From bugzilla at redhat.com Mon Mar 8 17:03:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 8 Mar 2004 12:03 -0500 Subject: [RHSA-2004:096-01] Updated wu-ftpd package fixes security issues Message-ID: <200403081703.i28H3bY18559@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated wu-ftpd package fixes security issues Advisory ID: RHSA-2004:096-01 Issue date: 2004-03-08 Updated on: 2004-03-08 Product: Red Hat Enterprise Linux Keywords: ftpd Cross references: Obsoletes: RHSA-2003:246 CVE Names: CAN-2004-0148 - --------------------------------------------------------------------- 1. Topic: An updated wu-ftpd package that fixes two security issues is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 3. Problem description: The wu-ftpd package contains the Washington University FTP (File Transfer Protocol) server daemon. FTP is a method of transferring files between machines. Glenn Stewart discovered a flaw in wu-ftpd. When configured with "restricted-gid home", an authorized user could use this flaw to circumvent the configured home directory restriction by using chmod. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0148 to this issue. Michael Hendrickx found a flaw in the S/Key login handling. On servers using S/Key authentication, a remote attacker could overflow a buffer and potentially execute arbitrary code. Users of wu-ftpd are advised to upgrade to this updated package, which contains backported security patches and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 115979 - xferlog doesn't honor TZ environment variable 116825 - CAN-2004-0148 wu-ftpd user able to break out of restriction 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/wu-ftpd-2.6.1-22.src.rpm i386: Available from Red Hat Network: wu-ftpd-2.6.1-22.i386.rpm ia64: Available from Red Hat Network: wu-ftpd-2.6.1-22.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/wu-ftpd-2.6.1-22.src.rpm ia64: Available from Red Hat Network: wu-ftpd-2.6.1-22.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/wu-ftpd-2.6.1-22.src.rpm i386: Available from Red Hat Network: wu-ftpd-2.6.1-22.i386.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 114f1889ef402bf55447b091f25b2f62 2.1AS/en/os/SRPMS/wu-ftpd-2.6.1-22.src.rpm 1b4f737c278d0597fc8597bc80a6137d 2.1AS/en/os/i386/wu-ftpd-2.6.1-22.i386.rpm 968a98b0db2fe15f01a6e1804755f78e 2.1AS/en/os/ia64/wu-ftpd-2.6.1-22.ia64.rpm 114f1889ef402bf55447b091f25b2f62 2.1AW/en/os/SRPMS/wu-ftpd-2.6.1-22.src.rpm 968a98b0db2fe15f01a6e1804755f78e 2.1AW/en/os/ia64/wu-ftpd-2.6.1-22.ia64.rpm 114f1889ef402bf55447b091f25b2f62 2.1ES/en/os/SRPMS/wu-ftpd-2.6.1-22.src.rpm 1b4f737c278d0597fc8597bc80a6137d 2.1ES/en/os/i386/wu-ftpd-2.6.1-22.i386.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/keys.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://www.securiteam.com/unixfocus/6X00Q1P8KC.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0148 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/solutions/security/news/contact.html Copyright 2003 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFATKcWXlSAg2UNWIIRAvKVAJ95Qh5YMdfr1qRyc8FjhBKIV+I0NQCgiAZC nck39E6CgnJpJ4qiraMkeP0= =telJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 10 14:43:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Mar 2004 09:43 -0500 Subject: [RHSA-2004:074-01] Updated kdelibs packages resolve cookie security issue Message-ID: <200403101443.i2AEheY00485@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated kdelibs packages resolve cookie security issue Advisory ID: RHSA-2004:074-01 Issue date: 2004-03-10 Updated on: 2004-03-10 Product: Red Hat Enterprise Linux Keywords: Cross references: Obsoletes: RHSA-2003:236 CVE Names: CAN-2003-0592 - --------------------------------------------------------------------- 1. Topic: Updated kdelibs packages that fix a flaw in cookie path handling are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: Konqueror is a file manager and Web browser for the K Desktop Environment (KDE). Flaws have been found in the cookie path handling between a number of Web browsers and servers. The HTTP cookie standard allows a Web server supplying a cookie to a client to specify a subset of URLs on the origin server to which the cookie applies. Web servers such as Apache do not filter returned cookies and assume that the client will only send back cookies for requests that fall within the server-supplied subset of URLs. However, by supplying URLs that use path traversal (/../) and character encoding, it is possible to fool many browsers into sending a cookie to a path outside of the originally-specified subset. KDE version 3.1.3 and later include a patch to Konquerer that disables the sending of cookies to the server if the URL contains such encoded traversals. Red Hat Enterprise Linux 2.1 shipped with KDE 2.2.2 and is therefore vulnerable to this issue. Users of Konquerer are advised to upgrade to these erratum packages, which contain a backported patch for this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 116805 - CAN-2003-0592 cookie path traversal in Konquerer 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kdelibs-2.2.2-10.src.rpm i386: Available from Red Hat Network: arts-2.2.2-10.i386.rpm Available from Red Hat Network: kdelibs-2.2.2-10.i386.rpm Available from Red Hat Network: kdelibs-devel-2.2.2-10.i386.rpm Available from Red Hat Network: kdelibs-sound-2.2.2-10.i386.rpm Available from Red Hat Network: kdelibs-sound-devel-2.2.2-10.i386.rpm ia64: Available from Red Hat Network: arts-2.2.2-10.ia64.rpm Available from Red Hat Network: kdelibs-2.2.2-10.ia64.rpm Available from Red Hat Network: kdelibs-devel-2.2.2-10.ia64.rpm Available from Red Hat Network: kdelibs-sound-2.2.2-10.ia64.rpm Available from Red Hat Network: kdelibs-sound-devel-2.2.2-10.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdelibs-2.2.2-10.src.rpm ia64: Available from Red Hat Network: arts-2.2.2-10.ia64.rpm Available from Red Hat Network: kdelibs-2.2.2-10.ia64.rpm Available from Red Hat Network: kdelibs-devel-2.2.2-10.ia64.rpm Available from Red Hat Network: kdelibs-sound-2.2.2-10.ia64.rpm Available from Red Hat Network: kdelibs-sound-devel-2.2.2-10.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdelibs-2.2.2-10.src.rpm i386: Available from Red Hat Network: arts-2.2.2-10.i386.rpm Available from Red Hat Network: kdelibs-2.2.2-10.i386.rpm Available from Red Hat Network: kdelibs-devel-2.2.2-10.i386.rpm Available from Red Hat Network: kdelibs-sound-2.2.2-10.i386.rpm Available from Red Hat Network: kdelibs-sound-devel-2.2.2-10.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdelibs-2.2.2-10.src.rpm i386: Available from Red Hat Network: arts-2.2.2-10.i386.rpm Available from Red Hat Network: kdelibs-2.2.2-10.i386.rpm Available from Red Hat Network: kdelibs-devel-2.2.2-10.i386.rpm Available from Red Hat Network: kdelibs-sound-2.2.2-10.i386.rpm Available from Red Hat Network: kdelibs-sound-devel-2.2.2-10.i386.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 569378266546fb3aa833e3052f983917 2.1AS/en/os/SRPMS/kdelibs-2.2.2-10.src.rpm 8781f1ac18fe2813d02d68c7400e473f 2.1AS/en/os/i386/arts-2.2.2-10.i386.rpm 0ee66509b9a38c09391023ebd6ac30e8 2.1AS/en/os/i386/kdelibs-2.2.2-10.i386.rpm c78b1cfb2e706eb2f5e72a28b082a721 2.1AS/en/os/i386/kdelibs-devel-2.2.2-10.i386.rpm fcef6a959c6e6160a4c7aad50de9febc 2.1AS/en/os/i386/kdelibs-sound-2.2.2-10.i386.rpm 67c63b68c11a0e405119bba4abeba065 2.1AS/en/os/i386/kdelibs-sound-devel-2.2.2-10.i386.rpm 4df427579dfeece2d72c6b231b5ae2c8 2.1AS/en/os/ia64/arts-2.2.2-10.ia64.rpm a03eb69624de617a078f121cb21b43b4 2.1AS/en/os/ia64/kdelibs-2.2.2-10.ia64.rpm 5a6c7b7f60be4071cb4d384051484683 2.1AS/en/os/ia64/kdelibs-devel-2.2.2-10.ia64.rpm 78ab2ac813c560892b5036a97afe8522 2.1AS/en/os/ia64/kdelibs-sound-2.2.2-10.ia64.rpm be6b0755d5f4d87b5cbdcb1aecf0c37d 2.1AS/en/os/ia64/kdelibs-sound-devel-2.2.2-10.ia64.rpm 569378266546fb3aa833e3052f983917 2.1AW/en/os/SRPMS/kdelibs-2.2.2-10.src.rpm 4df427579dfeece2d72c6b231b5ae2c8 2.1AW/en/os/ia64/arts-2.2.2-10.ia64.rpm a03eb69624de617a078f121cb21b43b4 2.1AW/en/os/ia64/kdelibs-2.2.2-10.ia64.rpm 5a6c7b7f60be4071cb4d384051484683 2.1AW/en/os/ia64/kdelibs-devel-2.2.2-10.ia64.rpm 78ab2ac813c560892b5036a97afe8522 2.1AW/en/os/ia64/kdelibs-sound-2.2.2-10.ia64.rpm be6b0755d5f4d87b5cbdcb1aecf0c37d 2.1AW/en/os/ia64/kdelibs-sound-devel-2.2.2-10.ia64.rpm 569378266546fb3aa833e3052f983917 2.1ES/en/os/SRPMS/kdelibs-2.2.2-10.src.rpm 8781f1ac18fe2813d02d68c7400e473f 2.1ES/en/os/i386/arts-2.2.2-10.i386.rpm 0ee66509b9a38c09391023ebd6ac30e8 2.1ES/en/os/i386/kdelibs-2.2.2-10.i386.rpm c78b1cfb2e706eb2f5e72a28b082a721 2.1ES/en/os/i386/kdelibs-devel-2.2.2-10.i386.rpm fcef6a959c6e6160a4c7aad50de9febc 2.1ES/en/os/i386/kdelibs-sound-2.2.2-10.i386.rpm 67c63b68c11a0e405119bba4abeba065 2.1ES/en/os/i386/kdelibs-sound-devel-2.2.2-10.i386.rpm 569378266546fb3aa833e3052f983917 2.1WS/en/os/SRPMS/kdelibs-2.2.2-10.src.rpm 8781f1ac18fe2813d02d68c7400e473f 2.1WS/en/os/i386/arts-2.2.2-10.i386.rpm 0ee66509b9a38c09391023ebd6ac30e8 2.1WS/en/os/i386/kdelibs-2.2.2-10.i386.rpm c78b1cfb2e706eb2f5e72a28b082a721 2.1WS/en/os/i386/kdelibs-devel-2.2.2-10.i386.rpm fcef6a959c6e6160a4c7aad50de9febc 2.1WS/en/os/i386/kdelibs-sound-2.2.2-10.i386.rpm 67c63b68c11a0e405119bba4abeba065 2.1WS/en/os/i386/kdelibs-sound-devel-2.2.2-10.i386.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/keys.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0592 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/solutions/security/news/contact.html Copyright 2003 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFATymVXlSAg2UNWIIRAl4nAKCuGRHdVyCrquvbzZv5aZNIuulXkgCggW32 tgAhRQyufuzflolS3QEAt6Y= =7HI4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 10 16:27:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Mar 2004 11:27 -0500 Subject: [RHSA-2004:103-01] Updated gdk-pixbuf packages fix crash Message-ID: <200403101627.i2AGRBY08944@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated gdk-pixbuf packages fix crash Advisory ID: RHSA-2004:103-01 Issue date: 2004-03-10 Updated on: 2004-03-10 Product: Red Hat Enterprise Linux Keywords: DoS Cross references: Obsoletes: CVE Names: CAN-2004-0111 - --------------------------------------------------------------------- 1. Topic: Updated gdk-pixbuf packages that fix a crash are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. Thomas Kristensen discovered a bitmap file that would cause versions of gdk-pixbuf prior to 0.20 to crash. To exploit this flaw, an attacker would need to get a victim to open a carefully-crafted BMP file in an application that used gdk-pixbuf. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0111 to this issue. Users are advised to upgrade to these updated packages containing gdk-pixbuf version 0.22, which is not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 116918 - CAN-2004-0111 gdk-pixbuf can crash with malicious BMP file 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gdk-pixbuf-0.22.0-6.0.3.src.rpm i386: Available from Red Hat Network: gdk-pixbuf-0.22.0-6.0.3.i386.rpm Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.0.3.i386.rpm Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.0.3.i386.rpm ia64: Available from Red Hat Network: gdk-pixbuf-0.22.0-6.0.3.ia64.rpm Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.0.3.ia64.rpm Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.0.3.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gdk-pixbuf-0.22.0-6.0.3.src.rpm ia64: Available from Red Hat Network: gdk-pixbuf-0.22.0-6.0.3.ia64.rpm Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.0.3.ia64.rpm Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.0.3.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gdk-pixbuf-0.22.0-6.0.3.src.rpm i386: Available from Red Hat Network: gdk-pixbuf-0.22.0-6.0.3.i386.rpm Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.0.3.i386.rpm Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.0.3.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gdk-pixbuf-0.22.0-6.0.3.src.rpm i386: Available from Red Hat Network: gdk-pixbuf-0.22.0-6.0.3.i386.rpm Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.0.3.i386.rpm Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.0.3.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gdk-pixbuf-0.22.0-6.1.1.src.rpm i386: Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.i386.rpm Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.i386.rpm Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.i386.rpm ia64: Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.ia64.rpm Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.ia64.rpm Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.ia64.rpm ppc: Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.ppc.rpm Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.ppc.rpm Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.ppc.rpm s390: Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.s390.rpm Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.s390.rpm Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.s390.rpm s390x: Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.s390x.rpm Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.s390x.rpm Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.s390x.rpm x86_64: Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.x86_64.rpm Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.x86_64.rpm Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gdk-pixbuf-0.22.0-6.1.1.src.rpm i386: Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.i386.rpm Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.i386.rpm Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.i386.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gdk-pixbuf-0.22.0-6.1.1.src.rpm i386: Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.i386.rpm Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.i386.rpm Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.i386.rpm ia64: Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.ia64.rpm Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.ia64.rpm Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.ia64.rpm x86_64: Available from Red Hat Network: gdk-pixbuf-0.22.0-6.1.1.x86_64.rpm Available from Red Hat Network: gdk-pixbuf-devel-0.22.0-6.1.1.x86_64.rpm Available from Red Hat Network: gdk-pixbuf-gnome-0.22.0-6.1.1.x86_64.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 128970a02d0b6b3b6dd753e677fa9db8 2.1AS/en/os/SRPMS/gdk-pixbuf-0.22.0-6.0.3.src.rpm 084ca13b2aa023e61d8acb6c637a9fdd 2.1AS/en/os/i386/gdk-pixbuf-0.22.0-6.0.3.i386.rpm 5dc773beabca6a1dcc5fe2e08989514c 2.1AS/en/os/i386/gdk-pixbuf-devel-0.22.0-6.0.3.i386.rpm 87701753099582e758e51e811f878ecc 2.1AS/en/os/i386/gdk-pixbuf-gnome-0.22.0-6.0.3.i386.rpm 0282b12c24d29dbd107f60309fc26c95 2.1AS/en/os/ia64/gdk-pixbuf-0.22.0-6.0.3.ia64.rpm c7e702ed2b2868d67e7e2a6e299ca0f9 2.1AS/en/os/ia64/gdk-pixbuf-devel-0.22.0-6.0.3.ia64.rpm 229cd0ae2acc0cde6289eec8a7f352c7 2.1AS/en/os/ia64/gdk-pixbuf-gnome-0.22.0-6.0.3.ia64.rpm 128970a02d0b6b3b6dd753e677fa9db8 2.1AW/en/os/SRPMS/gdk-pixbuf-0.22.0-6.0.3.src.rpm 0282b12c24d29dbd107f60309fc26c95 2.1AW/en/os/ia64/gdk-pixbuf-0.22.0-6.0.3.ia64.rpm c7e702ed2b2868d67e7e2a6e299ca0f9 2.1AW/en/os/ia64/gdk-pixbuf-devel-0.22.0-6.0.3.ia64.rpm 229cd0ae2acc0cde6289eec8a7f352c7 2.1AW/en/os/ia64/gdk-pixbuf-gnome-0.22.0-6.0.3.ia64.rpm 128970a02d0b6b3b6dd753e677fa9db8 2.1ES/en/os/SRPMS/gdk-pixbuf-0.22.0-6.0.3.src.rpm 084ca13b2aa023e61d8acb6c637a9fdd 2.1ES/en/os/i386/gdk-pixbuf-0.22.0-6.0.3.i386.rpm 5dc773beabca6a1dcc5fe2e08989514c 2.1ES/en/os/i386/gdk-pixbuf-devel-0.22.0-6.0.3.i386.rpm 87701753099582e758e51e811f878ecc 2.1ES/en/os/i386/gdk-pixbuf-gnome-0.22.0-6.0.3.i386.rpm 128970a02d0b6b3b6dd753e677fa9db8 2.1WS/en/os/SRPMS/gdk-pixbuf-0.22.0-6.0.3.src.rpm 084ca13b2aa023e61d8acb6c637a9fdd 2.1WS/en/os/i386/gdk-pixbuf-0.22.0-6.0.3.i386.rpm 5dc773beabca6a1dcc5fe2e08989514c 2.1WS/en/os/i386/gdk-pixbuf-devel-0.22.0-6.0.3.i386.rpm 87701753099582e758e51e811f878ecc 2.1WS/en/os/i386/gdk-pixbuf-gnome-0.22.0-6.0.3.i386.rpm a49877536890e2e1cd1e55ff600ae263 3AS/en/os/SRPMS/gdk-pixbuf-0.22.0-6.1.1.src.rpm fa03a5b2b441bae8338a17f884d0ad5d 3AS/en/os/i386/gdk-pixbuf-0.22.0-6.1.1.i386.rpm 9b1e815c0dc937c03c3095c9299b99e0 3AS/en/os/i386/gdk-pixbuf-devel-0.22.0-6.1.1.i386.rpm 92a8e1f2a6743dc1e4a3abac6db25c58 3AS/en/os/i386/gdk-pixbuf-gnome-0.22.0-6.1.1.i386.rpm 224507a5e24f6072b248371a266af5e9 3AS/en/os/ia64/gdk-pixbuf-0.22.0-6.1.1.ia64.rpm 47370691824a745e336dd00ec4a4fd4f 3AS/en/os/ia64/gdk-pixbuf-devel-0.22.0-6.1.1.ia64.rpm 3f12660f4158b339571f2adeeffb68d1 3AS/en/os/ia64/gdk-pixbuf-gnome-0.22.0-6.1.1.ia64.rpm e0e7a3e905768769e2a8928f68996748 3AS/en/os/ppc/gdk-pixbuf-0.22.0-6.1.1.ppc.rpm 72610308a9609c69ec8bd880c2baaf0a 3AS/en/os/ppc/gdk-pixbuf-devel-0.22.0-6.1.1.ppc.rpm a4f425224ffd6a79a433364e2ba5b48a 3AS/en/os/ppc/gdk-pixbuf-gnome-0.22.0-6.1.1.ppc.rpm ade26a54f2f46b023375208faabe330d 3AS/en/os/s390/gdk-pixbuf-0.22.0-6.1.1.s390.rpm 8d5831f05f263aa2ad8351a073acb4e5 3AS/en/os/s390/gdk-pixbuf-devel-0.22.0-6.1.1.s390.rpm 34d8e15b8ed3ebc40ecafef2d8d31495 3AS/en/os/s390/gdk-pixbuf-gnome-0.22.0-6.1.1.s390.rpm 9447f1d9aa3085787fca10483448a08b 3AS/en/os/s390x/gdk-pixbuf-0.22.0-6.1.1.s390x.rpm bd64e3669337df7f5c25447cd47804a4 3AS/en/os/s390x/gdk-pixbuf-devel-0.22.0-6.1.1.s390x.rpm 78d6d4f9a4338b909f3e44b5f49e9127 3AS/en/os/s390x/gdk-pixbuf-gnome-0.22.0-6.1.1.s390x.rpm 2ba13b1af3f8eec7ec8320be10310073 3AS/en/os/x86_64/gdk-pixbuf-0.22.0-6.1.1.x86_64.rpm 292efbac89a92e2caab6d57e85568877 3AS/en/os/x86_64/gdk-pixbuf-devel-0.22.0-6.1.1.x86_64.rpm 847dad18037832f5642a9b2ef7a139ab 3AS/en/os/x86_64/gdk-pixbuf-gnome-0.22.0-6.1.1.x86_64.rpm a49877536890e2e1cd1e55ff600ae263 3ES/en/os/SRPMS/gdk-pixbuf-0.22.0-6.1.1.src.rpm fa03a5b2b441bae8338a17f884d0ad5d 3ES/en/os/i386/gdk-pixbuf-0.22.0-6.1.1.i386.rpm 9b1e815c0dc937c03c3095c9299b99e0 3ES/en/os/i386/gdk-pixbuf-devel-0.22.0-6.1.1.i386.rpm 92a8e1f2a6743dc1e4a3abac6db25c58 3ES/en/os/i386/gdk-pixbuf-gnome-0.22.0-6.1.1.i386.rpm a49877536890e2e1cd1e55ff600ae263 3WS/en/os/SRPMS/gdk-pixbuf-0.22.0-6.1.1.src.rpm fa03a5b2b441bae8338a17f884d0ad5d 3WS/en/os/i386/gdk-pixbuf-0.22.0-6.1.1.i386.rpm 9b1e815c0dc937c03c3095c9299b99e0 3WS/en/os/i386/gdk-pixbuf-devel-0.22.0-6.1.1.i386.rpm 92a8e1f2a6743dc1e4a3abac6db25c58 3WS/en/os/i386/gdk-pixbuf-gnome-0.22.0-6.1.1.i386.rpm 224507a5e24f6072b248371a266af5e9 3WS/en/os/ia64/gdk-pixbuf-0.22.0-6.1.1.ia64.rpm 47370691824a745e336dd00ec4a4fd4f 3WS/en/os/ia64/gdk-pixbuf-devel-0.22.0-6.1.1.ia64.rpm 3f12660f4158b339571f2adeeffb68d1 3WS/en/os/ia64/gdk-pixbuf-gnome-0.22.0-6.1.1.ia64.rpm 2ba13b1af3f8eec7ec8320be10310073 3WS/en/os/x86_64/gdk-pixbuf-0.22.0-6.1.1.x86_64.rpm 292efbac89a92e2caab6d57e85568877 3WS/en/os/x86_64/gdk-pixbuf-devel-0.22.0-6.1.1.x86_64.rpm 847dad18037832f5642a9b2ef7a139ab 3WS/en/os/x86_64/gdk-pixbuf-gnome-0.22.0-6.1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/keys.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0111 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/solutions/security/news/contact.html Copyright 2003 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAT0HYXlSAg2UNWIIRAh+IAJ9GKtHxNcUpPrS/irIxs+nBJdwSWACeLQ7i +UNHB2Fx7j4wvwEDQZjrTs8= =BzDy -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 10 20:03:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Mar 2004 15:03 -0500 Subject: [RHSA-2004:053-01] Updated sysstat packages fix security vulnerabilities Message-ID: <200403102003.i2AK3JY22787@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated sysstat packages fix security vulnerabilities Advisory ID: RHSA-2004:053-01 Issue date: 2004-03-10 Updated on: 2004-03-10 Product: Red Hat Enterprise Linux Keywords: Cross references: Obsoletes: CVE Names: CAN-2004-0107 CAN-2004-0108 - --------------------------------------------------------------------- 1. Topic: Updated sysstat packages that fix various bugs and security issues are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Sysstat is a tool for gathering system statistics. Isag is a utility for graphically displaying these statistics. A bug was found in the Red Hat sysstat package post and trigger scripts, which used insecure temporary file names. A local attacker could overwrite system files using carefully-crafted symbolic links in the /tmp directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0107 to this issue. While fixing this issue, a flaw was discovered in the isag utility, which also used insecure temporary file names. A local attacker could overwrite files that the user running isag has write access to using carefully-crafted symbolic links in the /tmp directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0108 to this issue. Other issues addressed in this advisory include: * iostat -x should return all partitions on the system (up to a maximum of 1024) * sar should handle network device names with more than 8 characters properly * mpstat should work correctly with more than 7 CPUs as well as generate correct statistics when accessing individual CPUs. This issue only affected Red Hat Enterprise Linux 2.1 * The sysstat package was not built with the proper dependencies; therefore, it was possible that isag could not be run because the necessary tools were not available. Therefore, isag was split off into its own subpackage with the required dependencies in place. This issue only affects Red Hat Enterprise Linux 2.1. Users of sysstat and isag should upgrade to these updated packages, which contain patches to correct these issues. NOTE: In order to use isag on Red Hat Enterprise Linux 2.1, you must install the sysstat-isag package after upgrading. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 78212 - sysstat package post scripts, trigger scripts use insecure tmp files 90574 - mpstat doesn't report on more than 7 cpus 92052 - sar doesn't seem to handle interface names greater than eight chars 110822 - RHEL 3 U2: iostat -x only returns a small set of the partitions on the system 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/sysstat-4.0.1-12.src.rpm i386: Available from Red Hat Network: sysstat-4.0.1-12.i386.rpm Available from Red Hat Network: sysstat-isag-4.0.1-12.i386.rpm ia64: Available from Red Hat Network: sysstat-4.0.1-12.ia64.rpm Available from Red Hat Network: sysstat-isag-4.0.1-12.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/sysstat-4.0.1-12.src.rpm ia64: Available from Red Hat Network: sysstat-4.0.1-12.ia64.rpm Available from Red Hat Network: sysstat-isag-4.0.1-12.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/sysstat-4.0.1-12.src.rpm i386: Available from Red Hat Network: sysstat-4.0.1-12.i386.rpm Available from Red Hat Network: sysstat-isag-4.0.1-12.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/sysstat-4.0.1-12.src.rpm i386: Available from Red Hat Network: sysstat-4.0.1-12.i386.rpm Available from Red Hat Network: sysstat-isag-4.0.1-12.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/sysstat-4.0.7-4.EL3.2.src.rpm i386: Available from Red Hat Network: sysstat-4.0.7-4.EL3.2.i386.rpm ia64: Available from Red Hat Network: sysstat-4.0.7-4.EL3.2.ia64.rpm ppc: Available from Red Hat Network: sysstat-4.0.7-4.EL3.2.ppc.rpm s390: Available from Red Hat Network: sysstat-4.0.7-4.EL3.2.s390.rpm s390x: Available from Red Hat Network: sysstat-4.0.7-4.EL3.2.s390x.rpm x86_64: Available from Red Hat Network: sysstat-4.0.7-4.EL3.2.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/sysstat-4.0.7-4.EL3.2.src.rpm i386: Available from Red Hat Network: sysstat-4.0.7-4.EL3.2.i386.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/sysstat-4.0.7-4.EL3.2.src.rpm i386: Available from Red Hat Network: sysstat-4.0.7-4.EL3.2.i386.rpm ia64: Available from Red Hat Network: sysstat-4.0.7-4.EL3.2.ia64.rpm x86_64: Available from Red Hat Network: sysstat-4.0.7-4.EL3.2.x86_64.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 176f1fd17f8265c8de4bc93d1bd1b514 2.1AS/en/os/SRPMS/sysstat-4.0.1-12.src.rpm b80a452325ad02680631550c2c3b6a85 2.1AS/en/os/i386/sysstat-4.0.1-12.i386.rpm 9aa4781c7439d156db671588dac188f3 2.1AS/en/os/i386/sysstat-isag-4.0.1-12.i386.rpm 49239a90e360bef7b37f7d554d259796 2.1AS/en/os/ia64/sysstat-4.0.1-12.ia64.rpm 34ba11ecc8131ee90ad2a365d7e5bee7 2.1AS/en/os/ia64/sysstat-isag-4.0.1-12.ia64.rpm 176f1fd17f8265c8de4bc93d1bd1b514 2.1AW/en/os/SRPMS/sysstat-4.0.1-12.src.rpm 49239a90e360bef7b37f7d554d259796 2.1AW/en/os/ia64/sysstat-4.0.1-12.ia64.rpm 34ba11ecc8131ee90ad2a365d7e5bee7 2.1AW/en/os/ia64/sysstat-isag-4.0.1-12.ia64.rpm 176f1fd17f8265c8de4bc93d1bd1b514 2.1ES/en/os/SRPMS/sysstat-4.0.1-12.src.rpm b80a452325ad02680631550c2c3b6a85 2.1ES/en/os/i386/sysstat-4.0.1-12.i386.rpm 9aa4781c7439d156db671588dac188f3 2.1ES/en/os/i386/sysstat-isag-4.0.1-12.i386.rpm 176f1fd17f8265c8de4bc93d1bd1b514 2.1WS/en/os/SRPMS/sysstat-4.0.1-12.src.rpm b80a452325ad02680631550c2c3b6a85 2.1WS/en/os/i386/sysstat-4.0.1-12.i386.rpm 9aa4781c7439d156db671588dac188f3 2.1WS/en/os/i386/sysstat-isag-4.0.1-12.i386.rpm 724dbc7aaed96c05eab1ce93f43e6c5f 3AS/en/os/SRPMS/sysstat-4.0.7-4.EL3.2.src.rpm 1000e06056fd11484b2cf6f564e3bd52 3AS/en/os/i386/sysstat-4.0.7-4.EL3.2.i386.rpm 22fee83220ce18416e50e0a9873e6e20 3AS/en/os/ia64/sysstat-4.0.7-4.EL3.2.ia64.rpm d3c02ee264f1bf914b370bd94339e358 3AS/en/os/ppc/sysstat-4.0.7-4.EL3.2.ppc.rpm 834d6055749a352b536a2a7d65539c55 3AS/en/os/s390/sysstat-4.0.7-4.EL3.2.s390.rpm 098e4e7fe84ffc54349071d4b9f24031 3AS/en/os/s390x/sysstat-4.0.7-4.EL3.2.s390x.rpm b1dce2547aa02fed9a5adfa4648b762e 3AS/en/os/x86_64/sysstat-4.0.7-4.EL3.2.x86_64.rpm 724dbc7aaed96c05eab1ce93f43e6c5f 3ES/en/os/SRPMS/sysstat-4.0.7-4.EL3.2.src.rpm 1000e06056fd11484b2cf6f564e3bd52 3ES/en/os/i386/sysstat-4.0.7-4.EL3.2.i386.rpm 724dbc7aaed96c05eab1ce93f43e6c5f 3WS/en/os/SRPMS/sysstat-4.0.7-4.EL3.2.src.rpm 1000e06056fd11484b2cf6f564e3bd52 3WS/en/os/i386/sysstat-4.0.7-4.EL3.2.i386.rpm 22fee83220ce18416e50e0a9873e6e20 3WS/en/os/ia64/sysstat-4.0.7-4.EL3.2.ia64.rpm b1dce2547aa02fed9a5adfa4648b762e 3WS/en/os/x86_64/sysstat-4.0.7-4.EL3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/keys.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0108 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/solutions/security/news/contact.html Copyright 2003 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAT3SFXlSAg2UNWIIRAkzCAKCKvrh2r5QWC0Ldycv6b50zKCBdNQCdHVFy cuG08jpwzNXfyCovO2ik+wc= =8DJe -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 17 12:37:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 17 Mar 2004 07:37 -0500 Subject: [RHSA-2004:119-01] Updated OpenSSL packages fix vulnerabilities Message-ID: <200403171237.i2HCb6l05095@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated OpenSSL packages fix vulnerabilities Advisory ID: RHSA-2004:119-01 Issue date: 2004-03-17 Updated on: 2004-03-17 Product: Red Hat Enterprise Linux Keywords: DoS Cross references: Obsoletes: RHSA-2003:293 CVE Names: CAN-2004-0081 CAN-2003-0851 - --------------------------------------------------------------------- 1. Topic: Updated OpenSSL packages that fix a remote denial of service vulnerability are now available for Red Hat Enterprise Linux 2.1. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, i686, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386, i686 Red Hat Enterprise Linux WS version 2.1 - i386, i686 3. Problem description: OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that can lead to a denial of service attack (infinite loop). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0081 to this issue. Testing performed by Novell using a test suite provided by NISCC uncovered an issue in the ASN.1 parser in versions of OpenSSL 0.9.6 prior to 0.9.6l which could cause large recursion and possibly lead to a denial of service attack if used where stack space is limited. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0851 to this issue. These updated packages contain patches provided by the OpenSSL group that protect against these issues. NOTE: Because server applications are affected by this issue, users are advised to either restart all services using OpenSSL functionality or restart their system after installing these updated packages. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 117771 - CAN-2004-0081 OpenSSL flaw 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl-0.9.6b-36.src.rpm ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl095a-0.9.5a-24.src.rpm ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl096-0.9.6-25.7.src.rpm i386: Available from Red Hat Network: openssl-0.9.6b-36.i386.rpm Available from Red Hat Network: openssl-devel-0.9.6b-36.i386.rpm Available from Red Hat Network: openssl-perl-0.9.6b-36.i386.rpm Available from Red Hat Network: openssl095a-0.9.5a-24.i386.rpm Available from Red Hat Network: openssl096-0.9.6-25.7.i386.rpm i686: Available from Red Hat Network: openssl-0.9.6b-36.i686.rpm ia64: Available from Red Hat Network: openssl-0.9.6b-36.ia64.rpm Available from Red Hat Network: openssl-devel-0.9.6b-36.ia64.rpm Available from Red Hat Network: openssl-perl-0.9.6b-36.ia64.rpm Available from Red Hat Network: openssl095a-0.9.5a-24.ia64.rpm Available from Red Hat Network: openssl096-0.9.6-25.7.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl-0.9.6b-36.src.rpm ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl095a-0.9.5a-24.src.rpm ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl096-0.9.6-25.7.src.rpm ia64: Available from Red Hat Network: openssl-0.9.6b-36.ia64.rpm Available from Red Hat Network: openssl-devel-0.9.6b-36.ia64.rpm Available from Red Hat Network: openssl-perl-0.9.6b-36.ia64.rpm Available from Red Hat Network: openssl095a-0.9.5a-24.ia64.rpm Available from Red Hat Network: openssl096-0.9.6-25.7.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openssl-0.9.6b-36.src.rpm i386: Available from Red Hat Network: openssl-0.9.6b-36.i386.rpm Available from Red Hat Network: openssl-devel-0.9.6b-36.i386.rpm Available from Red Hat Network: openssl-perl-0.9.6b-36.i386.rpm i686: Available from Red Hat Network: openssl-0.9.6b-36.i686.