From bugzilla at redhat.com Wed Jun 9 12:54:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Jun 2004 08:54 -0400 Subject: [RHSA-2004:234-01] Updated Ethereal packages fix security issues Message-ID: <200406091254.i59CsRl02754@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated Ethereal packages fix security issues Advisory ID: RHSA-2004:234-01 Issue date: 2004-06-09 Updated on: 2004-06-09 Product: Red Hat Enterprise Linux Keywords: Cross references: Obsoletes: RHSA-2004:136 CVE Names: CAN-2004-0504 CAN-2004-0505 CAN-2004-0506 - --------------------------------------------------------------------- 1. Topic: Updated Ethereal packages that fix various security vulnerabilities are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Ethereal is a program for monitoring network traffic. The MMSE dissector in Ethereal releases 0.10.1 through 0.10.3 contained a buffer overflow flaw. On a system where Ethereal is running, a remote attacker could send malicious packets that could cause Ethereal to crash or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0507 to this issue. In addition, other flaws in Ethereal prior to 0.10.4 were found that could cause it to crash in response to carefully crafted SIP (CAN-2004-0504), AIM (CAN-2004-0505), or SPNEGO (CAN-2004-0506) packets. Users of Ethereal should upgrade to these updated packages, which contain backported security patches that correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 124534 - CAN-2004-0504/5/6/7 Ethereal 0.10.4 contains security fixes 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ethereal-0.10.3-0.AS21.3.src.rpm i386: Available from Red Hat Network: ethereal-0.10.3-0.AS21.3.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.AS21.3.i386.rpm ia64: Available from Red Hat Network: ethereal-0.10.3-0.AS21.3.ia64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.AS21.3.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ethereal-0.10.3-0.AS21.3.src.rpm ia64: Available from Red Hat Network: ethereal-0.10.3-0.AS21.3.ia64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.AS21.3.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ethereal-0.10.3-0.AS21.3.src.rpm i386: Available from Red Hat Network: ethereal-0.10.3-0.AS21.3.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.AS21.3.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ethereal-0.10.3-0.AS21.3.src.rpm i386: Available from Red Hat Network: ethereal-0.10.3-0.AS21.3.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.AS21.3.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ethereal-0.10.3-0.30E.2.src.rpm i386: Available from Red Hat Network: ethereal-0.10.3-0.30E.2.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.i386.rpm ia64: Available from Red Hat Network: ethereal-0.10.3-0.30E.2.ia64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.ia64.rpm ppc: Available from Red Hat Network: ethereal-0.10.3-0.30E.2.ppc.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.ppc.rpm s390: Available from Red Hat Network: ethereal-0.10.3-0.30E.2.s390.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.s390.rpm s390x: Available from Red Hat Network: ethereal-0.10.3-0.30E.2.s390x.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.s390x.rpm x86_64: Available from Red Hat Network: ethereal-0.10.3-0.30E.2.x86_64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ethereal-0.10.3-0.30E.2.src.rpm i386: Available from Red Hat Network: ethereal-0.10.3-0.30E.2.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.i386.rpm x86_64: Available from Red Hat Network: ethereal-0.10.3-0.30E.2.x86_64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ethereal-0.10.3-0.30E.2.src.rpm i386: Available from Red Hat Network: ethereal-0.10.3-0.30E.2.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.i386.rpm ia64: Available from Red Hat Network: ethereal-0.10.3-0.30E.2.ia64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.ia64.rpm x86_64: Available from Red Hat Network: ethereal-0.10.3-0.30E.2.x86_64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ethereal-0.10.3-0.30E.2.src.rpm i386: Available from Red Hat Network: ethereal-0.10.3-0.30E.2.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.i386.rpm ia64: Available from Red Hat Network: ethereal-0.10.3-0.30E.2.ia64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.ia64.rpm x86_64: Available from Red Hat Network: ethereal-0.10.3-0.30E.2.x86_64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.2.x86_64.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- bc26d56d38b67cee8eb696b2641532a2 ethereal-0.10.3-0.30E.2.i386.rpm abe9d4c502d89bb7ee540d74944e3e0f ethereal-0.10.3-0.30E.2.ia64.rpm a7c42a68ba90ae710b95cb3b9d7fc10b ethereal-0.10.3-0.30E.2.ppc.rpm eef00db3dca81e8c0a0079f3a75680b1 ethereal-0.10.3-0.30E.2.s390.rpm ae3205be77a9968aed7a582df5c8c5dc ethereal-0.10.3-0.30E.2.s390x.rpm aff8a3b08676747794369e3e58f2ea80 ethereal-0.10.3-0.30E.2.src.rpm 53c5dde6961a131fa48a4f6c4073c698 ethereal-0.10.3-0.30E.2.x86_64.rpm eb06703702fbc3ca1073f620b280b75f ethereal-0.10.3-0.AS21.3.i386.rpm f591951f3d3391664ce45e29f9178854 ethereal-0.10.3-0.AS21.3.ia64.rpm 564313a0070d564abd280755df800ff6 ethereal-0.10.3-0.AS21.3.src.rpm deed436ef34ec9020f55b5051fc1e8fb ethereal-gnome-0.10.3-0.30E.2.i386.rpm eb425bc45595a8dc603359d8f767333f ethereal-gnome-0.10.3-0.30E.2.ia64.rpm 2c8dc2d7332a7da9eb1b7a27d767780f ethereal-gnome-0.10.3-0.30E.2.ppc.rpm 9c51eac8f13b5ab052e2f8cf50a98311 ethereal-gnome-0.10.3-0.30E.2.s390.rpm bfeba7dc1c0acf7ac119a0004f496ef7 ethereal-gnome-0.10.3-0.30E.2.s390x.rpm 6c55ea08a93bee6967cf50e50cd1449f ethereal-gnome-0.10.3-0.30E.2.x86_64.rpm 1ded561bd0d471d7161349968e85fdb0 ethereal-gnome-0.10.3-0.AS21.3.i386.rpm e503f8f6a905ffe3e1be473d275c0742 ethereal-gnome-0.10.3-0.AS21.3.ia64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://www.ethereal.com/appnotes/enpa-sa-00014.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0504 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0505 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0506 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAxwh9XlSAg2UNWIIRAtKoAKCzxmg2kn16yz35Zyv7i/TbxJCUpwCgiEly tsQXDEf5F54WYs5ECoo9w84= =3qR8 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 9 12:55:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Jun 2004 08:55 -0400 Subject: [RHSA-2004:236-01] Updated krb5 packages available Message-ID: <200406091255.i59CtKl02924@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated krb5 packages available Advisory ID: RHSA-2004:236-01 Issue date: 2004-06-09 Updated on: 2004-06-09 Product: Red Hat Enterprise Linux Keywords: krb5 auth_to_local MITKRB5-SA-2004-001 Cross references: Obsoletes: RHBA-2004:208 CVE Names: CAN-2004-0523 - --------------------------------------------------------------------- 1. Topic: Updated Kerberos 5 (krb5) packages which correct buffer overflows in the krb5_aname_to_localname function are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Kerberos is a network authentication system. Bugs have been fixed in the krb5_aname_to_localname library function. Specifically, buffer overflows were possible for all Kerberos versions up to and including 1.3.3. The krb5_aname_to_localname function translates a Kerberos principal name to a local account name, typically a UNIX username. This function is frequently used when performing authorization checks. If configured with mappings from particular Kerberos principals to particular UNIX user names, certain functions called by krb5_aname_to_localname will not properly check the lengths of buffers used to store portions of the principal name. If configured to map principals to user names using rules, krb5_aname_to_localname would consistently write one byte past the end of a buffer allocated from the heap. