-3.0.9-1.3E.1.i386.rpm
2551b11025a2f53a4d508396b2a41bca  samba-swat-3.0.9-1.3E.1.ia64.rpm

x86_64:
c6b9d4e23808e90eeeda7335e6b59752  samba-3.0.9-1.3E.1.x86_64.rpm
cd169c44ab8d232dd11bf082a7325d53  samba-3.0.9-1.3E.1.i386.rpm
c308f8c72d17d4283e0c7dae9e76ba35  samba-client-3.0.9-1.3E.1.x86_64.rpm
5f4314c703118a2afa161fc2988495eb  samba-common-3.0.9-1.3E.1.x86_64.rpm
312410d480a450c332af18fa66d04caa  samba-common-3.0.9-1.3E.1.i386.rpm
8d12d3b1fdac910e25c05a72cbc3b237  samba-swat-3.0.9-1.3E.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1154

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBwfpmXlSAg2UNWIIRAiN4AKCTbZK916KuOWUfHjzel0iLt1j9EgCgxKVC
HOvD4tStIamX2johYZbhzWQ=
=2IZu
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Fri Dec 17 09:56:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Fri, 17 Dec 2004 04:56 -0500
Subject: [RHSA-2004:638-01] Updated gd packages fix security issues
Message-ID: <200412170956.iBH9uQa21445@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated gd packages fix security issues
Advisory ID:       RHSA-2004:638-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-638.html
Issue date:        2004-12-17
Updated on:        2004-12-17
Product:           Red Hat Enterprise Linux
Keywords:          gd buffer overflow gdMalloc gdCalloc gdRealloc
CVE Names:         CAN-2004-0941 CAN-2004-0990
- ---------------------------------------------------------------------

1. Summary:

Updated gd packages that fix security issues with overflow in various
memory allocation calls are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The gd packages contain a graphics library used for the dynamic creation of
images such as PNG and JPEG. 

Several buffer overflows were reported in various memory allocation calls.
An attacker could create a carefully crafted image file in such a way that
it could cause ImageMagick to execute arbitrary code when processing the
image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0990 to these issues.  

While researching the fixes to these overflows, additional buffer overflows
were discovered in calls to gdMalloc.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0941 to
these issues.  

Users of gd should upgrade to these updated packages, which contain a
backported security patch, and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

137246 - CAN-2004-0990 integer overflow in PNG handling.
138808 - CAN-2004-0941 additional overflows in gd

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gd-1.8.4-4.21.1.src.rpm
0398a5a807dee5b9e50305be0e41c46f  gd-1.8.4-4.21.1.src.rpm

i386:
32f90ee0ee49fbaa0e9d83c32d773d44  gd-1.8.4-4.21.1.i386.rpm
ba50f74a3c45ceb6c6994fd16dd97846  gd-devel-1.8.4-4.21.1.i386.rpm
e6cd529cd117dc14073f011a7cf35631  gd-progs-1.8.4-4.21.1.i386.rpm

ia64:
f3415f854fcc70689d9487386c5f5497  gd-1.8.4-4.21.1.ia64.rpm
3db197bc13dfc65b6debfc4e14eed791  gd-devel-1.8.4-4.21.1.ia64.rpm
a4f021b229c4b4d9710888b06fa0b57c  gd-progs-1.8.4-4.21.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gd-1.8.4-4.21.1.src.rpm
0398a5a807dee5b9e50305be0e41c46f  gd-1.8.4-4.21.1.src.rpm

ia64:
f3415f854fcc70689d9487386c5f5497  gd-1.8.4-4.21.1.ia64.rpm
3db197bc13dfc65b6debfc4e14eed791  gd-devel-1.8.4-4.21.1.ia64.rpm
a4f021b229c4b4d9710888b06fa0b57c  gd-progs-1.8.4-4.21.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gd-1.8.4-4.21.1.src.rpm
0398a5a807dee5b9e50305be0e41c46f  gd-1.8.4-4.21.1.src.rpm

i386:
32f90ee0ee49fbaa0e9d83c32d773d44  gd-1.8.4-4.21.1.i386.rpm
ba50f74a3c45ceb6c6994fd16dd97846  gd-devel-1.8.4-4.21.1.i386.rpm
e6cd529cd117dc14073f011a7cf35631  gd-progs-1.8.4-4.21.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gd-1.8.4-4.21.1.src.rpm
0398a5a807dee5b9e50305be0e41c46f  gd-1.8.4-4.21.1.src.rpm

i386:
32f90ee0ee49fbaa0e9d83c32d773d44  gd-1.8.4-4.21.1.i386.rpm
ba50f74a3c45ceb6c6994fd16dd97846  gd-devel-1.8.4-4.21.1.i386.rpm
e6cd529cd117dc14073f011a7cf35631  gd-progs-1.8.4-4.21.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gd-1.8.4-12.3.1.src.rpm
6a074a9b46c1c433fb6379ddd7ffa39c  gd-1.8.4-12.3.1.src.rpm

i386:
0277cba330cefb9ab1ebea7f15fa32c8  gd-1.8.4-12.3.1.i386.rpm
d5b6b426e2e06f02a3d0e5f3180cf33c  gd-devel-1.8.4-12.3.1.i386.rpm
a8f4b292b1ef66452790e4dd2648c7a2  gd-progs-1.8.4-12.3.1.i386.rpm

ia64:
ca3b5794089578356666c672355ad71f  gd-1.8.4-12.3.1.ia64.rpm
839ca9fd43bd92ec9bcbd324954f71e5  gd-devel-1.8.4-12.3.1.ia64.rpm
7c0174f34dbe662e8852e1ffe25d8372  gd-progs-1.8.4-12.3.1.ia64.rpm

ppc:
11c259e294f22220dad62674e7a54210  gd-1.8.4-12.3.1.ppc.rpm
67456fab43a1b9d601c62a54a446be27  gd-devel-1.8.4-12.3.1.ppc.rpm
2f900edcde2c6771bd82ce414133717b  gd-progs-1.8.4-12.3.1.ppc.rpm

s390:
568eaf1ea4294befde060da07c4812c7  gd-1.8.4-12.3.1.s390.rpm
4873cab38494fc574740b645d5673e33  gd-devel-1.8.4-12.3.1.s390.rpm
336923033fdc04176a0279d9127570a3  gd-progs-1.8.4-12.3.1.s390.rpm

s390x:
adc06b68372a7d7bf375bbd88867b9af  gd-1.8.4-12.3.1.s390x.rpm
cd195ca8593ec6404d01c82be4db5c47  gd-devel-1.8.4-12.3.1.s390x.rpm
83f844555bdeb93f28c30e00fe2cf90d  gd-progs-1.8.4-12.3.1.s390x.rpm

x86_64:
7cbaf334f370e69a009cc3e173bd43b2  gd-1.8.4-12.3.1.x86_64.rpm
6e28767d002c70958e5f1f38a5420d0a  gd-devel-1.8.4-12.3.1.x86_64.rpm
003ce60cef5006f3c495aff9e767f4e2  gd-progs-1.8.4-12.3.1.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gd-1.8.4-12.3.1.src.rpm
6a074a9b46c1c433fb6379ddd7ffa39c  gd-1.8.4-12.3.1.src.rpm

i386:
0277cba330cefb9ab1ebea7f15fa32c8  gd-1.8.4-12.3.1.i386.rpm
d5b6b426e2e06f02a3d0e5f3180cf33c  gd-devel-1.8.4-12.3.1.i386.rpm
a8f4b292b1ef66452790e4dd2648c7a2  gd-progs-1.8.4-12.3.1.i386.rpm

x86_64:
7cbaf334f370e69a009cc3e173bd43b2  gd-1.8.4-12.3.1.x86_64.rpm
6e28767d002c70958e5f1f38a5420d0a  gd-devel-1.8.4-12.3.1.x86_64.rpm
003ce60cef5006f3c495aff9e767f4e2  gd-progs-1.8.4-12.3.1.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gd-1.8.4-12.3.1.src.rpm
6a074a9b46c1c433fb6379ddd7ffa39c  gd-1.8.4-12.3.1.src.rpm

i386:
0277cba330cefb9ab1ebea7f15fa32c8  gd-1.8.4-12.3.1.i386.rpm
d5b6b426e2e06f02a3d0e5f3180cf33c  gd-devel-1.8.4-12.3.1.i386.rpm
a8f4b292b1ef66452790e4dd2648c7a2  gd-progs-1.8.4-12.3.1.i386.rpm

ia64:
ca3b5794089578356666c672355ad71f  gd-1.8.4-12.3.1.ia64.rpm
839ca9fd43bd92ec9bcbd324954f71e5  gd-devel-1.8.4-12.3.1.ia64.rpm
7c0174f34dbe662e8852e1ffe25d8372  gd-progs-1.8.4-12.3.1.ia64.rpm

x86_64:
7cbaf334f370e69a009cc3e173bd43b2  gd-1.8.4-12.3.1.x86_64.rpm
6e28767d002c70958e5f1f38a5420d0a  gd-devel-1.8.4-12.3.1.x86_64.rpm
003ce60cef5006f3c495aff9e767f4e2  gd-progs-1.8.4-12.3.1.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gd-1.8.4-12.3.1.src.rpm
6a074a9b46c1c433fb6379ddd7ffa39c  gd-1.8.4-12.3.1.src.rpm

i386:
0277cba330cefb9ab1ebea7f15fa32c8  gd-1.8.4-12.3.1.i386.rpm
d5b6b426e2e06f02a3d0e5f3180cf33c  gd-devel-1.8.4-12.3.1.i386.rpm
a8f4b292b1ef66452790e4dd2648c7a2  gd-progs-1.8.4-12.3.1.i386.rpm

ia64:
ca3b5794089578356666c672355ad71f  gd-1.8.4-12.3.1.ia64.rpm
839ca9fd43bd92ec9bcbd324954f71e5  gd-devel-1.8.4-12.3.1.ia64.rpm
7c0174f34dbe662e8852e1ffe25d8372  gd-progs-1.8.4-12.3.1.ia64.rpm

x86_64:
7cbaf334f370e69a009cc3e173bd43b2  gd-1.8.4-12.3.1.x86_64.rpm
6e28767d002c70958e5f1f38a5420d0a  gd-devel-1.8.4-12.3.1.x86_64.rpm
003ce60cef5006f3c495aff9e767f4e2  gd-progs-1.8.4-12.3.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0990

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBwq1FXlSAg2UNWIIRAs1DAKCnZXfBUN8RyEpX7QKstWw3pViinwCeJ6xV
EP6adNOzWHcZO8CD8MXPbHA=
=rd1i
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon Dec 20 09:42:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 20 Dec 2004 04:42 -0500
Subject: [RHSA-2004:610-01] Updated XFree86 packages fix security issues
Message-ID: <200412200942.iBK9gFa12160@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated XFree86 packages fix security issues
Advisory ID:       RHSA-2004:610-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-610.html
Issue date:        2004-12-20
Updated on:        2004-12-20
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0914
- ---------------------------------------------------------------------

1. Summary:

Updated XFree86 packages that fix several security flaws in libXpm are now
available for Red Hat Enterprise Linux 2.1.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

XFree86 is an open source implementation of the X Window System. It
provides the basic low level functionality which full fledged graphical
user interfaces (GUIs), such as GNOME and KDE are designed upon.

Several integer overflow flaws in the X.Org libXpm library used to decode
XPM (X PixMap) images have been found and addressed. An attacker could
create a carefully crafted XP file which would cause an application to
crash or potentially execute arbitrary code if opened by a victim.  The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0914 to this issue.

Users are advised to upgrade to these erratum packages, which contain
backported security patches and other bug fixes.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

136164 - CAN-2004-0914 libXpm integer overflows

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/XFree86-4.1.0-64.EL.src.rpm
0f2ec7e09cfaa37314c2a4d86f22ab72  XFree86-4.1.0-64.EL.src.rpm

i386:
619cba76e3db1708c4ddaa571746f7a3  XFree86-100dpi-fonts-4.1.0-64.EL.i386.rpm
2b16fa711f16f5551ed7d81d3570955f  XFree86-4.1.0-64.EL.i386.rpm
26b4754be230b746c3d7851d2ec63e34  XFree86-75dpi-fonts-4.1.0-64.EL.i386.rpm
8d3b284157293f6289adfb73404a00e9  XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.i386.rpm
af869655958f5118050494bbc2aa8f64  XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.i386.rpm
7f2123c84e1161d0f899021c505326a4  XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.i386.rpm
f18101e8f31e4b61765f9039d9143b7d  XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.i386.rpm
492c079042fe73e81ad8209e175e376b  XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.i386.rpm
a5e849fec6ee87de20a3d1dd7d33c5af  XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.i386.rpm
aa86b8d77b837e377f9fe0bd0175ae2b  XFree86-Xnest-4.1.0-64.EL.i386.rpm
f1f668073ac78f0ac09f1074295094db  XFree86-Xvfb-4.1.0-64.EL.i386.rpm
f16d01c6c1a5102ca2053c9b1d5dc1e2  XFree86-cyrillic-fonts-4.1.0-64.EL.i386.rpm
1d7eba36f929a6e7386951fa10089fc0  XFree86-devel-4.1.0-64.EL.i386.rpm
836a435dcb8045a5a12879793bf14790  XFree86-doc-4.1.0-64.EL.i386.rpm
522e953d868d3cacbe8087fe396e80a9  XFree86-libs-4.1.0-64.EL.i386.rpm
3f4ea7ac9ff130a726820df0dc0e03ea  XFree86-tools-4.1.0-64.EL.i386.rpm
0b0357dfc6be4c7a415f0b194b52ceaf  XFree86-twm-4.1.0-64.EL.i386.rpm
f16b5abf0a2292b0c6594a2dfb6e435e  XFree86-xdm-4.1.0-64.EL.i386.rpm
6b58d9114caa524859054d06621878e9  XFree86-xf86cfg-4.1.0-64.EL.i386.rpm
524cdc6f6d432304f8d0cb755ca7a357  XFree86-xfs-4.1.0-64.EL.i386.rpm

ia64:
3187d46c885cc192d84eaff99dd438f5  XFree86-100dpi-fonts-4.1.0-64.EL.ia64.rpm
6278c684f22524f5f7da958aeef90074  XFree86-4.1.0-64.EL.ia64.rpm
bf42add1eb21b91cda0e30ad8e2686f6  XFree86-75dpi-fonts-4.1.0-64.EL.ia64.rpm
40e9d9d6cbff18a6b950e8f0d7710cd6  XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.ia64.rpm
7be2eed8481a8063dd386cdfa3623e6a  XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.ia64.rpm
ced2a72750408ac4c46240886886dd7c  XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.ia64.rpm
b4fa57d16717844c81f322b12eddb8b3  XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.ia64.rpm
34464f4f3ef6e4c5110f7fd171bb2969  XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.ia64.rpm
7e655529fb5a6f583e2c3c37826dd83f  XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.ia64.rpm
de6d74fee0882d509fc1de32047d4970  XFree86-Xnest-4.1.0-64.EL.ia64.rpm
da8b33ca947559b528985fd093932b9e  XFree86-Xvfb-4.1.0-64.EL.ia64.rpm
83d7db57d75aa30ede0f956faa467f1d  XFree86-cyrillic-fonts-4.1.0-64.EL.ia64.rpm
eec017bf9bdc5c9ac59c57391a4f891c  XFree86-devel-4.1.0-64.EL.ia64.rpm
9e90851f484096e380edbb793b1aaaae  XFree86-doc-4.1.0-64.EL.ia64.rpm
19274ae09f218a5f919054abfc0364f2  XFree86-libs-4.1.0-64.EL.ia64.rpm
6f6a7192bfbc26d62751197da36f8a80  XFree86-tools-4.1.0-64.EL.ia64.rpm
cb31a0833f32786205fba5256968c5ea  XFree86-twm-4.1.0-64.EL.ia64.rpm
18dfe291c815d7a1850a9ca72d1307c1  XFree86-xdm-4.1.0-64.EL.ia64.rpm
6d2f9fb6412391ac5c1eac8fdcdaf95c  XFree86-xfs-4.1.0-64.EL.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/XFree86-4.1.0-64.EL.src.rpm
0f2ec7e09cfaa37314c2a4d86f22ab72  XFree86-4.1.0-64.EL.src.rpm

ia64:
3187d46c885cc192d84eaff99dd438f5  XFree86-100dpi-fonts-4.1.0-64.EL.ia64.rpm
6278c684f22524f5f7da958aeef90074  XFree86-4.1.0-64.EL.ia64.rpm
bf42add1eb21b91cda0e30ad8e2686f6  XFree86-75dpi-fonts-4.1.0-64.EL.ia64.rpm
40e9d9d6cbff18a6b950e8f0d7710cd6  XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.ia64.rpm
7be2eed8481a8063dd386cdfa3623e6a  XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.ia64.rpm
ced2a72750408ac4c46240886886dd7c  XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.ia64.rpm
b4fa57d16717844c81f322b12eddb8b3  XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.ia64.rpm
34464f4f3ef6e4c5110f7fd171bb2969  XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.ia64.rpm
7e655529fb5a6f583e2c3c37826dd83f  XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.ia64.rpm
de6d74fee0882d509fc1de32047d4970  XFree86-Xnest-4.1.0-64.EL.ia64.rpm
da8b33ca947559b528985fd093932b9e  XFree86-Xvfb-4.1.0-64.EL.ia64.rpm
83d7db57d75aa30ede0f956faa467f1d  XFree86-cyrillic-fonts-4.1.0-64.EL.ia64.rpm
eec017bf9bdc5c9ac59c57391a4f891c  XFree86-devel-4.1.0-64.EL.ia64.rpm
9e90851f484096e380edbb793b1aaaae  XFree86-doc-4.1.0-64.EL.ia64.rpm
19274ae09f218a5f919054abfc0364f2  XFree86-libs-4.1.0-64.EL.ia64.rpm
6f6a7192bfbc26d62751197da36f8a80  XFree86-tools-4.1.0-64.EL.ia64.rpm
cb31a0833f32786205fba5256968c5ea  XFree86-twm-4.1.0-64.EL.ia64.rpm
18dfe291c815d7a1850a9ca72d1307c1  XFree86-xdm-4.1.0-64.EL.ia64.rpm
6d2f9fb6412391ac5c1eac8fdcdaf95c  XFree86-xfs-4.1.0-64.EL.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/XFree86-4.1.0-64.EL.src.rpm
0f2ec7e09cfaa37314c2a4d86f22ab72  XFree86-4.1.0-64.EL.src.rpm

i386:
619cba76e3db1708c4ddaa571746f7a3  XFree86-100dpi-fonts-4.1.0-64.EL.i386.rpm
2b16fa711f16f5551ed7d81d3570955f  XFree86-4.1.0-64.EL.i386.rpm
26b4754be230b746c3d7851d2ec63e34  XFree86-75dpi-fonts-4.1.0-64.EL.i386.rpm
8d3b284157293f6289adfb73404a00e9  XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.i386.rpm
af869655958f5118050494bbc2aa8f64  XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.i386.rpm
7f2123c84e1161d0f899021c505326a4  XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.i386.rpm
f18101e8f31e4b61765f9039d9143b7d  XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.i386.rpm
492c079042fe73e81ad8209e175e376b  XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.i386.rpm
a5e849fec6ee87de20a3d1dd7d33c5af  XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.i386.rpm
aa86b8d77b837e377f9fe0bd0175ae2b  XFree86-Xnest-4.1.0-64.EL.i386.rpm
f1f668073ac78f0ac09f1074295094db  XFree86-Xvfb-4.1.0-64.EL.i386.rpm
f16d01c6c1a5102ca2053c9b1d5dc1e2  XFree86-cyrillic-fonts-4.1.0-64.EL.i386.rpm
1d7eba36f929a6e7386951fa10089fc0  XFree86-devel-4.1.0-64.EL.i386.rpm
836a435dcb8045a5a12879793bf14790  XFree86-doc-4.1.0-64.EL.i386.rpm
522e953d868d3cacbe8087fe396e80a9  XFree86-libs-4.1.0-64.EL.i386.rpm
3f4ea7ac9ff130a726820df0dc0e03ea  XFree86-tools-4.1.0-64.EL.i386.rpm
0b0357dfc6be4c7a415f0b194b52ceaf  XFree86-twm-4.1.0-64.EL.i386.rpm
f16b5abf0a2292b0c6594a2dfb6e435e  XFree86-xdm-4.1.0-64.EL.i386.rpm
6b58d9114caa524859054d06621878e9  XFree86-xf86cfg-4.1.0-64.EL.i386.rpm
524cdc6f6d432304f8d0cb755ca7a357  XFree86-xfs-4.1.0-64.EL.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/XFree86-4.1.0-64.EL.src.rpm
0f2ec7e09cfaa37314c2a4d86f22ab72  XFree86-4.1.0-64.EL.src.rpm

i386:
619cba76e3db1708c4ddaa571746f7a3  XFree86-100dpi-fonts-4.1.0-64.EL.i386.rpm
2b16fa711f16f5551ed7d81d3570955f  XFree86-4.1.0-64.EL.i386.rpm
26b4754be230b746c3d7851d2ec63e34  XFree86-75dpi-fonts-4.1.0-64.EL.i386.rpm
8d3b284157293f6289adfb73404a00e9  XFree86-ISO8859-15-100dpi-fonts-4.1.0-64.EL.i386.rpm
af869655958f5118050494bbc2aa8f64  XFree86-ISO8859-15-75dpi-fonts-4.1.0-64.EL.i386.rpm
7f2123c84e1161d0f899021c505326a4  XFree86-ISO8859-2-100dpi-fonts-4.1.0-64.EL.i386.rpm
f18101e8f31e4b61765f9039d9143b7d  XFree86-ISO8859-2-75dpi-fonts-4.1.0-64.EL.i386.rpm
492c079042fe73e81ad8209e175e376b  XFree86-ISO8859-9-100dpi-fonts-4.1.0-64.EL.i386.rpm
a5e849fec6ee87de20a3d1dd7d33c5af  XFree86-ISO8859-9-75dpi-fonts-4.1.0-64.EL.i386.rpm
aa86b8d77b837e377f9fe0bd0175ae2b  XFree86-Xnest-4.1.0-64.EL.i386.rpm
f1f668073ac78f0ac09f1074295094db  XFree86-Xvfb-4.1.0-64.EL.i386.rpm
f16d01c6c1a5102ca2053c9b1d5dc1e2  XFree86-cyrillic-fonts-4.1.0-64.EL.i386.rpm
1d7eba36f929a6e7386951fa10089fc0  XFree86-devel-4.1.0-64.EL.i386.rpm
836a435dcb8045a5a12879793bf14790  XFree86-doc-4.1.0-64.EL.i386.rpm
522e953d868d3cacbe8087fe396e80a9  XFree86-libs-4.1.0-64.EL.i386.rpm
3f4ea7ac9ff130a726820df0dc0e03ea  XFree86-tools-4.1.0-64.EL.i386.rpm
0b0357dfc6be4c7a415f0b194b52ceaf  XFree86-twm-4.1.0-64.EL.i386.rpm
f16b5abf0a2292b0c6594a2dfb6e435e  XFree86-xdm-4.1.0-64.EL.i386.rpm
6b58d9114caa524859054d06621878e9  XFree86-xf86cfg-4.1.0-64.EL.i386.rpm
524cdc6f6d432304f8d0cb755ca7a357  XFree86-xfs-4.1.0-64.EL.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBxp5uXlSAg2UNWIIRAuBhAJ41gFaa2spXDXliMyVZAm54Y5eiagCfWX/z
DzYcb6SthNlSRDrI6H3OhWs=
=4H3C
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon Dec 20 19:02:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 20 Dec 2004 14:02 -0500
Subject: [RHSA-2004:489-01] Updated rh-postgresql packages
Message-ID: <200412201902.iBKJ2Ya14915@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated rh-postgresql packages
Advisory ID:       RHSA-2004:489-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-489.html
Issue date:        2004-12-20
Updated on:        2004-12-20
Product:           Red Hat Enterprise Linux
Keywords:          PostgreSQL
Obsoletes:         RHBA-2004:307
CVE Names:         CAN-2004-0977
- ---------------------------------------------------------------------

1. Summary:

Updated rh-postgresql packages that fix various bugs are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

PostgreSQL is an advanced Object-Relational database management system
(DBMS) that supports almost all SQL constructs (including transactions,
subselects, and user-defined types and functions).

