From bugzilla at redhat.com Fri Apr 1 14:49:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 1 Apr 2005 09:49 -0500 Subject: [RHSA-2005:344-01] Important: gtk2 security update Message-ID: <200504011449.j31EnLZ25982@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: gtk2 security update Advisory ID: RHSA-2005:344-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-344.html Issue date: 2005-04-01 Updated on: 2005-04-01 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0891 - --------------------------------------------------------------------- 1. Summary: Updated gtk2 packages that fix a double free vulnerability are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way gtk2 processes BMP images. It is possible that a specially crafted BMP image could cause a denial of service attack on applications linked against gtk2. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to this issue. Users of gtk2 are advised to upgrade to these packages, which contain a backported patch and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 152317 - CAN-2005-0891 gdk-pixbuf BMP double free DoS 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gtk2-2.2.4-15.src.rpm 0a30c8ebefcfae17e5a19575bc328685 gtk2-2.2.4-15.src.rpm i386: 98a763c907f9cde57d447ecc9ce69252 gtk2-2.2.4-15.i386.rpm 066bddc2276dccfd7bb0b72517637662 gtk2-devel-2.2.4-15.i386.rpm ia64: baed53da0de7155699e61842ef41e3fc gtk2-2.2.4-15.ia64.rpm 98a763c907f9cde57d447ecc9ce69252 gtk2-2.2.4-15.i386.rpm 7a0b78f2dc0b6d31f2c9d1ed80f446e4 gtk2-devel-2.2.4-15.ia64.rpm ppc: a99bbccf1f40a4623fed1b95c46add10 gtk2-2.2.4-15.ppc.rpm abfbf4e46c2a7d6493a6bfac1e4be816 gtk2-2.2.4-15.ppc64.rpm 02ea01802becb94924e2eb6ee516cd32 gtk2-devel-2.2.4-15.ppc.rpm s390: 43b69fdf1aa8d9c2c887e3102de177b7 gtk2-2.2.4-15.s390.rpm 8af03aee1a14ec0369bd441a53921648 gtk2-devel-2.2.4-15.s390.rpm s390x: a8a651570741b86471a63ed94183f210 gtk2-2.2.4-15.s390x.rpm 43b69fdf1aa8d9c2c887e3102de177b7 gtk2-2.2.4-15.s390.rpm 9c485a6e78fa1d1d153c8786e4cf5532 gtk2-devel-2.2.4-15.s390x.rpm x86_64: e4ab1dddc4d0dc5e2f6db0905be62819 gtk2-2.2.4-15.x86_64.rpm 98a763c907f9cde57d447ecc9ce69252 gtk2-2.2.4-15.i386.rpm 90dabc5f8e3c4218b2e47c244b0bedbf gtk2-devel-2.2.4-15.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gtk2-2.2.4-15.src.rpm 0a30c8ebefcfae17e5a19575bc328685 gtk2-2.2.4-15.src.rpm i386: 98a763c907f9cde57d447ecc9ce69252 gtk2-2.2.4-15.i386.rpm 066bddc2276dccfd7bb0b72517637662 gtk2-devel-2.2.4-15.i386.rpm x86_64: e4ab1dddc4d0dc5e2f6db0905be62819 gtk2-2.2.4-15.x86_64.rpm 98a763c907f9cde57d447ecc9ce69252 gtk2-2.2.4-15.i386.rpm 90dabc5f8e3c4218b2e47c244b0bedbf gtk2-devel-2.2.4-15.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gtk2-2.2.4-15.src.rpm 0a30c8ebefcfae17e5a19575bc328685 gtk2-2.2.4-15.src.rpm i386: 98a763c907f9cde57d447ecc9ce69252 gtk2-2.2.4-15.i386.rpm 066bddc2276dccfd7bb0b72517637662 gtk2-devel-2.2.4-15.i386.rpm ia64: baed53da0de7155699e61842ef41e3fc gtk2-2.2.4-15.ia64.rpm 98a763c907f9cde57d447ecc9ce69252 gtk2-2.2.4-15.i386.rpm 7a0b78f2dc0b6d31f2c9d1ed80f446e4 gtk2-devel-2.2.4-15.ia64.rpm x86_64: e4ab1dddc4d0dc5e2f6db0905be62819 gtk2-2.2.4-15.x86_64.rpm 98a763c907f9cde57d447ecc9ce69252 gtk2-2.2.4-15.i386.rpm 90dabc5f8e3c4218b2e47c244b0bedbf gtk2-devel-2.2.4-15.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gtk2-2.2.4-15.src.rpm 0a30c8ebefcfae17e5a19575bc328685 gtk2-2.2.4-15.src.rpm i386: 98a763c907f9cde57d447ecc9ce69252 gtk2-2.2.4-15.i386.rpm 066bddc2276dccfd7bb0b72517637662 gtk2-devel-2.2.4-15.i386.rpm ia64: baed53da0de7155699e61842ef41e3fc gtk2-2.2.4-15.ia64.rpm 98a763c907f9cde57d447ecc9ce69252 gtk2-2.2.4-15.i386.rpm 7a0b78f2dc0b6d31f2c9d1ed80f446e4 gtk2-devel-2.2.4-15.ia64.rpm x86_64: e4ab1dddc4d0dc5e2f6db0905be62819 gtk2-2.2.4-15.x86_64.rpm 98a763c907f9cde57d447ecc9ce69252 gtk2-2.2.4-15.i386.rpm 90dabc5f8e3c4218b2e47c244b0bedbf gtk2-devel-2.2.4-15.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gtk2-2.4.13-14.src.rpm 118cc192bec153115de78c71cfac9bba gtk2-2.4.13-14.src.rpm i386: 48c40e37a9881922692c379a023f40c2 gtk2-2.4.13-14.i386.rpm af3138588aa04815a27d638ecbcb6c8b gtk2-devel-2.4.13-14.i386.rpm ia64: 33d94f949a3b40af64c2b32d167ff228 gtk2-2.4.13-14.ia64.rpm 48c40e37a9881922692c379a023f40c2 gtk2-2.4.13-14.i386.rpm 73608a9226dd9dd4659160f38ce0fee4 gtk2-devel-2.4.13-14.ia64.rpm ppc: 8c84158372ac0bcca09ab775eed2fee2 gtk2-2.4.13-14.ppc.rpm 3a61040d1dd81afa0dbca8ead7e125ee gtk2-2.4.13-14.ppc64.rpm c9e7694d7514c897373ef6883abaebc5 gtk2-devel-2.4.13-14.ppc.rpm s390: 3c1076cdca18a62dccab35d5e03371e2 gtk2-2.4.13-14.s390.rpm 1e0c97c0e3a75b7e6431de79dc471683 gtk2-devel-2.4.13-14.s390.rpm s390x: 35b3be76b835158f9c0fb8046753ff47 gtk2-2.4.13-14.s390x.rpm 3c1076cdca18a62dccab35d5e03371e2 gtk2-2.4.13-14.s390.rpm c3e93e8160bc0b79e101a959ebc55cfd gtk2-devel-2.4.13-14.s390x.rpm x86_64: 0ce827bf741b096da96f49e0a461d228 gtk2-2.4.13-14.x86_64.rpm 48c40e37a9881922692c379a023f40c2 gtk2-2.4.13-14.i386.rpm 11876fb98d0f3d6d4dc8b767110298f8 gtk2-devel-2.4.13-14.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gtk2-2.4.13-14.src.rpm 118cc192bec153115de78c71cfac9bba gtk2-2.4.13-14.src.rpm i386: 48c40e37a9881922692c379a023f40c2 gtk2-2.4.13-14.i386.rpm af3138588aa04815a27d638ecbcb6c8b gtk2-devel-2.4.13-14.i386.rpm x86_64: 0ce827bf741b096da96f49e0a461d228 gtk2-2.4.13-14.x86_64.rpm 48c40e37a9881922692c379a023f40c2 gtk2-2.4.13-14.i386.rpm 11876fb98d0f3d6d4dc8b767110298f8 gtk2-devel-2.4.13-14.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gtk2-2.4.13-14.src.rpm 118cc192bec153115de78c71cfac9bba gtk2-2.4.13-14.src.rpm i386: 48c40e37a9881922692c379a023f40c2 gtk2-2.4.13-14.i386.rpm af3138588aa04815a27d638ecbcb6c8b gtk2-devel-2.4.13-14.i386.rpm ia64: 33d94f949a3b40af64c2b32d167ff228 gtk2-2.4.13-14.ia64.rpm 48c40e37a9881922692c379a023f40c2 gtk2-2.4.13-14.i386.rpm 73608a9226dd9dd4659160f38ce0fee4 gtk2-devel-2.4.13-14.ia64.rpm x86_64: 0ce827bf741b096da96f49e0a461d228 gtk2-2.4.13-14.x86_64.rpm 48c40e37a9881922692c379a023f40c2 gtk2-2.4.13-14.i386.rpm 11876fb98d0f3d6d4dc8b767110298f8 gtk2-devel-2.4.13-14.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gtk2-2.4.13-14.src.rpm 118cc192bec153115de78c71cfac9bba gtk2-2.4.13-14.src.rpm i386: 48c40e37a9881922692c379a023f40c2 gtk2-2.4.13-14.i386.rpm af3138588aa04815a27d638ecbcb6c8b gtk2-devel-2.4.13-14.i386.rpm ia64: 33d94f949a3b40af64c2b32d167ff228 gtk2-2.4.13-14.ia64.rpm 48c40e37a9881922692c379a023f40c2 gtk2-2.4.13-14.i386.rpm 73608a9226dd9dd4659160f38ce0fee4 gtk2-devel-2.4.13-14.ia64.rpm x86_64: 0ce827bf741b096da96f49e0a461d228 gtk2-2.4.13-14.x86_64.rpm 48c40e37a9881922692c379a023f40c2 gtk2-2.4.13-14.i386.rpm 11876fb98d0f3d6d4dc8b767110298f8 gtk2-devel-2.4.13-14.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0891 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCTV9nXlSAg2UNWIIRAqyUAJ4nX8OyUx4oplTnaP8Cd7xX9/7FbACfWeI+ qNkO6dqzlYCVfySatzndq7M= =Eb3j -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Apr 1 14:49:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 1 Apr 2005 09:49 -0500 Subject: [RHSA-2005:354-01] Moderate: tetex security update Message-ID: <200504011449.j31EnpZ26057@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: tetex security update Advisory ID: RHSA-2005:354-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-354.html Issue date: 2005-04-01 Updated on: 2005-04-01 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-0803 CAN-2004-0804 CAN-2004-0886 CAN-2004-0888 CAN-2004-1125 - --------------------------------------------------------------------- 1. Summary: Updated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. A number of security flaws have been found affecting libraries used internally within teTeX. An attacker who has the ability to trick a user into processing a malicious file with teTeX could cause teTeX to crash or possibly execute arbitrary code. A number of integer overflow bugs that affect Xpdf were discovered. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0888 and CAN-2004-1125 to these issues. A number of integer overflow bugs that affect libtiff were discovered. The teTeX package contains an internal copy of libtiff used for parsing TIFF image files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0803, CAN-2004-0804 and CAN-2004-0886 to these issues. Also latex2html is added to package tetex-latex for 64bit platforms. Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 137475 - CAN-2004-0888 xpdf integer overflows 137607 - CAN-2004-0803 multiple issues in libtiff (CAN-2004-0804 CAN-2004-0886) 137973 - tetex-latex package missing latex2html 145129 - CAN-2004-1125 xpdf buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/tetex-1.0.7-38.5E.8.src.rpm efdc50c77f165e2f8983817fc547a972 tetex-1.0.7-38.5E.8.src.rpm i386: 87812010eb54719fa75946a9f422028f tetex-1.0.7-38.5E.8.i386.rpm 99979e8cb09dbc5f656c03b048f07a4a tetex-afm-1.0.7-38.5E.8.i386.rpm 774cb4e1b460beccd4f68e4d50253c6b tetex-doc-1.0.7-38.5E.8.i386.rpm 6d1f1ebf300610c4a91d45bde42ca564 tetex-dvilj-1.0.7-38.5E.8.i386.rpm 21726aabfaaadd6d35fb3b35bf9542f3 tetex-dvips-1.0.7-38.5E.8.i386.rpm b5197b336e0d80217cf1b6a7578f60d5 tetex-fonts-1.0.7-38.5E.8.i386.rpm 93da69b331bc13c0092eed64184a213f tetex-latex-1.0.7-38.5E.8.i386.rpm 4abe6bf82b846b69a5278374f549243d tetex-xdvi-1.0.7-38.5E.8.i386.rpm ia64: 65fa9f50ff34d83f16d930f4be8fd09f tetex-1.0.7-38.5E.8.ia64.rpm 32cab33699c3928e2c743538b02fb568 tetex-afm-1.0.7-38.5E.8.ia64.rpm d2530b745bca8e100b10c351b07db66e tetex-doc-1.0.7-38.5E.8.ia64.rpm 088cf8bde9281498821c578418ba2c7b tetex-dvilj-1.0.7-38.5E.8.ia64.rpm 759261d6cb19e58d5ccd84aa4b8ff77f tetex-dvips-1.0.7-38.5E.8.ia64.rpm aa145c8fc8f88176ca9958b1d25969c7 tetex-fonts-1.0.7-38.5E.8.ia64.rpm 59dd10dbea7a5761f0708faf38924b4d tetex-latex-1.0.7-38.5E.8.ia64.rpm 146fa129f82b229b3736de8646c88bba tetex-xdvi-1.0.7-38.5E.8.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/tetex-1.0.7-38.5E.8.src.rpm efdc50c77f165e2f8983817fc547a972 tetex-1.0.7-38.5E.8.src.rpm ia64: 65fa9f50ff34d83f16d930f4be8fd09f tetex-1.0.7-38.5E.8.ia64.rpm 32cab33699c3928e2c743538b02fb568 tetex-afm-1.0.7-38.5E.8.ia64.rpm d2530b745bca8e100b10c351b07db66e tetex-doc-1.0.7-38.5E.8.ia64.rpm 088cf8bde9281498821c578418ba2c7b tetex-dvilj-1.0.7-38.5E.8.ia64.rpm 759261d6cb19e58d5ccd84aa4b8ff77f tetex-dvips-1.0.7-38.5E.8.ia64.rpm aa145c8fc8f88176ca9958b1d25969c7 tetex-fonts-1.0.7-38.5E.8.ia64.rpm 59dd10dbea7a5761f0708faf38924b4d tetex-latex-1.0.7-38.5E.8.ia64.rpm 146fa129f82b229b3736de8646c88bba tetex-xdvi-1.0.7-38.5E.8.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/tetex-1.0.7-38.5E.8.src.rpm efdc50c77f165e2f8983817fc547a972 tetex-1.0.7-38.5E.8.src.rpm i386: 87812010eb54719fa75946a9f422028f tetex-1.0.7-38.5E.8.i386.rpm 99979e8cb09dbc5f656c03b048f07a4a tetex-afm-1.0.7-38.5E.8.i386.rpm 774cb4e1b460beccd4f68e4d50253c6b tetex-doc-1.0.7-38.5E.8.i386.rpm 6d1f1ebf300610c4a91d45bde42ca564 tetex-dvilj-1.0.7-38.5E.8.i386.rpm 21726aabfaaadd6d35fb3b35bf9542f3 tetex-dvips-1.0.7-38.5E.8.i386.rpm b5197b336e0d80217cf1b6a7578f60d5 tetex-fonts-1.0.7-38.5E.8.i386.rpm 93da69b331bc13c0092eed64184a213f tetex-latex-1.0.7-38.5E.8.i386.rpm 4abe6bf82b846b69a5278374f549243d tetex-xdvi-1.0.7-38.5E.8.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/tetex-1.0.7-38.5E.8.src.rpm efdc50c77f165e2f8983817fc547a972 tetex-1.0.7-38.5E.8.src.rpm i386: 87812010eb54719fa75946a9f422028f tetex-1.0.7-38.5E.8.i386.rpm 99979e8cb09dbc5f656c03b048f07a4a tetex-afm-1.0.7-38.5E.8.i386.rpm 774cb4e1b460beccd4f68e4d50253c6b tetex-doc-1.0.7-38.5E.8.i386.rpm 6d1f1ebf300610c4a91d45bde42ca564 tetex-dvilj-1.0.7-38.5E.8.i386.rpm 21726aabfaaadd6d35fb3b35bf9542f3 tetex-dvips-1.0.7-38.5E.8.i386.rpm b5197b336e0d80217cf1b6a7578f60d5 tetex-fonts-1.0.7-38.5E.8.i386.rpm 93da69b331bc13c0092eed64184a213f tetex-latex-1.0.7-38.5E.8.i386.rpm 4abe6bf82b846b69a5278374f549243d tetex-xdvi-1.0.7-38.5E.8.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/tetex-1.0.7-67.7.src.rpm 854d764fdb5f6e46643ecbf99e6e731d tetex-1.0.7-67.7.src.rpm i386: c6585335e6d36db0949c1735d63b147b tetex-1.0.7-67.7.i386.rpm 805f8b3bd65b991f37d592cb4bf6f3fe tetex-afm-1.0.7-67.7.i386.rpm 1aa30f4a4d8453a25b71a3d49b1a5123 tetex-dvips-1.0.7-67.7.i386.rpm 2ba001752f221c3f66da9dd57b9482e8 tetex-fonts-1.0.7-67.7.i386.rpm deab3926c5684a456421593440b5402d tetex-latex-1.0.7-67.7.i386.rpm 0cb399b58499b90c1b821c5d2c5de310 tetex-xdvi-1.0.7-67.7.i386.rpm ia64: 3bfec159ab70183f6ec3cf6da7adbbf6 tetex-1.0.7-67.7.ia64.rpm 4e1e12be30d26c8e9da3f2ccd94f6b83 tetex-afm-1.0.7-67.7.ia64.rpm 8678f4ff52a508079c8c5d52073b0db3 tetex-dvips-1.0.7-67.7.ia64.rpm f2e647528bce1e99699ce688e780b3a6 tetex-fonts-1.0.7-67.7.ia64.rpm 3648e058c29ff1f2ed8b465aa6c761b1 tetex-latex-1.0.7-67.7.ia64.rpm e647055161692a9e8e9e0086443024be tetex-xdvi-1.0.7-67.7.ia64.rpm ppc: 6840b4b9525d995f6a8d0cff49ad342d tetex-1.0.7-67.7.ppc.rpm 686b36322cced7700b251cb799a149d9 tetex-afm-1.0.7-67.7.ppc.rpm 4864ff1dfb6fe6b0c487051272e598be tetex-dvips-1.0.7-67.7.ppc.rpm f49ebe65c04f7a6ef1758fe4bae993ed tetex-fonts-1.0.7-67.7.ppc.rpm 1ea30cb22124b4293d92ebf171b18372 tetex-latex-1.0.7-67.7.ppc.rpm e4d2624d104cfcae449e86939df8f100 tetex-xdvi-1.0.7-67.7.ppc.rpm s390: 06c6b4779930bb803b591af8f82014b7 tetex-1.0.7-67.7.s390.rpm 0cc859f1c101b0283cac22c8fa1f7029 tetex-afm-1.0.7-67.7.s390.rpm 82f0c5d4edc43b5592ee31580d3d2598 tetex-dvips-1.0.7-67.7.s390.rpm 5e24afa95c0c81b3f37ef9d58272a556 tetex-fonts-1.0.7-67.7.s390.rpm 3606c37243a599ed81b9193a9f7e2315 tetex-latex-1.0.7-67.7.s390.rpm 422d88e7e25fd240b2c58ec8f3454043 tetex-xdvi-1.0.7-67.7.s390.rpm s390x: fc0447b2810a6c4b88d3846b55eef1f7 tetex-1.0.7-67.7.s390x.rpm 01834580509ce3faa5f9ec40a50d9437 tetex-afm-1.0.7-67.7.s390x.rpm 8be653ea8a54e38df44405727b97221d tetex-dvips-1.0.7-67.7.s390x.rpm 2d9b29929e9e1e93e4b3054be00b109e tetex-fonts-1.0.7-67.7.s390x.rpm 9c693a28ad4f210e4a80faebe2610256 tetex-latex-1.0.7-67.7.s390x.rpm 54323c111589e10d0d19f62a45ae9e19 tetex-xdvi-1.0.7-67.7.s390x.rpm x86_64: f92595d5f66bc756925d8b7d4c3ce21e tetex-1.0.7-67.7.x86_64.rpm 4e422593568d8571c85e55e0ac863f78 tetex-afm-1.0.7-67.7.x86_64.rpm ff48c2cac6f376a8de35153d66584385 tetex-dvips-1.0.7-67.7.x86_64.rpm 5f5920b9b756fe6fdde41a93765d948b tetex-fonts-1.0.7-67.7.x86_64.rpm d5b5e98e220faf0c9a8c427ee9001f08 tetex-latex-1.0.7-67.7.x86_64.rpm 20fced0afb71e52bcdba17c96754daf4 tetex-xdvi-1.0.7-67.7.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/tetex-1.0.7-67.7.src.rpm 854d764fdb5f6e46643ecbf99e6e731d tetex-1.0.7-67.7.src.rpm i386: c6585335e6d36db0949c1735d63b147b tetex-1.0.7-67.7.i386.rpm 805f8b3bd65b991f37d592cb4bf6f3fe tetex-afm-1.0.7-67.7.i386.rpm 1aa30f4a4d8453a25b71a3d49b1a5123 tetex-dvips-1.0.7-67.7.i386.rpm 2ba001752f221c3f66da9dd57b9482e8 tetex-fonts-1.0.7-67.7.i386.rpm deab3926c5684a456421593440b5402d tetex-latex-1.0.7-67.7.i386.rpm 0cb399b58499b90c1b821c5d2c5de310 tetex-xdvi-1.0.7-67.7.i386.rpm x86_64: f92595d5f66bc756925d8b7d4c3ce21e tetex-1.0.7-67.7.x86_64.rpm 4e422593568d8571c85e55e0ac863f78 tetex-afm-1.0.7-67.7.x86_64.rpm ff48c2cac6f376a8de35153d66584385 tetex-dvips-1.0.7-67.7.x86_64.rpm 5f5920b9b756fe6fdde41a93765d948b tetex-fonts-1.0.7-67.7.x86_64.rpm d5b5e98e220faf0c9a8c427ee9001f08 tetex-latex-1.0.7-67.7.x86_64.rpm 20fced0afb71e52bcdba17c96754daf4 tetex-xdvi-1.0.7-67.7.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/tetex-1.0.7-67.7.src.rpm 854d764fdb5f6e46643ecbf99e6e731d tetex-1.0.7-67.7.src.rpm i386: c6585335e6d36db0949c1735d63b147b tetex-1.0.7-67.7.i386.rpm 805f8b3bd65b991f37d592cb4bf6f3fe tetex-afm-1.0.7-67.7.i386.rpm 1aa30f4a4d8453a25b71a3d49b1a5123 tetex-dvips-1.0.7-67.7.i386.rpm 2ba001752f221c3f66da9dd57b9482e8 tetex-fonts-1.0.7-67.7.i386.rpm deab3926c5684a456421593440b5402d tetex-latex-1.0.7-67.7.i386.rpm 0cb399b58499b90c1b821c5d2c5de310 tetex-xdvi-1.0.7-67.7.i386.rpm ia64: 3bfec159ab70183f6ec3cf6da7adbbf6 tetex-1.0.7-67.7.ia64.rpm 4e1e12be30d26c8e9da3f2ccd94f6b83 tetex-afm-1.0.7-67.7.ia64.rpm 8678f4ff52a508079c8c5d52073b0db3 tetex-dvips-1.0.7-67.7.ia64.rpm f2e647528bce1e99699ce688e780b3a6 tetex-fonts-1.0.7-67.7.ia64.rpm 3648e058c29ff1f2ed8b465aa6c761b1 tetex-latex-1.0.7-67.7.ia64.rpm e647055161692a9e8e9e0086443024be tetex-xdvi-1.0.7-67.7.ia64.rpm x86_64: f92595d5f66bc756925d8b7d4c3ce21e tetex-1.0.7-67.7.x86_64.rpm 4e422593568d8571c85e55e0ac863f78 tetex-afm-1.0.7-67.7.x86_64.rpm ff48c2cac6f376a8de35153d66584385 tetex-dvips-1.0.7-67.7.x86_64.rpm 5f5920b9b756fe6fdde41a93765d948b tetex-fonts-1.0.7-67.7.x86_64.rpm d5b5e98e220faf0c9a8c427ee9001f08 tetex-latex-1.0.7-67.7.x86_64.rpm 20fced0afb71e52bcdba17c96754daf4 tetex-xdvi-1.0.7-67.7.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/tetex-1.0.7-67.7.src.rpm 854d764fdb5f6e46643ecbf99e6e731d tetex-1.0.7-67.7.src.rpm i386: c6585335e6d36db0949c1735d63b147b tetex-1.0.7-67.7.i386.rpm 805f8b3bd65b991f37d592cb4bf6f3fe tetex-afm-1.0.7-67.7.i386.rpm 1aa30f4a4d8453a25b71a3d49b1a5123 tetex-dvips-1.0.7-67.7.i386.rpm 2ba001752f221c3f66da9dd57b9482e8 tetex-fonts-1.0.7-67.7.i386.rpm deab3926c5684a456421593440b5402d tetex-latex-1.0.7-67.7.i386.rpm 0cb399b58499b90c1b821c5d2c5de310 tetex-xdvi-1.0.7-67.7.i386.rpm ia64: 3bfec159ab70183f6ec3cf6da7adbbf6 tetex-1.0.7-67.7.ia64.rpm 4e1e12be30d26c8e9da3f2ccd94f6b83 tetex-afm-1.0.7-67.7.ia64.rpm 8678f4ff52a508079c8c5d52073b0db3 tetex-dvips-1.0.7-67.7.ia64.rpm f2e647528bce1e99699ce688e780b3a6 tetex-fonts-1.0.7-67.7.ia64.rpm 3648e058c29ff1f2ed8b465aa6c761b1 tetex-latex-1.0.7-67.7.ia64.rpm e647055161692a9e8e9e0086443024be tetex-xdvi-1.0.7-67.7.ia64.rpm x86_64: f92595d5f66bc756925d8b7d4c3ce21e tetex-1.0.7-67.7.x86_64.rpm 4e422593568d8571c85e55e0ac863f78 tetex-afm-1.0.7-67.7.x86_64.rpm ff48c2cac6f376a8de35153d66584385 tetex-dvips-1.0.7-67.7.x86_64.rpm 5f5920b9b756fe6fdde41a93765d948b tetex-fonts-1.0.7-67.7.x86_64.rpm d5b5e98e220faf0c9a8c427ee9001f08 tetex-latex-1.0.7-67.7.x86_64.rpm 20fced0afb71e52bcdba17c96754daf4 tetex-xdvi-1.0.7-67.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCTV+FXlSAg2UNWIIRAvo4AJwIwq6+leLjXUc52GbXGiaLpkPn3gCdE24F ydCjNYmyKebgEUmSG9ETUFg= =+SRT -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Apr 1 22:26:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 1 Apr 2005 17:26 -0500 Subject: [RHBA-2005:169-01] up2date bug fix update Message-ID: <200504012226.j31MQbZ19950@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Bug Fix Advisory Synopsis: up2date bug fix update Advisory ID: RHBA-2005:169-01 Advisory URL: https://rhn.redhat.com/errata/RHBA-2005-169.html Issue date: 2005-04-01 Updated on: 2005-04-01 Product: Red Hat Enterprise Linux Keywords: up2date RHN Red Hat Network - --------------------------------------------------------------------- 1. Summary: Updated up2date packages that fix a libgnat bug are now available for 64-bit platforms. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The up2date packages contain the Red Hat Update Agent, that automatically queries Red Hat Network servers to determine which packages need to be updated on your machine. On 64-bit systems, the list of packages needing an upgrade may be incorrect, causing the system to attempt to update packages that are already at the latest revision. This prevents the system from updating. In particular, systems with the libgnat package installed report error messages indicating that an update failed because the gcc package was already updated. Users of the up2date packages are advised to upgrade to these updated packages, which resolves this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 139537 - RHEL4 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/up2date-4.4.5.6-2.src.rpm 1803d94f2fdac15b61d7eb93f1dd8e00 up2date-4.4.5.6-2.src.rpm i386: fb4d70381ea690ead15b18b9553c04cf up2date-4.4.5.6-2.i386.rpm bd90bc4e8b5c4a933375eb8e3f877b41 up2date-gnome-4.4.5.6-2.i386.rpm ia64: cbc93ffcf182a14a5b67992190dc3fb5 up2date-4.4.5.6-2.ia64.rpm 6765fa2e797a6233876bcf0b321edfd2 up2date-gnome-4.4.5.6-2.ia64.rpm ppc: c6d94c8ae6ffbccd427b168dde94dbf9 up2date-4.4.5.6-2.ppc.rpm ac18c3a82a668fd2227d20237f7f194a up2date-gnome-4.4.5.6-2.ppc.rpm s390: 033eb79784ba69b7faa0bc0150c26a61 up2date-4.4.5.6-2.s390.rpm 6fface9ec658a9c1024e4ce96bfae287 up2date-gnome-4.4.5.6-2.s390.rpm s390x: 1051f1be12ff26c6c4acfeaad4c5d524 up2date-4.4.5.6-2.s390x.rpm 8b7c75573d647e420d54febcf874fade up2date-gnome-4.4.5.6-2.s390x.rpm x86_64: 93c83dad03832b88fb8aa8fc3f56efbf up2date-4.4.5.6-2.x86_64.rpm afd06f459e6d9be8aaf617c5b06daf75 up2date-gnome-4.4.5.6-2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/up2date-4.4.5.6-2.src.rpm 1803d94f2fdac15b61d7eb93f1dd8e00 up2date-4.4.5.6-2.src.rpm i386: fb4d70381ea690ead15b18b9553c04cf up2date-4.4.5.6-2.i386.rpm bd90bc4e8b5c4a933375eb8e3f877b41 up2date-gnome-4.4.5.6-2.i386.rpm x86_64: 93c83dad03832b88fb8aa8fc3f56efbf up2date-4.4.5.6-2.x86_64.rpm afd06f459e6d9be8aaf617c5b06daf75 up2date-gnome-4.4.5.6-2.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/up2date-4.4.5.6-2.src.rpm 1803d94f2fdac15b61d7eb93f1dd8e00 up2date-4.4.5.6-2.src.rpm i386: fb4d70381ea690ead15b18b9553c04cf up2date-4.4.5.6-2.i386.rpm bd90bc4e8b5c4a933375eb8e3f877b41 up2date-gnome-4.4.5.6-2.i386.rpm ia64: cbc93ffcf182a14a5b67992190dc3fb5 up2date-4.4.5.6-2.ia64.rpm 6765fa2e797a6233876bcf0b321edfd2 up2date-gnome-4.4.5.6-2.ia64.rpm x86_64: 93c83dad03832b88fb8aa8fc3f56efbf up2date-4.4.5.6-2.x86_64.rpm afd06f459e6d9be8aaf617c5b06daf75 up2date-gnome-4.4.5.6-2.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/up2date-4.4.5.6-2.src.rpm 1803d94f2fdac15b61d7eb93f1dd8e00 up2date-4.4.5.6-2.src.rpm i386: fb4d70381ea690ead15b18b9553c04cf up2date-4.4.5.6-2.i386.rpm bd90bc4e8b5c4a933375eb8e3f877b41 up2date-gnome-4.4.5.6-2.i386.rpm ia64: cbc93ffcf182a14a5b67992190dc3fb5 up2date-4.4.5.6-2.ia64.rpm 6765fa2e797a6233876bcf0b321edfd2 up2date-gnome-4.4.5.6-2.ia64.rpm x86_64: 93c83dad03832b88fb8aa8fc3f56efbf up2date-4.4.5.6-2.x86_64.rpm afd06f459e6d9be8aaf617c5b06daf75 up2date-gnome-4.4.5.6-2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCTcqYXlSAg2UNWIIRAjphAJwPV3qqmRmrl+9JtMuCH2/gG0Uo2QCeJ9bB B/nfb1wuMz7VYjW3cG+ev4A= =G873 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 5 15:23:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Apr 2005 11:23 -0400 Subject: [RHSA-2005:340-01] Low: curl security update Message-ID: <200504051523.j35FN1Z19730@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: curl security update Advisory ID: RHSA-2005:340-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-340.html Issue date: 2005-04-05 Updated on: 2005-04-05 Product: Red Hat Enterprise Linux Keywords: curl overflows CVE Names: CAN-2005-0490 - --------------------------------------------------------------------- 1. Summary: Updated curl packages are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. Multiple buffer overflow bugs were found in the way curl processes base64 encoded replies. If a victim can be tricked into visiting a URL with curl, a malicious web server could execute arbitrary code on a victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0490 to this issue. All users of curl are advised to upgrade to these updated packages, which contain backported fixes for these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 149322 - CAN-2005-0490 Multiple stack based buffer overflows in curl 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/curl-7.8-2.rhel2.src.rpm c276b643d4c7880d20fd7614356fa885 curl-7.8-2.rhel2.src.rpm i386: 096b2965d9822a8edea1e8aa49fba477 curl-7.8-2.rhel2.i386.rpm 9824fe2e443e772c34eec07fbdb127a7 curl-devel-7.8-2.rhel2.i386.rpm ia64: 23adf904c13b4cc37f9f898d2d240958 curl-7.8-2.rhel2.ia64.rpm 37fce3f0b3395c2b0bee41247318df88 curl-devel-7.8-2.rhel2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/curl-7.8-2.rhel2.src.rpm c276b643d4c7880d20fd7614356fa885 curl-7.8-2.rhel2.src.rpm ia64: 23adf904c13b4cc37f9f898d2d240958 curl-7.8-2.rhel2.ia64.rpm 37fce3f0b3395c2b0bee41247318df88 curl-devel-7.8-2.rhel2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/curl-7.8-2.rhel2.src.rpm c276b643d4c7880d20fd7614356fa885 curl-7.8-2.rhel2.src.rpm i386: 096b2965d9822a8edea1e8aa49fba477 curl-7.8-2.rhel2.i386.rpm 9824fe2e443e772c34eec07fbdb127a7 curl-devel-7.8-2.rhel2.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/curl-7.8-2.rhel2.src.rpm c276b643d4c7880d20fd7614356fa885 curl-7.8-2.rhel2.src.rpm i386: 096b2965d9822a8edea1e8aa49fba477 curl-7.8-2.rhel2.i386.rpm 9824fe2e443e772c34eec07fbdb127a7 curl-devel-7.8-2.rhel2.