From bugzilla at redhat.com Wed May 12 07:46:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 12 May 2004 03:46 -0400 Subject: [RHSA-2004:188-01] Updated kernel packages available for Red Hat Enterprise Linux 3 Update 2 Message-ID: <200405120746.i4C7kBl13777@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated kernel packages available for Red Hat Enterprise Linux 3 Update 2 Advisory ID: RHSA-2004:188-01 Issue date: 2004-05-11 Updated on: 2004-05-11 Product: Red Hat Enterprise Linux Keywords: taroon kernel update Cross references: Obsoletes: RHSA-2004:017 RHSA-2004:183 CVE Names: CAN-2003-0461 CAN-2003-0465 CAN-2003-0984 CAN-2004-0003 CAN-2004-0010 - --------------------------------------------------------------------- 1. Topic: Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the second regular update. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - athlon, i386, i686, ia32e, ia64, ppc64, ppc64iseries, ppc64pseries, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - athlon, i386, i686 Red Hat Enterprise Linux WS version 3 - athlon, i386, i686, ia32e, ia64, x86_64 3. Problem description: The Linux kernel handles the basic functions of the operating system. This is the second regular kernel update to Red Hat Enterprise Linux version 3. It contains several minor security fixes, many bug fixes, device driver updates, new hardware support, and the introduction of Linux Syscall Auditing support. There were bug fixes in many different parts of the kernel, the bulk of which addressed unusual situations such as error handling, race conditions, and resource starvation. The combined effect of the approximately 140 fixes is a strong improvement in the reliability and durability of Red Hat Enterprise Linux. Some of the key areas affected are disk drivers, network drivers, USB support, x86_64 and ppc64 platform support, ia64 32-bit emulation layer enablers, and the VM, NFS, IPv6, and SCSI subsystems. A significant change in the SCSI subsystem (the disabling of the scsi-affine-queue patch) should significantly improve SCSI disk driver performance in many scenarios. There were 10 Bugzillas against SCSI performance problems addressed by this change. The following drivers have been upgraded to new versions: bonding ---- 2.4.1 cciss ------ 2.4.50.RH1 e1000 ------ 5.2.30.1-k1 fusion ----- 2.05.11.03 ipr -------- 1.0.3 ips -------- 6.11.07 megaraid2 -- 2.10.1.1 qla2x00 ---- 6.07.02-RH1 tg3 -------- 3.1 z90crypt --- 1.1.4 This update introduces support for the new Intel EM64T processor. A new "ia32e" architecture has been created to support booting on platforms based on either the original AMD Opteron CPU or the new Intel EM64T CPU. The existing "x86_64" architecture has remained optimized for Opteron systems. Kernels for both types of systems are built from the same x86_64-architecture sources and share a common kernel source RPM (kernel-source-2.4.21-15.EL.x86_64.rpm). Other highlights in this update include a major upgrade to the SATA infrastructure, addition of IBM JS20 Power Blade support, and creation of an optional IBM eServer zSeries On-Demand Timer facility for reducing idle CPU overhead. The following security issues were addressed in this update: A minor flaw was found where /proc/tty/driver/serial reveals the exact character counts for serial links. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0461 to this issue. The kernel strncpy() function in Linux 2.4 and 2.5 does not pad the target buffer with null bytes on architectures other than x86, as opposed to the expected libc behavior, which could lead to information leaks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0465 to this issue. A minor data leak was found in two real time clock drivers (for /dev/rtc). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0984 to this issue. A flaw in the R128 Direct Render Infrastructure (dri) driver could allow local privilege escalation. This driver is part of the kernel-unsupported package. The Common Vulnera- bilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0003 to this issue. A flaw in ncp_lookup() in ncpfs could allow local privilege escalation. The ncpfs module allows a system to mount volumes of NetWare servers or print to NetWare printers and is in the kernel-unsupported package. The Common Vulnera- bilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0010 to this issue. (Note that the kernel-unsupported package contains drivers and other modules that are unsupported and therefore might contain security problems that have not been addressed.) All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 102194 - Disk READ performance worse compared with 2.4.20-18.9smp 103706 - Some numerical values in /proc/partitions file becomes an unusual value. 104084 - ctc interface unexpectedly dies 104444 - RHEL3 U2: Syscall Auditing Support 104633 - The synchronous write() system call of RHEL3.0 is slower than that of RHEL2.1. 104634 - The synchronous write() system call of RHEL3.0 is slower than that of RHEL2.1. 104636 - The synchronous write() system call of RHEL3.0 is slower than that of RHEL2.1. 106111 - RHEL 3 U2: Only one CPU is initialized in a Hypthreading enabled Intel ICH5 platform. 106219 - raid level 1 disk failures 106334 - RHEL 3 - U2 -Qlogic FAStT Fibre driver 6.05 or later 106396 - Hardware crypto support 106402 - LTC4736 - PTS: Kernel Panic during mutex contention test. 106503 - ia64 kernel stops allocating memory too early when overcommit_memory set to strict 106584 - 'cp -p' returns error when destination is an nfs directory 106870 - RHEL 3 AS/IPF/QU1: Qlogic qla2300 6.06.50 106890 - RHEL 3 U2: preserve_argv0 patch missing - IPF x86 compat. 106894 - RHEL 3, U2: IA32 feat: new microcode update format sup. (Prescott/Nocona) 106969 - Random stall during boot-up 107330 - NC6770 adapter fails to regain connection after lost link 107331 - (tg3) Jumbo Frames w/bonding fails on NC7771 and Red Hat EL 3 RC1 respin 107744 - RHEL3 Update1: ia32 on ia64 syscall table 107864 - Data corruption in iozone benchmark 107915 - binfmt_misc.o is a part of kernel-unsupported - x86 compat on IPF 108958 - MINSIGSTKSZ mismatch between ia32 and ia64 109242 - LTC5267 - Network degradation as runs progress in specweb99 109618 - 3ware raid extremely low throughput 109660 - op_time no samples files found 109843 - Typo in module parameter of scsi_mod module 109914 - PATCH: LTC5351-Large external array causes SIGILL in 32-bit 110170 - [PATCH] LTC5381- rhel 3 will need to pick up the cyclone-lpj-fix patch 110633 - iptables ipt_limit module fails on ppc (iserie) RS64-IV RHEL3 110716 - RHEL 3 - U2 - JS30 Blade - kernel enablement 110849 - zcrypt update to 06-11 and up 110872 - System Hangs after 5-10 minutes with USB attached 110999 - clock is running to fast on IBM x445 111250 - tg3 driver fails to autonegotiate correctly 111264 - ada compiler crashes on even hello-world 111287 - [PATCH] alternate signal stack bug corrupts RNaT bits 111403 - [PATCH] LTC3766 - pthreads/NPTL problems with large memory processes 111446 - hang in RHEL 3 pthreads library 111629 - ACL over NFS problem 111673 - RHEL 3 U2 - ServeRAID update for IA64 fixes 111681 - Invalid ICMP type 11 messages echo'd to console 111768 - /proc/pid/statm can return negative values 111774 - [PATCH] HP cciss driver bug fix 111853 - [PATCH] cciss hba pointer may be null when trying to release I/O memory 111854 - [PATCH] need to enable prefetch on HP 64xx controllers 111855 - [PATCH] problems hot plugging older cciss controllers 111856 - [PATCH] cciss driver may panic system when sharing IRQ's 111858 - [PATCH] cciss may display #blocks as a negative value 111903 - [PATCH] oops in IUCV code 111911 - avoid hang during initialization on I/O errors 111968 - Allow async read/write to propagate down to transports that support async 112006 - [PATCH] BUG() from __remove_inode_page 112025 - SMP kernels parsing of AICP tables limited - breaks hyperthreading 112039 - RHEL 3 U2: Qlogic qla2300 driver version 6.07.++ 112040 - RHEL 3 U2: Update cciss driver to 2.4.50 112057 - RHEL3 U2: update megaraid2 to version 2.10.x 112103 - RHEL3 U2: IA32 core dump support on IPF 112111 - RHEL 3 U2: ICH6 PATA support 112139 - RHEL 3 U2: update cciss driver (new funct/bug fixes) to 2.4.50 112163 - RHEL 3 U2 - Update e1000 112190 - Duplicate get_partition_list bug to track Bugzilla 111342 in Taroon - 112288 - [PATCH] ICMPv6 error message contains incorrect original packet's data. 112359 - RHEL 3.0 using v6.06.00b11 driver attached to McData switch doesn't log in or scan devices successfully. 112363 - NC7722 when using the TG3 driver has no active link Th established 112449 - (TG3) driver doesn't work properly with bcm5700 nic 112584 - reservation error code, corrupts request queue 112607 - aironet driver fixes 112646 - defunct processes whose parent process is 'init' are created. 112724 - kernel hang when unmap a hugetlb vma 112764 - RHEL3 kernel not preventing or recovering from fork bomb when ulimit used 112826 - LTC5732 - MMIO alignment error when inserting the olympic TR module. 