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0523 to this issue. Only configurations which enable the explicit mapping or rules-based mapping functionality of krb5_aname_to_localname() are vulnerable. These configurations are not the default. Users of Kerberos are advised to upgrade to these erratum packages which contain backported security patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 125001 - CAN-2004-0523 MIT Kerberos 5: buffer overflows in krb5_aname_to_localname 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/krb5-1.2.2-27.src.rpm i386: Available from Red Hat Network: krb5-devel-1.2.2-27.i386.rpm Available from Red Hat Network: krb5-libs-1.2.2-27.i386.rpm Available from Red Hat Network: krb5-server-1.2.2-27.i386.rpm Available from Red Hat Network: krb5-workstation-1.2.2-27.i386.rpm ia64: Available from Red Hat Network: krb5-devel-1.2.2-27.ia64.rpm Available from Red Hat Network: krb5-libs-1.2.2-27.ia64.rpm Available from Red Hat Network: krb5-server-1.2.2-27.ia64.rpm Available from Red Hat Network: krb5-workstation-1.2.2-27.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/krb5-1.2.2-27.src.rpm ia64: Available from Red Hat Network: krb5-devel-1.2.2-27.ia64.rpm Available from Red Hat Network: krb5-libs-1.2.2-27.ia64.rpm Available from Red Hat Network: krb5-server-1.2.2-27.ia64.rpm Available from Red Hat Network: krb5-workstation-1.2.2-27.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/krb5-1.2.2-27.src.rpm i386: Available from Red Hat Network: krb5-devel-1.2.2-27.i386.rpm Available from Red Hat Network: krb5-libs-1.2.2-27.i386.rpm Available from Red Hat Network: krb5-server-1.2.2-27.i386.rpm Available from Red Hat Network: krb5-workstation-1.2.2-27.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/krb5-1.2.2-27.src.rpm i386: Available from Red Hat Network: krb5-devel-1.2.2-27.i386.rpm Available from Red Hat Network: krb5-libs-1.2.2-27.i386.rpm Available from Red Hat Network: krb5-server-1.2.2-27.i386.rpm Available from Red Hat Network: krb5-workstation-1.2.2-27.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/krb5-1.2.7-24.src.rpm i386: Available from Red Hat Network: krb5-devel-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-server-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.i386.rpm ia64: Available from Red Hat Network: krb5-devel-1.2.7-24.ia64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.ia64.rpm Available from Red Hat Network: krb5-server-1.2.7-24.ia64.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.ia64.rpm ppc: Available from Red Hat Network: krb5-devel-1.2.7-24.ppc.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.ppc.rpm Available from Red Hat Network: krb5-server-1.2.7-24.ppc.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.ppc.rpm ppc64: Available from Red Hat Network: krb5-libs-1.2.7-24.ppc64.rpm s390: Available from Red Hat Network: krb5-devel-1.2.7-24.s390.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.s390.rpm Available from Red Hat Network: krb5-server-1.2.7-24.s390.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.s390.rpm s390x: Available from Red Hat Network: krb5-devel-1.2.7-24.s390x.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.s390x.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.s390.rpm Available from Red Hat Network: krb5-server-1.2.7-24.s390x.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.s390x.rpm x86_64: Available from Red Hat Network: krb5-devel-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-server-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/krb5-1.2.7-24.src.rpm i386: Available from Red Hat Network: krb5-devel-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-server-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.i386.rpm x86_64: Available from Red Hat Network: krb5-devel-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-server-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/krb5-1.2.7-24.src.rpm i386: Available from Red Hat Network: krb5-devel-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-server-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.i386.rpm ia64: Available from Red Hat Network: krb5-devel-1.2.7-24.ia64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.ia64.rpm Available from Red Hat Network: krb5-server-1.2.7-24.ia64.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.ia64.rpm x86_64: Available from Red Hat Network: krb5-devel-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-server-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/krb5-1.2.7-24.src.rpm i386: Available from Red Hat Network: krb5-devel-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-server-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.i386.rpm ia64: Available from Red Hat Network: krb5-devel-1.2.7-24.ia64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.ia64.rpm Available from Red Hat Network: krb5-server-1.2.7-24.ia64.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.ia64.rpm x86_64: Available from Red Hat Network: krb5-devel-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-libs-1.2.7-24.i386.rpm Available from Red Hat Network: krb5-server-1.2.7-24.x86_64.rpm Available from Red Hat Network: krb5-workstation-1.2.7-24.x86_64.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 3d02725d161f02d01ff86ef7b7182183 krb5-1.2.2-27.src.rpm af63a6f3ffd39b302760c87fcad4266e krb5-1.2.7-24.src.rpm 3bc07d36495e716f02a27744853e2076 krb5-devel-1.2.2-27.i386.rpm 168a5eeb5037510af1fbb5ec62228466 krb5-devel-1.2.2-27.ia64.rpm 6d6afcdbf68274e0e17d1febc8b4cbbc krb5-devel-1.2.7-24.i386.rpm a5fb83189f17bce330979183c1adf258 krb5-devel-1.2.7-24.ia64.rpm a9b7d213f7063478841d3fbb81815812 krb5-devel-1.2.7-24.ppc.rpm 8f328bf8938322b57587819a3f28ff46 krb5-devel-1.2.7-24.s390.rpm 16acea014099bc8bc972e4c93190a202 krb5-devel-1.2.7-24.s390x.rpm 579783ee3caafeb629c76e1f17fb6b36 krb5-devel-1.2.7-24.x86_64.rpm 3f3d659e6a39aadf75b0d199a1785075 krb5-libs-1.2.2-27.i386.rpm e6d7cd9a27c55e3e764556595d6d9b3a krb5-libs-1.2.2-27.ia64.rpm 348a5fe692a60dd6fb53cf926ca1a67a krb5-libs-1.2.7-24.i386.rpm a836bc89fab21b87c2671a38376060c8 krb5-libs-1.2.7-24.ia64.rpm dc8412ef9ff911cb3c0203dda9757acd krb5-libs-1.2.7-24.ppc.rpm d5e94f1dd96b7b9adf0063d8bf3f6a68 krb5-libs-1.2.7-24.ppc64.rpm 3ebad1dba1ef6be35c42944ec0e3b374 krb5-libs-1.2.7-24.s390.rpm 4dadbf79a6f406bc219d8794c20f61e0 krb5-libs-1.2.7-24.s390x.rpm