Trustix has identified improper temporary file usage in the
make_oidjoins_check script.  It is possible that an attacker could
overwrite arbitrary file contents as the user running the
make_oidjoins_check script.  This script has been removed from the RPM file
since it has no use to ordinary users.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0977 to
this issue.

Additionally, the following non-security issues have been addressed:

- - Fixed a low probability risk for loss of recently committed transactions.

- - Fixed a low probability risk for loss of older data due to failure to 
  update transaction status.

- - A lock file problem that sometimes prevented automatic restart after a 
  system crash has been fixed.

All users of rh-postgresql should upgrade to these updated packages, which
resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate.  The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (http://bugzilla.redhat.com/):

130814 - PostgreSQL can lose committed transactions
130989 - a bug in rh-postgresql.spec file
134090 - Postgres's init script does not remove stale PID file
136300 - CAN-2004-0977 temporary file vulnerabilities in make_oidjoins_check script
136949 - PostgreSQL data loss risk and minor security issues

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/rh-postgresql-7.3.8-2.src.rpm
b6f78f4d007ff34fd27c73e8e2184b9a  rh-postgresql-7.3.8-2.src.rpm

i386:
9a8e4fab3fefaa9c62adffab85d7f9dd  rh-postgresql-7.3.8-2.i386.rpm
cbe1191f0e15417f42bd63ae30ccd3e5  rh-postgresql-contrib-7.3.8-2.i386.rpm
9555acf13b8ebf18dfb481cd5c6f99c1  rh-postgresql-devel-7.3.8-2.i386.rpm
dbe30f5c7d8a9dd83090857800ce4a62  rh-postgresql-docs-7.3.8-2.i386.rpm
e011a190a43641d139052255b6b3727b  rh-postgresql-jdbc-7.3.8-2.i386.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
0365a7e9e9afe7a21d3479175ede1194  rh-postgresql-pl-7.3.8-2.i386.rpm
ba83c9b6005800cb36e31d789aea1003  rh-postgresql-python-7.3.8-2.i386.rpm
f695cfb3138039e3bfce6191d2eedba7  rh-postgresql-server-7.3.8-2.i386.rpm
a894286bfd45da019bd2f083c510c013  rh-postgresql-tcl-7.3.8-2.i386.rpm
ba1a9a7eafd9f54d5da3be6477afa91b  rh-postgresql-test-7.3.8-2.i386.rpm

ia64:
b81fe8a042275a6eae8e019ed024bb52  rh-postgresql-7.3.8-2.ia64.rpm
44617417c491cd9618414cdedfad7704  rh-postgresql-contrib-7.3.8-2.ia64.rpm
d68d98d887e03743fa57c479465a2378  rh-postgresql-devel-7.3.8-2.ia64.rpm
d0f30ecba82ffbb20c9d5b5381e82697  rh-postgresql-docs-7.3.8-2.ia64.rpm
27dc30c3cf876227812759044db25829  rh-postgresql-jdbc-7.3.8-2.ia64.rpm
8f82413ed98614887bf84b90705e5f9b  rh-postgresql-libs-7.3.8-2.ia64.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
b7c203dbbb7339d038d66e857bc3d4b9  rh-postgresql-pl-7.3.8-2.ia64.rpm
7ace5c441704b85d292405139b8cc322  rh-postgresql-python-7.3.8-2.ia64.rpm
ff98fdfb1d3bd314b3531ece1ee1914c  rh-postgresql-server-7.3.8-2.ia64.rpm
6b8d0f1eaef081197b2c9206641fba8f  rh-postgresql-tcl-7.3.8-2.ia64.rpm
80603313ddbdd0615de272825c4563ff  rh-postgresql-test-7.3.8-2.ia64.rpm

ppc:
61cb8351f26b2d2cb1c67d35b4d54aa5  rh-postgresql-7.3.8-2.ppc.rpm
7d85d7aa8f268df2c17e1031070bb4f3  rh-postgresql-contrib-7.3.8-2.ppc.rpm
2fb726274c0ef0efd3edd3c3d09907d6  rh-postgresql-devel-7.3.8-2.ppc.rpm
78b2859d5bfd196e6b7de7bf0f4b8edd  rh-postgresql-docs-7.3.8-2.ppc.rpm
77a4a4438201e52c2655c89cf93d8c2e  rh-postgresql-jdbc-7.3.8-2.ppc.rpm
bfe513f316461b70e6f16e55a7239983  rh-postgresql-libs-7.3.8-2.ppc.rpm
ec6ecaecc2fad7f89fc4f252d38d0768  rh-postgresql-pl-7.3.8-2.ppc.rpm
c5d1fa31dba46003b6a1a45edd2f9a9b  rh-postgresql-python-7.3.8-2.ppc.rpm
f4784bf0163b4d4d323989241049d851  rh-postgresql-server-7.3.8-2.ppc.rpm
3a806dbdaa439256b157b8405df94eb3  rh-postgresql-tcl-7.3.8-2.ppc.rpm
038f122dbc33dec81fe277d8b1fc87ed  rh-postgresql-test-7.3.8-2.ppc.rpm

ppc64:
1948dd5f3925216c7ecea6bc424b288f  rh-postgresql-libs-7.3.8-2.ppc64.rpm

s390:
3ec831b0bf766b9dd9880cd144e0b732  rh-postgresql-7.3.8-2.s390.rpm
5c918ccf8bdb5b5d7480ed17c1273b5f  rh-postgresql-contrib-7.3.8-2.s390.rpm
f5237ab51b6eb4b3da36adc42ea16bcd  rh-postgresql-devel-7.3.8-2.s390.rpm
90fc27be8ac2c65ebd7668f53276b260  rh-postgresql-docs-7.3.8-2.s390.rpm
06367e3e830c62c8afd9afca9ae99d33  rh-postgresql-jdbc-7.3.8-2.s390.rpm
1aff1b96a8d94965a12a4c9bfbbe9a11  rh-postgresql-libs-7.3.8-2.s390.rpm
644b0b229a2916b59aca7fa543e605d3  rh-postgresql-pl-7.3.8-2.s390.rpm
db08ba50321ae2ecc185b290ea36a39d  rh-postgresql-python-7.3.8-2.s390.rpm
bf664bf955832af93ff862d2488db4bf  rh-postgresql-server-7.3.8-2.s390.rpm
4c6e9bccebbb29c5767d4ab8172b8b55  rh-postgresql-tcl-7.3.8-2.s390.rpm
12ac81c2da135e94e9619dc71174e541  rh-postgresql-test-7.3.8-2.s390.rpm

s390x:
0fb9269140c52e80cec05f2bac2c5a45  rh-postgresql-7.3.8-2.s390x.rpm
0c9c9f6dbb68b3d637948444a57d7d9f  rh-postgresql-contrib-7.3.8-2.s390x.rpm
8136241175742881a571681e8fb38418  rh-postgresql-devel-7.3.8-2.s390x.rpm
c7fdd00fc81c887cf06761366a854863  rh-postgresql-docs-7.3.8-2.s390x.rpm
0e013178fd4bfad778a346a6386d7fae  rh-postgresql-jdbc-7.3.8-2.s390x.rpm
8d840586780a5443ee055c578f1cafea  rh-postgresql-libs-7.3.8-2.s390x.rpm
1aff1b96a8d94965a12a4c9bfbbe9a11  rh-postgresql-libs-7.3.8-2.s390.rpm
42b5090143b89c99de862a1f43abdc19  rh-postgresql-pl-7.3.8-2.s390x.rpm
5d6925405e6086946e4ba18330f2542e  rh-postgresql-python-7.3.8-2.s390x.rpm
cdd8ffee22bee31625edde4d78726bc3  rh-postgresql-server-7.3.8-2.s390x.rpm
9a1928941441bcfec612b8f529323389  rh-postgresql-tcl-7.3.8-2.s390x.rpm
0311161816e1c56ff87b8bb606865a70  rh-postgresql-test-7.3.8-2.s390x.rpm

x86_64:
58be01e12b8b73f6c7d986f085308b6f  rh-postgresql-7.3.8-2.x86_64.rpm
97052514a167a5f2e177b1789ea42104  rh-postgresql-contrib-7.3.8-2.x86_64.rpm
52f4461df7735a5e617e917b406ce1fd  rh-postgresql-devel-7.3.8-2.x86_64.rpm
dc3d6f4246ca53d9d5b9a7c67c2bcadf  rh-postgresql-docs-7.3.8-2.x86_64.rpm
dca39c461cf73431984b28b304fa2584  rh-postgresql-jdbc-7.3.8-2.x86_64.rpm
4594237703b5e15de4219c3d7a6cf88f  rh-postgresql-libs-7.3.8-2.x86_64.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
01bf5f97411d52a80f569c711c8631a0  rh-postgresql-pl-7.3.8-2.x86_64.rpm
0867682b553bf2a4f97bf4df13472f52  rh-postgresql-python-7.3.8-2.x86_64.rpm
c3bce4b8c1f3725f1ea74ac05c1bc0bd  rh-postgresql-server-7.3.8-2.x86_64.rpm
d33a6dbd447e819993fb93d48e2429bd  rh-postgresql-tcl-7.3.8-2.x86_64.rpm
24b8957973eb0ea8855318e70fc36286  rh-postgresql-test-7.3.8-2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/rh-postgresql-7.3.8-2.src.rpm
b6f78f4d007ff34fd27c73e8e2184b9a  rh-postgresql-7.3.8-2.src.rpm

i386:
9a8e4fab3fefaa9c62adffab85d7f9dd  rh-postgresql-7.3.8-2.i386.rpm
cbe1191f0e15417f42bd63ae30ccd3e5  rh-postgresql-contrib-7.3.8-2.i386.rpm
9555acf13b8ebf18dfb481cd5c6f99c1  rh-postgresql-devel-7.3.8-2.i386.rpm
dbe30f5c7d8a9dd83090857800ce4a62  rh-postgresql-docs-7.3.8-2.i386.rpm
e011a190a43641d139052255b6b3727b  rh-postgresql-jdbc-7.3.8-2.i386.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
0365a7e9e9afe7a21d3479175ede1194  rh-postgresql-pl-7.3.8-2.i386.rpm
ba83c9b6005800cb36e31d789aea1003  rh-postgresql-python-7.3.8-2.i386.rpm
f695cfb3138039e3bfce6191d2eedba7  rh-postgresql-server-7.3.8-2.i386.rpm
a894286bfd45da019bd2f083c510c013  rh-postgresql-tcl-7.3.8-2.i386.rpm
ba1a9a7eafd9f54d5da3be6477afa91b  rh-postgresql-test-7.3.8-2.i386.rpm

x86_64:
58be01e12b8b73f6c7d986f085308b6f  rh-postgresql-7.3.8-2.x86_64.rpm
97052514a167a5f2e177b1789ea42104  rh-postgresql-contrib-7.3.8-2.x86_64.rpm
52f4461df7735a5e617e917b406ce1fd  rh-postgresql-devel-7.3.8-2.x86_64.rpm
dc3d6f4246ca53d9d5b9a7c67c2bcadf  rh-postgresql-docs-7.3.8-2.x86_64.rpm
dca39c461cf73431984b28b304fa2584  rh-postgresql-jdbc-7.3.8-2.x86_64.rpm
4594237703b5e15de4219c3d7a6cf88f  rh-postgresql-libs-7.3.8-2.x86_64.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
01bf5f97411d52a80f569c711c8631a0  rh-postgresql-pl-7.3.8-2.x86_64.rpm
0867682b553bf2a4f97bf4df13472f52  rh-postgresql-python-7.3.8-2.x86_64.rpm
c3bce4b8c1f3725f1ea74ac05c1bc0bd  rh-postgresql-server-7.3.8-2.x86_64.rpm
d33a6dbd447e819993fb93d48e2429bd  rh-postgresql-tcl-7.3.8-2.x86_64.rpm
24b8957973eb0ea8855318e70fc36286  rh-postgresql-test-7.3.8-2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/rh-postgresql-7.3.8-2.src.rpm
b6f78f4d007ff34fd27c73e8e2184b9a  rh-postgresql-7.3.8-2.src.rpm

i386:
9a8e4fab3fefaa9c62adffab85d7f9dd  rh-postgresql-7.3.8-2.i386.rpm
cbe1191f0e15417f42bd63ae30ccd3e5  rh-postgresql-contrib-7.3.8-2.i386.rpm
9555acf13b8ebf18dfb481cd5c6f99c1  rh-postgresql-devel-7.3.8-2.i386.rpm
dbe30f5c7d8a9dd83090857800ce4a62  rh-postgresql-docs-7.3.8-2.i386.rpm
e011a190a43641d139052255b6b3727b  rh-postgresql-jdbc-7.3.8-2.i386.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
0365a7e9e9afe7a21d3479175ede1194  rh-postgresql-pl-7.3.8-2.i386.rpm
ba83c9b6005800cb36e31d789aea1003  rh-postgresql-python-7.3.8-2.i386.rpm
f695cfb3138039e3bfce6191d2eedba7  rh-postgresql-server-7.3.8-2.i386.rpm
a894286bfd45da019bd2f083c510c013  rh-postgresql-tcl-7.3.8-2.i386.rpm
ba1a9a7eafd9f54d5da3be6477afa91b  rh-postgresql-test-7.3.8-2.i386.rpm

ia64:
b81fe8a042275a6eae8e019ed024bb52  rh-postgresql-7.3.8-2.ia64.rpm
44617417c491cd9618414cdedfad7704  rh-postgresql-contrib-7.3.8-2.ia64.rpm
d68d98d887e03743fa57c479465a2378  rh-postgresql-devel-7.3.8-2.ia64.rpm
d0f30ecba82ffbb20c9d5b5381e82697  rh-postgresql-docs-7.3.8-2.ia64.rpm
27dc30c3cf876227812759044db25829  rh-postgresql-jdbc-7.3.8-2.ia64.rpm
8f82413ed98614887bf84b90705e5f9b  rh-postgresql-libs-7.3.8-2.ia64.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
b7c203dbbb7339d038d66e857bc3d4b9  rh-postgresql-pl-7.3.8-2.ia64.rpm
7ace5c441704b85d292405139b8cc322  rh-postgresql-python-7.3.8-2.ia64.rpm
ff98fdfb1d3bd314b3531ece1ee1914c  rh-postgresql-server-7.3.8-2.ia64.rpm
6b8d0f1eaef081197b2c9206641fba8f  rh-postgresql-tcl-7.3.8-2.ia64.rpm
80603313ddbdd0615de272825c4563ff  rh-postgresql-test-7.3.8-2.ia64.rpm

x86_64:
58be01e12b8b73f6c7d986f085308b6f  rh-postgresql-7.3.8-2.x86_64.rpm
97052514a167a5f2e177b1789ea42104  rh-postgresql-contrib-7.3.8-2.x86_64.rpm
52f4461df7735a5e617e917b406ce1fd  rh-postgresql-devel-7.3.8-2.x86_64.rpm
dc3d6f4246ca53d9d5b9a7c67c2bcadf  rh-postgresql-docs-7.3.8-2.x86_64.rpm
dca39c461cf73431984b28b304fa2584  rh-postgresql-jdbc-7.3.8-2.x86_64.rpm
4594237703b5e15de4219c3d7a6cf88f  rh-postgresql-libs-7.3.8-2.x86_64.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
01bf5f97411d52a80f569c711c8631a0  rh-postgresql-pl-7.3.8-2.x86_64.rpm
0867682b553bf2a4f97bf4df13472f52  rh-postgresql-python-7.3.8-2.x86_64.rpm
c3bce4b8c1f3725f1ea74ac05c1bc0bd  rh-postgresql-server-7.3.8-2.x86_64.rpm
d33a6dbd447e819993fb93d48e2429bd  rh-postgresql-tcl-7.3.8-2.x86_64.rpm
24b8957973eb0ea8855318e70fc36286  rh-postgresql-test-7.3.8-2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/rh-postgresql-7.3.8-2.src.rpm
b6f78f4d007ff34fd27c73e8e2184b9a  rh-postgresql-7.3.8-2.src.rpm

i386:
9a8e4fab3fefaa9c62adffab85d7f9dd  rh-postgresql-7.3.8-2.i386.rpm
cbe1191f0e15417f42bd63ae30ccd3e5  rh-postgresql-contrib-7.3.8-2.i386.rpm
9555acf13b8ebf18dfb481cd5c6f99c1  rh-postgresql-devel-7.3.8-2.i386.rpm
dbe30f5c7d8a9dd83090857800ce4a62  rh-postgresql-docs-7.3.8-2.i386.rpm
e011a190a43641d139052255b6b3727b  rh-postgresql-jdbc-7.3.8-2.i386.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
0365a7e9e9afe7a21d3479175ede1194  rh-postgresql-pl-7.3.8-2.i386.rpm
ba83c9b6005800cb36e31d789aea1003  rh-postgresql-python-7.3.8-2.i386.rpm
f695cfb3138039e3bfce6191d2eedba7  rh-postgresql-server-7.3.8-2.i386.rpm
a894286bfd45da019bd2f083c510c013  rh-postgresql-tcl-7.3.8-2.i386.rpm
ba1a9a7eafd9f54d5da3be6477afa91b  rh-postgresql-test-7.3.8-2.i386.rpm

ia64:
b81fe8a042275a6eae8e019ed024bb52  rh-postgresql-7.3.8-2.ia64.rpm
44617417c491cd9618414cdedfad7704  rh-postgresql-contrib-7.3.8-2.ia64.rpm
d68d98d887e03743fa57c479465a2378  rh-postgresql-devel-7.3.8-2.ia64.rpm
d0f30ecba82ffbb20c9d5b5381e82697  rh-postgresql-docs-7.3.8-2.ia64.rpm
27dc30c3cf876227812759044db25829  rh-postgresql-jdbc-7.3.8-2.ia64.rpm
8f82413ed98614887bf84b90705e5f9b  rh-postgresql-libs-7.3.8-2.ia64.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
b7c203dbbb7339d038d66e857bc3d4b9  rh-postgresql-pl-7.3.8-2.ia64.rpm
7ace5c441704b85d292405139b8cc322  rh-postgresql-python-7.3.8-2.ia64.rpm
ff98fdfb1d3bd314b3531ece1ee1914c  rh-postgresql-server-7.3.8-2.ia64.rpm
6b8d0f1eaef081197b2c9206641fba8f  rh-postgresql-tcl-7.3.8-2.ia64.rpm
80603313ddbdd0615de272825c4563ff  rh-postgresql-test-7.3.8-2.ia64.rpm

x86_64:
58be01e12b8b73f6c7d986f085308b6f  rh-postgresql-7.3.8-2.x86_64.rpm
97052514a167a5f2e177b1789ea42104  rh-postgresql-contrib-7.3.8-2.x86_64.rpm
52f4461df7735a5e617e917b406ce1fd  rh-postgresql-devel-7.3.8-2.x86_64.rpm
dc3d6f4246ca53d9d5b9a7c67c2bcadf  rh-postgresql-docs-7.3.8-2.x86_64.rpm
dca39c461cf73431984b28b304fa2584  rh-postgresql-jdbc-7.3.8-2.x86_64.rpm
4594237703b5e15de4219c3d7a6cf88f  rh-postgresql-libs-7.3.8-2.x86_64.rpm
7db6fc9638372c5cd81182888dffcb2e  rh-postgresql-libs-7.3.8-2.i386.rpm
01bf5f97411d52a80f569c711c8631a0  rh-postgresql-pl-7.3.8-2.x86_64.rpm
0867682b553bf2a4f97bf4df13472f52  rh-postgresql-python-7.3.8-2.x86_64.rpm
c3bce4b8c1f3725f1ea74ac05c1bc0bd  rh-postgresql-server-7.3.8-2.x86_64.rpm
d33a6dbd447e819993fb93d48e2429bd  rh-postgresql-tcl-7.3.8-2.x86_64.rpm
24b8957973eb0ea8855318e70fc36286  rh-postgresql-test-7.3.8-2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0977

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2004 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBxyGwXlSAg2UNWIIRAm1KAJ4/4/gFBuT6MEvrD1p5xaAQTV4PtQCaAs66
H+Rl9iZPEo00f+a5m6dnkjM=
=ZB8B
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon Dec 20 19:03:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 20 Dec 2004 14:03 -0500
Subject: [RHSA-2004:583-01] Updated nfs-utils package fixes security
	vulnerabilities
Message-ID: <200412201903.iBKJ3Ba14950@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated nfs-utils package fixes security vulnerabilities
Advisory ID:       RHSA-2004:583-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-583.html
Issue date:        2004-12-20
Updated on:        2004-12-20
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-1014 CAN-2004-0946
- ---------------------------------------------------------------------

1. Summary:

An updated nfs-utils package that fixes various security issues is now
available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The nfs-utils package provides a daemon for the kernel NFS server and
related tools, providing a much higher level of performance than the
traditional Linux NFS server used by most users.