113034 - RHEL 3 U2: Merge IBM IPR driver into main kernel RPM 113051 - [PATCH] LTC5757 - RHEL3 update 2 RAS patches - rtas syscall and os-term 113052 - [PATCH] LTC5758 - /proc/ppc64/lparcfg file missing in RHEL 3 113071 - [PATCH] RHEL3 ia64: 32 bit applications don't dump core properly 113072 - [PATCH] RHEL3/ia64: strace -f on multithreaded 32 bit applications doesn't work 113099 - CAN-2003-0461 /proc reveals char count 113100 - CAN-2003-0465 kernel strncpy padding 113103 - CAN-2003-0984 minor /dev/rtc leak 113105 - Al-Viro kmod local DoS 113171 - lousy read performance on megaraid with 2.4.21-4.0.2.EL 113213 - kernel crashes when unmap_kvec() is called in interrupt context 113328 - RHEL 3 - U2 ACPI support for multiple IDE devices (x455) 113341 - netdump - various race conditions that lead to hangs in panic()/die() 113413 - too many ipv6 aliases cause kernel oops 113561 - Patch for BLIST_SPARSELUN in scsi_scan.c 113604 - CAN-2004-0003 r128 DRI 113737 - [PATCH] sym53c8xx.c - odd byte tape fix 113738 - [PATCH] updated megaraid2 driver (2.10.1) 113739 - [PATCH] updated mptfusion driver (2.05.11) 113809 - depmod is not run for kernel-2.4.21-9.EL from Quaterly Update #1 113890 - [PATCH] Excutable compiled on x86 can cause kernel seg fault on x86_64 114052 - Raw device performance poor under WS 3 Dreamworks IT#29689 114135 - LSI Megaraid(2) performance subpar in RHEL3, using RHEL3 kernel 114137 - RHEL3 U2: patch for sym53c8xx.c to address odd byte tape fix 114356 - USB keyboard/mouse don\'t work on upcoming Dell servers 114529 - RHEL3: [PATCH] Inclusion of Handspring Treo patch into next kernel release 114553 - Bad performance with Q1 update kernel (-9EL) 114560 - zfcp updates for RHEL3 U2 114588 - [PATCH] don't serialize NFS direct writes 114773 - Panic in elf_core_copy_regs() core dumping ia32 binary 114869 - date returns future year of 586562 114873 - RHEL3 U2: softirq interrupt deferral patch 114874 - RHEL 2.1 U4 and RHEL 3 U2 - e1000 fix for SOL 114940 - RHEL 3.0 default QLogic driver v6.06.00b11 spews sg_low_free and QUEUE FULL messages at load time. 114942 - Running I/O on RHEL 3.0 and using the v6.06.00b11 driver, the driver ran out of memory and began arbitrarily killing processes. 115072 - Lack of file close processing for O_DIRECT unsupported filesystem in dentry_open() 115231 - RHEL 3_U2 Adds new processor support 115273 - bad disk I/O performance with the 2.4.21-4.ELsmp kernel 115334 - Suspected VM problem causes gradual Tux performance degradation 115390 - Kernel panic and/or EXT3-fs corruption running sysreport on rx7620 115438 - strange load - kswapd/IO ? 115439 - LTC5321-Cannot enable quota on RHEL 3 for ppc64 115823 - CAN-2004-0010 ncpfs hole (unsupported) 116261 - RHEL3 kernel specfile for s390* should require minimum version of s390utils 116916 - tg3 driver doesn't support bonding driver's ALB mode 117454 - /proc/cpuinfo has bad info on ia32e 117741 - P4 2.8ghz HT, Using RHEL WS 3.0 Update 1, latest SMP Kernel, see only 1 CPU 117914 - RHEL3 U3: Handspring Treo ID 117941 - frequent kernel panics 118109 - System hangs while running stress tests with hugetlbfs on hugemem kernel 118397 - system needlessly thrashing swap partition 118494 - updates to scsi_scan.c (RHEL3 U2 alpha) 118556 - MTRRs not initialized correctly 118647 - kswapd in state R and D load constant at 1+ 118882 - Machine doesn't boot SMP Kernel after installation 118885 - [PATCH] kernel panics when removing expired IPsec SAs 118974 - stack overflows during ACPI initialization 118980 - option \'acpi=off\' not working correctly 119009 - Kernel panic occurs when trying to install RHEL 3 U2 B2 for AMD64 119174 - /proc/cpuinfo vendor_id is wrong. shows $ 119234 - RHEL3 U2 beta1 hard locks on Celcius 810v 119545 - kernel module binfmt_misc missing 119638 - Can't set speed/duplex on tg3 fiber interfaces 119903 - nfs peformance very bad on EL3 120232 - [x86_64] Crash on install disc boot without newly-required noapictimers 120341 - Runaway processes with USB console on Blade Center 121856 - LTC7932-Kernel Panic with TCE allocation failure w/ Qlogic queue depth issue 122077 - servers freeze (only respond to ping and sysrq) periodically 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-15.EL.src.rpm athlon: Available from Red Hat Network: kernel-2.4.21-15.EL.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.EL.athlon.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.EL.athlon.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.EL.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.21-15.EL.i386.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.EL.i386.rpm Available from Red Hat Network: kernel-source-2.4.21-15.EL.i386.rpm i686: Available from Red Hat Network: kernel-2.4.21-15.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-2.4.21-15.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-unsupported-2.4.21-15.EL.i686.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.EL.i686.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.EL.i686.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.EL.i686.rpm ia32e: Available from Red Hat Network: kernel-2.4.21-15.EL.ia32e.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.EL.ia32e.rpm ia64: Available from Red Hat Network: kernel-2.4.21-15.EL.ia64.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.EL.ia64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.EL.ia64.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.EL.ia64.rpm ppc64: Available from Red Hat Network: kernel-doc-2.4.21-15.EL.ppc64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.EL.ppc64.rpm ppc64iseries: Available from Red Hat Network: kernel-2.4.21-15.EL.ppc64iseries.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.EL.ppc64iseries.rpm ppc64pseries: Available from Red Hat Network: kernel-2.4.21-15.EL.ppc64pseries.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.EL.ppc64pseries.rpm s390: Available from Red Hat Network: kernel-2.4.21-15.EL.s390.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.EL.s390.rpm Available from Red Hat Network: kernel-source-2.4.21-15.EL.s390.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.EL.s390.rpm s390x: Available from Red Hat Network: kernel-2.4.21-15.EL.s390x.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.EL.s390x.rpm Available from Red Hat Network: kernel-source-2.4.21-15.EL.s390x.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.EL.s390x.rpm x86_64: Available from Red Hat Network: kernel-2.4.21-15.EL.x86_64.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.EL.x86_64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.EL.x86_64.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.EL.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-15.EL.src.rpm athlon: Available from Red Hat Network: kernel-2.4.21-15.EL.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.EL.athlon.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.EL.athlon.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.EL.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.21-15.EL.i386.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.EL.i386.rpm Available from Red Hat Network: kernel-source-2.4.21-15.EL.i386.rpm i686: Available from Red Hat Network: kernel-2.4.21-15.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-2.4.21-15.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-unsupported-2.4.21-15.EL.i686.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.EL.i686.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.EL.i686.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.EL.i686.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-15.EL.src.rpm athlon: Available from Red Hat Network: kernel-2.4.21-15.EL.athlon.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.EL.athlon.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.EL.athlon.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.EL.athlon.rpm i386: Available from Red Hat Network: kernel-BOOT-2.4.21-15.EL.i386.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.EL.i386.rpm Available from Red Hat Network: kernel-source-2.4.21-15.EL.i386.rpm i686: Available from Red Hat Network: kernel-2.4.21-15.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-2.4.21-15.EL.i686.rpm Available from Red Hat Network: kernel-hugemem-unsupported-2.4.21-15.EL.i686.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.EL.i686.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.EL.i686.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.EL.i686.rpm ia32e: Available from Red Hat Network: kernel-2.4.21-15.EL.ia32e.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.EL.ia32e.rpm ia64: Available from Red Hat Network: kernel-2.4.21-15.EL.ia64.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.EL.ia64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.EL.ia64.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.EL.ia64.rpm x86_64: Available from Red Hat Network: kernel-2.4.21-15.EL.x86_64.rpm Available from Red Hat Network: kernel-doc-2.4.21-15.