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/curl-7.10.6-6.rhel3.src.rpm 75c76fe3e8041dd90183af5476b95127 curl-7.10.6-6.rhel3.src.rpm i386: 336975664cc531c695a248f1ed08cab1 curl-7.10.6-6.rhel3.i386.rpm 9453794eeb8ba1fb4045c97e3897f6ca curl-devel-7.10.6-6.rhel3.i386.rpm ia64: 193170b18b6c9cb42515a89bd9460208 curl-7.10.6-6.rhel3.ia64.rpm 336975664cc531c695a248f1ed08cab1 curl-7.10.6-6.rhel3.i386.rpm b8cffb950d5dea79ad192a7e35728488 curl-devel-7.10.6-6.rhel3.ia64.rpm ppc: 7245756e4749990e335f88b0083b4469 curl-7.10.6-6.rhel3.ppc.rpm 78378822aac78cd441501b8871473ea9 curl-7.10.6-6.rhel3.ppc64.rpm 10b9c46cd7935ebd7c066e576d38d304 curl-devel-7.10.6-6.rhel3.ppc.rpm s390: d3d31e789a24ff4c0383a85533cdf6a2 curl-7.10.6-6.rhel3.s390.rpm 8f56662ea2f5a6bc9d2083a836a3f824 curl-devel-7.10.6-6.rhel3.s390.rpm s390x: a8fdfd39dcf99227543c70c59a588ff5 curl-7.10.6-6.rhel3.s390x.rpm d3d31e789a24ff4c0383a85533cdf6a2 curl-7.10.6-6.rhel3.s390.rpm cfd5a0fc6c7df9f90bfb17fa722fddd1 curl-devel-7.10.6-6.rhel3.s390x.rpm x86_64: 29883744a5b03a9e6d1bf16c58308c7d curl-7.10.6-6.rhel3.x86_64.rpm 336975664cc531c695a248f1ed08cab1 curl-7.10.6-6.rhel3.i386.rpm 7c0e8f9949d0626b5f13268bb9536e3b curl-devel-7.10.6-6.rhel3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/curl-7.10.6-6.rhel3.src.rpm 75c76fe3e8041dd90183af5476b95127 curl-7.10.6-6.rhel3.src.rpm i386: 336975664cc531c695a248f1ed08cab1 curl-7.10.6-6.rhel3.i386.rpm 9453794eeb8ba1fb4045c97e3897f6ca curl-devel-7.10.6-6.rhel3.i386.rpm x86_64: 29883744a5b03a9e6d1bf16c58308c7d curl-7.10.6-6.rhel3.x86_64.rpm 336975664cc531c695a248f1ed08cab1 curl-7.10.6-6.rhel3.i386.rpm 7c0e8f9949d0626b5f13268bb9536e3b curl-devel-7.10.6-6.rhel3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/curl-7.10.6-6.rhel3.src.rpm 75c76fe3e8041dd90183af5476b95127 curl-7.10.6-6.rhel3.src.rpm i386: 336975664cc531c695a248f1ed08cab1 curl-7.10.6-6.rhel3.i386.rpm 9453794eeb8ba1fb4045c97e3897f6ca curl-devel-7.10.6-6.rhel3.i386.rpm ia64: 193170b18b6c9cb42515a89bd9460208 curl-7.10.6-6.rhel3.ia64.rpm 336975664cc531c695a248f1ed08cab1 curl-7.10.6-6.rhel3.i386.rpm b8cffb950d5dea79ad192a7e35728488 curl-devel-7.10.6-6.rhel3.ia64.rpm x86_64: 29883744a5b03a9e6d1bf16c58308c7d curl-7.10.6-6.rhel3.x86_64.rpm 336975664cc531c695a248f1ed08cab1 curl-7.10.6-6.rhel3.i386.rpm 7c0e8f9949d0626b5f13268bb9536e3b curl-devel-7.10.6-6.rhel3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/curl-7.10.6-6.rhel3.src.rpm 75c76fe3e8041dd90183af5476b95127 curl-7.10.6-6.rhel3.src.rpm i386: 336975664cc531c695a248f1ed08cab1 curl-7.10.6-6.rhel3.i386.rpm 9453794eeb8ba1fb4045c97e3897f6ca curl-devel-7.10.6-6.rhel3.i386.rpm ia64: 193170b18b6c9cb42515a89bd9460208 curl-7.10.6-6.rhel3.ia64.rpm 336975664cc531c695a248f1ed08cab1 curl-7.10.6-6.rhel3.i386.rpm b8cffb950d5dea79ad192a7e35728488 curl-devel-7.10.6-6.rhel3.ia64.rpm x86_64: 29883744a5b03a9e6d1bf16c58308c7d curl-7.10.6-6.rhel3.x86_64.rpm 336975664cc531c695a248f1ed08cab1 curl-7.10.6-6.rhel3.i386.rpm 7c0e8f9949d0626b5f13268bb9536e3b curl-devel-7.10.6-6.rhel3.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/curl-7.12.1-5.rhel4.src.rpm dc004f5d45b46e3505aff92efede439d curl-7.12.1-5.rhel4.src.rpm i386: 4a8cad6a78491d56b7bd5ede38aef2c4 curl-7.12.1-5.rhel4.i386.rpm 1cca59cf58f7c0a5245bd2a306cec271 curl-devel-7.12.1-5.rhel4.i386.rpm ia64: a716b5b8c8f43e476113ea14eed4a59b curl-7.12.1-5.rhel4.ia64.rpm 4a8cad6a78491d56b7bd5ede38aef2c4 curl-7.12.1-5.rhel4.i386.rpm 2e2e26b46632d40e195c381d4a91a1b4 curl-devel-7.12.1-5.rhel4.ia64.rpm ppc: 91f0436e3aa665f40bc670c747b7a259 curl-7.12.1-5.rhel4.ppc.rpm 2bea0e8a02ec121e316d763624a3852d curl-7.12.1-5.rhel4.ppc64.rpm 4eea6d0f1bedc2af413ec6f33ff4522f curl-devel-7.12.1-5.rhel4.ppc.rpm s390: c1028ff30d6279cedfd9364fe990378d curl-7.12.1-5.rhel4.s390.rpm 55b1e2db2294f429b8ad912192406efe curl-devel-7.12.1-5.rhel4.s390.rpm s390x: 783c3c7749345e6f92e92a99082c8bfa curl-7.12.1-5.rhel4.s390x.rpm c1028ff30d6279cedfd9364fe990378d curl-7.12.1-5.rhel4.s390.rpm 7a5dd057cbf88771c76a705a6e64b2b0 curl-devel-7.12.1-5.rhel4.s390x.rpm x86_64: a55f05188ef582939a8fdd2a997dc565 curl-7.12.1-5.rhel4.x86_64.rpm 4a8cad6a78491d56b7bd5ede38aef2c4 curl-7.12.1-5.rhel4.i386.rpm 65c270bd5963ee9d6cdb9cd94e3feaaf curl-devel-7.12.1-5.rhel4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/curl-7.12.1-5.rhel4.src.rpm dc004f5d45b46e3505aff92efede439d curl-7.12.1-5.rhel4.src.rpm i386: 4a8cad6a78491d56b7bd5ede38aef2c4 curl-7.12.1-5.rhel4.i386.rpm 1cca59cf58f7c0a5245bd2a306cec271 curl-devel-7.12.1-5.rhel4.i386.rpm x86_64: a55f05188ef582939a8fdd2a997dc565 curl-7.12.1-5.rhel4.x86_64.rpm 4a8cad6a78491d56b7bd5ede38aef2c4 curl-7.12.1-5.rhel4.i386.rpm 65c270bd5963ee9d6cdb9cd94e3feaaf curl-devel-7.12.1-5.rhel4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/curl-7.12.1-5.rhel4.src.rpm dc004f5d45b46e3505aff92efede439d curl-7.12.1-5.rhel4.src.rpm i386: 4a8cad6a78491d56b7bd5ede38aef2c4 curl-7.12.1-5.rhel4.i386.rpm 1cca59cf58f7c0a5245bd2a306cec271 curl-devel-7.12.1-5.rhel4.i386.rpm ia64: a716b5b8c8f43e476113ea14eed4a59b curl-7.12.1-5.rhel4.ia64.rpm 4a8cad6a78491d56b7bd5ede38aef2c4 curl-7.12.1-5.rhel4.i386.rpm 2e2e26b46632d40e195c381d4a91a1b4 curl-devel-7.12.1-5.rhel4.ia64.rpm x86_64: a55f05188ef582939a8fdd2a997dc565 curl-7.12.1-5.rhel4.x86_64.rpm 4a8cad6a78491d56b7bd5ede38aef2c4 curl-7.12.1-5.rhel4.i386.rpm 65c270bd5963ee9d6cdb9cd94e3feaaf curl-devel-7.12.1-5.rhel4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/curl-7.12.1-5.rhel4.src.rpm dc004f5d45b46e3505aff92efede439d curl-7.12.1-5.rhel4.src.rpm i386: 4a8cad6a78491d56b7bd5ede38aef2c4 curl-7.12.1-5.rhel4.i386.rpm 1cca59cf58f7c0a5245bd2a306cec271 curl-devel-7.12.1-5.rhel4.i386.rpm ia64: a716b5b8c8f43e476113ea14eed4a59b curl-7.12.1-5.rhel4.ia64.rpm 4a8cad6a78491d56b7bd5ede38aef2c4 curl-7.12.1-5.rhel4.i386.rpm 2e2e26b46632d40e195c381d4a91a1b4 curl-devel-7.12.1-5.rhel4.ia64.rpm x86_64: a55f05188ef582939a8fdd2a997dc565 curl-7.12.1-5.rhel4.x86_64.rpm 4a8cad6a78491d56b7bd5ede38aef2c4 curl-7.12.1-5.rhel4.i386.rpm 65c270bd5963ee9d6cdb9cd94e3feaaf curl-devel-7.12.1-5.rhel4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCUq07XlSAg2UNWIIRAoWlAJ4vPM6FPQeJklmTJfrZVTZBJzBNxACgiUd6 0oQZEUsP+xXE6Z1w8ggqrc8= =+HvB -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 5 15:23:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Apr 2005 11:23 -0400 Subject: [RHSA-2005:343-01] Important: gdk-pixbuf security update Message-ID: <200504051523.j35FNxZ19748@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: gdk-pixbuf security update Advisory ID: RHSA-2005:343-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-343.html Issue date: 2005-04-05 Updated on: 2005-04-05 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0891 - --------------------------------------------------------------------- 1. Summary: Updated gdk-pixbuf packages that fix a double free vulnerability are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. A bug was found in the way gdk-pixbuf processes BMP images. It is possible that a specially crafted BMP image could cause a denial of service attack on applications linked against gdk-pixbuf. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0891 to this issue. Users of gdk-pixbuf are advised to upgrade to these packages, which contain a backported patch and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 152315 - CAN-2005-0891 gdk-pixbuf BMP double free DoS 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.src.rpm cd150c0707736057ed148da2f4f716c8 gdk-pixbuf-0.22.0-12.el2.src.rpm i386: 7dfdd5d16a91e64380970e56d490c471 gdk-pixbuf-0.22.0-12.el2.i386.rpm be7486b35d88c407fef24c541e525dc1 gdk-pixbuf-devel-0.22.0-12.el2.i386.rpm 9af7825523aeeff36cb7633e3cdc4403 gdk-pixbuf-gnome-0.22.0-12.el2.i386.rpm ia64: f6c266be7bb786fcaa6a7025719bd74f gdk-pixbuf-0.22.0-12.el2.ia64.rpm 6d344d3c48fac3320b5c7b4c34a28018 gdk-pixbuf-devel-0.22.0-12.el2.ia64.rpm f6cfeb5bcf4e5da379fc8dd31811224d gdk-pixbuf-gnome-0.22.0-12.el2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.src.rpm cd150c0707736057ed148da2f4f716c8 gdk-pixbuf-0.22.0-12.el2.src.rpm ia64: f6c266be7bb786fcaa6a7025719bd74f gdk-pixbuf-0.22.0-12.el2.ia64.rpm 6d344d3c48fac3320b5c7b4c34a28018 gdk-pixbuf-devel-0.22.0-12.el2.ia64.rpm f6cfeb5bcf4e5da379fc8dd31811224d gdk-pixbuf-gnome-0.22.0-12.el2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.src.rpm cd150c0707736057ed148da2f4f716c8 gdk-pixbuf-0.22.0-12.el2.src.rpm i386: 7dfdd5d16a91e64380970e56d490c471 gdk-pixbuf-0.22.0-12.el2.i386.rpm be7486b35d88c407fef24c541e525dc1 gdk-pixbuf-devel-0.22.0-12.el2.i386.rpm 9af7825523aeeff36cb7633e3cdc4403 gdk-pixbuf-gnome-0.22.0-12.el2.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.src.rpm cd150c0707736057ed148da2f4f716c8 gdk-pixbuf-0.22.0-12.el2.src.rpm i386: 7dfdd5d16a91e64380970e56d490c471 gdk-pixbuf-0.22.0-12.el2.i386.rpm be7486b35d88c407fef24c541e525dc1 gdk-pixbuf-devel-0.22.0-12.el2.i386.rpm 9af7825523aeeff36cb7633e3cdc4403 gdk-pixbuf-gnome-0.22.0-12.el2.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el3.src.rpm 976b86cf75b4e7a59bceee5b4edc9a97 gdk-pixbuf-0.22.0-12.el3.src.rpm i386: 2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm f865db4cd92f7395a9ef0769d6fd3c08 gdk-pixbuf-devel-0.22.0-12.el3.i386.rpm c1d243418786af9aa77f93343feb4e9c gdk-pixbuf-gnome-0.22.0-12.el3.i386.rpm ia64: 41f620654091eee65af1e2a7caa4c629 gdk-pixbuf-0.22.0-12.el3.ia64.rpm 2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm e88d2b283b5ba14c9e17cf0fa0ff5632 gdk-pixbuf-devel-0.22.0-12.el3.ia64.rpm d0747f8cc77eff6781978f265417ed09 gdk-pixbuf-gnome-0.22.0-12.el3.ia64.rpm ppc: dcde354069b804f3b32855b53915e2f0 gdk-pixbuf-0.22.0-12.el3.ppc.rpm 0cdbb62e276af7694d007568070c87ff gdk-pixbuf-0.22.0-12.el3.ppc64.rpm f1a2be2fee1859d6f70d5747b8823706 gdk-pixbuf-devel-0.22.0-12.el3.ppc.rpm d1e0b31da885fd13c984f03b1a6cf92f gdk-pixbuf-gnome-0.22.0-12.el3.ppc.rpm s390: 22877fb2b5a75cdcdf523ab4585fd2c7 gdk-pixbuf-0.22.0-12.el3.s390.rpm a4acd9d3eb0eb28836fcc360e76f1122 gdk-pixbuf-devel-0.22.0-12.el3.s390.rpm 6b2ed0bcdb22c2253988e8b99926a533 gdk-pixbuf-gnome-0.22.0-12.el3.s390.rpm s390x: 17a78e9783fb3d9fb966c90d15052889 gdk-pixbuf-0.22.0-12.el3.s390x.rpm 22877fb2b5a75cdcdf523ab4585fd2c7 gdk-pixbuf-0.22.0-12.el3.s390.rpm d720e8670862c620fa40860ae9ff58cc gdk-pixbuf-devel-0.22.0-12.el3.s390x.rpm edb7f22d7e8a37e7659d21a1f1b1357a gdk-pixbuf-gnome-0.22.0-12.el3.s390x.rpm x86_64: c1b4180a28bf65b5133c5eefa24b93a0 gdk-pixbuf-0.22.0-12.el3.x86_64.rpm 2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm 205637111511ee684cee2a7f55faa0f1 gdk-pixbuf-devel-0.22.0-12.el3.x86_64.rpm d6f7574029cdbdf29136463bf8034266 gdk-pixbuf-gnome-0.22.0-12.el3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el3.src.rpm 976b86cf75b4e7a59bceee5b4edc9a97 gdk-pixbuf-0.22.0-12.el3.src.rpm i386: 2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm f865db4cd92f7395a9ef0769d6fd3c08 gdk-pixbuf-devel-0.22.0-12.el3.i386.rpm c1d243418786af9aa77f93343feb4e9c gdk-pixbuf-gnome-0.22.0-12.el3.i386.rpm x86_64: c1b4180a28bf65b5133c5eefa24b93a0 gdk-pixbuf-0.22.0-12.el3.x86_64.rpm 2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm 205637111511ee684cee2a7f55faa0f1 gdk-pixbuf-devel-0.22.0-12.el3.x86_64.rpm d6f7574029cdbdf29136463bf8034266 gdk-pixbuf-gnome-0.22.0-12.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el3.src.rpm 976b86cf75b4e7a59bceee5b4edc9a97 gdk-pixbuf-0.22.0-12.el3.src.rpm i386: 2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm f865db4cd92f7395a9ef0769d6fd3c08 gdk-pixbuf-devel-0.22.0-12.el3.i386.rpm c1d243418786af9aa77f93343feb4e9c gdk-pixbuf-gnome-0.22.0-12.el3.i386.rpm ia64: 41f620654091eee65af1e2a7caa4c629 gdk-pixbuf-0.22.0-12.el3.ia64.rpm 2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm e88d2b283b5ba14c9e17cf0fa0ff5632 gdk-pixbuf-devel-0.22.0-12.el3.ia64.rpm d0747f8cc77eff6781978f265417ed09 gdk-pixbuf-gnome-0.22.0-12.el3.ia64.rpm x86_64: c1b4180a28bf65b5133c5eefa24b93a0 gdk-pixbuf-0.22.0-12.el3.x86_64.rpm 2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm 205637111511ee684cee2a7f55faa0f1 gdk-pixbuf-devel-0.22.0-12.el3.x86_64.rpm d6f7574029cdbdf29136463bf8034266 gdk-pixbuf-gnome-0.22.0-12.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el3.src.rpm 976b86cf75b4e7a59bceee5b4edc9a97 gdk-pixbuf-0.22.0-12.el3.src.rpm i386: 2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm f865db4cd92f7395a9ef0769d6fd3c08 gdk-pixbuf-devel-0.22.0-12.el3.i386.rpm c1d243418786af9aa77f93343feb4e9c gdk-pixbuf-gnome-0.22.0-12.el3.i386.rpm ia64: 41f620654091eee65af1e2a7caa4c629 gdk-pixbuf-0.22.0-12.el3.ia64.rpm 2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm e88d2b283b5ba14c9e17cf0fa0ff5632 gdk-pixbuf-devel-0.22.0-12.el3.ia64.rpm d0747f8cc77eff6781978f265417ed09 gdk-pixbuf-gnome-0.22.0-12.el3.ia64.rpm x86_64: c1b4180a28bf65b5133c5eefa24b93a0 gdk-pixbuf-0.22.0-12.el3.x86_64.rpm 2ffc1b52012b1f299c8d08519a669d88 gdk-pixbuf-0.22.0-12.el3.i386.rpm 205637111511ee684cee2a7f55faa0f1 gdk-pixbuf-devel-0.22.0-12.el3.x86_64.rpm d6f7574029cdbdf29136463bf8034266 gdk-pixbuf-gnome-0.22.0-12.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gdk-pixbuf-0.22.0-16.el4.src.rpm d1ebd19ea75268ebcc3f06824a4a572c gdk-pixbuf-0.22.0-16.el4.src.rpm i386: 0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm c8072476dff533717a389f6fb32f978d gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm ia64: 7ff5fe095b30974df15e143b0d7e929e gdk-pixbuf-0.22.0-16.el4.ia64.rpm 0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm be7e5e039520062ff027c2f482728fde gdk-pixbuf-devel-0.22.0-16.el4.ia64.rpm ppc: 67814460f4036204f6a6061239d8748f gdk-pixbuf-0.22.0-16.el4.ppc.rpm 3c01305b14fa397a13b6e3faea132bd0 gdk-pixbuf-0.22.0-16.el4.ppc64.rpm 1e85a9e6c3c78def4fdaaa07f5b4fe3c gdk-pixbuf-devel-0.22.0-16.el4.ppc.rpm s390: 1864bf760c9f2dcbe7983df29099a225 gdk-pixbuf-0.22.0-16.el4.s390.rpm ed820e2cb04141a57ac381bca8d6332a gdk-pixbuf-devel-0.22.0-16.el4.s390.rpm s390x: a3f558d6b7370c864a6771412d1a2513 gdk-pixbuf-0.22.0-16.el4.s390x.rpm 1864bf760c9f2dcbe7983df29099a225 gdk-pixbuf-0.22.0-16.el4.s390.rpm 3c11f5939e9ac8d2e6eb5e6177b733d8 gdk-pixbuf-devel-0.22.0-16.el4.s390x.rpm x86_64: 61f8e510098ebd12f32a7e479d0026d7 gdk-pixbuf-0.22.0-16.el4.x86_64.rpm 0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm c94e5cee6ee5c19dd49f7371e8fddb78 gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gdk-pixbuf-0.22.0-16.el4.src.rpm d1ebd19ea75268ebcc3f06824a4a572c gdk-pixbuf-0.22.0-16.el4.src.rpm i386: 0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm c8072476dff533717a389f6fb32f978d gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm x86_64: 61f8e510098ebd12f32a7e479d0026d7 gdk-pixbuf-0.22.0-16.el4.x86_64.rpm 0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm c94e5cee6ee5c19dd49f7371e8fddb78 gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gdk-pixbuf-0.22.0-16.el4.src.rpm d1ebd19ea75268ebcc3f06824a4a572c gdk-pixbuf-0.22.0-16.el4.src.rpm i386: 0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm c8072476dff533717a389f6fb32f978d gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm ia64: 7ff5fe095b30974df15e143b0d7e929e gdk-pixbuf-0.22.0-16.el4.ia64.rpm 0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm be7e5e039520062ff027c2f482728fde gdk-pixbuf-devel-0.22.0-16.el4.ia64.rpm x86_64: 61f8e510098ebd12f32a7e479d0026d7 gdk-pixbuf-0.22.0-16.el4.x86_64.rpm 0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm c94e5cee6ee5c19dd49f7371e8fddb78 gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gdk-pixbuf-0.22.0-16.el4.src.rpm d1ebd19ea75268ebcc3f06824a4a572c gdk-pixbuf-0.22.0-16.el4.src.rpm i386: 0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm c8072476dff533717a389f6fb32f978d gdk-pixbuf-devel-0.22.0-16.el4.i386.rpm ia64: 7ff5fe095b30974df15e143b0d7e929e gdk-pixbuf-0.22.0-16.el4.ia64.rpm 0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm be7e5e039520062ff027c2f482728fde gdk-pixbuf-devel-0.22.0-16.el4.ia64.rpm x86_64: 61f8e510098ebd12f32a7e479d0026d7 gdk-pixbuf-0.22.0-16.el4.x86_64.rpm 0871d792413b0c21bd4fff8a142bebb1 gdk-pixbuf-0.22.0-16.el4.i386.rpm c94e5cee6ee5c19dd49f7371e8fddb78 gdk-pixbuf-devel-0.22.0-16.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0891 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCUq1qXlSAg2UNWIIRApawAJ9aFHteb4s0s6rNQOIyPr2GGG6gPwCfUa8H 8Z7usb1gquvJu/DCWdqAKww= =Dlo2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 5 15:24:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 5 Apr 2005 11:24 -0400 Subject: [RHSA-2005:348-01] Important: mysql-server security update Message-ID: <200504051524.j35FOhZ19778@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: mysql-server security update Advisory ID: RHSA-2005:348-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-348.html Issue date: 2005-04-05 Updated on: 2005-04-05 Product: Red Hat Enterprise Linux Extras CVE Names: CAN-2005-0709 CAN-2005-0710 CAN-2005-0711 - --------------------------------------------------------------------- 1. Summary: Updated mysql-server packages that fix several vulnerabilities are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, ia64, x86_64 3. Problem description: MySQL is a multi-user, multi-threaded SQL database server. This update fixes several security risks in the MySQL server. Stefano Di Paola discovered two bugs in the way MySQL handles user-defined functions. A user with the ability to create and execute a user defined function could potentially execute arbitrary code on the MySQL server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0709 and CAN-2005-0710 to these issues. Stefano Di Paola also discovered a bug in the way MySQL creates temporary tables. A local user could create a specially crafted symlink which could result in the MySQL server overwriting a file which it has write access to. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-0711 to this issue. All users of the MySQL server are advised to upgrade to these updated packages, which contain fixes for these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 152437 - CAN-2005-0709 mysql-server update needed for LACD (CAN-2005-0710 CAN-2005-0711) 6. RPMs required: Red Hat Enterprise Linux AS version 3 Extras: i386: a0d19d114ce7f63d116b29b52923a8f1 mysql-server-3.23.58-16.RHEL3.1.i386.rpm ia64: 6b3e4bf0d64bcb7b5aac852985c6ebc4 mysql-server-3.23.58-16.RHEL3.1.ia64.rpm ppc: ab5da18be85332b795fa55fed53d1d82 mysql-server-3.23.58-16.RHEL3.1.ppc.rpm s390: 7c2fc28a865350b349e05f6665790f6a mysql-server-3.23.58-16.RHEL3.1.s390.rpm s390x: 9e4990801ea99d9da3bf8ca1f0495a09 mysql-server-3.23.58-16.RHEL3.1.s390x.rpm x86_64: 6d65a7c1e65e788a63d2e2dab9612bec mysql-server-3.23.58-16.RHEL3.1.x86_64.rpm Red Hat Desktop version 3 Extras: i386: a0d19d114ce7f63d116b29b52923a8f1 mysql-server-3.23.58-16.RHEL3.1.i386.rpm x86_64: 6d65a7c1e65e788a63d2e2dab9612bec mysql-server-3.23.58-16.RHEL3.1.x86_64.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: a0d19d114ce7f63d116b29b52923a8f1 mysql-server-3.23.58-16.RHEL3.1.i386.rpm ia64: 6b3e4bf0d64bcb7b5aac852985c6ebc4 mysql-server-3.23.58-16.RHEL3.1.ia64.rpm x86_64: 6d65a7c1e65e788a63d2e2dab9612bec mysql-server-3.23.58-16.RHEL3.1.x86_64.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: a0d19d114ce7f63d116b29b52923a8f1 mysql-server-3.23.58-16.RHEL3.1.i386.rpm ia64: 6b3e4bf0d64bcb7b5aac852985c6ebc4 mysql-server-3.23.58-16.RHEL3.1.ia64.rpm x86_64: 6d65a7c1e65e788a63d2e2dab9612bec mysql-server-3.23.58-16.RHEL3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0710 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0711 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCUq2oXlSAg2UNWIIRAiQfAJ4owShaezAfFjOtR0FYFaVoV9z3RgCeNj4+ UmwRRVqc+IBXf71Czm3xLyY= =56dw -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 6 18:06:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Apr 2005 14:06 -0400 Subject: [RHSA-2005:044-01] Moderate: XFree86 security update Message-ID: <200504061806.j36I6rZ05171@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: XFree86 security update Advisory ID: RHSA-2005:044-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-044.html Issue date: 2005-04-06 Updated on: 2005-04-06 Product: Red Hat Enterprise Linux Keywords: Xpm legacy keyboard controller memory leak SEGV segfault crash CVE Names: CAN-2005-0605 - --------------------------------------------------------------------- 1. Summary: Updated XFree86 packages that fix a libXpm integer overflow flaw and a number of bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full-fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. An integer overflow flaw was found in libXpm, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code if opened by a victim using an application linked to the vulnerable library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0605 to this issue. XFree86 4.1.0 was not functional on systems that did not have a legacy keyboard controller (8042). During startup, the X server would attempt to update registers on the 8042 controller, but if that chip was not present, the X server would hang during startup. This new release has a workaround so that the access to those registers time out if they are not present. A bug in libXaw could cause applications to segfault on 64-bit systems under certain circumstances. This has been fixed with a patch backported from XFree86 4.3.0. Xlib contained a memory leak caused by double allocation, which has been fixed in XFree86 4.3.0 using backported patch. All users of XFree86 should upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 150038 - CAN-2005-0605 XPM buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/XFree86-4.1.0-71.EL.src.rpm 0a716f7c3023b15f86f7999f5625db76 XFree86-4.1.0-71.EL.src.rpm i386: e07be739078da8cd42d598a06b006f1e XFree86-100dpi-fonts-4.1.0-71.EL.i386.rpm bcebe61e2d614a1286b52775736e52c9 XFree86-4.1.0-71.EL.i386.rpm cdddd54938649761e21827745c1366e2 XFree86-75dpi-fonts-4.1.0-71.EL.i386.rpm 182573d60222c73168fbfe66b16bb29b XFree86-ISO8859-15-100dpi-fonts-4.1.0-71.EL.i386.rpm 2ae9bce6c130784e41d2b133a35e5774 XFree86-ISO8859-15-75dpi-fonts-4.1.0-71.EL.i386.rpm 9f3cf4be959caffa4c3bffbf76a09176 XFree86-ISO8859-2-100dpi-fonts-4.1.0-71.EL.i386.rpm 8c6f826f094aaa5135391f6ec27b0455 XFree86-ISO8859-2-75dpi-fonts-4.1.0-71.EL.i386.rpm 6b8f23211c43fc99dc05d75f9d0e4f86 XFree86-ISO8859-9-100dpi-fonts-4.1.0-71.EL.i386.rpm bbda1f088f4cfc778a66cd4520df1b7e XFree86-ISO8859-9-75dpi-fonts-4.1.0-71.EL.i386.rpm 439c6b7b18a9321a7a1a8476ec5c96b8 XFree86-Xnest-4.1.0-71.EL.i386.rpm a47a287faa17c415776f1f8a31b0882a XFree86-Xvfb-4.1.0-71.EL.i386.rpm c17eeb2f724dfcfa1983bd3b8d3f89b9 XFree86-cyrillic-fonts-4.1.0-71.EL.i386.rpm 26b1c9ede0bd137fe1504208d2e69489 XFree86-devel-4.1.0-71.EL.i386.rpm cc3412a58aed56a2b5ae7818168531f4 XFree86-doc-4.1.0-71.EL.i386.rpm e49c0750c474dfeede93ebc600bbe4f3 XFree86-libs-4.1.0-71.EL.i386.rpm f6f827427339cf3e48d270391df35221 XFree86-tools-4.1.0-71.EL.i386.rpm a8d8c8692e3ec74a267de41a7a047e9f XFree86-twm-4.1.0-71.EL.i386.rpm 9a583b83825b2713edcc68d833ec2fc1 XFree86-xdm-4.1.0-71.EL.i386.rpm ae1bb514c1c8e4671b441404e88b200e XFree86-xf86cfg-4.1.0-71.EL.i386.rpm 27935274796d0c0ee7825ae75d3ca1c7 XFree86-xfs-4.1.0-71.EL.i386.rpm ia64: ace0691b089cc424945b118071a7a8c9 XFree86-100dpi-fonts-4.1.0-71.EL.ia64.rpm 33a876d683ad988e13007f7bb2908193 XFree86-4.1.0-71.EL.ia64.rpm 755157ba244a462e4fd3e07b6a2db275 XFree86-75dpi-fonts-4.1.0-71.EL.ia64.rpm 9d10412d6bda791a11554c660319f010 XFree86-ISO8859-15-100dpi-fonts-4.1.0-71.EL.ia64.rpm 977a033b155e1386d32ee4ede524ac0f XFree86-ISO8859-15-75dpi-fonts-4.1.0-71.EL.ia64.rpm af4621efc40f5cea331727729755af69 XFree86-ISO8859-2-100dpi-fonts-4.1.0-71.EL.ia64.rpm 81495baca5ebe29af2eb37a9bb0d96e0 XFree86-ISO8859-2-75dpi-fonts-4.1.0-71.EL.ia64.rpm 170e310833a6f8f9e9bbd75e2838ef8b XFree86-ISO8859-9-100dpi-fonts-4.1.0-71.EL.ia64.rpm ecfc7e5337276ac690f75eb802e57e06 XFree86-ISO8859-9-75dpi-fonts-4.1.0-71.EL.ia64.rpm 2f4a2252320e36593a078e22fec9d2b1 XFree86-Xnest-4.1.0-71.EL.ia64.rpm 462a5ebdbdbc90669d575e12dea1fe14 XFree86-Xvfb-4.1.0-71.EL.ia64.rpm 0a3f4d30395f408f0b5008e6864aa567 XFree86-cyrillic-fonts-4.1.0-71.EL.ia64.rpm a6678a2489fb1f6d4098ce523366a69b XFree86-devel-4.1.0-71.EL.ia64.rpm 71de4899c3aa12a29baeba308b00d073 XFree86-doc-4.1.0-71.EL.ia64.rpm ab87a37e06ade10ba4287d8f857032ed XFree86-libs-4.1.0-71.EL.ia64.rpm 5832143085762fc53e894b4804b72af8 XFree86-tools-4.1.0-71.EL.ia64.rpm daed2b361a134a05c65d51539fe7549a XFree86-twm-4.1.0-71.EL.ia64.rpm fb046d7f1ca1d951a9c3ed44c8407b4b XFree86-xdm-4.1.0-71.EL.ia64.rpm 02a7215f3a1ef684fc45f2544f3aa652 XFree86-xfs-4.1.0-71.EL.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/XFree86-4.1.0-71.EL.src.rpm 0a716f7c3023b15f86f7999f5625db76 XFree86-4.1.0-71.EL.src.rpm ia64: ace0691b089cc424945b118071a7a8c9 XFree86-100dpi-fonts-4.1.0-71.EL.ia64.rpm 33a876d683ad988e13007f7bb2908193 XFree86-4.1.0-71.EL.ia64.rpm 755157ba244a462e4fd3e07b6a2db275 XFree86-75dpi-fonts-4.1.0-71.EL.ia64.rpm 9d10412d6bda791a11554c660319f010 XFree86-ISO8859-15-100dpi-fonts-4.1.0-71.EL.ia64.rpm 977a033b155e1386d32ee4ede524ac0f XFree86-ISO8859-15-75dpi-fonts-4.1.0-71.EL.ia64.rpm af4621efc40f5cea331727729755af69 XFree86-ISO8859-2-100dpi-fonts-4.1.0-71.EL.ia64.rpm 81495baca5ebe29af2eb37a9bb0d96e0 XFree86-ISO8859-2-75dpi-fonts-4.1.0-71.EL.ia64.rpm 170e310833a6f8f9e9bbd75e2838ef8b XFree86-ISO8859-9-100dpi-fonts-4.1.0-71.EL.ia64.rpm ecfc7e5337276ac690f75eb802e57e06 XFree86-ISO8859-9-75dpi-fonts-4.1.0-71.EL.ia64.rpm 2f4a2252320e36593a078e22fec9d2b1 XFree86-Xnest-4.1.0-71.EL.ia64.rpm 462a5ebdbdbc90669d575e12dea1fe14 XFree86-Xvfb-4.1.0-71.EL.ia64.rpm 0a3f4d30395f408f0b5008e6864aa567 XFree86-cyrillic-fonts-4.1.0-71.EL.ia64.rpm a6678a2489fb1f6d4098ce523366a69b XFree86-devel-4.1.0-71.EL.ia64.rpm 71de4899c3aa12a29baeba308b00d073 XFree86-doc-4.1.0-71.EL.ia64.rpm ab87a37e06ade10ba4287d8f857032ed XFree86-libs-4.1.0-71.EL.ia64.rpm 5832143085762fc53e894b4804b72af8 XFree86-tools-4.1.0-71.EL.ia64.rpm daed2b361a134a05c65d51539fe7549a XFree86-twm-4.1.0-71.EL.ia64.rpm fb046d7f1ca1d951a9c3ed44c8407b4b XFree86-xdm-4.1.0-71.EL.ia64.rpm 02a7215f3a1ef684fc45f2544f3aa652 XFree86-xfs-4.1.0-71.EL.