From bugzilla at redhat.com Wed Aug 3 14:20:04 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 3 Aug 2005 10:20:04 -0400 Subject: [RHSA-2005:583-01] Low: dump security update Message-ID: <200508031420.j73EK4Dq006073@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: dump security update Advisory ID: RHSA-2005:583-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-583.html Issue date: 2005-08-03 Updated on: 2005-08-03 Product: Red Hat Enterprise Linux CVE Names: CAN-2002-1914 - --------------------------------------------------------------------- 1. Summary: Updated dump packages that address two security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: Dump examines files in a file system, determines which ones need to be backed up, and copies those files to a specified disk, tape, or other storage medium. A flaw was found with dump file locking. A malicious local user could manipulate the file lock in such a way as to prevent dump from running. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2002-1914 to this issue. Users of dump should upgrade to these erratum packages, which contain a patch to resolve this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 162903 - CAN-2002-1914 dump denial of service 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/dump-0.4b25-1.72.2.src.rpm a2105338ff2279973bcec74ea8dd96dd dump-0.4b25-1.72.2.src.rpm i386: b14ad2aef495fd52b2bfa8501147a86c dump-0.4b25-1.72.2.i386.rpm 1d658c6130d9b317456b56b6e21acd42 rmt-0.4b25-1.72.2.i386.rpm ia64: ace0b517d6b4d26fdfc40744368053cd dump-0.4b25-1.72.2.ia64.rpm f6ed788f99e81abdde859cbb4dabe1fb rmt-0.4b25-1.72.2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/dump-0.4b25-1.72.2.src.rpm a2105338ff2279973bcec74ea8dd96dd dump-0.4b25-1.72.2.src.rpm ia64: ace0b517d6b4d26fdfc40744368053cd dump-0.4b25-1.72.2.ia64.rpm f6ed788f99e81abdde859cbb4dabe1fb rmt-0.4b25-1.72.2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/dump-0.4b25-1.72.2.src.rpm a2105338ff2279973bcec74ea8dd96dd dump-0.4b25-1.72.2.src.rpm i386: b14ad2aef495fd52b2bfa8501147a86c dump-0.4b25-1.72.2.i386.rpm 1d658c6130d9b317456b56b6e21acd42 rmt-0.4b25-1.72.2.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/dump-0.4b25-1.72.2.src.rpm a2105338ff2279973bcec74ea8dd96dd dump-0.4b25-1.72.2.src.rpm i386: b14ad2aef495fd52b2bfa8501147a86c dump-0.4b25-1.72.2.i386.rpm 1d658c6130d9b317456b56b6e21acd42 rmt-0.4b25-1.72.2.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://marc.theaimsgroup.com/?l=bugtraq&m=102701096228027 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1914 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFC8NKEXlSAg2UNWIIRAq/2AKCPo/D5qz0OYg676/LC6om5HdNqSQCePbG1 HcvBRJT3mapjTOgxhvmVFEg= =yZqd -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 3 14:20:42 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 3 Aug 2005 10:20:42 -0400 Subject: [RHSA-2005:595-01] Moderate: SquirrelMail security update Message-ID: <200508031420.j73EKgkt006871@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: SquirrelMail security update Advisory ID: RHSA-2005:595-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-595.html Issue date: 2005-08-03 Updated on: 2005-08-03 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2095 CAN-2005-1769 - --------------------------------------------------------------------- 1. Summary: An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - noarch Red Hat Desktop version 3 - noarch Red Hat Enterprise Linux ES version 3 - noarch Red Hat Enterprise Linux WS version 3 - noarch Red Hat Enterprise Linux AS version 4 - noarch Red Hat Enterprise Linux Desktop version 4 - noarch Red Hat Enterprise Linux ES version 4 - noarch Red Hat Enterprise Linux WS version 4 - noarch 3. Problem description: SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail handled the $_POST variable. A user's SquirrelMail preferences could be read or modified if the user is tricked into visiting a malicious URL. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2095 to this issue. Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary Javascript or HTML content into SquirrelMail pages by tricking a user into visiting a carefully crafted URL, or by sending them a carefully constructed HTML email message. (CAN-2005-1769) All users of SquirrelMail should upgrade to this updated package, which contains backported patches that resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ Additionally, users will have to bring up the "Network Proxy" dialog and reset their keys for the settings to take place. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 160241 - CAN-2005-1769 Multiple XSS issues in squirrelmail 162275 - CAN-2005-2095 squirrelmail cross site posting issue 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squirrelmail-1.4.3a-10.EL3.src.rpm ba88d8cade37412c5abda4e5c4660b18 squirrelmail-1.4.3a-10.EL3.src.rpm noarch: 78615d9edfaa42e09f81267778e121ed squirrelmail-1.4.3a-10.EL3.noarch.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squirrelmail-1.4.3a-10.EL3.src.rpm ba88d8cade37412c5abda4e5c4660b18 squirrelmail-1.4.3a-10.EL3.src.rpm noarch: 78615d9edfaa42e09f81267778e121ed squirrelmail-1.4.3a-10.EL3.noarch.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squirrelmail-1.4.3a-10.EL3.src.rpm ba88d8cade37412c5abda4e5c4660b18 squirrelmail-1.4.3a-10.EL3.src.rpm noarch: 78615d9edfaa42e09f81267778e121ed squirrelmail-1.4.3a-10.EL3.noarch.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squirrelmail-1.4.3a-10.EL3.src.rpm ba88d8cade37412c5abda4e5c4660b18 squirrelmail-1.4.3a-10.EL3.src.rpm noarch: 78615d9edfaa42e09f81267778e121ed squirrelmail-1.4.3a-10.EL3.noarch.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/squirrelmail-1.4.3a-11.EL4.src.rpm 4abd471bd12dce975d68297c2a82837f squirrelmail-1.4.3a-11.EL4.src.rpm noarch: b19badf585b022e32acd1a546b624e1b squirrelmail-1.4.3a-11.EL4.noarch.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/squirrelmail-1.4.3a-11.EL4.src.rpm 4abd471bd12dce975d68297c2a82837f squirrelmail-1.4.3a-11.EL4.src.rpm noarch: b19badf585b022e32acd1a546b624e1b squirrelmail-1.4.3a-11.EL4.noarch.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/squirrelmail-1.4.3a-11.EL4.src.rpm 4abd471bd12dce975d68297c2a82837f squirrelmail-1.4.3a-11.EL4.src.rpm noarch: b19badf585b022e32acd1a546b624e1b squirrelmail-1.4.3a-11.EL4.noarch.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/squirrelmail-1.4.3a-11.EL4.src.rpm 4abd471bd12dce975d68297c2a82837f squirrelmail-1.4.3a-11.EL4.src.rpm noarch: b19badf585b022e32acd1a546b624e1b squirrelmail-1.4.3a-11.EL4.