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-2.4.21-15.EL.x86_64.rpm Available from Red Hat Network: kernel-smp-unsupported-2.4.21-15.EL.x86_64.rpm Available from Red Hat Network: kernel-source-2.4.21-15.EL.x86_64.rpm Available from Red Hat Network: kernel-unsupported-2.4.21-15.EL.x86_64.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- ccad3e4dbb561cca63badec7b6317163 kernel-2.4.21-15.EL.athlon.rpm f1cdb8023f0074a870c02e238feacd48 kernel-2.4.21-15.EL.i686.rpm 7e0980daf431587d541d42ce7e9ed1aa kernel-2.4.21-15.EL.ia32e.rpm 66352bf4f48daf50de4727f515a6c59c kernel-2.4.21-15.EL.ia64.rpm b62cbd1cebb476be2c7959e9711c3974 kernel-2.4.21-15.EL.ppc64iseries.rpm ac1ac2f389cdfd6fdd6c1a5ccb5b4b66 kernel-2.4.21-15.EL.ppc64pseries.rpm 30ca5c26882e9580b3d5e9796b0c4450 kernel-2.4.21-15.EL.s390.rpm 0eda90f574a83b83904bc6a34677e0d5 kernel-2.4.21-15.EL.s390x.rpm b698c83996f9e178a2328a6819ac5351 kernel-2.4.21-15.EL.src.rpm 3b4b32cbaf79bbb8347a46a55e3f567b kernel-2.4.21-15.EL.x86_64.rpm 4292218598ef0d169b10a5b9c248b121 kernel-BOOT-2.4.21-15.EL.i386.rpm 496f073081daeb065744999269ebe0ff kernel-doc-2.4.21-15.EL.i386.rpm 8b00b405e53a2de14167ddf7826d3c2c kernel-doc-2.4.21-15.EL.ia64.rpm 607f87500495009130794a917a1507d4 kernel-doc-2.4.21-15.EL.ppc64.rpm eb5aebe1ad8aeea59142d0522b778d15 kernel-doc-2.4.21-15.EL.s390.rpm 9809a3354afbebb5d72093ec57543936 kernel-doc-2.4.21-15.EL.s390x.rpm 7e23eb4b2dae89277af9158f4d060d15 kernel-doc-2.4.21-15.EL.x86_64.rpm 47246b48fcda4741cd7c74a16cef1f1e kernel-hugemem-2.4.21-15.EL.i686.rpm 1980c6ef8defadedbb591c1fb91cb710 kernel-hugemem-unsupported-2.4.21-15.EL.i686.rpm 2edfe3398e83c4dbb5ac47a9514a253f kernel-smp-2.4.21-15.EL.athlon.rpm 01a1577e4a501ce6db3879d3cc5134de kernel-smp-2.4.21-15.EL.i686.rpm 6c2bef2ec68fc88fb4e41ab365b892d6 kernel-smp-2.4.21-15.EL.x86_64.rpm f6ff7ea30964f4960bb85e17cda3085e kernel-smp-unsupported-2.4.21-15.EL.athlon.rpm aa7535be656bf89f60c8a01bf347b12c kernel-smp-unsupported-2.4.21-15.EL.i686.rpm 918aa8fe2dddd5b0e39fdda928d1ac11 kernel-smp-unsupported-2.4.21-15.EL.x86_64.rpm 003856a5f02c9e33124b6f8cba7eee3c kernel-source-2.4.21-15.EL.i386.rpm 93733a4a47b8303a6e34c50f31a840d3 kernel-source-2.4.21-15.EL.ia64.rpm 78311de9005374db527efd58a741ebf0 kernel-source-2.4.21-15.EL.ppc64.rpm 29868c0ee56a5c52986e4879d2d8317a kernel-source-2.4.21-15.EL.s390.rpm 5166eac7154184ed337eb5f3743ee449 kernel-source-2.4.21-15.EL.s390x.rpm a5eed15aec5410d0fe7969cf6822cf8d kernel-source-2.4.21-15.EL.x86_64.rpm 2740555623bc674229d0336ac9e10a84 kernel-unsupported-2.4.21-15.EL.athlon.rpm 53da49b7178bdcba6d849aa2da30037d kernel-unsupported-2.4.21-15.EL.i686.rpm e5ed73b33fec640983b6291d5563e72e kernel-unsupported-2.4.21-15.EL.ia32e.rpm c5d55c5fb6ac3642fe3ddf1110e84b20 kernel-unsupported-2.4.21-15.EL.ia64.rpm 91b27b98335b877dc9691592967654d1 kernel-unsupported-2.4.21-15.EL.ppc64iseries.rpm 7c8fce1f061daa0cda1bd35bd163bcca kernel-unsupported-2.4.21-15.EL.ppc64pseries.rpm dd9e29bcc2bfdd2ddeeb5c3026f677cd kernel-unsupported-2.4.21-15.EL.s390.rpm 1e107ae79f89952f5c62495253867458 kernel-unsupported-2.4.21-15.EL.s390x.rpm d94b403c362b2a4c3f6f1b4cdb3eb6f5 kernel-unsupported-2.4.21-15.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0984 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0010 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAodYyXlSAg2UNWIIRAiHLAJ98fGegpNNiXXKWF2zWLABgMVgcZwCguZWi 6h8ZzgkTJt98hnMoHP4IJ1Y= =MPFx -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 12 07:46:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 12 May 2004 03:46 -0400 Subject: [RHSA-2004:165-01] Updated ipsec-tools package fixes vulnerabilities in ISAKMP daemon Message-ID: <200405120746.i4C7kul13818@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated ipsec-tools package fixes vulnerabilities in ISAKMP daemon Advisory ID: RHSA-2004:165-01 Issue date: 2004-05-11 Updated on: 2004-05-11 Product: Red Hat Enterprise Linux Keywords: SA x509 Cross references: Obsoletes: CVE Names: CAN-2004-0155 CAN-2004-0164 CAN-2004-0403 - --------------------------------------------------------------------- 1. Topic: An updated ipsec-tools package that fixes vulnerabilities in racoon (the ISAKMP daemon) is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: IPSEC uses strong cryptography to provide both authentication and encryption services. With versions of ipsec-tools prior to 0.2.3, it was possible for an attacker to cause unauthorized deletion of SA (Security Associations.) The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0164 to this issue. With versions of ipsec-tools prior to 0.2.5, the RSA signature on x.509 certificates was not properly verified when using certificate based authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0155 to this issue. When ipsec-tools receives an ISAKMP header, it will attempt to allocate sufficient memory for the entire ISAKMP message according to the header's length field. If an attacker crafts an ISAKMP header with a extremely large value in the length field, racoon may exceed operating system resource limits and be terminated, resulting in a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0403 to this issue. User of IPSEC should upgrade to this updated package, which contains ipsec-tools version 0.25 along with a security patch for CAN-2004-0403 which resolves all these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 120253 - CAN-2004-0155/CAN-2004-0164 KAME racoon issues 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ipsec-tools-0.2.5-0.4.src.rpm i386: Available from Red Hat Network: ipsec-tools-0.2.5-0.4.i386.rpm ia64: Available from Red Hat Network: ipsec-tools-0.2.5-0.4.ia64.rpm ppc: Available from Red Hat Network: ipsec-tools-0.2.5-0.4.ppc.rpm s390: Available from Red Hat Network: ipsec-tools-0.2.5-0.4.s390.rpm s390x: Available from Red Hat Network: ipsec-tools-0.2.5-0.4.s390x.rpm x86_64: Available from Red Hat Network: ipsec-tools-0.2.5-0.4.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ipsec-tools-0.2.5-0.4.src.rpm i386: Available from Red Hat Network: ipsec-tools-0.2.5-0.4.i386.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ipsec-tools-0.2.5-0.4.src.rpm i386: Available from Red Hat Network: ipsec-tools-0.2.5-0.4.i386.rpm ia64: Available from Red Hat Network: ipsec-tools-0.2.5-0.4.ia64.rpm x86_64: Available from Red Hat Network: ipsec-tools-0.2.5-0.4.x86_64.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 819a52723fa5a2d7033f8f1bb3cc7a60 ipsec-tools-0.2.5-0.4.i386.rpm c5e7c8d9795830b279cda5788bec8c4f ipsec-tools-0.2.5-0.4.ia64.rpm f00e5a71c14bffad7888e6f9592d1f51 ipsec-tools-0.2.5-0.4.ppc.rpm 058c2463f7d1b93640d17fafbf952238 ipsec-tools-0.2.5-0.4.s390.rpm 86753b7e9ca3cecb383c65507a2964e6 ipsec-tools-0.2.5-0.4.s390x.rpm 6ada9a100876ea9ed4b5ead7c4364ab0 ipsec-tools-0.2.5-0.4.src.rpm 59be1182425e6f7442ee20679263ef35 ipsec-tools-0.2.5-0.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0403 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAodZrXlSAg2UNWIIRAoM6AJ9Rvgb2NzIVners6kuq/X+DYWwtmQCfTHSJ Pynsyc3wmfICqt5GLlVNjgw= =KXGg -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon May 17 21:13:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 May 2004 17:13 -0400 Subject: [RHSA-2004:222-01] Updated kdelibs packages resolve URI security issues Message-ID: <200405172113.i4HLD6l08597@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated kdelibs packages resolve URI security issues Advisory ID: RHSA-2004:222-01 Issue date: 2004-05-17 Updated on: 2004-05-17 Product: Red Hat Enterprise Linux Keywords: Cross references: Obsoletes: RHSA-2004:074 CVE Names: CAN-2004-0411 - --------------------------------------------------------------------- 1. Topic: Updated kdelibs packages that fix telnet URI handler and mailto URI handler file vulnerabilities are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The kdelibs packages include libraries for the K Desktop Environment. KDE Libraries include: kdecore (KDE core library), kdeui (user interface), kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking), kspell (spelling checker), jscript (javascript), kab (addressbook), kimgio (image manipulation). Konqueror is a file manager and Web browser for the K Desktop Environment (KDE). iDEFENSE identified a vulnerability in the Opera web browser that could allow remote attackers to create or truncate arbitrary files. The KDE team has found two similar vulnerabilities that also exist in KDE. A flaw in the telnet URI handler may allow options to be passed to the telnet program, resulting in creation or replacement of files. An attacker could create a carefully crafted link such that when opened by a victim it creates or overwrites a file with the victim's permissions. A flaw in the mailto URI handler may allow options to be passed to the kmail program. These options could cause kmail to write to the file system or to run on a remote X display. An attacker could create a carefully crafted link in such a way that access may be obtained to run arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0411 to these issues. Note: Red Hat Enterprise Linux 2.1 is only vulnerable to the mailto URI flaw as a previous update shipped without a telnet.protocol file. All users of KDE are advised to upgrade to these erratum packages, which contain a backported patch for these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 123232 - CAN-2004-0411 URI filtering vulnerability 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kdelibs-2.2.2-11.src.rpm i386: Available from Red Hat Network: arts-2.2.2-11.i386.rpm Available from Red Hat Network: kdelibs-2.2.2-11.i386.rpm Available from Red Hat Network: kdelibs-devel-2.2.2-11.i386.rpm Available from Red Hat Network: kdelibs-sound-2.2.2-11.i386.rpm Available from Red Hat Network: kdelibs-sound-devel-2.2.2-11.i386.rpm ia64: Available from Red Hat Network: arts-2.2.2-11.ia64.rpm Available from Red Hat Network: kdelibs-2.2.2-11.ia64.rpm Available from Red Hat Network: kdelibs-devel-2.2.2-11.ia64.rpm Available from Red Hat Network: kdelibs-sound-2.2.2-11.ia64.rpm Available from Red Hat Network: kdelibs-sound-devel-2.2.2-11.