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openssl-0.9.6b-36.src.rpm i386: Available from Red Hat Network: openssl-0.9.6b-36.i386.rpm Available from Red Hat Network: openssl-devel-0.9.6b-36.i386.rpm Available from Red Hat Network: openssl-perl-0.9.6b-36.i386.rpm i686: Available from Red Hat Network: openssl-0.9.6b-36.i686.rpm 7. Verificationx: MD5 sum Package Name - -------------------------------------------------------------------------- 8f3d7ca8ef6a47d00259a519c239e5d3 2.1AS/en/os/SRPMS/openssl-0.9.6b-36.src.rpm e3842e7dab9f5cb4efa251dd16205135 2.1AS/en/os/SRPMS/openssl095a-0.9.5a-24.src.rpm 36c81d8e1e6a26b922ef0c73ce3eb539 2.1AS/en/os/SRPMS/openssl096-0.9.6-25.7.src.rpm 439f47a177c1b01d3878b97625460ea9 2.1AS/en/os/i386/openssl-0.9.6b-36.i386.rpm 54b446957432342efa342dd05337f948 2.1AS/en/os/i386/openssl-devel-0.9.6b-36.i386.rpm db43fc0a9401abfc062082fa4e608846 2.1AS/en/os/i386/openssl-perl-0.9.6b-36.i386.rpm f47e4ea5755b24338b70cec6ce8f8733 2.1AS/en/os/i386/openssl095a-0.9.5a-24.i386.rpm f44addfbcb59aad27e712dbef8e4034d 2.1AS/en/os/i386/openssl096-0.9.6-25.7.i386.rpm ef981571de5836325a38e14bfb3201d0 2.1AS/en/os/i686/openssl-0.9.6b-36.i686.rpm 571963bdfc587a2f1466d2b8cb398281 2.1AS/en/os/ia64/openssl-0.9.6b-36.ia64.rpm 1925243ab935d22540fc178e36617f74 2.1AS/en/os/ia64/openssl-devel-0.9.6b-36.ia64.rpm 627fc8b39db3c9980243a407f8eebee9 2.1AS/en/os/ia64/openssl-perl-0.9.6b-36.ia64.rpm eabcdec0a8336fb9131d835a27e9f869 2.1AS/en/os/ia64/openssl095a-0.9.5a-24.ia64.rpm c2949d24e2bbd0135971bde45e19ca85 2.1AS/en/os/ia64/openssl096-0.9.6-25.7.ia64.rpm 8f3d7ca8ef6a47d00259a519c239e5d3 2.1AW/en/os/SRPMS/openssl-0.9.6b-36.src.rpm e3842e7dab9f5cb4efa251dd16205135 2.1AW/en/os/SRPMS/openssl095a-0.9.5a-24.src.rpm 36c81d8e1e6a26b922ef0c73ce3eb539 2.1AW/en/os/SRPMS/openssl096-0.9.6-25.7.src.rpm 571963bdfc587a2f1466d2b8cb398281 2.1AW/en/os/ia64/openssl-0.9.6b-36.ia64.rpm 1925243ab935d22540fc178e36617f74 2.1AW/en/os/ia64/openssl-devel-0.9.6b-36.ia64.rpm 627fc8b39db3c9980243a407f8eebee9 2.1AW/en/os/ia64/openssl-perl-0.9.6b-36.ia64.rpm eabcdec0a8336fb9131d835a27e9f869 2.1AW/en/os/ia64/openssl095a-0.9.5a-24.ia64.rpm c2949d24e2bbd0135971bde45e19ca85 2.1AW/en/os/ia64/openssl096-0.9.6-25.7.ia64.rpm 8f3d7ca8ef6a47d00259a519c239e5d3 2.1ES/en/os/SRPMS/openssl-0.9.6b-36.src.rpm 439f47a177c1b01d3878b97625460ea9 2.1ES/en/os/i386/openssl-0.9.6b-36.i386.rpm 54b446957432342efa342dd05337f948 2.1ES/en/os/i386/openssl-devel-0.9.6b-36.i386.rpm db43fc0a9401abfc062082fa4e608846 2.1ES/en/os/i386/openssl-perl-0.9.6b-36.i386.rpm ef981571de5836325a38e14bfb3201d0 2.1ES/en/os/i686/openssl-0.9.6b-36.i686.rpm 8f3d7ca8ef6a47d00259a519c239e5d3 2.1WS/en/os/SRPMS/openssl-0.9.6b-36.src.rpm 439f47a177c1b01d3878b97625460ea9 2.1WS/en/os/i386/openssl-0.9.6b-36.i386.rpm 54b446957432342efa342dd05337f948 2.1WS/en/os/i386/openssl-devel-0.9.6b-36.i386.rpm db43fc0a9401abfc062082fa4e608846 2.1WS/en/os/i386/openssl-perl-0.9.6b-36.i386.rpm ef981571de5836325a38e14bfb3201d0 2.1WS/en/os/i686/openssl-0.9.6b-36.i686.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/keys.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://www.codenomicon.com/testtools/tls/ http://www.niscc.gov.uk/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0851 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/solutions/security/news/contact.html Copyright 2003 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAWEZaXlSAg2UNWIIRAuQqAKC8szOgScXZgUFYi+Jr/o3eByySnwCcClZX qvj+0FFcUh+ZuwRufd4eUxg= =6Jjb -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 17 13:59:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 17 Mar 2004 08:59 -0500 Subject: [RHSA-2004:120-01] Updated OpenSSL packages fix vulnerabilities Message-ID: <200403171359.i2HDxTl08613@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated OpenSSL packages fix vulnerabilities Advisory ID: RHSA-2004:120-01 Issue date: 2004-03-17 Updated on: 2004-03-17 Product: Red Hat Enterprise Linux Keywords: DoS Cross references: Obsoletes: RHBA-2003:295 CVE Names: CAN-2004-0079 CAN-2004-0081 CAN-2004-0112 - --------------------------------------------------------------------- 1. Topic: Updated OpenSSL packages that fix several remote denial of service vulnerabilities are available for Red Hat Enterprise Linux 3. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, i686, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, i686 Red Hat Enterprise Linux WS version 3 - i386, i686, ia64, x86_64 3. Problem description: The OpenSSL toolkit implements Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1) protocols, and serves as a full-strength general purpose cryptography library. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function in OpenSSL 0.9.6c-0.9.6k and 0.9.7a-0.9.7c. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that uses the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0079 to this issue. Stephen Henson discovered a flaw in SSL/TLS handshaking code when using Kerberos ciphersuites in OpenSSL 0.9.7a-0.9.7c. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos ciphersuites and will therefore be unaffected by this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0112 to this issue. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that may lead to a denial of service attack (infinite loop). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0081 to this issue. This issue affects only the OpenSSL compatibility packages shipped with Red Hat Enterprise Linux 3. These updated packages contain patches provided by the OpenSSL group that protect against these issues. Additionally, the version of libica included in the OpenSSL packages has been updated to 1.3.5. This only affects IBM s390 and IBM eServer zSeries customers and is required for the latest openCryptoki packages. NOTE: Because server applications are affected by this issue, users are advised to either restart all services that use OpenSSL functionality or restart their systems after installing these updates. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 117770 - CAN-2004-0079/0081/0112 Flaws in OpenSSL 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl-0.9.7a-33.4.src.rpm ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl096b-0.9.6b-16.src.rpm i386: Available from Red Hat Network: openssl-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.i386.rpm i686: Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm ia64: Available from Red Hat Network: openssl-0.9.7a-33.4.ia64.rpm Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.ia64.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.ia64.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.ia64.rpm ppc: Available from Red Hat Network: openssl-0.9.7a-33.4.ppc.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.ppc.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.ppc.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.ppc.rpm ppc64: Available from Red Hat Network: openssl-0.9.7a-33.4.ppc64.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.ppc64.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.ppc64.rpm s390: Available from Red Hat Network: openssl-0.9.7a-33.4.s390.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.s390.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.s390.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.s390.rpm s390x: Available from Red Hat Network: openssl-0.9.7a-33.4.s390x.rpm Available from Red Hat Network: openssl-0.9.7a-33.4.s390.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.s390x.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.s390x.rpm x86_64: Available from Red Hat Network: openssl-0.9.7a-33.4.x86_64.rpm Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.x86_64.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.x86_64.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl-0.9.7a-33.4.src.rpm ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl096b-0.9.6b-16.src.rpm i386: Available from Red Hat Network: openssl-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.i386.rpm i686: Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl-0.9.7a-33.4.src.rpm ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl096b-0.9.6b-16.src.rpm i386: Available from Red Hat Network: openssl-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.i386.rpm i686: Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm ia64: Available from Red Hat Network: openssl-0.9.7a-33.4.ia64.rpm Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.ia64.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.ia64.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.ia64.rpm x86_64: Available from Red Hat Network: openssl-0.9.7a-33.4.x86_64.rpm Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.x86_64.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.x86_64.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.x86_64.rpm 7. Verificationx: MD5 sum Package Name - -------------------------------------------------------------------------- 3b3b2a993ec786f7a1f31c7ec284ea1e 3AS/en/os/SRPMS/openssl-0.9.7a-33.4.src.rpm fbe9785da72499e6a1bd2063ed6f4c98 3AS/en/os/SRPMS/openssl096b-0.9.6b-16.src.rpm d05bb8902819dc2c689a70e9db80d744 3AS/en/os/i386/openssl-0.9.7a-33.4.i386.rpm 3f3d4ecbe4b1587939502f92f24e2b37 3AS/en/os/i386/openssl-devel-0.9.7a-33.4.i386.rpm 7dbb734563c4c2ba2b1c4f2908e452ce 3AS/en/os/i386/openssl-perl-0.9.7a-33.4.i386.rpm 01f99bab463ea2a0c34a2435776bbb07 3AS/en/os/i386/openssl096b-0.9.6b-16.i386.rpm 23ea387b8e0d59674b221cf6bd711da5 3AS/en/os/i686/openssl-0.9.7a-33.4.i686.rpm 55cabb0cf72a17fbdc4ec3f645189506 3AS/en/os/ia64/openssl-0.9.7a-33.4.ia64.rpm 23ea387b8e0d59674b221cf6bd711da5 3AS/en/os/ia64/openssl-0.9.7a-33.4.i686.rpm 3199e19f8077fc05b34315f214ac721c 3AS/en/os/ia64/openssl-devel-0.9.7a-33.4.ia64.rpm c861a0dd00d2f843ac8c7865f78103b2 3AS/en/os/ia64/openssl-perl-0.9.7a-33.4.ia64.rpm 0152bfbded573d76abe5463cdda0f12f 3AS/en/os/ia64/openssl096b-0.9.6b-16.ia64.rpm 99c6aeac7b0ea8535e1984459d76e3bf 3AS/en/os/ppc/openssl-0.9.7a-33.4.ppc.rpm 76ebb7864ad21d231a557a0819ec9de9 3AS/en/os/ppc/openssl-devel-0.9.7a-33.4.ppc.rpm cfe5035405485155fad6e270f62ac383 3AS/en/os/ppc/openssl-perl-0.9.7a-33.4.ppc.rpm 4e648449f2c1db92a638b0287fd42165 3AS/en/os/ppc/openssl096b-0.9.6b-16.ppc.rpm ed685cb7cec41e6dfbd56914aeb074b5 3AS/en/os/ppc64/openssl-0.9.7a-33.4.ppc64.rpm 7ebb94cbb8175dd1e974254a51c72b44 3AS/en/os/ppc64/openssl-devel-0.9.7a-33.4.ppc64.rpm d87236c47aba867545991572eb06b3d8 3AS/en/os/ppc64/openssl-perl-0.9.7a-33.4.ppc64.rpm bef3431f7d8c1aef5342b63b59995d4b 3AS/en/os/s390/openssl-0.9.7a-33.4.s390.rpm c5be24b20d318c17634fe70e548a49c4 3AS/en/os/s390/openssl-devel-0.9.7a-33.4.s390.rpm 8047af064fc9b2c4473208ef71f89551 3AS/en/os/s390/openssl-perl-0.9.7a-33.4.s390.rpm