c61c3221a56d5603e6e4e1ec9ddaf380 krb5-libs-1.2.7-24.x86_64.rpm ef93cca932fb036e44fb3aeaf5f72a7a krb5-server-1.2.2-27.i386.rpm 5e756234b865a2a6539c29fe0baeab88 krb5-server-1.2.2-27.ia64.rpm 0f31a82ed0046a3fbe50bf1d4ac05948 krb5-server-1.2.7-24.i386.rpm f882e7d17c37f242afb32aaf7c34c0b9 krb5-server-1.2.7-24.ia64.rpm ee76eced813fce598c895c75743f1a34 krb5-server-1.2.7-24.ppc.rpm 23d8d0c047508e5598fd6417e461c61b krb5-server-1.2.7-24.s390.rpm 86c9d73665948640d90915f4665ae2b0 krb5-server-1.2.7-24.s390x.rpm e9cef6200f186a4118da041cf56fe6f7 krb5-server-1.2.7-24.x86_64.rpm 2a2743270d3fe988624d55a0e254f380 krb5-workstation-1.2.2-27.i386.rpm fa5fdeef9726022e788d5ff02a9e2c49 krb5-workstation-1.2.2-27.ia64.rpm 54deedb77213b98088601db3c91c5136 krb5-workstation-1.2.7-24.i386.rpm 9e2b7bad03c8f0c4dbda226aad2edaa7 krb5-workstation-1.2.7-24.ia64.rpm a8f191915064110e4f3c072f831aca0b krb5-workstation-1.2.7-24.ppc.rpm ff7ec2de33ee8084384be8ae53d285ab krb5-workstation-1.2.7-24.s390.rpm 83b35af5e4d0f049d88fd70d6b2693c4 krb5-workstation-1.2.7-24.s390x.rpm 750e1126b693966e4207546e2469e20b krb5-workstation-1.2.7-24.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-001-an_to_ln.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0523 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAxwixXlSAg2UNWIIRArTVAJ9Y70Y8DAsUtk5W6RuFvnLpaclVnACeJJGI BRCn6CVrJgm7p8GD4rowae8= =QT9H -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 9 12:55:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Jun 2004 08:55 -0400 Subject: [RHSA-2004:242-01] Updated squid package fixes security vulnerability Message-ID: <200406091255.i59CtVl02943@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated squid package fixes security vulnerability Advisory ID: RHSA-2004:242-01 Issue date: 2004-06-09 Updated on: 2004-06-09 Product: Red Hat Enterprise Linux Keywords: Cross references: Obsoletes: RHSA-2004:133 CVE Names: CAN-2004-0541 - --------------------------------------------------------------------- 1. Topic: An updated squid package that fixes a security vulnerability in the NTLM authentication helper is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Squid is a full-featured Web proxy cache. A buffer overflow was found within the NTLM authentication helper routine. If Squid is configured to use the NTLM authentication helper, a remote attacker could potentially execute arbitrary code by sending a lengthy password. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0541 to this issue. Note: The NTLM authentication helper is not enabled by default in Red Hat Enterprise Linux 3. Red Hat Enterprise Linux 2.1 is not vulnerable to this issue as it shipped with a version of Squid which did not contain the helper. Users of Squid should update to this errata package which contains a backported patch that is not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 125507 - CAN-2004-0541 Squid NTLM authentication helper overflow 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squid-2.5.STABLE3-6.3E.src.rpm i386: Available from Red Hat Network: squid-2.5.STABLE3-6.3E.i386.rpm ia64: Available from Red Hat Network: squid-2.5.STABLE3-6.3E.ia64.rpm ppc: Available from Red Hat Network: squid-2.5.STABLE3-6.3E.ppc.rpm ppc64: Available from Red Hat Network: squid-2.5.STABLE3-6.3E.ppc64.rpm s390: Available from Red Hat Network: squid-2.5.STABLE3-6.3E.s390.rpm s390x: Available from Red Hat Network: squid-2.5.STABLE3-6.3E.s390x.rpm x86_64: Available from Red Hat Network: squid-2.5.STABLE3-6.3E.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squid-2.5.STABLE3-6.3E.src.rpm i386: Available from Red Hat Network: squid-2.5.STABLE3-6.3E.i386.rpm x86_64: Available from Red Hat Network: squid-2.5.STABLE3-6.3E.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squid-2.5.STABLE3-6.3E.src.rpm i386: Available from Red Hat Network: squid-2.5.STABLE3-6.3E.i386.rpm ia64: Available from Red Hat Network: squid-2.5.STABLE3-6.3E.ia64.rpm x86_64: Available from Red Hat Network: squid-2.5.STABLE3-6.3E.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squid-2.5.STABLE3-6.3E.src.rpm i386: Available from Red Hat Network: squid-2.5.STABLE3-6.3E.i386.rpm ia64: Available from Red Hat Network: squid-2.5.STABLE3-6.3E.ia64.rpm x86_64: Available from Red Hat Network: squid-2.5.STABLE3-6.3E.x86_64.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 90890ecfae7b1ec7eed00f7c8aaef784 squid-2.5.STABLE3-6.3E.i386.rpm 4e92fc8d282ba0facf5351917eabc39a squid-2.5.STABLE3-6.3E.ia64.rpm 66d562d99fde548adb74b20496b7c7dd squid-2.5.STABLE3-6.3E.ppc.rpm d0dfd950a6b606482c612807b611dedf squid-2.5.STABLE3-6.3E.ppc64.rpm f95a05ab1ecc6d26283ad358b287f5b6 squid-2.5.STABLE3-6.3E.s390.rpm adad7b44a928f2faeea523c21affd678 squid-2.5.STABLE3-6.3E.s390x.rpm e94efd7bc32ae23263d64c84a1bf54d2 squid-2.5.STABLE3-6.3E.src.rpm 31fa3552c7b731b1d4a21d31fa2fcb93 squid-2.5.STABLE3-6.3E.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://www.idefense.com/application/poi/display?id=107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0541 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAxwjAXlSAg2UNWIIRAoe9AKCEMvnEAGZlA4A+iM6eNl8TgDY1dgCdGUZn SpZ3IkvBhUIb0hunl/zI0i8= =4sSL -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 9 13:01:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Jun 2004 09:01 -0400 Subject: [RHSA-2004:233-01] Updated cvs package fixes security issues Message-ID: <200406091301.i59D1Ll03597@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated cvs package fixes security issues Advisory ID: RHSA-2004:233-01 Issue date: 2004-06-09 Updated on: 2004-06-09 Product: Red Hat Enterprise Linux Keywords: Cross references: Obsoletes: RHSA-2004:190 CVE Names: CAN-2004-0414 CAN-2004-0416 CAN-2004-0417 CAN-2004-0418 - --------------------------------------------------------------------- 1. Topic: An updated cvs package that fixes several server vulnerabilities, which could be exploited by a malicious client, is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: CVS is a version control system frequently used to manage source code repositories. While investigating a previously fixed vulnerability, Derek Price discovered a flaw relating to malformed "Entry" lines which lead to a missing NULL terminator. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0414 to this issue. Stefan Esser and Sebastian Krahmer conducted an audit of CVS and fixed a number of issues that may have had security consequences. Among the issues deemed likely to be exploitable were: - -- a double-free relating to the error_prog_name string (CAN-2004-0416) - -- an argument integer overflow (CAN-2004-0417) - -- out-of-bounds writes in serv_notify (CAN-2004-0418). An attacker who has access to a CVS server may be able to execute arbitrary code under the UID on which the CVS server is executing. Users of CVS are advised to upgrade to this updated package, which contains backported patches correcting these issues. Red Hat would like to thank Stefan Esser, Sebastian Krahmer, and Derek Price for auditing, disclosing, and providing patches for these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/cvs-1.11.1p1-16.src.rpm i386: Available from Red Hat Network: cvs-1.11.1p1-16.i386.rpm ia64: Available from Red Hat Network: cvs-1.11.1p1-16.