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdelibs-2.2.2-11.src.rpm ia64: Available from Red Hat Network: arts-2.2.2-11.ia64.rpm Available from Red Hat Network: kdelibs-2.2.2-11.ia64.rpm Available from Red Hat Network: kdelibs-devel-2.2.2-11.ia64.rpm Available from Red Hat Network: kdelibs-sound-2.2.2-11.ia64.rpm Available from Red Hat Network: kdelibs-sound-devel-2.2.2-11.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdelibs-2.2.2-11.src.rpm i386: Available from Red Hat Network: arts-2.2.2-11.i386.rpm Available from Red Hat Network: kdelibs-2.2.2-11.i386.rpm Available from Red Hat Network: kdelibs-devel-2.2.2-11.i386.rpm Available from Red Hat Network: kdelibs-sound-2.2.2-11.i386.rpm Available from Red Hat Network: kdelibs-sound-devel-2.2.2-11.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdelibs-2.2.2-11.src.rpm i386: Available from Red Hat Network: arts-2.2.2-11.i386.rpm Available from Red Hat Network: kdelibs-2.2.2-11.i386.rpm Available from Red Hat Network: kdelibs-devel-2.2.2-11.i386.rpm Available from Red Hat Network: kdelibs-sound-2.2.2-11.i386.rpm Available from Red Hat Network: kdelibs-sound-devel-2.2.2-11.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kdelibs-3.1.3-6.4.src.rpm i386: Available from Red Hat Network: kdelibs-3.1.3-6.4.i386.rpm Available from Red Hat Network: kdelibs-devel-3.1.3-6.4.i386.rpm ia64: Available from Red Hat Network: kdelibs-3.1.3-6.4.ia64.rpm Available from Red Hat Network: kdelibs-devel-3.1.3-6.4.ia64.rpm ppc: Available from Red Hat Network: kdelibs-3.1.3-6.4.ppc.rpm Available from Red Hat Network: kdelibs-devel-3.1.3-6.4.ppc.rpm s390: Available from Red Hat Network: kdelibs-3.1.3-6.4.s390.rpm Available from Red Hat Network: kdelibs-devel-3.1.3-6.4.s390.rpm s390x: Available from Red Hat Network: kdelibs-3.1.3-6.4.s390x.rpm Available from Red Hat Network: kdelibs-devel-3.1.3-6.4.s390x.rpm x86_64: Available from Red Hat Network: kdelibs-3.1.3-6.4.x86_64.rpm Available from Red Hat Network: kdelibs-devel-3.1.3-6.4.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kdelibs-3.1.3-6.4.src.rpm i386: Available from Red Hat Network: kdelibs-3.1.3-6.4.i386.rpm Available from Red Hat Network: kdelibs-devel-3.1.3-6.4.i386.rpm x86_64: Available from Red Hat Network: kdelibs-3.1.3-6.4.x86_64.rpm Available from Red Hat Network: kdelibs-devel-3.1.3-6.4.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kdelibs-3.1.3-6.4.src.rpm i386: Available from Red Hat Network: kdelibs-3.1.3-6.4.i386.rpm Available from Red Hat Network: kdelibs-devel-3.1.3-6.4.i386.rpm ia64: Available from Red Hat Network: kdelibs-3.1.3-6.4.ia64.rpm Available from Red Hat Network: kdelibs-devel-3.1.3-6.4.ia64.rpm x86_64: Available from Red Hat Network: kdelibs-3.1.3-6.4.x86_64.rpm Available from Red Hat Network: kdelibs-devel-3.1.3-6.4.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kdelibs-3.1.3-6.4.src.rpm i386: Available from Red Hat Network: kdelibs-3.1.3-6.4.i386.rpm Available from Red Hat Network: kdelibs-devel-3.1.3-6.4.i386.rpm ia64: Available from Red Hat Network: kdelibs-3.1.3-6.4.ia64.rpm Available from Red Hat Network: kdelibs-devel-3.1.3-6.4.ia64.rpm x86_64: Available from Red Hat Network: kdelibs-3.1.3-6.4.x86_64.rpm Available from Red Hat Network: kdelibs-devel-3.1.3-6.4.x86_64.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 240c6505acec2356220b76477de9cfe9 arts-2.2.2-11.i386.rpm 45647631fb31fccd8de357dfb7285a69 arts-2.2.2-11.ia64.rpm c7d1747dea5001e2de47ed6a278def66 kdelibs-2.2.2-11.i386.rpm aadc9d79bddbaac5e8c0adf287b06405 kdelibs-2.2.2-11.ia64.rpm e4f2075b6f80f7dc855d786816634e44 kdelibs-2.2.2-11.src.rpm 710fb1f4089e86101e95292564625387 kdelibs-3.1.3-6.4.i386.rpm 438ef0cd01e512e1822eb819cde5f405 kdelibs-3.1.3-6.4.ia64.rpm 6b9095e86b9698606d1def4b24c1c7af kdelibs-3.1.3-6.4.ppc.rpm d43e989c92cf19ff5cf5ea84f13937f1 kdelibs-3.1.3-6.4.s390.rpm 0abe3254d8fcd1f55bd6dea9bb32b4f1 kdelibs-3.1.3-6.4.s390x.rpm 5a8bcb4feb3e4fa9a2cc646eb6321c83 kdelibs-3.1.3-6.4.src.rpm 7561fc225c179a046e7a2fbe85e56123 kdelibs-3.1.3-6.4.x86_64.rpm f0c464c5cbca39beada246396d90adc8 kdelibs-devel-2.2.2-11.i386.rpm 54546bdd2f2d9849119533ca1bb0cfcf kdelibs-devel-2.2.2-11.ia64.rpm 5a7c254d028fa2ec3a3e4bf1cc7ee989 kdelibs-devel-3.1.3-6.4.i386.rpm 57ba2bdf60aa052d1fb0ca4df4295580 kdelibs-devel-3.1.3-6.4.ia64.rpm beb3ebde3ba83c40d5991b3d57e0434b kdelibs-devel-3.1.3-6.4.ppc.rpm 38e2c6995f70cecec99e2460d76aeb30 kdelibs-devel-3.1.3-6.4.s390.rpm 7d45ff3567e12259f58f1a082d5a4ad4 kdelibs-devel-3.1.3-6.4.s390x.rpm 2d9da6a96c40c2d0956ed5692860b2ca kdelibs-devel-3.1.3-6.4.x86_64.rpm 24767eda2c7bc7c3dedec88ab1cef637 kdelibs-sound-2.2.2-11.i386.rpm a6a516b72e2666a246c657868b31cdc4 kdelibs-sound-2.2.2-11.ia64.rpm 305b3988acb971e46d0cfc76d41efbdf kdelibs-sound-devel-2.2.2-11.i386.rpm 7e65d97bf1f95241d21a7f2bd853d5ec kdelibs-sound-devel-2.2.2-11.ia64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://www.kde.org/info/security/advisory-20040517-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAqSrHXlSAg2UNWIIRAn9GAJ4zFYDGGyKtMD0Rz4s04PBUYWKqNgCgpDlK 3dUTMmlbWmcnaaa9+6JojOs= =DS0I -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 19 06:48:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 May 2004 02:48 -0400 Subject: [RHSA-2004:190-01] Updated cvs package fixes security issue Message-ID: <200405190648.i4J6mbl25697@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated cvs package fixes security issue Advisory ID: RHSA-2004:190-01 Issue date: 2004-05-19 Updated on: 2004-05-19 Product: Red Hat Enterprise Linux Keywords: cvs Cross references: Obsoletes: RHSA-2004:153 CVE Names: CAN-2004-0396 - --------------------------------------------------------------------- 1. Topic: An updated cvs package that fixes a server vulnerability that could be exploited by a malicious client is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: CVS is a version control system frequently used to manage source code repositories. Stefan Esser discovered a flaw in cvs where malformed "Entry" lines could cause a heap overflow. An attacker who has access to a CVS server could use this flaw to execute arbitrary code under the UID which the CVS server is executing. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0396 to this issue. Users of CVS are advised to upgrade to this updated package, which contains a backported patch correcting this issue. Red Hat would like to thank Stefan Esser for notifying us of this issue and Derek Price for providing an updated patch. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 122384 - CAN-2004-0396 CVS pserver heap overflow via Entry/Is-modified/Unchanged 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/cvs-1.11.1p1-14.src.rpm i386: Available from Red Hat Network: cvs-1.11.1p1-14.i386.rpm ia64: Available from Red Hat Network: cvs-1.11.1p1-14.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/cvs-1.11.1p1-14.src.rpm ia64: Available from Red Hat Network: cvs-1.11.1p1-14.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/cvs-1.11.1p1-14.src.rpm i386: Available from Red Hat Network: cvs-1.11.1p1-14.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/cvs-1.11.1p1-14.src.rpm i386: Available from Red Hat Network: cvs-1.11.1p1-14.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cvs-1.11.2-22.src.rpm i386: Available from Red Hat Network: cvs-1.11.2-22.i386.rpm ia64: Available from Red Hat Network: cvs-1.11.2-22.ia64.rpm ppc: Available from Red Hat Network: cvs-1.11.2-22.ppc.rpm ppc64: Available from Red Hat Network: cvs-1.11.2-22.ppc64.rpm s390: Available from Red Hat Network: cvs-1.11.2-22.s390.rpm s390x: Available from Red Hat Network: cvs-1.11.2-22.s390x.rpm x86_64: Available from Red Hat Network: cvs-1.11.2-22.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cvs-1.11.2-22.src.rpm i386: Available from Red Hat Network: cvs-1.11.2-22.i386.rpm x86_64: Available from Red Hat Network: cvs-1.11.2-22.