From bugzilla at redhat.com Mon Oct 4 15:40:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 4 Oct 2004 11:40 -0400 Subject: [RHSA-2004:412-01] Updated kdelibs and kdebase packages correct security issues Message-ID: <200410041540.i94Fena23133@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated kdelibs and kdebase packages correct security issues Advisory ID: RHSA-2004:412-01 Issue date: 2004-10-04 Updated on: 2004-10-04 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-0689 CAN-2004-0746 CAN-2004-0721 - --------------------------------------------------------------------- 1. Summary: Updated kdelib and kdebase packages that resolve multiple security issues are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The kdelibs packages include libraries for the K Desktop Environment. The kdebase packages include core applications for the K Desktop Environment. Andrew Tuitt reported that versions of KDE up to and including 3.2.3 create temporary directories with predictable names. A local attacker could prevent KDE applications from functioning correctly, or overwrite files owned by other users by creating malicious symlinks. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0689 to this issue. WESTPOINT internet reconnaissance services has discovered that the KDE web browser Konqueror allows websites to set cookies for certain country specific secondary top level domains. An attacker within one of the affected domains could construct a cookie which would be sent to all other websites within the domain leading to a session fixation attack. This issue does not affect popular domains such as .co.uk, .co.in, or .com. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0721 to this issue. A frame injection spoofing vulnerability has been discovered in the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a named frame of a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0746 to this issue. All users of KDE are advised to upgrade to these erratum packages, which contain backported patches from the KDE team for these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 128693 - CAN-2004-0689 Predictable temporary filenames 128462 - CAN-2004-0721 Konqueror frame injection spoofing 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kdelibs-2.2.2-13.src.rpm 34cd7c8777facff45a8e5eeed312b3b4 kdelibs-2.2.2-13.src.rpm i386: 2b9a999a24dd42549fac4e39790b8c17 arts-2.2.2-13.i386.rpm d6aebf57668023cb684b81236c32ce71 kdelibs-2.2.2-13.i386.rpm 20114a97ed08c90c3ecd41d1b462b6bf kdelibs-devel-2.2.2-13.i386.rpm 5ca2b715621e0cdec5e3cfc647739d3f kdelibs-sound-2.2.2-13.i386.rpm 65522ae63db9a60ec3b021099fa267ed kdelibs-sound-devel-2.2.2-13.i386.rpm ia64: 198791b6c87c082383e8824f744a8c41 arts-2.2.2-13.ia64.rpm f0c10dff06590e9b3d4470a4f8b1f624 kdelibs-2.2.2-13.ia64.rpm f8c9cebea143dcf5450cd8ca0105d724 kdelibs-devel-2.2.2-13.ia64.rpm e2218bf3c2da78612dcaf84775f2b940 kdelibs-sound-2.2.2-13.ia64.rpm 2172bffd9baeb6ba3919c9510a8f8c61 kdelibs-sound-devel-2.2.2-13.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdebase-2.2.2-12.src.rpm 1b2d27e8c9b4fbcc6f14b8b5d8f211de kdebase-2.2.2-12.src.rpm ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdelibs-2.2.2-13.src.rpm 34cd7c8777facff45a8e5eeed312b3b4 kdelibs-2.2.2-13.src.rpm ia64: 198791b6c87c082383e8824f744a8c41 arts-2.2.2-13.ia64.rpm 95e7fac336a7858e13eb38f47ae5f135 kdebase-2.2.2-12.ia64.rpm 36592e521a13904f8c4c0f5341d39f95 kdebase-devel-2.2.2-12.ia64.rpm f0c10dff06590e9b3d4470a4f8b1f624 kdelibs-2.2.2-13.ia64.rpm f8c9cebea143dcf5450cd8ca0105d724 kdelibs-devel-2.2.2-13.ia64.rpm e2218bf3c2da78612dcaf84775f2b940 kdelibs-sound-2.2.2-13.ia64.rpm 2172bffd9baeb6ba3919c9510a8f8c61 kdelibs-sound-devel-2.2.2-13.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdebase-2.2.2-12.src.rpm 1b2d27e8c9b4fbcc6f14b8b5d8f211de kdebase-2.2.2-12.src.rpm ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdelibs-2.2.2-13.src.rpm 34cd7c8777facff45a8e5eeed312b3b4 kdelibs-2.2.2-13.src.rpm i386: 2b9a999a24dd42549fac4e39790b8c17 arts-2.2.2-13.i386.rpm 2e4e89ab276d4783fca6effbb86abd45 kdebase-2.2.2-12.i386.rpm 3b7bdc19f63b066f030b02de2fd36fe6 kdebase-devel-2.2.2-12.i386.rpm d6aebf57668023cb684b81236c32ce71 kdelibs-2.2.2-13.i386.rpm 20114a97ed08c90c3ecd41d1b462b6bf kdelibs-devel-2.2.2-13.i386.rpm 5ca2b715621e0cdec5e3cfc647739d3f kdelibs-sound-2.2.2-13.i386.rpm 65522ae63db9a60ec3b021099fa267ed kdelibs-sound-devel-2.2.2-13.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdebase-2.2.2-12.src.rpm 1b2d27e8c9b4fbcc6f14b8b5d8f211de kdebase-2.2.2-12.src.rpm ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdelibs-2.2.2-13.src.rpm 34cd7c8777facff45a8e5eeed312b3b4 kdelibs-2.2.2-13.src.rpm i386: 2b9a999a24dd42549fac4e39790b8c17 arts-2.2.2-13.i386.rpm 2e4e89ab276d4783fca6effbb86abd45 kdebase-2.2.2-12.i386.rpm 3b7bdc19f63b066f030b02de2fd36fe6 kdebase-devel-2.2.2-12.i386.rpm d6aebf57668023cb684b81236c32ce71 kdelibs-2.2.2-13.i386.rpm 20114a97ed08c90c3ecd41d1b462b6bf kdelibs-devel-2.2.2-13.i386.rpm 5ca2b715621e0cdec5e3cfc647739d3f kdelibs-sound-2.2.2-13.i386.rpm 65522ae63db9a60ec3b021099fa267ed kdelibs-sound-devel-2.2.2-13.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kdebase-3.1.3-5.4.src.rpm e4d4e63c66ce9c682c85dc250e1e679d kdebase-3.1.3-5.4.src.rpm ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kdelibs-3.1.3-6.6.src.rpm 135f069e313d3cbf6483e08711958ee3 kdelibs-3.1.3-6.6.src.rpm i386: 6d952551a98d11f296032defd42392bc kdebase-3.1.3-5.4.i386.rpm 2693da75dd6670f631dab884775881cc kdebase-devel-3.1.3-5.4.i386.rpm 266c7d206975aaaeddf4a611674e866e kdelibs-3.1.3-6.6.i386.rpm bafda78112a389994916b0b0ced83ee2 kdelibs-devel-3.1.3-6.6.i386.rpm ia64: 841744faecd1ee54f3790a123395e999 kdebase-3.1.3-5.4.ia64.rpm ad4280e59a322ebda1801b5624a6bd2a kdebase-devel-3.1.3-5.4.ia64.rpm f939dede59e2b87af5f8d32fb41bd7f2 kdelibs-3.1.3-6.6.ia64.rpm 0ea7d0872f7b9aaec7343fab3214791e kdelibs-devel-3.1.3-6.6.ia64.rpm ppc: e658798e8a2b5b7e1c63261f4e401a0c kdebase-3.1.3-5.4.ppc.rpm 9fe876d61e6cbee4450eb1790d666b88 kdebase-devel-3.1.3-5.4.ppc.rpm 478bbcde19aa9dfd6047d775b9b3fd97 kdelibs-3.1.3-6.6.ppc.rpm d74c96bbdc599a943a0d73015487f1de kdelibs-devel-3.1.3-6.6.ppc.rpm s390: 62c50a1e7fa5950240cb2df7821a2cc1 kdebase-3.1.3-5.4.s390.rpm 6c19f7ec956aa49f2f5a2d425bd93da1 kdebase-devel-3.1.3-5.4.s390.rpm c41cb46b8353ab23344901df9eb7d813 kdelibs-3.1.3-6.6.s390.rpm e0fd226e4c616aa6f661184f837cbf26 kdelibs-devel-3.1.3-6.6.s390.rpm s390x: 59899ed9813ae1b6f23756f600322a86 kdebase-3.1.3-5.4.s390x.rpm 075a689d597dc89b3afea95cb16c7c69 kdebase-devel-3.1.3-5.4.s390x.rpm 759d0d56fb3837b3bbca0bf74c6edd9a kdelibs-3.1.3-6.6.s390x.rpm 8b26c56fcaa2bfa353a23ed80cf0de87 kdelibs-devel-3.1.3-6.6.s390x.rpm x86_64: 272944753852fad10e47b9aad38af42a kdebase-3.1.3-5.4.x86_64.rpm a9473976663eeecc906887e1c2dcfcb8 kdebase-devel-3.1.3-5.4.x86_64.rpm 57fb61c68d0aeca7b998d36cd6597541 kdelibs-3.1.3-6.6.x86_64.rpm 1b75fa2f076385cd5d9f0d977a921c03 kdelibs-devel-3.1.3-6.6.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kdebase-3.1.3-5.4.src.rpm e4d4e63c66ce9c682c85dc250e1e679d kdebase-3.1.3-5.4.src.rpm ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kdelibs-3.1.3-6.6.src.rpm 135f069e313d3cbf6483e08711958ee3 kdelibs-3.1.3-6.6.src.rpm i386: 6d952551a98d11f296032defd42392bc kdebase-3.1.3-5.4.i386.rpm 2693da75dd6670f631dab884775881cc kdebase-devel-3.1.3-5.4.i386.rpm 266c7d206975aaaeddf4a611674e866e kdelibs-3.1.3-6.6.i386.rpm bafda78112a389994916b0b0ced83ee2 kdelibs-devel-3.1.3-6.6.i386.rpm x86_64: 272944753852fad10e47b9aad38af42a kdebase-3.1.3-5.4.x86_64.rpm a9473976663eeecc906887e1c2dcfcb8 kdebase-devel-3.1.3-5.4.x86_64.rpm 57fb61c68d0aeca7b998d36cd6597541 kdelibs-3.1.3-6.6.x86_64.rpm 1b75fa2f076385cd5d9f0d977a921c03 kdelibs-devel-3.1.3-6.6.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kdebase-3.1.3-5.4.src.rpm e4d4e63c66ce9c682c85dc250e1e679d kdebase-3.1.3-5.4.src.rpm ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kdelibs-3.1.3-6.6.src.rpm 135f069e313d3cbf6483e08711958ee3 kdelibs-3.1.3-6.6.src.rpm i386: 6d952551a98d11f296032defd42392bc kdebase-3.1.3-5.4.i386.rpm 2693da75dd6670f631dab884775881cc kdebase-devel-3.1.3-5.4.i386.rpm 266c7d206975aaaeddf4a611674e866e kdelibs-3.1.3-6.6.i386.rpm bafda78112a389994916b0b0ced83ee2 kdelibs-devel-3.1.3-6.6.i386.rpm ia64: 841744faecd1ee54f3790a123395e999 kdebase-3.1.3-5.4.ia64.rpm ad4280e59a322ebda1801b5624a6bd2a kdebase-devel-3.1.3-5.4.ia64.rpm f939dede59e2b87af5f8d32fb41bd7f2 kdelibs-3.1.3-6.6.ia64.rpm 0ea7d0872f7b9aaec7343fab3214791e kdelibs-devel-3.1.3-6.6.ia64.rpm x86_64: 272944753852fad10e47b9aad38af42a kdebase-3.1.3-5.4.x86_64.rpm a9473976663eeecc906887e1c2dcfcb8 kdebase-devel-3.1.3-5.4.x86_64.rpm 57fb61c68d0aeca7b998d36cd6597541 kdelibs-3.1.3-6.6.x86_64.rpm 1b75fa2f076385cd5d9f0d977a921c03 kdelibs-devel-3.1.3-6.6.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kdebase-3.1.3-5.4.src.rpm e4d4e63c66ce9c682c85dc250e1e679d kdebase-3.1.3-5.4.src.rpm ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kdelibs-3.1.3-6.6.src.rpm 135f069e313d3cbf6483e08711958ee3 kdelibs-3.1.3-6.6.src.rpm i386: 6d952551a98d11f296032defd42392bc kdebase-3.1.3-5.4.i386.rpm 2693da75dd6670f631dab884775881cc kdebase-devel-3.1.3-5.4.i386.rpm 266c7d206975aaaeddf4a611674e866e kdelibs-3.1.3-6.6.i386.rpm bafda78112a389994916b0b0ced83ee2 kdelibs-devel-3.1.3-6.6.i386.rpm ia64: 841744faecd1ee54f3790a123395e999 kdebase-3.1.3-5.4.ia64.rpm ad4280e59a322ebda1801b5624a6bd2a kdebase-devel-3.1.3-5.4.ia64.rpm f939dede59e2b87af5f8d32fb41bd7f2 kdelibs-3.1.3-6.6.ia64.rpm 0ea7d0872f7b9aaec7343fab3214791e kdelibs-devel-3.1.3-6.6.ia64.rpm x86_64: 272944753852fad10e47b9aad38af42a kdebase-3.1.3-5.4.x86_64.rpm a9473976663eeecc906887e1c2dcfcb8 kdebase-devel-3.1.3-5.4.x86_64.rpm 57fb61c68d0aeca7b998d36cd6597541 kdelibs-3.1.3-6.6.x86_64.rpm 1b75fa2f076385cd5d9f0d977a921c03 kdelibs-devel-3.1.3-6.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 7. References: http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBYW78XlSAg2UNWIIRAkkiAJ9iuKmNQs5GZQ7+wfwucIs3wNQSYgCgmYal 4Boz0IrYVs6TlcZnARA+tvg= =5kp7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 4 16:00:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 4 Oct 2004 12:00 -0400 Subject: [RHSA-2004:478-01] Updated XFree86 packages fix security issues and bugs Message-ID: <200410041600.i94G03a24265@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated XFree86 packages fix security issues and bugs Advisory ID: RHSA-2004:478-01 Issue date: 2004-10-04 Updated on: 2004-10-04 Product: Red Hat Enterprise Linux Obsoletes: RHEA-2004:352 CVE Names: CAN-2004-0419 CAN-2004-0687 CAN-2004-0688 CAN-2004-0692 - --------------------------------------------------------------------- 1. Summary: Updated XFree86 packages that fix several security flaws in libXpm, as well as other bugs, are now available for Red Hat Enterprise Linux 3. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. During a source code audit, Chris Evans discovered several stack overflow flaws and an integer overflow flaw in the X.Org libXpm library used to decode XPM (X PixMap) images. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0687, CAN-2004-0688, and CAN-2004-0692 to these issues. A flaw was found in the X Display Manager (XDM). XDM is shipped with Red Hat Enterprise Linux, but is not used by default. XDM opened a chooserFd TCP socket even if the DisplayManager.requestPort parameter was set to 0. This allowed authorized users to access a machine remotely via X, even if the administrator had configured XDM to refuse such connections. Although XFree86 4.3.0 was not vulnerable to this issue, Red Hat Enterprise Linux 3 contained a backported patch which introduced this flaw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0419 to this issue. Users are advised to upgrade to these erratum packages, which contain backported security patches to correct these and a number of other issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 124901 - CAN-2004-0419 xdm opens random tcp sockets 126205 - xdm walks physical memory 129744 - Radeon driver (7000m) TVDAC output too high for DELL Server 131121 - CAN-2004-0687/8 libXpm stack and integer overflows. 132121 - archexec script not in XFree86-devel package 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/XFree86-4.3.0-69.EL.src.rpm 09edd7c98f9f6b268d305d9bd7d0bacf XFree86-4.3.0-69.EL.src.rpm i386: e0b1f1c71202d1589b32e1bcf67bd7e1 XFree86-100dpi-fonts-4.3.0-69.EL.i386.rpm 6fd9f5bf116981b29c0c13040c3c0003 XFree86-4.3.0-69.EL.i386.rpm 1878c8f581c4f107efeeaad6eb502fa0 XFree86-75dpi-fonts-4.3.0-69.EL.i386.rpm e63544d39bf56978f10371ee6ce8a119 XFree86-ISO8859-14-100dpi-fonts-4.3.0-69.EL.i386.rpm df932cede62ba892f20d878107128b6d XFree86-ISO8859-14-75dpi-fonts-4.3.0-69.EL.i386.rpm 9e9a9dac8c6ca47029d9e2ea2f17d998 XFree86-ISO8859-15-100dpi-fonts-4.3.0-69.EL.i386.rpm 56c2bb1ba364dbd0c4c3de0e5990a5f6 XFree86-ISO8859-15-75dpi-fonts-4.3.0-69.EL.i386.rpm 8b4612be6c0ee7761a9e77ff0681cb5a XFree86-ISO8859-2-100dpi-fonts-4.3.0-69.EL.i386.rpm 76361c447ecf5565d40816817a827b63 XFree86-ISO8859-2-75dpi-fonts-4.3.0-69.EL.i386.rpm 58d44c4274130ebd0749fe9c1d5c60d4 XFree86-ISO8859-9-100dpi-fonts-4.3.0-69.EL.i386.rpm 272482b3e3c6e6d7cc8a6537dc5efd3e XFree86-ISO8859-9-75dpi-fonts-4.3.0-69.EL.i386.rpm bde0fa89929b6545d13527e525988c7c XFree86-Mesa-libGL-4.3.0-69.EL.i386.rpm 8b1b7263d4339aa471badeb9d9aac564 XFree86-Mesa-libGLU-4.3.0-69.EL.i386.rpm 1c6e49b83c97041ada0f35744496a325 XFree86-Xnest-4.3.0-69.EL.i386.rpm e8a8f07eeabb5a022c5a6ea2b2e6f9ae XFree86-Xvfb-4.3.0-69.EL.i386.rpm fcfcf4170385dde094aa0b2bc6c267fb XFree86-base-fonts-4.3.0-69.EL.i386.rpm f9022a68f1739e15b33097e54c9572fe XFree86-cyrillic-fonts-4.3.0-69.EL.i386.rpm 0af1c28d7c90fa4bf32d81c2ed798642 XFree86-devel-4.3.0-69.EL.i386.rpm 9fa3ceb34da5d30e8a85e49055f64b36 XFree86-doc-4.3.0-69.EL.i386.rpm 105e59776fecb6da69780c42be3b2e32 XFree86-font-utils-4.3.0-69.EL.i386.rpm cca3d86b6e22dbd55a15fbd7be5341ab XFree86-libs-4.3.0-69.EL.i386.rpm ef4beef49d884104910d2c6d3ac3f942 XFree86-libs-data-4.3.0-69.EL.i386.rpm 1485c93b8cfdeeb933f252e51963e316 XFree86-sdk-4.3.0-69.EL.i386.rpm 0589870998b2e9a50512ede1586be8a4 XFree86-syriac-fonts-4.3.0-69.EL.i386.rpm bc4a53ff89f59eec90be757d8ddd5c16 XFree86-tools-4.3.0-69.EL.i386.rpm 552d11352a1a75fe912cd3bda95cfe93 XFree86-truetype-fonts-4.3.0-69.EL.i386.rpm 6f8edda517ac7773341679245e43febe XFree86-twm-4.3.0-69.EL.i386.rpm 55e5973e477495b30656f9e0d3a437af XFree86-xauth-4.3.0-69.EL.i386.rpm fd0bedd6e6c1435d8970616e548bb7c3 XFree86-xdm-4.3.0-69.EL.i386.rpm aa14edae182611d0f9ea32c3c35de5d2 XFree86-xfs-4.3.0-69.EL.i386.rpm ia64: 3f7a28df7837c412ce15bd5aee3d5780 XFree86-100dpi-fonts-4.3.0-69.EL.ia64.rpm a46398d4ea46a3a51a09c722097094e8 XFree86-4.3.0-69.EL.ia64.rpm 5af51c8d2934de0cee8614a75f9137fd XFree86-75dpi-fonts-4.3.0-69.EL.ia64.rpm 8bf1fbc8044ff6a3a3d8f7a44f07c26d XFree86-ISO8859-14-100dpi-fonts-4.3.0-69.EL.ia64.rpm 115f7ca729dfe3ad0fd3b95162552d51 XFree86-ISO8859-14-75dpi-fonts-4.3.0-69.EL.ia64.rpm ef60a5cbcf207f4c6133dabe9e9bac3c XFree86-ISO8859-15-100dpi-fonts-4.3.0-69.EL.ia64.rpm 25bd0837ce60ea963c56ea6ae1988101 XFree86-ISO8859-15-75dpi-fonts-4.3.0-69.EL.ia64.rpm d34787fc341464318921b0c0d0b7821f XFree86-ISO8859-2-100dpi-fonts-4.3.0-69.EL.ia64.rpm c9ca027cfd0b6b1fdb8d571862060481 XFree86-ISO8859-2-75dpi-fonts-4.3.0-69.EL.ia64.rpm 9b46561780e6dead8e2d4b04575266fe XFree86-ISO8859-9-100dpi-fonts-4.3.0-69.EL.ia64.rpm a3f64e58320e2c648c3d611d4243f802 XFree86-ISO8859-9-75dpi-fonts-4.3.0-69.EL.ia64.rpm 7e0caa7bd5773e8d2ceeb049d7e73fd0 XFree86-Mesa-libGL-4.3.0-69.EL.ia64.rpm bde0fa89929b6545d13527e525988c7c XFree86-Mesa-libGL-4.3.0-69.EL.i386.rpm 639fe951a4cdc935b491cad6bdb7c682 XFree86-Mesa-libGLU-4.3.0-69.EL.ia64.rpm 8b1b7263d4339aa471badeb9d9aac564 XFree86-Mesa-libGLU-4.3.0-69.EL.i386.rpm 23089ee93942a4f6e3fe677b7dfdbabc XFree86-Xnest-4.3.0-69.EL.ia64.rpm c68af1fd217159ee1cf9d57f7759052c XFree86-Xvfb-4.3.0-69.EL.ia64.rpm d324f353ceae92a0703563aabd16b404 XFree86-base-fonts-4.3.0-69.EL.ia64.rpm c00031bca5d44c4b2e663d9fe1ddcbf4 XFree86-cyrillic-fonts-4.3.0-69.EL.ia64.rpm f3a268ef0ca33a3d9979a26af8469cf3 XFree86-devel-4.3.0-69.EL.ia64.rpm d55c45682bac928b4b1182c27877ab20 XFree86-doc-4.3.0-69.EL.ia64.rpm 8f5ba936864b3ebee74dae5a1df5ca87 XFree86-font-utils-4.3.0-69.EL.ia64.rpm 72c4ef86ad6a3a15ee41ebd853392e2c XFree86-libs-4.3.0-69.EL.ia64.rpm cca3d86b6e22dbd55a15fbd7be5341ab XFree86-libs-4.3.0-69.EL.i386.rpm 857a080cfc55c86d327c4df8a385f0ba