bf0a81fbcde746ad2d90502fa07e2b08 3AS/en/os/s390/openssl096b-0.9.6b-16.s390.rpm e32a76bcacbdf9784cea51e72ebbd0be 3AS/en/os/s390x/openssl-0.9.7a-33.4.s390x.rpm bef3431f7d8c1aef5342b63b59995d4b 3AS/en/os/s390x/openssl-0.9.7a-33.4.s390.rpm a79b9cf9018edc2a329569bdf4539012 3AS/en/os/s390x/openssl-devel-0.9.7a-33.4.s390x.rpm 94d49f39aa1e86c37e697ece88b1dcfb 3AS/en/os/s390x/openssl-perl-0.9.7a-33.4.s390x.rpm 02e2620abd085cca1fd3ff02d6e6b027 3AS/en/os/x86_64/openssl-0.9.7a-33.4.x86_64.rpm 23ea387b8e0d59674b221cf6bd711da5 3AS/en/os/x86_64/openssl-0.9.7a-33.4.i686.rpm 31ee33af40c6077a0433c50227bf1d2f 3AS/en/os/x86_64/openssl-devel-0.9.7a-33.4.x86_64.rpm 5b6fef5ba19a4abc843da86aa285110e 3AS/en/os/x86_64/openssl-perl-0.9.7a-33.4.x86_64.rpm 93d75bd894053d6017157269654f2580 3AS/en/os/x86_64/openssl096b-0.9.6b-16.x86_64.rpm 3b3b2a993ec786f7a1f31c7ec284ea1e 3ES/en/os/SRPMS/openssl-0.9.7a-33.4.src.rpm fbe9785da72499e6a1bd2063ed6f4c98 3ES/en/os/SRPMS/openssl096b-0.9.6b-16.src.rpm d05bb8902819dc2c689a70e9db80d744 3ES/en/os/i386/openssl-0.9.7a-33.4.i386.rpm 3f3d4ecbe4b1587939502f92f24e2b37 3ES/en/os/i386/openssl-devel-0.9.7a-33.4.i386.rpm 7dbb734563c4c2ba2b1c4f2908e452ce 3ES/en/os/i386/openssl-perl-0.9.7a-33.4.i386.rpm 01f99bab463ea2a0c34a2435776bbb07 3ES/en/os/i386/openssl096b-0.9.6b-16.i386.rpm 23ea387b8e0d59674b221cf6bd711da5 3ES/en/os/i686/openssl-0.9.7a-33.4.i686.rpm 3b3b2a993ec786f7a1f31c7ec284ea1e 3WS/en/os/SRPMS/openssl-0.9.7a-33.4.src.rpm fbe9785da72499e6a1bd2063ed6f4c98 3WS/en/os/SRPMS/openssl096b-0.9.6b-16.src.rpm d05bb8902819dc2c689a70e9db80d744 3WS/en/os/i386/openssl-0.9.7a-33.4.i386.rpm 3f3d4ecbe4b1587939502f92f24e2b37 3WS/en/os/i386/openssl-devel-0.9.7a-33.4.i386.rpm 7dbb734563c4c2ba2b1c4f2908e452ce 3WS/en/os/i386/openssl-perl-0.9.7a-33.4.i386.rpm 01f99bab463ea2a0c34a2435776bbb07 3WS/en/os/i386/openssl096b-0.9.6b-16.i386.rpm 23ea387b8e0d59674b221cf6bd711da5 3WS/en/os/i686/openssl-0.9.7a-33.4.i686.rpm 55cabb0cf72a17fbdc4ec3f645189506 3WS/en/os/ia64/openssl-0.9.7a-33.4.ia64.rpm 23ea387b8e0d59674b221cf6bd711da5 3WS/en/os/ia64/openssl-0.9.7a-33.4.i686.rpm 3199e19f8077fc05b34315f214ac721c 3WS/en/os/ia64/openssl-devel-0.9.7a-33.4.ia64.rpm c861a0dd00d2f843ac8c7865f78103b2 3WS/en/os/ia64/openssl-perl-0.9.7a-33.4.ia64.rpm 0152bfbded573d76abe5463cdda0f12f 3WS/en/os/ia64/openssl096b-0.9.6b-16.ia64.rpm 02e2620abd085cca1fd3ff02d6e6b027 3WS/en/os/x86_64/openssl-0.9.7a-33.4.x86_64.rpm 23ea387b8e0d59674b221cf6bd711da5 3WS/en/os/x86_64/openssl-0.9.7a-33.4.i686.rpm 31ee33af40c6077a0433c50227bf1d2f 3WS/en/os/x86_64/openssl-devel-0.9.7a-33.4.x86_64.rpm 5b6fef5ba19a4abc843da86aa285110e 3WS/en/os/x86_64/openssl-perl-0.9.7a-33.4.x86_64.rpm 93d75bd894053d6017157269654f2580 3WS/en/os/x86_64/openssl096b-0.9.6b-16.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/keys.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://www.codenomicon.com/testtools/tls/ http://www.niscc.gov.uk/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/solutions/security/news/contact.html Copyright 2003 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAWFmrXlSAg2UNWIIRAndyAKCtacgovK6c9LmshC+HyEE0J5CFHQCggoIK D/NDUoZS+KsWkiuNGWYp6hg= =0Fqz -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 23 09:55:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Mar 2004 04:55 -0500 Subject: [RHSA-2004:084-01] Updated httpd packages fix mod_ssl security issue Message-ID: <200403230955.i2N9tBl22705@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated httpd packages fix mod_ssl security issue Advisory ID: RHSA-2004:084-01 Issue date: 2004-03-23 Updated on: 2004-03-23 Product: Red Hat Enterprise Linux Keywords: Apache httpd DoS SSL Cross references: Obsoletes: CVE Names: CAN-2004-0113 - --------------------------------------------------------------------- 1. Topic: Updated httpd packages are now available that fix a denial of service vulnerability in mod_ssl and include various other bug fixes. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. A memory leak in mod_ssl in the Apache HTTP Server prior to version 2.0.49 allows a remote denial of service attack against an SSL-enabled server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0113 to this issue. This update also includes various bug fixes, including: - - improvements to the mod_expires, mod_dav, mod_ssl and mod_proxy modules - - a fix for a bug causing core dumps during configuration parsing on the IA64 platform - - an updated version of mod_include fixing several edge cases in the SSI parser Additionally, the mod_logio module is now included. Users of the Apache HTTP server should upgrade to these updated packages, which contain backported patches that address these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 112771 - Invalid paths in config_vars.mk crash build of mod_jk 113934 - SRPMS: test for MMN version it too fragile 113929 - mod_expires headers not set when used in conjunction with mod_proxy 115328 - Satisfy keyword in httpd.conf causes apache to segfault on load 115379 - pcre conflict between httpd and php 117280 - CAN-2004-0113 mod_ssl Denial of Service attack 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/httpd-2.0.46-32.ent.src.rpm i386: Available from Red Hat Network: httpd-2.0.46-32.ent.i386.rpm Available from Red Hat Network: httpd-devel-2.0.46-32.ent.i386.rpm Available from Red Hat Network: mod_ssl-2.0.46-32.ent.i386.rpm ia64: Available from Red Hat Network: httpd-2.0.46-32.ent.ia64.rpm Available from Red Hat Network: httpd-devel-2.0.46-32.ent.ia64.rpm Available from Red Hat Network: mod_ssl-2.0.46-32.ent.ia64.rpm ppc: Available from Red Hat Network: httpd-2.0.46-32.ent.ppc.rpm Available from Red Hat Network: httpd-devel-2.0.46-32.ent.ppc.rpm Available from Red Hat Network: mod_ssl-2.0.46-32.ent.ppc.rpm ppc64: Available from Red Hat Network: httpd-2.0.46-32.ent.ppc64.rpm Available from Red Hat Network: httpd-devel-2.0.46-32.ent.ppc64.rpm Available from Red Hat Network: mod_ssl-2.0.46-32.ent.ppc64.rpm s390: Available from Red Hat Network: httpd-2.0.46-32.ent.s390.rpm Available from Red Hat Network: httpd-devel-2.0.46-32.ent.s390.rpm Available from Red Hat Network: mod_ssl-2.0.46-32.ent.s390.rpm s390x: Available from Red Hat Network: httpd-2.0.46-32.ent.s390x.rpm Available from Red Hat Network: httpd-devel-2.0.46-32.ent.s390x.rpm Available from Red Hat Network: mod_ssl-2.0.46-32.ent.s390x.rpm x86_64: Available from Red Hat Network: httpd-2.0.46-32.ent.x86_64.rpm Available from Red Hat Network: httpd-devel-2.0.46-32.ent.x86_64.rpm Available from Red Hat Network: mod_ssl-2.0.46-32.ent.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/httpd-2.0.46-32.ent.src.rpm i386: Available from Red Hat Network: httpd-2.0.46-32.ent.i386.rpm Available from Red Hat Network: httpd-devel-2.0.46-32.ent.i386.rpm Available from Red Hat Network: mod_ssl-2.0.46-32.ent.i386.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/httpd-2.0.46-32.ent.src.rpm i386: Available from Red Hat Network: httpd-2.0.46-32.ent.i386.rpm Available from Red Hat Network: httpd-devel-2.0.46-32.ent.i386.rpm Available from Red Hat Network: mod_ssl-2.0.46-32.ent.i386.rpm ia64: Available from Red Hat Network: httpd-2.0.46-32.ent.ia64.rpm Available from Red Hat Network: httpd-devel-2.0.46-32.ent.ia64.rpm Available from Red Hat Network: mod_ssl-2.0.46-32.ent.ia64.rpm x86_64: Available from Red Hat Network: httpd-2.0.46-32.ent.x86_64.rpm Available from Red Hat Network: httpd-devel-2.0.46-32.ent.x86_64.rpm Available from Red Hat Network: mod_ssl-2.0.46-32.ent.x86_64.rpm 7. Verificationx: MD5 sum Package Name - -------------------------------------------------------------------------- 0578bb679d25664d60a396216751c52b 3AS/en/os/SRPMS/httpd-2.0.46-32.ent.src.rpm a4e26276faa96ae744b8584dfca9d0a8 3AS/en/os/i386/httpd-2.0.46-32.ent.i386.rpm f16f311cb4a04b0eebfc0fb05841f4b1 3AS/en/os/i386/httpd-devel-2.0.46-32.ent.i386.rpm c83676811d1ad92f94332defca06562d 3AS/en/os/i386/mod_ssl-2.0.46-32.ent.i386.rpm 88f10b3263638bad5f25d8e2f466f577 3AS/en/os/ia64/httpd-2.0.46-32.ent.ia64.rpm 1f64367942fe38a883716f907aafdd2e 3AS/en/os/ia64/httpd-devel-2.0.46-32.ent.ia64.rpm fc2b50541e485d2b8c67c3ddc28596ab 3AS/en/os/ia64/mod_ssl-2.0.46-32.ent.ia64.rpm e5784963d08a8f2a1b1c2ebca88b495a 3AS/en/os/ppc/httpd-2.0.46-32.ent.ppc.rpm 7f0c9424b7f5cda0a021cf3fb0f5dd80 3AS/en/os/ppc/httpd-devel-2.0.46-32.ent.ppc.rpm bb809b4751b8d1bcdbfba8402b79de75 3AS/en/os/ppc/mod_ssl-2.0.46-32.ent.ppc.rpm 6baf583f19a9f90d57e30fe8719c2fed 3AS/en/os/ppc64/httpd-2.0.46-32.ent.ppc64.rpm e0df7bcb18320e5d5e18f1d15f4e8848 3AS/en/os/ppc64/httpd-devel-2.0.46-32.ent.ppc64.rpm 5cd9bca47c0fd7593d24a23cfdefe492 3AS/en/os/ppc64/mod_ssl-2.0.46-32.ent.ppc64.rpm d31e82269a2b465b04871ef442fbf2d5 3AS/en/os/s390/httpd-2.0.46-32.ent.s390.rpm 6306426ed7de562c25f431a7f46bd893 3AS/en/os/s390/httpd-devel-2.0.46-32.ent.s390.rpm 5da65fff9b14a7f4d39c9550bafda627 3AS/en/os/s390/mod_ssl-2.0.46-32.ent.s390.rpm 20ffb2d9fbdfdc4b9c31d3568f2db55c 3AS/en/os/s390x/httpd-2.0.46-32.ent.s390x.rpm 20bebf1f27b1dcac4691292bb7689dc2 3AS/en/os/s390x/httpd-devel-2.0.46-32.ent.s390x.rpm be4e2faaa60b8ecbe22dc79342df1e07 3AS/en/os/s390x/mod_ssl-2.0.46-32.ent.s390x.rpm c4109535a41be2dbdd7f522f1a70e4a7 3AS/en/os/x86_64/httpd-2.0.46-32.ent.x86_64.rpm f95dc1f95b509ef64666c232c1758b92 3AS/en/os/x86_64/httpd-devel-2.0.46-32.ent.x86_64.rpm 37dff057ab1b6ddc96488e207c5bbc22 3AS/en/os/x86_64/mod_ssl-2.0.46-32.ent.x86_64.rpm 0578bb679d25664d60a396216751c52b 3ES/en/os/SRPMS/httpd-2.0.46-32.ent.src.rpm a4e26276faa96ae744b8584dfca9d0a8 3ES/en/os/i386/httpd-2.0.46-32.ent.i386.rpm f16f311cb4a04b0eebfc0fb05841f4b1 3ES/en/os/i386/httpd-devel-2.0.46-32.ent.i386.rpm c83676811d1ad92f94332defca06562d 3ES/en/os/i386/mod_ssl-2.0.46-32.ent.i386.rpm 0578bb679d25664d60a396216751c52b 3WS/en/os/SRPMS/httpd-2.0.46-32.ent.src.rpm a4e26276faa96ae744b8584dfca9d0a8 3WS/en/os/i386/httpd-2.0.46-32.ent.i386.rpm f16f311cb4a04b0eebfc0fb05841f4b1 3WS/en/os/i386/httpd-devel-2.0.46-32.ent.i386.rpm c83676811d1ad92f94332defca06562d 3WS/en/os/i386/mod_ssl-2.0.46-32.ent.i386.rpm 88f10b3263638bad5f25d8e2f466f577 3WS/en/os/ia64/httpd-2.0.46-32.ent.ia64.rpm 1f64367942fe38a883716f907aafdd2e 3WS/en/os/ia64/httpd-devel-2.0.46-32.ent.ia64.rpm fc2b50541e485d2b8c67c3ddc28596ab 3WS/en/os/ia64/mod_ssl-2.0.46-32.ent.ia64.rpm c4109535a41be2dbdd7f522f1a70e4a7 3WS/en/os/x86_64/httpd-2.0.46-32.ent.x86_64.rpm f95dc1f95b509ef64666c232c1758b92 3WS/en/os/x86_64/httpd-devel-2.0.46-32.ent.x86_64.rpm 37dff057ab1b6ddc96488e207c5bbc22 3WS/en/os/x86_64/mod_ssl-2.0.46-32.ent.