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cvs-1.11.2-22.src.rpm i386: Available from Red Hat Network: cvs-1.11.2-22.i386.rpm ia64: Available from Red Hat Network: cvs-1.11.2-22.ia64.rpm x86_64: Available from Red Hat Network: cvs-1.11.2-22.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cvs-1.11.2-22.src.rpm i386: Available from Red Hat Network: cvs-1.11.2-22.i386.rpm ia64: Available from Red Hat Network: cvs-1.11.2-22.ia64.rpm x86_64: Available from Red Hat Network: cvs-1.11.2-22.x86_64.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 42730e443a871554b4032274a0c11a5f cvs-1.11.1p1-14.i386.rpm da5d9db42c89af5802ce9d0a3e4d3657 cvs-1.11.1p1-14.ia64.rpm 61642b47066228e70dfdc9566410a87d cvs-1.11.1p1-14.src.rpm 4f0f32b04a4d7c58c000f75b9a9f1fc4 cvs-1.11.2-22.i386.rpm 346b56148d792eebc91ddd55db4dff4c cvs-1.11.2-22.ia64.rpm a9c3c6b57519abc31b2287ac9f4184ea cvs-1.11.2-22.ppc.rpm 81d21c8917efb67263df78b612fb6c84 cvs-1.11.2-22.ppc64.rpm de9e328dad4f4529667308cadadbf2bb cvs-1.11.2-22.s390.rpm c151a4bec7292db136f06563d4f1e2d3 cvs-1.11.2-22.s390x.rpm adef0f75769bcf11e2de066b0c64b129 cvs-1.11.2-22.src.rpm f5401bb9eed683f18af0f0747bc09290 cvs-1.11.2-22.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://security.e-matters.de/advisories/072004.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0396 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAqwMqXlSAg2UNWIIRAluBAJ9bWti4/Uxs2thmLC7s3V6HVWdrPgCgoco8 Hto4ER67Md0kTqqoswNzKh4= =e9XW -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 19 06:48:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 May 2004 02:48 -0400 Subject: [RHSA-2004:191-01] Updated cadaver package fixes security vulnerability in neon Message-ID: <200405190648.i4J6mul25710@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated cadaver package fixes security vulnerability in neon Advisory ID: RHSA-2004:191-01 Issue date: 2004-05-19 Updated on: 2004-05-19 Product: Red Hat Enterprise Linux Keywords: cadaver neon sscanf Cross references: Obsoletes: CVE Names: CAN-2004-0398 - --------------------------------------------------------------------- 1. Topic: An updated cadaver package is now available that fixes a vulnerability in neon which could be exploitable by a malicious DAV server. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: cadaver is a command-line WebDAV client that uses inbuilt code from neon, an HTTP and WebDAV client library. Stefan Esser discovered a flaw in the neon library which allows a heap buffer overflow in a date parsing routine. An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client should a user connect to it using cadaver. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0398 to this issue. Users of cadaver are advised to upgrade to this updated package, which contains a patch correcting this issue. This issue does not affect Red Hat Enterprise Linux 3. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 122497 - CAN-2004-0398 heap overflow in neon affects cadaver 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/cadaver-0.22.1-1.0.src.rpm i386: Available from Red Hat Network: cadaver-0.22.1-1.0.i386.rpm ia64: Available from Red Hat Network: cadaver-0.22.1-1.0.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/cadaver-0.22.1-1.0.src.rpm ia64: Available from Red Hat Network: cadaver-0.22.1-1.0.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/cadaver-0.22.1-1.0.src.rpm i386: Available from Red Hat Network: cadaver-0.22.1-1.0.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/cadaver-0.22.1-1.0.src.rpm i386: Available from Red Hat Network: cadaver-0.22.1-1.0.i386.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 74352b500efc9fe95b932db561a97301 cadaver-0.22.1-1.0.i386.rpm 504c70514d6fe70edd342fe05809f059 cadaver-0.22.1-1.0.ia64.rpm f61038fc22fd38899ee8366ed77c99a6 cadaver-0.22.1-1.0.src.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://security.e-matters.de/advisories/062004.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0398 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAqwNQXlSAg2UNWIIRAmXqAKCurcsUZfwGu6+fgC06m35/eKXlNQCfbBak jIQQrW6w/XGUKSv5wLAlbus= =y2qa -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 19 19:06:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 May 2004 15:06 -0400 Subject: [RHSA-2004:172-01] Updated mc packages resolve several vulnerabilities Message-ID: <200405191906.i4JJ66l27270@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated mc packages resolve several vulnerabilities Advisory ID: RHSA-2004:172-01 Issue date: 2004-05-19 Updated on: 2004-05-19 Product: Red Hat Enterprise Linux Keywords: mc buffer overflow format string temporary file Cross references: Obsoletes: CVE Names: CAN-2004-0226 CAN-2004-0231 CAN-2004-0232 - --------------------------------------------------------------------- 1. Topic: Updated mc packages that resolve several buffer overflow vulnerabilities, one format string vulnerability and several temporary file creation vulnerabilities are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: Midnight Commander (mc) is a visual shell much like a file manager. Several buffer overflows, several temporary file creation vulnerabilities, and one format string vulnerability have been discovered in Midnight Commander. These vulnerabilities were discovered mostly by Andrew V. Samoilov and Pavel Roskin. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0226, CAN-2004-0231, and CAN-2004-0232 to these issues. Users should upgrade to these updated packages, which contain a backported patch to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 118302 - One more buffer overflow in mc's vfs code 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mc-4.5.51-36.3.src.rpm i386: Available from Red Hat Network: gmc-4.5.51-36.3.i386.rpm Available from Red Hat Network: mc-4.5.51-36.3.i386.rpm Available from Red Hat Network: mcserv-4.5.51-36.3.i386.rpm ia64: Available from Red Hat Network: gmc-4.5.51-36.3.ia64.rpm Available from Red Hat Network: mc-4.5.51-36.3.ia64.rpm Available from Red Hat Network: mcserv-4.5.51-36.3.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mc-4.5.51-36.3.src.rpm ia64: Available from Red Hat Network: gmc-4.5.51-36.3.ia64.rpm Available from Red Hat Network: mc-4.5.51-36.3.ia64.rpm Available from Red Hat Network: mcserv-4.5.51-36.3.ia64.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mc-4.5.51-36.3.src.rpm i386: Available from Red Hat Network: gmc-4.5.51-36.3.i386.rpm Available from Red Hat Network: mc-4.5.51-36.3.i386.rpm Available from Red Hat Network: mcserv-4.5.51-36.3.i386.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- efb76ce0632282e986498da9686eadce gmc-4.5.51-36.3.i386.rpm 42b64c84297114f968f5514687805ff3 gmc-4.5.51-36.3.ia64.rpm 9b839e9a80d9b9dbc24817017abc8138 mc-4.5.51-36.3.i386.rpm d1edb24a25b05c019b58783c01f2f7b0 mc-4.5.51-36.3.ia64.rpm 69d7683f72d9ac712eb39cc63247a5d8 mc-4.5.51-36.3.src.rpm 009c85fb3ace26ad47a41d1361fa896c mcserv-4.5.51-36.3.i386.rpm 9b2c8414fca8ab771aa0d6c024cdc797 mcserv-4.5.51-36.3.ia64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0232 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAq7AUXlSAg2UNWIIRApWtAKCfU6Fqr1t3cbRyrThiwLHhuNlRTACfXqRV YN/9AsHc2ESMEphhVDyXzqQ= =oe2w -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 19 19:06:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 May 2004 15:06 -0400 Subject: [RHSA-2004:192-01] Updated rsync package fixes security issue Message-ID: <200405191906.i4JJ6Xl27303@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated rsync package fixes security issue Advisory ID: RHSA-2004:192-01 Issue date: 2004-05-19 Updated on: 2004-05-19 Product: Red Hat Enterprise Linux Keywords: Cross references: Obsoletes: CVE Names: CAN-2004-0426 - --------------------------------------------------------------------- 1. Topic: An updated rsync package that fixes a directory traversal security flaw is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Rsync is a program for synchronizing files over a network. Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot. This could allow a remote attacker to write files outside of the module's "path", depending on the privileges assigned to the rsync daemon. Users not running an rsync daemon, running a read-only daemon, or running a chrooted daemon are not affected by this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0426 to this issue. Users of Rsync are advised to upgrade to this updated package, which contains a backported patch and is not affected by this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 122511 - CAN-2004-0426 rsync directory traversal 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/rsync-2.5.7-3.21AS.src.rpm i386: Available from Red Hat Network: rsync-2.5.7-3.21AS.i386.rpm ia64: Available from Red Hat Network: rsync-2.5.7-3.21AS.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/rsync-2.5.7-3.21AS.src.rpm ia64: Available from Red Hat Network: rsync-2.5.7-3.21AS.