This package also contains the showmount program. Showmount queries
the mount daemon on a remote host for information about the NFS
(Network File System) server on the remote host.

SGI reported that the statd daemon did not properly handle the SIGPIPE
signal.  A misconfigured or malicious peer could cause statd to crash,
leading to a denial of service.  The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-1014 to this issue.

Arjan van de Ven discovered a buffer overflow in rquotad.  On 64-bit
architectures, an improper integer conversion can lead to a buffer
overflow.  An attacker with access to an NFS share could send a specially
crafted request which could lead to the execution of arbitrary code.  The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0946 to this issue.

Additionally, this updated package addresses the following issues:

- - The UID of the nfsnobody account has been fixed for 32-bit and 64-bit
machines. Because the st_uid field of the stat structure is an unsigned
integer, an actual value of -2 cannot be used when creating the account, so
the decimal value of -2 is used. On a 32-bit machine, the decimal value of
- -2 is 65534 but on a 64-bit machine it is 4294967294. This errata enables
the nfs-utils post-install script to detect the target architecture, so an
appropriate decimal value is used.

All users of nfs-utils should upgrade to this updated package, which
resolves these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

123900 - LTC5609-Wrong uid/gid for anonuid in nfs mount
139611 - CAN-2004-1014 DoS in statd
138062 - CAN-2004-0946 buffer overflow in rquotad

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/nfs-utils-1.0.6-33EL.src.rpm
3c07aefe1af032508a92e4189d9e2cd2  nfs-utils-1.0.6-33EL.src.rpm

i386:
e17d5bce62acddfa0de2b9b77b9b67db  nfs-utils-1.0.6-33EL.i386.rpm

ia64:
1fe59525701f2bb8c4e5f039a8e613d9  nfs-utils-1.0.6-33EL.ia64.rpm

ppc:
d88d00c954fb90e1d8f30c04ec714d8c  nfs-utils-1.0.6-33EL.ppc.rpm

s390:
a498b1aa5b7f6aa9a829d8cb23331c82  nfs-utils-1.0.6-33EL.s390.rpm

s390x:
15279ec8935e525ebac1b488f012597c  nfs-utils-1.0.6-33EL.s390x.rpm

x86_64:
6dcf9bd7e53e6780c37d8cc28fecdca5  nfs-utils-1.0.6-33EL.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/nfs-utils-1.0.6-33EL.src.rpm
3c07aefe1af032508a92e4189d9e2cd2  nfs-utils-1.0.6-33EL.src.rpm

i386:
e17d5bce62acddfa0de2b9b77b9b67db  nfs-utils-1.0.6-33EL.i386.rpm

x86_64:
6dcf9bd7e53e6780c37d8cc28fecdca5  nfs-utils-1.0.6-33EL.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/nfs-utils-1.0.6-33EL.src.rpm
3c07aefe1af032508a92e4189d9e2cd2  nfs-utils-1.0.6-33EL.src.rpm

i386:
e17d5bce62acddfa0de2b9b77b9b67db  nfs-utils-1.0.6-33EL.i386.rpm

ia64:
1fe59525701f2bb8c4e5f039a8e613d9  nfs-utils-1.0.6-33EL.ia64.rpm

x86_64:
6dcf9bd7e53e6780c37d8cc28fecdca5  nfs-utils-1.0.6-33EL.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/nfs-utils-1.0.6-33EL.src.rpm
3c07aefe1af032508a92e4189d9e2cd2  nfs-utils-1.0.6-33EL.src.rpm

i386:
e17d5bce62acddfa0de2b9b77b9b67db  nfs-utils-1.0.6-33EL.i386.rpm

ia64:
1fe59525701f2bb8c4e5f039a8e613d9  nfs-utils-1.0.6-33EL.ia64.rpm

x86_64:
6dcf9bd7e53e6780c37d8cc28fecdca5  nfs-utils-1.0.6-33EL.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0946

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2004 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBxyHeXlSAg2UNWIIRAhHrAKCCJ62+ffj7g8vSuekwppXpq/J6GwCgp2H6
49dAmTgX2liMAqE7dSaNDww=
=HyoH
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon Dec 20 19:06:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 20 Dec 2004 14:06 -0500
Subject: [RHSA-2004:586-01] Updated glibc packages
Message-ID: <200412201906.iBKJ6Ea15160@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated glibc packages
Advisory ID:       RHSA-2004:586-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-586.html
Issue date:        2004-12-20
Updated on:        2004-12-20
Product:           Red Hat Enterprise Linux
Keywords:          glibc
Obsoletes:         RHBA-2004:384-11
CVE Names:         CAN-2004-0968
- ---------------------------------------------------------------------

1. Summary:

Updated glibc packages that address several bugs and implement some
enhancements are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, i686, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, i686, x86_64
Red Hat Enterprise Linux ES version 3 - i386, i686, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, i686, ia64, x86_64

3. Problem description:

The GNU libc packages (known as glibc) contain the standard C libraries
used by applications.

This errata fixes several bugs in the GNU C Library.

Fixes include (in addition to enclosed Bugzilla entries):

- - fixed 32-bit atomic operations on 64-bit powerpc
- - fixed -m32 -I /usr/include/nptl compilation on AMD64
- - NPTL <pthread.h> should now be usable in C++ code or -pedantic -std=c89 C
- - rwlocks are now available also in the _POSIX_C_SOURCE=200112L namespace
- - pthread_once is no longer throw(), as the callback routine might throw
- - pthread_create now correctly returns EAGAIN when thread couldn't be
created because of lack of memory
- - fixed NPTL stack freeing in case of pthread_create failure with detached
thread
- - fixed pthread_mutex_timedlock on i386 and AMD64
- - Itanium gp saving fix in linuxthreads
- - fixed s390/s390x unwinding tests done during cancellation if stack frames
are small
- - fixed fnmatch(3) backslash handling
- - fixed out of memory behaviour of syslog(3)
- - resolver ID randomization
- - fixed fim (NaN, NaN)
- - glob(3) fixes for dangling symlinks
- - catchsegv fixed to work with both 32-bit and 64-bit binaries on x86-64,
s390x and ppc
- - fixed reinitialization of _res when using NPTL stack cache
- - updated bug reporting instructions, removed glibcbug script
- - fixed infinite loop in iconv with some options
- - fixed inet_aton return value
- - CPU friendlier busy waiting in linuxthreads on EM64T and IA-64
- - avoid blocking/masking debug signal in linuxthreads
- - fixed locale program output when neither LC_ALL nor LANG is set
- - fixed using of unitialized memory in localedef
- - fixed mntent_r escape processing
- - optimized mtrace script
- - linuxthread_db fixes on ppc64
- - cfi instructions in x86-64 linuxthreads vfork
- - some _POSIX_C_SOURCE=200112L namespace fixes

All users of glibc should upgrade to these updated packages, which resolve
these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

123583 - getnameinfo does not use /etc/hosts for lookup of V4MAPPED addresses
132816 - glibc in RHEL 3 needs to have syslog.c updated to cvs version 1.42
132204 - glibc-nis-performance.patch causes gdm to hang
118574 - malloc exhausts memory to fast in mulithreaded program
127606 - __builtin_expect's prototype does not expect int args; assert feeds it just that
103415 - Weird string in date printing
136726 - RHEL3 U5: execvp fails if ENODEV encountered during PATH search
135234 - Problem with gethostbyaddr with latest UDP
136318 - CAN-2004-0968 temporary file vulnerabilities in catchsegv script
130254 - glibc's traceback() fails when called from an exception handler
116428 - RHEL3 U4: statfs64
132654 - LTC10984 - 1.3.1 Linux JVM hanging on RedHat EL 3 update 3

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/glibc-2.3.2-95.30.src.rpm
d15df5dfa2e74b1a4abbb70e56dd25e4  glibc-2.3.2-95.30.src.rpm

i386:
fe7ce95c7354c232491d6f05cb27395d  glibc-2.3.2-95.30.i386.rpm
98de4c318ef0e4febdb58bf41bcea1d8  glibc-common-2.3.2-95.30.i386.rpm
310f94898b51fe70491caa50764ec058  glibc-devel-2.3.2-95.30.i386.rpm
3fb18bb2724baaf3254d9caaad9e7178  glibc-headers-2.3.2-95.30.i386.rpm
636317c552cea1a9630965f6e45f899c  glibc-profile-2.3.2-95.30.i386.rpm
236418cf2a6a14cd76476bcac3a8993a  glibc-utils-2.3.2-95.30.i386.rpm
64c4149f810e256e8d06b103c0d8c363  nscd-2.3.2-95.30.i386.rpm

i686:
6e2c8d12a10dae784a2f0f8d39af05d1  glibc-2.3.2-95.30.i686.rpm
728500d49aee5022dca86339917da96e  nptl-devel-2.3.2-95.30.i686.rpm

ia64:
369fe6766b2a26d6343a926f4c780ef0  glibc-2.3.2-95.30.ia64.rpm
6e2c8d12a10dae784a2f0f8d39af05d1  glibc-2.3.2-95.30.i686.rpm
df3a5511e22cb01ce6b2b5707c533462  glibc-common-2.3.2-95.30.ia64.rpm
cc3df97be2243e442e101b2d9c3fea01  glibc-devel-2.3.2-95.30.ia64.rpm
cd00415e215a6cf6a25ff93163ed7cbe  glibc-headers-2.3.2-95.30.ia64.rpm
ca3dc0c2dbfa6b9b71ae381f8a1a9071  glibc-profile-2.3.2-95.30.ia64.rpm
61d769397f3d56f5ca68e3dc39d85183  glibc-utils-2.3.2-95.30.ia64.rpm
e7a7775d1524d0d06293bd70a3219f48  nptl-devel-2.3.2-95.30.ia64.rpm
4f08dd1c11db6642008537f00f052039  nscd-2.3.2-95.30.ia64.rpm

ppc:
35b630a847e98347eb99378e399a4173  glibc-2.3.2-95.30.ppc.rpm
0342f43284d8e5364d40671dd1f39a7f  glibc-common-2.3.2-95.30.ppc.rpm
27174c0559d4b834801eaceb0951519b  glibc-devel-2.3.2-95.30.ppc.rpm
f2591e55453597b498e6305bf6573dd8  glibc-headers-2.3.2-95.30.ppc.rpm
9aa2fb865c592acc99f619efee28fb91  glibc-profile-2.3.2-95.30.ppc.rpm
d6d6dda1dff4ec5955f5f071448231cb  glibc-utils-2.3.2-95.30.ppc.rpm
9eb568271b79c4a74a6c820cec1bccac  nptl-devel-2.3.2-95.30.ppc.rpm
6be684c35aca2c6a832e07669dacfa13  nscd-2.3.2-95.30.ppc.rpm

ppc64:
f104ae96d787c07ec040e1d2f3af0e97  glibc-2.3.2-95.30.ppc64.rpm
98efde8788fb7dcfd4b9a6998bb811b0  glibc-devel-2.3.2-95.30.ppc64.rpm

s390:
e5d99ebe60b40dca7df6f422f92c423c  glibc-2.3.2-95.30.s390.rpm
2c65559d9f8610664ffbcb746c37f475  glibc-common-2.3.2-95.30.s390.rpm
04353d1ad4afb81c338d1df644e749c1  glibc-devel-2.3.2-95.30.s390.rpm
183b1a623ef6e036f682a37a1f9fa10a  glibc-headers-2.3.2-95.30.s390.rpm
43101d9b283ab6a84eb742b7d76bac75  glibc-profile-2.3.2-95.30.s390.rpm
8af2adc42acfa724b3e899209dc9e0a8  glibc-utils-2.3.2-95.30.s390.rpm
6a110224af8cf2bd76f5588439f63b62  nptl-devel-2.3.2-95.30.s390.rpm
90278c8c9895a35425f9cc9bbadeda61  nscd-2.3.2-95.30.s390.rpm

s390x:
035f10c1dea0b14d3016a761716211ae  glibc-2.3.2-95.30.s390x.rpm
e5d99ebe60b40dca7df6f422f92c423c  glibc-2.3.2-95.30.s390.rpm
7597b0648938e3fec4f1e489358d3edc  glibc-common-2.3.2-95.30.s390x.rpm
9db1a132a7c23eae94aa7ccd80c8c14b  glibc-devel-2.3.2-95.30.s390x.rpm
04353d1ad4afb81c338d1df644e749c1  glibc-devel-2.3.2-95.30.s390.rpm
6060c9fb082d112ecb2b02b9b12444e7  glibc-headers-2.3.2-95.30.s390x.rpm
d73d83f30399d40abe2420eee6306235  glibc-profile-2.3.2-95.30.s390x.rpm
a7ea709dadb4ec1d04d9d4964a55a18d  glibc-utils-2.3.2-95.30.s390x.rpm
8d1f52855b2473a7750eb8280054dd78  nptl-devel-2.3.2-95.30.s390x.rpm
85ed7ba3006ba2ad471a95cfd9d0807d  nscd-2.3.2-95.30.s390x.rpm

x86_64:
8fbaabf048605769292dce75ec872c16  glibc-2.3.2-95.30.x86_64.rpm
6e2c8d12a10dae784a2f0f8d39af05d1  glibc-2.3.2-95.30.i686.rpm
50b56f52e724972728bd9c3fe966d09d  glibc-common-2.3.2-95.30.x86_64.rpm
1bb80a3b886f01dbaa686d1a35ca587e  glibc-devel-2.3.2-95.30.x86_64.rpm
310f94898b51fe70491caa50764ec058  glibc-devel-2.3.2-95.30.i386.rpm
bc8bfbf3e8882548beb3cb5e8b4baa63  glibc-headers-2.3.2-95.30.x86_64.rpm
61bc8045440d3cdbfa424edfb6398d05  glibc-profile-2.3.2-95.30.x86_64.rpm
b44f7d721f2a00f2832f6d973c9f6bf9  glibc-utils-2.3.2-95.30.x86_64.rpm
6ce9f413f4033200d3ece849c57ce908  nptl-devel-2.3.2-95.30.x86_64.rpm
0a246d37cf5b641cca48fff2c1006279  nscd-2.3.2-95.30.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/glibc-2.3.2-95.30.src.rpm
d15df5dfa2e74b1a4abbb70e56dd25e4  glibc-2.3.2-95.30.src.rpm

i386:
fe7ce95c7354c232491d6f05cb27395d  glibc-2.3.2-95.30.i386.rpm
98de4c318ef0e4febdb58bf41bcea1d8  glibc-common-2.3.2-95.30.i386.rpm
310f94898b51fe70491caa50764ec058  glibc-devel-2.3.2-95.30.i386.rpm
3fb18bb2724baaf3254d9caaad9e7178  glibc-headers-2.3.2-95.30.i386.rpm
636317c552cea1a9630965f6e45f899c  glibc-profile-2.3.2-95.30.i386.rpm
236418cf2a6a14cd76476bcac3a8993a  glibc-utils-2.3.2-95.30.i386.rpm
64c4149f810e256e8d06b103c0d8c363  nscd-2.3.2-95.30.i386.rpm

i686:
6e2c8d12a10dae784a2f0f8d39af05d1  glibc-2.3.2-95.30.i686.rpm
728500d49aee5022dca86339917da96e  nptl-devel-2.3.2-95.30.i686.rpm

x86_64:
8fbaabf048605769292dce75ec872c16  glibc-2.3.2-95.30.x86_64.rpm
6e2c8d12a10dae784a2f0f8d39af05d1  glibc-2.3.2-95.30.i686.rpm
50b56f52e724972728bd9c3fe966d09d  glibc-common-2.3.2-95.30.x86_64.rpm
1bb80a3b886f01dbaa686d1a35ca587e  glibc-devel-2.3.2-95.30.x86_64.rpm
310f94898b51fe70491caa50764ec058  glibc-devel-2.3.2-95.30.i386.rpm
bc8bfbf3e8882548beb3cb5e8b4baa63  glibc-headers-2.3.2-95.30.x86_64.rpm
61bc8045440d3cdbfa424edfb6398d05  glibc-profile-2.3.2-95.30.x86_64.rpm
b44f7d721f2a00f2832f6d973c9f6bf9  glibc-utils-2.3.2-95.30.x86_64.rpm
6ce9f413f4033200d3ece849c57ce908  nptl-devel-2.3.2-95.30.x86_64.rpm
0a246d37cf5b641cca48fff2c1006279  nscd-2.3.2-95.30.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/glibc-2.3.2-95.30.src.rpm
d15df5dfa2e74b1a4abbb70e56dd25e4  glibc-2.3.2-95.30.src.rpm

i386:
fe7ce95c7354c232491d6f05cb27395d  glibc-2.3.2-95.30.i386.rpm
98de4c318ef0e4febdb58bf41bcea1d8  glibc-common-2.3.2-95.30.i386.rpm
310f94898b51fe70491caa50764ec058  glibc-devel-2.3.2-95.30.i386.rpm
3fb18bb2724baaf3254d9caaad9e7178  glibc-headers-2.3.2-95.30.i386.rpm
636317c552cea1a9630965f6e45f899c  glibc-profile-2.3.2-95.30.i386.rpm
236418cf2a6a14cd76476bcac3a8993a  glibc-utils-2.3.2-95.30.i386.rpm
64c4149f810e256e8d06b103c0d8c363  nscd-2.3.2-95.30.i386.rpm

i686:
6e2c8d12a10dae784a2f0f8d39af05d1  glibc-2.3.2-95.30.i686.rpm
728500d49aee5022dca86339917da96e  nptl-devel-2.3.2-95.30.i686.rpm

ia64:
369fe6766b2a26d6343a926f4c780ef0  glibc-2.3.2-95.30.ia64.rpm
6e2c8d12a10dae784a2f0f8d39af05d1  glibc-2.3.2-95.30.i686.rpm
df3a5511e22cb01ce6b2b5707c533462  glibc-common-2.3.2-95.30.ia64.rpm
cc3df97be2243e442e101b2d9c3fea01  glibc-devel-2.3.2-95.30.ia64.rpm
cd00415e215a6cf6a25ff93163ed7cbe  glibc-headers-2.3.2-95.30.ia64.rpm
ca3dc0c2dbfa6b9b71ae381f8a1a9071  glibc-profile-2.3.2-95.30.ia64.rpm
61d769397f3d56f5ca68e3dc39d85183  glibc-utils-2.3.2-95.30.ia64.rpm
e7a7775d1524d0d06293bd70a3219f48  nptl-devel-2.3.2-95.30.ia64.rpm
4f08dd1c11db6642008537f00f052039  nscd-2.3.2-95.30.ia64.rpm

x86_64:
8fbaabf048605769292dce75ec872c16  glibc-2.3.2-95.30.x86_64.rpm
6e2c8d12a10dae784a2f0f8d39af05d1  glibc-2.3.2-95.30.i686.rpm
50b56f52e724972728bd9c3fe966d09d  glibc-common-2.3.2-95.30.x86_64.rpm
1bb80a3b886f01dbaa686d1a35ca587e  glibc-devel-2.3.2-95.30.x86_64.rpm
310f94898b51fe70491caa50764ec058  glibc-devel-2.3.2-95.30.i386.rpm
bc8bfbf3e8882548beb3cb5e8b4baa63  glibc-headers-2.3.2-95.30.x86_64.rpm
61bc8045440d3cdbfa424edfb6398d05  glibc-profile-2.3.2-95.30.x86_64.rpm
b44f7d721f2a00f2832f6d973c9f6bf9  glibc-utils-2.3.2-95.30.x86_64.rpm
6ce9f413f4033200d3ece849c57ce908  nptl-devel-2.3.2-95.30.x86_64.rpm
0a246d37cf5b641cca48fff2c1006279  nscd-2.3.2-95.30.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/glibc-2.3.2-95.30.src.rpm
d15df5dfa2e74b1a4abbb70e56dd25e4  glibc-2.3.2-95.30.src.rpm