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/keys.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27106 http://www.apacheweek.com/features/security-20 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0113 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/solutions/security/news/contact.html Copyright 2003 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAYAl6XlSAg2UNWIIRAhNMAJ9CRtm/xoDVjAv1NJujq+Gnr4PhqQCfRUc+ pZWso0gVImIcKCODFBXJs9k= =5QEG -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Mar 29 18:17:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 29 Mar 2004 13:17 -0500 Subject: [RHSA-2004:110-01] Updated Mozilla packages fix security issues Message-ID: <200403291817.i2TIHXl31015@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated Mozilla packages fix security issues Advisory ID: RHSA-2004:110-01 Issue date: 2004-03-29 Updated on: 2004-03-29 Product: Red Hat Enterprise Linux Keywords: nss mozilla Cross references: Obsoletes: CVE Names: CAN-2003-0564 CAN-2003-0594 CAN-2004-0191 - --------------------------------------------------------------------- 1. Topic: Updated Mozilla packages that fix vulnerabilities in S/MIME parsing as well as other issues and bugs are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Mozilla is a Web browser and mail reader, designed for standards compliance, performance and portability. Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled server applications. NISCC testing of implementations of the S/MIME protocol uncovered a number of bugs in NSS versions prior to 3.9. The parsing of unexpected ASN.1 constructs within S/MIME data could cause Mozilla to crash or consume large amounts of memory. A remote attacker could potentially trigger these bugs by sending a carefully-crafted S/MIME message to a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0564 to this issue. Andreas Sandblad discovered a cross-site scripting issue that affects various versions of Mozilla. When linking to a new page it is still possible to interact with the old page before the new page has been successfully loaded. Any Javascript events will be invoked in the context of the new page, making cross-site scripting possible if the different pages belong to different domains. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0191 to this issue. Flaws have been found in the cookie path handling between a number of Web browsers and servers. The HTTP cookie standard allows a Web server supplying a cookie to a client to specify a subset of URLs on the origin server to which the cookie applies. Web servers such as Apache do not filter returned cookies and assume that the client will only send back cookies for requests that fall within the server-supplied subset of URLs. However, by supplying URLs that use path traversal (/../) and character encoding, it is possible to fool many browsers into sending a cookie to a path outside of the originally-specified subset. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0594 to this issue. Users of Mozilla are advised to upgrade to these updated packages, which contain Mozilla version 1.4.2 and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/galeon-1.2.13-0.2.1.src.rpm ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mozilla-1.4.2-2.1.0.src.rpm i386: Available from Red Hat Network: galeon-1.2.13-0.2.1.i386.rpm Available from Red Hat Network: mozilla-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-chat-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-devel-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-js-debugger-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-mail-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nss-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nss-devel-1.4.2-2.1.0.i386.rpm ia64: Available from Red Hat Network: mozilla-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-chat-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-devel-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-js-debugger-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-mail-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-nss-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-nss-devel-1.4.2-2.1.0.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mozilla-1.4.2-2.1.0.src.rpm ia64: Available from Red Hat Network: mozilla-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-chat-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-devel-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-js-debugger-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-mail-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-nss-1.4.2-2.1.0.ia64.rpm Available from Red Hat Network: mozilla-nss-devel-1.4.2-2.1.0.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/galeon-1.2.13-0.2.1.src.rpm ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mozilla-1.4.2-2.1.0.src.rpm i386: Available from Red Hat Network: galeon-1.2.13-0.2.1.i386.rpm Available from Red Hat Network: mozilla-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-chat-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-devel-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-js-debugger-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-mail-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nss-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nss-devel-1.4.2-2.1.0.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/galeon-1.2.13-0.2.1.src.rpm ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mozilla-1.4.2-2.1.0.src.rpm i386: Available from Red Hat Network: galeon-1.2.13-0.2.1.i386.rpm Available from Red Hat Network: mozilla-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-chat-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-devel-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-js-debugger-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-mail-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nss-1.4.2-2.1.0.i386.rpm Available from Red Hat Network: mozilla-nss-devel-1.4.2-2.1.0.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mozilla-1.4.2-3.0.2.src.rpm i386: Available from Red Hat Network: mozilla-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.i386.rpm ia64: Available from Red Hat Network: mozilla-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.ia64.rpm ppc: Available from Red Hat Network: mozilla-1.4.2-3.0.2.ppc.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.ppc.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.ppc.rpm Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.ppc.rpm Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.ppc.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.ppc.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.ppc.rpm Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.ppc.rpm s390: Available from Red Hat Network: mozilla-1.4.2-3.0.2.s390.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.s390.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.s390.rpm Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.s390.rpm Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.s390.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.s390.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.s390.rpm Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.s390.rpm s390x: Available from Red Hat Network: mozilla-1.4.2-3.0.2.s390x.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.s390x.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.s390x.rpm Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.s390x.rpm Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.s390x.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.s390x.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.s390x.rpm Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.s390x.rpm x86_64: Available from Red Hat Network: mozilla-1.4.2-3.0.2.x86_64.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.x86_64.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.x86_64.rpm Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.x86_64.rpm Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.x86_64.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.x86_64.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.x86_64.rpm Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mozilla-1.4.2-3.0.2.src.rpm i386: Available from Red Hat Network: mozilla-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.i386.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mozilla-1.4.2-3.0.2.src.rpm i386: Available from Red Hat Network: mozilla-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.i386.rpm ia64: Available from Red Hat Network: mozilla-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.ia64.rpm Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.ia64.rpm x86_64: Available from Red Hat Network: mozilla-1.4.2-3.0.2.x86_64.rpm Available from Red Hat Network: mozilla-chat-1.4.2-3.0.2.x86_64.rpm Available from Red Hat Network: mozilla-dom-inspector-1.4.2-3.0.2.x86_64.rpm Available from Red Hat Network: mozilla-js-debugger-1.4.2-3.0.2.x86_64.rpm Available from Red Hat Network: mozilla-mail-1.4.2-3.0.2.x86_64.