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/rsync-2.5.7-3.21AS.src.rpm i386: Available from Red Hat Network: rsync-2.5.7-3.21AS.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/rsync-2.5.7-3.21AS.src.rpm i386: Available from Red Hat Network: rsync-2.5.7-3.21AS.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/rsync-2.5.7-4.3E.src.rpm i386: Available from Red Hat Network: rsync-2.5.7-4.3E.i386.rpm ia64: Available from Red Hat Network: rsync-2.5.7-4.3E.ia64.rpm ppc: Available from Red Hat Network: rsync-2.5.7-4.3E.ppc.rpm ppc64: Available from Red Hat Network: rsync-2.5.7-4.3E.ppc64.rpm s390: Available from Red Hat Network: rsync-2.5.7-4.3E.s390.rpm s390x: Available from Red Hat Network: rsync-2.5.7-4.3E.s390x.rpm x86_64: Available from Red Hat Network: rsync-2.5.7-4.3E.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/rsync-2.5.7-4.3E.src.rpm i386: Available from Red Hat Network: rsync-2.5.7-4.3E.i386.rpm x86_64: Available from Red Hat Network: rsync-2.5.7-4.3E.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/rsync-2.5.7-4.3E.src.rpm i386: Available from Red Hat Network: rsync-2.5.7-4.3E.i386.rpm ia64: Available from Red Hat Network: rsync-2.5.7-4.3E.ia64.rpm x86_64: Available from Red Hat Network: rsync-2.5.7-4.3E.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/rsync-2.5.7-4.3E.src.rpm i386: Available from Red Hat Network: rsync-2.5.7-4.3E.i386.rpm ia64: Available from Red Hat Network: rsync-2.5.7-4.3E.ia64.rpm x86_64: Available from Red Hat Network: rsync-2.5.7-4.3E.x86_64.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 69c9220a7ab293dc66719947b473ad0d rsync-2.5.7-3.21AS.i386.rpm 059dc7d8a303349f898148e4e5ef4826 rsync-2.5.7-3.21AS.ia64.rpm d9f2c380065d2a955692a55718389acc rsync-2.5.7-3.21AS.src.rpm 5b37885decb63432281be065a310fd16 rsync-2.5.7-4.3E.i386.rpm 4984db49bd8952f7df2ebbaabfecd149 rsync-2.5.7-4.3E.ia64.rpm d743b8e7802e483ee8e5c6caac433a75 rsync-2.5.7-4.3E.ppc.rpm 979cf75545dc19052c923fc2d0bbc95c rsync-2.5.7-4.3E.ppc64.rpm 7e18b29ace01d249de8d6f0c01497a3e rsync-2.5.7-4.3E.s390.rpm d7bbf3a64e50921b4aa1ff1caf4edd7c rsync-2.5.7-4.3E.s390x.rpm fad5f3be0a28681a13e7d7e933154e83 rsync-2.5.7-4.3E.src.rpm 7edbae651d76822953c19de699ca5343 rsync-2.5.7-4.3E.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://rsync.samba.org/#security_apr04 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0426 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD4DBQFAq7AwXlSAg2UNWIIRAouDAJdiuHvGe9xx2g4xzbKVRhDJpm1FAJ9Tg7G1 TzVd6mwDK+8lC+79meRYmA== =lxCM -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 19 20:32:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 May 2004 16:32 -0400 Subject: [RHSA-2004:180-01] Updated libpng packages fix crash Message-ID: <200405192032.i4JKWjl02556@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated libpng packages fix crash Advisory ID: RHSA-2004:180-01 Issue date: 2004-05-19 Updated on: 2004-05-19 Product: Red Hat Enterprise Linux Keywords: Cross references: Obsoletes: CVE Names: CAN-2004-0421 - --------------------------------------------------------------------- 1. Topic: Updated libpng packages that fix a out of bounds memory access are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. Steve Grubb discovered a out of bounds memory access flaw in libpng. An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash when opened by a victim. This issue may not be used to execute arbitrary code. Users are advised to upgrade to these updated packages that contain a backported security fix not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 121229 - libpng can access out of bounds memory 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libpng-1.0.14-0.7x.5.src.rpm i386: Available from Red Hat Network: libpng-1.0.14-0.7x.5.i386.rpm Available from Red Hat Network: libpng-devel-1.0.14-0.7x.5.i386.rpm ia64: Available from Red Hat Network: libpng-1.0.14-0.7x.5.ia64.rpm Available from Red Hat Network: libpng-devel-1.0.14-0.7x.5.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libpng-1.0.14-0.7x.5.src.rpm ia64: Available from Red Hat Network: libpng-1.0.14-0.7x.5.ia64.rpm Available from Red Hat Network: libpng-devel-1.0.14-0.7x.5.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libpng-1.0.14-0.7x.5.src.rpm i386: Available from Red Hat Network: libpng-1.0.14-0.7x.5.i386.rpm Available from Red Hat Network: libpng-devel-1.0.14-0.7x.5.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libpng-1.0.14-0.7x.5.src.rpm i386: Available from Red Hat Network: libpng-1.0.14-0.7x.5.i386.rpm Available from Red Hat Network: libpng-devel-1.0.14-0.7x.5.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libpng-1.2.2-21.src.rpm ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libpng10-1.0.13-12.src.rpm i386: Available from Red Hat Network: libpng-1.2.2-21.i386.rpm Available from Red Hat Network: libpng-devel-1.2.2-21.i386.rpm Available from Red Hat Network: libpng10-1.0.13-12.i386.rpm Available from Red Hat Network: libpng10-devel-1.0.13-12.i386.rpm ia64: Available from Red Hat Network: libpng-1.2.2-21.ia64.rpm Available from Red Hat Network: libpng-devel-1.2.2-21.ia64.rpm Available from Red Hat Network: libpng10-1.0.13-12.ia64.rpm Available from Red Hat Network: libpng10-devel-1.0.13-12.ia64.rpm ppc: Available from Red Hat Network: libpng-1.2.2-21.ppc.rpm Available from Red Hat Network: libpng-devel-1.2.2-21.ppc.rpm Available from Red Hat Network: libpng10-1.0.13-12.ppc.rpm Available from Red Hat Network: libpng10-devel-1.0.13-12.ppc.rpm ppc64: Available from Red Hat Network: libpng-1.2.2-21.ppc64.rpm Available from Red Hat Network: libpng-devel-1.2.2-21.ppc64.rpm s390: Available from Red Hat Network: libpng-1.2.2-21.s390.rpm Available from Red Hat Network: libpng-devel-1.2.2-21.s390.rpm Available from Red Hat Network: libpng10-1.0.13-12.s390.rpm Available from Red Hat Network: libpng10-devel-1.0.13-12.s390.rpm s390x: Available from Red Hat Network: libpng-1.2.2-21.s390x.rpm Available from Red Hat Network: libpng-1.2.2-21.s390.rpm Available from Red Hat Network: libpng-devel-1.2.2-21.s390x.rpm Available from Red Hat Network: libpng10-1.0.13-12.s390x.rpm Available from Red Hat Network: libpng10-devel-1.0.13-12.s390x.rpm x86_64: Available from Red Hat Network: libpng-1.2.2-21.x86_64.rpm Available from Red Hat Network: libpng-1.2.2-21.i386.rpm Available from Red Hat Network: libpng-devel-1.2.2-21.x86_64.rpm Available from Red Hat Network: libpng10-1.0.13-12.x86_64.rpm Available from Red Hat Network: libpng10-devel-1.0.13-12.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libpng-1.2.2-21.src.rpm ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libpng10-1.0.13-12.src.rpm i386: Available from Red Hat Network: libpng-1.2.2-21.i386.rpm Available from Red Hat Network: libpng-devel-1.2.2-21.i386.rpm Available from Red Hat Network: libpng10-1.0.13-12.i386.rpm Available from Red Hat Network: libpng10-devel-1.0.13-12.i386.rpm x86_64: Available from Red Hat Network: libpng-1.2.2-21.x86_64.rpm Available from Red Hat Network: libpng-1.2.2-21.i386.rpm Available from Red Hat Network: libpng-devel-1.2.2-21.x86_64.rpm Available from Red Hat Network: libpng10-1.0.13-12.x86_64.rpm Available from Red Hat Network: libpng10-devel-1.0.13-12.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libpng-1.2.2-21.src.rpm ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libpng10-1.0.13-12.src.rpm i386: Available from Red Hat Network: libpng-1.2.2-21.i386.rpm Available from Red Hat Network: libpng-devel-1.2.2-21.i386.rpm Available from Red Hat Network: libpng10-1.0.13-12.i386.rpm Available from Red Hat Network: libpng10-devel-1.0.13-12.i386.rpm ia64: Available from Red Hat Network: libpng-1.2.2-21.ia64.rpm Available from Red Hat Network: libpng-devel-1.2.2-21.ia64.rpm Available from Red Hat Network: libpng10-1.0.13-12.ia64.rpm Available from Red Hat Network: libpng10-devel-1.0.13-12.ia64.rpm x86_64: Available from Red Hat Network: libpng-1.2.2-21.x86_64.rpm Available from Red Hat Network: libpng-1.2.2-21.i386.rpm Available from Red Hat Network: libpng-devel-1.2.2-21.x86_64.rpm Available from Red Hat Network: libpng10-1.0.13-12.x86_64.rpm Available from Red Hat Network: libpng10-devel-1.0.13-12.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libpng-1.2.2-21.src.rpm ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libpng10-1.0.13-12.src.rpm i386: Available from Red Hat Network: libpng-1.2.2-21.i386.rpm Available from Red Hat Network: libpng-devel-1.2.2-21.i386.rpm Available from Red Hat Network: libpng10-1.0.13-12.i386.rpm Available from Red Hat Network: libpng10-devel-1.0.13-12.i386.rpm ia64: Available from Red Hat Network: libpng-1.2.2-21.ia64.rpm Available from Red Hat Network: libpng-devel-1.2.2-21.ia64.rpm Available from Red Hat Network: libpng10-1.0.13-12.ia64.rpm Available from Red Hat Network: libpng10-devel-1.0.13-12.ia64.rpm x86_64: Available from Red Hat Network: libpng-1.2.2-21.x86_64.rpm Available from Red Hat Network: libpng-1.2.2-21.i386.rpm Available from Red Hat Network: libpng-devel-1.2.2-21.x86_64.rpm Available from Red Hat Network: libpng10-1.0.13-12.x86_64.rpm Available from Red Hat Network: libpng10-devel-1.0.13-12.x86_64.