XFree86-libs-data-4.3.0-69.EL.ia64.rpm 0755b8203921fbc2ee56a45f8717385e XFree86-sdk-4.3.0-69.EL.ia64.rpm 6173b56b78709df1845ea746e2a66e31 XFree86-syriac-fonts-4.3.0-69.EL.ia64.rpm c6eee77c124bf6ead901133df186bb0e XFree86-tools-4.3.0-69.EL.ia64.rpm 8b7ab155e1012db0f1c89834046d4d32 XFree86-truetype-fonts-4.3.0-69.EL.ia64.rpm 412f5bc8832fd7ffdb0b833970a0d5df XFree86-twm-4.3.0-69.EL.ia64.rpm b114790a6ae962c7840228d11bd81398 XFree86-xauth-4.3.0-69.EL.ia64.rpm 82d9270fef03050dc997a40e60e93009 XFree86-xdm-4.3.0-69.EL.ia64.rpm bf4fbdf9a58a29b9d9f314bec9e26b1e XFree86-xfs-4.3.0-69.EL.ia64.rpm ppc: 8da5b5b591dfdbbf55b446cf857d2d97 XFree86-100dpi-fonts-4.3.0-69.EL.ppc.rpm 1a3ab24e4b1b0438d25dbf1b84d0ab49 XFree86-4.3.0-69.EL.ppc.rpm 65647c24f55b38594264b775ef4633a7 XFree86-75dpi-fonts-4.3.0-69.EL.ppc.rpm 8c6b1541e1544d88fd0bd62b8c12da7a XFree86-ISO8859-14-100dpi-fonts-4.3.0-69.EL.ppc.rpm 223e20f3ef1faf350cb1de1ad7f54c34 XFree86-ISO8859-14-75dpi-fonts-4.3.0-69.EL.ppc.rpm 170f11e0fc56cc9b1d52d2e321ba9a29 XFree86-ISO8859-15-100dpi-fonts-4.3.0-69.EL.ppc.rpm 9510cff315b819bd757d38fe3bcbca76 XFree86-ISO8859-15-75dpi-fonts-4.3.0-69.EL.ppc.rpm 8fda217c045999c6b6bc99ce9a876cb4 XFree86-ISO8859-2-100dpi-fonts-4.3.0-69.EL.ppc.rpm dea93e9794ddc4da22770d08014820e6 XFree86-ISO8859-2-75dpi-fonts-4.3.0-69.EL.ppc.rpm 9e2f58c91ad987da2ac3d0544f3595b2 XFree86-ISO8859-9-100dpi-fonts-4.3.0-69.EL.ppc.rpm 22116efceeac91a7a645240798308236 XFree86-ISO8859-9-75dpi-fonts-4.3.0-69.EL.ppc.rpm b93d443e2cd3d2fab1e4e59475ae4c47 XFree86-Mesa-libGL-4.3.0-69.EL.ppc.rpm 8243d8014e9261007fa22b2ed7dd347f XFree86-Mesa-libGLU-4.3.0-69.EL.ppc.rpm da6131bbb4132c8e2fb6ab2b23749c49 XFree86-Xnest-4.3.0-69.EL.ppc.rpm c32da1c222345980e6adec230812ecde XFree86-Xvfb-4.3.0-69.EL.ppc.rpm 0f97eaada1df72901f01680632c65cfd XFree86-base-fonts-4.3.0-69.EL.ppc.rpm c6474486adbc8acac050c88b07b20301 XFree86-cyrillic-fonts-4.3.0-69.EL.ppc.rpm 9a2d71e9153d64147b655253daa22c6d XFree86-devel-4.3.0-69.EL.ppc.rpm dde376398568569726e5922487f0cb62 XFree86-doc-4.3.0-69.EL.ppc.rpm 969ecf522536263980b1b51e2d41c3df XFree86-font-utils-4.3.0-69.EL.ppc.rpm b9ab45bc71e5e515bf7d623a1c30955e XFree86-libs-4.3.0-69.EL.ppc.rpm fb00cf76e07b88f8d8b17dbfdcc2b621 XFree86-libs-data-4.3.0-69.EL.ppc.rpm 1300aacaaa7722d21383a3df9f1dceac XFree86-sdk-4.3.0-69.EL.ppc.rpm 0afa3c3d8334aa59b58c33925ea2dce9 XFree86-syriac-fonts-4.3.0-69.EL.ppc.rpm cc1bf1f289edc4c9a11acf398d729183 XFree86-tools-4.3.0-69.EL.ppc.rpm d175b61d8c8ad064bb49cdba584f55f1 XFree86-truetype-fonts-4.3.0-69.EL.ppc.rpm 6c150d25e12253f6f68de28bec54d8fd XFree86-twm-4.3.0-69.EL.ppc.rpm b200807c73f5226c38e4cc7b9b63fe98 XFree86-xauth-4.3.0-69.EL.ppc.rpm 7c7eac97a1757f2789b105b5bcc27d04 XFree86-xdm-4.3.0-69.EL.ppc.rpm 479e061aa31cc0d2bff45085bb3d686a XFree86-xfs-4.3.0-69.EL.ppc.rpm ppc64: 897278c3e2832d9e5bfd8b050df096a4 XFree86-Mesa-libGL-4.3.0-69.EL.ppc64.rpm 9a869180ca166e9ae163ebfdadf753e6 XFree86-Mesa-libGLU-4.3.0-69.EL.ppc64.rpm 1194a722190bf2cb0a589aefed8eec80 XFree86-devel-4.3.0-69.EL.ppc64.rpm 1d50df2cafce2d9eae70cac57bc928bc XFree86-libs-4.3.0-69.EL.ppc64.rpm s390: d0f86401f0fe31441aab72b0b7e37713 XFree86-100dpi-fonts-4.3.0-69.EL.s390.rpm 60efc7282f98660417d4c093c2b231f5 XFree86-4.3.0-69.EL.s390.rpm 9337a7cc19346d12ab3f2bef0136f6eb XFree86-75dpi-fonts-4.3.0-69.EL.s390.rpm ff06ae261f1ca0c695d8838c54f5ea50 XFree86-ISO8859-14-100dpi-fonts-4.3.0-69.EL.s390.rpm 181a872704bd33113654b5d88f2170a4 XFree86-ISO8859-14-75dpi-fonts-4.3.0-69.EL.s390.rpm 7314c75d5d335869e1d41256bb37e9b9 XFree86-ISO8859-15-100dpi-fonts-4.3.0-69.EL.s390.rpm fb70559e7ec758cd2adfe5c760ae3194 XFree86-ISO8859-15-75dpi-fonts-4.3.0-69.EL.s390.rpm 14aff38a6190a53d4c741f8aa82b616e XFree86-ISO8859-2-100dpi-fonts-4.3.0-69.EL.s390.rpm 1da0dd5f61e0d4f64e4cad9b2109cf3f XFree86-ISO8859-2-75dpi-fonts-4.3.0-69.EL.s390.rpm b75fb962d79520c0c0f019836ad43c43 XFree86-ISO8859-9-100dpi-fonts-4.3.0-69.EL.s390.rpm 71ce690d1caba8ce7b3f8ae741ec5be1 XFree86-ISO8859-9-75dpi-fonts-4.3.0-69.EL.s390.rpm 351730f11e8e96931ae799a47e0750ef XFree86-Mesa-libGL-4.3.0-69.EL.s390.rpm 7b84dd5056234c44cd25ab5571dc6676 XFree86-Mesa-libGLU-4.3.0-69.EL.s390.rpm 075b4be07df5d857e26c6cea3d3570a9 XFree86-Xnest-4.3.0-69.EL.s390.rpm 299633a8a915a587868ef59b57ce10b9 XFree86-Xvfb-4.3.0-69.EL.s390.rpm d08608baa82b4531778b3c4b25c75564 XFree86-base-fonts-4.3.0-69.EL.s390.rpm 2ee3007c9b7a3ccf7805efeb6c883537 XFree86-cyrillic-fonts-4.3.0-69.EL.s390.rpm 06dd32960e2a2c0ce62c5ed57005beed XFree86-devel-4.3.0-69.EL.s390.rpm 24397f698de1f0eb682b524365049dc8 XFree86-font-utils-4.3.0-69.EL.s390.rpm 61ea5e63aeb6dd2f6ed0da37bfe5a5a0 XFree86-libs-4.3.0-69.EL.s390.rpm da524a7ce11c345b369bd25f05a0e330 XFree86-libs-data-4.3.0-69.EL.s390.rpm 9cdfee9dde374ef8468578da8f6d5576 XFree86-syriac-fonts-4.3.0-69.EL.s390.rpm 0803f15a32a8ff9b38d889dbceab9c67 XFree86-tools-4.3.0-69.EL.s390.rpm 4da7fca4b89ac201b36e74b801f0e151 XFree86-truetype-fonts-4.3.0-69.EL.s390.rpm 492d4f0ed9872578ab5b6242335ca1f5 XFree86-twm-4.3.0-69.EL.s390.rpm 59cc225721eab187c15beed423d36bc1 XFree86-xauth-4.3.0-69.EL.s390.rpm 5a14e907222cc34948edfa16f8757784 XFree86-xdm-4.3.0-69.EL.s390.rpm 176316d041a22d4a2da0a769545b23cd XFree86-xfs-4.3.0-69.EL.s390.rpm s390x: 7901e60ce9c4f96b28cebed0e540c1a2 XFree86-100dpi-fonts-4.3.0-69.EL.s390x.rpm 21caf1bc59513e5a494d473b797d6f1e XFree86-4.3.0-69.EL.s390x.rpm 6ccfb6cc6f88eceb5d6ee1fa61d1f4e9 XFree86-75dpi-fonts-4.3.0-69.EL.s390x.rpm 622e6a9b03aa85e998a585f397a6aa4c XFree86-ISO8859-14-100dpi-fonts-4.3.0-69.EL.s390x.rpm 32ebfa7109dccc1642918b57025ede46 XFree86-ISO8859-14-75dpi-fonts-4.3.0-69.EL.s390x.rpm cdd6d069d055f6634a7d0fe7d3758e8a XFree86-ISO8859-15-100dpi-fonts-4.3.0-69.EL.s390x.rpm fd3874080a806c84f995e98b301197a3 XFree86-ISO8859-15-75dpi-fonts-4.3.0-69.EL.s390x.rpm bb8beff50ff1a2ad91dad75fb417249e XFree86-ISO8859-2-100dpi-fonts-4.3.0-69.EL.s390x.rpm c33bc835af34d7bf4ea025a3b694a290 XFree86-ISO8859-2-75dpi-fonts-4.3.0-69.EL.s390x.rpm dd6bd0a9c47b7557dcedbe6ed5b18c62 XFree86-ISO8859-9-100dpi-fonts-4.3.0-69.EL.s390x.rpm 03db31703cdd129c2cca46f3ea38caa6 XFree86-ISO8859-9-75dpi-fonts-4.3.0-69.EL.s390x.rpm 7cca411d695c7ff7a4faf37c5580109a XFree86-Mesa-libGL-4.3.0-69.EL.s390x.rpm 351730f11e8e96931ae799a47e0750ef XFree86-Mesa-libGL-4.3.0-69.EL.s390.rpm dba8cf8504325490ea910545ec7a195f XFree86-Mesa-libGLU-4.3.0-69.EL.s390x.rpm 7b84dd5056234c44cd25ab5571dc6676 XFree86-Mesa-libGLU-4.3.0-69.EL.s390.rpm e48a8da4a82b888b2658dcd3748b1d32 XFree86-Xnest-4.3.0-69.EL.s390x.rpm 62ff558264684c114b3836cd9cef506e XFree86-Xvfb-4.3.0-69.EL.s390x.rpm 59ae5599595517db2649454c6a2e0c7a XFree86-base-fonts-4.3.0-69.EL.s390x.rpm b8f0b850db25c8278b50d42317d2f2f2 XFree86-cyrillic-fonts-4.3.0-69.EL.s390x.rpm 1dba59c6c952749feea1a3857f22d339 XFree86-devel-4.3.0-69.EL.s390x.rpm 06dd32960e2a2c0ce62c5ed57005beed XFree86-devel-4.3.0-69.EL.s390.rpm 6ed05ca1106200b7c63cc64ca4607fc4 XFree86-font-utils-4.3.0-69.EL.s390x.rpm 506a56ba81fc61da2d9f8a8c9df9fa07 XFree86-libs-4.3.0-69.EL.s390x.rpm 61ea5e63aeb6dd2f6ed0da37bfe5a5a0 XFree86-libs-4.3.0-69.EL.s390.rpm cf1fd9b44f66694f57daeff567debe56 XFree86-libs-data-4.3.0-69.EL.s390x.rpm 20b5439990cddb86b5cf31cf82227fdf XFree86-syriac-fonts-4.3.0-69.EL.s390x.rpm 192429881c0b89fd7ae4db791d721880 XFree86-tools-4.3.0-69.EL.s390x.rpm 4c2c200c9e441d6c8b5cdc5431fdedf1 XFree86-truetype-fonts-4.3.0-69.EL.s390x.rpm 9a0801417c30586ab81421a1bfb1835f XFree86-twm-4.3.0-69.EL.s390x.rpm ab258afc0d194564e52bcc8c92aaec6e XFree86-xauth-4.3.0-69.EL.s390x.rpm 42213d319084a89cc7fa752000a5dffb XFree86-xdm-4.3.0-69.EL.s390x.rpm 837dbc7b65878601bdb75b829332f8be XFree86-xfs-4.3.0-69.EL.s390x.rpm x86_64: affb0ea54ae312e2d73c6ed7e8ec3341 XFree86-100dpi-fonts-4.3.0-69.EL.x86_64.rpm 1aeb7da083614ad23336df015c6f7fca XFree86-4.3.0-69.EL.x86_64.rpm 4c95f3f935952c970450c6ed2a89880f XFree86-75dpi-fonts-4.3.0-69.EL.x86_64.rpm bc76e2df201850c23f47fcc1e08b0e69 XFree86-ISO8859-14-100dpi-fonts-4.3.0-69.EL.x86_64.rpm b35b52644bb806a17ac8e3560528d1c8 XFree86-ISO8859-14-75dpi-fonts-4.3.0-69.EL.x86_64.rpm ee40fd11c538d6f3b76dc8cc83097f61 XFree86-ISO8859-15-100dpi-fonts-4.3.0-69.EL.x86_64.rpm cd384a95e55f59020ec87c233bcb4231 XFree86-ISO8859-15-75dpi-fonts-4.3.0-69.EL.x86_64.rpm 01b02d01c28b5fadeb0af1fa93120ad2 XFree86-ISO8859-2-100dpi-fonts-4.3.0-69.EL.x86_64.rpm d9ca6d785b1fdf6c470098fe4cc86882 XFree86-ISO8859-2-75dpi-fonts-4.3.0-69.EL.x86_64.rpm 0be43a9476ed1e8672919e885156ae6e XFree86-ISO8859-9-100dpi-fonts-4.3.0-69.EL.x86_64.rpm 6e95b87b936bb529702184466ee1df89 XFree86-ISO8859-9-75dpi-fonts-4.3.0-69.EL.x86_64.rpm bf7a4617d7f0f078ec2f8fedcedda226 XFree86-Mesa-libGL-4.3.0-69.EL.x86_64.rpm bde0fa89929b6545d13527e525988c7c XFree86-Mesa-libGL-4.3.0-69.EL.i386.rpm 8a75070eed9f052103847cd5bf8eee08 XFree86-Mesa-libGLU-4.3.0-69.EL.x86_64.rpm 8b1b7263d4339aa471badeb9d9aac564 XFree86-Mesa-libGLU-4.3.0-69.EL.i386.rpm 7392dda0a248c870da98bc1aae1d8e0a XFree86-Xnest-4.3.0-69.EL.x86_64.rpm 384db1566cd533069dc06a4da76b146d XFree86-Xvfb-4.3.0-69.EL.x86_64.rpm df42bf8108aab6c95d16b9d9a8e8c230 XFree86-base-fonts-4.3.0-69.EL.x86_64.rpm 1b74f0bccee1029c1a2d1c560ed459c7 XFree86-cyrillic-fonts-4.3.0-69.EL.x86_64.rpm 4f56547cc3545eb9dc5702dd3a99f76c XFree86-devel-4.3.0-69.EL.x86_64.rpm 0af1c28d7c90fa4bf32d81c2ed798642 XFree86-devel-4.3.0-69.EL.i386.rpm 24097283df147463836984b124821a7e XFree86-doc-4.3.0-69.EL.x86_64.rpm 135717dc93a3af097aeeae628dfadb6a XFree86-font-utils-4.3.0-69.EL.x86_64.rpm 8e5d3cc25bf7fb2f209a33b930ffdca5 XFree86-libs-4.3.0-69.EL.x86_64.rpm cca3d86b6e22dbd55a15fbd7be5341ab XFree86-libs-4.3.0-69.EL.i386.rpm c84696c6a7715e487be461b0bc1e4ed8 XFree86-libs-data-4.3.0-69.EL.x86_64.rpm f0a3e3bf468b9ca1ce75735927d46a2e XFree86-sdk-4.3.0-69.EL.x86_64.rpm 4a48c8c2e97c2367befb11d4c144c42e XFree86-syriac-fonts-4.3.0-69.EL.x86_64.rpm be8fc8eca081e0a21f23dc95fe054336 XFree86-tools-4.3.0-69.EL.x86_64.rpm d5d3da1543bc5a9cb9922173a930b4f5 XFree86-truetype-fonts-4.3.0-69.EL.x86_64.rpm e3e2f3c6fc1d119022b4cc7c63b664ce XFree86-twm-4.3.0-69.EL.x86_64.rpm 885dc9386c9f2de099c75665e36dbff9 XFree86-xauth-4.3.0-69.EL.x86_64.rpm 13ebcf4076ad1664e1cc758deaa9a77d XFree86-xdm-4.3.0-69.EL.x86_64.rpm 88e288f8153528feeeedfadc5b9aa2a1 XFree86-xfs-4.3.0-69.EL.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/XFree86-4.3.0-69.EL.src.rpm 09edd7c98f9f6b268d305d9bd7d0bacf XFree86-4.3.0-69.EL.src.rpm i386: e0b1f1c71202d1589b32e1bcf67bd7e1 XFree86-100dpi-fonts-4.3.0-69.EL.i386.rpm 6fd9f5bf116981b29c0c13040c3c0003 XFree86-4.3.0-69.EL.i386.rpm 1878c8f581c4f107efeeaad6eb502fa0 XFree86-75dpi-fonts-4.3.0-69.EL.i386.rpm e63544d39bf56978f10371ee6ce8a119 XFree86-ISO8859-14-100dpi-fonts-4.3.0-69.EL.i386.rpm df932cede62ba892f20d878107128b6d XFree86-ISO8859-14-75dpi-fonts-4.3.0-69.EL.i386.rpm 9e9a9dac8c6ca47029d9e2ea2f17d998 XFree86-ISO8859-15-100dpi-fonts-4.3.0-69.EL.i386.rpm 56c2bb1ba364dbd0c4c3de0e5990a5f6 XFree86-ISO8859-15-75dpi-fonts-4.3.0-69.EL.i386.rpm 8b4612be6c0ee7761a9e77ff0681cb5a XFree86-ISO8859-2-100dpi-fonts-4.3.0-69.EL.i386.rpm 76361c447ecf5565d40816817a827b63 XFree86-ISO8859-2-75dpi-fonts-4.3.0-69.EL.i386.rpm 58d44c4274130ebd0749fe9c1d5c60d4 XFree86-ISO8859-9-100dpi-fonts-4.3.0-69.EL.i386.rpm 272482b3e3c6e6d7cc8a6537dc5efd3e XFree86-ISO8859-9-75dpi-fonts-4.3.0-69.EL.i386.rpm bde0fa89929b6545d13527e525988c7c XFree86-Mesa-libGL-4.3.0-69.EL.i386.rpm 8b1b7263d4339aa471badeb9d9aac564 XFree86-Mesa-libGLU-4.3.0-69.EL.i386.rpm 1c6e49b83c97041ada0f35744496a325 XFree86-Xnest-4.3.0-69.EL.i386.rpm e8a8f07eeabb5a022c5a6ea2b2e6f9ae XFree86-Xvfb-4.3.0-69.EL.i386.rpm fcfcf4170385dde094aa0b2bc6c267fb XFree86-base-fonts-4.3.0-69.EL.i386.rpm f9022a68f1739e15b33097e54c9572fe XFree86-cyrillic-fonts-4.3.0-69.EL.i386.rpm 0af1c28d7c90fa4bf32d81c2ed798642 XFree86-devel-4.3.0-69.EL.i386.rpm 9fa3ceb34da5d30e8a85e49055f64b36 XFree86-doc-4.3.0-69.EL.i386.rpm 105e59776fecb6da69780c42be3b2e32 XFree86-font-utils-4.3.0-69.EL.i386.rpm cca3d86b6e22dbd55a15fbd7be5341ab XFree86-libs-4.3.0-69.EL.i386.rpm ef4beef49d884104910d2c6d3ac3f942 XFree86-libs-data-4.3.0-69.EL.i386.rpm 1485c93b8cfdeeb933f252e51963e316 XFree86-sdk-4.3.0-69.EL.i386.rpm 0589870998b2e9a50512ede1586be8a4 XFree86-syriac-fonts-4.3.0-69.EL.i386.rpm bc4a53ff89f59eec90be757d8ddd5c16 XFree86-tools-4.3.0-69.EL.i386.rpm 552d11352a1a75fe912cd3bda95cfe93 XFree86-truetype-fonts-4.3.0-69.EL.i386.rpm 6f8edda517ac7773341679245e43febe XFree86-twm-4.3.0-69.EL.i386.rpm 55e5973e477495b30656f9e0d3a437af XFree86-xauth-4.3.0-69.EL.i386.rpm fd0bedd6e6c1435d8970616e548bb7c3 XFree86-xdm-4.3.0-69.EL.i386.rpm aa14edae182611d0f9ea32c3c35de5d2 XFree86-xfs-4.3.0-69.EL.i386.rpm x86_64: affb0ea54ae312e2d73c6ed7e8ec3341 XFree86-100dpi-fonts-4.3.0-69.EL.x86_64.rpm 1aeb7da083614ad23336df015c6f7fca XFree86-4.3.0-69.EL.x86_64.rpm 4c95f3f935952c970450c6ed2a89880f XFree86-75dpi-fonts-4.3.0-69.EL.x86_64.rpm bc76e2df201850c23f47fcc1e08b0e69 XFree86-ISO8859-14-100dpi-fonts-4.3.0-69.EL.x86_64.rpm b35b52644bb806a17ac8e3560528d1c8 XFree86-ISO8859-14-75dpi-fonts-4.3.0-69.EL.x86_64.rpm ee40fd11c538d6f3b76dc8cc83097f61 XFree86-ISO8859-15-100dpi-fonts-4.3.0-69.EL.x86_64.rpm cd384a95e55f59020ec87c233bcb4231 XFree86-ISO8859-15-75dpi-fonts-4.3.0-69.EL.x86_64.rpm 01b02d01c28b5fadeb0af1fa93120ad2 XFree86-ISO8859-2-100dpi-fonts-4.3.0-69.EL.x86_64.rpm d9ca6d785b1fdf6c470098fe4cc86882 XFree86-ISO8859-2-75dpi-fonts-4.3.0-69.EL.x86_64.rpm 0be43a9476ed1e8672919e885156ae6e XFree86-ISO8859-9-100dpi-fonts-4.3.0-69.EL.x86_64.rpm 6e95b87b936bb529702184466ee1df89 XFree86-ISO8859-9-75dpi-fonts-4.3.0-69.EL.x86_64.rpm bf7a4617d7f0f078ec2f8fedcedda226 XFree86-Mesa-libGL-4.3.0-69.EL.x86_64.rpm bde0fa89929b6545d13527e525988c7c XFree86-Mesa-libGL-4.3.0-69.EL.i386.rpm 8a75070eed9f052103847cd5bf8eee08 XFree86-Mesa-libGLU-4.3.0-69.EL.x86_64.rpm 8b1b7263d4339aa471badeb9d9aac564 XFree86-Mesa-libGLU-4.3.0-69.EL.i386.rpm 7392dda0a248c870da98bc1aae1d8e0a XFree86-Xnest-4.3.0-69.EL.x86_64.rpm 384db1566cd533069dc06a4da76b146d XFree86-Xvfb-4.3.0-69.EL.x86_64.rpm df42bf8108aab6c95d16b9d9a8e8c230 XFree86-base-fonts-4.3.0-69.EL.x86_64.rpm 1b74f0bccee1029c1a2d1c560ed459c7 XFree86-cyrillic-fonts-4.3.0-69.EL.x86_64.rpm 4f56547cc3545eb9dc5702dd3a99f76c XFree86-devel-4.3.0-69.EL.x86_64.rpm 0af1c28d7c90fa4bf32d81c2ed798642 XFree86-devel-4.3.0-69.EL.i386.rpm 24097283df147463836984b124821a7e XFree86-doc-4.3.0-69.EL.x86_64.rpm 135717dc93a3af097aeeae628dfadb6a XFree86-font-utils-4.3.0-69.EL.x86_64.rpm 8e5d3cc25bf7fb2f209a33b930ffdca5 XFree86-libs-4.3.0-69.EL.x86_64.rpm cca3d86b6e22dbd55a15fbd7be5341ab XFree86-libs-4.3.0-69.EL.i386.rpm c84696c6a7715e487be461b0bc1e4ed8 XFree86-libs-data-4.3.0-69.EL.x86_64.rpm f0a3e3bf468b9ca1ce75735927d46a2e XFree86-sdk-4.3.0-69.EL.x86_64.rpm 4a48c8c2e97c2367befb11d4c144c42e XFree86-syriac-fonts-4.3.0-69.EL.x86_64.rpm be8fc8eca081e0a21f23dc95fe054336 XFree86-tools-4.3.0-69.EL.x86_64.rpm d5d3da1543bc5a9cb9922173a930b4f5 XFree86-truetype-fonts-4.3.0-69.EL.x86_64.rpm e3e2f3c6fc1d119022b4cc7c63b664ce XFree86-twm-4.3.0-69.EL.x86_64.rpm 885dc9386c9f2de099c75665e36dbff9 XFree86-xauth-4.3.0-69.EL.x86_64.rpm 13ebcf4076ad1664e1cc758deaa9a77d XFree86-xdm-4.3.0-69.EL.x86_64.rpm 88e288f8153528feeeedfadc5b9aa2a1 XFree86-xfs-4.3.0-69.EL.