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/XFree86-4.1.0-71.EL.src.rpm 0a716f7c3023b15f86f7999f5625db76 XFree86-4.1.0-71.EL.src.rpm i386: e07be739078da8cd42d598a06b006f1e XFree86-100dpi-fonts-4.1.0-71.EL.i386.rpm bcebe61e2d614a1286b52775736e52c9 XFree86-4.1.0-71.EL.i386.rpm cdddd54938649761e21827745c1366e2 XFree86-75dpi-fonts-4.1.0-71.EL.i386.rpm 182573d60222c73168fbfe66b16bb29b XFree86-ISO8859-15-100dpi-fonts-4.1.0-71.EL.i386.rpm 2ae9bce6c130784e41d2b133a35e5774 XFree86-ISO8859-15-75dpi-fonts-4.1.0-71.EL.i386.rpm 9f3cf4be959caffa4c3bffbf76a09176 XFree86-ISO8859-2-100dpi-fonts-4.1.0-71.EL.i386.rpm 8c6f826f094aaa5135391f6ec27b0455 XFree86-ISO8859-2-75dpi-fonts-4.1.0-71.EL.i386.rpm 6b8f23211c43fc99dc05d75f9d0e4f86 XFree86-ISO8859-9-100dpi-fonts-4.1.0-71.EL.i386.rpm bbda1f088f4cfc778a66cd4520df1b7e XFree86-ISO8859-9-75dpi-fonts-4.1.0-71.EL.i386.rpm 439c6b7b18a9321a7a1a8476ec5c96b8 XFree86-Xnest-4.1.0-71.EL.i386.rpm a47a287faa17c415776f1f8a31b0882a XFree86-Xvfb-4.1.0-71.EL.i386.rpm c17eeb2f724dfcfa1983bd3b8d3f89b9 XFree86-cyrillic-fonts-4.1.0-71.EL.i386.rpm 26b1c9ede0bd137fe1504208d2e69489 XFree86-devel-4.1.0-71.EL.i386.rpm cc3412a58aed56a2b5ae7818168531f4 XFree86-doc-4.1.0-71.EL.i386.rpm e49c0750c474dfeede93ebc600bbe4f3 XFree86-libs-4.1.0-71.EL.i386.rpm f6f827427339cf3e48d270391df35221 XFree86-tools-4.1.0-71.EL.i386.rpm a8d8c8692e3ec74a267de41a7a047e9f XFree86-twm-4.1.0-71.EL.i386.rpm 9a583b83825b2713edcc68d833ec2fc1 XFree86-xdm-4.1.0-71.EL.i386.rpm ae1bb514c1c8e4671b441404e88b200e XFree86-xf86cfg-4.1.0-71.EL.i386.rpm 27935274796d0c0ee7825ae75d3ca1c7 XFree86-xfs-4.1.0-71.EL.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/XFree86-4.1.0-71.EL.src.rpm 0a716f7c3023b15f86f7999f5625db76 XFree86-4.1.0-71.EL.src.rpm i386: e07be739078da8cd42d598a06b006f1e XFree86-100dpi-fonts-4.1.0-71.EL.i386.rpm bcebe61e2d614a1286b52775736e52c9 XFree86-4.1.0-71.EL.i386.rpm cdddd54938649761e21827745c1366e2 XFree86-75dpi-fonts-4.1.0-71.EL.i386.rpm 182573d60222c73168fbfe66b16bb29b XFree86-ISO8859-15-100dpi-fonts-4.1.0-71.EL.i386.rpm 2ae9bce6c130784e41d2b133a35e5774 XFree86-ISO8859-15-75dpi-fonts-4.1.0-71.EL.i386.rpm 9f3cf4be959caffa4c3bffbf76a09176 XFree86-ISO8859-2-100dpi-fonts-4.1.0-71.EL.i386.rpm 8c6f826f094aaa5135391f6ec27b0455 XFree86-ISO8859-2-75dpi-fonts-4.1.0-71.EL.i386.rpm 6b8f23211c43fc99dc05d75f9d0e4f86 XFree86-ISO8859-9-100dpi-fonts-4.1.0-71.EL.i386.rpm bbda1f088f4cfc778a66cd4520df1b7e XFree86-ISO8859-9-75dpi-fonts-4.1.0-71.EL.i386.rpm 439c6b7b18a9321a7a1a8476ec5c96b8 XFree86-Xnest-4.1.0-71.EL.i386.rpm a47a287faa17c415776f1f8a31b0882a XFree86-Xvfb-4.1.0-71.EL.i386.rpm c17eeb2f724dfcfa1983bd3b8d3f89b9 XFree86-cyrillic-fonts-4.1.0-71.EL.i386.rpm 26b1c9ede0bd137fe1504208d2e69489 XFree86-devel-4.1.0-71.EL.i386.rpm cc3412a58aed56a2b5ae7818168531f4 XFree86-doc-4.1.0-71.EL.i386.rpm e49c0750c474dfeede93ebc600bbe4f3 XFree86-libs-4.1.0-71.EL.i386.rpm f6f827427339cf3e48d270391df35221 XFree86-tools-4.1.0-71.EL.i386.rpm a8d8c8692e3ec74a267de41a7a047e9f XFree86-twm-4.1.0-71.EL.i386.rpm 9a583b83825b2713edcc68d833ec2fc1 XFree86-xdm-4.1.0-71.EL.i386.rpm ae1bb514c1c8e4671b441404e88b200e XFree86-xf86cfg-4.1.0-71.EL.i386.rpm 27935274796d0c0ee7825ae75d3ca1c7 XFree86-xfs-4.1.0-71.EL.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCVCUsXlSAg2UNWIIRAj3lAJsFH9QcqMG2Kqc5TQD2L6hiNcuvAACgkIOe 7fhqnV0nISUryyVz/ntoSgg= =O32k -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 6 18:08:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Apr 2005 14:08 -0400 Subject: [RHSA-2005:307-01] Moderate: kdelibs security update Message-ID: <200504061808.j36I84Z05199@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: kdelibs security update Advisory ID: RHSA-2005:307-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-307.html Issue date: 2005-04-06 Updated on: 2005-04-06 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0396 - --------------------------------------------------------------------- 1. Summary: Updated kdelibs packages that fix a local denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The kdelibs package provides libraries for the K Desktop Environment. Sebastian Krahmer discovered a flaw in dcopserver, the KDE Desktop Communication Protocol (DCOP) daemon. A local user could use this flaw to stall the DCOP authentication process, affecting any local desktop users and causing a reduction in their desktop functionality. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0396 to this issue. Users of KDE should upgrade to these erratum packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 151373 - CAN-2005-0396 kdelibs DCOP DoS 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kdelibs-2.2.2-17.src.rpm d2db7c95084c274c3269f7fa0c426d52 kdelibs-2.2.2-17.src.rpm i386: 91b38b21c1616e31e3093f7588c886c9 arts-2.2.2-17.i386.rpm 6b6c1d4a8384b8a9765c9ef1bdd838c5 kdelibs-2.2.2-17.i386.rpm ea2c5eb51e9811ac2db97bf51402b27b kdelibs-devel-2.2.2-17.i386.rpm a18c68556f859a1c06de48c9ff7a5e15 kdelibs-sound-2.2.2-17.i386.rpm 65823c5b10cb929e5b87145998ec1f7b kdelibs-sound-devel-2.2.2-17.i386.rpm ia64: 4b4cfa267505957d829205eb46acd367 arts-2.2.2-17.ia64.rpm 3388dec578af11d94481b4431a6094c1 kdelibs-2.2.2-17.ia64.rpm e2bbd0539ccae8148d6e5ca8bd9c21b0 kdelibs-devel-2.2.2-17.ia64.rpm ac827ab14483b614168e4ba691d7025f kdelibs-sound-2.2.2-17.ia64.rpm d8f040899c985487a8cf07a6606122bb kdelibs-sound-devel-2.2.2-17.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdelibs-2.2.2-17.src.rpm d2db7c95084c274c3269f7fa0c426d52 kdelibs-2.2.2-17.src.rpm ia64: 4b4cfa267505957d829205eb46acd367 arts-2.2.2-17.ia64.rpm 3388dec578af11d94481b4431a6094c1 kdelibs-2.2.2-17.ia64.rpm e2bbd0539ccae8148d6e5ca8bd9c21b0 kdelibs-devel-2.2.2-17.ia64.rpm ac827ab14483b614168e4ba691d7025f kdelibs-sound-2.2.2-17.ia64.rpm d8f040899c985487a8cf07a6606122bb kdelibs-sound-devel-2.2.2-17.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdelibs-2.2.2-17.src.rpm d2db7c95084c274c3269f7fa0c426d52 kdelibs-2.2.2-17.src.rpm i386: 91b38b21c1616e31e3093f7588c886c9 arts-2.2.2-17.i386.rpm 6b6c1d4a8384b8a9765c9ef1bdd838c5 kdelibs-2.2.2-17.i386.rpm ea2c5eb51e9811ac2db97bf51402b27b kdelibs-devel-2.2.2-17.i386.rpm a18c68556f859a1c06de48c9ff7a5e15 kdelibs-sound-2.2.2-17.i386.rpm 65823c5b10cb929e5b87145998ec1f7b kdelibs-sound-devel-2.2.2-17.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdelibs-2.2.2-17.src.rpm d2db7c95084c274c3269f7fa0c426d52 kdelibs-2.2.2-17.src.rpm i386: 91b38b21c1616e31e3093f7588c886c9 arts-2.2.2-17.i386.rpm 6b6c1d4a8384b8a9765c9ef1bdd838c5 kdelibs-2.2.2-17.i386.rpm ea2c5eb51e9811ac2db97bf51402b27b kdelibs-devel-2.2.2-17.i386.rpm a18c68556f859a1c06de48c9ff7a5e15 kdelibs-sound-2.2.2-17.i386.rpm 65823c5b10cb929e5b87145998ec1f7b kdelibs-sound-devel-2.2.2-17.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kdelibs-3.1.3-6.10.src.rpm 3cfb3f1e237311cc804e9c2da463981a kdelibs-3.1.3-6.10.src.rpm i386: b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm 5849126531c9b1aa9dbdfa0a458830b1 kdelibs-devel-3.1.3-6.10.i386.rpm ia64: 1871487863103c38bcd2366eb950dc2c kdelibs-3.1.3-6.10.ia64.rpm b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm b09d068aa5130d81916ac52ba60dc9f5 kdelibs-devel-3.1.3-6.10.ia64.rpm ppc: f073759687671815506292d5a4c06e98 kdelibs-3.1.3-6.10.ppc.rpm 0fc3fb75ead874a49c42c5aedd49717b kdelibs-3.1.3-6.10.ppc64.rpm d22ea5aca6336d108aa266a566f3057f kdelibs-devel-3.1.3-6.10.ppc.rpm s390: 306e431bbf37219159e0e991bca012f4 kdelibs-3.1.3-6.10.s390.rpm 9fa18bbc79edc950e572508414bc325d kdelibs-devel-3.1.3-6.10.s390.rpm s390x: d7ad6b92ae64ea5ff868d64dfbea3681 kdelibs-3.1.3-6.10.s390x.rpm 306e431bbf37219159e0e991bca012f4 kdelibs-3.1.3-6.10.s390.rpm e5c635aa63dab730bd8b3536fb6c57c2 kdelibs-devel-3.1.3-6.10.s390x.rpm x86_64: c298a2e00c5a1905b8e7e884c644d664 kdelibs-3.1.3-6.10.x86_64.rpm b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm 8a049458fbfe3ab8ba838bc5ccafc20b kdelibs-devel-3.1.3-6.10.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kdelibs-3.1.3-6.10.src.rpm 3cfb3f1e237311cc804e9c2da463981a kdelibs-3.1.3-6.10.src.rpm i386: b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm 5849126531c9b1aa9dbdfa0a458830b1 kdelibs-devel-3.1.3-6.10.i386.rpm x86_64: c298a2e00c5a1905b8e7e884c644d664 kdelibs-3.1.3-6.10.x86_64.rpm b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm 8a049458fbfe3ab8ba838bc5ccafc20b kdelibs-devel-3.1.3-6.10.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kdelibs-3.1.3-6.10.src.rpm 3cfb3f1e237311cc804e9c2da463981a kdelibs-3.1.3-6.10.src.rpm i386: b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm 5849126531c9b1aa9dbdfa0a458830b1 kdelibs-devel-3.1.3-6.10.i386.rpm ia64: 1871487863103c38bcd2366eb950dc2c kdelibs-3.1.3-6.10.ia64.rpm b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm b09d068aa5130d81916ac52ba60dc9f5 kdelibs-devel-3.1.3-6.10.ia64.rpm x86_64: c298a2e00c5a1905b8e7e884c644d664 kdelibs-3.1.3-6.10.x86_64.rpm b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm 8a049458fbfe3ab8ba838bc5ccafc20b kdelibs-devel-3.1.3-6.10.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kdelibs-3.1.3-6.10.src.rpm 3cfb3f1e237311cc804e9c2da463981a kdelibs-3.1.3-6.10.src.rpm i386: b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm 5849126531c9b1aa9dbdfa0a458830b1 kdelibs-devel-3.1.3-6.10.i386.rpm ia64: 1871487863103c38bcd2366eb950dc2c kdelibs-3.1.3-6.10.ia64.rpm b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm b09d068aa5130d81916ac52ba60dc9f5 kdelibs-devel-3.1.3-6.10.ia64.rpm x86_64: c298a2e00c5a1905b8e7e884c644d664 kdelibs-3.1.3-6.10.x86_64.rpm b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm 8a049458fbfe3ab8ba838bc5ccafc20b kdelibs-devel-3.1.3-6.10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0396 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCVCVRXlSAg2UNWIIRAlBHAJ972aZyi114/3cryuWu1PSlWkgsLACbB5GN AZK/2+eiUMTyNMrVpgCPbGY= =d7uT -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 12 14:14:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Apr 2005 10:14 -0400 Subject: [RHSA-2005:021-01] Moderate: kdegraphics security update Message-ID: <200504121414.j3CEE4Z31202@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: kdegraphics security update Advisory ID: RHSA-2005:021-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-021.html Issue date: 2005-04-12 Updated on: 2005-04-12 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-0803 CAN-2004-0886 CAN-2004-0804 - --------------------------------------------------------------------- 1. Summary: Updated kdegraphics packages that resolve multiple security issues in kfax are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The kdegraphics package contains graphics applications for the K Desktop Environment. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect libtiff. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these bugs. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0886 and CAN-2004-0804 to these issues. Additionally, a number of buffer overflow bugs that affect libtiff have been found. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these bugs. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0803 to this issue. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 135470 - CAN-2004-0886 multiple integer overflows in libtiff 135466 - CAN-2004-0803 buffer overflows in libtiff 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kdegraphics-2.2.2-4.3.src.rpm 765074535aeb59f12d8dac357f7f9b9d kdegraphics-2.2.2-4.3.src.rpm i386: 7981553ce8dc8008f4082ec508d9c81b kdegraphics-2.2.2-4.3.i386.rpm ca21293d2cc1c94fed9cd80a657ccfcf kdegraphics-devel-2.2.2-4.3.i386.rpm ia64: 3e5155a70b34ac63d2e8f78c36227c03 kdegraphics-2.2.2-4.3.ia64.rpm 9048cccb8784a8fb03fea0be1c378c68 kdegraphics-devel-2.2.2-4.3.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdegraphics-2.2.2-4.3.src.rpm 765074535aeb59f12d8dac357f7f9b9d kdegraphics-2.2.2-4.3.src.rpm ia64: 3e5155a70b34ac63d2e8f78c36227c03 kdegraphics-2.2.2-4.3.ia64.rpm 9048cccb8784a8fb03fea0be1c378c68 kdegraphics-devel-2.2.2-4.3.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdegraphics-2.2.2-4.3.src.rpm 765074535aeb59f12d8dac357f7f9b9d kdegraphics-2.2.2-4.3.src.rpm i386: 7981553ce8dc8008f4082ec508d9c81b kdegraphics-2.2.2-4.3.i386.rpm ca21293d2cc1c94fed9cd80a657ccfcf kdegraphics-devel-2.2.2-4.3.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdegraphics-2.2.2-4.3.src.rpm 765074535aeb59f12d8dac357f7f9b9d kdegraphics-2.2.2-4.3.src.rpm i386: 7981553ce8dc8008f4082ec508d9c81b kdegraphics-2.2.2-4.3.i386.rpm ca21293d2cc1c94fed9cd80a657ccfcf kdegraphics-devel-2.2.2-4.3.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kdegraphics-3.1.3-3.7.src.rpm 098d4365a90e1ecd3fa326b4eaeafdf9 kdegraphics-3.1.3-3.7.src.rpm i386: a768939d2774477968e5bc9016455788 kdegraphics-3.1.3-3.7.i386.rpm 2e4a2609ea06483c8636f375a2d93de3 kdegraphics-devel-3.1.3-3.7.i386.rpm ia64: 34eae83f27922303b9c286a21f881c75 kdegraphics-3.1.3-3.7.ia64.rpm 37895d0ebd1a73d2b98fe400cf1af084 kdegraphics-devel-3.1.3-3.7.ia64.rpm ppc: 175a1cbb8a9301399e8b8392429f16b1 kdegraphics-3.1.3-3.7.ppc.rpm a5a416457f1b3f528853f1912aab9d5c kdegraphics-devel-3.1.3-3.7.ppc.rpm s390: 5901640cbf50090ee322bd9344118178 kdegraphics-3.1.3-3.7.s390.rpm 04c4183f594689db2f249b4a15334e36 kdegraphics-devel-3.1.3-3.7.s390.rpm s390x: af23175c04e0f09065f40a868a1ba64a kdegraphics-3.1.3-3.7.s390x.rpm 2fe972d585215ebc13ac99d5c12941d4 kdegraphics-devel-3.1.3-3.7.s390x.rpm x86_64: 4a9b219edbf5739ccdd46b78070098cc kdegraphics-3.1.3-3.7.x86_64.rpm 93f19316014856fc2fddf27c245363ec kdegraphics-devel-3.1.3-3.7.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kdegraphics-3.1.3-3.7.src.rpm 098d4365a90e1ecd3fa326b4eaeafdf9 kdegraphics-3.1.3-3.7.src.rpm i386: a768939d2774477968e5bc9016455788 kdegraphics-3.1.3-3.7.i386.rpm 2e4a2609ea06483c8636f375a2d93de3 kdegraphics-devel-3.1.3-3.7.i386.rpm x86_64: 4a9b219edbf5739ccdd46b78070098cc kdegraphics-3.1.3-3.7.x86_64.rpm 93f19316014856fc2fddf27c245363ec kdegraphics-devel-3.1.3-3.7.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kdegraphics-3.1.3-3.7.src.rpm 098d4365a90e1ecd3fa326b4eaeafdf9 kdegraphics-3.1.3-3.7.src.rpm i386: a768939d2774477968e5bc9016455788 kdegraphics-3.1.3-3.7.i386.rpm 2e4a2609ea06483c8636f375a2d93de3 kdegraphics-devel-3.1.3-3.7.i386.rpm ia64: 34eae83f27922303b9c286a21f881c75 kdegraphics-3.1.3-3.7.ia64.rpm 37895d0ebd1a73d2b98fe400cf1af084 kdegraphics-devel-3.1.3-3.7.ia64.rpm x86_64: 4a9b219edbf5739ccdd46b78070098cc kdegraphics-3.1.3-3.7.x86_64.rpm 93f19316014856fc2fddf27c245363ec kdegraphics-devel-3.1.3-3.7.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kdegraphics-3.1.3-3.7.src.rpm 098d4365a90e1ecd3fa326b4eaeafdf9 kdegraphics-3.1.3-3.7.src.rpm i386: a768939d2774477968e5bc9016455788 kdegraphics-3.1.3-3.7.i386.rpm 2e4a2609ea06483c8636f375a2d93de3 kdegraphics-devel-3.1.3-3.7.i386.rpm ia64: 34eae83f27922303b9c286a21f881c75 kdegraphics-3.1.3-3.7.ia64.rpm 37895d0ebd1a73d2b98fe400cf1af084 kdegraphics-devel-3.1.3-3.7.ia64.rpm x86_64: 4a9b219edbf5739ccdd46b78070098cc kdegraphics-3.1.3-3.7.x86_64.rpm 93f19316014856fc2fddf27c245363ec kdegraphics-devel-3.1.3-3.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCW9d5XlSAg2UNWIIRAjZPAJ9A2XHg67Y5nj1WDcav8qFnM0EM+gCfZAfz 8J2G9c9BGp1maQvLzrybkoA= =iEJx -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 12 14:14:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Apr 2005 10:14 -0400 Subject: [RHSA-2005:212-01] Moderate: dhcp security update Message-ID: <200504121414.j3CEEeZ31242@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: dhcp security update Advisory ID: RHSA-2005:212-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-212.html Issue date: 2005-04-12 Updated on: 2005-04-12 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-1006 - --------------------------------------------------------------------- 1. Summary: An updated dhcp package that fixes a string format issue is now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 3. Problem description: The dhcp package provides the ISC Dynamic Host Configuration Protocol (DHCP) server and relay agent, dhcpd. DHCP is a protocol that allows devices to get their own network configuration information from a server. A bug was found in the way dhcpd logs error messages. A malicious DNS server could send a carefully crafted DNS reply and cause dhcpd to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0446 to this issue. All users of dhcp should upgrade to this updated package, which contains a backported patch and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 149513 - CAN-2004-1006 dhcp string format issue 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/dhcp-2.0pl5-9.src.rpm 927826387feaf4ae2adde7202a94379e dhcp-2.0pl5-9.src.rpm i386: 0eb5f32af8caf92da9b1b9cb9a06d690 dhcp-2.0pl5-9.i386.rpm ia64: aea9d86d108f3e113816073c60cf9d67 dhcp-2.0pl5-9.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/dhcp-2.0pl5-9.src.rpm 927826387feaf4ae2adde7202a94379e dhcp-2.0pl5-9.src.rpm ia64: aea9d86d108f3e113816073c60cf9d67 dhcp-2.0pl5-9.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/dhcp-2.0pl5-9.src.rpm 927826387feaf4ae2adde7202a94379e dhcp-2.0pl5-9.src.rpm i386: 0eb5f32af8caf92da9b1b9cb9a06d690 dhcp-2.0pl5-9.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1006 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCW9e9XlSAg2UNWIIRAuDpAKCq+SKzhAa8ZeoASnx1aO7VnLUtEwCbBFOF aWgZC5mDBQrgru0zikI/Tm8= =yXkA -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 12 14:15:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 12 Apr 2005 10:15 -0400 Subject: [RHSA-2005:365-01] Important: gaim security update Message-ID: <200504121415.j3CEFbZ31416@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: gaim security update Advisory ID: RHSA-2005:365-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-365.html Issue date: 2005-04-12 Updated on: 2005-04-12 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0965 CAN-2005-0966 CAN-2005-0967 - --------------------------------------------------------------------- 1. Summary: An updated gaim package that fixes multiple denial of service issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The Gaim application is a multi-protocol instant messaging client. A buffer overflow bug was found in the way gaim escapes HTML. It is possible that a remote attacker could send a specially crafted message to a Gaim client, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0965 to this issue. A bug was found in several of gaim's IRC processing functions. These functions fail to properly remove various markup tags within an IRC message. It is possible that a remote attacker could send a specially crafted message to a Gaim client connected to an IRC server, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0966 to this issue. A bug was found in gaim's Jabber message parser. It is possible for a remote Jabber user to send a specially crafted message to a Gaim client, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0967 to this issue. In addition to these denial of service issues, multiple minor upstream bugfixes are included in this update. Users of Gaim are advised to upgrade to this updated package which contains Gaim version 1.2.1 and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 153311 - CAN-2005-0965 Gaim remote DoS issues (CAN-2005-0966) 153761 - CAN-2005-0967 jabber DoS 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gaim-1.2.1-4.el3.src.rpm 912bf1717773ae1b3c20dc8dca307acf gaim-1.2.1-4.el3.src.rpm i386: 63057cd9f2275c3341b9d7e9dd2e220f gaim-1.2.1-4.el3.i386.rpm ia64: fa954dec92b683493b2734368a286a18 gaim-1.2.1-4.el3.ia64.rpm ppc: 5214e0342271920b5988da126c4f952a gaim-1.2.1-4.el3.ppc.rpm s390: 9886eab67eecb9b03aa8ee6eafe0c99e gaim-1.2.1-4.el3.s390.rpm s390x: 6953af21d81fef1c0decf24a95477f2d gaim-1.2.1-4.el3.s390x.rpm x86_64: c0a79bf240b5341fcd04a33da6a7fe4c gaim-1.2.1-4.el3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gaim-1.2.1-4.el3.src.rpm 912bf1717773ae1b3c20dc8dca307acf gaim-1.2.1-4.el3.src.rpm i386: 63057cd9f2275c3341b9d7e9dd2e220f gaim-1.2.1-4.el3.i386.rpm x86_64: c0a79bf240b5341fcd04a33da6a7fe4c gaim-1.2.1-4.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gaim-1.2.1-4.el3.src.rpm 912bf1717773ae1b3c20dc8dca307acf gaim-1.2.1-4.el3.src.rpm i386: 63057cd9f2275c3341b9d7e9dd2e220f gaim-1.2.1-4.el3.i386.rpm ia64: fa954dec92b683493b2734368a286a18 gaim-1.2.1-4.el3.ia64.rpm x86_64: c0a79bf240b5341fcd04a33da6a7fe4c gaim-1.2.1-4.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gaim-1.2.1-4.el3.src.rpm 912bf1717773ae1b3c20dc8dca307acf gaim-1.2.1-4.el3.src.rpm i386: 63057cd9f2275c3341b9d7e9dd2e220f gaim-1.2.1-4.el3.i386.rpm ia64: fa954dec92b683493b2734368a286a18 gaim-1.2.1-4.el3.ia64.rpm x86_64: c0a79bf240b5341fcd04a33da6a7fe4c gaim-1.2.1-4.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gaim-1.2.1-4.el4.src.rpm 7d3925a519acce2b7c401ccce0eeeb8d gaim-1.2.1-4.el4.src.rpm i386: ba719a662b35380a70b56bae840f28b2 gaim-1.2.1-4.el4.i386.rpm ia64: f05981243b140ea3afce73d1aa9a85e9 gaim-1.2.1-4.el4.ia64.rpm ppc: 7fc6f456880c8eaec5f63bc80dfa60fa gaim-1.2.1-4.el4.ppc.rpm s390: 3043629a036db925c1bbf37ecee0bf33 gaim-1.2.1-4.el4.s390.rpm s390x: c06c72fea55251d4e97e803ffeb6c49d gaim-1.2.1-4.el4.s390x.rpm x86_64: 08253074848f63d7f6f39120aaf7a84a gaim-1.2.1-4.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gaim-1.2.1-4.el4.src.rpm 7d3925a519acce2b7c401ccce0eeeb8d gaim-1.2.1-4.el4.src.rpm i386: ba719a662b35380a70b56bae840f28b2 gaim-1.2.1-4.el4.i386.rpm x86_64: 08253074848f63d7f6f39120aaf7a84a gaim-1.2.1-4.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gaim-1.2.1-4.el4.src.rpm 7d3925a519acce2b7c401ccce0eeeb8d gaim-1.2.1-4.el4.src.rpm i386: ba719a662b35380a70b56bae840f28b2 gaim-1.2.1-4.el4.i386.rpm ia64: f05981243b140ea3afce73d1aa9a85e9 gaim-1.2.1-4.el4.ia64.rpm x86_64: 08253074848f63d7f6f39120aaf7a84a gaim-1.2.1-4.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gaim-1.2.1-4.el4.src.rpm 7d3925a519acce2b7c401ccce0eeeb8d gaim-1.2.1-4.el4.src.rpm i386: ba719a662b35380a70b56bae840f28b2 gaim-1.2.1-4.el4.i386.rpm ia64: f05981243b140ea3afce73d1aa9a85e9 gaim-1.2.1-4.el4.ia64.rpm x86_64: 08253074848f63d7f6f39120aaf7a84a gaim-1.2.1-4.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.securityfocus.com/archive/1/394806/2005-04-01/2005-04-07/0 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0965 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0966 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0967 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCW9fgXlSAg2UNWIIRAlEAAJ9RzFYRJwPOT/saosDSC0PGHrBbKgCePwPM NNsoG0fa1qVIFZVxulJLTi0= =XhgG -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 19 18:58:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 19 Apr 2005 14:58 -0400 Subject: [RHSA-2005:332-01] Low: xloadimage security update Message-ID: <200504191858.j3JIwOZ32594@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: xloadimage security update Advisory ID: RHSA-2005:332-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-332.html Issue date: 2005-04-19 Updated on: 2005-04-19 Product: Red Hat Enterprise Linux - --------------------------------------------------------------------- 1. Summary: A new xloadimage package that fixes bugs in handling malformed tiff and pbm/pnm/ppm images, and in handling metacharacters in filenames is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The xloadimage utility displays images in an X Window System window, loads images into the root window, or writes images into a file. Xloadimage supports many image types (including GIF, TIFF, JPEG, XPM, and XBM). A flaw was discovered in xloadimage where filenames were not properly quoted when calling the gunzip command. An attacker could create a file with a carefully crafted filename so that it would execute arbitrary commands if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0638 to this issue. Another bug in xloadimage would cause it to crash if called with certain invalid TIFF, PNM, PBM, or PPM file names. All users of xloadimage should upgrade to this erratum package which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 70867 - xloadimage crashes with some TIFF images 78481 - bad source code 150700 - CAN-2005-0638 xloadimage multiple issues. 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/xloadimage-4.1-34.RHEL2.1.src.rpm d2eb22454e48b2bbd107dbdeaecd150f xloadimage-4.1-34.RHEL2.1.src.rpm i386: 2f7688a2128fc6bd10b673c1798a10c0 xloadimage-4.1-34.RHEL2.1.i386.rpm ia64: 2c0e34b4153373e4a8a4796a4c4f9a37 xloadimage-4.1-34.RHEL2.1.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/xloadimage-4.1-34.RHEL2.1.src.rpm d2eb22454e48b2bbd107dbdeaecd150f xloadimage-4.1-34.RHEL2.1.src.rpm ia64: 2c0e34b4153373e4a8a4796a4c4f9a37 xloadimage-4.1-34.RHEL2.1.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/xloadimage-4.1-34.RHEL2.1.src.rpm d2eb22454e48b2bbd107dbdeaecd150f xloadimage-4.1-34.RHEL2.1.src.rpm i386: 2f7688a2128fc6bd10b673c1798a10c0 xloadimage-4.1-34.RHEL2.1.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/xloadimage-4.1-34.RHEL2.1.src.rpm d2eb22454e48b2bbd107dbdeaecd150f xloadimage-4.1-34.RHEL2.1.src.rpm i386: 2f7688a2128fc6bd10b673c1798a10c0 xloadimage-4.1-34.RHEL2.1.