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/cvs-1.11.1p1-16.src.rpm ia64: Available from Red Hat Network: cvs-1.11.1p1-16.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/cvs-1.11.1p1-16.src.rpm i386: Available from Red Hat Network: cvs-1.11.1p1-16.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/cvs-1.11.1p1-16.src.rpm i386: Available from Red Hat Network: cvs-1.11.1p1-16.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cvs-1.11.2-24.src.rpm i386: Available from Red Hat Network: cvs-1.11.2-24.i386.rpm ia64: Available from Red Hat Network: cvs-1.11.2-24.ia64.rpm ppc: Available from Red Hat Network: cvs-1.11.2-24.ppc.rpm ppc64: Available from Red Hat Network: cvs-1.11.2-24.ppc64.rpm s390: Available from Red Hat Network: cvs-1.11.2-24.s390.rpm s390x: Available from Red Hat Network: cvs-1.11.2-24.s390x.rpm x86_64: Available from Red Hat Network: cvs-1.11.2-24.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cvs-1.11.2-24.src.rpm i386: Available from Red Hat Network: cvs-1.11.2-24.i386.rpm x86_64: Available from Red Hat Network: cvs-1.11.2-24.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cvs-1.11.2-24.src.rpm i386: Available from Red Hat Network: cvs-1.11.2-24.i386.rpm ia64: Available from Red Hat Network: cvs-1.11.2-24.ia64.rpm x86_64: Available from Red Hat Network: cvs-1.11.2-24.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cvs-1.11.2-24.src.rpm i386: Available from Red Hat Network: cvs-1.11.2-24.i386.rpm ia64: Available from Red Hat Network: cvs-1.11.2-24.ia64.rpm x86_64: Available from Red Hat Network: cvs-1.11.2-24.x86_64.rpm 6. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 6ab08aa7500b7a11765e368581003680 cvs-1.11.1p1-16.i386.rpm df21ca3d88391677f710ad351725fde0 cvs-1.11.1p1-16.ia64.rpm 93629ecea74e4699e208eaeaad1a0560 cvs-1.11.1p1-16.src.rpm 589b87ab2e0d96047d9ffe0b39cd9528 cvs-1.11.2-24.i386.rpm d4ad9ccfa0dabbf6b568e197a897f7d3 cvs-1.11.2-24.ia64.rpm ea79fbc05a95d97735a897f01770fdfd cvs-1.11.2-24.ppc.rpm 704dd6dd8be7e2ead353c5fd399d4cc8 cvs-1.11.2-24.ppc64.rpm 76caa8cb35ff6a082af8d3301e4866ca cvs-1.11.2-24.s390.rpm 8116f490790c1a393c51b72fead9d48f cvs-1.11.2-24.s390x.rpm 865473c922858a56e30eb9f9ee6f84ac cvs-1.11.2-24.src.rpm 6cb397fe4e7dcec66a7b8b4249f36176 cvs-1.11.2-24.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0418 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAxwoYXlSAg2UNWIIRArOFAKDElLw55sPiwuMJ4vTzADgY94dGUgCeMOsR WiXoHWhnBClNzKn0kidfUXk= =qJiD -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jun 14 15:45:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 14 Jun 2004 11:45 -0400 Subject: [RHSA-2004:240-01] Updated SquirrelMail package fixes multiple vulnerabilities Message-ID: <200406141545.i5EFjTF03043@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated SquirrelMail package fixes multiple vulnerabilities Advisory ID: RHSA-2004:240-01 Issue date: 2004-06-14 Updated on: 2004-06-14 Product: Red Hat Enterprise Linux Keywords: cross-site scripting XSS sql injection Cross references: Obsoletes: CVE Names: CAN-2004-0519 CAN-2004-0520 CAN-2004-0521 - --------------------------------------------------------------------- 1. Topic: An updated SquirrelMail package that fixes several security vulnerabilities is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - noarch Red Hat Desktop version 3 - noarch Red Hat Enterprise Linux ES version 3 - noarch Red Hat Enterprise Linux WS version 3 - noarch 3. Problem description: SquirrelMail is a webmail package written in PHP. Multiple vulnerabilities have been found which affect the version of SquirrelMail shipped with Red Hat Enterprise Linux 3. An SQL injection flaw was found in SquirrelMail version 1.4.2 and earlier. If SquirrelMail is configured to store user addressbooks in the database, a remote attacker could use this flaw to execute arbitrary SQL statements. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0521 to this issue. A number of cross-site scripting (XSS) flaws in SquirrelMail version 1.4.2 and earlier could allow remote attackers to execute script as other web users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0519 and CAN-2004-0520 to these issues. All users of SquirrelMail are advised to upgrade to the erratum package containing SquirrelMail version 1.4.3a which is not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 122512 - CAN-2004-0519/20/21 XSS and SQL issues in Squirrelmail 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squirrelmail-1.4.3-0.e3.1.src.rpm noarch: Available from Red Hat Network: squirrelmail-1.4.3-0.e3.1.noarch.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squirrelmail-1.4.3-0.e3.1.src.rpm noarch: Available from Red Hat Network: squirrelmail-1.4.3-0.e3.1.noarch.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squirrelmail-1.4.3-0.e3.1.src.rpm noarch: Available from Red Hat Network: squirrelmail-1.4.3-0.e3.1.noarch.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squirrelmail-1.4.3-0.e3.1.src.rpm noarch: Available from Red Hat Network: squirrelmail-1.4.3-0.e3.1.noarch.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- fe78cd5ef4feb1aec5923dd2e6b3a5f9 squirrelmail-1.4.3-0.e3.1.noarch.rpm 081f186411150fea88f0533185f7bafb squirrelmail-1.4.3-0.e3.1.src.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://marc.theaimsgroup.com/?l=squirrelmail-announce&m=108595407012256 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0520 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0521 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAzcgPXlSAg2UNWIIRAu/GAJ9JbCYYJa2RubSylg7b/MWo1Dl3NwCgjbrz z+EDup88SAvTVPIGwjfb950= =8oix -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jun 14 15:46:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 14 Jun 2004 11:46 -0400 Subject: [RHSA-2004:244-01] Updated Tripwire packages fix security flaw Message-ID: <200406141546.i5EFkFF03139@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated Tripwire packages fix security flaw Advisory ID: RHSA-2004:244-01 Issue date: 2004-06-14 Updated on: 2004-06-14 Product: Red Hat Enterprise Linux Keywords: Cross references: Obsoletes: CVE Names: CAN-2004-0536 - --------------------------------------------------------------------- 1. Topic: Updated Tripwire packages that fix a format string security vulnerability are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: Tripwire is a system integrity assessment tool. Paul Herman discovered a format string vulnerability in Tripwire version 2.3.1 and earlier. If Tripwire is configured to send reports via email, a local user could gain privileges by creating a carefully crafted file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0536 to this issue. Users of Tripwire are advised to upgrade to this erratum package which contains a backported security patch to correct this issue. The erratum package also contains some minor bug fixes. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 70502 - Old File Checks in sample policy configuration file 72259 - Missing policyguide.txt in tripwire RPM 125176 - CAN-2004-0536 tripwire privilege escalation flaw 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/tripwire-2.3.1-18.src.rpm i386: Available from Red Hat Network: tripwire-2.3.1-18.i386.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/tripwire-2.3.1-18.src.rpm i386: Available from Red Hat Network: tripwire-2.3.1-18.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/tripwire-2.3.1-18.src.rpm i386: Available from Red Hat Network: tripwire-2.3.1-18.i386.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- ab6af85788d25ae312cbec3a768be2c8 tripwire-2.3.1-18.i386.rpm b5eae5cd1780f649cc9cd5d123d4bb5c tripwire-2.3.1-18.src.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://marc.theaimsgroup.com/?l=bugtraq&m=108627481507249 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0536 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAzchBXlSAg2UNWIIRAq6mAKCPOr25EiTeIvEJqGCmmhQTm5yKfgCgwwD/ 6vahVjuB9ruzz5RpOLTvh0M= =aT76 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Jun 14 15:47:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 14 Jun 2004 11:47 -0400 Subject: [RHSA-2004:245-01] Updated httpd and mod_ssl packages fix minor Apache security vulnerabilities Message-ID: <200406141547.i5EFl7F03160@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated httpd and mod_ssl packages fix minor Apache security vulnerabilities Advisory ID: RHSA-2004:245-01 Issue date: 2004-06-14 Updated on: 2004-06-14 Product: Red Hat Enterprise Linux Keywords: Apache httpd ASF mod_ssl mod_proxy FakeBasicAuth Cross references: Obsoletes: RHBA-2004:101 CVE Names: CAN-2004-0488 CAN-2004-0492 - --------------------------------------------------------------------- 1. Topic: Updated httpd and mod_ssl packages that fix minor security issues in the Apache Web server are now available for Red Hat Enterprise Linux 2.1. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. A buffer overflow was found in the Apache proxy module, mod_proxy, which can be triggered by receiving an invalid Content-Length header. In order to exploit this issue, an attacker would need an Apache installation that was configured as a proxy to connect to a malicious site. This would cause the Apache child processing the request to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0492 to this issue. On Red Hat Enterprise Linux platforms Red Hat believes this issue cannot lead to remote code execution. This issue also does not represent a Denial of Service attack as requests will continue to be handled by other Apache child processes. A stack buffer overflow was discovered in mod_ssl which can be triggered if using the FakeBasicAuth option. If mod_ssl is sent a client certificate with a subject DN field longer than 6000 characters, a stack overflow can occur if FakeBasicAuth has been enabled. In order to exploit this issue the carefully crafted malicious certificate would have to be signed by a Certificate Authority which mod_ssl is configured to trust. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0488 to this issue. This update also fixes a DNS handling bug in mod_proxy. The mod_auth_digest module is now included in the Apache package and should be used instead of mod_digest for sites requiring Digest authentication. Red Hat Enterprise Linux 2.1 users of the Apache HTTP Server should upgrade to these erratum packages, which contains Apache version 1.3.27 with backported patches correcting these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 125704 - CAN-2004-0492 mod_proxy buffer overflow 122637 - mod_proxy does reverse DNS lookups (AS2.1) 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/apache-1.3.27-8.ent.src.rpm ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mod_ssl-2.8.12-4.src.rpm i386: Available from Red Hat Network: apache-1.3.27-8.ent.i386.rpm Available from Red Hat Network: apache-devel-1.3.27-8.ent.i386.rpm Available from Red Hat Network: apache-manual-1.3.27-8.ent.i386.rpm Available from Red Hat Network: mod_ssl-2.8.12-4.i386.rpm ia64: Available from Red Hat Network: apache-1.3.27-8.ent.ia64.rpm Available from Red Hat Network: apache-devel-1.3.27-8.ent.ia64.rpm Available from Red Hat Network: apache-manual-1.3.27-8.ent.ia64.rpm Available from Red Hat Network: mod_ssl-2.8.12-4.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/apache-1.3.27-8.ent.src.rpm ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mod_ssl-2.8.12-4.src.rpm ia64: Available from Red Hat Network: apache-1.3.27-8.ent.ia64.rpm Available from Red Hat Network: apache-devel-1.3.27-8.ent.ia64.rpm Available from Red Hat Network: apache-manual-1.3.27-8.ent.ia64.rpm Available from Red Hat Network: mod_ssl-2.8.12-4.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/apache-1.3.27-8.ent.src.rpm ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mod_ssl-2.8.12-4.src.rpm i386: Available from Red Hat Network: apache-1.3.27-8.ent.i386.rpm Available from Red Hat Network: apache-devel-1.3.27-8.ent.i386.rpm Available from Red Hat Network: apache-manual-1.3.27-8.ent.i386.rpm Available from Red Hat Network: mod_ssl-2.8.12-4.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/apache-1.3.27-8.ent.src.rpm ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mod_ssl-2.8.12-4.src.rpm i386: Available from Red Hat Network: apache-1.3.27-8.ent.i386.rpm Available from Red Hat Network: apache-devel-1.3.27-8.ent.i386.rpm Available from Red Hat Network: apache-manual-1.3.27-8.ent.i386.rpm Available from Red Hat Network: mod_ssl-2.8.12-4.i386.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 6aaeefcc251c69d6e0f5b2f65a3d8d8b apache-1.3.27-8.ent.i386.rpm fd3824f33645c995f4051ea1c5443af8 apache-1.3.27-8.ent.ia64.rpm 907752ff24d8cad085b50668746b6126 apache-1.3.27-8.ent.src.rpm 51915eba50827a2c433cfbdc6b8cbba1 apache-devel-1.3.27-8.ent.i386.rpm 35fc4104a5c5b2980faff3beda26b020 apache-devel-1.3.27-8.ent.ia64.rpm 4cae1b4448aa91f86b151bfc4a1131bf apache-manual-1.3.27-8.ent.i386.rpm 2c5dd25e15b85b04858337f528ce3188 apache-manual-1.3.27-8.ent.ia64.rpm 72981573499af5b48f18bbf4a84db467 mod_ssl-2.8.12-4.i386.rpm 8cd07fc8dfb9e0b3869d1154581d05f3 mod_ssl-2.8.12-4.ia64.rpm d601db52fb2edfbe69dcf3bc953929b8 mod_ssl-2.8.12-4.src.