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/XFree86-4.3.0-69.EL.src.rpm 09edd7c98f9f6b268d305d9bd7d0bacf XFree86-4.3.0-69.EL.src.rpm i386: e0b1f1c71202d1589b32e1bcf67bd7e1 XFree86-100dpi-fonts-4.3.0-69.EL.i386.rpm 6fd9f5bf116981b29c0c13040c3c0003 XFree86-4.3.0-69.EL.i386.rpm 1878c8f581c4f107efeeaad6eb502fa0 XFree86-75dpi-fonts-4.3.0-69.EL.i386.rpm e63544d39bf56978f10371ee6ce8a119 XFree86-ISO8859-14-100dpi-fonts-4.3.0-69.EL.i386.rpm df932cede62ba892f20d878107128b6d XFree86-ISO8859-14-75dpi-fonts-4.3.0-69.EL.i386.rpm 9e9a9dac8c6ca47029d9e2ea2f17d998 XFree86-ISO8859-15-100dpi-fonts-4.3.0-69.EL.i386.rpm 56c2bb1ba364dbd0c4c3de0e5990a5f6 XFree86-ISO8859-15-75dpi-fonts-4.3.0-69.EL.i386.rpm 8b4612be6c0ee7761a9e77ff0681cb5a XFree86-ISO8859-2-100dpi-fonts-4.3.0-69.EL.i386.rpm 76361c447ecf5565d40816817a827b63 XFree86-ISO8859-2-75dpi-fonts-4.3.0-69.EL.i386.rpm 58d44c4274130ebd0749fe9c1d5c60d4 XFree86-ISO8859-9-100dpi-fonts-4.3.0-69.EL.i386.rpm 272482b3e3c6e6d7cc8a6537dc5efd3e XFree86-ISO8859-9-75dpi-fonts-4.3.0-69.EL.i386.rpm bde0fa89929b6545d13527e525988c7c XFree86-Mesa-libGL-4.3.0-69.EL.i386.rpm 8b1b7263d4339aa471badeb9d9aac564 XFree86-Mesa-libGLU-4.3.0-69.EL.i386.rpm 1c6e49b83c97041ada0f35744496a325 XFree86-Xnest-4.3.0-69.EL.i386.rpm e8a8f07eeabb5a022c5a6ea2b2e6f9ae XFree86-Xvfb-4.3.0-69.EL.i386.rpm fcfcf4170385dde094aa0b2bc6c267fb XFree86-base-fonts-4.3.0-69.EL.i386.rpm f9022a68f1739e15b33097e54c9572fe XFree86-cyrillic-fonts-4.3.0-69.EL.i386.rpm 0af1c28d7c90fa4bf32d81c2ed798642 XFree86-devel-4.3.0-69.EL.i386.rpm 9fa3ceb34da5d30e8a85e49055f64b36 XFree86-doc-4.3.0-69.EL.i386.rpm 105e59776fecb6da69780c42be3b2e32 XFree86-font-utils-4.3.0-69.EL.i386.rpm cca3d86b6e22dbd55a15fbd7be5341ab XFree86-libs-4.3.0-69.EL.i386.rpm ef4beef49d884104910d2c6d3ac3f942 XFree86-libs-data-4.3.0-69.EL.i386.rpm 1485c93b8cfdeeb933f252e51963e316 XFree86-sdk-4.3.0-69.EL.i386.rpm 0589870998b2e9a50512ede1586be8a4 XFree86-syriac-fonts-4.3.0-69.EL.i386.rpm bc4a53ff89f59eec90be757d8ddd5c16 XFree86-tools-4.3.0-69.EL.i386.rpm 552d11352a1a75fe912cd3bda95cfe93 XFree86-truetype-fonts-4.3.0-69.EL.i386.rpm 6f8edda517ac7773341679245e43febe XFree86-twm-4.3.0-69.EL.i386.rpm 55e5973e477495b30656f9e0d3a437af XFree86-xauth-4.3.0-69.EL.i386.rpm fd0bedd6e6c1435d8970616e548bb7c3 XFree86-xdm-4.3.0-69.EL.i386.rpm aa14edae182611d0f9ea32c3c35de5d2 XFree86-xfs-4.3.0-69.EL.i386.rpm ia64: 3f7a28df7837c412ce15bd5aee3d5780 XFree86-100dpi-fonts-4.3.0-69.EL.ia64.rpm a46398d4ea46a3a51a09c722097094e8 XFree86-4.3.0-69.EL.ia64.rpm 5af51c8d2934de0cee8614a75f9137fd XFree86-75dpi-fonts-4.3.0-69.EL.ia64.rpm 8bf1fbc8044ff6a3a3d8f7a44f07c26d XFree86-ISO8859-14-100dpi-fonts-4.3.0-69.EL.ia64.rpm 115f7ca729dfe3ad0fd3b95162552d51 XFree86-ISO8859-14-75dpi-fonts-4.3.0-69.EL.ia64.rpm ef60a5cbcf207f4c6133dabe9e9bac3c XFree86-ISO8859-15-100dpi-fonts-4.3.0-69.EL.ia64.rpm 25bd0837ce60ea963c56ea6ae1988101 XFree86-ISO8859-15-75dpi-fonts-4.3.0-69.EL.ia64.rpm d34787fc341464318921b0c0d0b7821f XFree86-ISO8859-2-100dpi-fonts-4.3.0-69.EL.ia64.rpm c9ca027cfd0b6b1fdb8d571862060481 XFree86-ISO8859-2-75dpi-fonts-4.3.0-69.EL.ia64.rpm 9b46561780e6dead8e2d4b04575266fe XFree86-ISO8859-9-100dpi-fonts-4.3.0-69.EL.ia64.rpm a3f64e58320e2c648c3d611d4243f802 XFree86-ISO8859-9-75dpi-fonts-4.3.0-69.EL.ia64.rpm 7e0caa7bd5773e8d2ceeb049d7e73fd0 XFree86-Mesa-libGL-4.3.0-69.EL.ia64.rpm bde0fa89929b6545d13527e525988c7c XFree86-Mesa-libGL-4.3.0-69.EL.i386.rpm 639fe951a4cdc935b491cad6bdb7c682 XFree86-Mesa-libGLU-4.3.0-69.EL.ia64.rpm 8b1b7263d4339aa471badeb9d9aac564 XFree86-Mesa-libGLU-4.3.0-69.EL.i386.rpm 23089ee93942a4f6e3fe677b7dfdbabc XFree86-Xnest-4.3.0-69.EL.ia64.rpm c68af1fd217159ee1cf9d57f7759052c XFree86-Xvfb-4.3.0-69.EL.ia64.rpm d324f353ceae92a0703563aabd16b404 XFree86-base-fonts-4.3.0-69.EL.ia64.rpm c00031bca5d44c4b2e663d9fe1ddcbf4 XFree86-cyrillic-fonts-4.3.0-69.EL.ia64.rpm f3a268ef0ca33a3d9979a26af8469cf3 XFree86-devel-4.3.0-69.EL.ia64.rpm d55c45682bac928b4b1182c27877ab20 XFree86-doc-4.3.0-69.EL.ia64.rpm 8f5ba936864b3ebee74dae5a1df5ca87 XFree86-font-utils-4.3.0-69.EL.ia64.rpm 72c4ef86ad6a3a15ee41ebd853392e2c XFree86-libs-4.3.0-69.EL.ia64.rpm cca3d86b6e22dbd55a15fbd7be5341ab XFree86-libs-4.3.0-69.EL.i386.rpm 857a080cfc55c86d327c4df8a385f0ba XFree86-libs-data-4.3.0-69.EL.ia64.rpm 0755b8203921fbc2ee56a45f8717385e XFree86-sdk-4.3.0-69.EL.ia64.rpm 6173b56b78709df1845ea746e2a66e31 XFree86-syriac-fonts-4.3.0-69.EL.ia64.rpm c6eee77c124bf6ead901133df186bb0e XFree86-tools-4.3.0-69.EL.ia64.rpm 8b7ab155e1012db0f1c89834046d4d32 XFree86-truetype-fonts-4.3.0-69.EL.ia64.rpm 412f5bc8832fd7ffdb0b833970a0d5df XFree86-twm-4.3.0-69.EL.ia64.rpm b114790a6ae962c7840228d11bd81398 XFree86-xauth-4.3.0-69.EL.ia64.rpm 82d9270fef03050dc997a40e60e93009 XFree86-xdm-4.3.0-69.EL.ia64.rpm bf4fbdf9a58a29b9d9f314bec9e26b1e XFree86-xfs-4.3.0-69.EL.ia64.rpm x86_64: affb0ea54ae312e2d73c6ed7e8ec3341 XFree86-100dpi-fonts-4.3.0-69.EL.x86_64.rpm 1aeb7da083614ad23336df015c6f7fca XFree86-4.3.0-69.EL.x86_64.rpm 4c95f3f935952c970450c6ed2a89880f XFree86-75dpi-fonts-4.3.0-69.EL.x86_64.rpm bc76e2df201850c23f47fcc1e08b0e69 XFree86-ISO8859-14-100dpi-fonts-4.3.0-69.EL.x86_64.rpm b35b52644bb806a17ac8e3560528d1c8 XFree86-ISO8859-14-75dpi-fonts-4.3.0-69.EL.x86_64.rpm ee40fd11c538d6f3b76dc8cc83097f61 XFree86-ISO8859-15-100dpi-fonts-4.3.0-69.EL.x86_64.rpm cd384a95e55f59020ec87c233bcb4231 XFree86-ISO8859-15-75dpi-fonts-4.3.0-69.EL.x86_64.rpm 01b02d01c28b5fadeb0af1fa93120ad2 XFree86-ISO8859-2-100dpi-fonts-4.3.0-69.EL.x86_64.rpm d9ca6d785b1fdf6c470098fe4cc86882 XFree86-ISO8859-2-75dpi-fonts-4.3.0-69.EL.x86_64.rpm 0be43a9476ed1e8672919e885156ae6e XFree86-ISO8859-9-100dpi-fonts-4.3.0-69.EL.x86_64.rpm 6e95b87b936bb529702184466ee1df89 XFree86-ISO8859-9-75dpi-fonts-4.3.0-69.EL.x86_64.rpm bf7a4617d7f0f078ec2f8fedcedda226 XFree86-Mesa-libGL-4.3.0-69.EL.x86_64.rpm bde0fa89929b6545d13527e525988c7c XFree86-Mesa-libGL-4.3.0-69.EL.i386.rpm 8a75070eed9f052103847cd5bf8eee08 XFree86-Mesa-libGLU-4.3.0-69.EL.x86_64.rpm 8b1b7263d4339aa471badeb9d9aac564 XFree86-Mesa-libGLU-4.3.0-69.EL.i386.rpm 7392dda0a248c870da98bc1aae1d8e0a XFree86-Xnest-4.3.0-69.EL.x86_64.rpm 384db1566cd533069dc06a4da76b146d XFree86-Xvfb-4.3.0-69.EL.x86_64.rpm df42bf8108aab6c95d16b9d9a8e8c230 XFree86-base-fonts-4.3.0-69.EL.x86_64.rpm 1b74f0bccee1029c1a2d1c560ed459c7 XFree86-cyrillic-fonts-4.3.0-69.EL.x86_64.rpm 4f56547cc3545eb9dc5702dd3a99f76c XFree86-devel-4.3.0-69.EL.x86_64.rpm 0af1c28d7c90fa4bf32d81c2ed798642 XFree86-devel-4.3.0-69.EL.i386.rpm 24097283df147463836984b124821a7e XFree86-doc-4.3.0-69.EL.x86_64.rpm 135717dc93a3af097aeeae628dfadb6a XFree86-font-utils-4.3.0-69.EL.x86_64.rpm 8e5d3cc25bf7fb2f209a33b930ffdca5 XFree86-libs-4.3.0-69.EL.x86_64.rpm cca3d86b6e22dbd55a15fbd7be5341ab XFree86-libs-4.3.0-69.EL.i386.rpm c84696c6a7715e487be461b0bc1e4ed8 XFree86-libs-data-4.3.0-69.EL.x86_64.rpm f0a3e3bf468b9ca1ce75735927d46a2e XFree86-sdk-4.3.0-69.EL.x86_64.rpm 4a48c8c2e97c2367befb11d4c144c42e XFree86-syriac-fonts-4.3.0-69.EL.x86_64.rpm be8fc8eca081e0a21f23dc95fe054336 XFree86-tools-4.3.0-69.EL.x86_64.rpm d5d3da1543bc5a9cb9922173a930b4f5 XFree86-truetype-fonts-4.3.0-69.EL.x86_64.rpm e3e2f3c6fc1d119022b4cc7c63b664ce XFree86-twm-4.3.0-69.EL.x86_64.rpm 885dc9386c9f2de099c75665e36dbff9 XFree86-xauth-4.3.0-69.EL.x86_64.rpm 13ebcf4076ad1664e1cc758deaa9a77d XFree86-xdm-4.3.0-69.EL.x86_64.rpm 88e288f8153528feeeedfadc5b9aa2a1 XFree86-xfs-4.3.0-69.EL.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/XFree86-4.3.0-69.EL.src.rpm 09edd7c98f9f6b268d305d9bd7d0bacf XFree86-4.3.0-69.EL.src.rpm i386: e0b1f1c71202d1589b32e1bcf67bd7e1 XFree86-100dpi-fonts-4.3.0-69.EL.i386.rpm 6fd9f5bf116981b29c0c13040c3c0003 XFree86-4.3.0-69.EL.i386.rpm 1878c8f581c4f107efeeaad6eb502fa0 XFree86-75dpi-fonts-4.3.0-69.EL.i386.rpm e63544d39bf56978f10371ee6ce8a119 XFree86-ISO8859-14-100dpi-fonts-4.3.0-69.EL.i386.rpm df932cede62ba892f20d878107128b6d XFree86-ISO8859-14-75dpi-fonts-4.3.0-69.EL.i386.rpm 9e9a9dac8c6ca47029d9e2ea2f17d998 XFree86-ISO8859-15-100dpi-fonts-4.3.0-69.EL.i386.rpm 56c2bb1ba364dbd0c4c3de0e5990a5f6 XFree86-ISO8859-15-75dpi-fonts-4.3.0-69.EL.i386.rpm 8b4612be6c0ee7761a9e77ff0681cb5a XFree86-ISO8859-2-100dpi-fonts-4.3.0-69.EL.i386.rpm 76361c447ecf5565d40816817a827b63 XFree86-ISO8859-2-75dpi-fonts-4.3.0-69.EL.i386.rpm 58d44c4274130ebd0749fe9c1d5c60d4 XFree86-ISO8859-9-100dpi-fonts-4.3.0-69.EL.i386.rpm 272482b3e3c6e6d7cc8a6537dc5efd3e XFree86-ISO8859-9-75dpi-fonts-4.3.0-69.EL.i386.rpm bde0fa89929b6545d13527e525988c7c XFree86-Mesa-libGL-4.3.0-69.EL.i386.rpm 8b1b7263d4339aa471badeb9d9aac564 XFree86-Mesa-libGLU-4.3.0-69.EL.i386.rpm 1c6e49b83c97041ada0f35744496a325 XFree86-Xnest-4.3.0-69.EL.i386.rpm e8a8f07eeabb5a022c5a6ea2b2e6f9ae XFree86-Xvfb-4.3.0-69.EL.i386.rpm fcfcf4170385dde094aa0b2bc6c267fb XFree86-base-fonts-4.3.0-69.EL.i386.rpm f9022a68f1739e15b33097e54c9572fe XFree86-cyrillic-fonts-4.3.0-69.EL.i386.rpm 0af1c28d7c90fa4bf32d81c2ed798642 XFree86-devel-4.3.0-69.EL.i386.rpm 9fa3ceb34da5d30e8a85e49055f64b36 XFree86-doc-4.3.0-69.EL.i386.rpm 105e59776fecb6da69780c42be3b2e32 XFree86-font-utils-4.3.0-69.EL.i386.rpm cca3d86b6e22dbd55a15fbd7be5341ab XFree86-libs-4.3.0-69.EL.i386.rpm ef4beef49d884104910d2c6d3ac3f942 XFree86-libs-data-4.3.0-69.EL.i386.rpm 1485c93b8cfdeeb933f252e51963e316 XFree86-sdk-4.3.0-69.EL.i386.rpm 0589870998b2e9a50512ede1586be8a4 XFree86-syriac-fonts-4.3.0-69.EL.i386.rpm bc4a53ff89f59eec90be757d8ddd5c16 XFree86-tools-4.3.0-69.EL.i386.rpm 552d11352a1a75fe912cd3bda95cfe93 XFree86-truetype-fonts-4.3.0-69.EL.i386.rpm 6f8edda517ac7773341679245e43febe XFree86-twm-4.3.0-69.EL.i386.rpm 55e5973e477495b30656f9e0d3a437af XFree86-xauth-4.3.0-69.EL.i386.rpm fd0bedd6e6c1435d8970616e548bb7c3 XFree86-xdm-4.3.0-69.EL.i386.rpm aa14edae182611d0f9ea32c3c35de5d2 XFree86-xfs-4.3.0-69.EL.i386.rpm ia64: 3f7a28df7837c412ce15bd5aee3d5780 XFree86-100dpi-fonts-4.3.0-69.EL.ia64.rpm a46398d4ea46a3a51a09c722097094e8 XFree86-4.3.0-69.EL.ia64.rpm 5af51c8d2934de0cee8614a75f9137fd XFree86-75dpi-fonts-4.3.0-69.EL.ia64.rpm 8bf1fbc8044ff6a3a3d8f7a44f07c26d XFree86-ISO8859-14-100dpi-fonts-4.3.0-69.EL.ia64.rpm 115f7ca729dfe3ad0fd3b95162552d51 XFree86-ISO8859-14-75dpi-fonts-4.3.0-69.EL.ia64.rpm ef60a5cbcf207f4c6133dabe9e9bac3c XFree86-ISO8859-15-100dpi-fonts-4.3.0-69.EL.ia64.rpm 25bd0837ce60ea963c56ea6ae1988101 XFree86-ISO8859-15-75dpi-fonts-4.3.0-69.EL.ia64.rpm d34787fc341464318921b0c0d0b7821f XFree86-ISO8859-2-100dpi-fonts-4.3.0-69.EL.ia64.rpm c9ca027cfd0b6b1fdb8d571862060481 XFree86-ISO8859-2-75dpi-fonts-4.3.0-69.EL.ia64.rpm 9b46561780e6dead8e2d4b04575266fe XFree86-ISO8859-9-100dpi-fonts-4.3.0-69.EL.ia64.rpm a3f64e58320e2c648c3d611d4243f802 XFree86-ISO8859-9-75dpi-fonts-4.3.0-69.EL.ia64.rpm 7e0caa7bd5773e8d2ceeb049d7e73fd0 XFree86-Mesa-libGL-4.3.0-69.EL.ia64.rpm bde0fa89929b6545d13527e525988c7c XFree86-Mesa-libGL-4.3.0-69.EL.i386.rpm 639fe951a4cdc935b491cad6bdb7c682 XFree86-Mesa-libGLU-4.3.0-69.EL.ia64.rpm 8b1b7263d4339aa471badeb9d9aac564 XFree86-Mesa-libGLU-4.3.0-69.EL.i386.rpm 23089ee93942a4f6e3fe677b7dfdbabc XFree86-Xnest-4.3.0-69.EL.ia64.rpm c68af1fd217159ee1cf9d57f7759052c XFree86-Xvfb-4.3.0-69.EL.ia64.rpm d324f353ceae92a0703563aabd16b404 XFree86-base-fonts-4.3.0-69.EL.ia64.rpm c00031bca5d44c4b2e663d9fe1ddcbf4 XFree86-cyrillic-fonts-4.3.0-69.EL.ia64.rpm f3a268ef0ca33a3d9979a26af8469cf3 XFree86-devel-4.3.0-69.EL.ia64.rpm d55c45682bac928b4b1182c27877ab20 XFree86-doc-4.3.0-69.EL.ia64.rpm 8f5ba936864b3ebee74dae5a1df5ca87 XFree86-font-utils-4.3.0-69.EL.ia64.rpm 72c4ef86ad6a3a15ee41ebd853392e2c XFree86-libs-4.3.0-69.EL.ia64.rpm cca3d86b6e22dbd55a15fbd7be5341ab XFree86-libs-4.3.0-69.EL.i386.rpm 857a080cfc55c86d327c4df8a385f0ba XFree86-libs-data-4.3.0-69.EL.ia64.rpm 0755b8203921fbc2ee56a45f8717385e XFree86-sdk-4.3.0-69.EL.ia64.rpm 6173b56b78709df1845ea746e2a66e31 XFree86-syriac-fonts-4.3.0-69.EL.ia64.rpm c6eee77c124bf6ead901133df186bb0e XFree86-tools-4.3.0-69.EL.ia64.rpm 8b7ab155e1012db0f1c89834046d4d32 XFree86-truetype-fonts-4.3.0-69.EL.ia64.rpm 412f5bc8832fd7ffdb0b833970a0d5df XFree86-twm-4.3.0-69.EL.ia64.rpm b114790a6ae962c7840228d11bd81398 XFree86-xauth-4.3.0-69.EL.ia64.rpm 82d9270fef03050dc997a40e60e93009 XFree86-xdm-4.3.0-69.EL.ia64.rpm bf4fbdf9a58a29b9d9f314bec9e26b1e XFree86-xfs-4.3.0-69.EL.ia64.rpm x86_64: affb0ea54ae312e2d73c6ed7e8ec3341 XFree86-100dpi-fonts-4.3.0-69.EL.x86_64.rpm 1aeb7da083614ad23336df015c6f7fca XFree86-4.3.0-69.EL.x86_64.rpm 4c95f3f935952c970450c6ed2a89880f XFree86-75dpi-fonts-4.3.0-69.EL.x86_64.rpm bc76e2df201850c23f47fcc1e08b0e69 XFree86-ISO8859-14-100dpi-fonts-4.3.0-69.EL.x86_64.rpm b35b52644bb806a17ac8e3560528d1c8 XFree86-ISO8859-14-75dpi-fonts-4.3.0-69.EL.x86_64.rpm ee40fd11c538d6f3b76dc8cc83097f61 XFree86-ISO8859-15-100dpi-fonts-4.3.0-69.EL.x86_64.rpm cd384a95e55f59020ec87c233bcb4231 XFree86-ISO8859-15-75dpi-fonts-4.3.0-69.EL.x86_64.rpm 01b02d01c28b5fadeb0af1fa93120ad2 XFree86-ISO8859-2-100dpi-fonts-4.3.0-69.EL.x86_64.rpm d9ca6d785b1fdf6c470098fe4cc86882 XFree86-ISO8859-2-75dpi-fonts-4.3.0-69.EL.x86_64.rpm 0be43a9476ed1e8672919e885156ae6e XFree86-ISO8859-9-100dpi-fonts-4.3.0-69.EL.x86_64.rpm 6e95b87b936bb529702184466ee1df89 XFree86-ISO8859-9-75dpi-fonts-4.3.0-69.EL.x86_64.rpm bf7a4617d7f0f078ec2f8fedcedda226 XFree86-Mesa-libGL-4.3.0-69.EL.x86_64.rpm bde0fa89929b6545d13527e525988c7c XFree86-Mesa-libGL-4.3.0-69.EL.i386.rpm 8a75070eed9f052103847cd5bf8eee08 XFree86-Mesa-libGLU-4.3.0-69.EL.x86_64.rpm 8b1b7263d4339aa471badeb9d9aac564 XFree86-Mesa-libGLU-4.3.0-69.EL.i386.rpm 7392dda0a248c870da98bc1aae1d8e0a XFree86-Xnest-4.3.0-69.EL.x86_64.rpm 384db1566cd533069dc06a4da76b146d XFree86-Xvfb-4.3.0-69.EL.x86_64.rpm df42bf8108aab6c95d16b9d9a8e8c230 XFree86-base-fonts-4.3.0-69.EL.x86_64.rpm 1b74f0bccee1029c1a2d1c560ed459c7 XFree86-cyrillic-fonts-4.3.0-69.EL.x86_64.rpm 4f56547cc3545eb9dc5702dd3a99f76c XFree86-devel-4.3.0-69.EL.x86_64.rpm 0af1c28d7c90fa4bf32d81c2ed798642 XFree86-devel-4.3.0-69.EL.i386.rpm 24097283df147463836984b124821a7e XFree86-doc-4.3.0-69.EL.x86_64.rpm 135717dc93a3af097aeeae628dfadb6a XFree86-font-utils-4.3.0-69.EL.x86_64.rpm 8e5d3cc25bf7fb2f209a33b930ffdca5 XFree86-libs-4.3.0-69.EL.x86_64.rpm cca3d86b6e22dbd55a15fbd7be5341ab XFree86-libs-4.3.0-69.EL.i386.rpm c84696c6a7715e487be461b0bc1e4ed8 XFree86-libs-data-4.3.0-69.EL.x86_64.rpm f0a3e3bf468b9ca1ce75735927d46a2e XFree86-sdk-4.3.0-69.EL.x86_64.rpm 4a48c8c2e97c2367befb11d4c144c42e XFree86-syriac-fonts-4.3.0-69.EL.x86_64.rpm be8fc8eca081e0a21f23dc95fe054336 XFree86-tools-4.3.0-69.EL.x86_64.rpm d5d3da1543bc5a9cb9922173a930b4f5 XFree86-truetype-fonts-4.3.0-69.EL.x86_64.rpm e3e2f3c6fc1d119022b4cc7c63b664ce XFree86-twm-4.3.0-69.EL.x86_64.rpm 885dc9386c9f2de099c75665e36dbff9 XFree86-xauth-4.3.0-69.EL.x86_64.rpm 13ebcf4076ad1664e1cc758deaa9a77d XFree86-xdm-4.3.0-69.EL.x86_64.rpm 88e288f8153528feeeedfadc5b9aa2a1 XFree86-xfs-4.3.0-69.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBYXNuXlSAg2UNWIIRAqTQAJ43yv8wV0udHlY5LkpiYHXP8PVaugCfQ70W sjoLuf1Zo4S4j5VkZC+oc78= =pjL2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Oct 4 16:00:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 4 Oct 2004 12:00 -0400 Subject: [RHSA-2004:498-01] Updated samba packages fix security issue Message-ID: <200410041600.i94G0Aa24329@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated samba packages fix security issue Advisory ID: RHSA-2004:498-01 Issue date: 2004-10-04 Updated on: 2004-10-04 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-0815 - --------------------------------------------------------------------- 1. Summary: Updated samba packages that fix an input validation vulnerability are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: Samba provides file and printer sharing services to SMB/CIFS clients. Karol Wiesek discovered an input validation issue in Samba prior to 3.0.6. An authenticated user could send a carefully crafted request to the Samba server, which would allow access to files outside of the configured file share. Note: Such files would have to be readable by the account used for the connection. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0815 to this issue. This issue does not affect Red Hat Enterprise Linux 3 as a previous erratum updated to Samba 3.0.6 which is not vulnerable to this issue. Users of Samba should upgrade to these updated packages, which contain an upgrade to Samba-2.2.12, which is not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/samba-2.2.12-1.21as.src.rpm 5638ca35fd98e056325625939d88bdec samba-2.2.12-1.21as.src.rpm i386: f909c3d1b407bdae8bae7f4dc32560b5 samba-2.2.12-1.21as.i386.rpm 544dcf709f2358a47638cff19ffb5e1c samba-client-2.2.12-1.21as.i386.rpm ce64c5805665d42152171c5fcd3fdaed samba-common-2.2.12-1.21as.i386.rpm 94c046ff0b138401cdc6bf8dc815be99 samba-swat-2.2.12-1.21as.i386.rpm ia64: 16f29cec56990a46fdd3daa003331a06 samba-2.2.12-1.21as.ia64.rpm d105265899a4f71fc59aec11271d4383 samba-client-2.2.12-1.21as.ia64.rpm 4a95769d191cafae3de5e15f49a8a282 samba-common-2.2.12-1.21as.ia64.rpm fa9e8fd73015a9e8b7e0c998774681c9 samba-swat-2.2.12-1.21as.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/samba-2.2.12-1.21as.src.rpm 5638ca35fd98e056325625939d88bdec samba-2.2.12-1.21as.src.rpm ia64: 16f29cec56990a46fdd3daa003331a06 samba-2.2.12-1.21as.ia64.rpm d105265899a4f71fc59aec11271d4383 samba-client-2.2.12-1.21as.ia64.rpm 4a95769d191cafae3de5e15f49a8a282 samba-common-2.2.12-1.21as.ia64.rpm fa9e8fd73015a9e8b7e0c998774681c9 samba-swat-2.2.12-1.21as.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/samba-2.2.12-1.21as.src.rpm 5638ca35fd98e056325625939d88bdec samba-2.2.12-1.21as.src.rpm i386: f909c3d1b407bdae8bae7f4dc32560b5 samba-2.2.12-1.21as.i386.rpm 544dcf709f2358a47638cff19ffb5e1c samba-client-2.2.12-1.21as.i386.rpm ce64c5805665d42152171c5fcd3fdaed samba-common-2.2.12-1.21as.i386.rpm 94c046ff0b138401cdc6bf8dc815be99 samba-swat-2.2.12-1.21as.