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xloadimage-4.1-34.RHEL3.src.rpm dff8d26de1ae31c9ef9dfff276d7eefc xloadimage-4.1-34.RHEL3.src.rpm i386: 66984fbb0c083b6a41c95a35f1d947df xloadimage-4.1-34.RHEL3.i386.rpm ia64: 755fcd3b8bc4fb54407080ce3f71f91f xloadimage-4.1-34.RHEL3.ia64.rpm ppc: b7b938ccbbdb8227bf88b77a26dcc72e xloadimage-4.1-34.RHEL3.ppc.rpm s390: 114ddcc6a744e66ce32e2108b1848380 xloadimage-4.1-34.RHEL3.s390.rpm s390x: 31af253c70481647d7e187a9721cd4a3 xloadimage-4.1-34.RHEL3.s390x.rpm x86_64: 22c8dadca67da257bdcc7e3662ced66b xloadimage-4.1-34.RHEL3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/xloadimage-4.1-34.RHEL3.src.rpm dff8d26de1ae31c9ef9dfff276d7eefc xloadimage-4.1-34.RHEL3.src.rpm i386: 66984fbb0c083b6a41c95a35f1d947df xloadimage-4.1-34.RHEL3.i386.rpm x86_64: 22c8dadca67da257bdcc7e3662ced66b xloadimage-4.1-34.RHEL3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/xloadimage-4.1-34.RHEL3.src.rpm dff8d26de1ae31c9ef9dfff276d7eefc xloadimage-4.1-34.RHEL3.src.rpm i386: 66984fbb0c083b6a41c95a35f1d947df xloadimage-4.1-34.RHEL3.i386.rpm ia64: 755fcd3b8bc4fb54407080ce3f71f91f xloadimage-4.1-34.RHEL3.ia64.rpm x86_64: 22c8dadca67da257bdcc7e3662ced66b xloadimage-4.1-34.RHEL3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/xloadimage-4.1-34.RHEL3.src.rpm dff8d26de1ae31c9ef9dfff276d7eefc xloadimage-4.1-34.RHEL3.src.rpm i386: 66984fbb0c083b6a41c95a35f1d947df xloadimage-4.1-34.RHEL3.i386.rpm ia64: 755fcd3b8bc4fb54407080ce3f71f91f xloadimage-4.1-34.RHEL3.ia64.rpm x86_64: 22c8dadca67da257bdcc7e3662ced66b xloadimage-4.1-34.RHEL3.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/xloadimage-4.1-34.RHEL4.src.rpm 1962fb476bb6811815214fbed4ad3463 xloadimage-4.1-34.RHEL4.src.rpm i386: dab6f11d887e16813812e05265f3cedb xloadimage-4.1-34.RHEL4.i386.rpm ia64: bb65b21e826b58cbe0d5d9caaf5fe391 xloadimage-4.1-34.RHEL4.ia64.rpm ppc: e942f6b4820bee4c5edac5b248c83a2e xloadimage-4.1-34.RHEL4.ppc.rpm s390: 8e1efa9db15da7545e9e4a84314eb289 xloadimage-4.1-34.RHEL4.s390.rpm s390x: 5c8438c9abffb0e6054a1292440a2bc0 xloadimage-4.1-34.RHEL4.s390x.rpm x86_64: f55355574c8802e01e64b11279bf4a94 xloadimage-4.1-34.RHEL4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/xloadimage-4.1-34.RHEL4.src.rpm 1962fb476bb6811815214fbed4ad3463 xloadimage-4.1-34.RHEL4.src.rpm i386: dab6f11d887e16813812e05265f3cedb xloadimage-4.1-34.RHEL4.i386.rpm x86_64: f55355574c8802e01e64b11279bf4a94 xloadimage-4.1-34.RHEL4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/xloadimage-4.1-34.RHEL4.src.rpm 1962fb476bb6811815214fbed4ad3463 xloadimage-4.1-34.RHEL4.src.rpm i386: dab6f11d887e16813812e05265f3cedb xloadimage-4.1-34.RHEL4.i386.rpm ia64: bb65b21e826b58cbe0d5d9caaf5fe391 xloadimage-4.1-34.RHEL4.ia64.rpm x86_64: f55355574c8802e01e64b11279bf4a94 xloadimage-4.1-34.RHEL4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/xloadimage-4.1-34.RHEL4.src.rpm 1962fb476bb6811815214fbed4ad3463 xloadimage-4.1-34.RHEL4.src.rpm i386: dab6f11d887e16813812e05265f3cedb xloadimage-4.1-34.RHEL4.i386.rpm ia64: bb65b21e826b58cbe0d5d9caaf5fe391 xloadimage-4.1-34.RHEL4.ia64.rpm x86_64: f55355574c8802e01e64b11279bf4a94 xloadimage-4.1-34.RHEL4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCZVP2XlSAg2UNWIIRAhQcAJ0R9Vz37a+M0cqb6PVr386TJ6+GAACglRum 7s8pqOYdozC1dS8MJxnKMtM= =O8me -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 19 18:59:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 19 Apr 2005 14:59 -0400 Subject: [RHSA-2005:364-01] Moderate: logwatch security update Message-ID: <200504191859.j3JIx7Z32632@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: logwatch security update Advisory ID: RHSA-2005:364-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-364.html Issue date: 2005-04-19 Updated on: 2005-04-19 Product: Red Hat Enterprise Linux Keywords: logwatch CVE Names: CAN-2005-1061 - --------------------------------------------------------------------- 1. Summary: An updated logwatch package that fixes a denial of service issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - noarch Red Hat Linux Advanced Workstation 2.1 - noarch Red Hat Enterprise Linux ES version 2.1 - noarch Red Hat Enterprise Linux WS version 2.1 - noarch 3. Problem description: LogWatch is a customizable log analysis system. LogWatch parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. A bug was found in the logwatch secure script. If an attacker is able to inject an arbitrary string into the /var/log/secure file, it is possible to prevent logwatch from detecting malicious activity. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1061 to this issue. All users of logwatch are advised to upgrade to this updated package, which contain backported fixes for this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 137502 - CAN-2005-1061 logwatch log processing regular expression DoS 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/logwatch-2.6-2.EL2.src.rpm 251d0fde1a715d1bb0fbbba7f7285493 logwatch-2.6-2.EL2.src.rpm noarch: b112e89085531f4b37ea8c2b2b40ad6e logwatch-2.6-2.EL2.noarch.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/logwatch-2.6-2.EL2.src.rpm 251d0fde1a715d1bb0fbbba7f7285493 logwatch-2.6-2.EL2.src.rpm noarch: b112e89085531f4b37ea8c2b2b40ad6e logwatch-2.6-2.EL2.noarch.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/logwatch-2.6-2.EL2.src.rpm 251d0fde1a715d1bb0fbbba7f7285493 logwatch-2.6-2.EL2.src.rpm noarch: b112e89085531f4b37ea8c2b2b40ad6e logwatch-2.6-2.EL2.noarch.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/logwatch-2.6-2.EL2.src.rpm 251d0fde1a715d1bb0fbbba7f7285493 logwatch-2.6-2.EL2.src.rpm noarch: b112e89085531f4b37ea8c2b2b40ad6e logwatch-2.6-2.EL2.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1061 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCZVTmXlSAg2UNWIIRAtGVAKCBPMw2ZPaN7RV8xOj6dIMKGDJVQQCgt8MA Z1TW4fErUFpZ+nKaCHVbWcE= =Tlur -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 19 19:00:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 19 Apr 2005 15:00 -0400 Subject: [RHSA-2005:366-01] Important: kernel security update Message-ID: <200504191900.j3JJ07Z32713@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2005:366-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-366.html Issue date: 2005-04-19 Updated on: 2005-04-19 Product: Red Hat Enterprise Linux Keywords: nahant kernel errata CVE Names: CAN-2005-0135 CAN-2005-0207 CAN-2005-0209 CAN-2005-0384 CAN-2005-0400 CAN-2005-0449 CAN-2005-0529 CAN-2005-0530 CAN-2005-0531 CAN-2005-0736 CAN-2005-0749 CAN-2005-0750 CAN-2005-0767 CAN-2005-0815 CAN-2005-0839 CAN-2005-0867 CAN-2005-0977 CAN-2005-1041 - --------------------------------------------------------------------- 1. Summary: Updated kernel packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64 3. Problem description: A flaw in the fib_seq_start function was discovered. A local user could use this flaw to cause a denial of service (system crash) via /proc/net/route. (CAN-2005-1041) A flaw in the tmpfs file system was discovered. A local user could use this flaw to cause a denial of service (system crash). (CAN-2005-0977) An integer overflow flaw was found when writing to a sysfs file. A local user could use this flaw to overwrite kernel memory, causing a denial of service (system crash) or arbitrary code execution. (CAN-2005-0867) Keith Owens reported a flaw in the Itanium unw_unwind_to_user function. A local user could use this flaw to cause a denial of service (system crash) on Itanium architectures. (CAN-2005-0135) A flaw in the NFS client O_DIRECT error case handling was discovered. A local user could use this flaw to cause a denial of service (system crash). (CAN-2005-0207) A flaw in fragment forwarding was discovered that affected the netfilter subsystem for certain network interface cards. A remote attacker could send a set of bad fragments and cause a denial of service (system crash). Acenic and SunGEM network interfaces were the only adapters affected, which are in widespread use. (CAN-2005-0209) A flaw was discovered in the Linux PPP driver. On systems allowing remote users to connect to a server using ppp, a remote client could cause a denial of service (system crash). (CAN-2005-0384) A flaw was discovered in the ext2 file system code. When a new directory is created, the ext2 block written to disk is not initialized, which could lead to an information leak if a disk image is made available to unprivileged users. (CAN-2005-0400) A flaw in fragment queuing was discovered that affected the Linux kernel netfilter subsystem. On systems configured to filter or process network packets (e.g. firewalling), a remote attacker could send a carefully crafted set of fragmented packets to a machine and cause a denial of service (system crash). In order to sucessfully exploit this flaw, the attacker would need to know or guess some aspects of the firewall ruleset on the target system. (CAN-2005-0449) A number of flaws were found in the Linux 2.6 kernel. A local user could use these flaws to read kernel memory or cause a denial of service (crash). (CAN-2005-0529, CAN-2005-0530, CAN-2005-0531) An integer overflow in sys_epoll_wait in eventpoll.c was discovered. A local user could use this flaw to overwrite low kernel memory. This memory is usually unused, not usually resulting in a security consequence. (CAN-2005-0736) A flaw when freeing a pointer in load_elf_library was discovered. A local user could potentially use this flaw to cause a denial of service (crash). (CAN-2005-0749) A flaw was discovered in the bluetooth driver system. On systems where the bluetooth modules are loaded, a local user could use this flaw to gain elevated (root) privileges. (CAN-2005-0750) A race condition was discovered that affected the Radeon DRI driver. A local user who has DRI privileges on a Radeon graphics card may be able to use this flaw to gain root privileges. (CAN-2005-0767) Multiple range checking flaws were discovered in the iso9660 file system handler. An attacker could create a malicious file system image which would cause a denial or service or potentially execute arbitrary code if mounted. (CAN-2005-0815) A flaw was discovered when setting line discipline on a serial tty. A local user may be able to use this flaw to inject mouse movements or keystrokes when another user is logged in. (CAN-2005-0839) Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. Please note that a vulnerability addressed by this update (CAN-2005-0449) required a change to the kernel module ABI which could cause third party modules to not work. However, Red Hat is currently not aware of any module that would be affected by this change. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 147468 - CAN-2005-0449 Possible remote Oops/firewall bypass 148868 - CAN-2005-0135 ia64 local DoS 148878 - CAN-2005-0207 nfs client O_DIRECT oops 149466 - CAN-2005-0529 Sign handling issues on v2.6 (CAN-2005-0530 CAN-2005-0531) 149589 - CAN-2005-0209 netfilter SKB problem 151240 - CAN-2005-0384 pppd remote DoS 151249 - CAN-2005-0736 epoll overflow 151902 - CAN-2005-0767 drm race in radeon 152177 - CAN-2005-0750 bluetooth security flaw 152399 - CAN-2005-0400 ext2 mkdir() directory entry random kernel memory leak 152405 - CAN-2005-0815 isofs range checking flaws 152410 - CAN-2005-0749 load_elf_library possible DoS 152417 - CAN-2005-0839 N_MOUSE line discipline flaw 152561 - CAN-2005-0977 tmpfs truncate bug 154219 - CAN-2005-0867 sysfs signedness problem 154551 - CAN-2005-1041 crash while reading /proc/net/route 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-5.0.5.EL.src.rpm 5c195d29285c007e9d24c62c83dcb912 kernel-2.6.9-5.0.5.EL.src.rpm i386: 9664da40e572449a6847e93182a32c3c kernel-2.6.9-5.0.5.EL.i686.rpm 99f0ef2ce199e67f2933e2740f4d64d5 kernel-devel-2.6.9-5.0.5.EL.i686.rpm ac8ddc9ece5c9d0a5d2d5aa632354b74 kernel-hugemem-2.6.9-5.0.5.EL.i686.rpm eacb127a2036da6c096bdc7e65d65fc5 kernel-hugemem-devel-2.6.9-5.0.5.EL.i686.rpm 9327533de8bda32cd822a3641a4ba7b4 kernel-smp-2.6.9-5.0.5.EL.i686.rpm 3ddb05a05f268170d0362f88803ca333 kernel-smp-devel-2.6.9-5.0.5.EL.i686.rpm ia64: 3846f3b0cb158cea58d6eadcbbe20e5e kernel-2.6.9-5.0.5.EL.ia64.rpm 8184ecdf261a08faab82207cf5cd0d91 kernel-devel-2.6.9-5.0.5.EL.ia64.rpm noarch: 405f5d5be5119e38e9eba7fb6c1d5e17 kernel-doc-2.6.9-5.0.5.EL.noarch.rpm ppc: 432a6e25f7b93513a5c94a29c4e631b9 kernel-2.6.9-5.0.5.EL.ppc64.rpm 2c4b243f0c58cf2042e74fc6537336b0 kernel-2.6.9-5.0.5.EL.ppc64iseries.rpm 3893af8a7c2fff3cadec1ee00a3d4c5e kernel-devel-2.6.9-5.0.5.EL.ppc64.rpm 06c3bc39ae9b33dc37bfbb8a979cb3bd kernel-devel-2.6.9-5.0.5.EL.ppc64iseries.rpm s390: 0923d70710e70d973d1a700c6094c9f8 kernel-2.6.9-5.0.5.EL.s390.rpm 55a81c1746924b784470866525c08785 kernel-devel-2.6.9-5.0.5.EL.s390.rpm s390x: 78ee1de0c8d4b1de697593d00f3fb5cb kernel-2.6.9-5.0.5.EL.s390x.rpm 5051be0f2437f99275dbfa9da9955f11 kernel-devel-2.6.9-5.0.5.EL.s390x.rpm x86_64: a16892ac78518e7a948c71ca07c7c3d5 kernel-2.6.9-5.0.5.EL.x86_64.rpm e4f614a057827048bafa5b5f4f8848ba kernel-devel-2.6.9-5.0.5.EL.x86_64.rpm 39eacfa87d106fee7705e335f72722ca kernel-smp-2.6.9-5.0.5.EL.x86_64.rpm 90c6bb332096064e2283e5849d3060fa kernel-smp-devel-2.6.9-5.0.5.EL.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-5.0.5.EL.src.rpm 5c195d29285c007e9d24c62c83dcb912 kernel-2.6.9-5.0.5.EL.src.rpm i386: 9664da40e572449a6847e93182a32c3c kernel-2.6.9-5.0.5.EL.i686.rpm 99f0ef2ce199e67f2933e2740f4d64d5 kernel-devel-2.6.9-5.0.5.EL.i686.rpm ac8ddc9ece5c9d0a5d2d5aa632354b74 kernel-hugemem-2.6.9-5.0.5.EL.i686.rpm eacb127a2036da6c096bdc7e65d65fc5 kernel-hugemem-devel-2.6.9-5.0.5.EL.i686.rpm 9327533de8bda32cd822a3641a4ba7b4 kernel-smp-2.6.9-5.0.5.EL.i686.rpm 3ddb05a05f268170d0362f88803ca333 kernel-smp-devel-2.6.9-5.0.5.EL.i686.rpm noarch: 405f5d5be5119e38e9eba7fb6c1d5e17 kernel-doc-2.6.9-5.0.5.EL.noarch.rpm x86_64: a16892ac78518e7a948c71ca07c7c3d5 kernel-2.6.9-5.0.5.EL.x86_64.rpm e4f614a057827048bafa5b5f4f8848ba kernel-devel-2.6.9-5.0.5.EL.x86_64.rpm 39eacfa87d106fee7705e335f72722ca kernel-smp-2.6.9-5.0.5.EL.x86_64.rpm 90c6bb332096064e2283e5849d3060fa kernel-smp-devel-2.6.9-5.0.5.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-5.0.5.EL.src.rpm 5c195d29285c007e9d24c62c83dcb912 kernel-2.6.9-5.0.5.EL.src.rpm i386: 9664da40e572449a6847e93182a32c3c kernel-2.6.9-5.0.5.EL.i686.rpm 99f0ef2ce199e67f2933e2740f4d64d5 kernel-devel-2.6.9-5.0.5.EL.i686.rpm ac8ddc9ece5c9d0a5d2d5aa632354b74 kernel-hugemem-2.6.9-5.0.5.EL.i686.rpm eacb127a2036da6c096bdc7e65d65fc5 kernel-hugemem-devel-2.6.9-5.0.5.EL.i686.rpm 9327533de8bda32cd822a3641a4ba7b4 kernel-smp-2.6.9-5.0.5.EL.i686.rpm 3ddb05a05f268170d0362f88803ca333 kernel-smp-devel-2.6.9-5.0.5.EL.i686.rpm ia64: 3846f3b0cb158cea58d6eadcbbe20e5e kernel-2.6.9-5.0.5.EL.ia64.rpm 8184ecdf261a08faab82207cf5cd0d91 kernel-devel-2.6.9-5.0.5.EL.ia64.rpm noarch: 405f5d5be5119e38e9eba7fb6c1d5e17 kernel-doc-2.6.9-5.0.5.EL.noarch.rpm x86_64: a16892ac78518e7a948c71ca07c7c3d5 kernel-2.6.9-5.0.5.EL.x86_64.rpm e4f614a057827048bafa5b5f4f8848ba kernel-devel-2.6.9-5.0.5.EL.x86_64.rpm 39eacfa87d106fee7705e335f72722ca kernel-smp-2.6.9-5.0.5.EL.x86_64.rpm 90c6bb332096064e2283e5849d3060fa kernel-smp-devel-2.6.9-5.0.5.EL.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-5.0.5.EL.src.rpm 5c195d29285c007e9d24c62c83dcb912 kernel-2.6.9-5.0.5.EL.src.rpm i386: 9664da40e572449a6847e93182a32c3c kernel-2.6.9-5.0.5.EL.i686.rpm 99f0ef2ce199e67f2933e2740f4d64d5 kernel-devel-2.6.9-5.0.5.EL.i686.rpm ac8ddc9ece5c9d0a5d2d5aa632354b74 kernel-hugemem-2.6.9-5.0.5.EL.i686.rpm eacb127a2036da6c096bdc7e65d65fc5 kernel-hugemem-devel-2.6.9-5.0.5.EL.i686.rpm 9327533de8bda32cd822a3641a4ba7b4 kernel-smp-2.6.9-5.0.5.EL.i686.rpm 3ddb05a05f268170d0362f88803ca333 kernel-smp-devel-2.6.9-5.0.5.EL.i686.rpm ia64: 3846f3b0cb158cea58d6eadcbbe20e5e kernel-2.6.9-5.0.5.EL.ia64.rpm 8184ecdf261a08faab82207cf5cd0d91 kernel-devel-2.6.9-5.0.5.EL.ia64.rpm noarch: 405f5d5be5119e38e9eba7fb6c1d5e17 kernel-doc-2.6.9-5.0.5.EL.noarch.rpm x86_64: a16892ac78518e7a948c71ca07c7c3d5 kernel-2.6.9-5.0.5.EL.x86_64.rpm e4f614a057827048bafa5b5f4f8848ba kernel-devel-2.6.9-5.0.5.EL.x86_64.rpm 39eacfa87d106fee7705e335f72722ca kernel-smp-2.6.9-5.0.5.EL.x86_64.rpm 90c6bb332096064e2283e5849d3060fa kernel-smp-devel-2.6.9-5.0.5.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0135 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0207 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0529 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0530 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0531 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0736 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0749 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0750 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0977 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1041 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCZVUKXlSAg2UNWIIRAgmNAJ4+Smnt5XzkD4dOT5yxaDnbggqRCgCfT7jT /gjkXBWugwIbNAiQaX19kNs= =C/T6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 20 18:46:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Apr 2005 14:46 -0400 Subject: [RHSA-2005:363-03] Critical: RealPlayer security update Message-ID: <200504201846.j3KIkVZ05015@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: RealPlayer security update Advisory ID: RHSA-2005:363-03 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-363.html Issue date: 2005-04-20 Updated on: 2005-04-20 Product: Red Hat Enterprise Linux Extras CVE Names: CAN-2005-0755 - --------------------------------------------------------------------- 1. Summary: An updated RealPlayer package that fixes a buffer overflow issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 3. Problem description: RealPlayer is a media player that provides solid media playback locally and via streaming. It plays RealAudio, RealVideo, MP3, 3GPP Video, Flash, SMIL 2.0, JPEG, GIF, PNG, RealPix and RealText and more. A buffer overflow bug was found in the way RealPlayer processes RAM files. An attacker could create a specially crafted RAM file which could execute arbitrary code when opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0755 to this issue. All users of RealPlayer are advised to upgrade to this updated package, which contains RealPlayer version 10.0.4 and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 153931 - RealPlayer buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS version 4 Extras: i386: d7ee50d68f5a9350ac307c04ecbe7539 RealPlayer-10.0.4-0.rc1.1.i386.rpm x86_64: d7ee50d68f5a9350ac307c04ecbe7539 RealPlayer-10.0.4-0.rc1.1.i386.rpm Red Hat Desktop version 4 Extras: i386: d7ee50d68f5a9350ac307c04ecbe7539 RealPlayer-10.0.4-0.rc1.1.i386.rpm x86_64: d7ee50d68f5a9350ac307c04ecbe7539 RealPlayer-10.0.4-0.rc1.1.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: d7ee50d68f5a9350ac307c04ecbe7539 RealPlayer-10.0.4-0.rc1.1.i386.rpm x86_64: d7ee50d68f5a9350ac307c04ecbe7539 RealPlayer-10.0.4-0.rc1.1.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: d7ee50d68f5a9350ac307c04ecbe7539 RealPlayer-10.0.4-0.rc1.1.i386.rpm x86_64: d7ee50d68f5a9350ac307c04ecbe7539 RealPlayer-10.0.4-0.rc1.1.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://service.real.com/help/faq/security/050419_player/EN/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0755 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCZqNxXlSAg2UNWIIRAnmHAJ49uF/PFdGPCy7PI6zErE2ST4TOqgCdG1JS csHSyhm/H7qSXiQCVECKWGk= =LAbf -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 20 18:47:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Apr 2005 14:47 -0400 Subject: [RHSA-2005:392-03] Critical: HelixPlayer security update Message-ID: <200504201847.j3KIl2Z05039@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: HelixPlayer security update Advisory ID: RHSA-2005:392-03 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-392.html Issue date: 2005-04-20 Updated on: 2005-04-20 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0755 - --------------------------------------------------------------------- 1. Summary: An updated HelixPlayer package that fixes a buffer overflow issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ppc, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, x86_64 Red Hat Enterprise Linux WS version 4 - i386, x86_64 3. Problem description: HelixPlayer is a media player. A buffer overflow bug was found in the way HelixPlayer processes RAM files. An attacker could create a specially crafted RAM file which could execute arbitrary code when opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0755 to this issue. All users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer version 10.0.4 and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 155386 - HelixPlayer buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/HelixPlayer-1.0.4-1.1.EL4.2.src.rpm 7b8b717486cef711cedac7624fccae37 HelixPlayer-1.0.4-1.1.EL4.2.src.rpm i386: 1c7a616a6867f71cf23e05ea6b3c313a HelixPlayer-1.0.4-1.1.EL4.2.i386.rpm ppc: df33b125bab4b771cc7036c9aa7d4345 HelixPlayer-1.0.4-1.1.EL4.2.ppc.rpm x86_64: 1c7a616a6867f71cf23e05ea6b3c313a HelixPlayer-1.0.4-1.1.EL4.2.i386.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/HelixPlayer-1.0.4-1.1.EL4.2.src.rpm 7b8b717486cef711cedac7624fccae37 HelixPlayer-1.0.4-1.1.EL4.2.src.rpm i386: 1c7a616a6867f71cf23e05ea6b3c313a HelixPlayer-1.0.4-1.1.EL4.2.i386.rpm x86_64: 1c7a616a6867f71cf23e05ea6b3c313a HelixPlayer-1.0.4-1.1.EL4.2.i386.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/HelixPlayer-1.0.4-1.1.EL4.2.src.rpm 7b8b717486cef711cedac7624fccae37 HelixPlayer-1.0.4-1.1.EL4.2.src.rpm i386: 1c7a616a6867f71cf23e05ea6b3c313a HelixPlayer-1.0.4-1.1.EL4.2.i386.rpm x86_64: 1c7a616a6867f71cf23e05ea6b3c313a HelixPlayer-1.0.4-1.1.EL4.2.i386.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/HelixPlayer-1.0.4-1.1.EL4.2.src.rpm 7b8b717486cef711cedac7624fccae37 HelixPlayer-1.0.4-1.1.EL4.2.src.rpm i386: 1c7a616a6867f71cf23e05ea6b3c313a HelixPlayer-1.0.4-1.1.EL4.2.i386.rpm x86_64: 1c7a616a6867f71cf23e05ea6b3c313a HelixPlayer-1.0.4-1.1.EL4.2.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://service.real.com/help/faq/security/050419_player/EN/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0755 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCZqOXXlSAg2UNWIIRAtN/AJ9zWIDhAv3Nq2PAfpkhgW2DYY/ZdgCfUs+X L+VgA6gfT7j5BjkUIQ51NA4= =DIzP -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Apr 20 22:10:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Apr 2005 18:10 -0400 Subject: [RHSA-2005:394-01] Critical: RealPlayer security update Message-ID: <200504202210.j3KMAAZ16594@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: RealPlayer security update Advisory ID: RHSA-2005:394-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-394.html Issue date: 2005-04-20 Updated on: 2005-04-20 Product: Red Hat Enterprise Linux Extras CVE Names: CAN-2005-0755 - --------------------------------------------------------------------- 1. Summary: An updated RealPlayer package that fixes a buffer overflow issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 Extras - i386, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, x86_64 3. Problem description: RealPlayer is a media player providing solid media playback locally and via streaming. It plays RealAudio, RealVideo, MP3, 3GPP Video, Flash, SMIL 2.0, JPEG, GIF, PNG, RealPix and RealText and more. A buffer overflow bug was found in the way RealPlayer processes RAM files. An attacker could create a specially crafted RAM file which could execute arbitrary code when opened by a user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0755 to this issue. All users of RealPlayer are advised to upgrade to this updated package, which contains RealPlayer version 10.0.4 and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 153931 - CAN-2005-0755 RealPlayer buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS version 3 Extras: i386: 8b36c39561217b5c0298c2cfd3393f76 realplayer-10.0.4-1.i386.rpm x86_64: 8b36c39561217b5c0298c2cfd3393f76 realplayer-10.0.4-1.i386.rpm Red Hat Desktop version 3 Extras: i386: 8b36c39561217b5c0298c2cfd3393f76 realplayer-10.0.4-1.i386.rpm x86_64: 8b36c39561217b5c0298c2cfd3393f76 realplayer-10.0.4-1.i386.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: 8b36c39561217b5c0298c2cfd3393f76 realplayer-10.0.4-1.i386.rpm x86_64: 8b36c39561217b5c0298c2cfd3393f76 realplayer-10.0.4-1.i386.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: 8b36c39561217b5c0298c2cfd3393f76 realplayer-10.0.4-1.i386.rpm x86_64: 8b36c39561217b5c0298c2cfd3393f76 realplayer-10.0.4-1.