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://www.apacheweek.com/issues/04-06-11#security http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0492 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD4DBQFAzch0XlSAg2UNWIIRAmtpAJ9oRd/X3GKuu8SjBvTZygBcXxlTrwCXWsYe V9Ztr3FV/tDyQgrD9HGViw== =Ya/k -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jun 18 07:05:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 18 Jun 2004 03:05 -0400 Subject: [RHSA-2004:255-01] Updated kernel packages fix security vulnerabilities Message-ID: <200406180705.i5I75VF31869@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated kernel packages fix security vulnerabilities Advisory ID: RHSA-2004:255-01 Issue date: 2004-06-17 Updated on: 2004-06-17 Product: Red Hat Enterprise Linux Keywords: Cross references: Obsoletes: RHSA-2004:188 CVE Names: CAN-2004-0427 CAN-2004-0495 CAN-2004-0554 - --------------------------------------------------------------------- 1. Topic: Updated kernel packages for Red Hat Enterprise Linux 3 that fix security vulnerabilities are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - athlon, i386, i686, ia32e, ia64, ppc64, ppc64iseries, ppc64pseries, s390, s390x, x86_64 Red Hat Desktop version 3 - athlon, i386, i686, ia32e, x86_64 Red Hat Enterprise Linux ES version 3 - athlon, i386, i686, ia32e, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - athlon, i386, i686, ia32e, ia64, x86_64 3. Problem description: The Linux kernel handles the basic functions of the operating system. A flaw was found in Linux kernel versions 2.4 and 2.6 for x86 and x86_64 that allowed local users to cause a denial of service (system crash) by triggering a signal handler with a certain sequence of fsave and frstor instructions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0554 to this issue. Another flaw was discovered in an error path supporting the clone() system call that allowed local users to cause a denial of service (memory leak) by passing invalid arguments to clone() running in an infinite loop of a user's program. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0427 to this issue. Enhancements were committed to the 2.6 kernel by Al Viro which enabled the Sparse source code checking tool to check for a certain class of kernel bugs. A subset of these fixes also applies to various drivers in the 2.4 kernel. Although the majority of these resides in drivers unsupported in Red Hat Enterprise Linux 3, the flaws could lead to privilege escalation or access to kernel memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0495 to these issues. All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. These packages contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 125794 - CAN-2004-0554 local user can get the kernel to hang 125901 - [PATCH] CAN-2004-0554: FPU exception handling local DoS 125968 - last RH kernel affected bug 126121 - CAN-2004-0495 Sparse security fixes backported for 2.4 kernel 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-15.0.2.EL.src.rpm athlon: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.i386.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.i386.rpm i686: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm ia32e: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia32e.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm ia64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia64.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.ia64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.ia64.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia64.rpm ppc64: Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.ppc64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.ppc64.rpm ppc64iseries: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ppc64iseries.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ppc64iseries.rpm ppc64pseries: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ppc64pseries.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ppc64pseries.rpm s390: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.s390.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.s390.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.s390.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.s390.rpm s390x: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.s390x.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.s390x.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.s390x.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.s390x.rpm x86_64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-15.0.2.EL.src.rpm athlon: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.i386.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.i386.rpm i686: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm ia32e: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia32e.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm x86_64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-15.0.2.EL.src.rpm athlon: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.i386.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.i386.rpm i686: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm ia32e: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia32e.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm ia64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia64.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.ia64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.ia64.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia64.rpm x86_64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-15.0.2.EL.src.rpm athlon: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.i386.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.i386.rpm i686: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm ia32e: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia32e.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm ia64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.ia64.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.ia64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.ia64.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.ia64.rpm x86_64: Available from Red Hat Network: kernel-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.0.2.EL.x86_64.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 05b0bcb454ac5454479481d0288fbf20 kernel-2.4.21-15.0.2.EL.athlon.rpm a3073219b60cbb7ce447a22e5103e097 kernel-2.4.21-15.0.2.EL.i686.rpm 90dabcf0bb591756e5f04f397cf8a156 kernel-2.4.21-15.0.2.EL.ia32e.rpm 24ddfb9f957028d3bbc5cfff2b25bc67 kernel-2.4.21-15.0.2.EL.ia64.rpm 495a1c8f85e0e237643fd2e3f89ddaed kernel-2.4.21-15.0.2.EL.ppc64iseries.rpm 6ad188ae0c61a077dede364c59448f61 kernel-2.4.21-15.0.2.EL.ppc64pseries.rpm 1b9d329e2b074616239a91fd967871c8 kernel-2.4.21-15.0.2.EL.s390.rpm a8bab06e561ac8b6ab473b4e722a570b kernel-2.4.21-15.0.2.EL.s390x.rpm 669d77609b1c47ff49c939c1ea7bbc45 kernel-2.4.21-15.0.2.EL.src.rpm 13aabc1c96dfee65f73246051a955ba8 kernel-2.4.21-15.0.2.EL.x86_64.rpm 4635f8c6555f3b3e52feb9444b2e230d kernel-BOOT-2.4.21-15.0.2.EL.i386.rpm 6cf6c39a83dfe7cca9c9a79f02dc3fa8 kernel-doc-2.4.21-15.0.2.EL.i386.rpm cc60f06bdd3ad6a05040df8ba40d41a1 kernel-doc-2.4.21-15.0.2.EL.ia64.rpm 3f21dd578af78ed576c7cbf6e17a3f16 kernel-doc-2.4.21-15.0.2.EL.ppc64.rpm 5e27cc65020dbb1c92368e79c3edcbe6 kernel-doc-2.4.21-15.0.2.EL.s390.rpm 860944b6a4e8384a0b344dc96ea48b6d kernel-doc-2.4.21-15.0.2.EL.s390x.rpm 608d072210521af17c455f7754a6e352 kernel-doc-2.4.21-15.0.2.EL.x86_64.rpm 6c8dad84abc4dd1892c9dc862c329273 kernel-hugemem-2.4.21-15.0.2.EL.i686.rpm 426c517d35a53546138b0d72a0515909 kernel-hugemem-unsupported-2.4.21-15.0.2.EL.i686.rpm 96eb477ac938da01b729b5ac5ed36e3b kernel-smp-2.4.21-15.0.2.EL.athlon.rpm bece09ba4a651196758380372dc4c593 kernel-smp-2.4.21-15.0.2.EL.i686.rpm 82154d7551d6e4947af70b3044c9d4d2 kernel-smp-2.4.21-15.0.2.EL.x86_64.rpm 