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/samba-2.2.12-1.21as.src.rpm 5638ca35fd98e056325625939d88bdec samba-2.2.12-1.21as.src.rpm i386: f909c3d1b407bdae8bae7f4dc32560b5 samba-2.2.12-1.21as.i386.rpm 544dcf709f2358a47638cff19ffb5e1c samba-client-2.2.12-1.21as.i386.rpm ce64c5805665d42152171c5fcd3fdaed samba-common-2.2.12-1.21as.i386.rpm 94c046ff0b138401cdc6bf8dc815be99 samba-swat-2.2.12-1.21as.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 6. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0815 7. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBYXOJXlSAg2UNWIIRAtVJAJ9TGODxwABdelvqZmPe1EGwxkFSHQCfbgz/ 3Lzj7nnAqXAuOc55LQ870t8= =13KM -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 6 13:30:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Oct 2004 09:30 -0400 Subject: [RHSA-2004:479-01] Updated XFree86 packages fix security issues and bugs Message-ID: <200410061330.i96DUva01419@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated XFree86 packages fix security issues and bugs Advisory ID: RHSA-2004:479-01 Issue date: 2004-10-06 Updated on: 2004-10-06 Product: Red Hat Enterprise Linux Keywords: ATI Radeon 7000m Obsoletes: RHBA-2004:155 CVE Names: CAN-2004-0687 CAN-2004-0688 CAN-2004-0692 - --------------------------------------------------------------------- 1. Summary: Updated XFree86 packages that fix several security issues in libXpm, as well as other bug fixes, are now available for Red Hat Enterprise Linux 2.1. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. During a source code audit, Chris Evans discovered several stack overflow flaws and an integer overflow flaw in the X.Org libXpm library used to decode XPM (X PixMap) images. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0687, CAN-2004-0688, and CAN-2004-0692 to these issues. These packages also contain a bug fix to lower the RGB output voltage on Dell servers using the ATI Radeon 7000m card. Users are advised to upgrade to these erratum packages which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 129797 - Radeon driver (7000m) TVDAC output too high for DELL Server 131121 - CAN-2004-0687/8 libXpm stack and integer overflows. 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/XFree86-4.1.0-62.EL.src.rpm 03ca53981bde89caf4ff3804128eea00 XFree86-4.1.0-62.EL.src.rpm i386: ac50d13c0122ca08c3beb46c4b1aca93 XFree86-100dpi-fonts-4.1.0-62.EL.i386.rpm c87c6c1d96badd9a2c68ec157a8cc7e1 XFree86-4.1.0-62.EL.i386.rpm 0c889bf913ef6d9c0d1a7d1f7fa9973f XFree86-75dpi-fonts-4.1.0-62.EL.i386.rpm 597b840878ef479b390b423b270f064b XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.i386.rpm d093383d556c84febeafa750fb5a40e6 XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.i386.rpm 02243d07f708fe54a6646fe6e06e94f8 XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.i386.rpm 271622a7f059bc81a291967e396789bc XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.i386.rpm 5e44ee29269a7fbdbccc0bcdca17ec59 XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.i386.rpm 7fbb1e77517ba04d03245e80df7a7ff2 XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.i386.rpm 66ca6d9d9ddda4bea9bd03f0a6ff4bbb XFree86-Xnest-4.1.0-62.EL.i386.rpm 8bb3c8d0e5c003cda283810e60722f93 XFree86-Xvfb-4.1.0-62.EL.i386.rpm 9fa6512e970a363e8f99b51bd9db615a XFree86-cyrillic-fonts-4.1.0-62.EL.i386.rpm 7170d3ae6df25f6722acebe5c112c2e6 XFree86-devel-4.1.0-62.EL.i386.rpm 649699ca8abc13b81be783acf760a7a6 XFree86-doc-4.1.0-62.EL.i386.rpm b42552b25408e7c71b13158fc4384f68 XFree86-libs-4.1.0-62.EL.i386.rpm 0d995305ec63d934965a61f8e2ec6a50 XFree86-tools-4.1.0-62.EL.i386.rpm 0196887df4b36ee12961f04351ab7d24 XFree86-twm-4.1.0-62.EL.i386.rpm d1b19195d9809ab7353ff0b096a820dd XFree86-xdm-4.1.0-62.EL.i386.rpm e25e4bfbbda07a642398849d87a85e04 XFree86-xf86cfg-4.1.0-62.EL.i386.rpm 2c9b4edac0d92ff778eace853de3b3a0 XFree86-xfs-4.1.0-62.EL.i386.rpm ia64: aea7045f5c8d04eb38d0b97041d55c66 XFree86-100dpi-fonts-4.1.0-62.EL.ia64.rpm 47a41e5c8cba5a8079b4465092cac04e XFree86-4.1.0-62.EL.ia64.rpm 1b14fddae22bc81fdfbcdc9d2bdfb555 XFree86-75dpi-fonts-4.1.0-62.EL.ia64.rpm a1f5386949b35900754ec1ee5e1cea03 XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.ia64.rpm 63d46f97a1c299e78e1533be26d8928e XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.ia64.rpm 04bc6f8f8a9d37d4196415480b658b91 XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.ia64.rpm 9d2812f74cb1338d797ea0479054c561 XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.ia64.rpm 919e7a7ec805ab270c054b49903a14b9 XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.ia64.rpm e5859b013ab1261e07a9bdba001ce74f XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.ia64.rpm 935eaac390eb39688640bb0786e07b86 XFree86-Xnest-4.1.0-62.EL.ia64.rpm 3d9f3eee7b87d021a92983872e360239 XFree86-Xvfb-4.1.0-62.EL.ia64.rpm f93e1c20d097f2d0b924f33a56b6d2b6 XFree86-cyrillic-fonts-4.1.0-62.EL.ia64.rpm 1b487e8a99a56bb05535ec9946442615 XFree86-devel-4.1.0-62.EL.ia64.rpm 61e302813770eb4c37d7b587180088fd XFree86-doc-4.1.0-62.EL.ia64.rpm 1f745348f8367cfbeb842c30fdb6b3f6 XFree86-libs-4.1.0-62.EL.ia64.rpm c879bae86bf53a287925d7b3cfd37090 XFree86-tools-4.1.0-62.EL.ia64.rpm 80697a8acd47fefeff093d234660d350 XFree86-twm-4.1.0-62.EL.ia64.rpm 7e3c7f981d80e3af491dd906bcb682cd XFree86-xdm-4.1.0-62.EL.ia64.rpm 4ce5284ba83525462fb37e6b103b2530 XFree86-xfs-4.1.0-62.EL.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/XFree86-4.1.0-62.EL.src.rpm 03ca53981bde89caf4ff3804128eea00 XFree86-4.1.0-62.EL.src.rpm ia64: aea7045f5c8d04eb38d0b97041d55c66 XFree86-100dpi-fonts-4.1.0-62.EL.ia64.rpm 47a41e5c8cba5a8079b4465092cac04e XFree86-4.1.0-62.EL.ia64.rpm 1b14fddae22bc81fdfbcdc9d2bdfb555 XFree86-75dpi-fonts-4.1.0-62.EL.ia64.rpm a1f5386949b35900754ec1ee5e1cea03 XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.ia64.rpm 63d46f97a1c299e78e1533be26d8928e XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.ia64.rpm 04bc6f8f8a9d37d4196415480b658b91 XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.ia64.rpm 9d2812f74cb1338d797ea0479054c561 XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.ia64.rpm 919e7a7ec805ab270c054b49903a14b9 XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.ia64.rpm e5859b013ab1261e07a9bdba001ce74f XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.ia64.rpm 935eaac390eb39688640bb0786e07b86 XFree86-Xnest-4.1.0-62.EL.ia64.rpm 3d9f3eee7b87d021a92983872e360239 XFree86-Xvfb-4.1.0-62.EL.ia64.rpm f93e1c20d097f2d0b924f33a56b6d2b6 XFree86-cyrillic-fonts-4.1.0-62.EL.ia64.rpm 1b487e8a99a56bb05535ec9946442615 XFree86-devel-4.1.0-62.EL.ia64.rpm 61e302813770eb4c37d7b587180088fd XFree86-doc-4.1.0-62.EL.ia64.rpm 1f745348f8367cfbeb842c30fdb6b3f6 XFree86-libs-4.1.0-62.EL.ia64.rpm c879bae86bf53a287925d7b3cfd37090 XFree86-tools-4.1.0-62.EL.ia64.rpm 80697a8acd47fefeff093d234660d350 XFree86-twm-4.1.0-62.EL.ia64.rpm 7e3c7f981d80e3af491dd906bcb682cd XFree86-xdm-4.1.0-62.EL.ia64.rpm 4ce5284ba83525462fb37e6b103b2530 XFree86-xfs-4.1.0-62.EL.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/XFree86-4.1.0-62.EL.src.rpm 03ca53981bde89caf4ff3804128eea00 XFree86-4.1.0-62.EL.src.rpm i386: ac50d13c0122ca08c3beb46c4b1aca93 XFree86-100dpi-fonts-4.1.0-62.EL.i386.rpm c87c6c1d96badd9a2c68ec157a8cc7e1 XFree86-4.1.0-62.EL.i386.rpm 0c889bf913ef6d9c0d1a7d1f7fa9973f XFree86-75dpi-fonts-4.1.0-62.EL.i386.rpm 597b840878ef479b390b423b270f064b XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.i386.rpm d093383d556c84febeafa750fb5a40e6 XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.i386.rpm 02243d07f708fe54a6646fe6e06e94f8 XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.i386.rpm 271622a7f059bc81a291967e396789bc XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.i386.rpm 5e44ee29269a7fbdbccc0bcdca17ec59 XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.i386.rpm 7fbb1e77517ba04d03245e80df7a7ff2 XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.i386.rpm 66ca6d9d9ddda4bea9bd03f0a6ff4bbb XFree86-Xnest-4.1.0-62.EL.i386.rpm 8bb3c8d0e5c003cda283810e60722f93 XFree86-Xvfb-4.1.0-62.EL.i386.rpm 9fa6512e970a363e8f99b51bd9db615a XFree86-cyrillic-fonts-4.1.0-62.EL.i386.rpm 7170d3ae6df25f6722acebe5c112c2e6 XFree86-devel-4.1.0-62.EL.i386.rpm 649699ca8abc13b81be783acf760a7a6 XFree86-doc-4.1.0-62.EL.i386.rpm b42552b25408e7c71b13158fc4384f68 XFree86-libs-4.1.0-62.EL.i386.rpm 0d995305ec63d934965a61f8e2ec6a50 XFree86-tools-4.1.0-62.EL.i386.rpm 0196887df4b36ee12961f04351ab7d24 XFree86-twm-4.1.0-62.EL.i386.rpm d1b19195d9809ab7353ff0b096a820dd XFree86-xdm-4.1.0-62.EL.i386.rpm e25e4bfbbda07a642398849d87a85e04 XFree86-xf86cfg-4.1.0-62.EL.i386.rpm 2c9b4edac0d92ff778eace853de3b3a0 XFree86-xfs-4.1.0-62.EL.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/XFree86-4.1.0-62.EL.src.rpm 03ca53981bde89caf4ff3804128eea00 XFree86-4.1.0-62.EL.src.rpm i386: ac50d13c0122ca08c3beb46c4b1aca93 XFree86-100dpi-fonts-4.1.0-62.EL.i386.rpm c87c6c1d96badd9a2c68ec157a8cc7e1 XFree86-4.1.0-62.EL.i386.rpm 0c889bf913ef6d9c0d1a7d1f7fa9973f XFree86-75dpi-fonts-4.1.0-62.EL.i386.rpm 597b840878ef479b390b423b270f064b XFree86-ISO8859-15-100dpi-fonts-4.1.0-62.EL.i386.rpm d093383d556c84febeafa750fb5a40e6 XFree86-ISO8859-15-75dpi-fonts-4.1.0-62.EL.i386.rpm 02243d07f708fe54a6646fe6e06e94f8 XFree86-ISO8859-2-100dpi-fonts-4.1.0-62.EL.i386.rpm 271622a7f059bc81a291967e396789bc XFree86-ISO8859-2-75dpi-fonts-4.1.0-62.EL.i386.rpm 5e44ee29269a7fbdbccc0bcdca17ec59 XFree86-ISO8859-9-100dpi-fonts-4.1.0-62.EL.i386.rpm 7fbb1e77517ba04d03245e80df7a7ff2 XFree86-ISO8859-9-75dpi-fonts-4.1.0-62.EL.i386.rpm 66ca6d9d9ddda4bea9bd03f0a6ff4bbb XFree86-Xnest-4.1.0-62.EL.i386.rpm 8bb3c8d0e5c003cda283810e60722f93 XFree86-Xvfb-4.1.0-62.EL.i386.rpm 9fa6512e970a363e8f99b51bd9db615a XFree86-cyrillic-fonts-4.1.0-62.EL.i386.rpm 7170d3ae6df25f6722acebe5c112c2e6 XFree86-devel-4.1.0-62.EL.i386.rpm 649699ca8abc13b81be783acf760a7a6 XFree86-doc-4.1.0-62.EL.i386.rpm b42552b25408e7c71b13158fc4384f68 XFree86-libs-4.1.0-62.EL.i386.rpm 0d995305ec63d934965a61f8e2ec6a50 XFree86-tools-4.1.0-62.EL.i386.rpm 0196887df4b36ee12961f04351ab7d24 XFree86-twm-4.1.0-62.EL.i386.rpm d1b19195d9809ab7353ff0b096a820dd XFree86-xdm-4.1.0-62.EL.i386.rpm e25e4bfbbda07a642398849d87a85e04 XFree86-xf86cfg-4.1.0-62.EL.i386.rpm 2c9b4edac0d92ff778eace853de3b3a0 XFree86-xfs-4.1.0-62.EL.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0688 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBY/OMXlSAg2UNWIIRAvVvAJ4lpj4RLItNMhk/Ed/hBVA9mcY5IQCfVrS/ CORw6/mJoUev5wTxAk2m4WY= =gfIP -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 7 15:00:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Oct 2004 11:00 -0400 Subject: [RHSA-2004:546-01] Updated cyrus-sasl packages fix security flaw Message-ID: <200410071500.i97F0Ca08841@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated cyrus-sasl packages fix security flaw Advisory ID: RHSA-2004:546-01 Issue date: 2004-10-07 Updated on: 2004-10-07 Product: Red Hat Enterprise Linux Keywords: environment CVE Names: CAN-2004-0884 - --------------------------------------------------------------------- 1. Summary: Updated cyrus-sasl packages that fix a setuid and setgid application vulnerability are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. At application startup, libsasl and libsasl2 attempts to build a list of all available SASL plug-ins which are available on the system. To do so, the libraries search for and attempt to load every shared library found within the plug-in directory. This location can be set with the SASL_PATH environment variable. In situations where an untrusted local user can affect the environment of a privileged process, this behavior could be exploited to run arbitrary code with the privileges of a setuid or setgid application. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0884 to this issue. Users of cyrus-sasl should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/cyrus-sasl-1.5.24-26.src.rpm adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm i386: 0ecb1995b05aebf41e8c609b367e902f cyrus-sasl-1.5.24-26.i386.rpm 846a21bc2e1a84f37f9f43f973ebda44 cyrus-sasl-devel-1.5.24-26.i386.rpm 9d29af70b1dd3a98f8eba31fa796d338 cyrus-sasl-gssapi-1.5.24-26.i386.rpm ddaf1332b6bdad447e1550fccab267eb cyrus-sasl-md5-1.5.24-26.i386.rpm 67c7f02257346ccbc236a02bbac49925 cyrus-sasl-plain-1.5.24-26.i386.rpm ia64: 97497be93ad3074862be30b3eaf9fe46 cyrus-sasl-1.5.24-26.ia64.rpm 6c4362bc42c9c41f7eb07b61ee733320 cyrus-sasl-devel-1.5.24-26.ia64.rpm bd3a433063c18f2384bc9249a58d8504 cyrus-sasl-gssapi-1.5.24-26.ia64.rpm 6d34fc4ff8ffda80308d02e82bcefc64 cyrus-sasl-md5-1.5.24-26.ia64.rpm 1eb867b4419336e95ffffec0a88fe01f cyrus-sasl-plain-1.5.24-26.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/cyrus-sasl-1.5.24-26.src.rpm adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm ia64: 97497be93ad3074862be30b3eaf9fe46 cyrus-sasl-1.5.24-26.ia64.rpm 6c4362bc42c9c41f7eb07b61ee733320 cyrus-sasl-devel-1.5.24-26.ia64.rpm bd3a433063c18f2384bc9249a58d8504 cyrus-sasl-gssapi-1.5.24-26.ia64.rpm 6d34fc4ff8ffda80308d02e82bcefc64 cyrus-sasl-md5-1.5.24-26.ia64.rpm 1eb867b4419336e95ffffec0a88fe01f cyrus-sasl-plain-1.5.24-26.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/cyrus-sasl-1.5.24-26.src.rpm adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm i386: 0ecb1995b05aebf41e8c609b367e902f cyrus-sasl-1.5.24-26.i386.rpm 846a21bc2e1a84f37f9f43f973ebda44 cyrus-sasl-devel-1.5.24-26.i386.rpm 9d29af70b1dd3a98f8eba31fa796d338 cyrus-sasl-gssapi-1.5.24-26.i386.rpm ddaf1332b6bdad447e1550fccab267eb cyrus-sasl-md5-1.5.24-26.i386.rpm 67c7f02257346ccbc236a02bbac49925 cyrus-sasl-plain-1.5.24-26.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/cyrus-sasl-1.5.24-26.src.rpm adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm i386: 0ecb1995b05aebf41e8c609b367e902f cyrus-sasl-1.5.24-26.i386.rpm 846a21bc2e1a84f37f9f43f973ebda44 cyrus-sasl-devel-1.5.24-26.i386.rpm 9d29af70b1dd3a98f8eba31fa796d338 cyrus-sasl-gssapi-1.5.24-26.i386.rpm ddaf1332b6bdad447e1550fccab267eb cyrus-sasl-md5-1.5.24-26.i386.rpm 67c7f02257346ccbc236a02bbac49925 cyrus-sasl-plain-1.5.24-26.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cyrus-sasl-2.1.15-9.src.rpm aaf9ffaec315e592644d6daae68aae82 cyrus-sasl-2.1.15-9.src.rpm i386: ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm 6919e5fcd850ee85f783309cb1470aa5 cyrus-sasl-devel-2.1.15-9.i386.rpm e9ad63b5a0afe14540367226f0433f4b cyrus-sasl-gssapi-2.1.15-9.i386.rpm 1f88d0820350da52c6366cb1212b8936 cyrus-sasl-md5-2.1.15-9.i386.rpm 8be156532f450097531cb90774a10385 cyrus-sasl-plain-2.1.15-9.i386.rpm ia64: 6bbbc7ee16697a0cb1009b3730fef0ba cyrus-sasl-2.1.15-9.ia64.rpm ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm d2580374e50340bf14d956974a3fb451 cyrus-sasl-devel-2.1.15-9.ia64.rpm 37fcb197c372282ee31dff7d2d81566c cyrus-sasl-gssapi-2.1.15-9.ia64.rpm 444f44cdba6333e1343e23e6d67e6ce6 cyrus-sasl-md5-2.1.15-9.ia64.rpm 8d4d75121ec2e6987f319381ac601716 cyrus-sasl-plain-2.1.15-9.ia64.rpm ppc: 0dc0857831f3e90217f8f3fd27da70eb cyrus-sasl-2.1.15-9.ppc.rpm 383e13e965189970e5a5f826c6c03af2 cyrus-sasl-devel-2.1.15-9.ppc.rpm 04c195d25dd2d29e808c61f32361428c cyrus-sasl-gssapi-2.1.15-9.ppc.rpm 782939ca66fdae0de95696cd4e903d40 cyrus-sasl-md5-2.1.15-9.ppc.rpm c9549f71008205a824ed0426c3b873cb cyrus-sasl-plain-2.1.15-9.ppc.rpm ppc64: 053c8601822ab5206cdc7db1e35e0ea0 cyrus-sasl-2.1.15-9.ppc64.rpm s390: adcb50ec0fb14951af6bfe006bc7a295 cyrus-sasl-2.1.15-9.s390.rpm 8dab6edb113343ea0b5550ff7635cded cyrus-sasl-devel-2.1.15-9.s390.rpm a6c9955bb6df5a16a1012ded6df2eb27 cyrus-sasl-gssapi-2.1.15-9.s390.rpm 9873745733c8ad088251b09bec06a376 cyrus-sasl-md5-2.1.15-9.s390.rpm 07d56edf20dd4d7cf705c8e246329466 cyrus-sasl-plain-2.1.15-9.s390.rpm s390x: 111e650ab71231c95143847f60a7237b cyrus-sasl-2.1.15-9.s390x.rpm adcb50ec0fb14951af6bfe006bc7a295 cyrus-sasl-2.1.15-9.s390.rpm 2b0b6453e0738875aaef6a8958ced9fc cyrus-sasl-devel-2.1.15-9.s390x.rpm 72a6318fe8f7a7af727698d98ffc3b0e cyrus-sasl-gssapi-2.1.15-9.s390x.rpm a45b9c7802f581e14f17d0daa04e8340 cyrus-sasl-md5-2.1.15-9.s390x.rpm 5ee2ddc76df85de40f8fb7d9a42fe81c cyrus-sasl-plain-2.1.15-9.s390x.rpm x86_64: 7008444c7feb4516e29f4af965be2d3c cyrus-sasl-2.1.15-9.x86_64.rpm ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm f063da2d593dfca9bbffed47e74992a6 cyrus-sasl-devel-2.1.15-9.x86_64.rpm bced324f78f7d7453d3756e7d23a461b cyrus-sasl-gssapi-2.1.15-9.x86_64.rpm 1261e9ccb900f36592ddfa09c64ba354 cyrus-sasl-md5-2.1.15-9.x86_64.rpm 4ea63d22a136b332f5c405a5c43e1f96 cyrus-sasl-plain-2.1.15-9.