i386:
fe7ce95c7354c232491d6f05cb27395d  glibc-2.3.2-95.30.i386.rpm
98de4c318ef0e4febdb58bf41bcea1d8  glibc-common-2.3.2-95.30.i386.rpm
310f94898b51fe70491caa50764ec058  glibc-devel-2.3.2-95.30.i386.rpm
3fb18bb2724baaf3254d9caaad9e7178  glibc-headers-2.3.2-95.30.i386.rpm
636317c552cea1a9630965f6e45f899c  glibc-profile-2.3.2-95.30.i386.rpm
236418cf2a6a14cd76476bcac3a8993a  glibc-utils-2.3.2-95.30.i386.rpm
64c4149f810e256e8d06b103c0d8c363  nscd-2.3.2-95.30.i386.rpm

i686:
6e2c8d12a10dae784a2f0f8d39af05d1  glibc-2.3.2-95.30.i686.rpm
728500d49aee5022dca86339917da96e  nptl-devel-2.3.2-95.30.i686.rpm

ia64:
369fe6766b2a26d6343a926f4c780ef0  glibc-2.3.2-95.30.ia64.rpm
6e2c8d12a10dae784a2f0f8d39af05d1  glibc-2.3.2-95.30.i686.rpm
df3a5511e22cb01ce6b2b5707c533462  glibc-common-2.3.2-95.30.ia64.rpm
cc3df97be2243e442e101b2d9c3fea01  glibc-devel-2.3.2-95.30.ia64.rpm
cd00415e215a6cf6a25ff93163ed7cbe  glibc-headers-2.3.2-95.30.ia64.rpm
ca3dc0c2dbfa6b9b71ae381f8a1a9071  glibc-profile-2.3.2-95.30.ia64.rpm
61d769397f3d56f5ca68e3dc39d85183  glibc-utils-2.3.2-95.30.ia64.rpm
e7a7775d1524d0d06293bd70a3219f48  nptl-devel-2.3.2-95.30.ia64.rpm
4f08dd1c11db6642008537f00f052039  nscd-2.3.2-95.30.ia64.rpm

x86_64:
8fbaabf048605769292dce75ec872c16  glibc-2.3.2-95.30.x86_64.rpm
6e2c8d12a10dae784a2f0f8d39af05d1  glibc-2.3.2-95.30.i686.rpm
50b56f52e724972728bd9c3fe966d09d  glibc-common-2.3.2-95.30.x86_64.rpm
1bb80a3b886f01dbaa686d1a35ca587e  glibc-devel-2.3.2-95.30.x86_64.rpm
310f94898b51fe70491caa50764ec058  glibc-devel-2.3.2-95.30.i386.rpm
bc8bfbf3e8882548beb3cb5e8b4baa63  glibc-headers-2.3.2-95.30.x86_64.rpm
61bc8045440d3cdbfa424edfb6398d05  glibc-profile-2.3.2-95.30.x86_64.rpm
b44f7d721f2a00f2832f6d973c9f6bf9  glibc-utils-2.3.2-95.30.x86_64.rpm
6ce9f413f4033200d3ece849c57ce908  nptl-devel-2.3.2-95.30.x86_64.rpm
0a246d37cf5b641cca48fff2c1006279  nscd-2.3.2-95.30.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0968

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2004 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBxyIIXlSAg2UNWIIRAk7qAKCa+BNjb2QBu9k+SKwTxw5vMQTaKQCggAa9
hxb2MjAtJJiC0ScsKDLHsOA=
=iZRe
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon Dec 20 19:06:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 20 Dec 2004 14:06 -0500
Subject: [RHSA-2004:612-01] Updated XFree86 packages fix security issues
Message-ID: <200412201906.iBKJ6la15220@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated XFree86 packages fix security issues
Advisory ID:       RHSA-2004:612-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-612.html
Issue date:        2004-12-20
Updated on:        2004-12-20
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0914
- ---------------------------------------------------------------------

1. Summary:

Updated XFree86 packages that fix several security flaws in libXpm are now
available for Red Hat Enterprise Linux 3.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

XFree86 is an open source implementation of the X Window System. It
provides the basic low level functionality which full fledged graphical
user interfaces (GUIs) such as GNOME and KDE are designed upon.

Several integer overflow flaws in the X.Org libXpm library used to decode
XPM (X PixMap) images have been found and addressed. An attacker could
create a carefully crafted XPM file which would cause an application to
crash or potentially execute arbitrary code if opened by a victim.  The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0914 to this issue.

Users are advised to upgrade to these erratum packages, which contain
backported security patches as well as other bug fixes.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

136164 - CAN-2004-0914 libXpm integer overflows

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/XFree86-4.3.0-78.EL.src.rpm
fcbde0ad5f298308dcd3da1183a1356b  XFree86-4.3.0-78.EL.src.rpm

i386:
f8663183f1d342afedba241206406a32  XFree86-100dpi-fonts-4.3.0-78.EL.i386.rpm
268b9295005f3d0bce2449b29586678b  XFree86-4.3.0-78.EL.i386.rpm
e5d52b59c89a14b6c964e44366f2d532  XFree86-75dpi-fonts-4.3.0-78.EL.i386.rpm
b22888989c36e496546ed444eb69f04e  XFree86-ISO8859-14-100dpi-fonts-4.3.0-78.EL.i386.rpm
1869ec0cbc371fa5649c8ecac60c40b7  XFree86-ISO8859-14-75dpi-fonts-4.3.0-78.EL.i386.rpm
20c6dbd695a75d4facac05bdd77c9e8d  XFree86-ISO8859-15-100dpi-fonts-4.3.0-78.EL.i386.rpm
354d7b89375ab7f4376ccd1e4bb94850  XFree86-ISO8859-15-75dpi-fonts-4.3.0-78.EL.i386.rpm
be304774bce2eee1ff9dcacdde6ece0b  XFree86-ISO8859-2-100dpi-fonts-4.3.0-78.EL.i386.rpm
80e50b77bc6a6fa40d0a10fab4062bc2  XFree86-ISO8859-2-75dpi-fonts-4.3.0-78.EL.i386.rpm
e7a3edc37ea968e3b0e9b548c318b095  XFree86-ISO8859-9-100dpi-fonts-4.3.0-78.EL.i386.rpm
1d55880a7a02bf6c4bfaf34c36f67b8a  XFree86-ISO8859-9-75dpi-fonts-4.3.0-78.EL.i386.rpm
6cc66fada189fb8b0c35fc9624f6f8dc  XFree86-Mesa-libGL-4.3.0-78.EL.i386.rpm
a0142ffd5fa7c087eef87dc43534f389  XFree86-Mesa-libGLU-4.3.0-78.EL.i386.rpm
6bf5551f71b7a1c00aa98ab1057bd4f0  XFree86-Xnest-4.3.0-78.EL.i386.rpm
0c80f82da88092615db85c8306e2c2de  XFree86-Xvfb-4.3.0-78.EL.i386.rpm
929231b8599345903be8ab883989e54f  XFree86-base-fonts-4.3.0-78.EL.i386.rpm
60672e17795ac8a2809d483114f2cd77  XFree86-cyrillic-fonts-4.3.0-78.EL.i386.rpm
4c32dfbd09ab9ba6b54c35f0faaf0f19  XFree86-devel-4.3.0-78.EL.i386.rpm
1c44673fef9bd1a95ecd310a5f1ab275  XFree86-doc-4.3.0-78.EL.i386.rpm
00dbd3eae8fec6211801fe2027c9c8de  XFree86-font-utils-4.3.0-78.EL.i386.rpm
a5268692f93a2cfde920b2845dffd748  XFree86-libs-4.3.0-78.EL.i386.rpm
fdf1412f768d24a69ca4d58a1013aae5  XFree86-libs-data-4.3.0-78.EL.i386.rpm
754eb555fe137c41551f977f70b0dccd  XFree86-sdk-4.3.0-78.EL.i386.rpm
bd5a10585b4171def13586d330754114  XFree86-syriac-fonts-4.3.0-78.EL.i386.rpm
756b2be85b2599271e5b4309f20dc382  XFree86-tools-4.3.0-78.EL.i386.rpm
e5a47073f4bb06764e989ec6a8c6ce45  XFree86-truetype-fonts-4.3.0-78.EL.i386.rpm
e6580bb10e9fef1d2f7447da4707c457  XFree86-twm-4.3.0-78.EL.i386.rpm
3eb2ae16996cf458475e4ea49b1cf296  XFree86-xauth-4.3.0-78.EL.i386.rpm
3e57a1dfee45dc24b84b65de9325c64a  XFree86-xdm-4.3.0-78.EL.i386.rpm
aad1e42bd31211a449d147e57817abc2  XFree86-xfs-4.3.0-78.EL.i386.rpm

ia64:
4fe30e4a35a413b0ce24cd89c3631e61  XFree86-100dpi-fonts-4.3.0-78.EL.ia64.rpm
5d9f7f117b721a0c6434ca3e09863dee  XFree86-4.3.0-78.EL.ia64.rpm
b4aec4ade15a2771db3368ebb39f3bd2  XFree86-75dpi-fonts-4.3.0-78.EL.ia64.rpm
14c59c9e1cda2983edac04b255ed4946  XFree86-ISO8859-14-100dpi-fonts-4.3.0-78.EL.ia64.rpm
034354acf443d94de5e764424401e4e4  XFree86-ISO8859-14-75dpi-fonts-4.3.0-78.EL.ia64.rpm
5da16b9ac0d42d701ffa6b4dedc43814  XFree86-ISO8859-15-100dpi-fonts-4.3.0-78.EL.ia64.rpm
ff9885e94c60023e43e6c844189927c5  XFree86-ISO8859-15-75dpi-fonts-4.3.0-78.EL.ia64.rpm
6b0266be0273be2ef7035ae90ad24aa6  XFree86-ISO8859-2-100dpi-fonts-4.3.0-78.EL.ia64.rpm
0bb969306a0d648f1eba854f09d78ee6  XFree86-ISO8859-2-75dpi-fonts-4.3.0-78.EL.ia64.rpm
d6ef86f25938e8a3db8cb707081b2db2  XFree86-ISO8859-9-100dpi-fonts-4.3.0-78.EL.ia64.rpm
bebd1273fa3793d0e354bdf05a82e4fb  XFree86-ISO8859-9-75dpi-fonts-4.3.0-78.EL.ia64.rpm
845c6fb37e25a32e08a5d0bf446e753e  XFree86-Mesa-libGL-4.3.0-78.EL.ia64.rpm
6cc66fada189fb8b0c35fc9624f6f8dc  XFree86-Mesa-libGL-4.3.0-78.EL.i386.rpm
9be2798923cf5269c71a1af7b3037220  XFree86-Mesa-libGLU-4.3.0-78.EL.ia64.rpm
a0142ffd5fa7c087eef87dc43534f389  XFree86-Mesa-libGLU-4.3.0-78.EL.i386.rpm
da2d6e33946e90df576677454d436cef  XFree86-Xnest-4.3.0-78.EL.ia64.rpm
eb1dbe173fd06b3e4fe93bba414996c3  XFree86-Xvfb-4.3.0-78.EL.ia64.rpm
17d79727a94362eeda1327558109d320  XFree86-base-fonts-4.3.0-78.EL.ia64.rpm
5dcd260fceb0f5fc4c113159711193ab  XFree86-cyrillic-fonts-4.3.0-78.EL.ia64.rpm
62ce01360e08f050baefcd9793d4f198  XFree86-devel-4.3.0-78.EL.ia64.rpm
548e90f790c178acb8c89d6a35fa5ed2  XFree86-doc-4.3.0-78.EL.ia64.rpm
8081cc108da58ac4d10547a96d99d223  XFree86-font-utils-4.3.0-78.EL.ia64.rpm
6cacdc69620454a00ee5f91ed6e6202d  XFree86-libs-4.3.0-78.EL.ia64.rpm
a5268692f93a2cfde920b2845dffd748  XFree86-libs-4.3.0-78.EL.i386.rpm
9d7f8dfa0db41658c2f1994d940df554  XFree86-libs-data-4.3.0-78.EL.ia64.rpm
974cfd3877342dca1cccbeb501a159ba  XFree86-sdk-4.3.0-78.EL.ia64.rpm
1f5f676e7a5a81689977f33347d7d4f2  XFree86-syriac-fonts-4.3.0-78.EL.ia64.rpm
06d011a41cf7dd47f91798c0936c37ef  XFree86-tools-4.3.0-78.EL.ia64.rpm
9a210d8ea413df17f2bb3d86a2daeeea  XFree86-truetype-fonts-4.3.0-78.EL.ia64.rpm
e3bb1b6dd64c72784c5a9f02fac96d64  XFree86-twm-4.3.0-78.EL.ia64.rpm
53399d47729419be2648a15730416836  XFree86-xauth-4.3.0-78.EL.ia64.rpm
7be2eb85ea20d9f3375c0f81a8eaba56  XFree86-xdm-4.3.0-78.EL.ia64.rpm
b2f899d462f28c1febd68b0edadf84e6  XFree86-xfs-4.3.0-78.EL.ia64.rpm

ppc:
2f22144084b9d931f16cde8cb8a708d3  XFree86-100dpi-fonts-4.3.0-78.EL.ppc.rpm
9b3dcc8aee04cd8762d4485132806f3a  XFree86-4.3.0-78.EL.ppc.rpm
743e822cabde389b377e32e1fa56961f  XFree86-75dpi-fonts-4.3.0-78.EL.ppc.rpm
8444279e18b70faed6a4e9e412ede8d8  XFree86-ISO8859-14-100dpi-fonts-4.3.0-78.EL.ppc.rpm
1632b7d18e53c65afcb43139001167b4  XFree86-ISO8859-14-75dpi-fonts-4.3.0-78.EL.ppc.rpm
969064272e5684e3c235cf16642bb4b3  XFree86-ISO8859-15-100dpi-fonts-4.3.0-78.EL.ppc.rpm
0d8c1dc44cb7a03c92dde3b3ab7ecfea  XFree86-ISO8859-15-75dpi-fonts-4.3.0-78.EL.ppc.rpm
4180b6530445f77bcc370368392b9d2a  XFree86-ISO8859-2-100dpi-fonts-4.3.0-78.EL.ppc.rpm
42ff87626b54f9764f24075783fd8dd6  XFree86-ISO8859-2-75dpi-fonts-4.3.0-78.EL.ppc.rpm
1bfa51c1e6778d1480012e7978a04fee  XFree86-ISO8859-9-100dpi-fonts-4.3.0-78.EL.ppc.rpm
4edab278b2f7cf131a7e703bafec559e  XFree86-ISO8859-9-75dpi-fonts-4.3.0-78.EL.ppc.rpm
b9f476172f0c252a0d3d2cfdc8ef0e21  XFree86-Mesa-libGL-4.3.0-78.EL.ppc.rpm
61f29ba184766f18b0cc8b1b5d43d0ff  XFree86-Mesa-libGLU-4.3.0-78.EL.ppc.rpm
eb4c2bc22f9bd5f4e0972d51156b2ac2  XFree86-Xnest-4.3.0-78.EL.ppc.rpm
2c85d3ea4931f45b456d8eecb71ffa67  XFree86-Xvfb-4.3.0-78.EL.ppc.rpm
f4ce2db95c75ea23c2fc13333dfed9eb  XFree86-base-fonts-4.3.0-78.EL.ppc.rpm
8816c4a297ed6cea072199489d99dcdc  XFree86-cyrillic-fonts-4.3.0-78.EL.ppc.rpm
edbe2ad2edbd2272bf2be1a5a158a876  XFree86-devel-4.3.0-78.EL.ppc.rpm
3a8cf4872b8231ba70a3b187137064ad  XFree86-doc-4.3.0-78.EL.ppc.rpm
3169b9188f4d27027c98063cb5f2aa5d  XFree86-font-utils-4.3.0-78.EL.ppc.rpm
ebd3b25f5fd12e36fd84ffde3be27ea9  XFree86-libs-4.3.0-78.EL.ppc.rpm
048e3c38ea12dc3d6c30b1b53a506169  XFree86-libs-data-4.3.0-78.EL.ppc.rpm
76bcb338f87b29f41aea5b3c4c9b9a86  XFree86-sdk-4.3.0-78.EL.ppc.rpm
70d6418832292ede7a2d001b5eb84713  XFree86-syriac-fonts-4.3.0-78.EL.ppc.rpm
08ab5c7217ba123624a68a483dae4faa  XFree86-tools-4.3.0-78.EL.ppc.rpm
ca6f5b04aa937c2225ccc32ca81dac30  XFree86-truetype-fonts-4.3.0-78.EL.ppc.rpm
e138993a7265f7a4b024384c25cc6daf  XFree86-twm-4.3.0-78.EL.ppc.rpm
f4e920d8e9190e1025529c33e085af7c  XFree86-xauth-4.3.0-78.EL.ppc.rpm
9ad5175365eb9aab5c7ec359af11349f  XFree86-xdm-4.3.0-78.EL.ppc.rpm
610d2740eda0526db5e26fc1081b2426  XFree86-xfs-4.3.0-78.EL.ppc.rpm

ppc64:
0cadcc65e0af9205c590d00d2ec0b6f5  XFree86-Mesa-libGL-4.3.0-78.EL.ppc64.rpm
2abf3beb02110f6a4db26df0f1b0c6fd  XFree86-Mesa-libGLU-4.3.0-78.EL.ppc64.rpm
3fc793c098e358207e02f339f1df71f5  XFree86-devel-4.3.0-78.EL.ppc64.rpm
a5e8a9d215e506598400626a3fc7a737  XFree86-libs-4.3.0-78.EL.ppc64.rpm

s390:
5fda5dff956c6bf3ca8d485010e8c17f  XFree86-100dpi-fonts-4.3.0-78.EL.s390.rpm
1d75e4a0496f4ea65d73abfca0128a93  XFree86-4.3.0-78.EL.s390.rpm
0635f2fdd5aecac7d8457629f394758b  XFree86-75dpi-fonts-4.3.0-78.EL.s390.rpm
538d343fd7abb7e80c82b3c470b8d48f  XFree86-ISO8859-14-100dpi-fonts-4.3.0-78.EL.s390.rpm
182a59d55beb6b860269a20f8461f0c9  XFree86-ISO8859-14-75dpi-fonts-4.3.0-78.EL.s390.rpm
bb71c8a281cdfc764c7aecba577e2796  XFree86-ISO8859-15-100dpi-fonts-4.3.0-78.EL.s390.rpm
26ac68728f730fb19d123069b39e4415  XFree86-ISO8859-15-75dpi-fonts-4.3.0-78.EL.s390.rpm
9fedd0ac29a886e42dda0593d2c9bb66  XFree86-ISO8859-2-100dpi-fonts-4.3.0-78.EL.s390.rpm
ce147612e6af269ced37a37f5a0acd61  XFree86-ISO8859-2-75dpi-fonts-4.3.0-78.EL.s390.rpm
3564de7a7b996c2f02ec14428d345e55  XFree86-ISO8859-9-100dpi-fonts-4.3.0-78.EL.s390.rpm
4cb37feb1c4213b1ad44f3eb8b184b4b  XFree86-ISO8859-9-75dpi-fonts-4.3.0-78.EL.s390.rpm
3711d2cd7152c8b4c431fc53ab8e2abc  XFree86-Mesa-libGL-4.3.0-78.EL.s390.rpm
6d1bea4951c1d8e38c9188439d8bb527  XFree86-Mesa-libGLU-4.3.0-78.EL.s390.rpm
047a865ec60016c53a84c5ba472f86ed  XFree86-Xnest-4.3.0-78.EL.s390.rpm
41b393e4f53e86adfc054306768b3587  XFree86-Xvfb-4.3.0-78.EL.s390.rpm
d7944f94aa1e242d0930208f3688aa13  XFree86-base-fonts-4.3.0-78.EL.s390.rpm
1f9d6221fbe266a739837d54875c2d56  XFree86-cyrillic-fonts-4.3.0-78.EL.s390.rpm
b60a6b6e4e030f7b3c95dcaf65dc7024  XFree86-devel-4.3.0-78.EL.s390.rpm
746123956654608303950ef268f18b11  XFree86-font-utils-4.3.0-78.EL.s390.rpm
149e776b6c8f2d3a9a366849c527a120  XFree86-libs-4.3.0-78.EL.s390.rpm
6f191d3f6d40f998624a69c0f9a8cb01  XFree86-libs-data-4.3.0-78.EL.s390.rpm
c7b4d43c5a6d0066c64bcac49d7025a0  XFree86-syriac-fonts-4.3.0-78.EL.s390.rpm
45bfdcbf35a65dce935c05a682b6ffe9  XFree86-tools-4.3.0-78.EL.s390.rpm
329f793df6325b63d6bedd8dba5c3504  XFree86-truetype-fonts-4.3.0-78.EL.s390.rpm
b94459e1e066e5115bf3b1bfc1e881c4  XFree86-twm-4.3.0-78.EL.s390.rpm
87e7b51fdf422c7bb26d4fd3e616d5f6  XFree86-xauth-4.3.0-78.EL.s390.rpm
f0398d8338f0f1f0e7fc6e792a9ce2d6  XFree86-xdm-4.3.0-78.EL.s390.rpm
197e0c79a980954b2664050a33bb2ab2  XFree86-xfs-4.3.0-78.EL.s390.rpm