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.x86_64.rpm Available from Red Hat Network: mozilla-nspr-1.4.2-3.0.2.i386.rpm Available from Red Hat Network: mozilla-nspr-devel-1.4.2-3.0.2.x86_64.rpm Available from Red Hat Network: mozilla-nss-1.4.2-3.0.2.x86_64.rpm 6. Verificationx: MD5 sum Package Name - -------------------------------------------------------------------------- 7d28fc4babe83428c967290b8f74df5b 2.1AS/en/os/SRPMS/galeon-1.2.13-0.2.1.src.rpm ada04b3382db22fefd63ef19749b9211 2.1AS/en/os/SRPMS/mozilla-1.4.2-2.1.0.src.rpm 9439c7d90720ccb6d996fe7d7e5e2540 2.1AS/en/os/i386/galeon-1.2.13-0.2.1.i386.rpm 31ba37651d74eed24267f2bab1fc9ce9 2.1AS/en/os/i386/mozilla-1.4.2-2.1.0.i386.rpm e4158e950da4bf9a4e036b9a798e64aa 2.1AS/en/os/i386/mozilla-chat-1.4.2-2.1.0.i386.rpm 6cfb98a853f2ab16248ad6547adaff61 2.1AS/en/os/i386/mozilla-devel-1.4.2-2.1.0.i386.rpm f2fa380c982c8d47faee435a558b52c0 2.1AS/en/os/i386/mozilla-dom-inspector-1.4.2-2.1.0.i386.rpm c32e24e8bad91a26a97728338d76d63b 2.1AS/en/os/i386/mozilla-js-debugger-1.4.2-2.1.0.i386.rpm daa119296314c6736ea5b53b24293d05 2.1AS/en/os/i386/mozilla-mail-1.4.2-2.1.0.i386.rpm 916ad1dcb078afef3ff907783140c9d8 2.1AS/en/os/i386/mozilla-nspr-1.4.2-2.1.0.i386.rpm 263a14e170c905f3d35947458fb6ac7b 2.1AS/en/os/i386/mozilla-nspr-devel-1.4.2-2.1.0.i386.rpm bdf43d83213c9e07801ebd08c29b1ff0 2.1AS/en/os/i386/mozilla-nss-1.4.2-2.1.0.i386.rpm 4644ee58ef5211c6137bbe145de985cc 2.1AS/en/os/i386/mozilla-nss-devel-1.4.2-2.1.0.i386.rpm 4370089151d468783f6df9be11927bcc 2.1AS/en/os/ia64/mozilla-1.4.2-2.1.0.ia64.rpm a629156c382ac9891e328448c8529f0f 2.1AS/en/os/ia64/mozilla-chat-1.4.2-2.1.0.ia64.rpm a47741097830cb54dce7562c89d0c0e1 2.1AS/en/os/ia64/mozilla-devel-1.4.2-2.1.0.ia64.rpm 06a511c6d6a2c9f287a146400add52dc 2.1AS/en/os/ia64/mozilla-dom-inspector-1.4.2-2.1.0.ia64.rpm 51b47afdd5af75d8b38ea44bcfca51a1 2.1AS/en/os/ia64/mozilla-js-debugger-1.4.2-2.1.0.ia64.rpm 8c22e3f4442b666d0824b7930004e02e 2.1AS/en/os/ia64/mozilla-mail-1.4.2-2.1.0.ia64.rpm 04ede83d74c06aa102cb1d13a968db00 2.1AS/en/os/ia64/mozilla-nspr-1.4.2-2.1.0.ia64.rpm 6e65624e79f8afe557b82867d830a243 2.1AS/en/os/ia64/mozilla-nspr-devel-1.4.2-2.1.0.ia64.rpm d9825a6d6ed91aa5c64ade4997bb9142 2.1AS/en/os/ia64/mozilla-nss-1.4.2-2.1.0.ia64.rpm 15d8355f0d83436cd6969f8fc3835f96 2.1AS/en/os/ia64/mozilla-nss-devel-1.4.2-2.1.0.ia64.rpm ada04b3382db22fefd63ef19749b9211 2.1AW/en/os/SRPMS/mozilla-1.4.2-2.1.0.src.rpm 4370089151d468783f6df9be11927bcc 2.1AW/en/os/ia64/mozilla-1.4.2-2.1.0.ia64.rpm a629156c382ac9891e328448c8529f0f 2.1AW/en/os/ia64/mozilla-chat-1.4.2-2.1.0.ia64.rpm a47741097830cb54dce7562c89d0c0e1 2.1AW/en/os/ia64/mozilla-devel-1.4.2-2.1.0.ia64.rpm 06a511c6d6a2c9f287a146400add52dc 2.1AW/en/os/ia64/mozilla-dom-inspector-1.4.2-2.1.0.ia64.rpm 51b47afdd5af75d8b38ea44bcfca51a1 2.1AW/en/os/ia64/mozilla-js-debugger-1.4.2-2.1.0.ia64.rpm 8c22e3f4442b666d0824b7930004e02e 2.1AW/en/os/ia64/mozilla-mail-1.4.2-2.1.0.ia64.rpm 04ede83d74c06aa102cb1d13a968db00 2.1AW/en/os/ia64/mozilla-nspr-1.4.2-2.1.0.ia64.rpm 6e65624e79f8afe557b82867d830a243 2.1AW/en/os/ia64/mozilla-nspr-devel-1.4.2-2.1.0.ia64.rpm d9825a6d6ed91aa5c64ade4997bb9142 2.1AW/en/os/ia64/mozilla-nss-1.4.2-2.1.0.ia64.rpm 15d8355f0d83436cd6969f8fc3835f96 2.1AW/en/os/ia64/mozilla-nss-devel-1.4.2-2.1.0.ia64.rpm 7d28fc4babe83428c967290b8f74df5b 2.1ES/en/os/SRPMS/galeon-1.2.13-0.2.1.src.rpm ada04b3382db22fefd63ef19749b9211 2.1ES/en/os/SRPMS/mozilla-1.4.2-2.1.0.src.rpm 9439c7d90720ccb6d996fe7d7e5e2540 2.1ES/en/os/i386/galeon-1.2.13-0.2.1.i386.rpm 31ba37651d74eed24267f2bab1fc9ce9 2.1ES/en/os/i386/mozilla-1.4.2-2.1.0.i386.rpm e4158e950da4bf9a4e036b9a798e64aa 2.1ES/en/os/i386/mozilla-chat-1.4.2-2.1.0.i386.rpm 6cfb98a853f2ab16248ad6547adaff61 2.1ES/en/os/i386/mozilla-devel-1.4.2-2.1.0.i386.rpm f2fa380c982c8d47faee435a558b52c0 2.1ES/en/os/i386/mozilla-dom-inspector-1.4.2-2.1.0.i386.rpm c32e24e8bad91a26a97728338d76d63b 2.1ES/en/os/i386/mozilla-js-debugger-1.4.2-2.1.0.i386.rpm daa119296314c6736ea5b53b24293d05 2.1ES/en/os/i386/mozilla-mail-1.4.2-2.1.0.i386.rpm 916ad1dcb078afef3ff907783140c9d8 2.1ES/en/os/i386/mozilla-nspr-1.4.2-2.1.0.i386.rpm 263a14e170c905f3d35947458fb6ac7b 2.1ES/en/os/i386/mozilla-nspr-devel-1.4.2-2.1.0.i386.rpm bdf43d83213c9e07801ebd08c29b1ff0 2.1ES/en/os/i386/mozilla-nss-1.4.2-2.1.0.i386.rpm 4644ee58ef5211c6137bbe145de985cc 2.1ES/en/os/i386/mozilla-nss-devel-1.4.2-2.1.0.i386.rpm 7d28fc4babe83428c967290b8f74df5b 2.1WS/en/os/SRPMS/galeon-1.2.13-0.2.1.src.rpm ada04b3382db22fefd63ef19749b9211 2.1WS/en/os/SRPMS/mozilla-1.4.2-2.1.0.src.rpm 9439c7d90720ccb6d996fe7d7e5e2540 2.1WS/en/os/i386/galeon-1.2.13-0.2.1.i386.rpm 31ba37651d74eed24267f2bab1fc9ce9 2.1WS/en/os/i386/mozilla-1.4.2-2.1.0.i386.rpm e4158e950da4bf9a4e036b9a798e64aa 2.1WS/en/os/i386/mozilla-chat-1.4.2-2.1.0.i386.rpm 6cfb98a853f2ab16248ad6547adaff61 2.1WS/en/os/i386/mozilla-devel-1.4.2-2.1.0.i386.rpm f2fa380c982c8d47faee435a558b52c0 2.1WS/en/os/i386/mozilla-dom-inspector-1.4.2-2.1.0.i386.rpm c32e24e8bad91a26a97728338d76d63b 2.1WS/en/os/i386/mozilla-js-debugger-1.4.2-2.1.0.i386.rpm daa119296314c6736ea5b53b24293d05 2.1WS/en/os/i386/mozilla-mail-1.4.2-2.1.0.i386.rpm 916ad1dcb078afef3ff907783140c9d8 2.1WS/en/os/i386/mozilla-nspr-1.4.2-2.1.0.i386.rpm 263a14e170c905f3d35947458fb6ac7b 2.1WS/en/os/i386/mozilla-nspr-devel-1.4.2-2.1.0.i386.rpm bdf43d83213c9e07801ebd08c29b1ff0 2.1WS/en/os/i386/mozilla-nss-1.4.2-2.1.0.i386.rpm 4644ee58ef5211c6137bbe145de985cc 2.1WS/en/os/i386/mozilla-nss-devel-1.4.2-2.1.0.i386.rpm 584c53dd1d0525352aaad91073a1a84e 3AS/en/os/SRPMS/mozilla-1.4.2-3.0.2.src.rpm 6ff9ad30690221501a73f2267f8dea6a 3AS/en/os/i386/mozilla-1.4.2-3.0.2.i386.rpm 48c9e4e8c0ddf1898226cb55e0685af4 3AS/en/os/i386/mozilla-chat-1.4.2-3.0.2.i386.rpm 685b5b34d137fe48ca8d70e0e0c2e404 3AS/en/os/i386/mozilla-dom-inspector-1.4.2-3.0.2.i386.rpm 55a3a69d6767ddef22f19165fdc72c1d 3AS/en/os/i386/mozilla-js-debugger-1.4.2-3.0.2.i386.rpm 477522a19af3a3ff313ba2afe82de9c3 3AS/en/os/i386/mozilla-mail-1.4.2-3.0.2.i386.rpm 1d17e5fec4fc09d1df737827dedba425 3AS/en/os/i386/mozilla-nspr-1.4.2-3.0.2.i386.rpm da8bdb98434603ff2f1acc4e16064fad 3AS/en/os/i386/mozilla-nspr-devel-1.4.2-3.0.2.i386.rpm 537ead97bd1552b4d52530afb944dd31 3AS/en/os/i386/mozilla-nss-1.4.2-3.0.2.i386.rpm cc476f9f87073677377e14f60a0c29db 3AS/en/os/ia64/mozilla-1.4.2-3.0.2.ia64.rpm b9e60bc45953c4d90aded3f861082f5c 3AS/en/os/ia64/mozilla-chat-1.4.2-3.0.2.ia64.rpm c685f448ae4ffa10e7e172e7356542b0 3AS/en/os/ia64/mozilla-dom-inspector-1.4.2-3.0.2.ia64.rpm d5db631ecabb733d44a69cb2505b1213 3AS/en/os/ia64/mozilla-js-debugger-1.4.2-3.0.2.ia64.rpm 29298a049262904924528b724559ed35 3AS/en/os/ia64/mozilla-mail-1.4.2-3.0.2.ia64.rpm c28e0499451bbccb00b182e5ddb6b150 3AS/en/os/ia64/mozilla-nspr-1.4.2-3.0.2.ia64.rpm dce026ea8f95ff0e83c7005489c9588e 3AS/en/os/ia64/mozilla-nspr-devel-1.4.2-3.0.2.ia64.rpm e6d7e963920c7a3596ce7a933f33890a 3AS/en/os/ia64/mozilla-nss-1.4.2-3.0.2.ia64.rpm 534f98c582b63b3e36abf6191e0a1cde 3AS/en/os/ppc/mozilla-1.4.2-3.0.2.ppc.rpm c39c07efef2419eebf623fbaad249158 3AS/en/os/ppc/mozilla-chat-1.4.2-3.0.2.ppc.rpm 915dfb2901864c1f567e59befdb1d4d0 3AS/en/os/ppc/mozilla-dom-inspector-1.4.2-3.0.2.ppc.rpm 61a399fff77855575dd869325bdd97c9 3AS/en/os/ppc/mozilla-js-debugger-1.4.2-3.0.2.ppc.rpm e144a6760f87f7729466c7992d026069 3AS/en/os/ppc/mozilla-mail-1.4.2-3.0.2.ppc.rpm b0d09b1ee56304951deedc82124c0b5a 3AS/en/os/ppc/mozilla-nspr-1.4.2-3.0.2.ppc.rpm cb5feac6ccf79c037a20f483e796a3c6 3AS/en/os/ppc/mozilla-nspr-devel-1.4.2-3.0.2.ppc.rpm 4d79158c401c09d9bb6bc9ba57e8702b 3AS/en/os/ppc/mozilla-nss-1.4.2-3.0.2.ppc.rpm be0bd0a77e18b9a1a5709099d8aace9a 3AS/en/os/s390/mozilla-1.4.2-3.0.2.s390.rpm e9fbc4e953e4f842ae857cd7dd8e3ab9 3AS/en/os/s390/mozilla-chat-1.4.2-3.0.2.s390.rpm cc1984d8f9192b70a20196be8a0d08f1 3AS/en/os/s390/mozilla-dom-inspector-1.4.2-3.0.2.s390.rpm da442e6dafec45d68400786f9d7a76b9 3AS/en/os/s390/mozilla-js-debugger-1.4.2-3.0.2.s390.rpm 81cf560b0829c1109f0b07271d3823f3 3AS/en/os/s390/mozilla-mail-1.4.2-3.0.2.s390.rpm b244e3899a58fff434840e3baa3c6715 3AS/en/os/s390/mozilla-nspr-1.4.2-3.0.2.s390.rpm 655d1f60e8d0ddd91d4b60b3efd5ec1e 3AS/en/os/s390/mozilla-nspr-devel-1.4.2-3.0.2.s390.rpm 0b9aebe113c32dbcd8841075ba4b2757 3AS/en/os/s390/mozilla-nss-1.4.2-3.0.2.s390.rpm 88348489f2407364d7aa0fd4d89740f7 3AS/en/os/s390x/mozilla-1.4.2-3.0.2.s390x.rpm 48b997aca0384d320c3fe717fcbb2b2e 3AS/en/os/s390x/mozilla-chat-1.4.2-3.0.2.s390x.rpm c24641a374b089369b959fb064d8b5c5 3AS/en/os/s390x/mozilla-dom-inspector-1.4.2-3.0.2.s390x.rpm 0151412f6bbe49485cb2bcf62b97c13d 3AS/en/os/s390x/mozilla-js-debugger-1.4.2-3.0.2.s390x.rpm 30bfb48840007e5bbcbd78ef4a932a93 3AS/en/os/s390x/mozilla-mail-1.4.2-3.0.2.s390x.rpm 7e3458545b467d6841a2dc0c19ee7ee6 3AS/en/os/s390x/mozilla-nspr-1.4.2-3.0.2.s390x.rpm 3d978a1554d7afa5f89de33fb65ad2c0 3AS/en/os/s390x/mozilla-nspr-devel-1.4.2-3.0.2.s390x.rpm 8e9cc0a1271f46a797ba91253f07fee6 3AS/en/os/s390x/mozilla-nss-1.4.2-3.0.2.s390x.rpm f1c0a0af6bdfcd6db0cc321801ba88a7 3AS/en/os/x86_64/mozilla-1.4.2-3.0.2.x86_64.rpm 6ba426342729bc4307f459bb569ecb0b 3AS/en/os/x86_64/mozilla-chat-1.4.2-3.0.2.x86_64.rpm adb6dc8227d32318cfa44fed0976369e 3AS/en/os/x86_64/mozilla-dom-inspector-1.4.2-3.0.2.x86_64.rpm f79ca6eef4d1675e2fc4397f0873b9d8 3AS/en/os/x86_64/mozilla-js-debugger-1.4.2-3.0.2.x86_64.rpm d4750ca13d9775c1a15c069472fec9c5 3AS/en/os/x86_64/mozilla-mail-1.4.2-3.0.2.x86_64.rpm 7a301b1c8407a416d5f7b6e7dda2504d 3AS/en/os/x86_64/mozilla-nspr-1.4.2-3.0.2.x86_64.rpm 1d17e5fec4fc09d1df737827dedba425 3AS/en/os/x86_64/mozilla-nspr-1.4.2-3.0.2.i386.rpm de6eb396b3ad93e6eed4e1c503a6be0f 3AS/en/os/x86_64/mozilla-nspr-devel-1.4.2-3.0.2.x86_64.rpm 64f97fd07b6a5b32b748eeb43c5165b3 3AS/en/os/x86_64/mozilla-nss-1.4.2-3.0.2.x86_64.rpm 584c53dd1d0525352aaad91073a1a84e 3ES/en/os/SRPMS/mozilla-1.4.2-3.0.2.src.rpm 6ff9ad30690221501a73f2267f8dea6a 3ES/en/os/i386/mozilla-1.4.2-3.0.2.i386.rpm 48c9e4e8c0ddf1898226cb55e0685af4 3ES/en/os/i386/mozilla-chat-1.4.2-3.0.2.i386.rpm 685b5b34d137fe48ca8d70e0e0c2e404 3ES/en/os/i386/mozilla-dom-inspector-1.4.2-3.0.2.i386.rpm 55a3a69d6767ddef22f19165fdc72c1d 3ES/en/os/i386/mozilla-js-debugger-1.4.2-3.0.2.i386.rpm 477522a19af3a3ff313ba2afe82de9c3 3ES/en/os/i386/mozilla-mail-1.4.2-3.0.2.i386.rpm 1d17e5fec4fc09d1df737827dedba425 3ES/en/os/i386/mozilla-nspr-1.4.2-3.0.2.i386.rpm da8bdb98434603ff2f1acc4e16064fad 3ES/en/os/i386/mozilla-nspr-devel-1.4.2-3.0.2.i386.rpm 537ead97bd1552b4d52530afb944dd31 3ES/en/os/i386/mozilla-nss-1.4.2-3.0.2.i386.rpm 584c53dd1d0525352aaad91073a1a84e 3WS/en/os/SRPMS/mozilla-1.4.2-3.0.2.src.rpm 6ff9ad30690221501a73f2267f8dea6a 3WS/en/os/i386/mozilla-1.4.2-3.0.2.i386.rpm 48c9e4e8c0ddf1898226cb55e0685af4 3WS/en/os/i386/mozilla-chat-1.4.2-3.0.2.i386.rpm 685b5b34d137fe48ca8d70e0e0c2e404 3WS/en/os/i386/mozilla-dom-inspector-1.4.2-3.0.2.i386.rpm 55a3a69d6767ddef22f19165fdc72c1d 3WS/en/os/i386/mozilla-js-debugger-1.4.2-3.0.2.i386.rpm 477522a19af3a3ff313ba2afe82de9c3 3WS/en/os/i386/mozilla-mail-1.4.2-3.0.2.i386.rpm 