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cyrus-sasl-2.1.15-9.src.rpm aaf9ffaec315e592644d6daae68aae82 cyrus-sasl-2.1.15-9.src.rpm i386: ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm 6919e5fcd850ee85f783309cb1470aa5 cyrus-sasl-devel-2.1.15-9.i386.rpm e9ad63b5a0afe14540367226f0433f4b cyrus-sasl-gssapi-2.1.15-9.i386.rpm 1f88d0820350da52c6366cb1212b8936 cyrus-sasl-md5-2.1.15-9.i386.rpm 8be156532f450097531cb90774a10385 cyrus-sasl-plain-2.1.15-9.i386.rpm x86_64: 7008444c7feb4516e29f4af965be2d3c cyrus-sasl-2.1.15-9.x86_64.rpm ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm f063da2d593dfca9bbffed47e74992a6 cyrus-sasl-devel-2.1.15-9.x86_64.rpm bced324f78f7d7453d3756e7d23a461b cyrus-sasl-gssapi-2.1.15-9.x86_64.rpm 1261e9ccb900f36592ddfa09c64ba354 cyrus-sasl-md5-2.1.15-9.x86_64.rpm 4ea63d22a136b332f5c405a5c43e1f96 cyrus-sasl-plain-2.1.15-9.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cyrus-sasl-2.1.15-9.src.rpm aaf9ffaec315e592644d6daae68aae82 cyrus-sasl-2.1.15-9.src.rpm i386: ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm 6919e5fcd850ee85f783309cb1470aa5 cyrus-sasl-devel-2.1.15-9.i386.rpm e9ad63b5a0afe14540367226f0433f4b cyrus-sasl-gssapi-2.1.15-9.i386.rpm 1f88d0820350da52c6366cb1212b8936 cyrus-sasl-md5-2.1.15-9.i386.rpm 8be156532f450097531cb90774a10385 cyrus-sasl-plain-2.1.15-9.i386.rpm ia64: 6bbbc7ee16697a0cb1009b3730fef0ba cyrus-sasl-2.1.15-9.ia64.rpm ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm d2580374e50340bf14d956974a3fb451 cyrus-sasl-devel-2.1.15-9.ia64.rpm 37fcb197c372282ee31dff7d2d81566c cyrus-sasl-gssapi-2.1.15-9.ia64.rpm 444f44cdba6333e1343e23e6d67e6ce6 cyrus-sasl-md5-2.1.15-9.ia64.rpm 8d4d75121ec2e6987f319381ac601716 cyrus-sasl-plain-2.1.15-9.ia64.rpm x86_64: 7008444c7feb4516e29f4af965be2d3c cyrus-sasl-2.1.15-9.x86_64.rpm ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm f063da2d593dfca9bbffed47e74992a6 cyrus-sasl-devel-2.1.15-9.x86_64.rpm bced324f78f7d7453d3756e7d23a461b cyrus-sasl-gssapi-2.1.15-9.x86_64.rpm 1261e9ccb900f36592ddfa09c64ba354 cyrus-sasl-md5-2.1.15-9.x86_64.rpm 4ea63d22a136b332f5c405a5c43e1f96 cyrus-sasl-plain-2.1.15-9.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cyrus-sasl-2.1.15-9.src.rpm aaf9ffaec315e592644d6daae68aae82 cyrus-sasl-2.1.15-9.src.rpm i386: ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm 6919e5fcd850ee85f783309cb1470aa5 cyrus-sasl-devel-2.1.15-9.i386.rpm e9ad63b5a0afe14540367226f0433f4b cyrus-sasl-gssapi-2.1.15-9.i386.rpm 1f88d0820350da52c6366cb1212b8936 cyrus-sasl-md5-2.1.15-9.i386.rpm 8be156532f450097531cb90774a10385 cyrus-sasl-plain-2.1.15-9.i386.rpm ia64: 6bbbc7ee16697a0cb1009b3730fef0ba cyrus-sasl-2.1.15-9.ia64.rpm ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm d2580374e50340bf14d956974a3fb451 cyrus-sasl-devel-2.1.15-9.ia64.rpm 37fcb197c372282ee31dff7d2d81566c cyrus-sasl-gssapi-2.1.15-9.ia64.rpm 444f44cdba6333e1343e23e6d67e6ce6 cyrus-sasl-md5-2.1.15-9.ia64.rpm 8d4d75121ec2e6987f319381ac601716 cyrus-sasl-plain-2.1.15-9.ia64.rpm x86_64: 7008444c7feb4516e29f4af965be2d3c cyrus-sasl-2.1.15-9.x86_64.rpm ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm f063da2d593dfca9bbffed47e74992a6 cyrus-sasl-devel-2.1.15-9.x86_64.rpm bced324f78f7d7453d3756e7d23a461b cyrus-sasl-gssapi-2.1.15-9.x86_64.rpm 1261e9ccb900f36592ddfa09c64ba354 cyrus-sasl-md5-2.1.15-9.x86_64.rpm 4ea63d22a136b332f5c405a5c43e1f96 cyrus-sasl-plain-2.1.15-9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 6. References: https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/common.c.diff?r1=1.103&r2=1.104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0884 7. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBZVnwXlSAg2UNWIIRAiFIAKC5LyaTd3UtgsnkMBvHNIJ/wOkhsgCgkGLu xEtqqBoy1yXnrT7xiUkQnuk= =k9ul -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Oct 7 22:11:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 7 Oct 2004 18:11 -0400 Subject: [RHSA-2004:546-02] Updated cyrus-sasl packages fix security flaw Message-ID: <200410072211.i97MBVa06710@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated cyrus-sasl packages fix security flaw Advisory ID: RHSA-2004:546-02 Issue date: 2004-10-07 Updated on: 2004-10-07 Product: Red Hat Enterprise Linux Keywords: environment CVE Names: CAN-2004-0884 - --------------------------------------------------------------------- 1. Summary: Updated cyrus-sasl packages that fix a setuid and setgid application vulnerability are now available. [Updated 7th October 2004] Revised cryus-sasl packages have been added for Red Hat Enterprise Linux 3; the patch in the previous packages broke interaction with ldap. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. At application startup, libsasl and libsasl2 attempts to build a list of all available SASL plug-ins which are available on the system. To do so, the libraries search for and attempt to load every shared library found within the plug-in directory. This location can be set with the SASL_PATH environment variable. In situations where an untrusted local user can affect the environment of a privileged process, this behavior could be exploited to run arbitrary code with the privileges of a setuid or setgid application. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0884 to this issue. Users of cyrus-sasl should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 134657 - CAN-2004-0884 privilege escalation 134979 - cyrus-sasl causes crashes with ldap 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/cyrus-sasl-1.5.24-26.src.rpm adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm i386: 0ecb1995b05aebf41e8c609b367e902f cyrus-sasl-1.5.24-26.i386.rpm 846a21bc2e1a84f37f9f43f973ebda44 cyrus-sasl-devel-1.5.24-26.i386.rpm 9d29af70b1dd3a98f8eba31fa796d338 cyrus-sasl-gssapi-1.5.24-26.i386.rpm ddaf1332b6bdad447e1550fccab267eb cyrus-sasl-md5-1.5.24-26.i386.rpm 67c7f02257346ccbc236a02bbac49925 cyrus-sasl-plain-1.5.24-26.i386.rpm ia64: 97497be93ad3074862be30b3eaf9fe46 cyrus-sasl-1.5.24-26.ia64.rpm 6c4362bc42c9c41f7eb07b61ee733320 cyrus-sasl-devel-1.5.24-26.ia64.rpm bd3a433063c18f2384bc9249a58d8504 cyrus-sasl-gssapi-1.5.24-26.ia64.rpm 6d34fc4ff8ffda80308d02e82bcefc64 cyrus-sasl-md5-1.5.24-26.ia64.rpm 1eb867b4419336e95ffffec0a88fe01f cyrus-sasl-plain-1.5.24-26.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/cyrus-sasl-1.5.24-26.src.rpm adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm ia64: 97497be93ad3074862be30b3eaf9fe46 cyrus-sasl-1.5.24-26.ia64.rpm 6c4362bc42c9c41f7eb07b61ee733320 cyrus-sasl-devel-1.5.24-26.ia64.rpm bd3a433063c18f2384bc9249a58d8504 cyrus-sasl-gssapi-1.5.24-26.ia64.rpm 6d34fc4ff8ffda80308d02e82bcefc64 cyrus-sasl-md5-1.5.24-26.ia64.rpm 1eb867b4419336e95ffffec0a88fe01f cyrus-sasl-plain-1.5.24-26.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/cyrus-sasl-1.5.24-26.src.rpm adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm i386: 0ecb1995b05aebf41e8c609b367e902f cyrus-sasl-1.5.24-26.i386.rpm 846a21bc2e1a84f37f9f43f973ebda44 cyrus-sasl-devel-1.5.24-26.i386.rpm 9d29af70b1dd3a98f8eba31fa796d338 cyrus-sasl-gssapi-1.5.24-26.i386.rpm ddaf1332b6bdad447e1550fccab267eb cyrus-sasl-md5-1.5.24-26.i386.rpm 67c7f02257346ccbc236a02bbac49925 cyrus-sasl-plain-1.5.24-26.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/cyrus-sasl-1.5.24-26.src.rpm adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm i386: 0ecb1995b05aebf41e8c609b367e902f cyrus-sasl-1.5.24-26.i386.rpm 846a21bc2e1a84f37f9f43f973ebda44 cyrus-sasl-devel-1.5.24-26.i386.rpm 9d29af70b1dd3a98f8eba31fa796d338 cyrus-sasl-gssapi-1.5.24-26.i386.rpm ddaf1332b6bdad447e1550fccab267eb cyrus-sasl-md5-1.5.24-26.i386.rpm 67c7f02257346ccbc236a02bbac49925 cyrus-sasl-plain-1.5.24-26.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cyrus-sasl-2.1.15-10.src.rpm a9cde51259dec493061ea0e03bf04537 cyrus-sasl-2.1.15-10.src.rpm i386: 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 55541276383fa24ed49fc40be3720263 cyrus-sasl-devel-2.1.15-10.i386.rpm b4cb1b1d9f43c06371a85eac06de92ac cyrus-sasl-gssapi-2.1.15-10.i386.rpm 4c481245bb88965e5501f787f67fb863 cyrus-sasl-md5-2.1.15-10.i386.rpm 3567df72f78bec2755943a2be732dbbb cyrus-sasl-plain-2.1.15-10.i386.rpm ia64: aa10aabc5083f29c91fc21b9b5e34081 cyrus-sasl-2.1.15-10.ia64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 25ff6248dc2c62835be4db608cfcd2b5 cyrus-sasl-devel-2.1.15-10.ia64.rpm e22e44ff1ef945b6f13cab172380e53d cyrus-sasl-gssapi-2.1.15-10.ia64.rpm 90c8505c7c4e6e6657332c604b83a43c cyrus-sasl-md5-2.1.15-10.ia64.rpm baa93f3bfb4dfae22b5a2971e9b83e35 cyrus-sasl-plain-2.1.15-10.ia64.rpm ppc: b2bddd0010bd1340b753617edcb90caa cyrus-sasl-2.1.15-10.ppc.rpm b110c26ced4d8557524e53ccc26ed46d cyrus-sasl-devel-2.1.15-10.ppc.rpm 3bf9b253bbd5e280367b85fa99f99e8c cyrus-sasl-gssapi-2.1.15-10.ppc.rpm 879100afe15b6641808e979edeef445c cyrus-sasl-md5-2.1.15-10.ppc.rpm 8c8efc6cccb8cb3a09313133fbf912d6 cyrus-sasl-plain-2.1.15-10.ppc.rpm ppc64: edbd0ed195134adf55d2619ae86294ef cyrus-sasl-2.1.15-10.ppc64.rpm s390: 51f034feb0c6ff15940fa9ee8825b313 cyrus-sasl-2.1.15-10.s390.rpm 21d68bbf2ec87862ea962bb425803dca cyrus-sasl-devel-2.1.15-10.s390.rpm 01ee5010919fe6810390042efe14fdb8 cyrus-sasl-gssapi-2.1.15-10.s390.rpm b46dec0bfe0cd3d00b73d76e93c99ef0 cyrus-sasl-md5-2.1.15-10.s390.rpm 4d77001213929ab7dc7b0f29f8b864dc cyrus-sasl-plain-2.1.15-10.s390.rpm s390x: 993b18d386a38b63013cf3036907a81d cyrus-sasl-2.1.15-10.s390x.rpm 51f034feb0c6ff15940fa9ee8825b313 cyrus-sasl-2.1.15-10.s390.rpm 8aafa73a49830c989bd0c41733ac4d16 cyrus-sasl-devel-2.1.15-10.s390x.rpm 9a758c6607181142de0754bad0472f6a cyrus-sasl-gssapi-2.1.15-10.s390x.rpm 53d9d697764a09700b9fd09fb0367fc8 cyrus-sasl-md5-2.1.15-10.s390x.rpm 7183d87047ab36d80499dd74d3944927 cyrus-sasl-plain-2.1.15-10.s390x.rpm x86_64: 6719a7d1f5aab57f890983c7b067a77f cyrus-sasl-2.1.15-10.x86_64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm e1ab3ddf06867ebee94eb8d30acc0bea cyrus-sasl-devel-2.1.15-10.x86_64.rpm 2176eb0408120e072a9ea434d970d656 cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm a84b19147e50c5f3690356686d31f1bd cyrus-sasl-md5-2.1.15-10.x86_64.rpm 434fb1bc67c4f98a84a7fc641b71fe3f cyrus-sasl-plain-2.1.15-10.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cyrus-sasl-2.1.15-10.src.rpm a9cde51259dec493061ea0e03bf04537 cyrus-sasl-2.1.15-10.src.rpm i386: 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 55541276383fa24ed49fc40be3720263 cyrus-sasl-devel-2.1.15-10.i386.rpm b4cb1b1d9f43c06371a85eac06de92ac cyrus-sasl-gssapi-2.1.15-10.i386.rpm 4c481245bb88965e5501f787f67fb863 cyrus-sasl-md5-2.1.15-10.i386.rpm 3567df72f78bec2755943a2be732dbbb cyrus-sasl-plain-2.1.15-10.i386.rpm x86_64: 6719a7d1f5aab57f890983c7b067a77f cyrus-sasl-2.1.15-10.x86_64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm e1ab3ddf06867ebee94eb8d30acc0bea cyrus-sasl-devel-2.1.15-10.x86_64.rpm 2176eb0408120e072a9ea434d970d656 cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm a84b19147e50c5f3690356686d31f1bd cyrus-sasl-md5-2.1.15-10.x86_64.rpm 434fb1bc67c4f98a84a7fc641b71fe3f cyrus-sasl-plain-2.1.15-10.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cyrus-sasl-2.1.15-10.src.rpm a9cde51259dec493061ea0e03bf04537 cyrus-sasl-2.1.15-10.src.rpm i386: 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 55541276383fa24ed49fc40be3720263 cyrus-sasl-devel-2.1.15-10.i386.rpm b4cb1b1d9f43c06371a85eac06de92ac cyrus-sasl-gssapi-2.1.15-10.i386.rpm 4c481245bb88965e5501f787f67fb863 cyrus-sasl-md5-2.1.15-10.i386.rpm 3567df72f78bec2755943a2be732dbbb cyrus-sasl-plain-2.1.15-10.i386.rpm ia64: aa10aabc5083f29c91fc21b9b5e34081 cyrus-sasl-2.1.15-10.ia64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 25ff6248dc2c62835be4db608cfcd2b5 cyrus-sasl-devel-2.1.15-10.ia64.rpm e22e44ff1ef945b6f13cab172380e53d cyrus-sasl-gssapi-2.1.15-10.ia64.rpm 90c8505c7c4e6e6657332c604b83a43c cyrus-sasl-md5-2.1.15-10.ia64.rpm baa93f3bfb4dfae22b5a2971e9b83e35 cyrus-sasl-plain-2.1.15-10.ia64.rpm x86_64: 6719a7d1f5aab57f890983c7b067a77f cyrus-sasl-2.1.15-10.x86_64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm e1ab3ddf06867ebee94eb8d30acc0bea cyrus-sasl-devel-2.1.15-10.x86_64.rpm 2176eb0408120e072a9ea434d970d656 cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm a84b19147e50c5f3690356686d31f1bd cyrus-sasl-md5-2.1.15-10.x86_64.rpm 434fb1bc67c4f98a84a7fc641b71fe3f cyrus-sasl-plain-2.1.15-10.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cyrus-sasl-2.1.15-10.src.rpm a9cde51259dec493061ea0e03bf04537 cyrus-sasl-2.1.15-10.src.rpm i386: 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 55541276383fa24ed49fc40be3720263 cyrus-sasl-devel-2.1.15-10.i386.rpm b4cb1b1d9f43c06371a85eac06de92ac cyrus-sasl-gssapi-2.1.15-10.i386.rpm 4c481245bb88965e5501f787f67fb863 cyrus-sasl-md5-2.1.15-10.i386.rpm 3567df72f78bec2755943a2be732dbbb cyrus-sasl-plain-2.1.15-10.i386.rpm ia64: aa10aabc5083f29c91fc21b9b5e34081 cyrus-sasl-2.1.15-10.ia64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm 25ff6248dc2c62835be4db608cfcd2b5 cyrus-sasl-devel-2.1.15-10.ia64.rpm e22e44ff1ef945b6f13cab172380e53d cyrus-sasl-gssapi-2.1.15-10.ia64.rpm 90c8505c7c4e6e6657332c604b83a43c cyrus-sasl-md5-2.1.15-10.ia64.rpm baa93f3bfb4dfae22b5a2971e9b83e35 cyrus-sasl-plain-2.1.15-10.ia64.rpm x86_64: 6719a7d1f5aab57f890983c7b067a77f cyrus-sasl-2.1.15-10.x86_64.rpm 4e7a31beac1f79bda62f5715686ed652 cyrus-sasl-2.1.15-10.i386.rpm e1ab3ddf06867ebee94eb8d30acc0bea cyrus-sasl-devel-2.1.15-10.x86_64.rpm 2176eb0408120e072a9ea434d970d656 cyrus-sasl-gssapi-2.1.15-10.x86_64.rpm a84b19147e50c5f3690356686d31f1bd cyrus-sasl-md5-2.1.15-10.x86_64.rpm 434fb1bc67c4f98a84a7fc641b71fe3f cyrus-sasl-plain-2.1.15-10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 7. References: https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/common.c.diff?r1=1.103&r2=1.104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0884 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBZb8FXlSAg2UNWIIRAnb+AKCMDcyrEhAuiH71iIy5J9kiLhwYTQCcCWIM hIm3/gTOclZWmShyow4QVXw= =dPAp -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 20 19:40:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Oct 2004 15:40 -0400 Subject: [RHSA-2004:480-01] Updated ImageMagick packages fix security vulnerability Message-ID: <200410201940.i9KJeBa17086@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated ImageMagick packages fix security vulnerability Advisory ID: RHSA-2004:480-01 Issue date: 2004-10-20 Updated on: 2004-10-20 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-0827 - --------------------------------------------------------------------- 1. Summary: Updated ImageMagick packages that fix a BMP loader vulnerability are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: ImageMagick(TM) is an image display and manipulation tool for the X Window System. A heap overflow flaw has been discovered in the ImageMagick image handler. An attacker could create a carefully crafted BMP file in such a way that it could cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0827 to this issue. Users of ImageMagick should upgrade to this updated package, which contains a backported patch, and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 130807 - CAN-2004-0827 heap overflow in BMP decoder 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ImageMagick-5.5.6-6.src.rpm 045e0e91f0ed8f8dec140bf3747b4077 ImageMagick-5.5.6-6.src.rpm i386: 10ce65b271a96aa9936dde261101950f ImageMagick-5.5.6-6.i386.rpm 77116e9d76af4794f483762d9f20e4ea ImageMagick-c++-5.5.6-6.i386.rpm 57ec4d864f39319124aec5f5e4b43280 ImageMagick-c++-devel-5.5.6-6.i386.rpm ae1f3e70590fffb590956d8fdce9bfcc ImageMagick-devel-5.5.6-6.i386.rpm 9d5f480fdd133748dcddc33a763d490f ImageMagick-perl-5.5.6-6.i386.rpm ia64: e20e8750e25c70bbb816e927f630c267 ImageMagick-5.5.6-6.ia64.rpm 3116fc8ca9bd813065000825ab3a1bad ImageMagick-c++-5.5.6-6.ia64.rpm b5dc78df650c171dea8e962c79b1efe0 ImageMagick-c++-devel-5.5.6-6.ia64.rpm f65e3ce07d6b67d238f5a85ab020885f ImageMagick-devel-5.5.6-6.ia64.rpm 09f10be40bd9a88f7e0ff6d59e34e70f ImageMagick-perl-5.5.6-6.ia64.rpm ppc: 46f51cb3c082370bd2f1b9af9415ad7a ImageMagick-5.5.6-6.ppc.rpm 03f63acc78df42657e6891077d3467f1 ImageMagick-c++-5.5.6-6.ppc.rpm 09fe58f083ffa8e2941202821c0534b5 ImageMagick-c++-devel-5.5.6-6.ppc.rpm 33df253831ce0cd8708afc20f589abbd ImageMagick-devel-5.5.6-6.ppc.rpm 61477cb1d82fd9079254b995aca7e678 ImageMagick-perl-5.5.6-6.ppc.rpm s390: 757608ce8939fe166074c93913c7b8a2 ImageMagick-5.5.6-6.s390.rpm af8965782a23f7d484df3293eb214c0d ImageMagick-c++-5.5.6-6.s390.rpm 00c94923b096cf548592ed6f6f16f745 ImageMagick-c++-devel-5.5.6-6.s390.rpm c07a76f6457cb277518c17c64d074321 ImageMagick-devel-5.5.6-6.s390.rpm 9faafb72664e87bb2f191fc60fad75b5 ImageMagick-perl-5.5.6-6.s390.rpm s390x: 55a76a77830de834060f039cc176e4cd ImageMagick-5.5.6-6.s390x.rpm 8ccdb45d34ff40712ab9f6d0a19fbe86 ImageMagick-c++-5.5.6-6.s390x.rpm e7eb1807788551defe5f50df2763fce1 ImageMagick-c++-devel-5.5.6-6.s390x.rpm c74e048ac339446226b5f7c6d76b97f5 ImageMagick-devel-5.5.6-6.s390x.rpm e05b50851348d5c370901e7d2f3d16e4 ImageMagick-perl-5.5.6-6.s390x.rpm x86_64: ac2398a57cf51e8a69dd8c5390f59ff9 ImageMagick-5.5.6-6.x86_64.rpm 16d4ae779d2ef69aea9d863725022a21 ImageMagick-c++-5.5.6-6.x86_64.rpm 30c42ec86f195228c268c24001f45c9a ImageMagick-c++-devel-5.5.6-6.x86_64.rpm b1f941d2a971a417d858ff32f188bf6c ImageMagick-devel-5.5.6-6.x86_64.rpm 4dea1aa57f513c5e84c3900d455a4637 ImageMagick-perl-5.5.6-6.