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0755 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCZtMzXlSAg2UNWIIRAu+cAKCHjiCkny4A1DNgQvVun9BSKF+RKgCeKinE lVZ9OKTqKXrR6xvuJ2jkMJE= =3JDI -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 21 09:12:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Apr 2005 05:12 -0400 Subject: [RHSA-2005:383-01] Important: firefox security update Message-ID: <200504210912.j3L9CbZ15974@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2005:383-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-383.html Issue date: 2005-04-21 Updated on: 2005-04-21 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0752 CAN-2005-0989 CAN-2005-1153 CAN-2005-1154 CAN-2005-1155 CAN-2005-1156 CAN-2005-1157 CAN-2005-1158 CAN-2005-1159 CAN-2005-1160 - --------------------------------------------------------------------- 1. Summary: Updated firefox packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Mozilla Firefox is an open source Web browser. Vladimir V. Perepelitsa discovered a bug in the way Firefox handles anonymous functions during regular expression string replacement. It is possible for a malicious web page to capture a random block of browser memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0989 to this issue. Omar Khan discovered a bug in the way Firefox processes the PLUGINSPAGE tag. It is possible for a malicious web page to trick a user into pressing the "manual install" button for an unknown plugin leading to arbitrary javascript code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0752 to this issue. Doron Rosenberg discovered a bug in the way Firefox displays pop-up windows. If a user choses to open a pop-up window whose URL is malicious javascript, the script will be executed with elevated privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1153 to this issue. A bug was found in the way Firefox handles the javascript global scope for a window. It is possible for a malicious web page to define a global variable known to be used by a different site, allowing malicious code to be executed in the context of the site. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1154 to this issue. Michael Krax discovered a bug in the way Firefox handles favicon links. A malicious web page can programatically define a favicon link tag as javascript, executing arbitrary javascript with elevated privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1155 to this issue. Michael Krax discovered a bug in the way Firefox installed search plugins. If a user chooses to install a search plugin from a malicious site, the new plugin could silently overwrite an existing plugin. This could allow the malicious plugin to execute arbitrary code and steal sensitive information. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-1156 and CAN-2005-1157 to these issues. Kohei Yoshino discovered a bug in the way Firefox opens links in its sidebar. A malicious web page could construct a link in such a way that, when clicked on, could execute arbitrary javascript with elevated privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1158 to this issue. A bug was found in the way Firefox validated several XPInstall related javascript objects. A malicious web page could pass other objects to the XPInstall objects, resulting in the javascript interpreter jumping to arbitrary locations in memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1159 to this issue. A bug was found in the way the Firefox privileged UI code handled DOM nodes from the content window. A malicious web page could install malicious javascript code or steal data requiring a user to do commonplace actions such as clicking a link or opening the context menu. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1160 to this issue. Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.3 and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 155114 - CAN-2005-0752 Multiple firefox issues. (CAN-2005-0989) 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.0.3-1.4.1.src.rpm 0677e7c8382e26571e704b2828c83d03 firefox-1.0.3-1.4.1.src.rpm i386: f2b18362f20916206603a21e645a4383 firefox-1.0.3-1.4.1.i386.rpm ia64: b5fde5801f52cbf44e2d7c37199f6743 firefox-1.0.3-1.4.1.ia64.rpm ppc: 033ccefa90385f8ee8537e1441964a99 firefox-1.0.3-1.4.1.ppc.rpm s390: e183a16d4c90b4154457c54e1c995ffa firefox-1.0.3-1.4.1.s390.rpm s390x: 1c80e9a81b7b532cb9536285dca42b3c firefox-1.0.3-1.4.1.s390x.rpm x86_64: c73f8b3c907cc819aff61397ccbe4854 firefox-1.0.3-1.4.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.0.3-1.4.1.src.rpm 0677e7c8382e26571e704b2828c83d03 firefox-1.0.3-1.4.1.src.rpm i386: f2b18362f20916206603a21e645a4383 firefox-1.0.3-1.4.1.i386.rpm x86_64: c73f8b3c907cc819aff61397ccbe4854 firefox-1.0.3-1.4.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-1.0.3-1.4.1.src.rpm 0677e7c8382e26571e704b2828c83d03 firefox-1.0.3-1.4.1.src.rpm i386: f2b18362f20916206603a21e645a4383 firefox-1.0.3-1.4.1.i386.rpm ia64: b5fde5801f52cbf44e2d7c37199f6743 firefox-1.0.3-1.4.1.ia64.rpm x86_64: c73f8b3c907cc819aff61397ccbe4854 firefox-1.0.3-1.4.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-1.0.3-1.4.1.src.rpm 0677e7c8382e26571e704b2828c83d03 firefox-1.0.3-1.4.1.src.rpm i386: f2b18362f20916206603a21e645a4383 firefox-1.0.3-1.4.1.i386.rpm ia64: b5fde5801f52cbf44e2d7c37199f6743 firefox-1.0.3-1.4.1.ia64.rpm x86_64: c73f8b3c907cc819aff61397ccbe4854 firefox-1.0.3-1.4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.mozilla.org/projects/security/known-vulnerabilities.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0989 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1153 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1156 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1158 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1160 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCZ25zXlSAg2UNWIIRAmgnAJ4v5fZUjLKPGzLrqQLk74OuDq4gYACeLX8m u6RfSjGu999BlKng6xFQtcQ= =ns09 -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Apr 22 20:21:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 22 Apr 2005 16:21 -0400 Subject: [RHSA-2005:293-01] Important: kernel security update Message-ID: <200504222021.j3MKLCZ28344@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2005:293-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-293.html Issue date: 2005-04-22 Updated on: 2005-04-22 Product: Red Hat Enterprise Linux Keywords: taroon Obsoletes: RHSA-2005:043 CVE Names: CAN-2004-0075 CAN-2004-0177 CAN-2004-0814 CAN-2004-1058 CAN-2004-1073 CAN-2005-0135 CAN-2005-0137 CAN-2005-0204 CAN-2005-0384 CAN-2005-0403 CAN-2005-0449 CAN-2005-0736 CAN-2005-0749 CAN-2005-0750 - --------------------------------------------------------------------- 1. Summary: Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The following security issues were fixed: The Vicam USB driver did not use the copy_from_user function to access userspace, crossing security boundaries. (CAN-2004-0075) The ext3 and jfs code did not properly initialize journal descriptor blocks. A privileged local user could read portions of kernel memory. (CAN-2004-0177) The terminal layer did not properly lock line discipline changes or pending IO. An unprivileged local user could read portions of kernel memory, or cause a denial of service (system crash). (CAN-2004-0814) A race condition was discovered. Local users could use this flaw to read the environment variables of another process that is still spawning via /proc/.../cmdline. (CAN-2004-1058) A flaw in the execve() syscall handling was discovered, allowing a local user to read setuid ELF binaries that should otherwise be protected by standard permissions. (CAN-2004-1073). Red Hat originally reported this as being fixed by RHSA-2004:549, but the associated fix was missing from that update. Keith Owens reported a flaw in the Itanium unw_unwind_to_user() function. A local user could use this flaw to cause a denial of service (system crash) on the Itanium architecture. (CAN-2005-0135) A missing Itanium syscall table entry could allow an unprivileged local user to cause a denial of service (system crash) on the Itanium architecture. (CAN-2005-0137) A flaw affecting the OUTS instruction on the AMD64 and Intel EM64T architectures was discovered. A local user could use this flaw to access privileged IO ports. (CAN-2005-0204) A flaw was discovered in the Linux PPP driver. On systems allowing remote users to connect to a server using ppp, a remote client could cause a denial of service (system crash). (CAN-2005-0384) A flaw in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 was discovered that left a pointer to a freed tty structure. A local user could potentially use this flaw to cause a denial of service (system crash) or possibly gain read or write access to ttys that should normally be prevented. (CAN-2005-0403) A flaw in fragment queuing was discovered affecting the netfilter subsystem. On systems configured to filter or process network packets (for example those configured to do firewalling), a remote attacker could send a carefully crafted set of fragmented packets to a machine and cause a denial of service (system crash). In order to sucessfully exploit this flaw, the attacker would need to know (or guess) some aspects of the firewall ruleset in place on the target system to be able to craft the right fragmented packets. (CAN-2005-0449) Missing validation of an epoll_wait() system call parameter could allow a local user to cause a denial of service (system crash) on the IBM S/390 and zSeries architectures. (CAN-2005-0736) A flaw when freeing a pointer in load_elf_library was discovered. A local user could potentially use this flaw to cause a denial of service (system crash). (CAN-2005-0749) A flaw was discovered in the bluetooth driver system. On system where the bluetooth modules are loaded, a local user could use this flaw to gain elevated (root) privileges. (CAN-2005-0750) In addition to the security issues listed above, there was an important fix made to the handling of the msync() system call for a particular case in which the call could return without queuing modified mmap()'ed data for file system update. (BZ 147969) Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed. Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architectures/configurations Please note that the fix for CAN-2005-0449 required changing the external symbol linkages (kernel module ABI) for the ip_defrag() and ip_ct_gather_frags() functions. Any third-party module using either of these would also need to be fixed. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 121032 - CAN-2004-0177 ext3 infoleak 126407 - CAN-2004-0075 Vicam USB user/kernel copying 130774 - oops in drivers/char/tty_io.c:init_dev() 131674 - CAN-2004-0814 potential race condition in RHEL 2.1/3 tty layer 133108 - CAN-2004-0814 input/serio local DOS 133113 - CAN-2004-1058 /proc//cmdline information disclosure 144059 - CAN-2005-0403 panic in tty init_dev 144530 - random poolsize sysctl handler integer overflow 148855 - CAN-2005-0204 OUTS instruction does not cause SIGSEGV for all ports 150334 - Kernel panic: Code: Bad EIP value 151086 - kernel locks up tty/psuedo-tty access 151241 - CAN-2005-0384 pppd remote DoS 151805 - CAN-2005-0449 Possible remote Oops/firewall bypass 152178 - CAN-2005-0750 bluetooth security flaw 152411 - CAN-2005-0749 load_elf_library possible DoS 152552 - CAN-2004-1073 looks unfixed in RHEL3 155234 - CAN-2005-0137 ia64 syscall_table DoS 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-27.0.4.EL.src.rpm 9abc6f839b6f0a520e14f77ebd232695 kernel-2.4.21-27.0.4.EL.src.rpm i386: 9fbfd848c45689aedc8a8ca6bc695be5 kernel-2.4.21-27.0.4.EL.athlon.rpm d4f3b5b5cfdef8586756c7a9af24a527 kernel-2.4.21-27.0.4.EL.i686.rpm 9928c02efefef214d1f4f5653875c075 kernel-BOOT-2.4.21-27.0.4.EL.i386.rpm 325a18ac740b0ece6c427d81af1b7ae0 kernel-doc-2.4.21-27.0.4.EL.i386.rpm 27cd78f5d6d17f80d8dbd4eb43a30eec kernel-hugemem-2.4.21-27.0.4.EL.i686.rpm 2aa825007fc1cb852b5c371db44c5909 kernel-hugemem-unsupported-2.4.21-27.0.4.EL.i686.rpm 752dcfb04c02b16b28610f62078d7b96 kernel-smp-2.4.21-27.0.4.EL.athlon.rpm 9b60e080e34efe40ab4a592966dc133b kernel-smp-2.4.21-27.0.4.EL.i686.rpm a6d5f950e96c3ac929cc906a2eee1413 kernel-smp-unsupported-2.4.21-27.0.4.EL.athlon.rpm da9f25472ea9bef181d913466fefe191 kernel-smp-unsupported-2.4.21-27.0.4.EL.i686.rpm a22b277a5971a225df7441932a2fb793 kernel-source-2.4.21-27.0.4.EL.i386.rpm 736f0feedd86a8b226016358fab7adb9 kernel-unsupported-2.4.21-27.0.4.EL.athlon.rpm 2e73792aff62b9e8d3e1b065b0ea7a89 kernel-unsupported-2.4.21-27.0.4.EL.i686.rpm ia64: 9f1e16737fcf947cda8542a7df6f0f8b kernel-2.4.21-27.0.4.EL.ia64.rpm fde8cd81a07ff0694ce554b00e7dbc07 kernel-doc-2.4.21-27.0.4.EL.ia64.rpm b646434a8fa1b9a7eb91afb417c229d1 kernel-source-2.4.21-27.0.4.EL.ia64.rpm 0390c3443876b0de3b193d84d859251d kernel-unsupported-2.4.21-27.0.4.EL.ia64.rpm ppc: 7741e86ffde8e3b811eaa10b88ff3719 kernel-2.4.21-27.0.4.EL.ppc64iseries.rpm 50ca9beed2cab6c982d7551b9a9da883 kernel-2.4.21-27.0.4.EL.ppc64pseries.rpm eb5f512c6fe2bdb321dee28461c7ef0c kernel-doc-2.4.21-27.0.4.EL.ppc64.rpm 0e287838ad66535182c633332e183d36 kernel-source-2.4.21-27.0.4.EL.ppc64.rpm 47e6f0f318afb7c96817444606feb815 kernel-unsupported-2.4.21-27.0.4.EL.ppc64iseries.rpm d43b29927d2bad0a1958f76993609d9b kernel-unsupported-2.4.21-27.0.4.EL.ppc64pseries.rpm s390: c9d699236207e0f1e66fd422a1a93096 kernel-2.4.21-27.0.4.EL.s390.rpm e436e4e5457db03aae0cfc2993463352 kernel-doc-2.4.21-27.0.4.EL.s390.rpm 1e0d2dbfff8e909d634349d0ba8f4e7f kernel-source-2.4.21-27.0.4.EL.s390.rpm 211363ee1e02f3aa10f54fbecd8c1ba1 kernel-unsupported-2.4.21-27.0.4.EL.s390.rpm s390x: e3f5671361bfa5ffd86d7b3d90053fcb kernel-2.4.21-27.0.4.EL.s390x.rpm af836330d8aa58c823e64028445cc307 kernel-doc-2.4.21-27.0.4.EL.s390x.rpm c7ab3b59c9eae8dc861162a7b57ce8cb kernel-source-2.4.21-27.0.4.EL.s390x.rpm 5950fb528167eba2d3eed49f3a7f5aef kernel-unsupported-2.4.21-27.0.4.EL.s390x.rpm x86_64: e2fcabc6dae9c8f9d3748374c120445b kernel-2.4.21-27.0.4.EL.x86_64.rpm c326f94f327fb593fa19adbcf00efc58 kernel-2.4.21-27.0.4.EL.ia32e.rpm c125001f1c31be0a290ff2ceb45a3347 kernel-doc-2.4.21-27.0.4.EL.x86_64.rpm 85562e1c0932125b0c7802af36ac9350 kernel-smp-2.4.21-27.0.4.EL.x86_64.rpm 54d374ca58eff6edde5e578665389afe kernel-smp-unsupported-2.4.21-27.0.4.EL.x86_64.rpm 2b61e4879a294cbd2fff6e1e2640ff91 kernel-source-2.4.21-27.0.4.EL.x86_64.rpm 546f618e79c0439a34453fa5957b3545 kernel-unsupported-2.4.21-27.0.4.EL.x86_64.rpm a9b9faf1b37abfb96c26c8494779e67e kernel-unsupported-2.4.21-27.0.4.EL.ia32e.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-27.0.4.EL.src.rpm 9abc6f839b6f0a520e14f77ebd232695 kernel-2.4.21-27.0.4.EL.src.rpm i386: 9fbfd848c45689aedc8a8ca6bc695be5 kernel-2.4.21-27.0.4.EL.athlon.rpm d4f3b5b5cfdef8586756c7a9af24a527 kernel-2.4.21-27.0.4.EL.i686.rpm 9928c02efefef214d1f4f5653875c075 kernel-BOOT-2.4.21-27.0.4.EL.i386.rpm 325a18ac740b0ece6c427d81af1b7ae0 kernel-doc-2.4.21-27.0.4.EL.i386.rpm 27cd78f5d6d17f80d8dbd4eb43a30eec kernel-hugemem-2.4.21-27.0.4.EL.i686.rpm 2aa825007fc1cb852b5c371db44c5909 kernel-hugemem-unsupported-2.4.21-27.0.4.EL.i686.rpm 752dcfb04c02b16b28610f62078d7b96 kernel-smp-2.4.21-27.0.4.EL.athlon.rpm 9b60e080e34efe40ab4a592966dc133b kernel-smp-2.4.21-27.0.4.EL.i686.rpm a6d5f950e96c3ac929cc906a2eee1413 kernel-smp-unsupported-2.4.21-27.0.4.EL.athlon.rpm da9f25472ea9bef181d913466fefe191 kernel-smp-unsupported-2.4.21-27.0.4.EL.i686.rpm a22b277a5971a225df7441932a2fb793 kernel-source-2.4.21-27.0.4.EL.i386.rpm 736f0feedd86a8b226016358fab7adb9 kernel-unsupported-2.4.21-27.0.4.EL.athlon.rpm 2e73792aff62b9e8d3e1b065b0ea7a89 kernel-unsupported-2.4.21-27.0.4.EL.i686.rpm x86_64: e2fcabc6dae9c8f9d3748374c120445b kernel-2.4.21-27.0.4.EL.x86_64.rpm c326f94f327fb593fa19adbcf00efc58 kernel-2.4.21-27.0.4.EL.ia32e.rpm c125001f1c31be0a290ff2ceb45a3347 kernel-doc-2.4.21-27.0.4.EL.x86_64.rpm 85562e1c0932125b0c7802af36ac9350 kernel-smp-2.4.21-27.0.4.EL.x86_64.rpm 54d374ca58eff6edde5e578665389afe kernel-smp-unsupported-2.4.21-27.0.4.EL.x86_64.rpm 2b61e4879a294cbd2fff6e1e2640ff91 kernel-source-2.4.21-27.0.4.EL.x86_64.rpm 546f618e79c0439a34453fa5957b3545 kernel-unsupported-2.4.21-27.0.4.EL.x86_64.rpm a9b9faf1b37abfb96c26c8494779e67e kernel-unsupported-2.4.21-27.0.4.EL.ia32e.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-27.0.4.EL.src.rpm 9abc6f839b6f0a520e14f77ebd232695 kernel-2.4.21-27.0.4.EL.src.rpm i386: 9fbfd848c45689aedc8a8ca6bc695be5 kernel-2.4.21-27.0.4.EL.athlon.rpm d4f3b5b5cfdef8586756c7a9af24a527 kernel-2.4.21-27.0.4.EL.i686.rpm 9928c02efefef214d1f4f5653875c075 kernel-BOOT-2.4.21-27.0.4.EL.i386.rpm 325a18ac740b0ece6c427d81af1b7ae0 kernel-doc-2.4.21-27.0.4.EL.i386.rpm 27cd78f5d6d17f80d8dbd4eb43a30eec kernel-hugemem-2.4.21-27.0.4.EL.i686.rpm 2aa825007fc1cb852b5c371db44c5909 kernel-hugemem-unsupported-2.4.21-27.0.4.EL.i686.rpm 752dcfb04c02b16b28610f62078d7b96 kernel-smp-2.4.21-27.0.4.EL.athlon.rpm 9b60e080e34efe40ab4a592966dc133b kernel-smp-2.4.21-27.0.4.EL.i686.rpm a6d5f950e96c3ac929cc906a2eee1413 kernel-smp-unsupported-2.4.21-27.0.4.EL.athlon.rpm da9f25472ea9bef181d913466fefe191 kernel-smp-unsupported-2.4.21-27.0.4.EL.i686.rpm a22b277a5971a225df7441932a2fb793 kernel-source-2.4.21-27.0.4.EL.i386.rpm 736f0feedd86a8b226016358fab7adb9 kernel-unsupported-2.4.21-27.0.4.EL.athlon.rpm 2e73792aff62b9e8d3e1b065b0ea7a89 kernel-unsupported-2.4.21-27.0.4.EL.i686.rpm ia64: 9f1e16737fcf947cda8542a7df6f0f8b kernel-2.4.21-27.0.4.EL.ia64.rpm fde8cd81a07ff0694ce554b00e7dbc07 kernel-doc-2.4.21-27.0.4.EL.ia64.rpm b646434a8fa1b9a7eb91afb417c229d1 kernel-source-2.4.21-27.0.4.EL.ia64.rpm 0390c3443876b0de3b193d84d859251d kernel-unsupported-2.4.21-27.0.4.EL.ia64.rpm x86_64: e2fcabc6dae9c8f9d3748374c120445b kernel-2.4.21-27.0.4.EL.x86_64.rpm c326f94f327fb593fa19adbcf00efc58 kernel-2.4.21-27.0.4.EL.ia32e.rpm c125001f1c31be0a290ff2ceb45a3347 kernel-doc-2.4.21-27.0.4.EL.x86_64.rpm 85562e1c0932125b0c7802af36ac9350 kernel-smp-2.4.21-27.0.4.EL.x86_64.rpm 54d374ca58eff6edde5e578665389afe kernel-smp-unsupported-2.4.21-27.0.4.EL.x86_64.rpm 2b61e4879a294cbd2fff6e1e2640ff91 kernel-source-2.4.21-27.0.4.EL.x86_64.rpm 546f618e79c0439a34453fa5957b3545 kernel-unsupported-2.4.21-27.0.4.EL.x86_64.rpm a9b9faf1b37abfb96c26c8494779e67e kernel-unsupported-2.4.21-27.0.4.EL.ia32e.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-27.0.4.EL.src.rpm 9abc6f839b6f0a520e14f77ebd232695 kernel-2.4.21-27.0.4.EL.src.rpm i386: 9fbfd848c45689aedc8a8ca6bc695be5 kernel-2.4.21-27.0.4.EL.athlon.rpm d4f3b5b5cfdef8586756c7a9af24a527 kernel-2.4.21-27.0.4.EL.i686.rpm 9928c02efefef214d1f4f5653875c075 kernel-BOOT-2.4.21-27.0.4.EL.i386.rpm 325a18ac740b0ece6c427d81af1b7ae0 kernel-doc-2.4.21-27.0.4.EL.i386.rpm 27cd78f5d6d17f80d8dbd4eb43a30eec kernel-hugemem-2.4.21-27.0.4.EL.i686.rpm 2aa825007fc1cb852b5c371db44c5909 kernel-hugemem-unsupported-2.4.21-27.0.4.EL.i686.rpm 752dcfb04c02b16b28610f62078d7b96 kernel-smp-2.4.21-27.0.4.EL.athlon.rpm 9b60e080e34efe40ab4a592966dc133b kernel-smp-2.4.21-27.0.4.EL.i686.rpm a6d5f950e96c3ac929cc906a2eee1413 kernel-smp-unsupported-2.4.21-27.0.4.EL.athlon.rpm da9f25472ea9bef181d913466fefe191 kernel-smp-unsupported-2.4.21-27.0.4.EL.i686.rpm a22b277a5971a225df7441932a2fb793 kernel-source-2.4.21-27.0.4.EL.i386.rpm 736f0feedd86a8b226016358fab7adb9 kernel-unsupported-2.4.21-27.0.4.EL.athlon.rpm 2e73792aff62b9e8d3e1b065b0ea7a89 kernel-unsupported-2.4.21-27.0.4.EL.i686.rpm ia64: 9f1e16737fcf947cda8542a7df6f0f8b kernel-2.4.21-27.0.4.EL.ia64.rpm fde8cd81a07ff0694ce554b00e7dbc07 kernel-doc-2.4.21-27.0.4.EL.ia64.rpm b646434a8fa1b9a7eb91afb417c229d1 kernel-source-2.4.21-27.0.4.EL.ia64.rpm 0390c3443876b0de3b193d84d859251d kernel-unsupported-2.4.21-27.0.4.EL.ia64.rpm x86_64: e2fcabc6dae9c8f9d3748374c120445b kernel-2.4.21-27.0.4.EL.x86_64.rpm c326f94f327fb593fa19adbcf00efc58 kernel-2.4.21-27.0.4.EL.ia32e.rpm c125001f1c31be0a290ff2ceb45a3347 kernel-doc-2.4.21-27.0.4.EL.x86_64.rpm 85562e1c0932125b0c7802af36ac9350 kernel-smp-2.4.21-27.0.4.EL.x86_64.rpm 54d374ca58eff6edde5e578665389afe kernel-smp-unsupported-2.4.21-27.0.4.EL.x86_64.rpm 2b61e4879a294cbd2fff6e1e2640ff91 kernel-source-2.4.21-27.0.4.EL.x86_64.rpm 546f618e79c0439a34453fa5957b3545 kernel-unsupported-2.4.21-27.0.4.EL.x86_64.rpm a9b9faf1b37abfb96c26c8494779e67e kernel-unsupported-2.4.21-27.0.4.EL.ia32e.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1058 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1073 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0135 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0736 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0749 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0750 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCaVylXlSAg2UNWIIRAtf1AKCBrAL8uJcSporWKi1HlY3svx660wCdElAx KnT/L+YYjAnSQjqOuTkrwMM= =FHMg -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 26 11:57:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 26 Apr 2005 07:57 -0400 Subject: [RHSA-2005:375-01] Important: openoffice.org security update Message-ID: <200504261157.j3QBv8Z00500@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: openoffice.org security update Advisory ID: RHSA-2005:375-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-375.html Issue date: 2005-04-25 Updated on: 2005-04-25 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0941 - --------------------------------------------------------------------- 1. Summary: Updated openoffice.org packages are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Problem description: OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. A heap based buffer overflow bug was found in the OpenOffice.org DOC file processor. An attacker could create a carefully crafted DOC file in such a way that it could cause OpenOffice.org to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0941 to this issue. All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported fixes for these issues. 3. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 4. Bug IDs fixed (http://bugzilla.redhat.com/): 154540 - CAN-2005-0941 openoffice.org heap overflow 5. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openoffice.org-1.1.2-24.2.0.EL3.src.rpm 28b62078a887294f683d0ef33c4fb7d8 openoffice.org-1.1.2-24.2.0.EL3.src.rpm i386: 3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm 2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm x86_64: 3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm 2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openoffice.org-1.1.2-24.2.0.EL3.src.rpm 28b62078a887294f683d0ef33c4fb7d8 openoffice.org-1.1.2-24.2.0.EL3.src.rpm i386: 3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm 2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm x86_64: 3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm 2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openoffice.org-1.1.2-24.2.0.EL3.src.rpm 28b62078a887294f683d0ef33c4fb7d8 openoffice.org-1.1.2-24.2.0.EL3.src.rpm i386: 3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm 2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm x86_64: 3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm 2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openoffice.org-1.1.2-24.2.0.EL3.src.rpm 28b62078a887294f683d0ef33c4fb7d8 openoffice.org-1.1.2-24.2.0.EL3.src.rpm i386: 3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm 2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm x86_64: 3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm 2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openoffice.org-1.1.2-24.6.0.EL4.src.rpm 782df44227035bdae27f4d5b82548244 openoffice.org-1.1.2-24.6.0.EL4.src.rpm i386: 700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm 9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm 93e50067e6aa036fb4356846b61d730e openoffice.org-kde-1.1.2-24.6.0.EL4.i386.rpm fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm ppc: 9f9b16a868bac28eea5ae035a41da178 openoffice.org-1.1.2-24.6.0.EL4.ppc.rpm 0bb909a3756f7256d5016cb4e8135906 openoffice.org-i18n-1.1.2-24.6.0.EL4.ppc.rpm 92b028f02db5c193274486119c9ec763 openoffice.org-kde-1.1.2-24.6.0.EL4.ppc.rpm 02e37584c158d993c83d72dfbdc4f265 openoffice.org-libs-1.1.2-24.6.0.EL4.ppc.rpm x86_64: 700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm 9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openoffice.org-1.1.2-24.6.0.EL4.src.rpm 782df44227035bdae27f4d5b82548244 openoffice.org-1.1.2-24.6.0.EL4.src.rpm i386: 700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm 9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm 93e50067e6aa036fb4356846b61d730e openoffice.org-kde-1.1.2-24.6.0.EL4.i386.rpm fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm x86_64: 700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm 9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openoffice.org-1.1.2-24.6.0.EL4.src.rpm 782df44227035bdae27f4d5b82548244 openoffice.org-1.1.2-24.6.0.EL4.src.rpm i386: 700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm 9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm 93e50067e6aa036fb4356846b61d730e openoffice.org-kde-1.1.2-24.6.0.EL4.i386.rpm fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm x86_64: 700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm 9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openoffice.org-1.1.2-24.6.0.EL4.src.rpm 782df44227035bdae27f4d5b82548244 openoffice.org-1.1.2-24.6.0.EL4.src.rpm i386: 700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm 9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm 93e50067e6aa036fb4356846b61d730e openoffice.org-kde-1.1.2-24.6.0.EL4.i386.rpm fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm x86_64: 700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm 9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 6. References: http://www.openoffice.org/issues/show_bug.cgi?id=46388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0941 7. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCbiyRXlSAg2UNWIIRAhCrAJ98oomDbYJuLBFTCnB/Z+gjLGvk6ACfeyUU mJVsB6vFuMJXtO0vMlGDZVM= =whpf -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 26 11:57:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 26 Apr 2005 07:57 -0400 Subject: [RHSA-2005:387-01] Moderate: cvs security update Message-ID: <200504261157.j3QBvJZ00506@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: cvs security update Advisory ID: RHSA-2005:387-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-387.html Issue date: 2005-04-25 Updated on: 2005-04-25 Product: Red Hat Enterprise Linux Keywords: cvs buffer overflow CVE Names: CAN-2005-0753 - --------------------------------------------------------------------- 1. Summary: An updated cvs package that fixes security bugs is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: CVS (Concurrent Version System) is a version control system. A buffer overflow bug was found in the way the CVS client processes version and author information. If a user can be tricked into connecting to a malicious CVS server, an attacker could execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0753 to this issue. Additionally, a bug was found in which CVS freed an invalid pointer. However, this issue does not appear to be exploitable. All users of cvs should upgrade to this updated package, which includes a backported patch to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 155029 - CAN-2005-0753 multiple issues in cvs 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/cvs-1.11.1p1-18.src.rpm 6c33701447c66a6dfa27ad3af072a478 cvs-1.11.1p1-18.src.rpm i386: 6f4b84ce418a777eb6644f6ad4d76616 cvs-1.11.1p1-18.i386.rpm ia64: ca0194a275975e9a576e5c643974941d cvs-1.11.1p1-18.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/cvs-1.11.1p1-18.src.rpm 6c33701447c66a6dfa27ad3af072a478 cvs-1.11.1p1-18.src.rpm ia64: ca0194a275975e9a576e5c643974941d cvs-1.11.1p1-18.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/cvs-1.11.1p1-18.src.rpm 6c33701447c66a6dfa27ad3af072a478 cvs-1.11.1p1-18.src.rpm i386: 6f4b84ce418a777eb6644f6ad4d76616 cvs-1.11.1p1-18.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/cvs-1.11.1p1-18.src.rpm 6c33701447c66a6dfa27ad3af072a478 cvs-1.11.1p1-18.src.rpm i386: 6f4b84ce418a777eb6644f6ad4d76616 cvs-1.11.1p1-18.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cvs-1.11.2-27.src.rpm 3a1c630c467955a5547daeee4384d860 cvs-1.11.2-27.src.rpm i386: 5b821d54dee3d13bab55d246be067be2 cvs-1.11.2-27.i386.rpm ia64: bb679e26359e12c711f31cb05446b798 cvs-1.11.2-27.ia64.rpm ppc: 3bc90cad047c47fa5d53f54f694fd166 cvs-1.11.2-27.ppc.rpm s390: 5f223edfd769dcd3a3c0867304652c16 cvs-1.11.2-27.s390.rpm s390x: 66cf36f6e41c39b05304fbc188294df5 cvs-1.11.2-27.s390x.rpm x86_64: ac9fe80037c3857b51d3ad87f6556503 cvs-1.11.2-27.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cvs-1.11.2-27.src.rpm 3a1c630c467955a5547daeee4384d860 cvs-1.11.2-27.src.rpm i386: 5b821d54dee3d13bab55d246be067be2 cvs-1.11.2-27.i386.rpm x86_64: ac9fe80037c3857b51d3ad87f6556503 cvs-1.11.2-27.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cvs-1.11.2-27.src.rpm 3a1c630c467955a5547daeee4384d860 cvs-1.11.2-27.src.rpm i386: 5b821d54dee3d13bab55d246be067be2 cvs-1.11.2-27.i386.rpm ia64: bb679e26359e12c711f31cb05446b798 cvs-1.11.2-27.ia64.rpm x86_64: ac9fe80037c3857b51d3ad87f6556503 cvs-1.11.2-27.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cvs-1.11.2-27.src.rpm 3a1c630c467955a5547daeee4384d860 cvs-1.11.2-27.src.rpm i386: 5b821d54dee3d13bab55d246be067be2 cvs-1.11.2-27.i386.rpm ia64: bb679e26359e12c711f31cb05446b798 cvs-1.11.2-27.ia64.rpm x86_64: ac9fe80037c3857b51d3ad87f6556503 cvs-1.11.2-27.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cvs-1.11.17-7.RHEL4.src.rpm 0a3eaa9dc601fd751d6e11e6aa2f57ad cvs-1.11.17-7.RHEL4.src.rpm i386: a3fb0cdf21e3f1f67acb9580a17b068c cvs-1.11.17-7.RHEL4.i386.rpm ia64: a556e359ecca71df7211becc5189a06f cvs-1.11.17-7.RHEL4.ia64.rpm ppc: 9cdf66a2735a32470680a55c36b4c464 cvs-1.11.17-7.RHEL4.ppc.rpm s390: 569a6322133afdcb7242c18ed17244b3 cvs-1.11.17-7.RHEL4.s390.rpm s390x: c15b1c06582ff0986208955eb8dcfad7 cvs-1.11.17-7.RHEL4.s390x.rpm x86_64: c4fb7c7ef27462e14213d750263ed73f cvs-1.11.17-7.RHEL4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cvs-1.11.17-7.RHEL4.src.rpm 0a3eaa9dc601fd751d6e11e6aa2f57ad cvs-1.11.17-7.RHEL4.src.rpm i386: a3fb0cdf21e3f1f67acb9580a17b068c cvs-1.11.17-7.RHEL4.i386.rpm x86_64: c4fb7c7ef27462e14213d750263ed73f cvs-1.11.17-7.RHEL4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cvs-1.11.17-7.RHEL4.src.rpm 0a3eaa9dc601fd751d6e11e6aa2f57ad cvs-1.11.17-7.RHEL4.src.rpm i386: a3fb0cdf21e3f1f67acb9580a17b068c cvs-1.11.17-7.RHEL4.i386.rpm ia64: a556e359ecca71df7211becc5189a06f cvs-1.11.17-7.RHEL4.ia64.rpm x86_64: c4fb7c7ef27462e14213d750263ed73f cvs-1.11.17-7.RHEL4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cvs-1.11.17-7.RHEL4.src.rpm 0a3eaa9dc601fd751d6e11e6aa2f57ad cvs-1.11.17-7.RHEL4.src.rpm i386: a3fb0cdf21e3f1f67acb9580a17b068c cvs-1.11.17-7.RHEL4.i386.rpm ia64: a556e359ecca71df7211becc5189a06f cvs-1.11.17-7.RHEL4.ia64.rpm x86_64: c4fb7c7ef27462e14213d750263ed73f cvs-1.11.17-7.RHEL4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCbiydXlSAg2UNWIIRAlIrAJ96EGABEUCc1sKJGjufLHw5M8p/nACeMobM qKkypLZPUOJW7y0C3L+azxg= =5Bkc -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 26 16:32:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 26 Apr 2005 12:32 -0400 Subject: [RHSA-2005:377-01] Low: sharutils security update Message-ID: <200504261632.j3QGWkZ17156@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: sharutils security update Advisory ID: RHSA-2005:377-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-377.html Issue date: 2005-04-26 Updated on: 2005-04-26 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-1772 CAN-2004-1773 CAN-2005-0990 - --------------------------------------------------------------------- 1. Summary: An updated sharutils package is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Problem description: The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format. A stack based overflow bug was found in the way shar handles the -o option. If a user can be tricked into running a specially crafted command, it could lead to arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1772 to this issue. Please note that this issue does not affect Red Hat Enterprise Linux 4. Two buffer overflow bugs were found in sharutils. If an attacker can place a malicious 'wc' command on a victim's machine, or trick a victim into running a specially crafted command, it could lead to arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1773 to this issue. A bug was found in the way unshar creates temporary files. A local user could use symlinks to overwrite arbitrary files the victim running unshar has write access to. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0990 to this issue. All users of sharutils should upgrade to this updated package, which includes backported fixes to correct these issues. 3. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 4. Bug IDs fixed (http://bugzilla.redhat.com/): 152571 - CAN-2004-1772 buffer overflow with -o option 152573 - CAN-2004-1773 Buffer overflows in unshar 154049 - CAN-2005-0990 insecure temp file usage 5. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/sharutils-4.2.1-8.9.x.src.rpm 4ff9ccec228d473e8983f60cec4f7bba sharutils-4.2.1-8.9.x.src.rpm i386: a11c9f7ce6ec7e339554f88dd586ca53 sharutils-4.2.1-8.9.x.i386.rpm ia64: c80d5a08b52b452b2c11cb7b0dffc59b sharutils-4.2.1-8.9.x.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/sharutils-4.2.1-8.9.x.src.rpm 4ff9ccec228d473e8983f60cec4f7bba sharutils-4.2.1-8.9.x.src.rpm ia64: c80d5a08b52b452b2c11cb7b0dffc59b sharutils-4.2.1-8.9.x.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/sharutils-4.2.1-8.9.x.src.rpm 4ff9ccec228d473e8983f60cec4f7bba sharutils-4.2.1-8.9.x.src.rpm i386: a11c9f7ce6ec7e339554f88dd586ca53 sharutils-4.2.1-8.9.x.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/sharutils-4.2.1-8.9.x.src.rpm 4ff9ccec228d473e8983f60cec4f7bba sharutils-4.2.1-8.9.x.src.rpm i386: a11c9f7ce6ec7e339554f88dd586ca53 sharutils-4.2.1-8.9.x.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/sharutils-4.2.1-16.2.src.rpm 06a6b26786f3674b33280441417316c8 sharutils-4.2.1-16.2.src.rpm i386: 3228571c5d375ff8ae96e6f7bf00a046 sharutils-4.2.1-16.2.i386.rpm ia64: caa4872797cbb61cbb3d86c9bc6b9c17 sharutils-4.2.1-16.2.ia64.rpm ppc: cf2564b18459cea9958c373396894ecc sharutils-4.2.1-16.2.ppc.rpm s390: ee6bb67d0ea5d5d79539437f78f1128f sharutils-4.2.1-16.2.s390.rpm s390x: 89114c0f739d46695fa787f3227a960c sharutils-4.2.1-16.2.s390x.rpm x86_64: 337510c9c7925ed4e916b2733059d35d sharutils-4.2.1-16.2.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/sharutils-4.2.1-16.2.src.rpm 06a6b26786f3674b33280441417316c8 sharutils-4.2.1-16.2.src.rpm i386: 3228571c5d375ff8ae96e6f7bf00a046 sharutils-4.2.1-16.2.i386.rpm x86_64: 337510c9c7925ed4e916b2733059d35d sharutils-4.2.1-16.2.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/sharutils-4.2.1-16.2.src.rpm 06a6b26786f3674b33280441417316c8 sharutils-4.2.1-16.2.src.rpm i386: 3228571c5d375ff8ae96e6f7bf00a046 sharutils-4.2.1-16.2.i386.rpm ia64: caa4872797cbb61cbb3d86c9bc6b9c17 sharutils-4.2.1-16.2.ia64.rpm x86_64: 337510c9c7925ed4e916b2733059d35d sharutils-4.2.1-16.2.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/sharutils-4.2.1-16.2.src.rpm 06a6b26786f3674b33280441417316c8 sharutils-4.2.1-16.2.src.rpm i386: 3228571c5d375ff8ae96e6f7bf00a046 sharutils-4.2.1-16.2.i386.rpm ia64: caa4872797cbb61cbb3d86c9bc6b9c17 sharutils-4.2.1-16.2.ia64.rpm x86_64: 337510c9c7925ed4e916b2733059d35d sharutils-4.2.1-16.2.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/sharutils-4.2.1-22.2.src.rpm fb0f041f40c952667fa9e2415bb95481 sharutils-4.2.1-22.2.src.rpm i386: 5528e7145b01b940474eed14da1a4bf5 sharutils-4.2.1-22.2.i386.rpm ia64: 14609e1cd1f1d403ad562a27ff7090d0 sharutils-4.2.1-22.2.ia64.rpm ppc: 83ae1ab7519ccd7905256da2319e006e sharutils-4.2.1-22.2.ppc.rpm s390: f81531770bdd340cf5bd39ebed7c211b sharutils-4.2.1-22.2.s390.rpm s390x: c68d22a3a01ad42d71b7d34b35a49896 sharutils-4.2.1-22.2.s390x.rpm x86_64: 96fa0ac9f458ea3bed71aca056478e91 sharutils-4.2.1-22.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/sharutils-4.2.1-22.2.src.rpm fb0f041f40c952667fa9e2415bb95481 sharutils-4.2.1-22.2.src.rpm i386: 5528e7145b01b940474eed14da1a4bf5 sharutils-4.2.1-22.2.i386.rpm x86_64: 96fa0ac9f458ea3bed71aca056478e91 sharutils-4.2.1-22.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/sharutils-4.2.1-22.2.src.rpm fb0f041f40c952667fa9e2415bb95481 sharutils-4.2.1-22.2.src.rpm i386: 5528e7145b01b940474eed14da1a4bf5 sharutils-4.2.1-22.2.i386.rpm ia64: 14609e1cd1f1d403ad562a27ff7090d0 sharutils-4.2.1-22.2.ia64.rpm x86_64: 96fa0ac9f458ea3bed71aca056478e91 sharutils-4.2.1-22.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/sharutils-4.2.1-22.2.src.rpm fb0f041f40c952667fa9e2415bb95481 sharutils-4.2.1-22.2.src.rpm i386: 5528e7145b01b940474eed14da1a4bf5 sharutils-4.2.1-22.2.i386.rpm ia64: 14609e1cd1f1d403ad562a27ff7090d0 sharutils-4.2.1-22.2.ia64.rpm x86_64: 96fa0ac9f458ea3bed71aca056478e91 sharutils-4.2.1-22.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 6. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0990 7. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCbm0aXlSAg2UNWIIRAhVWAJ9xTC4f40bMYVQdZvmlGrMnyhmk8ACgkYMK ASGHNlSYMJTLroyU0wJnWTs= =DIk3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Apr 26 16:33:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 26 Apr 2005 12:33 -0400 Subject: [RHSA-2005:386-01] Important: Mozilla security update Message-ID: <200504261633.j3QGXbZ17182@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: Mozilla security update Advisory ID: RHSA-2005:386-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-386.html Issue date: 2005-04-26 Updated on: 2005-04-26 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0989 CAN-2005-1153 CAN-2005-1154 CAN-2005-1155 CAN-2005-1156 CAN-2005-1157 CAN-2005-1159 CAN-2005-1160 - --------------------------------------------------------------------- 1. Summary: Updated mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Vladimir V. Perepelitsa discovered a bug in the way Mozilla handles anonymous functions during regular expression string replacement. It is possible for a malicious web page to capture a random block of browser memory. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0989 to this issue. Doron Rosenberg discovered a bug in the way Mozilla displays pop-up windows. If a user choses to open a pop-up window whose URL is malicious javascript, the script will be executed with elevated privileges. (CAN-2005-1153) A bug was found in the way Mozilla handles the javascript global scope for a window. It is possible for a malicious web page to define a global variable known to be used by a different site, allowing malicious code to be executed in the context of the site. (CAN-2005-1154) Michael Krax discovered a bug in the way Mozilla handles favicon links. A malicious web page can programatically define a favicon link tag as javascript, executing arbitrary javascript with elevated privileges. (CAN-2005-1155) Michael Krax discovered a bug in the way Mozilla installed search plugins. If a user chooses to install a search plugin from a malicious site, the new plugin could silently overwrite an existing plugin. This could allow the malicious plugin to execute arbitrary code and stealm sensitive information. (CAN-2005-1156 CAN-2005-1157) A bug was found in the way Mozilla validated several XPInstall related javascript objects. A malicious web page could pass other objects to the XPInstall objects, resulting in the javascript interpreter jumping to arbitrary locations in memory. (CAN-2005-1159) A bug was found in the way the Mozilla privileged UI code handled DOM nodes from the content window. A malicious web page could install malicious javascript code or steal data requiring a user to do commonplace actions such as clicking a link or opening the context menu. (CAN-2005-1160) Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.7.7 to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 155116 - CAN-2005-0989 Multiple Mozilla issues. 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/devhelp-0.9.2-2.4.4.src.rpm 81b56e1e82807f905fe929d98ec5e083 devhelp-0.9.2-2.4.4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mozilla-1.7.7-1.4.2.src.rpm 9c8a8c1aef4f41051e61120451ffb62c mozilla-1.7.7-1.4.2.src.rpm i386: b3cdcac00c1c16fde66442b6f38d1893 devhelp-0.9.2-2.4.4.i386.rpm 46285d589642bfa7e91cd8b76b7b923f devhelp-devel-0.9.2-2.4.4.i386.rpm eb2a5bf63a7e386bd0e9ff163ffb3181 mozilla-1.7.7-1.4.2.i386.rpm d575f95906e488a9d1be3b9324ee5907 mozilla-chat-1.7.7-1.4.2.i386.rpm f94ca4535debb2f3a749b2222f8635ce mozilla-devel-1.7.7-1.4.2.i386.rpm b75eac2a363789c3d63626bb7cf70c26 mozilla-dom-inspector-1.7.7-1.4.2.i386.rpm 4b58ff85e2ebbb4245c10f66f99b1cec mozilla-js-debugger-1.7.7-1.4.2.i386.rpm fba6ed4071fb78faec5728123a717e85 mozilla-mail-1.7.7-1.4.2.i386.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm eb631b1411126c1ec54687ae05b5b025 mozilla-nspr-devel-1.7.7-1.4.2.i386.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm 9ce7d067a5d9bcb269f372073ebe3883 mozilla-nss-devel-1.7.7-1.4.2.i386.rpm ia64: 879ace0b626043b40c64ee432b65a1ce mozilla-1.7.7-1.4.2.ia64.rpm b107181b1344950ca7f8eeec3f7413f0 mozilla-chat-1.7.7-1.4.2.ia64.rpm 6d5ee8986f6708e0970c1f2999b115dd mozilla-devel-1.7.7-1.4.2.ia64.rpm f36c2fd2e09c764826985e19800f2faa mozilla-dom-inspector-1.7.7-1.4.2.ia64.rpm c572e94851b5d7967c87a95f36f28121 mozilla-js-debugger-1.7.7-1.4.2.ia64.rpm c716f1cd119f40feeb65824b23457a41 mozilla-mail-1.7.7-1.4.2.ia64.rpm 7955f4bfcb0fe6d06f4dd98ff5e174d9 mozilla-nspr-1.7.7-1.4.2.ia64.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm 8522dad1e43a45e01f58842144054acf mozilla-nspr-devel-1.7.7-1.4.2.ia64.rpm 3556a68874546cbb0d301b2e35e9e408 mozilla-nss-1.7.7-1.4.2.ia64.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm 315657d672cfe76deff0c273f90fad7b mozilla-nss-devel-1.7.7-1.4.2.ia64.rpm ppc: 83febc0de6be95993a8f2a20a4da766d devhelp-0.9.2-2.4.4.ppc.rpm 4fae1686f825c45f850844ba3eedc436 devhelp-devel-0.9.2-2.4.4.ppc.rpm 185ad4618a37c6f0a28fedc1a3fd4fca mozilla-1.7.7-1.4.2.ppc.rpm cbd01988ddf10d1b64489c0f9438bc9e mozilla-chat-1.7.7-1.4.2.ppc.rpm 0df3012f2b054c8e28a58869e200f42b mozilla-devel-1.7.7-1.4.2.ppc.rpm b36deec224434efaec23cdede98cf033 mozilla-dom-inspector-1.7.7-1.4.2.ppc.rpm bfd3115b95377cbe9265de5ba4e9b2f0 mozilla-js-debugger-1.7.7-1.4.2.ppc.rpm f38f0f839c37ca4e1504c2ffcbc89e7c mozilla-mail-1.7.7-1.4.2.ppc.rpm 6ca3295a379b74ffd0cecbefa2305ac7 mozilla-nspr-1.7.7-1.4.2.ppc.rpm 6655969d489d6e945e37509bf990d36a mozilla-nspr-devel-1.7.7-1.4.2.ppc.rpm 98408d351610f164e25caeb67d6ea397 mozilla-nss-1.7.7-1.4.2.ppc.rpm 3eed1ab3067cb0c442ac693659f1d453 mozilla-nss-devel-1.7.7-1.4.2.ppc.rpm s390: 176568f100bb9fd5cccea8e531da7554 mozilla-1.7.7-1.4.2.s390.rpm af346c0b75489ccd4ae14fafabcae21c mozilla-chat-1.7.7-1.4.2.s390.rpm a2b756a77abfee23e33d13bc283b44c8 mozilla-devel-1.7.7-1.4.2.s390.rpm da4dcb638c31eac7088d7d2c2050927d mozilla-dom-inspector-1.7.7-1.4.2.s390.rpm 133de3cb57ee5c5c1fa55efee2925a34 mozilla-js-debugger-1.7.7-1.4.2.s390.rpm 1a020cfc73ae380071df2a9489532185 mozilla-mail-1.7.7-1.4.2.s390.rpm 6204280717c19ff5b3c7f5ca10c9530d mozilla-nspr-1.7.7-1.4.2.s390.rpm 8bf028b245724a87538c367b7e585476 mozilla-nspr-devel-1.7.7-1.4.2.s390.rpm 8d7d5b3041e258dde55f47052353b805 mozilla-nss-1.7.7-1.4.2.s390.rpm 64391fb75ee314525943abf91984aa8d mozilla-nss-devel-1.7.7-1.4.2.s390.rpm s390x: ca922a863e155f505f71468df8bae910 mozilla-1.7.7-1.4.2.s390x.rpm f1c78c914b025d809a832d54e7988eb5 mozilla-chat-1.7.7-1.4.2.s390x.rpm 736841a23e0f81798b8a9c76c19319a9 mozilla-devel-1.7.7-1.4.2.s390x.rpm d05d9931e6c014cc816d888d438ec33b mozilla-dom-inspector-1.7.7-1.4.2.s390x.rpm 1b38c56b25dce8bbd88811f207ea70ce mozilla-js-debugger-1.7.7-1.4.2.s390x.rpm b06b66e2e36f0eb34d978876def9a092 mozilla-mail-1.7.7-1.4.2.s390x.rpm 7a5be88ee8f5a823e031e9a1971f48a5 mozilla-nspr-1.7.7-1.4.2.s390x.rpm 6204280717c19ff5b3c7f5ca10c9530d mozilla-nspr-1.7.7-1.4.2.s390.rpm bd32d6207ab69057e492967040f975b2 mozilla-nspr-devel-1.7.7-1.4.2.s390x.rpm cf19c4913c6037df61cdfef5f5e7adef mozilla-nss-1.7.7-1.4.2.s390x.rpm 8d7d5b3041e258dde55f47052353b805 mozilla-nss-1.7.7-1.4.2.s390.rpm 6c88346250dc1e8c6efa19c827178bb3 mozilla-nss-devel-1.7.7-1.4.2.s390x.rpm x86_64: 0985aecb86be8f38a3979a9d1f95ea7b devhelp-0.9.2-2.4.4.x86_64.rpm 047608c3bb930a49defeffa10ab8cd6c devhelp-devel-0.9.2-2.4.4.x86_64.rpm d35124a1ddb4f5867575c96315eb79ae mozilla-1.7.7-1.4.2.x86_64.rpm cc280fd917c37710042ca30b3e11f659 mozilla-chat-1.7.7-1.4.2.x86_64.rpm 269f775b5a849258ebd6da2080d78653 mozilla-devel-1.7.7-1.4.2.x86_64.rpm 2963d5acee207998565f0fba9cb1e40e mozilla-dom-inspector-1.7.7-1.4.2.x86_64.rpm 7000765a4e5094b2a73fd09ee2b23bfa mozilla-js-debugger-1.7.7-1.4.2.x86_64.rpm 67b7d2a673d4637dca1031458d7639b6 mozilla-mail-1.7.7-1.4.2.x86_64.rpm 62d43d6c31fa42358d5156f26506bd49 mozilla-nspr-1.7.7-1.4.2.x86_64.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm e3bbf8b1583cf625480a1e17ce554d6e mozilla-nspr-devel-1.7.7-1.4.2.x86_64.rpm ccc82b7866d14ec9bf300b14d5a3b10c mozilla-nss-1.7.7-1.4.2.x86_64.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm 3e7bfafef761f762e296a3b2815f0e01 mozilla-nss-devel-1.7.7-1.4.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/devhelp-0.9.2-2.4.4.src.rpm 81b56e1e82807f905fe929d98ec5e083 devhelp-0.9.2-2.4.4.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mozilla-1.7.7-1.4.2.src.rpm 9c8a8c1aef4f41051e61120451ffb62c mozilla-1.7.7-1.4.2.src.rpm i386: b3cdcac00c1c16fde66442b6f38d1893 devhelp-0.9.2-2.4.4.i386.rpm 46285d589642bfa7e91cd8b76b7b923f devhelp-devel-0.9.2-2.4.4.i386.rpm eb2a5bf63a7e386bd0e9ff163ffb3181 mozilla-1.7.7-1.4.2.i386.rpm d575f95906e488a9d1be3b9324ee5907 mozilla-chat-1.7.7-1.4.2.i386.rpm f94ca4535debb2f3a749b2222f8635ce mozilla-devel-1.7.7-1.4.2.i386.rpm b75eac2a363789c3d63626bb7cf70c26 mozilla-dom-inspector-1.7.7-1.4.2.i386.rpm 4b58ff85e2ebbb4245c10f66f99b1cec mozilla-js-debugger-1.7.7-1.4.2.i386.rpm fba6ed4071fb78faec5728123a717e85 mozilla-mail-1.7.7-1.4.2.i386.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm eb631b1411126c1ec54687ae05b5b025 mozilla-nspr-devel-1.7.7-1.4.2.i386.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm 9ce7d067a5d9bcb269f372073ebe3883 mozilla-nss-devel-1.7.7-1.4.2.i386.rpm x86_64: 0985aecb86be8f38a3979a9d1f95ea7b devhelp-0.9.2-2.4.4.x86_64.rpm 047608c3bb930a49defeffa10ab8cd6c devhelp-devel-0.9.2-2.4.4.x86_64.rpm d35124a1ddb4f5867575c96315eb79ae mozilla-1.7.7-1.4.2.x86_64.rpm cc280fd917c37710042ca30b3e11f659 mozilla-chat-1.7.7-1.4.2.x86_64.rpm 269f775b5a849258ebd6da2080d78653 mozilla-devel-1.7.7-1.4.2.x86_64.rpm 2963d5acee207998565f0fba9cb1e40e mozilla-dom-inspector-1.7.7-1.4.2.x86_64.rpm 7000765a4e5094b2a73fd09ee2b23bfa mozilla-js-debugger-1.7.7-1.4.2.x86_64.rpm 67b7d2a673d4637dca1031458d7639b6 mozilla-mail-1.7.7-1.4.2.x86_64.rpm 62d43d6c31fa42358d5156f26506bd49 mozilla-nspr-1.7.7-1.4.2.x86_64.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm e3bbf8b1583cf625480a1e17ce554d6e mozilla-nspr-devel-1.7.7-1.4.2.x86_64.rpm ccc82b7866d14ec9bf300b14d5a3b10c mozilla-nss-1.7.7-1.4.2.x86_64.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm 3e7bfafef761f762e296a3b2815f0e01 mozilla-nss-devel-1.7.7-1.4.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/devhelp-0.9.2-2.4.4.src.rpm 81b56e1e82807f905fe929d98ec5e083 devhelp-0.9.2-2.4.4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mozilla-1.7.7-1.4.2.src.rpm 9c8a8c1aef4f41051e61120451ffb62c mozilla-1.7.7-1.4.2.src.rpm i386: b3cdcac00c1c16fde66442b6f38d1893 devhelp-0.9.2-2.4.4.i386.rpm 46285d589642bfa7e91cd8b76b7b923f devhelp-devel-0.9.2-2.4.4.i386.rpm eb2a5bf63a7e386bd0e9ff163ffb3181 mozilla-1.7.7-1.4.2.i386.rpm d575f95906e488a9d1be3b9324ee5907 mozilla-chat-1.7.7-1.4.2.i386.rpm f94ca4535debb2f3a749b2222f8635ce mozilla-devel-1.7.7-1.4.2.i386.rpm b75eac2a363789c3d63626bb7cf70c26 mozilla-dom-inspector-1.7.7-1.4.2.i386.rpm 4b58ff85e2ebbb4245c10f66f99b1cec mozilla-js-debugger-1.7.7-1.4.2.i386.rpm fba6ed4071fb78faec5728123a717e85 mozilla-mail-1.7.7-1.4.2.i386.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm eb631b1411126c1ec54687ae05b5b025 mozilla-nspr-devel-1.7.7-1.4.2.i386.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm 9ce7d067a5d9bcb269f372073ebe3883 mozilla-nss-devel-1.7.7-1.4.2.i386.rpm ia64: 879ace0b626043b40c64ee432b65a1ce mozilla-1.7.7-1.4.2.ia64.rpm b107181b1344950ca7f8eeec3f7413f0 mozilla-chat-1.7.7-1.4.2.ia64.rpm 6d5ee8986f6708e0970c1f2999b115dd mozilla-devel-1.7.7-1.4.2.ia64.rpm f36c2fd2e09c764826985e19800f2faa mozilla-dom-inspector-1.7.7-1.4.2.ia64.rpm c572e94851b5d7967c87a95f36f28121 mozilla-js-debugger-1.7.7-1.4.2.ia64.rpm c716f1cd119f40feeb65824b23457a41 mozilla-mail-1.7.7-1.4.2.ia64.rpm 7955f4bfcb0fe6d06f4dd98ff5e174d9 mozilla-nspr-1.7.7-1.4.2.ia64.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm 8522dad1e43a45e01f58842144054acf mozilla-nspr-devel-1.7.7-1.4.2.ia64.rpm 3556a68874546cbb0d301b2e35e9e408 mozilla-nss-1.7.7-1.4.2.ia64.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm 315657d672cfe76deff0c273f90fad7b mozilla-nss-devel-1.7.7-1.4.2.ia64.rpm x86_64: 0985aecb86be8f38a3979a9d1f95ea7b devhelp-0.9.2-2.4.4.x86_64.rpm 047608c3bb930a49defeffa10ab8cd6c devhelp-devel-0.9.2-2.4.4.x86_64.rpm d35124a1ddb4f5867575c96315eb79ae mozilla-1.7.7-1.4.2.x86_64.rpm cc280fd917c37710042ca30b3e11f659 mozilla-chat-1.7.7-1.4.2.x86_64.rpm 269f775b5a849258ebd6da2080d78653 mozilla-devel-1.7.7-1.4.2.x86_64.rpm 2963d5acee207998565f0fba9cb1e40e mozilla-dom-inspector-1.7.7-1.4.2.x86_64.rpm 7000765a4e5094b2a73fd09ee2b23bfa mozilla-js-debugger-1.7.7-1.4.2.x86_64.rpm 67b7d2a673d4637dca1031458d7639b6 mozilla-mail-1.7.7-1.4.2.x86_64.rpm 62d43d6c31fa42358d5156f26506bd49 mozilla-nspr-1.7.7-1.4.2.x86_64.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm e3bbf8b1583cf625480a1e17ce554d6e mozilla-nspr-devel-1.7.7-1.4.2.x86_64.rpm ccc82b7866d14ec9bf300b14d5a3b10c mozilla-nss-1.7.7-1.4.2.x86_64.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm 3e7bfafef761f762e296a3b2815f0e01 mozilla-nss-devel-1.7.7-1.4.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/devhelp-0.9.2-2.4.4.src.rpm 81b56e1e82807f905fe929d98ec5e083 devhelp-0.9.2-2.4.4.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mozilla-1.7.7-1.4.2.src.rpm 9c8a8c1aef4f41051e61120451ffb62c mozilla-1.7.7-1.4.2.src.rpm i386: b3cdcac00c1c16fde66442b6f38d1893 devhelp-0.9.2-2.4.4.i386.rpm 46285d589642bfa7e91cd8b76b7b923f devhelp-devel-0.9.2-2.4.4.i386.rpm eb2a5bf63a7e386bd0e9ff163ffb3181 mozilla-1.7.7-1.4.2.i386.rpm d575f95906e488a9d1be3b9324ee5907 mozilla-chat-1.7.7-1.4.2.i386.rpm f94ca4535debb2f3a749b2222f8635ce mozilla-devel-1.7.7-1.4.2.i386.rpm b75eac2a363789c3d63626bb7cf70c26 mozilla-dom-inspector-1.7.7-1.4.2.i386.rpm 4b58ff85e2ebbb4245c10f66f99b1cec mozilla-js-debugger-1.7.7-1.4.2.i386.rpm fba6ed4071fb78faec5728123a717e85 mozilla-mail-1.7.7-1.4.2.i386.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm eb631b1411126c1ec54687ae05b5b025 mozilla-nspr-devel-1.7.7-1.4.2.i386.