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1769 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFC8NKhXlSAg2UNWIIRAhiIAJ93pFUqnzs4hgL8ifFab+OCBV8sFACffwNh kwGNzkAf41IVMhsGqiYX7F4= =wa0R -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Aug 5 13:47:47 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 5 Aug 2005 09:47:47 -0400 Subject: [RHSA-2005:543-01] Moderate: ruby security update Message-ID: <200508051347.j75DlmAZ031946@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: ruby security update Advisory ID: RHSA-2005:543-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-543.html Issue date: 2005-08-05 Updated on: 2005-08-05 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-1992 - --------------------------------------------------------------------- 1. Summary: Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way Ruby launched an XMLRPC server. If an XMLRPC server is launched in a certain way, it becomes possible for a remote attacker to execute arbitrary commands within the XMLRPC server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1992 to this issue. Users of Ruby should update to these erratum packages, which contain a backported patch and are not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 161095 - CAN-2005-1992 ruby arbitrary command execution on XMLRPC server 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ruby-1.8.1-7.EL4.1.src.rpm 31372062f0d881ce2c91e2d187b029d5 ruby-1.8.1-7.EL4.1.src.rpm i386: b9ab29ce32e70dd5471de91560bdd4f6 irb-1.8.1-7.EL4.1.i386.rpm eba2cc72188020b2b9bbc5bbde939bb8 ruby-1.8.1-7.EL4.1.i386.rpm 4257ac1ab4709dfa464f81054bd12c39 ruby-devel-1.8.1-7.EL4.1.i386.rpm dedecf5621f2859495d52f0b02282841 ruby-docs-1.8.1-7.EL4.1.i386.rpm f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm c380cbac78da65fbb897c646cb3b5459 ruby-mode-1.8.1-7.EL4.1.i386.rpm e9e56dd4415929b52a4c90d6839659b9 ruby-tcltk-1.8.1-7.EL4.1.i386.rpm ia64: ed8843b0bfe19091e0c533d8db33196c irb-1.8.1-7.EL4.1.ia64.rpm 4c5ce3e8cbb7c57cee6f66849fc763cc ruby-1.8.1-7.EL4.1.ia64.rpm 34e76823bfaeda823383bde64d0df4e0 ruby-devel-1.8.1-7.EL4.1.ia64.rpm 21647391f11e72744b0be03dc8028602 ruby-docs-1.8.1-7.EL4.1.ia64.rpm f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm b4073db97e76467866f7d85a45765595 ruby-libs-1.8.1-7.EL4.1.ia64.rpm fa21b028a1b2a5799def731cb846b344 ruby-mode-1.8.1-7.EL4.1.ia64.rpm 193f81cc54cf1227b139a6e5ac119ea6 ruby-tcltk-1.8.1-7.EL4.1.ia64.rpm ppc: beb4d0fdf8d2f5f38651eba62dd6ba9e irb-1.8.1-7.EL4.1.ppc.rpm d8ed91625d984f15bd6c9b352e54aaec ruby-1.8.1-7.EL4.1.ppc.rpm cc105ec506abbd823bf8dc80fb7cec08 ruby-devel-1.8.1-7.EL4.1.ppc.rpm 51920db16a6ee64764898987d2026448 ruby-docs-1.8.1-7.EL4.1.ppc.rpm b0c61ce2d92fc642e9b6d52c66e8040e ruby-libs-1.8.1-7.EL4.1.ppc.rpm a46badf51f3138a6620391f246729b0f ruby-libs-1.8.1-7.EL4.1.ppc64.rpm 25c298da4b472459db1fc2b40c8db701 ruby-mode-1.8.1-7.EL4.1.ppc.rpm 60271fc79cbdff10cf5cb1ef722a39bd ruby-tcltk-1.8.1-7.EL4.1.ppc.rpm s390: 04aa2db064a7a762e5389b235b5daa91 irb-1.8.1-7.EL4.1.s390.rpm f72f12eed8b173cb92bb511b1dbf3302 ruby-1.8.1-7.EL4.1.s390.rpm 6f86c9e7b69193900f580ede127b60b2 ruby-devel-1.8.1-7.EL4.1.s390.rpm 0b7143547b88db11492d4864cb701880 ruby-docs-1.8.1-7.EL4.1.s390.rpm 243c6aaea67f84a658fab8b8c31244db ruby-libs-1.8.1-7.EL4.1.s390.rpm 40cdfa4be97de9aad1a6a9da689c059a ruby-mode-1.8.1-7.EL4.1.s390.rpm f2e934e2ebfdf5a6191106aec522a892 ruby-tcltk-1.8.1-7.EL4.1.s390.rpm s390x: 11a8a4d354b51334138a0ea477bb4fd7 irb-1.8.1-7.EL4.1.s390x.rpm f02bb4e23c656ab468d1537c1190a61c ruby-1.8.1-7.EL4.1.s390x.rpm 63139e897479ddaf3e054e59fcd08526 ruby-devel-1.8.1-7.EL4.1.s390x.rpm 3e6448faa84b800efa597db361263727 ruby-docs-1.8.1-7.EL4.1.s390x.rpm 243c6aaea67f84a658fab8b8c31244db ruby-libs-1.8.1-7.EL4.1.s390.rpm cc7f3c4f5c0435cc6120a12781b2d5d4 ruby-libs-1.8.1-7.EL4.1.s390x.rpm