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ImageMagick-5.5.6-6.src.rpm 045e0e91f0ed8f8dec140bf3747b4077 ImageMagick-5.5.6-6.src.rpm i386: 10ce65b271a96aa9936dde261101950f ImageMagick-5.5.6-6.i386.rpm 77116e9d76af4794f483762d9f20e4ea ImageMagick-c++-5.5.6-6.i386.rpm 57ec4d864f39319124aec5f5e4b43280 ImageMagick-c++-devel-5.5.6-6.i386.rpm ae1f3e70590fffb590956d8fdce9bfcc ImageMagick-devel-5.5.6-6.i386.rpm 9d5f480fdd133748dcddc33a763d490f ImageMagick-perl-5.5.6-6.i386.rpm x86_64: ac2398a57cf51e8a69dd8c5390f59ff9 ImageMagick-5.5.6-6.x86_64.rpm 16d4ae779d2ef69aea9d863725022a21 ImageMagick-c++-5.5.6-6.x86_64.rpm 30c42ec86f195228c268c24001f45c9a ImageMagick-c++-devel-5.5.6-6.x86_64.rpm b1f941d2a971a417d858ff32f188bf6c ImageMagick-devel-5.5.6-6.x86_64.rpm 4dea1aa57f513c5e84c3900d455a4637 ImageMagick-perl-5.5.6-6.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ImageMagick-5.5.6-6.src.rpm 045e0e91f0ed8f8dec140bf3747b4077 ImageMagick-5.5.6-6.src.rpm i386: 10ce65b271a96aa9936dde261101950f ImageMagick-5.5.6-6.i386.rpm 77116e9d76af4794f483762d9f20e4ea ImageMagick-c++-5.5.6-6.i386.rpm 57ec4d864f39319124aec5f5e4b43280 ImageMagick-c++-devel-5.5.6-6.i386.rpm ae1f3e70590fffb590956d8fdce9bfcc ImageMagick-devel-5.5.6-6.i386.rpm 9d5f480fdd133748dcddc33a763d490f ImageMagick-perl-5.5.6-6.i386.rpm ia64: e20e8750e25c70bbb816e927f630c267 ImageMagick-5.5.6-6.ia64.rpm 3116fc8ca9bd813065000825ab3a1bad ImageMagick-c++-5.5.6-6.ia64.rpm b5dc78df650c171dea8e962c79b1efe0 ImageMagick-c++-devel-5.5.6-6.ia64.rpm f65e3ce07d6b67d238f5a85ab020885f ImageMagick-devel-5.5.6-6.ia64.rpm 09f10be40bd9a88f7e0ff6d59e34e70f ImageMagick-perl-5.5.6-6.ia64.rpm x86_64: ac2398a57cf51e8a69dd8c5390f59ff9 ImageMagick-5.5.6-6.x86_64.rpm 16d4ae779d2ef69aea9d863725022a21 ImageMagick-c++-5.5.6-6.x86_64.rpm 30c42ec86f195228c268c24001f45c9a ImageMagick-c++-devel-5.5.6-6.x86_64.rpm b1f941d2a971a417d858ff32f188bf6c ImageMagick-devel-5.5.6-6.x86_64.rpm 4dea1aa57f513c5e84c3900d455a4637 ImageMagick-perl-5.5.6-6.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ImageMagick-5.5.6-6.src.rpm 045e0e91f0ed8f8dec140bf3747b4077 ImageMagick-5.5.6-6.src.rpm i386: 10ce65b271a96aa9936dde261101950f ImageMagick-5.5.6-6.i386.rpm 77116e9d76af4794f483762d9f20e4ea ImageMagick-c++-5.5.6-6.i386.rpm 57ec4d864f39319124aec5f5e4b43280 ImageMagick-c++-devel-5.5.6-6.i386.rpm ae1f3e70590fffb590956d8fdce9bfcc ImageMagick-devel-5.5.6-6.i386.rpm 9d5f480fdd133748dcddc33a763d490f ImageMagick-perl-5.5.6-6.i386.rpm ia64: e20e8750e25c70bbb816e927f630c267 ImageMagick-5.5.6-6.ia64.rpm 3116fc8ca9bd813065000825ab3a1bad ImageMagick-c++-5.5.6-6.ia64.rpm b5dc78df650c171dea8e962c79b1efe0 ImageMagick-c++-devel-5.5.6-6.ia64.rpm f65e3ce07d6b67d238f5a85ab020885f ImageMagick-devel-5.5.6-6.ia64.rpm 09f10be40bd9a88f7e0ff6d59e34e70f ImageMagick-perl-5.5.6-6.ia64.rpm x86_64: ac2398a57cf51e8a69dd8c5390f59ff9 ImageMagick-5.5.6-6.x86_64.rpm 16d4ae779d2ef69aea9d863725022a21 ImageMagick-c++-5.5.6-6.x86_64.rpm 30c42ec86f195228c268c24001f45c9a ImageMagick-c++-devel-5.5.6-6.x86_64.rpm b1f941d2a971a417d858ff32f188bf6c ImageMagick-devel-5.5.6-6.x86_64.rpm 4dea1aa57f513c5e84c3900d455a4637 ImageMagick-perl-5.5.6-6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0827 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBdr8XXlSAg2UNWIIRAtD0AJ0RvnAbnrmTTivtpzDU+8puYzfnbQCeIAN0 nu5bnwWe+47VWNkOHdbYgyo= =KC+k -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 20 19:40:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Oct 2004 15:40 -0400 Subject: [RHSA-2004:494-01] Updated ImageMagick packages fix security vulnerabilities Message-ID: <200410201940.i9KJexa17108@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated ImageMagick packages fix security vulnerabilities Advisory ID: RHSA-2004:494-01 Issue date: 2004-10-20 Updated on: 2004-10-20 Product: Red Hat Enterprise Linux CVE Names: CAN-2003-0455 CAN-2004-0827 - --------------------------------------------------------------------- 1. Summary: Updated ImageMagick packages that fix various security vulnerabilities are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: ImageMagick(TM) is an image display and manipulation tool for the X Window System. A heap overflow flaw was discovered in the ImageMagick image handler. An attacker could create a carefully crafted BMP file in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0827 to this issue. A temporary file handling bug has been found in ImageMagick's libmagick library. A local user could overwrite or create files as a different user if a program was linked with the vulnerable library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0455 to this issue. Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 98827 - CAN-2003-0455 ImageMagick temporary file handling vulnerability 130807 - CAN-2004-0827 heap overflow in BMP decoder 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ImageMagick-5.3.8-5.src.rpm 22738cf864df785a841772511e92e689 ImageMagick-5.3.8-5.src.rpm i386: 6f2d75c18a23e1dfd8436612760cea77 ImageMagick-5.3.8-5.i386.rpm 6ab5cd1e16ce974097ed70fe509b2d54 ImageMagick-c++-5.3.8-5.i386.rpm f8ecc0f1253736bd99b48d15447f61dc ImageMagick-c++-devel-5.3.8-5.i386.rpm 14cb59447f203c6d2141636c71ce8d58 ImageMagick-devel-5.3.8-5.i386.rpm c504ef763f766cf4c90cb8caad764ebb ImageMagick-perl-5.3.8-5.i386.rpm ia64: 13a0333046d8337643de2b338aa157b9 ImageMagick-5.3.8-5.ia64.rpm 163e1753c113703c2b279ab2b6150c9f ImageMagick-c++-5.3.8-5.ia64.rpm 4f16d62bf35adb7512da4fb1cbc93df7 ImageMagick-c++-devel-5.3.8-5.ia64.rpm 641626cf00da91e4cf321e5b5bde5ff8 ImageMagick-devel-5.3.8-5.ia64.rpm 5ae53b3226e04ca6bb3f4906faafa998 ImageMagick-perl-5.3.8-5.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ImageMagick-5.3.8-5.src.rpm 22738cf864df785a841772511e92e689 ImageMagick-5.3.8-5.src.rpm ia64: 13a0333046d8337643de2b338aa157b9 ImageMagick-5.3.8-5.ia64.rpm 163e1753c113703c2b279ab2b6150c9f ImageMagick-c++-5.3.8-5.ia64.rpm 4f16d62bf35adb7512da4fb1cbc93df7 ImageMagick-c++-devel-5.3.8-5.ia64.rpm 641626cf00da91e4cf321e5b5bde5ff8 ImageMagick-devel-5.3.8-5.ia64.rpm 5ae53b3226e04ca6bb3f4906faafa998 ImageMagick-perl-5.3.8-5.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ImageMagick-5.3.8-5.src.rpm 22738cf864df785a841772511e92e689 ImageMagick-5.3.8-5.src.rpm i386: 6f2d75c18a23e1dfd8436612760cea77 ImageMagick-5.3.8-5.i386.rpm 6ab5cd1e16ce974097ed70fe509b2d54 ImageMagick-c++-5.3.8-5.i386.rpm f8ecc0f1253736bd99b48d15447f61dc ImageMagick-c++-devel-5.3.8-5.i386.rpm 14cb59447f203c6d2141636c71ce8d58 ImageMagick-devel-5.3.8-5.i386.rpm c504ef763f766cf4c90cb8caad764ebb ImageMagick-perl-5.3.8-5.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ImageMagick-5.3.8-5.src.rpm 22738cf864df785a841772511e92e689 ImageMagick-5.3.8-5.src.rpm i386: 6f2d75c18a23e1dfd8436612760cea77 ImageMagick-5.3.8-5.i386.rpm 6ab5cd1e16ce974097ed70fe509b2d54 ImageMagick-c++-5.3.8-5.i386.rpm f8ecc0f1253736bd99b48d15447f61dc ImageMagick-c++-devel-5.3.8-5.i386.rpm 14cb59447f203c6d2141636c71ce8d58 ImageMagick-devel-5.3.8-5.i386.rpm c504ef763f766cf4c90cb8caad764ebb ImageMagick-perl-5.3.8-5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0455 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0827 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBdr8oXlSAg2UNWIIRAgokAJ0YRjujcb1+SPurBRZwWWa5BwYS7wCfSe5H gmGlyvxkwsiwgU6aEEoX3fk= =bta3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 20 19:47:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Oct 2004 15:47 -0400 Subject: [RHSA-2004:569-01] Updated mysql packages fix minor security issues and bugs Message-ID: <200410201947.i9KJlDa17588@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated mysql packages fix minor security issues and bugs Advisory ID: RHSA-2004:569-01 Issue date: 2004-10-20 Updated on: 2004-10-20 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-0381 CAN-2004-0388 CAN-2004-0457 - --------------------------------------------------------------------- 1. Summary: Updated mysql packages that fix various temporary file security issues, as well as a number of bugs, are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: MySQL is a multi-user, multi-threaded SQL database server. This update fixes a number of small bugs, including some potential security problems associated with careless handling of temporary files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0381, CAN-2004-0388, and CAN-2004-0457 to these issues. A number of additional security issues that affect mysql have been corrected in the source package. These include CAN-2004-0835, CAN-2004-0836, CAN-2004-0837, and CAN-2004-0957. Red Hat Enterprise Linux 3 does not ship with the mysql-server package and is therefore not affected by these issues. This update also allows 32-bit and 64-bit libraries to be installed concurrently on the same system. All users of mysql should upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 58732 - /etc/init.d/mysqld doesn't wait for server to start 108779 - Always timeout error starting MySQL Daemon 117017 - RHEL2.1: removing mysql-server does not remove the mysql user. 115165 - botched string concat ? 113960 - [PATCH] Bug fix + enhancement for mysql_setpermission 112693 - mysqlhotcopy of local Fedora DB broken after upgrade from RH9 102190 - specfile contains improper log details in %files 124352 - Cannot drop databases 119442 - CAN-2004-0381 mysqlbug temporary file vulnerability 130348 - CAN-2004-0457 mysqlhotcopy insecure temporary file vulnerability 128852 - database service should start earlier 129409 - linking with 'mysql --libs' doesent seem to work correctly. 133993 - Service mysqld restart 135387 - CAN-2004-0835 MySQL flaws (CAN-2004-0836, CAN-2004-0837, CAN-2004-0957) 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mysql-3.23.58-2.3.src.rpm 3fea570d29c4a66fd5578705fd3a5f08 mysql-3.23.58-2.3.src.rpm i386: a5291f0504a64c7640818b554b2ec268 mysql-3.23.58-2.3.i386.rpm d8d9f29055d4f9ac2bd0c577cf3c9f1a mysql-bench-3.23.58-2.3.i386.rpm 942437a7d22c99a96ccbc1fe30e01857 mysql-devel-3.23.58-2.3.i386.rpm ia64: 273e64f3bc444f642cc27e149047e88b mysql-3.23.58-2.3.ia64.rpm a5291f0504a64c7640818b554b2ec268 mysql-3.23.58-2.3.i386.rpm 035537b43e8860f4713bb8ba2f434376 mysql-bench-3.23.58-2.3.ia64.rpm b10cfeaa55f652962f424036f6dd169b mysql-devel-3.23.58-2.3.ia64.rpm ppc: 22972cd7c174cd85e0c08cf6232d90c2 mysql-3.23.58-2.3.ppc.rpm 3d2f07341d89c5793f56dc9879b4c4e6 mysql-bench-3.23.58-2.3.ppc.rpm 2a3bb5baaecc6f1101d2a9d2c0f0938b mysql-devel-3.23.58-2.3.ppc.rpm ppc64: 552fb60408534cc09ea24f7a141a016b mysql-3.23.58-2.3.ppc64.rpm s390: f47fbbc3e354853485c5424dc22ccc8c mysql-3.23.58-2.3.s390.rpm 973e0714e31de71c0efad0599941bb7e mysql-bench-3.23.58-2.3.s390.rpm 6efe72cbdabdde4e2d3db8c24d5e8e24 mysql-devel-3.23.58-2.3.s390.rpm s390x: e525bd1a40a1157ff99f79006d8447fe mysql-3.23.58-2.3.s390x.rpm f47fbbc3e354853485c5424dc22ccc8c mysql-3.23.58-2.3.s390.rpm 62bc707e3a3a6444e7dad5fd0947249a mysql-bench-3.23.58-2.3.s390x.rpm a07377d3c15bcbf4a978676036a04d76 mysql-devel-3.23.58-2.3.s390x.rpm x86_64: f11ffaa788c38434a7259bccf485b1a0 mysql-3.23.58-2.3.x86_64.rpm a5291f0504a64c7640818b554b2ec268 mysql-3.23.58-2.3.i386.rpm 9c20d57a7c724de9cd30a7a8be88fa1e mysql-bench-3.23.58-2.3.x86_64.rpm 14a7a2b00486de17c287bf90010b7377 mysql-devel-3.23.58-2.3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mysql-3.23.58-2.3.src.rpm 3fea570d29c4a66fd5578705fd3a5f08 mysql-3.23.58-2.3.src.rpm i386: a5291f0504a64c7640818b554b2ec268 mysql-3.23.58-2.3.i386.rpm d8d9f29055d4f9ac2bd0c577cf3c9f1a mysql-bench-3.23.58-2.3.i386.rpm 942437a7d22c99a96ccbc1fe30e01857 mysql-devel-3.23.58-2.3.i386.rpm x86_64: f11ffaa788c38434a7259bccf485b1a0 mysql-3.23.58-2.3.x86_64.rpm a5291f0504a64c7640818b554b2ec268 mysql-3.23.58-2.3.i386.rpm 9c20d57a7c724de9cd30a7a8be88fa1e mysql-bench-3.23.58-2.3.x86_64.rpm 14a7a2b00486de17c287bf90010b7377 mysql-devel-3.23.58-2.3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mysql-3.23.58-2.3.src.rpm 3fea570d29c4a66fd5578705fd3a5f08 mysql-3.23.58-2.3.src.rpm i386: a5291f0504a64c7640818b554b2ec268 mysql-3.23.58-2.3.i386.rpm d8d9f29055d4f9ac2bd0c577cf3c9f1a mysql-bench-3.23.58-2.3.i386.rpm 942437a7d22c99a96ccbc1fe30e01857 mysql-devel-3.23.58-2.3.i386.rpm ia64: 273e64f3bc444f642cc27e149047e88b mysql-3.23.58-2.3.ia64.rpm a5291f0504a64c7640818b554b2ec268 mysql-3.23.58-2.3.i386.rpm 035537b43e8860f4713bb8ba2f434376 mysql-bench-3.23.58-2.3.ia64.rpm b10cfeaa55f652962f424036f6dd169b mysql-devel-3.23.58-2.3.ia64.rpm x86_64: f11ffaa788c38434a7259bccf485b1a0 mysql-3.23.58-2.3.x86_64.rpm a5291f0504a64c7640818b554b2ec268 mysql-3.23.58-2.3.i386.rpm 9c20d57a7c724de9cd30a7a8be88fa1e mysql-bench-3.23.58-2.3.x86_64.rpm 14a7a2b00486de17c287bf90010b7377 mysql-devel-3.23.58-2.3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mysql-3.23.58-2.3.src.rpm 3fea570d29c4a66fd5578705fd3a5f08 mysql-3.23.58-2.3.src.rpm i386: a5291f0504a64c7640818b554b2ec268 mysql-3.23.58-2.3.i386.rpm d8d9f29055d4f9ac2bd0c577cf3c9f1a mysql-bench-3.23.58-2.3.i386.rpm 942437a7d22c99a96ccbc1fe30e01857 mysql-devel-3.23.58-2.3.i386.rpm ia64: 273e64f3bc444f642cc27e149047e88b mysql-3.23.58-2.3.ia64.rpm a5291f0504a64c7640818b554b2ec268 mysql-3.23.58-2.3.i386.rpm 035537b43e8860f4713bb8ba2f434376 mysql-bench-3.23.58-2.3.ia64.rpm b10cfeaa55f652962f424036f6dd169b mysql-devel-3.23.58-2.3.ia64.rpm x86_64: f11ffaa788c38434a7259bccf485b1a0 mysql-3.23.58-2.3.x86_64.rpm a5291f0504a64c7640818b554b2ec268 mysql-3.23.58-2.3.i386.rpm 9c20d57a7c724de9cd30a7a8be88fa1e mysql-bench-3.23.58-2.3.x86_64.rpm 14a7a2b00486de17c287bf90010b7377 mysql-devel-3.23.58-2.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0381 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0457 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBdsC+XlSAg2UNWIIRAtqpAKC5PDXwBDy+Se6OgTYSIe4AJtSP5QCeOuAp dU4BbLANx/21TUx8It8HBsM= =chW6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 20 19:47:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Oct 2004 15:47 -0400 Subject: [RHSA-2004:591-01] Updated squid package fixes vulnerability Message-ID: <200410201947.i9KJlga17635@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated squid package fixes vulnerability Advisory ID: RHSA-2004:591-01 Issue date: 2004-10-20 Updated on: 2004-10-20 Product: Red Hat Enterprise Linux Obsoletes: RHSA-2004:462 CVE Names: CAN-2004-0918 - --------------------------------------------------------------------- 1. Summary: An updated squid package that fixes a remote denial of service vulnerability is now avaliable. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Squid is a full-featured Web proxy cache. iDEFENSE reported a flaw in the squid SNMP module. This flaw could allow an attacker who has the ability to send arbitrary packets to the SNMP port to restart the server, causing it to drop all open connections. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0918 to this issue. All users of squid should update to this erratum package, which contains a backport of the security fix for this vulnerability. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 135319 - CAN-2004-0918 SNMP DoS 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/squid-2.4.STABLE7-1.21as.src.rpm d6f19557d67672e3f08e2ef191c74ba2 squid-2.4.STABLE7-1.21as.src.rpm i386: 656bb40dacbfda418bc5b0b0a2afb9ca squid-2.4.STABLE7-1.21as.i386.rpm ia64: 4c7f9233d5c07161815cd0f238598ad9 squid-2.4.STABLE7-1.21as.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/squid-2.4.STABLE7-1.21as.src.rpm d6f19557d67672e3f08e2ef191c74ba2 squid-2.4.STABLE7-1.21as.src.rpm ia64: 4c7f9233d5c07161815cd0f238598ad9 squid-2.4.STABLE7-1.21as.