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 897953ceeb05ab68c5be43666923eee1 libpng-1.0.14-0.7x.5.i386.rpm 638a74c33a643c85c44ca800c34c2f7b libpng-1.0.14-0.7x.5.ia64.rpm 1d35c1ac65f01160591f0d60cca2f321 libpng-1.0.14-0.7x.5.src.rpm 18194acdabb9acad8639775058da891d libpng-1.2.2-21.i386.rpm 4d5177ecaa91321284edca4a6137c72b libpng-1.2.2-21.ia64.rpm fa7ed696d67f9e95e9271a6f82eaa2a7 libpng-1.2.2-21.ppc.rpm ff4c6abd1403b070b110655bf37f16ee libpng-1.2.2-21.ppc64.rpm dcd3fcd9e7caaa4216e23458e1108f87 libpng-1.2.2-21.s390.rpm 55b5f90a5dad3c69360835f73c0eb4bc libpng-1.2.2-21.s390x.rpm a7af7b6b2bd951e48720369a16d73164 libpng-1.2.2-21.src.rpm a059b12263dcd3f7ffd5ecffd78efad5 libpng-1.2.2-21.x86_64.rpm 914d10cb0ca5f16e936920063e14559c libpng-devel-1.0.14-0.7x.5.i386.rpm 59f4af9d517daa997bc669389d8076d0 libpng-devel-1.0.14-0.7x.5.ia64.rpm ed1a944854b4ae31e984d5fd6253f8f6 libpng-devel-1.2.2-21.i386.rpm 25004c38f2e935d004eeaecd6da1e78c libpng-devel-1.2.2-21.ia64.rpm e98b4f626e938513496db87a22d0a874 libpng-devel-1.2.2-21.ppc.rpm 536339b9110eafe626833ef000630720 libpng-devel-1.2.2-21.ppc64.rpm 256c29c24fb5c38b5457b2d892c60e14 libpng-devel-1.2.2-21.s390.rpm a24c7b7fd082f4f0ccf62714c8469140 libpng-devel-1.2.2-21.s390x.rpm 1d55630e2bae3217527e90186f48f770 libpng-devel-1.2.2-21.x86_64.rpm c6bd33f12be1ea5209dbd073d5d11930 libpng10-1.0.13-12.i386.rpm a799756aa33397073e65099a6e256faf libpng10-1.0.13-12.ia64.rpm d86b8242b6a19fededbe546b1bfa6f21 libpng10-1.0.13-12.ppc.rpm c90b368cf7bb44aa8266edbc666e57af libpng10-1.0.13-12.s390.rpm e8bb29a8fece0a01ca3483334a4b9a78 libpng10-1.0.13-12.s390x.rpm 7fd1a18a7a6040de59fa94801cdfc4aa libpng10-1.0.13-12.src.rpm 84b289ad10369db0590a748bec11baab libpng10-1.0.13-12.x86_64.rpm 141ef17820d69a9bac9e9014b650a2e0 libpng10-devel-1.0.13-12.i386.rpm 1d3b8c43e1874270e13a1852e62462a6 libpng10-devel-1.0.13-12.ia64.rpm e183cc26b8cbaaa78500fb6c39dc5ad5 libpng10-devel-1.0.13-12.ppc.rpm 021581bb52d163c79fdd7c88fea38946 libpng10-devel-1.0.13-12.s390.rpm cc33a93e86c9946c9c536f7fb287d4aa libpng10-devel-1.0.13-12.s390x.rpm 742e50f2a46bad06225a4e1f00c08376 libpng10-devel-1.0.13-12.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAq8RiXlSAg2UNWIIRAmRDAJsEuHGJB3bKQK62idonZlnXDcgpAgCgmNEl YQ5TspqF54dgKgQEb/9WkiE= =J/Js -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 26 07:46:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 May 2004 03:46 -0400 Subject: [RHSA-2004:174-01] Updated utempter package fixes vulnerability Message-ID: <200405260746.i4Q7kpl26390@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated utempter package fixes vulnerability Advisory ID: RHSA-2004:174-01 Issue date: 2004-05-26 Updated on: 2004-05-26 Product: Red Hat Enterprise Linux Keywords: Cross references: Obsoletes: CVE Names: CAN-2004-0233 - --------------------------------------------------------------------- 1. Topic: An updated utempter package that fixes a potential symlink vulnerability is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Utempter is a utility that allows terminal applications such as xterm and screen to update utmp and wtmp without requiring root privileges. Steve Grubb discovered a flaw in Utempter which allowed device names containing directory traversal sequences such as '/../'. In combination with an application that trusts the utmp or wtmp files, this could allow a local attacker the ability to overwrite privileged files using a symlink. Users should upgrade to this new version of utempter, which fixes this vulnerability. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 121332 - CAN-2004-0233 utempter directory traversal symlink attack 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/utempter-0.5.5-1.2.1EL.0.src.rpm i386: Available from Red Hat Network: utempter-0.5.5-1.2.1EL.0.i386.rpm ia64: Available from Red Hat Network: utempter-0.5.5-1.2.1EL.0.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/utempter-0.5.5-1.2.1EL.0.src.rpm ia64: Available from Red Hat Network: utempter-0.5.5-1.2.1EL.0.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/utempter-0.5.5-1.2.1EL.0.src.rpm i386: Available from Red Hat Network: utempter-0.5.5-1.2.1EL.0.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/utempter-0.5.5-1.2.1EL.0.src.rpm i386: Available from Red Hat Network: utempter-0.5.5-1.2.1EL.0.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/utempter-0.5.5-1.3EL.0.src.rpm i386: Available from Red Hat Network: utempter-0.5.5-1.3EL.0.i386.rpm ia64: Available from Red Hat Network: utempter-0.5.5-1.3EL.0.ia64.rpm ppc: Available from Red Hat Network: utempter-0.5.5-1.3EL.0.ppc.rpm s390: Available from Red Hat Network: utempter-0.5.5-1.3EL.0.s390.rpm s390x: Available from Red Hat Network: utempter-0.5.5-1.3EL.0.s390x.rpm x86_64: Available from Red Hat Network: utempter-0.5.5-1.3EL.0.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/utempter-0.5.5-1.3EL.0.src.rpm i386: Available from Red Hat Network: utempter-0.5.5-1.3EL.0.i386.rpm x86_64: Available from Red Hat Network: utempter-0.5.5-1.3EL.0.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/utempter-0.5.5-1.3EL.0.src.rpm i386: Available from Red Hat Network: utempter-0.5.5-1.3EL.0.i386.rpm ia64: Available from Red Hat Network: utempter-0.5.5-1.3EL.0.ia64.rpm x86_64: Available from Red Hat Network: utempter-0.5.5-1.3EL.0.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/utempter-0.5.5-1.3EL.0.src.rpm i386: Available from Red Hat Network: utempter-0.5.5-1.3EL.0.i386.rpm ia64: Available from Red Hat Network: utempter-0.5.5-1.3EL.0.ia64.rpm x86_64: Available from Red Hat Network: utempter-0.5.5-1.3EL.0.x86_64.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 417fb9a00960adc60d2480e76a1432e9 utempter-0.5.5-1.2.1EL.0.i386.rpm 36023598fdb8c619e3a7ddf3071eeda8 utempter-0.5.5-1.2.1EL.0.ia64.rpm bfcd383f81642909da3b591dc501ea26 utempter-0.5.5-1.2.1EL.0.src.rpm 437cbd0cf70f4c106d8769022818046e utempter-0.5.5-1.3EL.0.i386.rpm 78a2997b4bfa09e8797aa8168db5ee99 utempter-0.5.5-1.3EL.0.ia64.rpm fa912c642528d6d1785245c0bed610a3 utempter-0.5.5-1.3EL.0.ppc.rpm d6bd211838e75ae01eed0ad10f638fae utempter-0.5.5-1.3EL.0.s390.rpm 95518a64083b9610d6d13d01991296cf utempter-0.5.5-1.3EL.0.s390x.rpm bb78ec4f0201e337eca2a0da85d5aa3d utempter-0.5.5-1.3EL.0.src.rpm 39e382c6a8e6a1ec5e05c5ba9bad4ee8 utempter-0.5.5-1.3EL.0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0233 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAtEtbXlSAg2UNWIIRAghJAJ47f2sDXgkQQrHcoJXgFD9XYYY7BwCgsj+1 4Q3rnPMsUkf5LRZfUNERRyA= =mmH5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 26 07:47:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 May 2004 03:47 -0400 Subject: [RHSA-2004:178-01] An updated LHA package fixes security vulnerabilities Message-ID: <200405260747.i4Q7lMl26417@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: An updated LHA package fixes security vulnerabilities Advisory ID: RHSA-2004:178-01 Issue date: 2004-05-26 Updated on: 2004-05-26 Product: Red Hat Enterprise Linux Keywords: Cross references: Obsoletes: CVE Names: CAN-2004-0234 CAN-2004-0235 - --------------------------------------------------------------------- 1. Topic: An updated LHA package that fixes several security vulnerabilities is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: LHA is an archiving and compression utility for LHarc format archives. Ulf Harnhammar discovered two stack buffer overflows and two directory traversal flaws in LHA. An attacker could exploit the buffer overflows by creating a carefully crafted LHA archive in such a way that arbitrary code would be executed when the archive is tested or extracted by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0234 to this issue. An attacker could exploit the directory traversal issues to create files as the victim outside of the expected directory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0235 to this issue. Users of LHA should update to this updated package which contains backported patches not vulnerable to these issues. Red Hat would like to thank Ulf Harnhammar for disclosing and providing test cases and patches for these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 121417 - CAN-2004-0234/0235 lha security flaws 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/lha-1.00-17.2.src.rpm i386: Available from Red Hat Network: lha-1.00-17.2.i386.rpm ia64: Available from Red Hat Network: lha-1.00-17.2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/lha-1.00-17.2.src.rpm ia64: Available from Red Hat Network: lha-1.00-17.2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/lha-1.00-17.2.src.rpm i386: Available from Red Hat Network: lha-1.00-17.2.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/lha-1.00-17.2.src.rpm i386: Available from Red Hat Network: lha-1.00-17.2.