s390x:
a0b0cf1b083a6474db0957510d18ba01  XFree86-100dpi-fonts-4.3.0-78.EL.s390x.rpm
8c4faca67d7896720d97324a639d4c26  XFree86-4.3.0-78.EL.s390x.rpm
cbcf4f0e108fe1b7748a4d5ec429982b  XFree86-75dpi-fonts-4.3.0-78.EL.s390x.rpm
54116df6e7dd9c9591dbbecc8944ff1e  XFree86-ISO8859-14-100dpi-fonts-4.3.0-78.EL.s390x.rpm
d530514b244375e32b18f650135e643a  XFree86-ISO8859-14-75dpi-fonts-4.3.0-78.EL.s390x.rpm
b2e9080be66a1d7d0c1dc42624a92ad8  XFree86-ISO8859-15-100dpi-fonts-4.3.0-78.EL.s390x.rpm
8781e55104c1cc317d8133b752b3fd96  XFree86-ISO8859-15-75dpi-fonts-4.3.0-78.EL.s390x.rpm
2e52700bead3ca3e8cf115f8b46a1458  XFree86-ISO8859-2-100dpi-fonts-4.3.0-78.EL.s390x.rpm
0f54d967c4c373e2479677123b9561cc  XFree86-ISO8859-2-75dpi-fonts-4.3.0-78.EL.s390x.rpm
83fb067cc7dd0ab39715e9ac29e92dc2  XFree86-ISO8859-9-100dpi-fonts-4.3.0-78.EL.s390x.rpm
8455c4079c99f015dddcc91276f115d5  XFree86-ISO8859-9-75dpi-fonts-4.3.0-78.EL.s390x.rpm
7f72025f46f66c6be0044e6e4223bf1b  XFree86-Mesa-libGL-4.3.0-78.EL.s390x.rpm
3711d2cd7152c8b4c431fc53ab8e2abc  XFree86-Mesa-libGL-4.3.0-78.EL.s390.rpm
ecff2a273d3dd9e784d203d86439ff44  XFree86-Mesa-libGLU-4.3.0-78.EL.s390x.rpm
6d1bea4951c1d8e38c9188439d8bb527  XFree86-Mesa-libGLU-4.3.0-78.EL.s390.rpm
c7d3e8b1f9720700db7cc74b2f1c2510  XFree86-Xnest-4.3.0-78.EL.s390x.rpm
993cfec7a16b11f94cc3fd03dfc4aa2b  XFree86-Xvfb-4.3.0-78.EL.s390x.rpm
9cf58cba05087d3de6b4d4b6acc3f4dc  XFree86-base-fonts-4.3.0-78.EL.s390x.rpm
3f17c4a03f4fc71c1d48951be1f18452  XFree86-cyrillic-fonts-4.3.0-78.EL.s390x.rpm
7d1f2593f7fe151b8929224857a0c42c  XFree86-devel-4.3.0-78.EL.s390x.rpm
b60a6b6e4e030f7b3c95dcaf65dc7024  XFree86-devel-4.3.0-78.EL.s390.rpm
76fd217d115607465b66b09ad9f64776  XFree86-font-utils-4.3.0-78.EL.s390x.rpm
31abe9945b59554846ccfb01a7afab7c  XFree86-libs-4.3.0-78.EL.s390x.rpm
149e776b6c8f2d3a9a366849c527a120  XFree86-libs-4.3.0-78.EL.s390.rpm
1ec748ff9cd4160f44d254cab4e996f2  XFree86-libs-data-4.3.0-78.EL.s390x.rpm
a17c8e9f5c36686a75f645789926a41e  XFree86-syriac-fonts-4.3.0-78.EL.s390x.rpm
361369f1984b4c897e30a36f65c2dcb7  XFree86-tools-4.3.0-78.EL.s390x.rpm
f842e2173a5be4cf0efc5083b945ad4f  XFree86-truetype-fonts-4.3.0-78.EL.s390x.rpm
1dab757b52fe7f2903cb3edb62acf3c7  XFree86-twm-4.3.0-78.EL.s390x.rpm
e03b53100708702b8564038ae4278d19  XFree86-xauth-4.3.0-78.EL.s390x.rpm
eddbce14c319a0815c129e5bab7c3a0b  XFree86-xdm-4.3.0-78.EL.s390x.rpm
34257cbe020c8d417dc6551dfdabbab5  XFree86-xfs-4.3.0-78.EL.s390x.rpm

x86_64:
8cfdc19bb553cb8f1ad1298e8b685d09  XFree86-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
c01a3bbaa890696ee1e35fdde45fc4d2  XFree86-4.3.0-78.EL.x86_64.rpm
74aebfce7dd5c2e21c9672dcb48b7061  XFree86-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
c0fab279cb67d9b88cfd1732cea50dac  XFree86-ISO8859-14-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
6d822dc6e340c57eba49038f6238eb3b  XFree86-ISO8859-14-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
953df779a5091f544c113b5e9432ac9f  XFree86-ISO8859-15-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
d529a3c4c502e3e70cc0af16ca25efb0  XFree86-ISO8859-15-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
b5f66bcc1f94caa8cc0c2e8aa66ed399  XFree86-ISO8859-2-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
195ed2b623d282d99b86f299e3ef43d6  XFree86-ISO8859-2-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
fe77f21d24e5b4606c57738e8640551f  XFree86-ISO8859-9-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
d6bedd63ddff8261bc0a07d5ae2d72aa  XFree86-ISO8859-9-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
8ac502a5cbfa00fade5adb767f95f3e3  XFree86-Mesa-libGL-4.3.0-78.EL.x86_64.rpm
6cc66fada189fb8b0c35fc9624f6f8dc  XFree86-Mesa-libGL-4.3.0-78.EL.i386.rpm
83d9979a44df985f3c6e2574dfccd0d7  XFree86-Mesa-libGLU-4.3.0-78.EL.x86_64.rpm
a0142ffd5fa7c087eef87dc43534f389  XFree86-Mesa-libGLU-4.3.0-78.EL.i386.rpm
6cb7533b089df043b5575f8298a96f09  XFree86-Xnest-4.3.0-78.EL.x86_64.rpm
d64045f9128217b49865ed9ef5c66418  XFree86-Xvfb-4.3.0-78.EL.x86_64.rpm
80cb9995789c7013d4454a6f9b6a5fda  XFree86-base-fonts-4.3.0-78.EL.x86_64.rpm
3f302c17aa2f54a25d232adcf8069308  XFree86-cyrillic-fonts-4.3.0-78.EL.x86_64.rpm
7c2457a4a2772e6d60ce54bb5f61716d  XFree86-devel-4.3.0-78.EL.x86_64.rpm
4c32dfbd09ab9ba6b54c35f0faaf0f19  XFree86-devel-4.3.0-78.EL.i386.rpm
aecef6d7f5019ccaae99af6c1b5d56c3  XFree86-doc-4.3.0-78.EL.x86_64.rpm
36a95884849ac64c3aa713b64f777fed  XFree86-font-utils-4.3.0-78.EL.x86_64.rpm
7326b2b1f9a7f91e0690b35779be3eda  XFree86-libs-4.3.0-78.EL.x86_64.rpm
a5268692f93a2cfde920b2845dffd748  XFree86-libs-4.3.0-78.EL.i386.rpm
ac7a7439e8d247cd2b6839910c6ea581  XFree86-libs-data-4.3.0-78.EL.x86_64.rpm
bc2c865d799ba3381a2336f617696e59  XFree86-sdk-4.3.0-78.EL.x86_64.rpm
22fd68ef5ca5b1ea8cdfa1907aa18e15  XFree86-syriac-fonts-4.3.0-78.EL.x86_64.rpm
ef8bd2f745645cb483fdea4029609232  XFree86-tools-4.3.0-78.EL.x86_64.rpm
31aa0ed2f73088a9855b5e0ed97a191b  XFree86-truetype-fonts-4.3.0-78.EL.x86_64.rpm
1771c60ad5177e5ba99d344d84984c62  XFree86-twm-4.3.0-78.EL.x86_64.rpm
53879faa068624d14fb9989e10353b90  XFree86-xauth-4.3.0-78.EL.x86_64.rpm
a9d0f2830f9f816208908705b14619f9  XFree86-xdm-4.3.0-78.EL.x86_64.rpm
b38aa667771de10c8b2e8c95e5ea0716  XFree86-xfs-4.3.0-78.EL.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/XFree86-4.3.0-78.EL.src.rpm
fcbde0ad5f298308dcd3da1183a1356b  XFree86-4.3.0-78.EL.src.rpm

i386:
f8663183f1d342afedba241206406a32  XFree86-100dpi-fonts-4.3.0-78.EL.i386.rpm
268b9295005f3d0bce2449b29586678b  XFree86-4.3.0-78.EL.i386.rpm
e5d52b59c89a14b6c964e44366f2d532  XFree86-75dpi-fonts-4.3.0-78.EL.i386.rpm
b22888989c36e496546ed444eb69f04e  XFree86-ISO8859-14-100dpi-fonts-4.3.0-78.EL.i386.rpm
1869ec0cbc371fa5649c8ecac60c40b7  XFree86-ISO8859-14-75dpi-fonts-4.3.0-78.EL.i386.rpm
20c6dbd695a75d4facac05bdd77c9e8d  XFree86-ISO8859-15-100dpi-fonts-4.3.0-78.EL.i386.rpm
354d7b89375ab7f4376ccd1e4bb94850  XFree86-ISO8859-15-75dpi-fonts-4.3.0-78.EL.i386.rpm
be304774bce2eee1ff9dcacdde6ece0b  XFree86-ISO8859-2-100dpi-fonts-4.3.0-78.EL.i386.rpm
80e50b77bc6a6fa40d0a10fab4062bc2  XFree86-ISO8859-2-75dpi-fonts-4.3.0-78.EL.i386.rpm
e7a3edc37ea968e3b0e9b548c318b095  XFree86-ISO8859-9-100dpi-fonts-4.3.0-78.EL.i386.rpm
1d55880a7a02bf6c4bfaf34c36f67b8a  XFree86-ISO8859-9-75dpi-fonts-4.3.0-78.EL.i386.rpm
6cc66fada189fb8b0c35fc9624f6f8dc  XFree86-Mesa-libGL-4.3.0-78.EL.i386.rpm
a0142ffd5fa7c087eef87dc43534f389  XFree86-Mesa-libGLU-4.3.0-78.EL.i386.rpm
6bf5551f71b7a1c00aa98ab1057bd4f0  XFree86-Xnest-4.3.0-78.EL.i386.rpm
0c80f82da88092615db85c8306e2c2de  XFree86-Xvfb-4.3.0-78.EL.i386.rpm
929231b8599345903be8ab883989e54f  XFree86-base-fonts-4.3.0-78.EL.i386.rpm
60672e17795ac8a2809d483114f2cd77  XFree86-cyrillic-fonts-4.3.0-78.EL.i386.rpm
4c32dfbd09ab9ba6b54c35f0faaf0f19  XFree86-devel-4.3.0-78.EL.i386.rpm
1c44673fef9bd1a95ecd310a5f1ab275  XFree86-doc-4.3.0-78.EL.i386.rpm
00dbd3eae8fec6211801fe2027c9c8de  XFree86-font-utils-4.3.0-78.EL.i386.rpm
a5268692f93a2cfde920b2845dffd748  XFree86-libs-4.3.0-78.EL.i386.rpm
fdf1412f768d24a69ca4d58a1013aae5  XFree86-libs-data-4.3.0-78.EL.i386.rpm
754eb555fe137c41551f977f70b0dccd  XFree86-sdk-4.3.0-78.EL.i386.rpm
bd5a10585b4171def13586d330754114  XFree86-syriac-fonts-4.3.0-78.EL.i386.rpm
756b2be85b2599271e5b4309f20dc382  XFree86-tools-4.3.0-78.EL.i386.rpm
e5a47073f4bb06764e989ec6a8c6ce45  XFree86-truetype-fonts-4.3.0-78.EL.i386.rpm
e6580bb10e9fef1d2f7447da4707c457  XFree86-twm-4.3.0-78.EL.i386.rpm
3eb2ae16996cf458475e4ea49b1cf296  XFree86-xauth-4.3.0-78.EL.i386.rpm
3e57a1dfee45dc24b84b65de9325c64a  XFree86-xdm-4.3.0-78.EL.i386.rpm
aad1e42bd31211a449d147e57817abc2  XFree86-xfs-4.3.0-78.EL.i386.rpm

x86_64:
8cfdc19bb553cb8f1ad1298e8b685d09  XFree86-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
c01a3bbaa890696ee1e35fdde45fc4d2  XFree86-4.3.0-78.EL.x86_64.rpm
74aebfce7dd5c2e21c9672dcb48b7061  XFree86-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
c0fab279cb67d9b88cfd1732cea50dac  XFree86-ISO8859-14-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
6d822dc6e340c57eba49038f6238eb3b  XFree86-ISO8859-14-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
953df779a5091f544c113b5e9432ac9f  XFree86-ISO8859-15-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
d529a3c4c502e3e70cc0af16ca25efb0  XFree86-ISO8859-15-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
b5f66bcc1f94caa8cc0c2e8aa66ed399  XFree86-ISO8859-2-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
195ed2b623d282d99b86f299e3ef43d6  XFree86-ISO8859-2-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
fe77f21d24e5b4606c57738e8640551f  XFree86-ISO8859-9-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
d6bedd63ddff8261bc0a07d5ae2d72aa  XFree86-ISO8859-9-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
8ac502a5cbfa00fade5adb767f95f3e3  XFree86-Mesa-libGL-4.3.0-78.EL.x86_64.rpm
6cc66fada189fb8b0c35fc9624f6f8dc  XFree86-Mesa-libGL-4.3.0-78.EL.i386.rpm
83d9979a44df985f3c6e2574dfccd0d7  XFree86-Mesa-libGLU-4.3.0-78.EL.x86_64.rpm
a0142ffd5fa7c087eef87dc43534f389  XFree86-Mesa-libGLU-4.3.0-78.EL.i386.rpm
6cb7533b089df043b5575f8298a96f09  XFree86-Xnest-4.3.0-78.EL.x86_64.rpm
d64045f9128217b49865ed9ef5c66418  XFree86-Xvfb-4.3.0-78.EL.x86_64.rpm
80cb9995789c7013d4454a6f9b6a5fda  XFree86-base-fonts-4.3.0-78.EL.x86_64.rpm
3f302c17aa2f54a25d232adcf8069308  XFree86-cyrillic-fonts-4.3.0-78.EL.x86_64.rpm
7c2457a4a2772e6d60ce54bb5f61716d  XFree86-devel-4.3.0-78.EL.x86_64.rpm
4c32dfbd09ab9ba6b54c35f0faaf0f19  XFree86-devel-4.3.0-78.EL.i386.rpm
aecef6d7f5019ccaae99af6c1b5d56c3  XFree86-doc-4.3.0-78.EL.x86_64.rpm
36a95884849ac64c3aa713b64f777fed  XFree86-font-utils-4.3.0-78.EL.x86_64.rpm
7326b2b1f9a7f91e0690b35779be3eda  XFree86-libs-4.3.0-78.EL.x86_64.rpm
a5268692f93a2cfde920b2845dffd748  XFree86-libs-4.3.0-78.EL.i386.rpm
ac7a7439e8d247cd2b6839910c6ea581  XFree86-libs-data-4.3.0-78.EL.x86_64.rpm
bc2c865d799ba3381a2336f617696e59  XFree86-sdk-4.3.0-78.EL.x86_64.rpm
22fd68ef5ca5b1ea8cdfa1907aa18e15  XFree86-syriac-fonts-4.3.0-78.EL.x86_64.rpm
ef8bd2f745645cb483fdea4029609232  XFree86-tools-4.3.0-78.EL.x86_64.rpm
31aa0ed2f73088a9855b5e0ed97a191b  XFree86-truetype-fonts-4.3.0-78.EL.x86_64.rpm
1771c60ad5177e5ba99d344d84984c62  XFree86-twm-4.3.0-78.EL.x86_64.rpm
53879faa068624d14fb9989e10353b90  XFree86-xauth-4.3.0-78.EL.x86_64.rpm
a9d0f2830f9f816208908705b14619f9  XFree86-xdm-4.3.0-78.EL.x86_64.rpm
b38aa667771de10c8b2e8c95e5ea0716  XFree86-xfs-4.3.0-78.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/XFree86-4.3.0-78.EL.src.rpm
fcbde0ad5f298308dcd3da1183a1356b  XFree86-4.3.0-78.EL.src.rpm

i386:
f8663183f1d342afedba241206406a32  XFree86-100dpi-fonts-4.3.0-78.EL.i386.rpm
268b9295005f3d0bce2449b29586678b  XFree86-4.3.0-78.EL.i386.rpm
e5d52b59c89a14b6c964e44366f2d532  XFree86-75dpi-fonts-4.3.0-78.EL.i386.rpm
b22888989c36e496546ed444eb69f04e  XFree86-ISO8859-14-100dpi-fonts-4.3.0-78.EL.i386.rpm
1869ec0cbc371fa5649c8ecac60c40b7  XFree86-ISO8859-14-75dpi-fonts-4.3.0-78.EL.i386.rpm
20c6dbd695a75d4facac05bdd77c9e8d  XFree86-ISO8859-15-100dpi-fonts-4.3.0-78.EL.i386.rpm
354d7b89375ab7f4376ccd1e4bb94850  XFree86-ISO8859-15-75dpi-fonts-4.3.0-78.EL.i386.rpm
be304774bce2eee1ff9dcacdde6ece0b  XFree86-ISO8859-2-100dpi-fonts-4.3.0-78.EL.i386.rpm
80e50b77bc6a6fa40d0a10fab4062bc2  XFree86-ISO8859-2-75dpi-fonts-4.3.0-78.EL.i386.rpm
e7a3edc37ea968e3b0e9b548c318b095  XFree86-ISO8859-9-100dpi-fonts-4.3.0-78.EL.i386.rpm
1d55880a7a02bf6c4bfaf34c36f67b8a  XFree86-ISO8859-9-75dpi-fonts-4.3.0-78.EL.i386.rpm
6cc66fada189fb8b0c35fc9624f6f8dc  XFree86-Mesa-libGL-4.3.0-78.EL.i386.rpm
a0142ffd5fa7c087eef87dc43534f389  XFree86-Mesa-libGLU-4.3.0-78.EL.i386.rpm
6bf5551f71b7a1c00aa98ab1057bd4f0  XFree86-Xnest-4.3.0-78.EL.i386.rpm
0c80f82da88092615db85c8306e2c2de  XFree86-Xvfb-4.3.0-78.EL.i386.rpm
929231b8599345903be8ab883989e54f  XFree86-base-fonts-4.3.0-78.EL.i386.rpm
60672e17795ac8a2809d483114f2cd77  XFree86-cyrillic-fonts-4.3.0-78.EL.i386.rpm
4c32dfbd09ab9ba6b54c35f0faaf0f19  XFree86-devel-4.3.0-78.EL.i386.rpm
1c44673fef9bd1a95ecd310a5f1ab275  XFree86-doc-4.3.0-78.EL.i386.rpm
00dbd3eae8fec6211801fe2027c9c8de  XFree86-font-utils-4.3.0-78.EL.i386.rpm
a5268692f93a2cfde920b2845dffd748  XFree86-libs-4.3.0-78.EL.i386.rpm
fdf1412f768d24a69ca4d58a1013aae5  XFree86-libs-data-4.3.0-78.EL.i386.rpm
754eb555fe137c41551f977f70b0dccd  XFree86-sdk-4.3.0-78.EL.i386.rpm
bd5a10585b4171def13586d330754114  XFree86-syriac-fonts-4.3.0-78.EL.i386.rpm
756b2be85b2599271e5b4309f20dc382  XFree86-tools-4.3.0-78.EL.i386.rpm
e5a47073f4bb06764e989ec6a8c6ce45  XFree86-truetype-fonts-4.3.0-78.EL.i386.rpm
e6580bb10e9fef1d2f7447da4707c457  XFree86-twm-4.3.0-78.EL.i386.rpm
3eb2ae16996cf458475e4ea49b1cf296  XFree86-xauth-4.3.0-78.EL.i386.rpm
3e57a1dfee45dc24b84b65de9325c64a  XFree86-xdm-4.3.0-78.EL.i386.rpm
aad1e42bd31211a449d147e57817abc2  XFree86-xfs-4.3.0-78.EL.i386.rpm