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/squid-2.4.STABLE7-1.21as.src.rpm d6f19557d67672e3f08e2ef191c74ba2 squid-2.4.STABLE7-1.21as.src.rpm i386: 656bb40dacbfda418bc5b0b0a2afb9ca squid-2.4.STABLE7-1.21as.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squid-2.5.STABLE3-6.3E.2.src.rpm 919b9823a67f83efafc8e34dd7b54a76 squid-2.5.STABLE3-6.3E.2.src.rpm i386: 1e97031b4ab8ed0095aed15fc8023f57 squid-2.5.STABLE3-6.3E.2.i386.rpm ia64: b47592e7fc983dcef36e7949bc603014 squid-2.5.STABLE3-6.3E.2.ia64.rpm ppc: 73cc5efea1bad51e51858f2e56ea1581 squid-2.5.STABLE3-6.3E.2.ppc.rpm s390: d42bd6385028a6336b62acd9e1d3b551 squid-2.5.STABLE3-6.3E.2.s390.rpm s390x: c9cbce5de6662b4cc156dce76829bfe1 squid-2.5.STABLE3-6.3E.2.s390x.rpm x86_64: 50f854496bd475854ef578891dc5d630 squid-2.5.STABLE3-6.3E.2.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squid-2.5.STABLE3-6.3E.2.src.rpm 919b9823a67f83efafc8e34dd7b54a76 squid-2.5.STABLE3-6.3E.2.src.rpm i386: 1e97031b4ab8ed0095aed15fc8023f57 squid-2.5.STABLE3-6.3E.2.i386.rpm x86_64: 50f854496bd475854ef578891dc5d630 squid-2.5.STABLE3-6.3E.2.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squid-2.5.STABLE3-6.3E.2.src.rpm 919b9823a67f83efafc8e34dd7b54a76 squid-2.5.STABLE3-6.3E.2.src.rpm i386: 1e97031b4ab8ed0095aed15fc8023f57 squid-2.5.STABLE3-6.3E.2.i386.rpm ia64: b47592e7fc983dcef36e7949bc603014 squid-2.5.STABLE3-6.3E.2.ia64.rpm x86_64: 50f854496bd475854ef578891dc5d630 squid-2.5.STABLE3-6.3E.2.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squid-2.5.STABLE3-6.3E.2.src.rpm 919b9823a67f83efafc8e34dd7b54a76 squid-2.5.STABLE3-6.3E.2.src.rpm i386: 1e97031b4ab8ed0095aed15fc8023f57 squid-2.5.STABLE3-6.3E.2.i386.rpm ia64: b47592e7fc983dcef36e7949bc603014 squid-2.5.STABLE3-6.3E.2.ia64.rpm x86_64: 50f854496bd475854ef578891dc5d630 squid-2.5.STABLE3-6.3E.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 7. References: http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0918 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBdsDcXlSAg2UNWIIRAgOvAJ4nAi5zobqRy6zUAmgFnkvw5IBMTACePSDg L9wAsv5keCvSnMLUMqlwCPY= =SCeD -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 20 19:47:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Oct 2004 15:47 -0400 Subject: [RHSA-2004:597-01] Updated mysql packages fix security issues and bugs Message-ID: <200410201947.i9KJlra17650@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated mysql packages fix security issues and bugs Advisory ID: RHSA-2004:597-01 Issue date: 2004-10-20 Updated on: 2004-10-20 Product: Red Hat Enterprise Linux Obsoletes: RHSA-2003:282 CVE Names: CAN-2004-0381 CAN-2004-0388 CAN-2004-0457 CAN-2004-0835 CAN-2004-0836 CAN-2004-0837 CAN-2004-0957 - --------------------------------------------------------------------- 1. Summary: Updated mysql packages that fix various security issues, as well as a number of bugs, are now available for Red Hat Enterprise Linux 2.1. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: MySQL is a multi-user, multi-threaded SQL database server. A number security issues that affect the mysql server have been reported: Oleksandr Byelkin discovered that "ALTER TABLE ... RENAME" checked the CREATE/INSERT rights of the old table instead of the new one. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0835 to this issue. Lukasz Wojtow discovered a buffer overrun in the mysql_real_connect function. In order to exploit this issue an attacker would need to force the use of a malicious DNS server (CAN-2004-0836). Dean Ellis discovered that multiple threads ALTERing the same (or different) MERGE tables to change the UNION could cause the server to crash or stall (CAN-2004-0837). Sergei Golubchik discovered that if a user is granted privileges to a database with a name containing an underscore ("_"), the user also gains the ability to grant privileges to other databases with similar names (CAN-2004-0957). Additionally, the following minor temporary file vulnerabilities were discovered: - - Stan Bubroski and Shaun Colley found a temporary file vulnerability in the mysqlbug script (CAN-2004-0381). - - A temporary file vulnerability was discovered in mysqld_multi (CAN-2004-0388). - - Jeroen van Wolffelaar discovered an temporary file vulnerability in the mysqlhotcopy script when using the scp method (CAN-2004-0457). All users of mysql should upgrade to these updated packages, which resolve these issues and also include fixes for a number of small bugs. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 112693 - mysqlhotcopy of local Fedora DB broken after upgrade from RH9 113960 - [PATCH] Bug fix + enhancement for mysql_setpermission 115165 - botched string concat ? 124352 - Cannot drop databases 129409 - linking with 'mysql --libs' doesent seem to work correctly. 130348 - CAN-2004-0457 mysqlhotcopy insecure temporary file vulnerability 135372 - CAN-2004-0835 MySQL flaws (CAN-2004-0836, CAN-2004-0837, CAN-2004-0957) 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mysql-3.23.58-1.72.1.src.rpm 1a6ad34678d35aa5c1bfba0ff7290c44 mysql-3.23.58-1.72.1.src.rpm i386: a33c7efe12e0a4b0dade197a823a5e42 mysql-3.23.58-1.72.1.i386.rpm 3b0621721b68c67f3d73681c9fbade09 mysql-devel-3.23.58-1.72.1.i386.rpm 63280ad1d2b39d5865a209e2822cec5e mysql-server-3.23.58-1.72.1.i386.rpm ia64: 73b97bae08854a6bbd25a8ad0e057666 mysql-3.23.58-1.72.1.ia64.rpm 709aff64529b31c9dc3ade3017509d44 mysql-devel-3.23.58-1.72.1.ia64.rpm 311db47abcc5cc79b094804c5b3912f4 mysql-server-3.23.58-1.72.1.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mysql-3.23.58-1.72.1.src.rpm 1a6ad34678d35aa5c1bfba0ff7290c44 mysql-3.23.58-1.72.1.src.rpm ia64: 73b97bae08854a6bbd25a8ad0e057666 mysql-3.23.58-1.72.1.ia64.rpm 709aff64529b31c9dc3ade3017509d44 mysql-devel-3.23.58-1.72.1.ia64.rpm 311db47abcc5cc79b094804c5b3912f4 mysql-server-3.23.58-1.72.1.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mysql-3.23.58-1.72.1.src.rpm 1a6ad34678d35aa5c1bfba0ff7290c44 mysql-3.23.58-1.72.1.src.rpm i386: a33c7efe12e0a4b0dade197a823a5e42 mysql-3.23.58-1.72.1.i386.rpm 3b0621721b68c67f3d73681c9fbade09 mysql-devel-3.23.58-1.72.1.i386.rpm 63280ad1d2b39d5865a209e2822cec5e mysql-server-3.23.58-1.72.1.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mysql-3.23.58-1.72.1.src.rpm 1a6ad34678d35aa5c1bfba0ff7290c44 mysql-3.23.58-1.72.1.src.rpm i386: a33c7efe12e0a4b0dade197a823a5e42 mysql-3.23.58-1.72.1.i386.rpm 3b0621721b68c67f3d73681c9fbade09 mysql-devel-3.23.58-1.72.1.i386.rpm 63280ad1d2b39d5865a209e2822cec5e mysql-server-3.23.58-1.72.1.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0381 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0457 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0836 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0957 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBdsDnXlSAg2UNWIIRArmMAJ44yYqEYMrzgkmRFZY7455sPg8W6ACdGITG 9Sw5OczEVx/gi22kQd76hfo= =Q/TC -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 20 19:50:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Oct 2004 15:50 -0400 Subject: [RHSA-2004:604-01] Updated gaim package fixes security issues and bugs Message-ID: <200410201950.i9KJoIa17847@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated gaim package fixes security issues and bugs Advisory ID: RHSA-2004:604-01 Issue date: 2004-10-20 Updated on: 2004-10-20 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-0891 - --------------------------------------------------------------------- 1. Summary: An updated gaim package that fixes security issues, fixes various bugs, and includes various enhancements for Red Hat Enterprise Linux 3 is now avaliable. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The gaim application is a multi-protocol instant messaging client. A buffer overflow has been discovered in the MSN protocol handler. When receiving unexpected sequence of MSNSLP messages, it is possible that an attacker could cause an internal buffer overflow, leading to a crash or possible code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0891 to this issue. This updated gaim package also fixes multiple user interface, protocol, and error handling problems, including an ICQ communication encoding issue. Additionally, these updated packages have compiled gaim as a PIE (position independent executable) for added protection against future security vulnerabilities. All users of gaim should upgrade to this updated package, which includes various bug fixes, as well as a backported security patch. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 135678 - CAN-2004-0891 MSN protocol buffer overflow. 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gaim-1.0.1-1.RHEL3.src.rpm bb309fe79e51417111b274e0f5155c83 gaim-1.0.1-1.RHEL3.src.rpm i386: 2d0e9ad1d407f5efffea2d971ce798d2 gaim-1.0.1-1.RHEL3.i386.rpm ia64: abcc7aa6f38c709bb923f9db5f13599b gaim-1.0.1-1.RHEL3.ia64.rpm ppc: dfef22e12d377b4b08ef13b213c6a918 gaim-1.0.1-1.RHEL3.ppc.rpm s390: 699edb7cfbd252a64e11850bf489ab2f gaim-1.0.1-1.RHEL3.s390.rpm s390x: c2b6150317cd865a50b5fc4f94031619 gaim-1.0.1-1.RHEL3.s390x.rpm x86_64: b029fd04d138c71bb2a60153e9254342 gaim-1.0.1-1.RHEL3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gaim-1.0.1-1.RHEL3.src.rpm bb309fe79e51417111b274e0f5155c83 gaim-1.0.1-1.RHEL3.src.rpm i386: 2d0e9ad1d407f5efffea2d971ce798d2 gaim-1.0.1-1.RHEL3.i386.rpm x86_64: b029fd04d138c71bb2a60153e9254342 gaim-1.0.1-1.RHEL3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gaim-1.0.1-1.RHEL3.src.rpm bb309fe79e51417111b274e0f5155c83 gaim-1.0.1-1.RHEL3.src.rpm i386: 2d0e9ad1d407f5efffea2d971ce798d2 gaim-1.0.1-1.RHEL3.i386.rpm ia64: abcc7aa6f38c709bb923f9db5f13599b gaim-1.0.1-1.RHEL3.ia64.rpm x86_64: b029fd04d138c71bb2a60153e9254342 gaim-1.0.1-1.RHEL3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gaim-1.0.1-1.RHEL3.src.rpm bb309fe79e51417111b274e0f5155c83 gaim-1.0.1-1.RHEL3.src.rpm i386: 2d0e9ad1d407f5efffea2d971ce798d2 gaim-1.0.1-1.RHEL3.i386.rpm ia64: abcc7aa6f38c709bb923f9db5f13599b gaim-1.0.1-1.RHEL3.ia64.rpm x86_64: b029fd04d138c71bb2a60153e9254342 gaim-1.0.1-1.RHEL3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0891 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBdsF3XlSAg2UNWIIRAvMRAKCf71atM9u64N1ND+KY5X31zvJr5QCgkRIE zpYB+8qmZkA9Nm6gUEPZebw= =OkJa -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Oct 22 15:13:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 22 Oct 2004 11:13 -0400 Subject: [RHSA-2004:543-01] Updated CUPS packages fix security issues Message-ID: <200410221513.i9MFDla11008@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated CUPS packages fix security issues Advisory ID: RHSA-2004:543-01 Issue date: 2004-10-22 Updated on: 2004-10-22 Product: Red Hat Enterprise Linux Obsoletes: RHSA-2004:449 CVE Names: CAN-2004-0888 CAN-2004-0923 - --------------------------------------------------------------------- 1. Summary: Updated cups packages that fix denial of service issues, a security information leak, as well as other various bugs are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The Common UNIX Printing System (CUPS) is a print spooler. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect xpdf. CUPS contains a copy of the xpdf code used for parsing PDF files and is therefore affected by these bugs. An attacker who has the ability to send a malicious PDF file to a printer could cause CUPS to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0888 to this issue. When set up to print to a shared printer via Samba, CUPS would authenticate with that shared printer using a username and password. By default, the username and password used to connect to the Samba share is written into the error log file. A local user who is able to read the error log file could collect these usernames and passwords. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0923 to this issue. These updated packages also include a fix that prevents some CUPS configuration files from being accidentally replaced. All users of CUPS should upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 99461 - cups configuration 132034 - mime.types was updated - not copied to mime.types.rpmnew 134599 - CAN-2004-0923 Log file information disclosure 135378 - CAN-2004-0888 xpdf issues affect cups 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cups-1.1.17-13.3.16.src.rpm 5115ddbfb412786152b559c645008d04 cups-1.1.17-13.3.16.src.rpm i386: ba0ce8b3a0e6f96f65e805b18abb9710 cups-1.1.17-13.3.16.i386.rpm 15cc19fff26090f2ac2a3ae9fe8edade cups-devel-1.1.17-13.3.16.i386.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm ia64: c8b90a470b68b58fed2e82e570f5ee92 cups-1.1.17-13.3.16.ia64.rpm e6eac12d4a04cc3f2f78d5bcf04b3225 cups-devel-1.1.17-13.3.16.ia64.rpm ca472cbe2195dbc118ccfbc05644da0f cups-libs-1.1.17-13.3.16.ia64.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm ppc: e6c4b39d457d9b9877fe95b6fe1dbec4 cups-1.1.17-13.3.16.ppc.rpm d7a9f13c7cc6c53322c66548ad8c76de cups-devel-1.1.17-13.3.16.ppc.rpm 1c0013991559da5dcdff753e0fa29fed cups-libs-1.1.17-13.3.16.ppc.rpm ppc64: 2d58c7b4af3581b720c315d4acc88caa cups-libs-1.1.17-13.3.16.ppc64.rpm s390: 3f8e4d1f0acb1e63cacb04a31d33be7e cups-1.1.17-13.3.16.s390.rpm 9f65609293cab71c27bab23b4766e376 cups-devel-1.1.17-13.3.16.s390.rpm 9b3323c103753b3c97ac6543f73113f1 cups-libs-1.1.17-13.3.16.s390.rpm s390x: 9276fbed4537149de825126e43165244 cups-1.1.17-13.3.16.s390x.rpm 276335bb8d2b6b204ce69c478d708f85 cups-devel-1.1.17-13.3.16.s390x.rpm 56bedea0c9cbabdc50d2f4a1fdf63389 cups-libs-1.1.17-13.3.16.s390x.rpm 9b3323c103753b3c97ac6543f73113f1 cups-libs-1.1.17-13.3.16.s390.rpm x86_64: 2909c8b13ebabafe4f9832e571452226 cups-1.1.17-13.3.16.x86_64.rpm 351a15fe066f9650c293d91d5edca0d8 cups-devel-1.1.17-13.3.16.x86_64.rpm d3dddda473fe262daea7770ad1c6b6b2 cups-libs-1.1.17-13.3.16.x86_64.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cups-1.1.17-13.3.16.src.rpm 5115ddbfb412786152b559c645008d04 cups-1.1.17-13.3.16.src.rpm i386: ba0ce8b3a0e6f96f65e805b18abb9710 cups-1.1.17-13.3.16.i386.rpm 15cc19fff26090f2ac2a3ae9fe8edade cups-devel-1.1.17-13.3.16.i386.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm x86_64: 2909c8b13ebabafe4f9832e571452226 cups-1.1.17-13.3.16.x86_64.rpm 351a15fe066f9650c293d91d5edca0d8 cups-devel-1.1.17-13.3.16.x86_64.rpm d3dddda473fe262daea7770ad1c6b6b2 cups-libs-1.1.17-13.3.16.x86_64.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cups-1.1.17-13.3.16.src.rpm 5115ddbfb412786152b559c645008d04 cups-1.1.17-13.3.16.src.rpm i386: ba0ce8b3a0e6f96f65e805b18abb9710 cups-1.1.17-13.3.16.i386.rpm 15cc19fff26090f2ac2a3ae9fe8edade cups-devel-1.1.17-13.3.16.i386.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm ia64: c8b90a470b68b58fed2e82e570f5ee92 cups-1.1.17-13.3.16.ia64.rpm e6eac12d4a04cc3f2f78d5bcf04b3225 cups-devel-1.1.17-13.3.16.ia64.rpm ca472cbe2195dbc118ccfbc05644da0f cups-libs-1.1.17-13.3.16.ia64.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm x86_64: 2909c8b13ebabafe4f9832e571452226 cups-1.1.17-13.3.16.x86_64.rpm 351a15fe066f9650c293d91d5edca0d8 cups-devel-1.1.17-13.3.16.x86_64.rpm d3dddda473fe262daea7770ad1c6b6b2 cups-libs-1.1.17-13.3.16.x86_64.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cups-1.1.17-13.3.16.src.rpm 5115ddbfb412786152b559c645008d04 cups-1.1.17-13.3.16.src.rpm i386: ba0ce8b3a0e6f96f65e805b18abb9710 cups-1.1.17-13.3.16.i386.rpm 15cc19fff26090f2ac2a3ae9fe8edade cups-devel-1.1.17-13.3.16.i386.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm ia64: c8b90a470b68b58fed2e82e570f5ee92 cups-1.1.17-13.3.16.ia64.rpm e6eac12d4a04cc3f2f78d5bcf04b3225 cups-devel-1.1.17-13.3.16.ia64.rpm ca472cbe2195dbc118ccfbc05644da0f cups-libs-1.1.17-13.3.16.ia64.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm x86_64: 2909c8b13ebabafe4f9832e571452226 cups-1.1.17-13.3.16.x86_64.rpm 351a15fe066f9650c293d91d5edca0d8 cups-devel-1.1.17-13.3.16.x86_64.rpm d3dddda473fe262daea7770ad1c6b6b2 cups-libs-1.1.17-13.3.16.x86_64.rpm f9c322a11ba0b571dd986dac596fe9e3 cups-libs-1.1.17-13.3.16.