9d24273cc70bb6be810984cb3f3d0a36 kernel-smp-unsupported-2.4.21-15.0.2.EL.athlon.rpm 775338e099c3bdf36a586d29e55dbd3e kernel-smp-unsupported-2.4.21-15.0.2.EL.i686.rpm 8fde60be45154b7722893feb65506f42 kernel-smp-unsupported-2.4.21-15.0.2.EL.x86_64.rpm 3c690c54909996d3bba3da7c8d8f894a kernel-source-2.4.21-15.0.2.EL.i386.rpm a8fc2a1042ee3e580881b50c97a3241d kernel-source-2.4.21-15.0.2.EL.ia64.rpm 937a05a7666f14f95d20be19fc461f05 kernel-source-2.4.21-15.0.2.EL.ppc64.rpm 282bb4f0e5bfbec228a742ab6666665d kernel-source-2.4.21-15.0.2.EL.s390.rpm 6e9628389fa69aafc9c910e4b37a425a kernel-source-2.4.21-15.0.2.EL.s390x.rpm 44be30f820be806621b47786ebff1844 kernel-source-2.4.21-15.0.2.EL.x86_64.rpm 17f10f04cffc9751afb1499aaff00fdc kernel-unsupported-2.4.21-15.0.2.EL.athlon.rpm 89ee51cb60f7a1f34e66cbb16abcba07 kernel-unsupported-2.4.21-15.0.2.EL.i686.rpm 144943d76b23470572326c84b57c0dd9 kernel-unsupported-2.4.21-15.0.2.EL.ia32e.rpm 60e5c1f1efa438a658b12e16543214cd kernel-unsupported-2.4.21-15.0.2.EL.ia64.rpm 57f0111e6443fd5a39099731cc0856e8 kernel-unsupported-2.4.21-15.0.2.EL.ppc64iseries.rpm 22f38c0c1abee45e0ac24caa19e06311 kernel-unsupported-2.4.21-15.0.2.EL.ppc64pseries.rpm 8f67e244ba867a103e6b211d3d0d1fba kernel-unsupported-2.4.21-15.0.2.EL.s390.rpm 3522c33c18eb876b5033ef12398707fe kernel-unsupported-2.4.21-15.0.2.EL.s390x.rpm aa060423c3136a26ca31a7aafa337380 kernel-unsupported-2.4.21-15.0.2.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFA0pQzXlSAg2UNWIIRAnebAJ92x5UDw32uwjVFVe9Eat4cQQqXAwCgkRtl OG3QYv33e4XJlyE9npuygvs= =Joca -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jun 18 13:04:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 18 Jun 2004 09:04 -0400 Subject: [RHSA-2004:249-01] Updated libpng packages fix security issue Message-ID: <200406181304.i5ID4EF11167@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated libpng packages fix security issue Advisory ID: RHSA-2004:249-01 Issue date: 2004-06-18 Updated on: 2004-06-18 Product: Red Hat Enterprise Linux Keywords: Cross references: Obsoletes: CVE Names: CAN-2002-1363 - --------------------------------------------------------------------- 1. Topic: Updated libpng packages that fix a possible buffer overflow are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. During an audit of Red Hat Linux updates, the Fedora Legacy team found a security issue in libpng that had not been fixed in Red Hat Enterprise Linux 3. An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash or potentially execute arbitrary code when opened by a victim. Note: this issue does not affect Red Hat Enterprise Linux 2.1 Users are advised to upgrade to these updated packages that contain a backported security fix and are not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libpng-1.2.2-24.src.rpm ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libpng10-1.0.13-14.src.rpm i386: Available from Red Hat Network: libpng-1.2.2-24.i386.rpm Available from Red Hat Network: libpng-devel-1.2.2-24.i386.rpm Available from Red Hat Network: libpng10-1.0.13-14.i386.rpm Available from Red Hat Network: libpng10-devel-1.0.13-14.i386.rpm ia64: Available from Red Hat Network: libpng-1.2.2-24.ia64.rpm Available from Red Hat Network: libpng-devel-1.2.2-24.ia64.rpm Available from Red Hat Network: libpng10-1.0.13-14.ia64.rpm Available from Red Hat Network: libpng10-devel-1.0.13-14.ia64.rpm ppc: Available from Red Hat Network: libpng-1.2.2-24.ppc.rpm Available from Red Hat Network: libpng-devel-1.2.2-24.ppc.rpm Available from Red Hat Network: libpng10-1.0.13-14.ppc.rpm Available from Red Hat Network: libpng10-devel-1.0.13-14.ppc.rpm ppc64: Available from Red Hat Network: libpng-1.2.2-24.ppc64.rpm Available from Red Hat Network: libpng-devel-1.2.2-24.ppc64.rpm s390: Available from Red Hat Network: libpng-1.2.2-24.s390.rpm Available from Red Hat Network: libpng-devel-1.2.2-24.s390.rpm Available from Red Hat Network: libpng10-1.0.13-14.s390.rpm Available from Red Hat Network: libpng10-devel-1.0.13-14.s390.rpm s390x: Available from Red Hat Network: libpng-1.2.2-24.s390x.rpm Available from Red Hat Network: libpng-1.2.2-24.s390.rpm Available from Red Hat Network: libpng-devel-1.2.2-24.s390x.rpm Available from Red Hat Network: libpng10-1.0.13-14.s390x.rpm Available from Red Hat Network: libpng10-devel-1.0.13-14.s390x.rpm x86_64: Available from Red Hat Network: libpng-1.2.2-24.x86_64.rpm Available from Red Hat Network: libpng-1.2.2-24.i386.rpm Available from Red Hat Network: libpng-devel-1.2.2-24.x86_64.rpm Available from Red Hat Network: libpng10-1.0.13-14.x86_64.rpm Available from Red Hat Network: libpng10-devel-1.0.13-14.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libpng-1.2.2-24.src.rpm ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libpng10-1.0.13-14.src.rpm i386: Available from Red Hat Network: libpng-1.2.2-24.i386.rpm Available from Red Hat Network: libpng-devel-1.2.2-24.i386.rpm Available from Red Hat Network: libpng10-1.0.13-14.i386.rpm Available from Red Hat Network: libpng10-devel-1.0.13-14.i386.rpm x86_64: Available from Red Hat Network: libpng-1.2.2-24.x86_64.rpm Available from Red Hat Network: libpng-1.2.2-24.i386.rpm Available from Red Hat Network: libpng-devel-1.2.2-24.x86_64.rpm Available from Red Hat Network: libpng10-1.0.13-14.x86_64.rpm Available from Red Hat Network: libpng10-devel-1.0.13-14.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libpng-1.2.2-24.src.rpm ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libpng10-1.0.13-14.src.rpm i386: Available from Red Hat Network: libpng-1.2.2-24.i386.rpm Available from Red Hat Network: libpng-devel-1.2.2-24.i386.rpm Available from Red Hat Network: libpng10-1.0.13-14.i386.rpm Available from Red Hat Network: libpng10-devel-1.0.13-14.i386.rpm ia64: Available from Red Hat Network: libpng-1.2.2-24.ia64.rpm Available from Red Hat Network: libpng-devel-1.2.2-24.ia64.rpm Available from Red Hat Network: libpng10-1.0.13-14.ia64.rpm Available from Red Hat Network: libpng10-devel-1.0.13-14.ia64.rpm x86_64: Available from Red Hat Network: libpng-1.2.2-24.x86_64.rpm Available from Red Hat Network: libpng-1.2.2-24.i386.rpm Available from Red Hat Network: libpng-devel-1.2.2-24.x86_64.rpm Available from Red Hat Network: libpng10-1.0.13-14.x86_64.rpm Available from Red Hat Network: libpng10-devel-1.0.13-14.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libpng-1.2.2-24.src.rpm ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libpng10-1.0.13-14.src.rpm i386: Available from Red Hat Network: libpng-1.2.2-24.i386.rpm Available from Red Hat Network: libpng-devel-1.2.2-24.i386.rpm Available from Red Hat Network: libpng10-1.0.13-14.i386.rpm Available from Red Hat Network: libpng10-devel-1.0.13-14.i386.rpm ia64: Available from Red Hat Network: libpng-1.2.2-24.ia64.rpm Available from Red Hat Network: libpng-devel-1.2.2-24.ia64.rpm Available from Red Hat Network: libpng10-1.0.13-14.ia64.rpm Available from Red Hat Network: libpng10-devel-1.0.13-14.ia64.rpm x86_64: Available from Red Hat Network: libpng-1.2.2-24.x86_64.rpm Available from Red Hat Network: libpng-1.2.2-24.i386.rpm Available from Red Hat Network: libpng-devel-1.2.2-24.x86_64.rpm Available from Red Hat Network: libpng10-1.0.13-14.x86_64.rpm Available from Red Hat Network: libpng10-devel-1.0.13-14.x86_64.rpm 6. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- af63ef937508fd3bc25bb54203e9d9da libpng-1.2.2-24.i386.rpm 4c046aafa3cc058427ca2ffe3df4374c libpng-1.2.2-24.ia64.rpm 3f9f8f07958ccdbdae1dd5658d1f660d libpng-1.2.2-24.ppc.rpm a28f7104fa22ffba7c9c972721726efa libpng-1.2.2-24.ppc64.rpm 99edb05b88fa05393594006cde3605a9 libpng-1.2.2-24.s390.rpm 3b5305cb0962ffd7d1a7472f8416efc1 libpng-1.2.2-24.s390x.rpm 955bd34890b25d65120f30250a75d2fb libpng-1.2.2-24.src.rpm 56f6e9b47b537fe124b9ed874c379bcc libpng-1.2.2-24.x86_64.rpm 80f1c12114bf5648ccf56c270a3dcd5e libpng-devel-1.2.2-24.i386.rpm cd5181aeae289c6446d4458071c18d2c libpng-devel-1.2.2-24.ia64.rpm 935fbe2f7afb316145a9d3ec738718be libpng-devel-1.2.2-24.ppc.rpm 5d557d5ecc04f15ad45007ded47c7b22 libpng-devel-1.2.2-24.ppc64.rpm 2a8b05e84202c872c84852b143480a98 libpng-devel-1.2.2-24.s390.rpm 294c94237c1caa1e3f7c71b21091c7c5 libpng-devel-1.2.2-24.s390x.rpm 36c04c69972678f7279991cbf49763ad libpng-devel-1.2.2-24.x86_64.rpm 645136e04ec539eabf6c9f8106f62f47 libpng10-1.0.13-14.i386.rpm 5168760faafc399c90958c60412ce516 libpng10-1.0.13-14.ia64.rpm 03469eece5ab2c757fce148964438f8a libpng10-1.0.13-14.ppc.rpm ee7bce6430e786d94ffb598f1f0cc842 libpng10-1.0.13-14.s390.rpm a3a639aceb65debb84ced820828611ed libpng10-1.0.13-14.s390x.rpm 4959b14e2264df985dacfac43e24df40 libpng10-1.0.13-14.src.rpm 8b12075058f65c087e97f88f9d63e027 libpng10-1.0.13-14.x86_64.rpm d42c29c9604d0b2db4af78f5875bb468 libpng10-devel-1.0.13-14.i386.rpm fe4a1b47268982804c2068ba6158c8d2 libpng10-devel-1.0.13-14.ia64.rpm 882bd95074aba728c10e1b44f96a4de4 libpng10-devel-1.0.13-14.ppc.rpm 6d8ca64a3f82caa142ceae5be4a36817 libpng10-devel-1.0.13-14.s390.rpm 34ab7cea51cf9f6b644787a746bf5726 libpng10-devel-1.0.13-14.s390x.rpm 14dd5f536db290d29895252af5a38b5e libpng10-devel-1.0.13-14.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFA0ug/XlSAg2UNWIIRAmVmAJ93rjHlqUUG1zyFXiUu/zEjuHETtwCffac/ UGbVldg7VVPwdciRR/pw1hQ= =9Gbn -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jun 18 21:25:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 18 Jun 2004 17:25 -0400 Subject: [RHSA-2004:260-01] Updated kernel packages fix security vulnerabilities Message-ID: <200406182125.i5ILP3F18051@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated kernel packages fix security vulnerabilities Advisory ID: RHSA-2004:260-01 Issue date: 2004-06-18 Updated on: 2004-06-18 Product: Red Hat Enterprise Linux Keywords: Cross references: Obsoletes: RHSA-2004:188 CVE Names: CAN-2004-0495 CAN-2004-0554 - --------------------------------------------------------------------- 1. Topic: Updated kernel packages for Red Hat Enterprise Linux 2.1 that fix security vulnerabilities are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - athlon, i386, i686 Red Hat Enterprise Linux ES version 2.1 - athlon, i386, i686 Red Hat Enterprise Linux WS version 2.1 - athlon, i386, i686 3. Problem description: The Linux kernel handles the basic functions of the operating system. A flaw was found in Linux kernel versions 2.4 and 2.6 for x86 and x86_64 that allowed local users to cause a denial of service (system crash) by triggering a signal handler with a certain sequence of fsave and frstor instructions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0554 to this issue. Enhancements were committed to the 2.6 kernel by Al Viro which enabled the Sparse source code checking tool to check for a certain class of kernel bugs. A subset of these fixes also applies to various drivers in the 2.4 kernel. These flaws could lead to privilege escalation or access to kernel memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0495 to these issues. All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. These packages contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 126122 - CAN-2004-0495 Sparse security fixes backported for 2.4 kernel 126031 - CAN-2004-0554 local user can get the kernel to hang 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kernel-2.4.9-e.41.src.rpm athlon: Available from Red Hat Network: kernel-2.4.9-e.41.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.9-e.41.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-doc-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-headers-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-source-2.4.9-e.41.i386.rpm i686: Available from Red Hat Network: kernel-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-debug-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-enterprise-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-smp-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-summit-2.4.9-e.41.i686.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kernel-2.4.9-e.41.src.rpm athlon: Available from Red Hat Network: kernel-2.4.9-e.41.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.9-e.41.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-doc-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-headers-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-source-2.4.9-e.41.i386.rpm i686: Available from Red Hat Network: kernel-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-debug-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-smp-2.4.9-e.41.i686.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kernel-2.4.9-e.41.src.rpm athlon: Available from Red Hat Network: kernel-2.4.9-e.41.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.9-e.41.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-doc-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-headers-2.4.9-e.41.i386.rpm Available from Red Hat Network: kernel-source-2.4.9-e.41.i386.rpm i686: Available from Red Hat Network: kernel-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-debug-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-enterprise-2.4.9-e.41.i686.rpm Available from Red Hat Network: kernel-smp-2.4.9-e.41.i686.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- e8a6f83bc24e92297315f751559a251a kernel-2.4.9-e.41.athlon.rpm 3e0d87495a7c6b7bef7e02f55ef6d24a kernel-2.4.9-e.41.i686.rpm 3958537aa5fd88aebb95864351f824c8 kernel-2.4.9-e.41.src.rpm fdf9aa6832ac6faeb301988d98e7a31b kernel-BOOT-2.4.9-e.41.i386.rpm 8aa5eb290f69829b5284c90705b6061f kernel-debug-2.4.9-e.41.i686.rpm 4af5cd44eb2fa282c0d743927478738c kernel-doc-2.4.9-e.41.i386.rpm 703fec744138ab5ca5118e266e5b75f1 kernel-enterprise-2.4.9-e.41.i686.rpm 55f2acc05244bf82043d85920aeab3e4 kernel-headers-2.4.9-e.41.i386.rpm 04ab73b3bca23210c7643a74a7602b49 kernel-smp-2.4.9-e.41.athlon.rpm b2186df6f7d6c688a30365a17dc9a4b4 kernel-smp-2.4.9-e.41.i686.rpm e6b5c0f91e0808d6c1ba5de86b600c17 kernel-source-2.4.9-e.41.i386.rpm e05538bec3d7e58542c34f222890facf kernel-summit-2.4.9-e.41.i686.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0554 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFA012sXlSAg2UNWIIRApqaAJ9Nuz1XLmQCLCw1ieJIqA7dXpEZngCfSUGf kKnzkP/NlgcdhMGvZQK682k= =k/N4 -----END PGP SIGNATURE-----