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm 9ce7d067a5d9bcb269f372073ebe3883 mozilla-nss-devel-1.7.7-1.4.2.i386.rpm ia64: 879ace0b626043b40c64ee432b65a1ce mozilla-1.7.7-1.4.2.ia64.rpm b107181b1344950ca7f8eeec3f7413f0 mozilla-chat-1.7.7-1.4.2.ia64.rpm 6d5ee8986f6708e0970c1f2999b115dd mozilla-devel-1.7.7-1.4.2.ia64.rpm f36c2fd2e09c764826985e19800f2faa mozilla-dom-inspector-1.7.7-1.4.2.ia64.rpm c572e94851b5d7967c87a95f36f28121 mozilla-js-debugger-1.7.7-1.4.2.ia64.rpm c716f1cd119f40feeb65824b23457a41 mozilla-mail-1.7.7-1.4.2.ia64.rpm 7955f4bfcb0fe6d06f4dd98ff5e174d9 mozilla-nspr-1.7.7-1.4.2.ia64.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm 8522dad1e43a45e01f58842144054acf mozilla-nspr-devel-1.7.7-1.4.2.ia64.rpm 3556a68874546cbb0d301b2e35e9e408 mozilla-nss-1.7.7-1.4.2.ia64.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm 315657d672cfe76deff0c273f90fad7b mozilla-nss-devel-1.7.7-1.4.2.ia64.rpm x86_64: 0985aecb86be8f38a3979a9d1f95ea7b devhelp-0.9.2-2.4.4.x86_64.rpm 047608c3bb930a49defeffa10ab8cd6c devhelp-devel-0.9.2-2.4.4.x86_64.rpm d35124a1ddb4f5867575c96315eb79ae mozilla-1.7.7-1.4.2.x86_64.rpm cc280fd917c37710042ca30b3e11f659 mozilla-chat-1.7.7-1.4.2.x86_64.rpm 269f775b5a849258ebd6da2080d78653 mozilla-devel-1.7.7-1.4.2.x86_64.rpm 2963d5acee207998565f0fba9cb1e40e mozilla-dom-inspector-1.7.7-1.4.2.x86_64.rpm 7000765a4e5094b2a73fd09ee2b23bfa mozilla-js-debugger-1.7.7-1.4.2.x86_64.rpm 67b7d2a673d4637dca1031458d7639b6 mozilla-mail-1.7.7-1.4.2.x86_64.rpm 62d43d6c31fa42358d5156f26506bd49 mozilla-nspr-1.7.7-1.4.2.x86_64.rpm 01d4c4ea5544ffe7893f0caaac5f26f6 mozilla-nspr-1.7.7-1.4.2.i386.rpm e3bbf8b1583cf625480a1e17ce554d6e mozilla-nspr-devel-1.7.7-1.4.2.x86_64.rpm ccc82b7866d14ec9bf300b14d5a3b10c mozilla-nss-1.7.7-1.4.2.x86_64.rpm fa2c382bdfbb5957fd11742599763448 mozilla-nss-1.7.7-1.4.2.i386.rpm 3e7bfafef761f762e296a3b2815f0e01 mozilla-nss-devel-1.7.7-1.4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.7 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0989 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1153 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1156 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1160 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCbm0/XlSAg2UNWIIRAmtDAJ0fLb9Q+JnUCqWz+WlJUphCSyIsEQCdHP+T kJDRXj1VvFYaZlqQBBzNjQI= =GVid -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 28 15:16:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Apr 2005 11:16 -0400 Subject: [RHSA-2005:261-01] Low: glibc security update Message-ID: <200504281516.j3SFGrZ15912@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: glibc security update Advisory ID: RHSA-2005:261-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-261.html Issue date: 2005-04-28 Updated on: 2005-04-28 Product: Red Hat Enterprise Linux Keywords: glibc LD_DEBUG catchsegv glibcbug CVE Names: CAN-2004-0968 CAN-2004-1382 CAN-2004-1453 - --------------------------------------------------------------------- 1. Summary: Updated glibc packages that address several bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: The GNU libc packages (known as glibc) contain the standard C libraries used by applications. Flaws in the catchsegv and glibcbug scripts were discovered. A local user could utilize these flaws to overwrite files via a symlink attack on temporary files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0968 and CAN-2004-1382 to these issues. It was discovered that the use of LD_DEBUG and LD_SHOW_AUXV were not restricted for a setuid program. A local user could utilize this flaw to gain information, such as the list of symbols used by the program. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1453 to this issue. This erratum also addresses the following bugs in the GNU C Library: - - Now avoids calling sigaction (SIGPIPE, ...) in syslog implementation - - Fixed poll on Itanium - - Now allows setenv/putenv in shared library constructors Users of glibc are advised to upgrade to these erratum packages that remove the unecessary glibcbug script and contain backported patches to correct these other issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 140068 - [RHAS2.1] CAN-2004-0968 temporary file vulnerabilities in catchsegv script 140487 - [RHAS2.1] Bad declaration of __syscall_poll can cause bogus values for timeout to be passed to the kernel 148814 - CAN-2004-1453 Information leak with LD_DEBUG 148800 - CAN-2004-1382 insecure temporary file usage 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/glibc-2.2.4-32.20.src.rpm 86c397f7614278f57b9b814d6adedace glibc-2.2.4-32.20.src.rpm i386: 5b601e85eba293c52d9fe15d8e766a12 glibc-2.2.4-32.20.i386.rpm e1c21533e3d86da39390e93d4b93060e glibc-2.2.4-32.20.i686.rpm b7eda3e6a3b7f24813415c692bde5cff glibc-common-2.2.4-32.20.i386.rpm 0b39ef1f661609a0346675b1877a6288 glibc-devel-2.2.4-32.20.i386.rpm 88ed7d4adfcf4627478367a253a65989 glibc-profile-2.2.4-32.20.i386.rpm b3d6d4389676fc0652277f490d47dfec nscd-2.2.4-32.20.i386.rpm ia64: 158103afa78aec998e3db120d245cd37 glibc-2.2.4-32.20.ia64.rpm 321c25cf3605db040fef49a79c443618 glibc-common-2.2.4-32.20.ia64.rpm a5eb76dc9b8dbcf8cfd6938d1a957977 glibc-devel-2.2.4-32.20.ia64.rpm b24148c15938f32f7a5f7df0773eb092 glibc-profile-2.2.4-32.20.ia64.rpm 925478d53517e5cd62762f608b4e26f8 nscd-2.2.4-32.20.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/glibc-2.2.4-32.20.src.rpm 86c397f7614278f57b9b814d6adedace glibc-2.2.4-32.20.src.rpm ia64: 158103afa78aec998e3db120d245cd37 glibc-2.2.4-32.20.ia64.rpm 321c25cf3605db040fef49a79c443618 glibc-common-2.2.4-32.20.ia64.rpm a5eb76dc9b8dbcf8cfd6938d1a957977 glibc-devel-2.2.4-32.20.ia64.rpm b24148c15938f32f7a5f7df0773eb092 glibc-profile-2.2.4-32.20.ia64.rpm 925478d53517e5cd62762f608b4e26f8 nscd-2.2.4-32.20.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/glibc-2.2.4-32.20.src.rpm 86c397f7614278f57b9b814d6adedace glibc-2.2.4-32.20.src.rpm i386: 5b601e85eba293c52d9fe15d8e766a12 glibc-2.2.4-32.20.i386.rpm e1c21533e3d86da39390e93d4b93060e glibc-2.2.4-32.20.i686.rpm b7eda3e6a3b7f24813415c692bde5cff glibc-common-2.2.4-32.20.i386.rpm 0b39ef1f661609a0346675b1877a6288 glibc-devel-2.2.4-32.20.i386.rpm 88ed7d4adfcf4627478367a253a65989 glibc-profile-2.2.4-32.20.i386.rpm b3d6d4389676fc0652277f490d47dfec nscd-2.2.4-32.20.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/glibc-2.2.4-32.20.src.rpm 86c397f7614278f57b9b814d6adedace glibc-2.2.4-32.20.src.rpm i386: 5b601e85eba293c52d9fe15d8e766a12 glibc-2.2.4-32.20.i386.rpm e1c21533e3d86da39390e93d4b93060e glibc-2.2.4-32.20.i686.rpm b7eda3e6a3b7f24813415c692bde5cff glibc-common-2.2.4-32.20.i386.rpm 0b39ef1f661609a0346675b1877a6288 glibc-devel-2.2.4-32.20.i386.rpm 88ed7d4adfcf4627478367a253a65989 glibc-profile-2.2.4-32.20.i386.rpm b3d6d4389676fc0652277f490d47dfec nscd-2.2.4-32.20.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0968 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1453 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCcP5iXlSAg2UNWIIRAiAfAJ4zWUXUcvyQ+T5IlLh14Sf61ImBEACgoE7l Tar3vxLww2u0QMfW/biOfFM= =7I1g -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 28 15:17:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Apr 2005 11:17 -0400 Subject: [RHSA-2005:283-01] Important: kernel security update Message-ID: <200504281517.j3SFHCZ15926@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2005:283-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-283.html Issue date: 2005-04-28 Updated on: 2005-04-28 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-0619 CAN-2005-0384 CAN-2005-0449 CAN-2005-0750 - --------------------------------------------------------------------- 1. Summary: Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 2.1. This is the seventh regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: The Linux kernel handles the basic functions of the operating system. This is the seventh regular kernel update to Red Hat Enterprise Linux 2.1 The following security updates were made: A flaw in fragment queuing was discovered that affected the Linux 2.4 and Linux 2.6 kernel netfilter subsystem. On systems configured to filter or process network packets (for example those configured to do firewalling), a remote attacker could send a carefully crafted set of fragmented packets to a machine and cause a denial of service (system crash). In order to sucessfully exploit this flaw, the attacker would need to know (or guess) some aspects of the firewall ruleset in place on the target system to be able to craft the right fragmented packets. (CAN-2005-0449) A flaw was discovered in the Linux PPP driver. On systems allowing remote users to connect to a server using ppp, a remote client could cause a denial of service (system crash). (CAN-2005-0384) A flaw was discovered in the bluetooth driver system. On system where the bluetooth modules are loaded, a local user could use this flaw to gain elevated (root) privileges. (CAN-2005-0750) An integer overflow flaw was discovered in the ubsec_keysetup function in the Broadcom 5820 cryptonet driver. On systems using this driver, a local user could cause a denial of service (crash) or possibly gain elevated privileges. (CAN-2004-0619) Please note that this update contains an unpatched kernel module called bcm5820_old for backwards compatibility which is still vulnerable to CAN-2004-0619. The following device drivers have been updated to new versions: mptfusion: 2.05.16 -> 2.05.16.02 bcm5820: 1.17 -> 1.81 cciss: 2.4.52 -> 2.4.54 qla2x00: 6.04.01 -> 7.01.01 There were many bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 2.1. Bug fixes include: - Fixes an incorrect and ever-changing physical_id field in /proc/cpuinfo. - Now recognizes a particular e1000 device (PCI ID 8086:1014) - Fixes a panic in disk quota code - Fixes a bug in which msync(...MS_SYNC) returns before the data is written to disk - Adds new devices to the SCSI scan list so they can be initialized and handled properly: LSI ProFibre 4000R, HP HSV200/210, HP MSA, STK OPENstorage D178. - Fixes a potential format overflow in /proc/partitions - Restores module parameters to the e100 driver for compatibility with existing customer scripts. - Fixes a bug in which cat'ing /proc/mdstat while adding/removing devices can cause a kernel oops All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. Please note that a vulnerability addressed by this update (CAN-2005-0449) required a change to the kernel module ABI which could cause third party modules to not work. However, Red Hat is currently not aware of any module that would be affected by this change. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise 5. Bug IDs fixed (http://bugzilla.redhat.com/): 127256 - CAN-2004-0619 Broadcom 5820 integer overflow 147674 - physical_id field of /proc/cpuinfo contains arbitrary values that change 151803 - CAN-2005-0449 Possible remote Oops/firewall bypass 151242 - CAN-2005-0384 pppd remote DoS 152179 - CAN-2005-0750 bluetooth security flaw 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kernel-2.4.9-e.62.src.rpm 8bcec230f8895b907a6300626ced0dbf kernel-2.4.9-e.62.src.rpm i386: 7fa5f91dac379821e1cb6413b5db02ff kernel-2.4.9-e.62.athlon.rpm 41604091576bb1126154035d7c0ae45f kernel-2.4.9-e.62.i686.rpm ede93e1af6c884488268a4322840341d kernel-BOOT-2.4.9-e.62.i386.rpm cec5c68f2ce35d8d1e8021c0f29b6dca kernel-debug-2.4.9-e.62.i686.rpm f9e95fdbdd9a2fd3eb77d9b6106211b1 kernel-doc-2.4.9-e.62.i386.rpm 386b858e5f31f17b0c4e2fdc6dca5413 kernel-enterprise-2.4.9-e.62.i686.rpm 5207e13b01f6d7686f0f71fd97843a12 kernel-headers-2.4.9-e.62.i386.rpm 2f129c38c477f62e934936f6db7a65ba kernel-smp-2.4.9-e.62.athlon.rpm 98bf1e315f5c2b3492dd2ffc83bbe974 kernel-smp-2.4.9-e.62.i686.rpm e50286b5695891e5b6bd0b54d4ef8986 kernel-source-2.4.9-e.62.i386.rpm 52b00cd6af3f6c50840ea2787073a700 kernel-summit-2.4.9-e.62.i686.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kernel-2.4.9-e.62.src.rpm 8bcec230f8895b907a6300626ced0dbf kernel-2.4.9-e.62.src.rpm i386: 7fa5f91dac379821e1cb6413b5db02ff kernel-2.4.9-e.62.athlon.rpm 41604091576bb1126154035d7c0ae45f kernel-2.4.9-e.62.i686.rpm ede93e1af6c884488268a4322840341d kernel-BOOT-2.4.9-e.62.i386.rpm cec5c68f2ce35d8d1e8021c0f29b6dca kernel-debug-2.4.9-e.62.i686.rpm f9e95fdbdd9a2fd3eb77d9b6106211b1 kernel-doc-2.4.9-e.62.i386.rpm 5207e13b01f6d7686f0f71fd97843a12 kernel-headers-2.4.9-e.62.i386.rpm 2f129c38c477f62e934936f6db7a65ba kernel-smp-2.4.9-e.62.athlon.rpm 98bf1e315f5c2b3492dd2ffc83bbe974 kernel-smp-2.4.9-e.62.i686.rpm e50286b5695891e5b6bd0b54d4ef8986 kernel-source-2.4.9-e.62.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kernel-2.4.9-e.62.src.rpm 8bcec230f8895b907a6300626ced0dbf kernel-2.4.9-e.62.src.rpm i386: 7fa5f91dac379821e1cb6413b5db02ff kernel-2.4.9-e.62.athlon.rpm 41604091576bb1126154035d7c0ae45f kernel-2.4.9-e.62.i686.rpm ede93e1af6c884488268a4322840341d kernel-BOOT-2.4.9-e.62.i386.rpm cec5c68f2ce35d8d1e8021c0f29b6dca kernel-debug-2.4.9-e.62.i686.rpm f9e95fdbdd9a2fd3eb77d9b6106211b1 kernel-doc-2.4.9-e.62.i386.rpm 386b858e5f31f17b0c4e2fdc6dca5413 kernel-enterprise-2.4.9-e.62.i686.rpm 5207e13b01f6d7686f0f71fd97843a12 kernel-headers-2.4.9-e.62.i386.rpm 2f129c38c477f62e934936f6db7a65ba kernel-smp-2.4.9-e.62.athlon.rpm 98bf1e315f5c2b3492dd2ffc83bbe974 kernel-smp-2.4.9-e.62.i686.rpm e50286b5695891e5b6bd0b54d4ef8986 kernel-source-2.4.9-e.62.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0619 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0750 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCcP5zXlSAg2UNWIIRAti0AJ9tm03akxNjs1F4HAK662e+fSDBIQCeILHJ tJG87/MPBNEgbgKCempsdOY= =x2ld -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 28 15:17:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Apr 2005 11:17 -0400 Subject: [RHSA-2005:284-01] Important: kernel security update Message-ID: <200504281517.j3SFHSZ15932@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2005:284-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-284.html Issue date: 2005-04-28 Updated on: 2005-04-28 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0135 CAN-2005-0137 CAN-2005-0384 CAN-2005-0449 CAN-2005-0750 - --------------------------------------------------------------------- 1. Summary: Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 2.1 for 64-bit architectures. This is the seventh regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 3. Problem description: The Linux kernel handles the basic functions of the operating system. This is the seventh regular kernel update to Red Hat Enterprise Linux 2.1. The following security updates were made: A flaw in fragment queuing was discovered that affected the Linux 2.4 and Linux 2.6 kernel netfilter subsystem. On systems configured to filter or process network packets (for example, those configured to do firewalling), a remote attacker could send a carefully crafted set of fragmented packets to a machine and cause a denial of service (system crash). In order to sucessfully exploit this flaw, the attacker would need to know (or guess) some aspects of the firewall ruleset in place on the target system to be able to craft the right fragmented packets. (CAN-2005-0449) A flaw was discovered in the Linux PPP driver. On systems allowing remote users to connect to a server using ppp, a remote client could cause a denial of service (system crash). (CAN-2005-0384) A flaw was discovered in the bluetooth driver system. On systems where the bluetooth modules are loaded, a local user could use this flaw to gain elevated (root) privileges. (CAN-2005-0750) Keith Owens reported a flaw in the Itanium unw_unwind_to_user() function. A local user could use this flaw to cause a denial of service (system crash). (CAN-2005-0135) A missing Itanium syscall table entry could allow an unprivileged local user to cause a denial of service (system crash). (CAN-2005-0137) There were several bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 2.1. Bug fixes for this release include: - Fixes an incorrect test in RPC for SYN packets when reconnecting an idle TCP link - Fixes a memory-corruption bug in the DMA path that can cause system hangs or unpredictable behavior under heavy I/O load - Adds new devices to the SCSI scan list so they can be initialized and handled properly: LSI ProFibre 4000R, HP HSV200/210, HP MSA, STK OPENstorage D178. - Fixes a hang under heavy I/O load in the qla1280 driver - Fixes a panic in disk quota code - Fixes a potential format overflow in /proc/partitions - Fixes ipvs calls to ip_defrag() All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. Please note that a vulnerability addressed by this update (CAN-2005-0449) required a change to the kernel module ABI which could cause third party modules to not work. However, Red Hat is currently not aware of any module that would be affected by this change. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise 5. Bug IDs fixed (http://bugzilla.redhat.com/): 151804 - CAN-2005-0449 Possible remote Oops/firewall bypass 151243 - CAN-2005-0384 pppd remote DoS (ipf) 152180 - CAN-2005-0750 bluetooth security flaw (ipf) 148870 - CAN-2005-0135 ia64 local DoS 148860 - CAN-2005-0137 ia64 syscall_table DoS 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kernel-2.4.18-e.56.src.rpm f365099f940d4e423cc3be53a10116ea kernel-2.4.18-e.56.src.rpm ia64: ac9ee030a03260952fce4c72ec8f5ef5 kernel-2.4.18-e.56.ia64.rpm 62460cbfcc0c379434e2e77e39ca9a1a kernel-doc-2.4.18-e.56.ia64.rpm c001f4b6c8b442a5d81ae2211b8210e2 kernel-smp-2.4.18-e.56.ia64.rpm a9e199cec346086dcf09e3735a1bcbcd kernel-source-2.4.18-e.56.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kernel-2.4.18-e.56.src.rpm f365099f940d4e423cc3be53a10116ea kernel-2.4.18-e.56.src.rpm ia64: ac9ee030a03260952fce4c72ec8f5ef5 kernel-2.4.18-e.56.ia64.rpm 62460cbfcc0c379434e2e77e39ca9a1a kernel-doc-2.4.18-e.56.ia64.rpm c001f4b6c8b442a5d81ae2211b8210e2 kernel-smp-2.4.18-e.56.ia64.rpm a9e199cec346086dcf09e3735a1bcbcd kernel-source-2.4.18-e.56.ia64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0135 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0750 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCcP59XlSAg2UNWIIRAqwxAJ0VJgTnAcvrRlMlZMvTCgRWSFGwKACdFyJw yi7zFEFjsFmAzhrcjeJJIkI= =qu2h -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 28 19:13:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Apr 2005 15:13 -0400 Subject: [RHSA-2005:384-01] Important: Mozilla security update Message-ID: <200504281913.j3SJD0Z26690@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: Mozilla security update Advisory ID: RHSA-2005:384-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-384.html Issue date: 2005-04-28 Updated on: 2005-04-28 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-1156 CAN-2005-0142 CAN-2005-0143 CAN-2005-0146 CAN-2005-0231 CAN-2005-0232 CAN-2005-0233 CAN-2005-0401 CAN-2005-0527 CAN-2005-0578 CAN-2005-0584 CAN-2005-0585 CAN-2005-0586 CAN-2005-0588 CAN-2005-0590 CAN-2005-0591 CAN-2005-0593 CAN-2005-0989 CAN-2005-1153 CAN-2005-1154 CAN-2005-1155 CAN-2005-1156 CAN-2005-1157 CAN-2005-1159 CAN-2005-1160 - --------------------------------------------------------------------- 1. Summary: Updated Mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs were found with the way Mozilla displays the secure site icon. It is possible that a malicious website could display the secure site icon along with incorrect certificate information. (CAN-2005-0143 CAN-2005-0593) A bug was found in the way Mozilla handles synthetic middle click events. It is possible for a malicious web page to steal the contents of a victims clipboard. (CAN-2005-0146) Several bugs were found with the way Mozilla handles temporary files. A local user could view sensitive temporary information or delete arbitrary files. (CAN-2005-0142 CAN-2005-0578) A bug was found in the way Mozilla handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CAN-2004-1156) A flaw was found in the way Mozilla displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not. (CAN-2005-0233) A bug was found in the way Mozilla processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. (CAN-2005-0401) A bug was found in the way Mozilla handles xsl:include and xsl:import directives. It is possible for a malicious website to import XSLT stylesheets from a domain behind a firewall, leaking information to an attacker. (CAN-2005-0588) Several bugs were found in the way Mozilla displays alert dialogs. It is possible for a malicious webserver or website to trick a user into thinking the dialog window is being generated from a trusted site. (CAN-2005-0586 CAN-2005-0591 CAN-2005-0585 CAN-2005-0590 CAN-2005-0584) A bug was found in the Mozilla javascript security manager. If a user drags a malicious link to a tab, the javascript security manager is bypassed, which could result in remote code execution or information disclosure. (CAN-2005-0231) A bug was found in the way Mozilla allows plug-ins to load privileged content into a frame. It is possible that a malicious webpage could trick a user into clicking in certain places to modify configuration settings or execute arbitrary code. (CAN-2005-0232 and CAN-2005-0527) A bug was found in the way Mozilla handles anonymous functions during regular expression string replacement. It is possible for a malicious web page to capture a random block of browser memory. (CAN-2005-0989) A bug was found in the way Mozilla displays pop-up windows. If a user choses to open a pop-up window whose URL is malicious javascript, the script will be executed with elevated privileges. (CAN-2005-1153) A bug was found in the way Mozilla installed search plugins. If a user chooses to install a search plugin from a malicious site, the new plugin could silently overwrite an existing plugin. This could allow the malicious plugin to execute arbitrary code and stealm sensitive information. (CAN-2005-1156 CAN-2005-1157) Several bugs were found in the Mozilla javascript engine. A malicious web page could leverage these issues to execute javascript with elevated privileges or steal sensitive information. (CAN-2005-1154 CAN-2005-1155 CAN-2005-1159 CAN-2005-1160) Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.7.7 to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 142390 - CAN-2004-1156 Frame injection vulnerability. 144080 - CAN-2005-0585 download dialog URL spoofing 145606 - CAN-2005-0142 Opened attachments are temporarily saved world-readable 145607 - CAN-2005-0143 Secure site lock can be spoofed with a binary download 145613 - CAN-2005-0146 Synthetic middle-click event can steal clipboard contents 147397 - homograph spoofing 152580 - CAN-2005-0578 Mozilla issues (CAN-2005-0232 CAN-2005-0527 CAN-2005-0231 CAN-2005-0584 CAN-2005-0585 CAN-2005-0586 CAN-2005-0588 CAN-2005-0590 CAN-2005-0591 CAN-2005-0593) 155117 - CAN-2005-0989 Multiple Mozilla issues. (CAN-2005-1153 CAN-2005-1154 CAN-2005-1155 CAN-2005-1156 CAN-2005-1157 CAN-2005-1159 CAN-2005-1160) 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/galeon-1.2.14-1.2.3.src.rpm 07d56551ec862e8f31a6de9ec9b46485 galeon-1.2.14-1.2.3.src.rpm ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mozilla-1.7.7-1.1.2.1.src.rpm 4b4ed11ca58571c793c613c4bdddb6cc mozilla-1.7.7-1.1.2.1.src.rpm i386: b1666209547c01469430edc30ad56eca galeon-1.2.14-1.2.3.i386.rpm 9c657d56f41bdf683c6e32ee7725f80e mozilla-1.7.7-1.1.2.1.i386.rpm 2790d364098c4967ccaaa2e066910f4d mozilla-chat-1.7.7-1.1.2.1.i386.rpm 2d962e0048ee7bf28fe46b10ff4f7995 mozilla-devel-1.7.7-1.1.2.1.i386.rpm cb841f2bca59e91836fb9fc789e71b7d mozilla-dom-inspector-1.7.7-1.1.2.1.i386.rpm 3065f5bbddfe2847d5086ec7a9fecf25 mozilla-js-debugger-1.7.7-1.1.2.1.i386.rpm 11a5bebb1e5a2bb03c91bc4af799c63f mozilla-mail-1.7.7-1.1.2.1.i386.rpm 3ff3a556dbeb5e230cfea37a09758a18 mozilla-nspr-1.7.7-1.1.2.1.i386.rpm 75596eac1b481ecbb2cec1b1395f9430 mozilla-nspr-devel-1.7.7-1.1.2.1.i386.rpm 283e705b2bf5b614bb2c06406bb3912d mozilla-nss-1.7.7-1.1.2.1.i386.rpm 8f1be6c41914a462802a7d08f9964dce mozilla-nss-devel-1.7.7-1.1.2.1.i386.rpm ia64: 24355dff0a64b0e3db3b8dcb42fb0d9f galeon-1.2.14-1.2.3.ia64.rpm 13ed50f691e34fd5c4589731edb3b68c mozilla-1.7.7-1.1.2.1.ia64.rpm 6cd0cc13580862862fd2ed20739f50f0 mozilla-chat-1.7.7-1.1.2.1.ia64.rpm ec70a66a20196c8bc164f1edbc0ecaad mozilla-devel-1.7.7-1.1.2.1.ia64.rpm 4ddbb18866e5744e53049967d4072e8f mozilla-dom-inspector-1.7.7-1.1.2.1.ia64.rpm 7b8583815c6bd27fc6614a9e8d299e22 mozilla-js-debugger-1.7.7-1.1.2.1.ia64.rpm 9e43b191a19de44c30651a6b7cf435b4 mozilla-mail-1.7.7-1.1.2.1.ia64.rpm 1f76d9355ebb0ff70160f3f10d865c61 mozilla-nspr-1.7.7-1.1.2.1.ia64.rpm 19e27678ace617f22e73c886a56f4c6a mozilla-nspr-devel-1.7.7-1.1.2.1.ia64.rpm b173b8a89edc37dfab359f1d20c2efa8 mozilla-nss-1.7.7-1.1.2.1.ia64.rpm d1700e681b74e1653684bd079b8d8bd0 mozilla-nss-devel-1.7.7-1.1.2.1.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/galeon-1.2.14-1.2.3.src.rpm 07d56551ec862e8f31a6de9ec9b46485 galeon-1.2.14-1.2.3.src.rpm ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mozilla-1.7.7-1.1.2.1.src.rpm 4b4ed11ca58571c793c613c4bdddb6cc mozilla-1.7.7-1.1.2.1.src.rpm ia64: 24355dff0a64b0e3db3b8dcb42fb0d9f galeon-1.2.14-1.2.3.ia64.rpm 13ed50f691e34fd5c4589731edb3b68c mozilla-1.7.7-1.1.2.1.ia64.rpm 6cd0cc13580862862fd2ed20739f50f0 mozilla-chat-1.7.7-1.1.2.1.ia64.rpm ec70a66a20196c8bc164f1edbc0ecaad mozilla-devel-1.7.7-1.1.2.1.ia64.rpm 4ddbb18866e5744e53049967d4072e8f mozilla-dom-inspector-1.7.7-1.1.2.1.ia64.rpm 7b8583815c6bd27fc6614a9e8d299e22 mozilla-js-debugger-1.7.7-1.1.2.1.ia64.rpm 9e43b191a19de44c30651a6b7cf435b4 mozilla-mail-1.7.7-1.1.2.1.ia64.rpm 1f76d9355ebb0ff70160f3f10d865c61 mozilla-nspr-1.7.7-1.1.2.1.ia64.rpm 19e27678ace617f22e73c886a56f4c6a mozilla-nspr-devel-1.7.7-1.1.2.1.ia64.rpm b173b8a89edc37dfab359f1d20c2efa8 mozilla-nss-1.7.7-1.1.2.1.ia64.rpm d1700e681b74e1653684bd079b8d8bd0 mozilla-nss-devel-1.7.7-1.1.2.1.