ia64:
4fe30e4a35a413b0ce24cd89c3631e61  XFree86-100dpi-fonts-4.3.0-78.EL.ia64.rpm
5d9f7f117b721a0c6434ca3e09863dee  XFree86-4.3.0-78.EL.ia64.rpm
b4aec4ade15a2771db3368ebb39f3bd2  XFree86-75dpi-fonts-4.3.0-78.EL.ia64.rpm
14c59c9e1cda2983edac04b255ed4946  XFree86-ISO8859-14-100dpi-fonts-4.3.0-78.EL.ia64.rpm
034354acf443d94de5e764424401e4e4  XFree86-ISO8859-14-75dpi-fonts-4.3.0-78.EL.ia64.rpm
5da16b9ac0d42d701ffa6b4dedc43814  XFree86-ISO8859-15-100dpi-fonts-4.3.0-78.EL.ia64.rpm
ff9885e94c60023e43e6c844189927c5  XFree86-ISO8859-15-75dpi-fonts-4.3.0-78.EL.ia64.rpm
6b0266be0273be2ef7035ae90ad24aa6  XFree86-ISO8859-2-100dpi-fonts-4.3.0-78.EL.ia64.rpm
0bb969306a0d648f1eba854f09d78ee6  XFree86-ISO8859-2-75dpi-fonts-4.3.0-78.EL.ia64.rpm
d6ef86f25938e8a3db8cb707081b2db2  XFree86-ISO8859-9-100dpi-fonts-4.3.0-78.EL.ia64.rpm
bebd1273fa3793d0e354bdf05a82e4fb  XFree86-ISO8859-9-75dpi-fonts-4.3.0-78.EL.ia64.rpm
845c6fb37e25a32e08a5d0bf446e753e  XFree86-Mesa-libGL-4.3.0-78.EL.ia64.rpm
6cc66fada189fb8b0c35fc9624f6f8dc  XFree86-Mesa-libGL-4.3.0-78.EL.i386.rpm
9be2798923cf5269c71a1af7b3037220  XFree86-Mesa-libGLU-4.3.0-78.EL.ia64.rpm
a0142ffd5fa7c087eef87dc43534f389  XFree86-Mesa-libGLU-4.3.0-78.EL.i386.rpm
da2d6e33946e90df576677454d436cef  XFree86-Xnest-4.3.0-78.EL.ia64.rpm
eb1dbe173fd06b3e4fe93bba414996c3  XFree86-Xvfb-4.3.0-78.EL.ia64.rpm
17d79727a94362eeda1327558109d320  XFree86-base-fonts-4.3.0-78.EL.ia64.rpm
5dcd260fceb0f5fc4c113159711193ab  XFree86-cyrillic-fonts-4.3.0-78.EL.ia64.rpm
62ce01360e08f050baefcd9793d4f198  XFree86-devel-4.3.0-78.EL.ia64.rpm
548e90f790c178acb8c89d6a35fa5ed2  XFree86-doc-4.3.0-78.EL.ia64.rpm
8081cc108da58ac4d10547a96d99d223  XFree86-font-utils-4.3.0-78.EL.ia64.rpm
6cacdc69620454a00ee5f91ed6e6202d  XFree86-libs-4.3.0-78.EL.ia64.rpm
a5268692f93a2cfde920b2845dffd748  XFree86-libs-4.3.0-78.EL.i386.rpm
9d7f8dfa0db41658c2f1994d940df554  XFree86-libs-data-4.3.0-78.EL.ia64.rpm
974cfd3877342dca1cccbeb501a159ba  XFree86-sdk-4.3.0-78.EL.ia64.rpm
1f5f676e7a5a81689977f33347d7d4f2  XFree86-syriac-fonts-4.3.0-78.EL.ia64.rpm
06d011a41cf7dd47f91798c0936c37ef  XFree86-tools-4.3.0-78.EL.ia64.rpm
9a210d8ea413df17f2bb3d86a2daeeea  XFree86-truetype-fonts-4.3.0-78.EL.ia64.rpm
e3bb1b6dd64c72784c5a9f02fac96d64  XFree86-twm-4.3.0-78.EL.ia64.rpm
53399d47729419be2648a15730416836  XFree86-xauth-4.3.0-78.EL.ia64.rpm
7be2eb85ea20d9f3375c0f81a8eaba56  XFree86-xdm-4.3.0-78.EL.ia64.rpm
b2f899d462f28c1febd68b0edadf84e6  XFree86-xfs-4.3.0-78.EL.ia64.rpm

x86_64:
8cfdc19bb553cb8f1ad1298e8b685d09  XFree86-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
c01a3bbaa890696ee1e35fdde45fc4d2  XFree86-4.3.0-78.EL.x86_64.rpm
74aebfce7dd5c2e21c9672dcb48b7061  XFree86-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
c0fab279cb67d9b88cfd1732cea50dac  XFree86-ISO8859-14-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
6d822dc6e340c57eba49038f6238eb3b  XFree86-ISO8859-14-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
953df779a5091f544c113b5e9432ac9f  XFree86-ISO8859-15-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
d529a3c4c502e3e70cc0af16ca25efb0  XFree86-ISO8859-15-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
b5f66bcc1f94caa8cc0c2e8aa66ed399  XFree86-ISO8859-2-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
195ed2b623d282d99b86f299e3ef43d6  XFree86-ISO8859-2-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
fe77f21d24e5b4606c57738e8640551f  XFree86-ISO8859-9-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
d6bedd63ddff8261bc0a07d5ae2d72aa  XFree86-ISO8859-9-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
8ac502a5cbfa00fade5adb767f95f3e3  XFree86-Mesa-libGL-4.3.0-78.EL.x86_64.rpm
6cc66fada189fb8b0c35fc9624f6f8dc  XFree86-Mesa-libGL-4.3.0-78.EL.i386.rpm
83d9979a44df985f3c6e2574dfccd0d7  XFree86-Mesa-libGLU-4.3.0-78.EL.x86_64.rpm
a0142ffd5fa7c087eef87dc43534f389  XFree86-Mesa-libGLU-4.3.0-78.EL.i386.rpm
6cb7533b089df043b5575f8298a96f09  XFree86-Xnest-4.3.0-78.EL.x86_64.rpm
d64045f9128217b49865ed9ef5c66418  XFree86-Xvfb-4.3.0-78.EL.x86_64.rpm
80cb9995789c7013d4454a6f9b6a5fda  XFree86-base-fonts-4.3.0-78.EL.x86_64.rpm
3f302c17aa2f54a25d232adcf8069308  XFree86-cyrillic-fonts-4.3.0-78.EL.x86_64.rpm
7c2457a4a2772e6d60ce54bb5f61716d  XFree86-devel-4.3.0-78.EL.x86_64.rpm
4c32dfbd09ab9ba6b54c35f0faaf0f19  XFree86-devel-4.3.0-78.EL.i386.rpm
aecef6d7f5019ccaae99af6c1b5d56c3  XFree86-doc-4.3.0-78.EL.x86_64.rpm
36a95884849ac64c3aa713b64f777fed  XFree86-font-utils-4.3.0-78.EL.x86_64.rpm
7326b2b1f9a7f91e0690b35779be3eda  XFree86-libs-4.3.0-78.EL.x86_64.rpm
a5268692f93a2cfde920b2845dffd748  XFree86-libs-4.3.0-78.EL.i386.rpm
ac7a7439e8d247cd2b6839910c6ea581  XFree86-libs-data-4.3.0-78.EL.x86_64.rpm
bc2c865d799ba3381a2336f617696e59  XFree86-sdk-4.3.0-78.EL.x86_64.rpm
22fd68ef5ca5b1ea8cdfa1907aa18e15  XFree86-syriac-fonts-4.3.0-78.EL.x86_64.rpm
ef8bd2f745645cb483fdea4029609232  XFree86-tools-4.3.0-78.EL.x86_64.rpm
31aa0ed2f73088a9855b5e0ed97a191b  XFree86-truetype-fonts-4.3.0-78.EL.x86_64.rpm
1771c60ad5177e5ba99d344d84984c62  XFree86-twm-4.3.0-78.EL.x86_64.rpm
53879faa068624d14fb9989e10353b90  XFree86-xauth-4.3.0-78.EL.x86_64.rpm
a9d0f2830f9f816208908705b14619f9  XFree86-xdm-4.3.0-78.EL.x86_64.rpm
b38aa667771de10c8b2e8c95e5ea0716  XFree86-xfs-4.3.0-78.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/XFree86-4.3.0-78.EL.src.rpm
fcbde0ad5f298308dcd3da1183a1356b  XFree86-4.3.0-78.EL.src.rpm

i386:
f8663183f1d342afedba241206406a32  XFree86-100dpi-fonts-4.3.0-78.EL.i386.rpm
268b9295005f3d0bce2449b29586678b  XFree86-4.3.0-78.EL.i386.rpm
e5d52b59c89a14b6c964e44366f2d532  XFree86-75dpi-fonts-4.3.0-78.EL.i386.rpm
b22888989c36e496546ed444eb69f04e  XFree86-ISO8859-14-100dpi-fonts-4.3.0-78.EL.i386.rpm
1869ec0cbc371fa5649c8ecac60c40b7  XFree86-ISO8859-14-75dpi-fonts-4.3.0-78.EL.i386.rpm
20c6dbd695a75d4facac05bdd77c9e8d  XFree86-ISO8859-15-100dpi-fonts-4.3.0-78.EL.i386.rpm
354d7b89375ab7f4376ccd1e4bb94850  XFree86-ISO8859-15-75dpi-fonts-4.3.0-78.EL.i386.rpm
be304774bce2eee1ff9dcacdde6ece0b  XFree86-ISO8859-2-100dpi-fonts-4.3.0-78.EL.i386.rpm
80e50b77bc6a6fa40d0a10fab4062bc2  XFree86-ISO8859-2-75dpi-fonts-4.3.0-78.EL.i386.rpm
e7a3edc37ea968e3b0e9b548c318b095  XFree86-ISO8859-9-100dpi-fonts-4.3.0-78.EL.i386.rpm
1d55880a7a02bf6c4bfaf34c36f67b8a  XFree86-ISO8859-9-75dpi-fonts-4.3.0-78.EL.i386.rpm
6cc66fada189fb8b0c35fc9624f6f8dc  XFree86-Mesa-libGL-4.3.0-78.EL.i386.rpm
a0142ffd5fa7c087eef87dc43534f389  XFree86-Mesa-libGLU-4.3.0-78.EL.i386.rpm
6bf5551f71b7a1c00aa98ab1057bd4f0  XFree86-Xnest-4.3.0-78.EL.i386.rpm
0c80f82da88092615db85c8306e2c2de  XFree86-Xvfb-4.3.0-78.EL.i386.rpm
929231b8599345903be8ab883989e54f  XFree86-base-fonts-4.3.0-78.EL.i386.rpm
60672e17795ac8a2809d483114f2cd77  XFree86-cyrillic-fonts-4.3.0-78.EL.i386.rpm
4c32dfbd09ab9ba6b54c35f0faaf0f19  XFree86-devel-4.3.0-78.EL.i386.rpm
1c44673fef9bd1a95ecd310a5f1ab275  XFree86-doc-4.3.0-78.EL.i386.rpm
00dbd3eae8fec6211801fe2027c9c8de  XFree86-font-utils-4.3.0-78.EL.i386.rpm
a5268692f93a2cfde920b2845dffd748  XFree86-libs-4.3.0-78.EL.i386.rpm
fdf1412f768d24a69ca4d58a1013aae5  XFree86-libs-data-4.3.0-78.EL.i386.rpm
754eb555fe137c41551f977f70b0dccd  XFree86-sdk-4.3.0-78.EL.i386.rpm
bd5a10585b4171def13586d330754114  XFree86-syriac-fonts-4.3.0-78.EL.i386.rpm
756b2be85b2599271e5b4309f20dc382  XFree86-tools-4.3.0-78.EL.i386.rpm
e5a47073f4bb06764e989ec6a8c6ce45  XFree86-truetype-fonts-4.3.0-78.EL.i386.rpm
e6580bb10e9fef1d2f7447da4707c457  XFree86-twm-4.3.0-78.EL.i386.rpm
3eb2ae16996cf458475e4ea49b1cf296  XFree86-xauth-4.3.0-78.EL.i386.rpm
3e57a1dfee45dc24b84b65de9325c64a  XFree86-xdm-4.3.0-78.EL.i386.rpm
aad1e42bd31211a449d147e57817abc2  XFree86-xfs-4.3.0-78.EL.i386.rpm

ia64:
4fe30e4a35a413b0ce24cd89c3631e61  XFree86-100dpi-fonts-4.3.0-78.EL.ia64.rpm
5d9f7f117b721a0c6434ca3e09863dee  XFree86-4.3.0-78.EL.ia64.rpm
b4aec4ade15a2771db3368ebb39f3bd2  XFree86-75dpi-fonts-4.3.0-78.EL.ia64.rpm
14c59c9e1cda2983edac04b255ed4946  XFree86-ISO8859-14-100dpi-fonts-4.3.0-78.EL.ia64.rpm
034354acf443d94de5e764424401e4e4  XFree86-ISO8859-14-75dpi-fonts-4.3.0-78.EL.ia64.rpm
5da16b9ac0d42d701ffa6b4dedc43814  XFree86-ISO8859-15-100dpi-fonts-4.3.0-78.EL.ia64.rpm
ff9885e94c60023e43e6c844189927c5  XFree86-ISO8859-15-75dpi-fonts-4.3.0-78.EL.ia64.rpm
6b0266be0273be2ef7035ae90ad24aa6  XFree86-ISO8859-2-100dpi-fonts-4.3.0-78.EL.ia64.rpm
0bb969306a0d648f1eba854f09d78ee6  XFree86-ISO8859-2-75dpi-fonts-4.3.0-78.EL.ia64.rpm
d6ef86f25938e8a3db8cb707081b2db2  XFree86-ISO8859-9-100dpi-fonts-4.3.0-78.EL.ia64.rpm
bebd1273fa3793d0e354bdf05a82e4fb  XFree86-ISO8859-9-75dpi-fonts-4.3.0-78.EL.ia64.rpm
845c6fb37e25a32e08a5d0bf446e753e  XFree86-Mesa-libGL-4.3.0-78.EL.ia64.rpm
6cc66fada189fb8b0c35fc9624f6f8dc  XFree86-Mesa-libGL-4.3.0-78.EL.i386.rpm
9be2798923cf5269c71a1af7b3037220  XFree86-Mesa-libGLU-4.3.0-78.EL.ia64.rpm
a0142ffd5fa7c087eef87dc43534f389  XFree86-Mesa-libGLU-4.3.0-78.EL.i386.rpm
da2d6e33946e90df576677454d436cef  XFree86-Xnest-4.3.0-78.EL.ia64.rpm
eb1dbe173fd06b3e4fe93bba414996c3  XFree86-Xvfb-4.3.0-78.EL.ia64.rpm
17d79727a94362eeda1327558109d320  XFree86-base-fonts-4.3.0-78.EL.ia64.rpm
5dcd260fceb0f5fc4c113159711193ab  XFree86-cyrillic-fonts-4.3.0-78.EL.ia64.rpm
62ce01360e08f050baefcd9793d4f198  XFree86-devel-4.3.0-78.EL.ia64.rpm
548e90f790c178acb8c89d6a35fa5ed2  XFree86-doc-4.3.0-78.EL.ia64.rpm
8081cc108da58ac4d10547a96d99d223  XFree86-font-utils-4.3.0-78.EL.ia64.rpm
6cacdc69620454a00ee5f91ed6e6202d  XFree86-libs-4.3.0-78.EL.ia64.rpm
a5268692f93a2cfde920b2845dffd748  XFree86-libs-4.3.0-78.EL.i386.rpm
9d7f8dfa0db41658c2f1994d940df554  XFree86-libs-data-4.3.0-78.EL.ia64.rpm
974cfd3877342dca1cccbeb501a159ba  XFree86-sdk-4.3.0-78.EL.ia64.rpm
1f5f676e7a5a81689977f33347d7d4f2  XFree86-syriac-fonts-4.3.0-78.EL.ia64.rpm
06d011a41cf7dd47f91798c0936c37ef  XFree86-tools-4.3.0-78.EL.ia64.rpm
9a210d8ea413df17f2bb3d86a2daeeea  XFree86-truetype-fonts-4.3.0-78.EL.ia64.rpm
e3bb1b6dd64c72784c5a9f02fac96d64  XFree86-twm-4.3.0-78.EL.ia64.rpm
53399d47729419be2648a15730416836  XFree86-xauth-4.3.0-78.EL.ia64.rpm
7be2eb85ea20d9f3375c0f81a8eaba56  XFree86-xdm-4.3.0-78.EL.ia64.rpm
b2f899d462f28c1febd68b0edadf84e6  XFree86-xfs-4.3.0-78.EL.ia64.rpm

x86_64:
8cfdc19bb553cb8f1ad1298e8b685d09  XFree86-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
c01a3bbaa890696ee1e35fdde45fc4d2  XFree86-4.3.0-78.EL.x86_64.rpm
74aebfce7dd5c2e21c9672dcb48b7061  XFree86-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
c0fab279cb67d9b88cfd1732cea50dac  XFree86-ISO8859-14-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
6d822dc6e340c57eba49038f6238eb3b  XFree86-ISO8859-14-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
953df779a5091f544c113b5e9432ac9f  XFree86-ISO8859-15-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
d529a3c4c502e3e70cc0af16ca25efb0  XFree86-ISO8859-15-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
b5f66bcc1f94caa8cc0c2e8aa66ed399  XFree86-ISO8859-2-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
195ed2b623d282d99b86f299e3ef43d6  XFree86-ISO8859-2-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
fe77f21d24e5b4606c57738e8640551f  XFree86-ISO8859-9-100dpi-fonts-4.3.0-78.EL.x86_64.rpm
d6bedd63ddff8261bc0a07d5ae2d72aa  XFree86-ISO8859-9-75dpi-fonts-4.3.0-78.EL.x86_64.rpm
8ac502a5cbfa00fade5adb767f95f3e3  XFree86-Mesa-libGL-4.3.0-78.EL.x86_64.rpm
6cc66fada189fb8b0c35fc9624f6f8dc  XFree86-Mesa-libGL-4.3.0-78.EL.i386.rpm
83d9979a44df985f3c6e2574dfccd0d7  XFree86-Mesa-libGLU-4.3.0-78.EL.x86_64.rpm
a0142ffd5fa7c087eef87dc43534f389  XFree86-Mesa-libGLU-4.3.0-78.EL.i386.rpm
6cb7533b089df043b5575f8298a96f09  XFree86-Xnest-4.3.0-78.EL.x86_64.rpm
d64045f9128217b49865ed9ef5c66418  XFree86-Xvfb-4.3.0-78.EL.x86_64.rpm
80cb9995789c7013d4454a6f9b6a5fda  XFree86-base-fonts-4.3.0-78.EL.x86_64.rpm
3f302c17aa2f54a25d232adcf8069308  XFree86-cyrillic-fonts-4.3.0-78.EL.x86_64.rpm
7c2457a4a2772e6d60ce54bb5f61716d  XFree86-devel-4.3.0-78.EL.x86_64.rpm
4c32dfbd09ab9ba6b54c35f0faaf0f19  XFree86-devel-4.3.0-78.EL.i386.rpm
aecef6d7f5019ccaae99af6c1b5d56c3  XFree86-doc-4.3.0-78.EL.x86_64.rpm
36a95884849ac64c3aa713b64f777fed  XFree86-font-utils-4.3.0-78.EL.x86_64.rpm
7326b2b1f9a7f91e0690b35779be3eda  XFree86-libs-4.3.0-78.EL.x86_64.rpm
a5268692f93a2cfde920b2845dffd748  XFree86-libs-4.3.0-78.EL.i386.rpm
ac7a7439e8d247cd2b6839910c6ea581  XFree86-libs-data-4.3.0-78.EL.x86_64.rpm
bc2c865d799ba3381a2336f617696e59  XFree86-sdk-4.3.0-78.EL.x86_64.rpm
22fd68ef5ca5b1ea8cdfa1907aa18e15  XFree86-syriac-fonts-4.3.0-78.EL.x86_64.rpm
ef8bd2f745645cb483fdea4029609232  XFree86-tools-4.3.0-78.EL.x86_64.rpm
31aa0ed2f73088a9855b5e0ed97a191b  XFree86-truetype-fonts-4.3.0-78.EL.x86_64.rpm
1771c60ad5177e5ba99d344d84984c62  XFree86-twm-4.3.0-78.EL.x86_64.rpm
53879faa068624d14fb9989e10353b90  XFree86-xauth-4.3.0-78.EL.x86_64.rpm
a9d0f2830f9f816208908705b14619f9  XFree86-xdm-4.3.0-78.EL.x86_64.rpm
b38aa667771de10c8b2e8c95e5ea0716  XFree86-xfs-4.3.0-78.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0914

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2004 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBxyK4XlSAg2UNWIIRApLbAJ9B8FnK9xgj/LD/7q+kI8FcYWmI2wCgufdH
gQQQgzIapnF8jjNGcjxu2LQ=
=Ugyx
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue Dec 21 18:55:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 21 Dec 2004 13:55 -0500
Subject: [RHSA-2004:687-01] Updated php packages fix security issues and bugs
Message-ID: <200412211855.iBLItWa31958@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated php packages fix security issues and bugs
Advisory ID:       RHSA-2004:687-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-687.html
Issue date:        2004-12-21
Updated on:        2004-12-21
Product:           Red Hat Enterprise Linux
Keywords:          PHP
Obsoletes:         RHBA-2004:272
CVE Names:         CAN-2004-0958 CAN-2004-0959 CAN-2004-1018 CAN-2004-1019 CAN-2004-1065
- ---------------------------------------------------------------------

1. Summary:

Updated php packages that fix various security issues and bugs are now
available for Red Hat Enterprise Linux 3.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

Flaws including possible information disclosure, double free, and negative
reference index array underflow were found in the deserialization code of
PHP.  PHP applications may use the unserialize function on untrusted user
data, which could allow a remote attacker to gain access to memory or
potentially execute arbitrary code.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1019 to
this issue.