1d17e5fec4fc09d1df737827dedba425 3WS/en/os/i386/mozilla-nspr-1.4.2-3.0.2.i386.rpm da8bdb98434603ff2f1acc4e16064fad 3WS/en/os/i386/mozilla-nspr-devel-1.4.2-3.0.2.i386.rpm 537ead97bd1552b4d52530afb944dd31 3WS/en/os/i386/mozilla-nss-1.4.2-3.0.2.i386.rpm cc476f9f87073677377e14f60a0c29db 3WS/en/os/ia64/mozilla-1.4.2-3.0.2.ia64.rpm b9e60bc45953c4d90aded3f861082f5c 3WS/en/os/ia64/mozilla-chat-1.4.2-3.0.2.ia64.rpm c685f448ae4ffa10e7e172e7356542b0 3WS/en/os/ia64/mozilla-dom-inspector-1.4.2-3.0.2.ia64.rpm d5db631ecabb733d44a69cb2505b1213 3WS/en/os/ia64/mozilla-js-debugger-1.4.2-3.0.2.ia64.rpm 29298a049262904924528b724559ed35 3WS/en/os/ia64/mozilla-mail-1.4.2-3.0.2.ia64.rpm c28e0499451bbccb00b182e5ddb6b150 3WS/en/os/ia64/mozilla-nspr-1.4.2-3.0.2.ia64.rpm dce026ea8f95ff0e83c7005489c9588e 3WS/en/os/ia64/mozilla-nspr-devel-1.4.2-3.0.2.ia64.rpm e6d7e963920c7a3596ce7a933f33890a 3WS/en/os/ia64/mozilla-nss-1.4.2-3.0.2.ia64.rpm f1c0a0af6bdfcd6db0cc321801ba88a7 3WS/en/os/x86_64/mozilla-1.4.2-3.0.2.x86_64.rpm 6ba426342729bc4307f459bb569ecb0b 3WS/en/os/x86_64/mozilla-chat-1.4.2-3.0.2.x86_64.rpm adb6dc8227d32318cfa44fed0976369e 3WS/en/os/x86_64/mozilla-dom-inspector-1.4.2-3.0.2.x86_64.rpm f79ca6eef4d1675e2fc4397f0873b9d8 3WS/en/os/x86_64/mozilla-js-debugger-1.4.2-3.0.2.x86_64.rpm d4750ca13d9775c1a15c069472fec9c5 3WS/en/os/x86_64/mozilla-mail-1.4.2-3.0.2.x86_64.rpm 7a301b1c8407a416d5f7b6e7dda2504d 3WS/en/os/x86_64/mozilla-nspr-1.4.2-3.0.2.x86_64.rpm 1d17e5fec4fc09d1df737827dedba425 3WS/en/os/x86_64/mozilla-nspr-1.4.2-3.0.2.i386.rpm de6eb396b3ad93e6eed4e1c503a6be0f 3WS/en/os/x86_64/mozilla-nspr-devel-1.4.2-3.0.2.x86_64.rpm 64f97fd07b6a5b32b748eeb43c5165b3 3WS/en/os/x86_64/mozilla-nss-1.4.2-3.0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/keys.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 7. References: http://www.mozilla.org/projects/security/pki/nss/#NSS_39 http://bugzilla.mozilla.org/show_bug.cgi?id=227417 http://www.niscc.gov.uk/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0564 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0594 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0191 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/solutions/security/news/contact.html Copyright 2003 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAaGg3XlSAg2UNWIIRAnczAJ0ZCUWVawe5cTYXlWnYPHR9RT9kjwCgjrJt 0KUkPEL760Okp1l0YY0t4dA= =/NIs -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 30 17:11:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 30 Mar 2004 12:11 -0500 Subject: [RHSA-2004:136-01] Updated Ethereal packages fix security issues Message-ID: <200403301711.i2UHBHl16545@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated Ethereal packages fix security issues Advisory ID: RHSA-2004:136-01 Issue date: 2004-03-30 Updated on: 2004-03-30 Product: Red Hat Enterprise Linux Keywords: Cross references: Obsoletes: RHSA-2004:002 CVE Names: CAN-2004-0176 CAN-2004-0365 CAN-2004-0367 - --------------------------------------------------------------------- 1. Topic: Updated Ethereal packages that fix various security vulnerabilities are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Ethereal is a program for monitoring network traffic. Stefan Esser reported that Ethereal versions 0.10.1 and earlier contain stack overflows in the IGRP, PGM, Metflow, ISUP, TCAP, or IGAP dissectors. On a system where Ethereal is being run a remote attacker could send malicious packets that could cause Ethereal to crash or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0176 to this issue. Jonathan Heussser discovered that a carefully-crafted RADIUS packet could cause a crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0365 to this issue. Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a zero-length Presentation protocol selector. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0367 to this issue. Users of Ethereal should upgrade to these updated packages, which contain a version of Ethereal that is not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 118143 - CAN-2004-0176 Ethereal dissector overflows 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ethereal-0.10.3-0.AS21.1.src.rpm i386: Available from Red Hat Network: ethereal-0.10.3-0.AS21.1.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.AS21.1.i386.rpm ia64: Available from Red Hat Network: ethereal-0.10.3-0.AS21.1.ia64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.AS21.1.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ethereal-0.10.3-0.AS21.1.src.rpm ia64: Available from Red Hat Network: ethereal-0.10.3-0.AS21.1.ia64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.AS21.1.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ethereal-0.10.3-0.AS21.1.src.rpm i386: Available from Red Hat Network: ethereal-0.10.3-0.AS21.1.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.AS21.1.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ethereal-0.10.3-0.AS21.1.src.rpm i386: Available from Red Hat Network: ethereal-0.10.3-0.AS21.1.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.AS21.1.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ethereal-0.10.3-0.30E.1.src.rpm i386: Available from Red Hat Network: ethereal-0.10.3-0.30E.1.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.1.i386.rpm ia64: Available from Red Hat Network: ethereal-0.10.3-0.30E.1.ia64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.1.ia64.rpm ppc: Available from Red Hat Network: ethereal-0.10.3-0.30E.1.ppc.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.1.ppc.rpm s390: Available from Red Hat Network: ethereal-0.10.3-0.30E.1.s390.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.1.s390.rpm s390x: Available from Red Hat Network: ethereal-0.10.3-0.30E.1.s390x.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.1.s390x.rpm x86_64: Available from Red Hat Network: ethereal-0.10.3-0.30E.1.x86_64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.1.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ethereal-0.10.3-0.30E.1.src.rpm i386: Available from Red Hat Network: ethereal-0.10.3-0.30E.1.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.1.i386.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ethereal-0.10.3-0.30E.1.src.rpm i386: Available from Red Hat Network: ethereal-0.10.3-0.30E.1.i386.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.1.i386.rpm ia64: Available from Red Hat Network: ethereal-0.10.3-0.30E.1.ia64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.1.ia64.rpm x86_64: Available from Red Hat Network: ethereal-0.10.3-0.30E.1.x86_64.rpm Available from Red Hat Network: ethereal-gnome-0.10.3-0.30E.1.x86_64.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 3ee5bfa1fae233434766cb103510a116 2.1AS/en/os/SRPMS/ethereal-0.10.3-0.AS21.1.src.rpm f453528f60469bbf0be712ca4cccc17e 2.1AS/en/os/i386/ethereal-0.10.3-0.AS21.1.i386.rpm 3efbd9297cbbaabbe2990ec08574a979 2.1AS/en/os/i386/ethereal-gnome-0.10.3-0.AS21.1.i386.rpm 809643577f1b8162c796f2e2e9022d28 2.1AS/en/os/ia64/ethereal-0.10.3-0.AS21.1.ia64.rpm 75e7efb2ae55e705e814484a4e453122 2.1AS/en/os/ia64/ethereal-gnome-0.10.3-0.AS21.1.ia64.rpm 3ee5bfa1fae233434766cb103510a116 2.1AW/en/os/SRPMS/ethereal-0.10.3-0.AS21.1.src.rpm 809643577f1b8162c796f2e2e9022d28 2.1AW/en/os/ia64/ethereal-0.10.3-0.AS21.1.ia64.rpm 75e7efb2ae55e705e814484a4e453122 2.1AW/en/os/ia64/ethereal-gnome-0.10.3-0.AS21.1.ia64.rpm 3ee5bfa1fae233434766cb103510a116 2.1ES/en/os/SRPMS/ethereal-0.10.3-0.AS21.1.src.rpm f453528f60469bbf0be712ca4cccc17e 2.1ES/en/os/i386/ethereal-0.10.3-0.AS21.1.i386.rpm 3efbd9297cbbaabbe2990ec08574a979 2.1ES/en/os/i386/ethereal-gnome-0.10.3-0.AS21.1.i386.rpm 3ee5bfa1fae233434766cb103510a116 2.1WS/en/os/SRPMS/ethereal-0.10.3-0.AS21.1.src.rpm f453528f60469bbf0be712ca4cccc17e 2.1WS/en/os/i386/ethereal-0.10.3-0.AS21.1.i386.rpm 3efbd9297cbbaabbe2990ec08574a979 2.1WS/en/os/i386/ethereal-gnome-0.10.3-0.AS21.1.i386.rpm d89620409ec708cd7002c2764a8ae194 3AS/en/os/SRPMS/ethereal-0.10.3-0.30E.1.src.rpm fbed260c5d630709b964fe900d6108e4 3AS/en/os/i386/ethereal-0.10.3-0.30E.1.i386.rpm 01e3293274d2bff41dc5d0ef3afc5e95 3AS/en/os/i386/ethereal-gnome-0.10.3-0.30E.1.i386.rpm 6d7dc2add4dbfdfd6d676f91f98b4c66 3AS/en/os/ia64/ethereal-0.10.3-0.30E.1.ia64.rpm a55ab17410f0d0e0477c4e4de6bf52af 3AS/en/os/ia64/ethereal-gnome-0.10.3-0.30E.1.ia64.rpm c4c1da8a9a97f3f5f63419aa1d67f4ab 3AS/en/os/ppc/ethereal-0.10.3-0.30E.1.ppc.rpm 73459000523c3a39e100db884cfb84d9 3AS/en/os/ppc/ethereal-gnome-0.10.3-0.30E.1.ppc.rpm d09e6fac0fe3322b4d554823e551d104 3AS/en/os/s390/ethereal-0.10.3-0.30E.1.s390.rpm 816bec72bfcab54d8c7fde10d324a7a4 3AS/en/os/s390/ethereal-gnome-0.10.3-0.30E.1.s390.rpm 123d3d6435b43cc66423b6d6bb33768a 3AS/en/os/s390x/ethereal-0.10.3-0.30E.1.s390x.rpm 72a02b44f24b34365f6ee296ac7fb9cd 3AS/en/os/s390x/ethereal-gnome-0.10.3-0.30E.1.s390x.rpm 4c260a40647d2163d39a4640c3184a15 3AS/en/os/x86_64/ethereal-0.10.3-0.30E.1.x86_64.rpm ab0f7d515ce5b7497a747292f1a4c6bf 3AS/en/os/x86_64/ethereal-gnome-0.10.3-0.30E.1.x86_64.rpm d89620409ec708cd7002c2764a8ae194 3ES/en/os/SRPMS/ethereal-0.10.3-0.30E.1.src.rpm fbed260c5d630709b964fe900d6108e4 3ES/en/os/i386/ethereal-0.10.3-0.30E.1.i386.rpm 01e3293274d2bff41dc5d0ef3afc5e95 3ES/en/os/i386/ethereal-gnome-0.10.3-0.30E.1.i386.rpm d89620409ec708cd7002c2764a8ae194 3WS/en/os/SRPMS/ethereal-0.10.3-0.30E.1.src.rpm fbed260c5d630709b964fe900d6108e4 3WS/en/os/i386/ethereal-0.10.3-0.30E.1.i386.rpm 01e3293274d2bff41dc5d0ef3afc5e95 3WS/en/os/i386/ethereal-gnome-0.10.3-0.30E.1.i386.rpm 6d7dc2add4dbfdfd6d676f91f98b4c66 3WS/en/os/ia64/ethereal-0.10.3-0.30E.1.ia64.rpm a55ab17410f0d0e0477c4e4de6bf52af 3WS/en/os/ia64/ethereal-gnome-0.10.3-0.30E.1.ia64.rpm 4c260a40647d2163d39a4640c3184a15 3WS/en/os/x86_64/ethereal-0.10.3-0.30E.1.x86_64.rpm ab0f7d515ce5b7497a747292f1a4c6bf 3WS/en/os/x86_64/ethereal-gnome-0.10.3-0.30E.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://www.ethereal.com/appnotes/enpa-sa-00013.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0365 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0367 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAaaoeXlSAg2UNWIIRAoPJAJ90wEZyXPa0sdZJ7k6yRfitg/EEmACfZ80y a9QvvyTn+ODYSEyf3cywsEQ= =L6+g -----END PGP SIGNATURE-----