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0923 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBeSOnXlSAg2UNWIIRAlxAAJ9WyDOPr6em8vXIk0SXsIA9NC2MNwCgv7ws SFXFonpckLShZW9rZb3zjaA= =QEhf -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Oct 22 15:14:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 22 Oct 2004 11:14 -0400 Subject: [RHSA-2004:577-01] Updated libtiff packages Message-ID: <200410221514.i9MFE3a11031@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated libtiff packages Advisory ID: RHSA-2004:577-01 Issue date: 2004-10-22 Updated on: 2004-10-22 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-0803 CAN-2004-0886 CAN-2004-0804 - --------------------------------------------------------------------- 1. Summary: Updated libtiff packages that fix various buffer and integer overflows are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect libtiff. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0886 and CAN-2004-0804 to these issues. Additionally, a number of buffer overflow bugs that affect libtiff have been found. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0803 to this issue. All users are advised to upgrade to these errata packages, which contain fixes for these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 134847 - CAN-2004-0803 buffer overflows in libtiff 134850 - CAN-2004-0886 multiple integer overflows in libtiff 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libtiff-3.5.5-17.src.rpm 81fdc07747655ddf15df50f3e091bd88 libtiff-3.5.5-17.src.rpm i386: 3c3cfb6ea1d426f7dfaf3eba049b01fa libtiff-3.5.5-17.i386.rpm bed65897ba0f56dd646cfe108d16ec53 libtiff-devel-3.5.5-17.i386.rpm ia64: 2dd106332e7f94e7c1b68a259b697527 libtiff-3.5.5-17.ia64.rpm f55c05ad31942a5c55e05afc3f1cffac libtiff-devel-3.5.5-17.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libtiff-3.5.5-17.src.rpm 81fdc07747655ddf15df50f3e091bd88 libtiff-3.5.5-17.src.rpm ia64: 2dd106332e7f94e7c1b68a259b697527 libtiff-3.5.5-17.ia64.rpm f55c05ad31942a5c55e05afc3f1cffac libtiff-devel-3.5.5-17.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libtiff-3.5.5-17.src.rpm 81fdc07747655ddf15df50f3e091bd88 libtiff-3.5.5-17.src.rpm i386: 3c3cfb6ea1d426f7dfaf3eba049b01fa libtiff-3.5.5-17.i386.rpm bed65897ba0f56dd646cfe108d16ec53 libtiff-devel-3.5.5-17.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libtiff-3.5.5-17.src.rpm 81fdc07747655ddf15df50f3e091bd88 libtiff-3.5.5-17.src.rpm i386: 3c3cfb6ea1d426f7dfaf3eba049b01fa libtiff-3.5.5-17.i386.rpm bed65897ba0f56dd646cfe108d16ec53 libtiff-devel-3.5.5-17.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libtiff-3.5.7-20.1.src.rpm 63d28c10b3bd0c697395b236c675fc79 libtiff-3.5.7-20.1.src.rpm i386: 818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm 41d907de858669e84d1a2c9bad3c5051 libtiff-devel-3.5.7-20.1.i386.rpm ia64: 223bd77614b274ea88e82cc2b7179fc5 libtiff-3.5.7-20.1.ia64.rpm 818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm f28363290fa144bdc459ff3804cdf5aa libtiff-devel-3.5.7-20.1.ia64.rpm ppc: 10659dd13f97307f8066a4807f941264 libtiff-3.5.7-20.1.ppc.rpm b439935cb94f59e804e51ec43bf1f990 libtiff-3.5.7-20.1.ppc64.rpm baf93839e20c42f0a60690a19eabd883 libtiff-devel-3.5.7-20.1.ppc.rpm s390: 1455a42e3976cae523bf87e3708ff35e libtiff-3.5.7-20.1.s390.rpm 8a4ba4c7c08f3c7774b1596ff10ba15a libtiff-devel-3.5.7-20.1.s390.rpm s390x: a3be3779774c347e96d761cbd97ff898 libtiff-3.5.7-20.1.s390x.rpm 1455a42e3976cae523bf87e3708ff35e libtiff-3.5.7-20.1.s390.rpm bc686fba5bea3978cdfaa99134615e77 libtiff-devel-3.5.7-20.1.s390x.rpm x86_64: 47246fe4da56c5bd5c75c35a50d7ad7c libtiff-3.5.7-20.1.x86_64.rpm 818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm 51458cc4571eff6f68fa528b19acbd68 libtiff-devel-3.5.7-20.1.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libtiff-3.5.7-20.1.src.rpm 63d28c10b3bd0c697395b236c675fc79 libtiff-3.5.7-20.1.src.rpm i386: 818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm 41d907de858669e84d1a2c9bad3c5051 libtiff-devel-3.5.7-20.1.i386.rpm x86_64: 47246fe4da56c5bd5c75c35a50d7ad7c libtiff-3.5.7-20.1.x86_64.rpm 818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm 51458cc4571eff6f68fa528b19acbd68 libtiff-devel-3.5.7-20.1.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libtiff-3.5.7-20.1.src.rpm 63d28c10b3bd0c697395b236c675fc79 libtiff-3.5.7-20.1.src.rpm i386: 818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm 41d907de858669e84d1a2c9bad3c5051 libtiff-devel-3.5.7-20.1.i386.rpm ia64: 223bd77614b274ea88e82cc2b7179fc5 libtiff-3.5.7-20.1.ia64.rpm 818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm f28363290fa144bdc459ff3804cdf5aa libtiff-devel-3.5.7-20.1.ia64.rpm x86_64: 47246fe4da56c5bd5c75c35a50d7ad7c libtiff-3.5.7-20.1.x86_64.rpm 818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm 51458cc4571eff6f68fa528b19acbd68 libtiff-devel-3.5.7-20.1.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libtiff-3.5.7-20.1.src.rpm 63d28c10b3bd0c697395b236c675fc79 libtiff-3.5.7-20.1.src.rpm i386: 818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm 41d907de858669e84d1a2c9bad3c5051 libtiff-devel-3.5.7-20.1.i386.rpm ia64: 223bd77614b274ea88e82cc2b7179fc5 libtiff-3.5.7-20.1.ia64.rpm 818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm f28363290fa144bdc459ff3804cdf5aa libtiff-devel-3.5.7-20.1.ia64.rpm x86_64: 47246fe4da56c5bd5c75c35a50d7ad7c libtiff-3.5.7-20.1.x86_64.rpm 818848dcbf461a6f37790579d8c80f0f libtiff-3.5.7-20.1.i386.rpm 51458cc4571eff6f68fa528b19acbd68 libtiff-devel-3.5.7-20.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBeSOyXlSAg2UNWIIRAmEZAJ9zoy5yAHcQaN702g07b68BnKTVKQCfXtU/ XAstdvkT337/IlEh6vd4RGA= =P/Az -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 27 15:29:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 Oct 2004 11:29 -0400 Subject: [RHSA-2004:611-01] Updated mysql-server package Message-ID: <200410271529.i9RFTia03505@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated mysql-server package Advisory ID: RHSA-2004:611-01 Issue date: 2004-10-27 Updated on: 2004-10-27 Product: Red Hat Enterprise Linux LACD Cross references: RHSA-2004:569 CVE Names: CAN-2004-0835 CAN-2004-0836 CAN-2004-0837 CAN-2004-0957 - --------------------------------------------------------------------- 1. Summary: An updated mysql-server package that fixes various security issues is now available in the Red Hat Enterprise Linux 3 Extras channel of Red Hat Network. 2. Relevant releases/architectures: Red Hat Enterprise Linux LACD 3AS - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux LACD 3Desktop - i386, x86_64 Red Hat Enterprise Linux LACD 3ES - i386, ia64, x86_64 Red Hat Enterprise Linux LACD 3WS - i386, ia64, x86_64 3. Problem description: MySQL is a multi-user, multi-threaded SQL database server. A number of security issues that affect the mysql-server package have been reported. Although Red Hat Enterprise Linux 3 does not ship with the mysql-server package, the affected package is available from the Red Hat Network Extras channel. Oleksandr Byelkin discovered that "ALTER TABLE ... RENAME" checked the CREATE/INSERT rights of the old table instead of the new one. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0835 to this issue. Lukasz Wojtow discovered a buffer overrun in the mysql_real_connect function. In order to exploit this issue an attacker would need to force the use of a malicious DNS server (CAN-2004-0836). Dean Ellis discovered that multiple threads ALTERing the same (or different) MERGE tables to change the UNION could cause the server to crash or stall (CAN-2004-0837). Sergei Golubchik discovered that if a user is granted privileges to a database with a name containing an underscore ("_"), the user also gains the ability to grant privileges to other databases with similar names (CAN-2004-0957). Users of mysql-server should upgrade to these erratum packages, which correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.m 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 135372 - CAN-2004-0835 MySQL flaws (CAN-2004-0836, CAN-2004-0837, CAN-2004-0957) 6. RPMs required: Red Hat Enterprise Linux LACD 3AS: i386: 87d3b9628b48bf11ba4c446f1eee2ea7 mysql-server-3.23.58-2.3.i386.rpm ia64: 8e8ae3ba7b5ec198f59e5dace66b4bd0 mysql-server-3.23.58-2.3.ia64.rpm ppc: 22c60b803409385945e43b254f18d066 mysql-server-3.23.58-2.3.ppc.rpm s390: 24ef90f116cb8f7272c67b3c5ed3704a mysql-server-3.23.58-2.3.s390.rpm s390x: 131e3e1b237e15141928385e96ab8aad mysql-server-3.23.58-2.3.s390x.rpm x86_64: b193c8e8d077a3fe10d20d090450d0db mysql-server-3.23.58-2.3.x86_64.rpm Red Hat Enterprise Linux LACD 3Desktop: i386: 87d3b9628b48bf11ba4c446f1eee2ea7 mysql-server-3.23.58-2.3.i386.rpm x86_64: b193c8e8d077a3fe10d20d090450d0db mysql-server-3.23.58-2.3.x86_64.rpm Red Hat Enterprise Linux LACD 3ES: i386: 87d3b9628b48bf11ba4c446f1eee2ea7 mysql-server-3.23.58-2.3.i386.rpm ia64: 8e8ae3ba7b5ec198f59e5dace66b4bd0 mysql-server-3.23.58-2.3.ia64.rpm x86_64: b193c8e8d077a3fe10d20d090450d0db mysql-server-3.23.58-2.3.x86_64.rpm Red Hat Enterprise Linux LACD 3WS: i386: 87d3b9628b48bf11ba4c446f1eee2ea7 mysql-server-3.23.58-2.3.i386.rpm ia64: 8e8ae3ba7b5ec198f59e5dace66b4bd0 mysql-server-3.23.58-2.3.ia64.rpm x86_64: b193c8e8d077a3fe10d20d090450d0db mysql-server-3.23.58-2.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0836 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0957 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBf77lXlSAg2UNWIIRAkNPAJ94S3OUrpLXTne6g1PRzTiR+d7ylACgggzZ J/draDLDM6pD1l0eXlUQs3U= =unWk -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 27 15:37:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 Oct 2004 11:37 -0400 Subject: [RHSA-2004:585-01] Updated xchat package fixes SOCKSv5 proxy security issue Message-ID: <200410271537.i9RFb3a03989@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated xchat package fixes SOCKSv5 proxy security issue Advisory ID: RHSA-2004:585-01 Issue date: 2004-10-27 Updated on: 2004-10-27 Product: Red Hat Enterprise Linux Keywords: X-Chat CVE Names: CAN-2004-0409 - --------------------------------------------------------------------- 1. Summary: An updated xchat package that fixes a stack buffer overflow in the SOCKSv5 proxy code. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: X-Chat is a graphical IRC chat client for the X Window System. A stack buffer overflow has been fixed in the SOCKSv5 proxy code. An attacker could create a malicious SOCKSv5 proxy server in such a way that X-Chat would execute arbitrary code if a victim configured X-Chat to use the proxy. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0409 to this issue. Users of X-Chat should upgrade to this erratum package, which contains a backported security patch, and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 135238 - CAN-2004-0409 XChat buffer overflow in socks5 proxy 121333 - CAN-2004-0409 XChat buffer overflow in socks5 proxy 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/xchat-1.8.9-1.21as.2.src.rpm 6d5775b3f8aad029c4d793850ad886d7 xchat-1.8.9-1.21as.2.src.rpm i386: 903f03b6faffb88f391484b448c3f637 xchat-1.8.9-1.21as.2.i386.rpm ia64: 39a974df6da586d236283bff42e6bb3e xchat-1.8.9-1.21as.2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/xchat-1.8.9-1.21as.2.src.rpm 6d5775b3f8aad029c4d793850ad886d7 xchat-1.8.9-1.21as.2.src.rpm ia64: 39a974df6da586d236283bff42e6bb3e xchat-1.8.9-1.21as.2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/xchat-1.8.9-1.21as.2.src.rpm 6d5775b3f8aad029c4d793850ad886d7 xchat-1.8.9-1.21as.2.src.rpm i386: 903f03b6faffb88f391484b448c3f637 xchat-1.8.9-1.21as.2.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/xchat-1.8.9-1.21as.2.src.rpm 6d5775b3f8aad029c4d793850ad886d7 xchat-1.8.9-1.21as.2.src.rpm i386: 903f03b6faffb88f391484b448c3f637 xchat-1.8.9-1.21as.2.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xchat-2.0.4-4.EL.src.rpm 24dcd2f613f5d14c1f091cdfc1fdd6ca xchat-2.0.4-4.EL.src.rpm i386: 431bffb1410d138f3fc7ddf98668654a xchat-2.0.4-4.EL.i386.rpm ia64: ad3c4335eacf54f0d1841e07d0168a49 xchat-2.0.4-4.EL.ia64.rpm ppc: fd3713f4b7d731c451b7d787857c1a74 xchat-2.0.4-4.EL.ppc.rpm s390: 696feca825d882bd23a594c6016e3fd6 xchat-2.0.4-4.EL.s390.rpm s390x: a6f0191edb52adea9f3ae8dfd9de217c xchat-2.0.4-4.EL.s390x.rpm x86_64: 7398eacb0210d9b66f16c07b389dd173 xchat-2.0.4-4.EL.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/xchat-2.0.4-4.EL.src.rpm 24dcd2f613f5d14c1f091cdfc1fdd6ca xchat-2.0.4-4.EL.src.rpm i386: 431bffb1410d138f3fc7ddf98668654a xchat-2.0.4-4.EL.i386.rpm x86_64: 7398eacb0210d9b66f16c07b389dd173 xchat-2.0.4-4.EL.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/xchat-2.0.4-4.EL.src.rpm 24dcd2f613f5d14c1f091cdfc1fdd6ca xchat-2.0.4-4.EL.src.rpm i386: 431bffb1410d138f3fc7ddf98668654a xchat-2.0.4-4.EL.i386.rpm ia64: ad3c4335eacf54f0d1841e07d0168a49 xchat-2.0.4-4.EL.ia64.rpm x86_64: 7398eacb0210d9b66f16c07b389dd173 xchat-2.0.4-4.EL.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/xchat-2.0.4-4.EL.src.rpm 24dcd2f613f5d14c1f091cdfc1fdd6ca xchat-2.0.4-4.EL.src.rpm i386: 431bffb1410d138f3fc7ddf98668654a xchat-2.0.4-4.EL.i386.rpm ia64: ad3c4335eacf54f0d1841e07d0168a49 xchat-2.0.4-4.EL.ia64.rpm x86_64: 7398eacb0210d9b66f16c07b389dd173 xchat-2.0.4-4.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 7. References: http://mail.nl.linux.org/xchat-announce/2004-04/msg00000.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0409 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBf8BqXlSAg2UNWIIRAh9xAKC2qncgIfUgqgBXgoqrkuahLtdmpQCfcv6t txB9W4VYt3wzwQbxgQsHQH0= =ODms -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Oct 27 15:40:00 2004 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 Oct 2004 11:40 -0400 Subject: [RHSA-2004:592-01] Updated xpdf package fixes security flaws Message-ID: <200410271540.i9RFeGa04190@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated xpdf package fixes security flaws Advisory ID: RHSA-2004:592-01 Issue date: 2004-10-27 Updated on: 2004-10-27 Product: Red Hat Enterprise Linux Obsoletes: RHSA-2004:197 CVE Names: CAN-2004-0888 - --------------------------------------------------------------------- 1. Summary: An updated xpdf package that fixes a number of integer overflow security flaws is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0888 to this issue. Users of xpdf are advised to upgrade to this errata package, which contains a backported patch correcting these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 135393 - CAN-2004-0888 xpdf integer overflows 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/xpdf-0.92-13.src.rpm eb893292a8acc37274ca39ed1c5167b7 xpdf-0.92-13.src.rpm i386: e7fc401fa264c14f291722cc6882bace xpdf-0.92-13.i386.rpm ia64: 59ff577e0a5f8690fd2f866698c18a24 xpdf-0.92-13.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/xpdf-0.92-13.src.rpm eb893292a8acc37274ca39ed1c5167b7 xpdf-0.92-13.src.rpm ia64: 59ff577e0a5f8690fd2f866698c18a24 xpdf-0.92-13.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/xpdf-0.92-13.src.rpm eb893292a8acc37274ca39ed1c5167b7 xpdf-0.92-13.src.rpm i386: e7fc401fa264c14f291722cc6882bace xpdf-0.92-13.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/xpdf-0.92-13.src.rpm eb893292a8acc37274ca39ed1c5167b7 xpdf-0.92-13.src.rpm i386: e7fc401fa264c14f291722cc6882bace xpdf-0.92-13.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xpdf-2.02-9.3.src.rpm d5e0ad682a7e83311d5588ef25984329 xpdf-2.02-9.3.src.rpm i386: c62ccce8752958320f429b2f0275b583 xpdf-2.02-9.3.i386.rpm ia64: 5e54249c54111231f3e75f82dd7b7382 xpdf-2.02-9.3.ia64.rpm ppc: 5d9553b6885a16fdf76e4e5d6124ca3d xpdf-2.02-9.3.ppc.rpm s390: 933965cf519099e14f691957821ed33e xpdf-2.02-9.3.s390.rpm s390x: bc33104553fa2bc65484df8b0cdfc214 xpdf-2.02-9.3.s390x.rpm x86_64: a5a3d7385ddd6a097a28bbf61e0191c6 xpdf-2.02-9.3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/xpdf-2.02-9.3.src.rpm d5e0ad682a7e83311d5588ef25984329 xpdf-2.02-9.3.src.rpm i386: c62ccce8752958320f429b2f0275b583 xpdf-2.02-9.3.i386.rpm x86_64: a5a3d7385ddd6a097a28bbf61e0191c6 xpdf-2.02-9.3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/xpdf-2.02-9.3.src.rpm d5e0ad682a7e83311d5588ef25984329 xpdf-2.02-9.3.src.rpm i386: c62ccce8752958320f429b2f0275b583 xpdf-2.02-9.3.i386.rpm ia64: 5e54249c54111231f3e75f82dd7b7382 xpdf-2.02-9.3.ia64.rpm x86_64: a5a3d7385ddd6a097a28bbf61e0191c6 xpdf-2.02-9.3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/xpdf-2.02-9.3.src.rpm d5e0ad682a7e83311d5588ef25984329 xpdf-2.02-9.3.src.rpm i386: c62ccce8752958320f429b2f0275b583 xpdf-2.02-9.3.i386.rpm ia64: 5e54249c54111231f3e75f82dd7b7382 xpdf-2.02-9.3.ia64.rpm x86_64: a5a3d7385ddd6a097a28bbf61e0191c6 xpdf-2.02-9.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBf8DIXlSAg2UNWIIRAncGAJ0biFHxokhUBmgL9dOnbv6YeZ+8nQCfUHl3 cCBJdKfmyuhZwjnW71uK3Hg= =ZONG -----END PGP SIGNATURE-----