A flaw in the exif extension of PHP was found which lead to a stack
overflow.  An attacker could create a carefully crafted image file in such
a way that if parsed by a PHP script using the exif extension it could
cause a crash or potentially execute arbitrary code.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-1065 to this issue.

An information disclosure bug was discovered in the parsing of "GPC"
variables in PHP (query strings or cookies, and POST form data).  If
particular scripts used the values of the GPC variables, portions of the
memory space of an httpd child process could be revealed to the client. 
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0958 to this issue.

A file access bug was discovered in the parsing of "multipart/form-data"
forms, used by PHP scripts which allow file uploads.  In particular
configurations, some scripts could allow a malicious client to upload files
to an arbitrary directory where the "apache" user has write access.  The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0959 to this issue.

Flaws were found in shmop_write, pack, and unpack PHP functions.  These
functions are not normally passed user supplied data, so would require a
malicious PHP script to be exploited.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1018 to
this issue.

Various issues were discovered in the use of the "select" system call in
PHP, which could be triggered if PHP is used in an Apache configuration
where the number of open files (such as virtual host log files) exceeds the
default process limit of 1024.  Workarounds are now included for some of
these issues.

The "phpize" shell script included in PHP can be used to build third-party
extension modules.  A build issue was discovered in the "phpize" script on
some 64-bit platforms which prevented correct operation.

The "pcntl" extension module is now enabled in the command line PHP
interpreter, /usr/bin/php.  This module enables process control features 
such as "fork" and "kill" from PHP scripts.

Users of PHP should upgrade to these updated packages, which contain fixes
for these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate.  The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (http://bugzilla.redhat.com/):

131412 - Include process control extension, pcntl
131562 - phpize is broken on x86_64
132003 - fopen doesn't work across remote connections while under Apache
134971 - CAN-2004-0958 PHP variable parsing
134975 - CAN-2004-0959 PHP arbitrary file creation
141132 - CAN-2004-1019 information disclosure issues
142056 - CAN-2004-1065 ext/exif/exif.c - exif_read_data() overflow on long sectionname

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/php-4.3.2-19.ent.src.rpm
818b43822465cab8f3b8b937883e83e8  php-4.3.2-19.ent.src.rpm

i386:
7596bef3a34d0e536bf7d928d4e4fe72  php-4.3.2-19.ent.i386.rpm
7d1621e13be8c768862c7046bcdf6091  php-devel-4.3.2-19.ent.i386.rpm
daaa408d09844d147921c64cadef6ef6  php-imap-4.3.2-19.ent.i386.rpm
c2cde45149b04ff57cdb992ee238b557  php-ldap-4.3.2-19.ent.i386.rpm
ebf63e54f3db6155fc3849002d6e885b  php-mysql-4.3.2-19.ent.i386.rpm
c21f48ea272bdd76d3c3029d20aace8e  php-odbc-4.3.2-19.ent.i386.rpm
d9194ed4e9a76384769f4b4912088581  php-pgsql-4.3.2-19.ent.i386.rpm

ia64:
1bc4b9a171005daa9949aa7ce6867819  php-4.3.2-19.ent.ia64.rpm
fae7fb7a8293664d432045261317afa4  php-devel-4.3.2-19.ent.ia64.rpm
6cb195cabe3d74e815991f5a7e3e8ea1  php-imap-4.3.2-19.ent.ia64.rpm
3f3a407d55367e36d8ebe092c4350e13  php-ldap-4.3.2-19.ent.ia64.rpm
308e1ea8b4e0719ee72040238b70cdbf  php-mysql-4.3.2-19.ent.ia64.rpm
eb92dbb86507aced5740249b9e5b68a7  php-odbc-4.3.2-19.ent.ia64.rpm
05e2049de5a83c0623948393e456e40c  php-pgsql-4.3.2-19.ent.ia64.rpm

ppc:
0d40de309a5aa22aa60149deb559c53f  php-4.3.2-19.ent.ppc.rpm
054f2b454915f3047e767d5252b6aec7  php-devel-4.3.2-19.ent.ppc.rpm
26721fd754dfad6e073fccc547658f65  php-imap-4.3.2-19.ent.ppc.rpm
623869a31a37e12b272540ddf43f861e  php-ldap-4.3.2-19.ent.ppc.rpm
c33a16d7156099928a6dea43f8c061df  php-mysql-4.3.2-19.ent.ppc.rpm
9ede40b3ff4b81e12a0cb40716f34be2  php-odbc-4.3.2-19.ent.ppc.rpm
a6478adc86f7db4dc024882e87867f8f  php-pgsql-4.3.2-19.ent.ppc.rpm

s390:
0744c5e1769500c2b1424d7209706ead  php-4.3.2-19.ent.s390.rpm
72908159538cda4b990d192e6ca01b1f  php-devel-4.3.2-19.ent.s390.rpm
2857829a93acce499f818e07b76e0469  php-imap-4.3.2-19.ent.s390.rpm
c77376b41640c71be9357f556412976d  php-ldap-4.3.2-19.ent.s390.rpm
05b74e8ee2cae91805522699cf9d33e7  php-mysql-4.3.2-19.ent.s390.rpm
b1d9f1d36729dc1363553520a7890c1f  php-odbc-4.3.2-19.ent.s390.rpm
41f1fc3eeaf2571c2db5914f2d6e8f00  php-pgsql-4.3.2-19.ent.s390.rpm

s390x:
f178c09d8f93b6c7262e199dab05d784  php-4.3.2-19.ent.s390x.rpm
a505a1cdae83a43a6df6ec4d390bcb80  php-devel-4.3.2-19.ent.s390x.rpm
a3a5bd4ab76905d9cae865639913af5b  php-imap-4.3.2-19.ent.s390x.rpm
c9bfb9232175774fb5e5ffee4182d7a2  php-ldap-4.3.2-19.ent.s390x.rpm
dec4437d24529ace7f71c4cae547443d  php-mysql-4.3.2-19.ent.s390x.rpm
6d151320f28aea5ce22e2ab21f9bbb3d  php-odbc-4.3.2-19.ent.s390x.rpm
806f436ec7d4bed6ef7f2347b3d22cd8  php-pgsql-4.3.2-19.ent.s390x.rpm

x86_64:
9eed133c39c848b5b9cf30bd0f0e41a3  php-4.3.2-19.ent.x86_64.rpm
31b3d22d09049c688e05c19b91a5343d  php-devel-4.3.2-19.ent.x86_64.rpm
57910471f09de36603c2b6b89bf9a079  php-imap-4.3.2-19.ent.x86_64.rpm
851b437d1adbdcf8a7e4f9dd0f47ccbd  php-ldap-4.3.2-19.ent.x86_64.rpm
a4db3d9d4572d8c9fd3cf88d370d9196  php-mysql-4.3.2-19.ent.x86_64.rpm
a7aef84e839ee4339e8307256a1da32d  php-odbc-4.3.2-19.ent.x86_64.rpm
11e8e9e2d0cc9a2fba2b6c01787a8752  php-pgsql-4.3.2-19.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/php-4.3.2-19.ent.src.rpm
818b43822465cab8f3b8b937883e83e8  php-4.3.2-19.ent.src.rpm

i386:
7596bef3a34d0e536bf7d928d4e4fe72  php-4.3.2-19.ent.i386.rpm
7d1621e13be8c768862c7046bcdf6091  php-devel-4.3.2-19.ent.i386.rpm
daaa408d09844d147921c64cadef6ef6  php-imap-4.3.2-19.ent.i386.rpm
c2cde45149b04ff57cdb992ee238b557  php-ldap-4.3.2-19.ent.i386.rpm
ebf63e54f3db6155fc3849002d6e885b  php-mysql-4.3.2-19.ent.i386.rpm
c21f48ea272bdd76d3c3029d20aace8e  php-odbc-4.3.2-19.ent.i386.rpm
d9194ed4e9a76384769f4b4912088581  php-pgsql-4.3.2-19.ent.i386.rpm

x86_64:
9eed133c39c848b5b9cf30bd0f0e41a3  php-4.3.2-19.ent.x86_64.rpm
31b3d22d09049c688e05c19b91a5343d  php-devel-4.3.2-19.ent.x86_64.rpm
57910471f09de36603c2b6b89bf9a079  php-imap-4.3.2-19.ent.x86_64.rpm
851b437d1adbdcf8a7e4f9dd0f47ccbd  php-ldap-4.3.2-19.ent.x86_64.rpm
a4db3d9d4572d8c9fd3cf88d370d9196  php-mysql-4.3.2-19.ent.x86_64.rpm
a7aef84e839ee4339e8307256a1da32d  php-odbc-4.3.2-19.ent.x86_64.rpm
11e8e9e2d0cc9a2fba2b6c01787a8752  php-pgsql-4.3.2-19.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/php-4.3.2-19.ent.src.rpm
818b43822465cab8f3b8b937883e83e8  php-4.3.2-19.ent.src.rpm

i386:
7596bef3a34d0e536bf7d928d4e4fe72  php-4.3.2-19.ent.i386.rpm
7d1621e13be8c768862c7046bcdf6091  php-devel-4.3.2-19.ent.i386.rpm
daaa408d09844d147921c64cadef6ef6  php-imap-4.3.2-19.ent.i386.rpm
c2cde45149b04ff57cdb992ee238b557  php-ldap-4.3.2-19.ent.i386.rpm
ebf63e54f3db6155fc3849002d6e885b  php-mysql-4.3.2-19.ent.i386.rpm
c21f48ea272bdd76d3c3029d20aace8e  php-odbc-4.3.2-19.ent.i386.rpm
d9194ed4e9a76384769f4b4912088581  php-pgsql-4.3.2-19.ent.i386.rpm

ia64:
1bc4b9a171005daa9949aa7ce6867819  php-4.3.2-19.ent.ia64.rpm
fae7fb7a8293664d432045261317afa4  php-devel-4.3.2-19.ent.ia64.rpm
6cb195cabe3d74e815991f5a7e3e8ea1  php-imap-4.3.2-19.ent.ia64.rpm
3f3a407d55367e36d8ebe092c4350e13  php-ldap-4.3.2-19.ent.ia64.rpm
308e1ea8b4e0719ee72040238b70cdbf  php-mysql-4.3.2-19.ent.ia64.rpm
eb92dbb86507aced5740249b9e5b68a7  php-odbc-4.3.2-19.ent.ia64.rpm
05e2049de5a83c0623948393e456e40c  php-pgsql-4.3.2-19.ent.ia64.rpm

x86_64:
9eed133c39c848b5b9cf30bd0f0e41a3  php-4.3.2-19.ent.x86_64.rpm
31b3d22d09049c688e05c19b91a5343d  php-devel-4.3.2-19.ent.x86_64.rpm
57910471f09de36603c2b6b89bf9a079  php-imap-4.3.2-19.ent.x86_64.rpm
851b437d1adbdcf8a7e4f9dd0f47ccbd  php-ldap-4.3.2-19.ent.x86_64.rpm
a4db3d9d4572d8c9fd3cf88d370d9196  php-mysql-4.3.2-19.ent.x86_64.rpm
a7aef84e839ee4339e8307256a1da32d  php-odbc-4.3.2-19.ent.x86_64.rpm
11e8e9e2d0cc9a2fba2b6c01787a8752  php-pgsql-4.3.2-19.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/php-4.3.2-19.ent.src.rpm
818b43822465cab8f3b8b937883e83e8  php-4.3.2-19.ent.src.rpm

i386:
7596bef3a34d0e536bf7d928d4e4fe72  php-4.3.2-19.ent.i386.rpm
7d1621e13be8c768862c7046bcdf6091  php-devel-4.3.2-19.ent.i386.rpm
daaa408d09844d147921c64cadef6ef6  php-imap-4.3.2-19.ent.i386.rpm
c2cde45149b04ff57cdb992ee238b557  php-ldap-4.3.2-19.ent.i386.rpm
ebf63e54f3db6155fc3849002d6e885b  php-mysql-4.3.2-19.ent.i386.rpm
c21f48ea272bdd76d3c3029d20aace8e  php-odbc-4.3.2-19.ent.i386.rpm
d9194ed4e9a76384769f4b4912088581  php-pgsql-4.3.2-19.ent.i386.rpm

ia64:
1bc4b9a171005daa9949aa7ce6867819  php-4.3.2-19.ent.ia64.rpm
fae7fb7a8293664d432045261317afa4  php-devel-4.3.2-19.ent.ia64.rpm
6cb195cabe3d74e815991f5a7e3e8ea1  php-imap-4.3.2-19.ent.ia64.rpm
3f3a407d55367e36d8ebe092c4350e13  php-ldap-4.3.2-19.ent.ia64.rpm
308e1ea8b4e0719ee72040238b70cdbf  php-mysql-4.3.2-19.ent.ia64.rpm
eb92dbb86507aced5740249b9e5b68a7  php-odbc-4.3.2-19.ent.ia64.rpm
05e2049de5a83c0623948393e456e40c  php-pgsql-4.3.2-19.ent.ia64.rpm

x86_64:
9eed133c39c848b5b9cf30bd0f0e41a3  php-4.3.2-19.ent.x86_64.rpm
31b3d22d09049c688e05c19b91a5343d  php-devel-4.3.2-19.ent.x86_64.rpm
57910471f09de36603c2b6b89bf9a079  php-imap-4.3.2-19.ent.x86_64.rpm
851b437d1adbdcf8a7e4f9dd0f47ccbd  php-ldap-4.3.2-19.ent.x86_64.rpm
a4db3d9d4572d8c9fd3cf88d370d9196  php-mysql-4.3.2-19.ent.x86_64.rpm
a7aef84e839ee4339e8307256a1da32d  php-odbc-4.3.2-19.ent.x86_64.rpm
11e8e9e2d0cc9a2fba2b6c01787a8752  php-pgsql-4.3.2-19.ent.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1065

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2004 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFByHGcXlSAg2UNWIIRAjloAKC8QxUKennDiokwynXPjA+GhoFMzgCeKiWh
Wh9uPrKE9h2QAOp/Ypl5ndM=
=66uY
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue Dec 21 18:58:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 21 Dec 2004 13:58 -0500
Subject: [RHSA-2004:681-01] Updated samba packages fix security issue
Message-ID: <200412211858.iBLIw1a32113@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated samba packages fix security issue
Advisory ID:       RHSA-2004:681-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-681.html
Issue date:        2004-12-21
Updated on:        2004-12-21
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-1154
- ---------------------------------------------------------------------

1. Summary:

Updated samba packages that fix an integer overflow vulnerability are now
available for Red Hat Enterprise Linux 2.1

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

Samba provides file and printer sharing services to SMB/CIFS clients.

Greg MacManus of iDEFENSE Labs has discovered an integer overflow bug in
Samba versions prior to 3.0.10.  An authenticated remote user could exploit
this bug which may lead to arbitrary code execution on the Samba server. 
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-1154 to this issue.

Users of Samba should upgrade to these updated packages, which contain
backported security patches, and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

142472 - CAN-2004-1154 Samba authenticated remote root

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/samba-2.2.12-1.21as.3.src.rpm
4d8e6dfbf082e22f85d4194054f1753c  samba-2.2.12-1.21as.3.src.rpm

i386:
445c416fd9907eaf7d34d4a3fb9f28ca  samba-2.2.12-1.21as.3.i386.rpm
973c4ea1e58863fa23aab8ffce0e73a1  samba-client-2.2.12-1.21as.3.i386.rpm
cdaa1e70589a29604ec28723f2f12e65  samba-common-2.2.12-1.21as.3.i386.rpm
f01bc9a0e00f6278a03e79114d7d82c9  samba-swat-2.2.12-1.21as.3.i386.rpm

ia64:
b7a036f55fc5b8d46d60780d2070e998  samba-2.2.12-1.21as.3.ia64.rpm
79df8b5f51477558e9862e31591d45c8  samba-client-2.2.12-1.21as.3.ia64.rpm
7512ae99f39e9eaeec92c325b1692d57  samba-common-2.2.12-1.21as.3.ia64.rpm
ccd9a64925482c4a521f11b908a6eda3  samba-swat-2.2.12-1.21as.3.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/samba-2.2.12-1.21as.3.src.rpm
4d8e6dfbf082e22f85d4194054f1753c  samba-2.2.12-1.21as.3.src.rpm

ia64:
b7a036f55fc5b8d46d60780d2070e998  samba-2.2.12-1.21as.3.ia64.rpm
79df8b5f51477558e9862e31591d45c8  samba-client-2.2.12-1.21as.3.ia64.rpm
7512ae99f39e9eaeec92c325b1692d57  samba-common-2.2.12-1.21as.3.ia64.rpm
ccd9a64925482c4a521f11b908a6eda3  samba-swat-2.2.12-1.21as.3.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/samba-2.2.12-1.21as.3.src.rpm
4d8e6dfbf082e22f85d4194054f1753c  samba-2.2.12-1.21as.3.src.rpm

i386:
445c416fd9907eaf7d34d4a3fb9f28ca  samba-2.2.12-1.21as.3.i386.rpm
973c4ea1e58863fa23aab8ffce0e73a1  samba-client-2.2.12-1.21as.3.i386.rpm
cdaa1e70589a29604ec28723f2f12e65  samba-common-2.2.12-1.21as.3.i386.rpm
f01bc9a0e00f6278a03e79114d7d82c9  samba-swat-2.2.12-1.21as.3.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/samba-2.2.12-1.21as.3.src.rpm
4d8e6dfbf082e22f85d4194054f1753c  samba-2.2.12-1.21as.3.src.rpm

i386:
445c416fd9907eaf7d34d4a3fb9f28ca  samba-2.2.12-1.21as.3.i386.rpm
973c4ea1e58863fa23aab8ffce0e73a1  samba-client-2.2.12-1.21as.3.i386.rpm
cdaa1e70589a29604ec28723f2f12e65  samba-common-2.2.12-1.21as.3.i386.rpm
f01bc9a0e00f6278a03e79114d7d82c9  samba-swat-2.2.12-1.21as.3.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1154

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2004 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFByHI1XlSAg2UNWIIRAlwjAKCb9K7yOKRzXdFczrODEmpBATd/fgCeKkf9
IxNXE0nfQK/nCDnawcTdaxE=
=CneJ
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu Dec 23 09:11:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 23 Dec 2004 04:11 -0500
Subject: [RHSA-2004:674-01] Updated acrobat package fixes security issue
Message-ID: <200412230911.iBN9Bra00500@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated acrobat package fixes security issue
Advisory ID:       RHSA-2004:674-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-674.html
Issue date:        2004-12-23
Updated on:        2004-12-23
Product:           Red Hat Enterprise Linux LACD
Obsoletes:         RHSA-2004:432
CVE Names:         CAN-2004-1152
- ---------------------------------------------------------------------

1. Summary:

An updated Adobe Acrobat Reader package that fixes a security issue is now
available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux LACD 3AS - i386
Red Hat Enterprise Linux LACD 3Desktop - i386
Red Hat Enterprise Linux LACD 3ES - i386
Red Hat Enterprise Linux LACD 3WS - i386

3. Problem description:

The Adobe Acrobat Reader browser allows for the viewing, distributing, and
printing of documents in portable document format (PDF).

iDEFENSE has reported that Adobe Acrobat Reader 5.0.9 contains a buffer
overflow when decoding email messages.  An attacker could create a
malicious PDF file which could execute arbitrary code if opened by a
victim. The Common Vulnerabilities and Exposures project has assigned the
name CAN-2004-1152 to this issue.

All users of Acrobat Reader are advised to upgrade to this updated package,
which contains Acrobat Reader version 5.0.10 which is not vulnerable to
this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

142829 - CAN-2004-1152 Flaws in Acroread 5.0.9

6. RPMs required:

Red Hat Enterprise Linux LACD 3AS:

i386:
b1bc54a3f5b78eacb1ee8b0904483504  acroread-5.10-0.EL3.i386.rpm
cd7877275cbc78a5a2ed44d127b8abc1  acroread-plugin-5.10-0.EL3.i386.rpm

Red Hat Enterprise Linux LACD 3Desktop:

i386:
b1bc54a3f5b78eacb1ee8b0904483504  acroread-5.10-0.EL3.i386.rpm
cd7877275cbc78a5a2ed44d127b8abc1  acroread-plugin-5.10-0.EL3.i386.rpm

Red Hat Enterprise Linux LACD 3ES:

i386:
b1bc54a3f5b78eacb1ee8b0904483504  acroread-5.10-0.EL3.i386.rpm
cd7877275cbc78a5a2ed44d127b8abc1  acroread-plugin-5.10-0.EL3.i386.rpm

Red Hat Enterprise Linux LACD 3WS:

i386:
b1bc54a3f5b78eacb1ee8b0904483504  acroread-5.10-0.EL3.i386.rpm
cd7877275cbc78a5a2ed44d127b8abc1  acroread-plugin-5.10-0.EL3.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.idefense.com/application/poi/display?id=161&type=vulnerabilities&flashstatus=true
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1152

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2004 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFByovNXlSAg2UNWIIRAmPWAJ4yUWIxAErfs/BVpmC93gyniec0QQCfX/3E
iL8hGa3bJW/wCraR8B1flu0=
=UFCD
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu Dec 23 20:49:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 23 Dec 2004 15:49 -0500
Subject: [RHSA-2004:654-01] Updated SquirrelMail package fixes security
	vulnerability
Message-ID: <200412232049.iBNKnfa08918@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated SquirrelMail package fixes security vulnerability
Advisory ID:       RHSA-2004:654-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-654.html
Issue date:        2004-12-23
Updated on:        2004-12-23
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-1036
- ---------------------------------------------------------------------

1. Summary:

An updated SquirrelMail package that fixes a cross-site scripting
vulnerability is now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - noarch
Red Hat Desktop version 3 - noarch
Red Hat Enterprise Linux ES version 3 - noarch
Red Hat Enterprise Linux WS version 3 - noarch

3. Problem description:

SquirrelMail is a webmail package written in PHP.