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/galeon-1.2.14-1.2.3.src.rpm 07d56551ec862e8f31a6de9ec9b46485 galeon-1.2.14-1.2.3.src.rpm ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mozilla-1.7.7-1.1.2.1.src.rpm 4b4ed11ca58571c793c613c4bdddb6cc mozilla-1.7.7-1.1.2.1.src.rpm i386: b1666209547c01469430edc30ad56eca galeon-1.2.14-1.2.3.i386.rpm 9c657d56f41bdf683c6e32ee7725f80e mozilla-1.7.7-1.1.2.1.i386.rpm 2790d364098c4967ccaaa2e066910f4d mozilla-chat-1.7.7-1.1.2.1.i386.rpm 2d962e0048ee7bf28fe46b10ff4f7995 mozilla-devel-1.7.7-1.1.2.1.i386.rpm cb841f2bca59e91836fb9fc789e71b7d mozilla-dom-inspector-1.7.7-1.1.2.1.i386.rpm 3065f5bbddfe2847d5086ec7a9fecf25 mozilla-js-debugger-1.7.7-1.1.2.1.i386.rpm 11a5bebb1e5a2bb03c91bc4af799c63f mozilla-mail-1.7.7-1.1.2.1.i386.rpm 3ff3a556dbeb5e230cfea37a09758a18 mozilla-nspr-1.7.7-1.1.2.1.i386.rpm 75596eac1b481ecbb2cec1b1395f9430 mozilla-nspr-devel-1.7.7-1.1.2.1.i386.rpm 283e705b2bf5b614bb2c06406bb3912d mozilla-nss-1.7.7-1.1.2.1.i386.rpm 8f1be6c41914a462802a7d08f9964dce mozilla-nss-devel-1.7.7-1.1.2.1.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/galeon-1.2.14-1.2.3.src.rpm 07d56551ec862e8f31a6de9ec9b46485 galeon-1.2.14-1.2.3.src.rpm ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mozilla-1.7.7-1.1.2.1.src.rpm 4b4ed11ca58571c793c613c4bdddb6cc mozilla-1.7.7-1.1.2.1.src.rpm i386: b1666209547c01469430edc30ad56eca galeon-1.2.14-1.2.3.i386.rpm 9c657d56f41bdf683c6e32ee7725f80e mozilla-1.7.7-1.1.2.1.i386.rpm 2790d364098c4967ccaaa2e066910f4d mozilla-chat-1.7.7-1.1.2.1.i386.rpm 2d962e0048ee7bf28fe46b10ff4f7995 mozilla-devel-1.7.7-1.1.2.1.i386.rpm cb841f2bca59e91836fb9fc789e71b7d mozilla-dom-inspector-1.7.7-1.1.2.1.i386.rpm 3065f5bbddfe2847d5086ec7a9fecf25 mozilla-js-debugger-1.7.7-1.1.2.1.i386.rpm 11a5bebb1e5a2bb03c91bc4af799c63f mozilla-mail-1.7.7-1.1.2.1.i386.rpm 3ff3a556dbeb5e230cfea37a09758a18 mozilla-nspr-1.7.7-1.1.2.1.i386.rpm 75596eac1b481ecbb2cec1b1395f9430 mozilla-nspr-devel-1.7.7-1.1.2.1.i386.rpm 283e705b2bf5b614bb2c06406bb3912d mozilla-nss-1.7.7-1.1.2.1.i386.rpm 8f1be6c41914a462802a7d08f9964dce mozilla-nss-devel-1.7.7-1.1.2.1.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mozilla-1.7.7-1.1.3.4.src.rpm 525e2ee941a69669a06b2522e3806f19 mozilla-1.7.7-1.1.3.4.src.rpm i386: 7c50a099153179bd7e827078bf14c83e mozilla-1.7.7-1.1.3.4.i386.rpm 670951ea2ecd2c7b5d1f25f731128e88 mozilla-chat-1.7.7-1.1.3.4.i386.rpm 43b9801777c7b6bc7864a21cb8ab4152 mozilla-devel-1.7.7-1.1.3.4.i386.rpm e0adc24c19a8ed053e83160639075b81 mozilla-dom-inspector-1.7.7-1.1.3.4.i386.rpm a6841f7b1d18f2c896dd9487996f62cb mozilla-js-debugger-1.7.7-1.1.3.4.i386.rpm 0c84662fa8f1e47a643c57df3da44030 mozilla-mail-1.7.7-1.1.3.4.i386.rpm 883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm 33471adde84e88497d856dfa3dffc92d mozilla-nspr-devel-1.7.7-1.1.3.4.i386.rpm 2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm 87ea0f26e60f94d7af5cfb163136582e mozilla-nss-devel-1.7.7-1.1.3.4.i386.rpm ia64: 9684baa99edfe6fc6f916ec9b5f28b50 mozilla-1.7.7-1.1.3.4.ia64.rpm c33f36bcbc038317150e760f67e41d3c mozilla-chat-1.7.7-1.1.3.4.ia64.rpm cd5961bd88a27043d983af13e1c5cef2 mozilla-devel-1.7.7-1.1.3.4.ia64.rpm d92e4f6402ff510254c35989d10c2089 mozilla-dom-inspector-1.7.7-1.1.3.4.ia64.rpm c858591aadf8c93e39fdf90fdef231a0 mozilla-js-debugger-1.7.7-1.1.3.4.ia64.rpm 33788ff7918c7f8f5d9fcfd460021145 mozilla-mail-1.7.7-1.1.3.4.ia64.rpm 52d0b70455ae9b8048f8c4b3c46d9118 mozilla-nspr-1.7.7-1.1.3.4.ia64.rpm 883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm 4ebb3bac874ee388f192613e89d534ea mozilla-nspr-devel-1.7.7-1.1.3.4.ia64.rpm d6605e746509e017cd1567eadc74c122 mozilla-nss-1.7.7-1.1.3.4.ia64.rpm 2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm 815c377c2b59e835043f6bf07e7f19fa mozilla-nss-devel-1.7.7-1.1.3.4.ia64.rpm ppc: 82ce3674b9d9db22222a8b72dd34061d mozilla-1.7.7-1.1.3.4.ppc.rpm 056b8f52aac99b70d84ded1620c95418 mozilla-chat-1.7.7-1.1.3.4.ppc.rpm 082833ec7036f4cb47d6b8ed7814fb54 mozilla-devel-1.7.7-1.1.3.4.ppc.rpm 9b5a4c1c00a8ef9fb9aa63cc175384d6 mozilla-dom-inspector-1.7.7-1.1.3.4.ppc.rpm f36d4cec9b4ac80f9e2fd785be5b6b23 mozilla-js-debugger-1.7.7-1.1.3.4.ppc.rpm 61106e7cb958bcd8a55e10589c8f1e29 mozilla-mail-1.7.7-1.1.3.4.ppc.rpm f41cb54d95bbcc44bfdf8a2dbf79b5d5 mozilla-nspr-1.7.7-1.1.3.4.ppc.rpm cb6ff101259cdf151f0f822f8ca7d44d mozilla-nspr-devel-1.7.7-1.1.3.4.ppc.rpm 7981a23fee3e9ef832e597e0dce30998 mozilla-nss-1.7.7-1.1.3.4.ppc.rpm c6661a837e3d72bec2b71c29cd71b8b9 mozilla-nss-devel-1.7.7-1.1.3.4.ppc.rpm s390: af2e3f29e3ea2b4bb148eecde6bcbbad mozilla-1.7.7-1.1.3.4.s390.rpm 8020d607c3d895e4df7f95727081b86c mozilla-chat-1.7.7-1.1.3.4.s390.rpm f0eb5fdee9ae6b5cc4f7b963442b2f03 mozilla-devel-1.7.7-1.1.3.4.s390.rpm 12c83501adae55a1566f7c30e621ca66 mozilla-dom-inspector-1.7.7-1.1.3.4.s390.rpm ff17631810875a25fc7c6830e9fe0a91 mozilla-js-debugger-1.7.7-1.1.3.4.s390.rpm 66f9bb37047ffeb94d10e3f2097b9f2e mozilla-mail-1.7.7-1.1.3.4.s390.rpm 7712acaf8bbf1dd5358f8cc320cf65a0 mozilla-nspr-1.7.7-1.1.3.4.s390.rpm 486f77b46386a97165388dc783fb39d0 mozilla-nspr-devel-1.7.7-1.1.3.4.s390.rpm 5e2c404600d52830bd877f43ebee10b1 mozilla-nss-1.7.7-1.1.3.4.s390.rpm c986626308a59c958bae9c57cdc41976 mozilla-nss-devel-1.7.7-1.1.3.4.s390.rpm s390x: cc71398c2c966c772557e475d7c1c87f mozilla-1.7.7-1.1.3.4.s390x.rpm 1c2d3e25a90bcfc349323755ded97980 mozilla-chat-1.7.7-1.1.3.4.s390x.rpm a628dee5c31f9751649a35c4e27d433a mozilla-devel-1.7.7-1.1.3.4.s390x.rpm 960fcdabcba69c0c5f522ebf595602ef mozilla-dom-inspector-1.7.7-1.1.3.4.s390x.rpm 85d780a2fcbddbd801a66199ad1b9963 mozilla-js-debugger-1.7.7-1.1.3.4.s390x.rpm d7ca7fdafffd021e48b5bb0b96f796fb mozilla-mail-1.7.7-1.1.3.4.s390x.rpm a64c95f8bd0a75495fe80e3aae854a8e mozilla-nspr-1.7.7-1.1.3.4.s390x.rpm 7712acaf8bbf1dd5358f8cc320cf65a0 mozilla-nspr-1.7.7-1.1.3.4.s390.rpm a1722ffbd1b54fa6afafce7715810e00 mozilla-nspr-devel-1.7.7-1.1.3.4.s390x.rpm 15f771ca3258ae5960ed88971fc5b068 mozilla-nss-1.7.7-1.1.3.4.s390x.rpm 5e2c404600d52830bd877f43ebee10b1 mozilla-nss-1.7.7-1.1.3.4.s390.rpm 2614becf48fa3034c34b817a9dfbb05e mozilla-nss-devel-1.7.7-1.1.3.4.s390x.rpm x86_64: ed19956043c95bec234e018203544860 mozilla-1.7.7-1.1.3.4.x86_64.rpm 7c50a099153179bd7e827078bf14c83e mozilla-1.7.7-1.1.3.4.i386.rpm 5677542c97ad598ebfc6df1889820e74 mozilla-chat-1.7.7-1.1.3.4.x86_64.rpm 8aa3920fbb6d18630efb9d03aa645e89 mozilla-devel-1.7.7-1.1.3.4.x86_64.rpm 168c85ac07b7b4c5f264c08d5dd38181 mozilla-dom-inspector-1.7.7-1.1.3.4.x86_64.rpm 9d8f08e81e14ddacb3b5da8c713cf853 mozilla-js-debugger-1.7.7-1.1.3.4.x86_64.rpm 91dfca37aa00624af1fed85f366a8536 mozilla-mail-1.7.7-1.1.3.4.x86_64.rpm 87250e5cf971736d8351f246a51398ca mozilla-nspr-1.7.7-1.1.3.4.x86_64.rpm 883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm cf03afb1121b772e306548f225c05c10 mozilla-nspr-devel-1.7.7-1.1.3.4.x86_64.rpm 75eb06b5cb399d672708d614d610e748 mozilla-nss-1.7.7-1.1.3.4.x86_64.rpm 2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm c84d40146508befb92293ca2e922a5cc mozilla-nss-devel-1.7.7-1.1.3.4.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mozilla-1.7.7-1.1.3.4.src.rpm 525e2ee941a69669a06b2522e3806f19 mozilla-1.7.7-1.1.3.4.src.rpm i386: 7c50a099153179bd7e827078bf14c83e mozilla-1.7.7-1.1.3.4.i386.rpm 670951ea2ecd2c7b5d1f25f731128e88 mozilla-chat-1.7.7-1.1.3.4.i386.rpm 43b9801777c7b6bc7864a21cb8ab4152 mozilla-devel-1.7.7-1.1.3.4.i386.rpm e0adc24c19a8ed053e83160639075b81 mozilla-dom-inspector-1.7.7-1.1.3.4.i386.rpm a6841f7b1d18f2c896dd9487996f62cb mozilla-js-debugger-1.7.7-1.1.3.4.i386.rpm 0c84662fa8f1e47a643c57df3da44030 mozilla-mail-1.7.7-1.1.3.4.i386.rpm 883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm 33471adde84e88497d856dfa3dffc92d mozilla-nspr-devel-1.7.7-1.1.3.4.i386.rpm 2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm 87ea0f26e60f94d7af5cfb163136582e mozilla-nss-devel-1.7.7-1.1.3.4.i386.rpm x86_64: ed19956043c95bec234e018203544860 mozilla-1.7.7-1.1.3.4.x86_64.rpm 7c50a099153179bd7e827078bf14c83e mozilla-1.7.7-1.1.3.4.i386.rpm 5677542c97ad598ebfc6df1889820e74 mozilla-chat-1.7.7-1.1.3.4.x86_64.rpm 8aa3920fbb6d18630efb9d03aa645e89 mozilla-devel-1.7.7-1.1.3.4.x86_64.rpm 168c85ac07b7b4c5f264c08d5dd38181 mozilla-dom-inspector-1.7.7-1.1.3.4.x86_64.rpm 9d8f08e81e14ddacb3b5da8c713cf853 mozilla-js-debugger-1.7.7-1.1.3.4.x86_64.rpm 91dfca37aa00624af1fed85f366a8536 mozilla-mail-1.7.7-1.1.3.4.x86_64.rpm 87250e5cf971736d8351f246a51398ca mozilla-nspr-1.7.7-1.1.3.4.x86_64.rpm 883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm cf03afb1121b772e306548f225c05c10 mozilla-nspr-devel-1.7.7-1.1.3.4.x86_64.rpm 75eb06b5cb399d672708d614d610e748 mozilla-nss-1.7.7-1.1.3.4.x86_64.rpm 2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm c84d40146508befb92293ca2e922a5cc mozilla-nss-devel-1.7.7-1.1.3.4.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mozilla-1.7.7-1.1.3.4.src.rpm 525e2ee941a69669a06b2522e3806f19 mozilla-1.7.7-1.1.3.4.src.rpm i386: 7c50a099153179bd7e827078bf14c83e mozilla-1.7.7-1.1.3.4.i386.rpm 670951ea2ecd2c7b5d1f25f731128e88 mozilla-chat-1.7.7-1.1.3.4.i386.rpm 43b9801777c7b6bc7864a21cb8ab4152 mozilla-devel-1.7.7-1.1.3.4.i386.rpm e0adc24c19a8ed053e83160639075b81 mozilla-dom-inspector-1.7.7-1.1.3.4.i386.rpm a6841f7b1d18f2c896dd9487996f62cb mozilla-js-debugger-1.7.7-1.1.3.4.i386.rpm 0c84662fa8f1e47a643c57df3da44030 mozilla-mail-1.7.7-1.1.3.4.i386.rpm 883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm 33471adde84e88497d856dfa3dffc92d mozilla-nspr-devel-1.7.7-1.1.3.4.i386.rpm 2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm 87ea0f26e60f94d7af5cfb163136582e mozilla-nss-devel-1.7.7-1.1.3.4.i386.rpm ia64: 9684baa99edfe6fc6f916ec9b5f28b50 mozilla-1.7.7-1.1.3.4.ia64.rpm c33f36bcbc038317150e760f67e41d3c mozilla-chat-1.7.7-1.1.3.4.ia64.rpm cd5961bd88a27043d983af13e1c5cef2 mozilla-devel-1.7.7-1.1.3.4.ia64.rpm d92e4f6402ff510254c35989d10c2089 mozilla-dom-inspector-1.7.7-1.1.3.4.ia64.rpm c858591aadf8c93e39fdf90fdef231a0 mozilla-js-debugger-1.7.7-1.1.3.4.ia64.rpm 33788ff7918c7f8f5d9fcfd460021145 mozilla-mail-1.7.7-1.1.3.4.ia64.rpm 52d0b70455ae9b8048f8c4b3c46d9118 mozilla-nspr-1.7.7-1.1.3.4.ia64.rpm 883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm 4ebb3bac874ee388f192613e89d534ea mozilla-nspr-devel-1.7.7-1.1.3.4.ia64.rpm d6605e746509e017cd1567eadc74c122 mozilla-nss-1.7.7-1.1.3.4.ia64.rpm 2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm 815c377c2b59e835043f6bf07e7f19fa mozilla-nss-devel-1.7.7-1.1.3.4.ia64.rpm x86_64: ed19956043c95bec234e018203544860 mozilla-1.7.7-1.1.3.4.x86_64.rpm 7c50a099153179bd7e827078bf14c83e mozilla-1.7.7-1.1.3.4.i386.rpm 5677542c97ad598ebfc6df1889820e74 mozilla-chat-1.7.7-1.1.3.4.x86_64.rpm 8aa3920fbb6d18630efb9d03aa645e89 mozilla-devel-1.7.7-1.1.3.4.x86_64.rpm 168c85ac07b7b4c5f264c08d5dd38181 mozilla-dom-inspector-1.7.7-1.1.3.4.x86_64.rpm 9d8f08e81e14ddacb3b5da8c713cf853 mozilla-js-debugger-1.7.7-1.1.3.4.x86_64.rpm 91dfca37aa00624af1fed85f366a8536 mozilla-mail-1.7.7-1.1.3.4.x86_64.rpm 87250e5cf971736d8351f246a51398ca mozilla-nspr-1.7.7-1.1.3.4.x86_64.rpm 883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm cf03afb1121b772e306548f225c05c10 mozilla-nspr-devel-1.7.7-1.1.3.4.x86_64.rpm 75eb06b5cb399d672708d614d610e748 mozilla-nss-1.7.7-1.1.3.4.x86_64.rpm 2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm c84d40146508befb92293ca2e922a5cc mozilla-nss-devel-1.7.7-1.1.3.4.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mozilla-1.7.7-1.1.3.4.src.rpm 525e2ee941a69669a06b2522e3806f19 mozilla-1.7.7-1.1.3.4.src.rpm i386: 7c50a099153179bd7e827078bf14c83e mozilla-1.7.7-1.1.3.4.i386.rpm 670951ea2ecd2c7b5d1f25f731128e88 mozilla-chat-1.7.7-1.1.3.4.i386.rpm 43b9801777c7b6bc7864a21cb8ab4152 mozilla-devel-1.7.7-1.1.3.4.i386.rpm e0adc24c19a8ed053e83160639075b81 mozilla-dom-inspector-1.7.7-1.1.3.4.i386.rpm a6841f7b1d18f2c896dd9487996f62cb mozilla-js-debugger-1.7.7-1.1.3.4.i386.rpm 0c84662fa8f1e47a643c57df3da44030 mozilla-mail-1.7.7-1.1.3.4.i386.rpm 883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm 33471adde84e88497d856dfa3dffc92d mozilla-nspr-devel-1.7.7-1.1.3.4.i386.rpm 2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm 87ea0f26e60f94d7af5cfb163136582e mozilla-nss-devel-1.7.7-1.1.3.4.i386.rpm ia64: 9684baa99edfe6fc6f916ec9b5f28b50 mozilla-1.7.7-1.1.3.4.ia64.rpm c33f36bcbc038317150e760f67e41d3c mozilla-chat-1.7.7-1.1.3.4.ia64.rpm cd5961bd88a27043d983af13e1c5cef2 mozilla-devel-1.7.7-1.1.3.4.ia64.rpm d92e4f6402ff510254c35989d10c2089 mozilla-dom-inspector-1.7.7-1.1.3.4.ia64.rpm c858591aadf8c93e39fdf90fdef231a0 mozilla-js-debugger-1.7.7-1.1.3.4.ia64.rpm 33788ff7918c7f8f5d9fcfd460021145 mozilla-mail-1.7.7-1.1.3.4.ia64.rpm 52d0b70455ae9b8048f8c4b3c46d9118 mozilla-nspr-1.7.7-1.1.3.4.ia64.rpm 883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm 4ebb3bac874ee388f192613e89d534ea mozilla-nspr-devel-1.7.7-1.1.3.4.ia64.rpm d6605e746509e017cd1567eadc74c122 mozilla-nss-1.7.7-1.1.3.4.ia64.rpm 2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm 815c377c2b59e835043f6bf07e7f19fa mozilla-nss-devel-1.7.7-1.1.3.4.ia64.rpm x86_64: ed19956043c95bec234e018203544860 mozilla-1.7.7-1.1.3.4.x86_64.rpm 7c50a099153179bd7e827078bf14c83e mozilla-1.7.7-1.1.3.4.i386.rpm 5677542c97ad598ebfc6df1889820e74 mozilla-chat-1.7.7-1.1.3.4.x86_64.rpm 8aa3920fbb6d18630efb9d03aa645e89 mozilla-devel-1.7.7-1.1.3.4.x86_64.rpm 168c85ac07b7b4c5f264c08d5dd38181 mozilla-dom-inspector-1.7.7-1.1.3.4.x86_64.rpm 9d8f08e81e14ddacb3b5da8c713cf853 mozilla-js-debugger-1.7.7-1.1.3.4.x86_64.rpm 91dfca37aa00624af1fed85f366a8536 mozilla-mail-1.7.7-1.1.3.4.x86_64.rpm 87250e5cf971736d8351f246a51398ca mozilla-nspr-1.7.7-1.1.3.4.x86_64.rpm 883d4402fc93a9d7bc625770a283d50a mozilla-nspr-1.7.7-1.1.3.4.i386.rpm cf03afb1121b772e306548f225c05c10 mozilla-nspr-devel-1.7.7-1.1.3.4.x86_64.rpm 75eb06b5cb399d672708d614d610e748 mozilla-nss-1.7.7-1.1.3.4.x86_64.rpm 2de53f7f4895fb721497434e005a3d55 mozilla-nss-1.7.7-1.1.3.4.i386.rpm c84d40146508befb92293ca2e922a5cc mozilla-nss-devel-1.7.7-1.1.3.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1156 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0527 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0578 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0584 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0585 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0586 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0588 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0591 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0593 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0989 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1153 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1156 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1157 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1160 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCcTWsXlSAg2UNWIIRAv0+AJ9juypcelIXCj9HLCEpdzfQpoEAmgCfeUJo sbDkFZLCI8+LoMBHOWLt5Do= =UE8k -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Apr 28 19:13:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 28 Apr 2005 15:13 -0400 Subject: [RHSA-2005:405-01] Moderate: PHP security update Message-ID: <200504281913.j3SJDSZ26698@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: PHP security update Advisory ID: RHSA-2005:405-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-405.html Issue date: 2005-04-28 Updated on: 2005-04-28 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-1392 CAN-2005-0524 CAN-2005-0525 CAN-2005-1042 CAN-2005-1043 - --------------------------------------------------------------------- 1. Summary: Updated PHP packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was found in the way PHP processes IFF and JPEG images. It is possible to cause PHP to consume CPU resources for a short period of time by supplying a carefully crafted IFF or JPEG image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0524 and CAN-2005-0525 to these issues. A buffer overflow bug was also found in the way PHP processes EXIF image headers. It is possible for an attacker to construct an image file in such a way that it could execute arbitrary instructions when processed by PHP. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1042 to this issue. A denial of service bug was found in the way PHP processes EXIF image headers. It is possible for an attacker to cause PHP to enter an infinite loop for a short period of time by supplying a carefully crafted image file to PHP for processing. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1043 to this issue. Several bug fixes are also included in this update: - - The security fixes in RHSA-2004-687 to the "unserializer" code introduced some performance issues. - - In the gd extension, the "imagecopymerge" function did not correctly handle transparency. The original image was being obscured in the resultant image. - - In the curl extension, safe mode was not enforced for 'file:///' URL lookups (CAN-2004-1392). Users of PHP should upgrade to these updated packages, which contain backported fixes for these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 145436 - PHP pages slow, HTTPD eating cpu 147808 - php curl open_basedir bypass 149873 - make PHP oci8 driver support Oracle Instant Client RPM 149946 - PHP GD ImageCopyMerge broken 153140 - CAN-2005-0524 PHP getimagesize() Multiple Denial of Service Vulnerabilities CAN-2005-0525 154021 - CAN-2005-1042 PHP exif buffer overflow 154025 - CAN-2005-1043 PHP exif infinite stack recursion 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/php-4.3.2-23.ent.src.rpm 58f0cca1256d18f4146f2ec006dc4fd5 php-4.3.2-23.ent.src.rpm i386: 90b3771b6440bd401c5c33d915806fc4 php-4.3.2-23.ent.i386.rpm fb284c7c36219ac32f9a8adee7c13d4c php-devel-4.3.2-23.ent.i386.rpm 6ca14b0b08f188e34e833017affe5a2e php-imap-4.3.2-23.ent.i386.rpm ee3952c56bc244a825035f7e7facda68 php-ldap-4.3.2-23.ent.i386.rpm bbe31e769f917c47da06b6f864bd4d0f php-mysql-4.3.2-23.ent.i386.rpm dd9118b190805f299c24a3e3e5154cd4 php-odbc-4.3.2-23.ent.i386.rpm 28b2599fcc44d5cff95670fd29cb49ce php-pgsql-4.3.2-23.ent.i386.rpm ia64: ae30b9198b8908dd0e42e54f5cc094e5 php-4.3.2-23.ent.ia64.rpm c02c359cf20fc772088e9d1df5549d8b php-devel-4.3.2-23.ent.ia64.rpm 2506f030c45ddb1ccc6ddce44e17fc08 php-imap-4.3.2-23.ent.ia64.rpm 0529fd8d9cbc47d16d5f3f81639b985f php-ldap-4.3.2-23.ent.ia64.rpm f39b5fcc428e67a85d3ea91de36c0f0f php-mysql-4.3.2-23.ent.ia64.rpm 7f72f5cca6c29fa56e71641fa60aa133 php-odbc-4.3.2-23.ent.ia64.rpm 0df7c3e84d8b818565a30a11e5303b6d php-pgsql-4.3.2-23.ent.ia64.rpm ppc: 1d106837f13833934d36cd40b1656a31 php-4.3.2-23.ent.ppc.rpm 3a490c937d75c426adad35e2a28f308d php-devel-4.3.2-23.ent.ppc.rpm 048861f82d2596f722bd1af0edb43e2c php-imap-4.3.2-23.ent.ppc.rpm 48838c0212c8647f4e13f0a8bd13924b php-ldap-4.3.2-23.ent.ppc.rpm 8d414fd1c5cc0b8f847d2aec8a7c5cdd php-mysql-4.3.2-23.ent.ppc.rpm de5cccba75b024dc074b0e532cc8da62 php-odbc-4.3.2-23.ent.ppc.rpm 33c39c6dde048b7ee2b86ffd00cca63b php-pgsql-4.3.2-23.ent.ppc.rpm s390: de50da7e22ae20bcc603c5a15fd21c61 php-4.3.2-23.ent.s390.rpm f88a6cd9638f37243f9195474b0a621c php-devel-4.3.2-23.ent.s390.rpm 44908647a1bf7b8699004eab78641d85 php-imap-4.3.2-23.ent.s390.rpm 061712561bf04e2177608f9723d6fd68 php-ldap-4.3.2-23.ent.s390.rpm 2578b30d28ee9248d49d559b05f79a66 php-mysql-4.3.2-23.ent.s390.rpm 0a1073d9e67bd75ad884b0c984789d8f php-odbc-4.3.2-23.ent.s390.rpm ce8aba6f8f7e5daebffb85f5b3917e47 php-pgsql-4.3.2-23.ent.s390.rpm s390x: 30126ffe1094416d939a7aff262fc5ce php-4.3.2-23.ent.s390x.rpm 8dcced2d4c6a2a7c0418957852f8468b php-devel-4.3.2-23.ent.s390x.rpm 1306bcf14591153e6cb1063c27fad644 php-imap-4.3.2-23.ent.s390x.rpm 48e652c080759211c0b9365577a3b6b7 php-ldap-4.3.2-23.ent.s390x.rpm 41ddbec77c5d9654544291aeae04658f php-mysql-4.3.2-23.ent.s390x.rpm 56a28dffb575117d3299e5bf3b73a106 php-odbc-4.3.2-23.ent.s390x.rpm 39acc8cd2e58ea675485e6d7c17b54cc php-pgsql-4.3.2-23.ent.s390x.rpm x86_64: c65c9126a358d58c66caf072cef65ecd php-4.3.2-23.ent.x86_64.rpm c0a73dfa0b22cec4b3d1ecaaa37fc26d php-devel-4.3.2-23.ent.x86_64.rpm ec5f608371824dc3306738f6d51c9677 php-imap-4.3.2-23.ent.x86_64.rpm 4f4229af5ccdca0feda092dba5d50ea7 php-ldap-4.3.2-23.ent.x86_64.rpm 4e902c4400e3d472df8d5dbc6c8126d2 php-mysql-4.3.2-23.ent.x86_64.rpm 93a762b570dea3a35a8461a3ad43632c php-odbc-4.3.2-23.ent.x86_64.rpm be166ccd9909d1eba95d3fadc0aad6a3 php-pgsql-4.3.2-23.ent.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/php-4.3.2-23.ent.src.rpm 58f0cca1256d18f4146f2ec006dc4fd5 php-4.3.2-23.ent.src.rpm i386: 90b3771b6440bd401c5c33d915806fc4 php-4.3.2-23.ent.i386.rpm fb284c7c36219ac32f9a8adee7c13d4c php-devel-4.3.2-23.ent.i386.rpm 6ca14b0b08f188e34e833017affe5a2e php-imap-4.3.2-23.ent.i386.rpm ee3952c56bc244a825035f7e7facda68 php-ldap-4.3.2-23.ent.i386.rpm bbe31e769f917c47da06b6f864bd4d0f php-mysql-4.3.2-23.ent.i386.rpm dd9118b190805f299c24a3e3e5154cd4 php-odbc-4.3.2-23.ent.i386.rpm 28b2599fcc44d5cff95670fd29cb49ce php-pgsql-4.3.2-23.ent.i386.rpm x86_64: c65c9126a358d58c66caf072cef65ecd php-4.3.2-23.ent.x86_64.rpm c0a73dfa0b22cec4b3d1ecaaa37fc26d php-devel-4.3.2-23.ent.x86_64.rpm ec5f608371824dc3306738f6d51c9677 php-imap-4.3.2-23.ent.x86_64.rpm 4f4229af5ccdca0feda092dba5d50ea7 php-ldap-4.3.2-23.ent.x86_64.rpm 4e902c4400e3d472df8d5dbc6c8126d2 php-mysql-4.3.2-23.ent.x86_64.rpm 93a762b570dea3a35a8461a3ad43632c php-odbc-4.3.2-23.ent.x86_64.rpm be166ccd9909d1eba95d3fadc0aad6a3 php-pgsql-4.3.2-23.ent.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/php-4.3.2-23.ent.src.rpm 58f0cca1256d18f4146f2ec006dc4fd5 php-4.3.2-23.ent.src.rpm i386: 90b3771b6440bd401c5c33d915806fc4 php-4.3.2-23.ent.i386.rpm fb284c7c36219ac32f9a8adee7c13d4c php-devel-4.3.2-23.ent.i386.rpm 6ca14b0b08f188e34e833017affe5a2e php-imap-4.3.2-23.ent.i386.rpm ee3952c56bc244a825035f7e7facda68 php-ldap-4.3.2-23.ent.i386.rpm bbe31e769f917c47da06b6f864bd4d0f php-mysql-4.3.2-23.ent.i386.rpm dd9118b190805f299c24a3e3e5154cd4 php-odbc-4.3.2-23.ent.i386.rpm 28b2599fcc44d5cff95670fd29cb49ce php-pgsql-4.3.2-23.ent.i386.rpm ia64: ae30b9198b8908dd0e42e54f5cc094e5 php-4.3.2-23.ent.ia64.rpm c02c359cf20fc772088e9d1df5549d8b php-devel-4.3.2-23.ent.ia64.rpm 2506f030c45ddb1ccc6ddce44e17fc08 php-imap-4.3.2-23.ent.ia64.rpm 0529fd8d9cbc47d16d5f3f81639b985f php-ldap-4.3.2-23.ent.ia64.rpm f39b5fcc428e67a85d3ea91de36c0f0f php-mysql-4.3.2-23.ent.ia64.rpm 7f72f5cca6c29fa56e71641fa60aa133 php-odbc-4.3.2-23.ent.ia64.rpm 0df7c3e84d8b818565a30a11e5303b6d php-pgsql-4.3.2-23.ent.ia64.rpm x86_64: c65c9126a358d58c66caf072cef65ecd php-4.3.2-23.ent.x86_64.rpm c0a73dfa0b22cec4b3d1ecaaa37fc26d php-devel-4.3.2-23.ent.x86_64.rpm ec5f608371824dc3306738f6d51c9677 php-imap-4.3.2-23.ent.x86_64.rpm 4f4229af5ccdca0feda092dba5d50ea7 php-ldap-4.3.2-23.ent.x86_64.rpm 4e902c4400e3d472df8d5dbc6c8126d2 php-mysql-4.3.2-23.ent.x86_64.rpm 93a762b570dea3a35a8461a3ad43632c php-odbc-4.3.2-23.ent.x86_64.rpm be166ccd9909d1eba95d3fadc0aad6a3 php-pgsql-4.3.2-23.ent.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/php-4.3.2-23.ent.src.rpm 58f0cca1256d18f4146f2ec006dc4fd5 php-4.3.2-23.ent.src.rpm i386: 90b3771b6440bd401c5c33d915806fc4 php-4.3.2-23.ent.i386.rpm fb284c7c36219ac32f9a8adee7c13d4c php-devel-4.3.2-23.ent.i386.rpm 6ca14b0b08f188e34e833017affe5a2e php-imap-4.3.2-23.ent.i386.rpm ee3952c56bc244a825035f7e7facda68 php-ldap-4.3.2-23.ent.i386.rpm bbe31e769f917c47da06b6f864bd4d0f php-mysql-4.3.2-23.ent.i386.rpm dd9118b190805f299c24a3e3e5154cd4 php-odbc-4.3.2-23.ent.i386.rpm 28b2599fcc44d5cff95670fd29cb49ce php-pgsql-4.3.2-23.ent.i386.rpm ia64: ae30b9198b8908dd0e42e54f5cc094e5 php-4.3.2-23.ent.ia64.rpm c02c359cf20fc772088e9d1df5549d8b php-devel-4.3.2-23.ent.ia64.rpm 2506f030c45ddb1ccc6ddce44e17fc08 php-imap-4.3.2-23.ent.ia64.rpm 0529fd8d9cbc47d16d5f3f81639b985f php-ldap-4.3.2-23.ent.ia64.rpm f39b5fcc428e67a85d3ea91de36c0f0f php-mysql-4.3.2-23.ent.ia64.rpm 7f72f5cca6c29fa56e71641fa60aa133 php-odbc-4.3.2-23.ent.ia64.rpm 0df7c3e84d8b818565a30a11e5303b6d php-pgsql-4.3.2-23.ent.ia64.rpm x86_64: c65c9126a358d58c66caf072cef65ecd php-4.3.2-23.ent.x86_64.rpm c0a73dfa0b22cec4b3d1ecaaa37fc26d php-devel-4.3.2-23.ent.x86_64.rpm ec5f608371824dc3306738f6d51c9677 php-imap-4.3.2-23.ent.x86_64.rpm 4f4229af5ccdca0feda092dba5d50ea7 php-ldap-4.3.2-23.ent.x86_64.rpm 4e902c4400e3d472df8d5dbc6c8126d2 php-mysql-4.3.2-23.ent.x86_64.rpm 93a762b570dea3a35a8461a3ad43632c php-odbc-4.3.2-23.ent.x86_64.rpm be166ccd9909d1eba95d3fadc0aad6a3 php-pgsql-4.3.2-23.ent.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0524 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0525 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1042 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1043 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCcTXOXlSAg2UNWIIRAnfgAJ4vRFTtMW/dOyRTzYzHJWQ790F33ACfR5iL xKCJFeaQ3VyxJ0FYEYgVY/I= =1CJU -----END PGP SIGNATURE-----