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/lha-1.14i-10.2.src.rpm i386: Available from Red Hat Network: lha-1.14i-10.2.i386.rpm ia64: Available from Red Hat Network: lha-1.14i-10.2.ia64.rpm ppc: Available from Red Hat Network: lha-1.14i-10.2.ppc.rpm ppc64: Available from Red Hat Network: lha-1.14i-10.2.ppc64.rpm s390: Available from Red Hat Network: lha-1.14i-10.2.s390.rpm s390x: Available from Red Hat Network: lha-1.14i-10.2.s390x.rpm x86_64: Available from Red Hat Network: lha-1.14i-10.2.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/lha-1.14i-10.2.src.rpm i386: Available from Red Hat Network: lha-1.14i-10.2.i386.rpm x86_64: Available from Red Hat Network: lha-1.14i-10.2.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/lha-1.14i-10.2.src.rpm i386: Available from Red Hat Network: lha-1.14i-10.2.i386.rpm ia64: Available from Red Hat Network: lha-1.14i-10.2.ia64.rpm x86_64: Available from Red Hat Network: lha-1.14i-10.2.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/lha-1.14i-10.2.src.rpm i386: Available from Red Hat Network: lha-1.14i-10.2.i386.rpm ia64: Available from Red Hat Network: lha-1.14i-10.2.ia64.rpm x86_64: Available from Red Hat Network: lha-1.14i-10.2.x86_64.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 0ceb31025cbcdaa4d18fe56532c70048 lha-1.00-17.2.i386.rpm 01f2796799bd5d4d1caf83f69acc012f lha-1.00-17.2.ia64.rpm a9e3903dc77b14197d961cf6167d3b8f lha-1.00-17.2.src.rpm 5f50a72ea59153b1adfb32adb35ebeff lha-1.14i-10.2.i386.rpm e56b64c3b595c376ccd0360725c733f4 lha-1.14i-10.2.ia64.rpm 3f3e7b671e9cbe6602bbda606b64748f lha-1.14i-10.2.ppc.rpm 5b6fb642e72961cf719ff3066ea2a1f8 lha-1.14i-10.2.ppc64.rpm adccbb999af2fc786263f3a8353d3d33 lha-1.14i-10.2.s390.rpm 0b06a80cc7ced8b7c5bdfc6dac829d3f lha-1.14i-10.2.s390x.rpm 520561de0d3739bcadafc1a0184321fa lha-1.14i-10.2.src.rpm 449ad0dc6d72b287a6d1017fb2858073 lha-1.14i-10.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0235 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAtEuBXlSAg2UNWIIRAq6mAKCi6uQ6WvwmONBy6XzjP5Min8RFTgCgnmCd ROpDvPe7+lIM0U2ZMvTZw8Q= =xidd -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed May 26 07:49:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 May 2004 03:49 -0400 Subject: [RHSA-2004:219-01] Updated tcpdump packages fix various vulnerabilities Message-ID: <200405260749.i4Q7nAl26446@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated tcpdump packages fix various vulnerabilities Advisory ID: RHSA-2004:219-01 Issue date: 2004-05-26 Updated on: 2004-05-26 Product: Red Hat Enterprise Linux Keywords: tcpdump buffer overflow libpcap arpwatch Cross references: Obsoletes: RHSA-2004:008-09 CVE Names: CAN-2004-0183 CAN-2004-0184 - --------------------------------------------------------------------- 1. Topic: Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in ISAKMP parsing. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Tcpdump is a command-line tool for monitoring network traffic. Tcpdump v3.8.1 and earlier versions contained multiple flaws in the packet display functions for the ISAKMP protocol. Upon receiving specially crafted ISAKMP packets, TCPDUMP would try to read beyond the end of the packet capture buffer and subsequently crash. Users of tcpdump are advised to upgrade to these erratum packages, which contain backported security patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 123030 - CAN-2004-0183/0184 tcpdump ISAKMP crash 120022 - CAN-2004-0183/0184 tcpdump ISAKMP crash 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/tcpdump-3.6.2-12.2.1AS.6.src.rpm i386: Available from Red Hat Network: arpwatch-2.1a11-12.2.1AS.6.i386.rpm Available from Red Hat Network: libpcap-0.6.2-12.2.1AS.6.i386.rpm Available from Red Hat Network: tcpdump-3.6.2-12.2.1AS.6.i386.rpm ia64: Available from Red Hat Network: arpwatch-2.1a11-12.2.1AS.6.ia64.rpm Available from Red Hat Network: libpcap-0.6.2-12.2.1AS.6.ia64.rpm Available from Red Hat Network: tcpdump-3.6.2-12.2.1AS.6.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/tcpdump-3.6.2-12.2.1AS.6.src.rpm ia64: Available from Red Hat Network: arpwatch-2.1a11-12.2.1AS.6.ia64.rpm Available from Red Hat Network: libpcap-0.6.2-12.2.1AS.6.ia64.rpm Available from Red Hat Network: tcpdump-3.6.2-12.2.1AS.6.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/tcpdump-3.6.2-12.2.1AS.6.src.rpm i386: Available from Red Hat Network: arpwatch-2.1a11-12.2.1AS.6.i386.rpm Available from Red Hat Network: libpcap-0.6.2-12.2.1AS.6.i386.rpm Available from Red Hat Network: tcpdump-3.6.2-12.2.1AS.6.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/tcpdump-3.6.2-12.2.1AS.6.src.rpm i386: Available from Red Hat Network: arpwatch-2.1a11-12.2.1AS.6.i386.rpm Available from Red Hat Network: libpcap-0.6.2-12.2.1AS.6.i386.rpm Available from Red Hat Network: tcpdump-3.6.2-12.2.1AS.6.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/tcpdump-3.7.2-7.E3.2.src.rpm i386: Available from Red Hat Network: libpcap-0.7.2-7.E3.2.i386.rpm Available from Red Hat Network: tcpdump-3.7.2-7.E3.2.i386.rpm ia64: Available from Red Hat Network: libpcap-0.7.2-7.E3.2.ia64.rpm Available from Red Hat Network: tcpdump-3.7.2-7.E3.2.ia64.rpm ppc: Available from Red Hat Network: libpcap-0.7.2-7.E3.2.ppc.rpm Available from Red Hat Network: tcpdump-3.7.2-7.E3.2.ppc.rpm ppc64: Available from Red Hat Network: libpcap-0.7.2-7.E3.2.ppc64.rpm Available from Red Hat Network: tcpdump-3.7.2-7.E3.2.ppc64.rpm s390: Available from Red Hat Network: libpcap-0.7.2-7.E3.2.s390.rpm Available from Red Hat Network: tcpdump-3.7.2-7.E3.2.s390.rpm s390x: Available from Red Hat Network: libpcap-0.7.2-7.E3.2.s390x.rpm Available from Red Hat Network: tcpdump-3.7.2-7.E3.2.s390x.rpm x86_64: Available from Red Hat Network: libpcap-0.7.2-7.E3.2.x86_64.rpm Available from Red Hat Network: tcpdump-3.7.2-7.E3.2.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/tcpdump-3.7.2-7.E3.2.src.rpm i386: Available from Red Hat Network: libpcap-0.7.2-7.E3.2.i386.rpm Available from Red Hat Network: tcpdump-3.7.2-7.E3.2.i386.rpm x86_64: Available from Red Hat Network: libpcap-0.7.2-7.E3.2.x86_64.rpm Available from Red Hat Network: tcpdump-3.7.2-7.E3.2.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/tcpdump-3.7.2-7.E3.2.src.rpm i386: Available from Red Hat Network: libpcap-0.7.2-7.E3.2.i386.rpm Available from Red Hat Network: tcpdump-3.7.2-7.E3.2.i386.rpm ia64: Available from Red Hat Network: libpcap-0.7.2-7.E3.2.ia64.rpm Available from Red Hat Network: tcpdump-3.7.2-7.E3.2.ia64.rpm x86_64: Available from Red Hat Network: libpcap-0.7.2-7.E3.2.x86_64.rpm Available from Red Hat Network: tcpdump-3.7.2-7.E3.2.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/tcpdump-3.7.2-7.E3.2.src.rpm i386: Available from Red Hat Network: libpcap-0.7.2-7.E3.2.i386.rpm Available from Red Hat Network: tcpdump-3.7.2-7.E3.2.i386.rpm ia64: Available from Red Hat Network: libpcap-0.7.2-7.E3.2.ia64.rpm Available from Red Hat Network: tcpdump-3.7.2-7.E3.2.ia64.rpm x86_64: Available from Red Hat Network: libpcap-0.7.2-7.E3.2.x86_64.rpm Available from Red Hat Network: tcpdump-3.7.2-7.E3.2.x86_64.rpm 7. Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 39785de17ac747a95d75c3856ce10a8f arpwatch-2.1a11-12.2.1AS.6.i386.rpm 6251264976756412d80f74041e5c277a arpwatch-2.1a11-12.2.1AS.6.ia64.rpm 2d79602baa89bd6070541e7ac0fb3ea8 libpcap-0.6.2-12.2.1AS.6.i386.rpm d86bb232ba584afe8a55f02d7e789d93 libpcap-0.6.2-12.2.1AS.6.ia64.rpm d463f8099c444830358bf8f6b8f57be3 libpcap-0.7.2-7.E3.2.i386.rpm 4c6ddd5421cc23a43735e014e54be67e libpcap-0.7.2-7.E3.2.ia64.rpm cfb803a434669955505e83d759865c1b libpcap-0.7.2-7.E3.2.ppc.rpm 4c931b56f4eedea44f2e01603842bcff libpcap-0.7.2-7.E3.2.ppc64.rpm 5b0085309d79b6dc81373b1a8d028699 libpcap-0.7.2-7.E3.2.s390.rpm 690139912f28e6c5db35115389bab7fe libpcap-0.7.2-7.E3.2.s390x.rpm a47644862b993c272d73d5982b6a0f72 libpcap-0.7.2-7.E3.2.x86_64.rpm 8c592a8b97f599bf12c7bc0335422107 tcpdump-3.6.2-12.2.1AS.6.i386.rpm 2bbc2c761f382bba8d8693b131239541 tcpdump-3.6.2-12.2.1AS.6.ia64.rpm 06099571cae2217649509843c705a153 tcpdump-3.6.2-12.2.1AS.6.src.rpm 1b6524ff06794b8aed95acfea00ebfa7 tcpdump-3.7.2-7.E3.2.i386.rpm 34fbc4a48e7f7f3471aa9ed82706e20f tcpdump-3.7.2-7.E3.2.ia64.rpm 011624c4af4fc835ff0d5c06c729eaa2 tcpdump-3.7.2-7.E3.2.ppc.rpm 0217bb2ee74895ffb00be005126935e3 tcpdump-3.7.2-7.E3.2.ppc64.rpm cca41d020017136662ac065eb9720987 tcpdump-3.7.2-7.E3.2.s390.rpm 0615c37cea73f9f060fa45ae6a32f93e tcpdump-3.7.2-7.E3.2.s390x.rpm 8245acfffe0d89c4381885f71e0ece3f tcpdump-3.7.2-7.E3.2.src.rpm b6694e17a21f612abf6e7d8e94dd50fe tcpdump-3.7.2-7.E3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://www.redhat.com/security/team/key.html You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0183 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0184 http://marc.theaimsgroup.com/?l=bugtraq&m=108067265931525&w=2 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0183 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0184 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAtEvxXlSAg2UNWIIRAhrZAKDDyL9C0OKSwrpKuHinOwh6Z64bCwCdGgIQ XCvKkGdApEM+A0Kuv0LcznM= =KNbv -----END PGP SIGNATURE-----