A cross-site scripting bug has been found in SquirrelMail.  This issue
could allow an attacker to send a mail with a carefully crafted header,
which could result in causing the victim's machine to execute a malicious
script. The Common Vulnerabilities and Exposures project has assigned the
name CAN-2004-1036 to this issue.

Additionally, the following issues have been addressed:

- - updated splash screens
- - HIGASHIYAMA Masato's patch to improve Japanese support
- - real 1.4.3a tarball
- - config_local.php and default_pref in /etc/squirrelmail/ to match upstream   
  RPM.

Please note that it is possible that upgrading to this package may remove
your SquirrelMail configuration files due to a bug in the RPM package. 
Upgrading will prevent this from happening in the future.

Users of SquirrelMail are advised to upgrade to this updated package which
contains a patched version of SquirrelMail version 1.43a and is not
vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

139739 - CAN-2004-1036 Cross Site Scripting in encoded text
112769 - The login page says Red Hat Linux instead of Fedora/RHEL
125638 - config_local.php is not listed as a config file

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squirrelmail-1.4.3a-7.EL3.src.rpm
cde6c22b57c88c4ec80545f83d7f16fd  squirrelmail-1.4.3a-7.EL3.src.rpm

noarch:
f207da5253a4493cd502a13aae2dd77e  squirrelmail-1.4.3a-7.EL3.noarch.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squirrelmail-1.4.3a-7.EL3.src.rpm
cde6c22b57c88c4ec80545f83d7f16fd  squirrelmail-1.4.3a-7.EL3.src.rpm

noarch:
f207da5253a4493cd502a13aae2dd77e  squirrelmail-1.4.3a-7.EL3.noarch.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squirrelmail-1.4.3a-7.EL3.src.rpm
cde6c22b57c88c4ec80545f83d7f16fd  squirrelmail-1.4.3a-7.EL3.src.rpm

noarch:
f207da5253a4493cd502a13aae2dd77e  squirrelmail-1.4.3a-7.EL3.noarch.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squirrelmail-1.4.3a-7.EL3.src.rpm
cde6c22b57c88c4ec80545f83d7f16fd  squirrelmail-1.4.3a-7.EL3.src.rpm

noarch:
f207da5253a4493cd502a13aae2dd77e  squirrelmail-1.4.3a-7.EL3.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1036

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2004 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFByy9XXlSAg2UNWIIRAlVdAJ4gJGEzYEVt+iIOgp+9rL8Z4V/96QCgsgJ4
vKViAqn9B+tN0J8P6H44xrU=
=bQhb
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu Dec 23 20:50:00 2004
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 23 Dec 2004 15:50 -0500
Subject: [RHSA-2004:689-01] Updated kernel packages fix security
	vulnerabilities
Message-ID: <200412232050.iBNKoIa09050@lacrosse.corp.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated kernel packages fix security vulnerabilities
Advisory ID:       RHSA-2004:689-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2004-689.html
Issue date:        2004-12-23
Updated on:        2004-12-23
Product:           Red Hat Enterprise Linux
Keywords:          taroon kernel security errata
Obsoletes:         RHBA-2004:550
CVE Names:         CAN-2004-0565 CAN-2004-1016 CAN-2004-1017 CAN-2004-1137 CAN-2004-1144 CAN-2004-1234
- ---------------------------------------------------------------------

1. Summary:

Updated kernel packages that fix several security issues in Red Hat
Enterprise Linux 3 are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - athlon, i386, i686, ia32e, ia64, ppc64, ppc64iseries, ppc64pseries, s390, s390x, x86_64
Red Hat Desktop version 3 - athlon, i386, i686, ia32e, x86_64
Red Hat Enterprise Linux ES version 3 - athlon, i386, i686, ia32e, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - athlon, i386, i686, ia32e, ia64, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

This advisory includes fixes for several security issues:

Petr Vandrovec discovered a flaw in the 32bit emulation code affecting the
Linux 2.4 kernel on the AMD64 architecture.  A local attacker could use
this flaw to gain privileges. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-1144 to this issue.

ISEC security research discovered multiple vulnerabilities in the IGMP
functionality which was backported in the Red Hat Enterprise Linux 3
kernels.  These flaws could allow a local user to cause a denial of
service (crash) or potentially gain privileges.  Where multicast
applications are being used on a system, these flaws may also allow remote
users to cause a denial of service.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1137 to
this issue.

ISEC security research and Georgi Guninski independantly discovered a flaw
in the scm_send function in the auxiliary message layer.  A local user
could create a carefully crafted auxiliary message which could cause a
denial of service (system hang).  The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-1016 to this issue.

A floating point information leak was discovered in the ia64 architecture
context switch code.  A local user could use this flaw to read register
values of other processes by setting the MFH bit. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0565 to this issue.

Kirill Korotaev found a flaw in load_elf_binary affecting kernels prior to
2.4.26.  A local user could create a carefully crafted binary in such a
way that it would cause a denial of service (system crash).  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-1234 to this issue.

These packages also fix issues in the io_edgeport driver, and a memory leak
in ip_options_get.

Note: The kernel-unsupported package contains various drivers and modules
that are unsupported and therefore might contain security problems that
have not been addressed.

All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

124734 - CAN-2004-0565 Information leak on Linux/ia64
126126 - CAN-2004-0565 Information leak on Linux/ia64
142593 - CAN-2004-1017 io_edgeport driver overflows
142729 - CAN-2004-1016 CMSG validation checks
142733 - 20041208 ip_options_get memory leak
142748 - CAN-2004-1137 IGMP flaws
142964 - CAN-2004-1144 x86-64 privilege escalation
142965 - CAN-2004-1234 kernel denial of service vulnerability and exploit

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-27.0.1.EL.src.rpm
abbf2ea9f5b6cd480eab25b472ed64ba  kernel-2.4.21-27.0.1.EL.src.rpm

athlon:
1f8c7b25b7fffbc85993ec55905dcc5e  kernel-2.4.21-27.0.1.EL.athlon.rpm
b7ec4b9732b8743940cab2f4853ccae8  kernel-smp-2.4.21-27.0.1.EL.athlon.rpm
caec8b413e4b0bd3abe885fbde2b2d4c  kernel-smp-unsupported-2.4.21-27.0.1.EL.athlon.rpm
f67ab1ac2f5b06c9c0e97d074684974e  kernel-unsupported-2.4.21-27.0.1.EL.athlon.rpm

i386:
dbe3ea95f5e93c6d61394cb829dd18d4  kernel-BOOT-2.4.21-27.0.1.EL.i386.rpm
7f4dd010b194e99a4e8e8cfdec9c2097  kernel-doc-2.4.21-27.0.1.EL.i386.rpm
162ab3a522f8160b09c1629f563a2fc4  kernel-source-2.4.21-27.0.1.EL.i386.rpm

i686:
b0a8a21ca61cb102ebbccb3ea815fa8d  kernel-2.4.21-27.0.1.EL.i686.rpm
abdef53df06ee9af541823ac24261f2d  kernel-hugemem-2.4.21-27.0.1.EL.i686.rpm
816e736618c6d05b35c979b2492d6fb8  kernel-hugemem-unsupported-2.4.21-27.0.1.EL.i686.rpm
6bd020027cdb043d747452fadc043ec5  kernel-smp-2.4.21-27.0.1.EL.i686.rpm
68ea78ae3d41965edd0cd80cc17ff95e  kernel-smp-unsupported-2.4.21-27.0.1.EL.i686.rpm
7a997263d5c711cc787fe2a9bb4101a3  kernel-unsupported-2.4.21-27.0.1.EL.i686.rpm

ia32e:
f5b00c38dc3884ecac2e5566c8db7471  kernel-2.4.21-27.0.1.EL.ia32e.rpm
2a0f9f13ef39f254697455fb36af531e  kernel-unsupported-2.4.21-27.0.1.EL.ia32e.rpm

ia64:
5d8f8152c6c9786cda4b12e75fe66221  kernel-2.4.21-27.0.1.EL.ia64.rpm
e3b551b4df18eadc40fe6ae7d0d0d013  kernel-doc-2.4.21-27.0.1.EL.ia64.rpm
f0ede4dc792c5cbbe3d80af6dd4bab07  kernel-source-2.4.21-27.0.1.EL.ia64.rpm
51fdf74adca231adebace8f019d8d920  kernel-unsupported-2.4.21-27.0.1.EL.ia64.rpm

ppc64:
9fad7bb5b55495ddee280d62de15b1dc  kernel-doc-2.4.21-27.0.1.EL.ppc64.rpm
c083c0b8df5ff034f269d8380e6dbad0  kernel-source-2.4.21-27.0.1.EL.ppc64.rpm

ppc64iseries:
bc4093dfba89bafa591eaa78ec5f6916  kernel-2.4.21-27.0.1.EL.ppc64iseries.rpm
abb1744cd91a84d40e7f5a016ead294c  kernel-unsupported-2.4.21-27.0.1.EL.ppc64iseries.rpm

ppc64pseries:
fc6f34a93f682a1273e0ec4375eb0998  kernel-2.4.21-27.0.1.EL.ppc64pseries.rpm
a39c1a6fa61b0295e0f5e3065b0812f6  kernel-unsupported-2.4.21-27.0.1.EL.ppc64pseries.rpm

s390:
30e5097e6dd66d5c21a99901882f7e9f  kernel-2.4.21-27.0.1.EL.s390.rpm
d481b85ea42c24a00736ea720ae48c39  kernel-doc-2.4.21-27.0.1.EL.s390.rpm
81c880f52af50c26f8a525e114b8b223  kernel-source-2.4.21-27.0.1.EL.s390.rpm
79fd1f5f22ad407138185018ee029750  kernel-unsupported-2.4.21-27.0.1.EL.s390.rpm

s390x:
dfcdfd9650c5a5012ade9ea3afb1c186  kernel-2.4.21-27.0.1.EL.s390x.rpm
66d37169facb8256fdf5f4658d11ac80  kernel-doc-2.4.21-27.0.1.EL.s390x.rpm
d3f921de093961d3badf8f1da21f4a82  kernel-source-2.4.21-27.0.1.EL.s390x.rpm
e7d85997309e95e1f778fd34a069d999  kernel-unsupported-2.4.21-27.0.1.EL.s390x.rpm

x86_64:
b143e2768ecc0b84e5d10987fe76925d  kernel-2.4.21-27.0.1.EL.x86_64.rpm
010de9e78951ac60ad2d9b88fb3d4eba  kernel-doc-2.4.21-27.0.1.EL.x86_64.rpm
d41dff47cc7c3278daf998d447bc5809  kernel-smp-2.4.21-27.0.1.EL.x86_64.rpm
e792eaa5735a1852c2f32088fd24378f  kernel-smp-unsupported-2.4.21-27.0.1.EL.x86_64.rpm
2271f0c3aec207d30b4c81b386fb64fb  kernel-source-2.4.21-27.0.1.EL.x86_64.rpm
e2b329e10ee3a5d254385d49e57e3558  kernel-unsupported-2.4.21-27.0.1.EL.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-27.0.1.EL.src.rpm
abbf2ea9f5b6cd480eab25b472ed64ba  kernel-2.4.21-27.0.1.EL.src.rpm

athlon:
1f8c7b25b7fffbc85993ec55905dcc5e  kernel-2.4.21-27.0.1.EL.athlon.rpm
b7ec4b9732b8743940cab2f4853ccae8  kernel-smp-2.4.21-27.0.1.EL.athlon.rpm
caec8b413e4b0bd3abe885fbde2b2d4c  kernel-smp-unsupported-2.4.21-27.0.1.EL.athlon.rpm
f67ab1ac2f5b06c9c0e97d074684974e  kernel-unsupported-2.4.21-27.0.1.EL.athlon.rpm

i386:
dbe3ea95f5e93c6d61394cb829dd18d4  kernel-BOOT-2.4.21-27.0.1.EL.i386.rpm
7f4dd010b194e99a4e8e8cfdec9c2097  kernel-doc-2.4.21-27.0.1.EL.i386.rpm
162ab3a522f8160b09c1629f563a2fc4  kernel-source-2.4.21-27.0.1.EL.i386.rpm

i686:
b0a8a21ca61cb102ebbccb3ea815fa8d  kernel-2.4.21-27.0.1.EL.i686.rpm
abdef53df06ee9af541823ac24261f2d  kernel-hugemem-2.4.21-27.0.1.EL.i686.rpm
816e736618c6d05b35c979b2492d6fb8  kernel-hugemem-unsupported-2.4.21-27.0.1.EL.i686.rpm
6bd020027cdb043d747452fadc043ec5  kernel-smp-2.4.21-27.0.1.EL.i686.rpm
68ea78ae3d41965edd0cd80cc17ff95e  kernel-smp-unsupported-2.4.21-27.0.1.EL.i686.rpm
7a997263d5c711cc787fe2a9bb4101a3  kernel-unsupported-2.4.21-27.0.1.EL.i686.rpm

ia32e:
f5b00c38dc3884ecac2e5566c8db7471  kernel-2.4.21-27.0.1.EL.ia32e.rpm
2a0f9f13ef39f254697455fb36af531e  kernel-unsupported-2.4.21-27.0.1.EL.ia32e.rpm

x86_64:
b143e2768ecc0b84e5d10987fe76925d  kernel-2.4.21-27.0.1.EL.x86_64.rpm
010de9e78951ac60ad2d9b88fb3d4eba  kernel-doc-2.4.21-27.0.1.EL.x86_64.rpm
d41dff47cc7c3278daf998d447bc5809  kernel-smp-2.4.21-27.0.1.EL.x86_64.rpm
e792eaa5735a1852c2f32088fd24378f  kernel-smp-unsupported-2.4.21-27.0.1.EL.x86_64.rpm
2271f0c3aec207d30b4c81b386fb64fb  kernel-source-2.4.21-27.0.1.EL.x86_64.rpm
e2b329e10ee3a5d254385d49e57e3558  kernel-unsupported-2.4.21-27.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-27.0.1.EL.src.rpm
abbf2ea9f5b6cd480eab25b472ed64ba  kernel-2.4.21-27.0.1.EL.src.rpm

athlon:
1f8c7b25b7fffbc85993ec55905dcc5e  kernel-2.4.21-27.0.1.EL.athlon.rpm
b7ec4b9732b8743940cab2f4853ccae8  kernel-smp-2.4.21-27.0.1.EL.athlon.rpm
caec8b413e4b0bd3abe885fbde2b2d4c  kernel-smp-unsupported-2.4.21-27.0.1.EL.athlon.rpm
f67ab1ac2f5b06c9c0e97d074684974e  kernel-unsupported-2.4.21-27.0.1.EL.athlon.rpm

i386:
dbe3ea95f5e93c6d61394cb829dd18d4  kernel-BOOT-2.4.21-27.0.1.EL.i386.rpm
7f4dd010b194e99a4e8e8cfdec9c2097  kernel-doc-2.4.21-27.0.1.EL.i386.rpm
162ab3a522f8160b09c1629f563a2fc4  kernel-source-2.4.21-27.0.1.EL.i386.rpm

i686:
b0a8a21ca61cb102ebbccb3ea815fa8d  kernel-2.4.21-27.0.1.EL.i686.rpm
abdef53df06ee9af541823ac24261f2d  kernel-hugemem-2.4.21-27.0.1.EL.i686.rpm
816e736618c6d05b35c979b2492d6fb8  kernel-hugemem-unsupported-2.4.21-27.0.1.EL.i686.rpm
6bd020027cdb043d747452fadc043ec5  kernel-smp-2.4.21-27.0.1.EL.i686.rpm
68ea78ae3d41965edd0cd80cc17ff95e  kernel-smp-unsupported-2.4.21-27.0.1.EL.i686.rpm
7a997263d5c711cc787fe2a9bb4101a3  kernel-unsupported-2.4.21-27.0.1.EL.i686.rpm

ia32e:
f5b00c38dc3884ecac2e5566c8db7471  kernel-2.4.21-27.0.1.EL.ia32e.rpm
2a0f9f13ef39f254697455fb36af531e  kernel-unsupported-2.4.21-27.0.1.EL.ia32e.rpm

ia64:
5d8f8152c6c9786cda4b12e75fe66221  kernel-2.4.21-27.0.1.EL.ia64.rpm
e3b551b4df18eadc40fe6ae7d0d0d013  kernel-doc-2.4.21-27.0.1.EL.ia64.rpm
f0ede4dc792c5cbbe3d80af6dd4bab07  kernel-source-2.4.21-27.0.1.EL.ia64.rpm
51fdf74adca231adebace8f019d8d920  kernel-unsupported-2.4.21-27.0.1.EL.ia64.rpm

x86_64:
b143e2768ecc0b84e5d10987fe76925d  kernel-2.4.21-27.0.1.EL.x86_64.rpm
010de9e78951ac60ad2d9b88fb3d4eba  kernel-doc-2.4.21-27.0.1.EL.x86_64.rpm
d41dff47cc7c3278daf998d447bc5809  kernel-smp-2.4.21-27.0.1.EL.x86_64.rpm
e792eaa5735a1852c2f32088fd24378f  kernel-smp-unsupported-2.4.21-27.0.1.EL.x86_64.rpm
2271f0c3aec207d30b4c81b386fb64fb  kernel-source-2.4.21-27.0.1.EL.x86_64.rpm
e2b329e10ee3a5d254385d49e57e3558  kernel-unsupported-2.4.21-27.0.1.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-27.0.1.EL.src.rpm
abbf2ea9f5b6cd480eab25b472ed64ba  kernel-2.4.21-27.0.1.EL.src.rpm

athlon:
1f8c7b25b7fffbc85993ec55905dcc5e  kernel-2.4.21-27.0.1.EL.athlon.rpm
b7ec4b9732b8743940cab2f4853ccae8  kernel-smp-2.4.21-27.0.1.EL.athlon.rpm
caec8b413e4b0bd3abe885fbde2b2d4c  kernel-smp-unsupported-2.4.21-27.0.1.EL.athlon.rpm
f67ab1ac2f5b06c9c0e97d074684974e  kernel-unsupported-2.4.21-27.0.1.EL.athlon.rpm

i386:
dbe3ea95f5e93c6d61394cb829dd18d4  kernel-BOOT-2.4.21-27.0.1.EL.i386.rpm
7f4dd010b194e99a4e8e8cfdec9c2097  kernel-doc-2.4.21-27.0.1.EL.i386.rpm
162ab3a522f8160b09c1629f563a2fc4  kernel-source-2.4.21-27.0.1.EL.i386.rpm

i686:
b0a8a21ca61cb102ebbccb3ea815fa8d  kernel-2.4.21-27.0.1.EL.i686.rpm
abdef53df06ee9af541823ac24261f2d  kernel-hugemem-2.4.21-27.0.1.EL.i686.rpm
816e736618c6d05b35c979b2492d6fb8  kernel-hugemem-unsupported-2.4.21-27.0.1.EL.i686.rpm
6bd020027cdb043d747452fadc043ec5  kernel-smp-2.4.21-27.0.1.EL.i686.rpm
68ea78ae3d41965edd0cd80cc17ff95e  kernel-smp-unsupported-2.4.21-27.0.1.EL.i686.rpm
7a997263d5c711cc787fe2a9bb4101a3  kernel-unsupported-2.4.21-27.0.1.EL.i686.rpm

ia32e:
f5b00c38dc3884ecac2e5566c8db7471  kernel-2.4.21-27.0.1.EL.ia32e.rpm
2a0f9f13ef39f254697455fb36af531e  kernel-unsupported-2.4.21-27.0.1.EL.ia32e.rpm

ia64:
5d8f8152c6c9786cda4b12e75fe66221  kernel-2.4.21-27.0.1.EL.ia64.rpm
e3b551b4df18eadc40fe6ae7d0d0d013  kernel-doc-2.4.21-27.0.1.EL.ia64.rpm
f0ede4dc792c5cbbe3d80af6dd4bab07  kernel-source-2.4.21-27.0.1.EL.ia64.rpm
51fdf74adca231adebace8f019d8d920  kernel-unsupported-2.4.21-27.0.1.EL.ia64.rpm

x86_64:
b143e2768ecc0b84e5d10987fe76925d  kernel-2.4.21-27.0.1.EL.x86_64.rpm
010de9e78951ac60ad2d9b88fb3d4eba  kernel-doc-2.4.21-27.0.1.EL.x86_64.rpm
d41dff47cc7c3278daf998d447bc5809  kernel-smp-2.4.21-27.0.1.EL.x86_64.rpm
e792eaa5735a1852c2f32088fd24378f  kernel-smp-unsupported-2.4.21-27.0.1.EL.x86_64.rpm
2271f0c3aec207d30b4c81b386fb64fb  kernel-source-2.4.21-27.0.1.EL.x86_64.rpm
e2b329e10ee3a5d254385d49e57e3558  kernel-unsupported-2.4.21-27.0.1.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1234

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2004 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFByy92XlSAg2UNWIIRAmSfAJ9EExBOGEMAixjqqCmnXwzZz8Rm7QCgkLDc
26pyzt19b1lw+N7bNUNTWNg=
=kaKE
-----END PGP SIGNATURE-----