c9ea680fbc08965381d30fe5bb471da0 ruby-mode-1.8.1-7.EL4.1.s390x.rpm 295e384de3ce95eb0f0bcdaeda286d8d ruby-tcltk-1.8.1-7.EL4.1.s390x.rpm x86_64: bc12397f3bb00edddf14f64f74ab67ba irb-1.8.1-7.EL4.1.x86_64.rpm b26063e6a2aa63710e6944d5bb79b453 ruby-1.8.1-7.EL4.1.x86_64.rpm 427f4782a84142f57a1af1b7c61cdf9d ruby-devel-1.8.1-7.EL4.1.x86_64.rpm f0c0d0ea9a30b3d3f66dfd8373e9b499 ruby-docs-1.8.1-7.EL4.1.x86_64.rpm f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm 1725ca62b635102dfcbb093227acb20c ruby-libs-1.8.1-7.EL4.1.x86_64.rpm 8cc745ce2f953090fb82ba0b85a0b63c ruby-mode-1.8.1-7.EL4.1.x86_64.rpm 4bb79c1c55987a45937382465bc4522f ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ruby-1.8.1-7.EL4.1.src.rpm 31372062f0d881ce2c91e2d187b029d5 ruby-1.8.1-7.EL4.1.src.rpm i386: b9ab29ce32e70dd5471de91560bdd4f6 irb-1.8.1-7.EL4.1.i386.rpm eba2cc72188020b2b9bbc5bbde939bb8 ruby-1.8.1-7.EL4.1.i386.rpm 4257ac1ab4709dfa464f81054bd12c39 ruby-devel-1.8.1-7.EL4.1.i386.rpm dedecf5621f2859495d52f0b02282841 ruby-docs-1.8.1-7.EL4.1.i386.rpm f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm c380cbac78da65fbb897c646cb3b5459 ruby-mode-1.8.1-7.EL4.1.i386.rpm e9e56dd4415929b52a4c90d6839659b9 ruby-tcltk-1.8.1-7.EL4.1.i386.rpm x86_64: bc12397f3bb00edddf14f64f74ab67ba irb-1.8.1-7.EL4.1.x86_64.rpm b26063e6a2aa63710e6944d5bb79b453 ruby-1.8.1-7.EL4.1.x86_64.rpm 427f4782a84142f57a1af1b7c61cdf9d ruby-devel-1.8.1-7.EL4.1.x86_64.rpm f0c0d0ea9a30b3d3f66dfd8373e9b499 ruby-docs-1.8.1-7.EL4.1.x86_64.rpm f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm 1725ca62b635102dfcbb093227acb20c ruby-libs-1.8.1-7.EL4.1.x86_64.rpm 8cc745ce2f953090fb82ba0b85a0b63c ruby-mode-1.8.1-7.EL4.1.x86_64.rpm 4bb79c1c55987a45937382465bc4522f ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ruby-1.8.1-7.EL4.1.src.rpm 31372062f0d881ce2c91e2d187b029d5 ruby-1.8.1-7.EL4.1.src.rpm i386: b9ab29ce32e70dd5471de91560bdd4f6 irb-1.8.1-7.EL4.1.i386.rpm eba2cc72188020b2b9bbc5bbde939bb8 ruby-1.8.1-7.EL4.1.i386.rpm 4257ac1ab4709dfa464f81054bd12c39 ruby-devel-1.8.1-7.EL4.1.i386.rpm dedecf5621f2859495d52f0b02282841 ruby-docs-1.8.1-7.EL4.1.i386.rpm f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm c380cbac78da65fbb897c646cb3b5459 ruby-mode-1.8.1-7.EL4.1.i386.rpm e9e56dd4415929b52a4c90d6839659b9 ruby-tcltk-1.8.1-7.EL4.1.i386.rpm ia64: ed8843b0bfe19091e0c533d8db33196c irb-1.8.1-7.EL4.1.ia64.rpm 4c5ce3e8cbb7c57cee6f66849fc763cc ruby-1.8.1-7.EL4.1.ia64.rpm 34e76823bfaeda823383bde64d0df4e0 ruby-devel-1.8.1-7.EL4.1.ia64.rpm 21647391f11e72744b0be03dc8028602 ruby-docs-1.8.1-7.EL4.1.ia64.rpm f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm b4073db97e76467866f7d85a45765595 ruby-libs-1.8.1-7.EL4.1.ia64.rpm fa21b028a1b2a5799def731cb846b344 ruby-mode-1.8.1-7.EL4.1.ia64.rpm 193f81cc54cf1227b139a6e5ac119ea6 ruby-tcltk-1.8.1-7.EL4.1.ia64.rpm x86_64: bc12397f3bb00edddf14f64f74ab67ba irb-1.8.1-7.EL4.1.x86_64.rpm b26063e6a2aa63710e6944d5bb79b453 ruby-1.8.1-7.EL4.1.x86_64.rpm 427f4782a84142f57a1af1b7c61cdf9d ruby-devel-1.8.1-7.EL4.1.x86_64.rpm f0c0d0ea9a30b3d3f66dfd8373e9b499 ruby-docs-1.8.1-7.EL4.1.x86_64.rpm f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm 1725ca62b635102dfcbb093227acb20c ruby-libs-1.8.1-7.EL4.1.x86_64.rpm 8cc745ce2f953090fb82ba0b85a0b63c ruby-mode-1.8.1-7.EL4.1.x86_64.rpm 4bb79c1c55987a45937382465bc4522f ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ruby-1.8.1-7.EL4.1.src.rpm 31372062f0d881ce2c91e2d187b029d5 ruby-1.8.1-7.EL4.1.src.rpm i386: b9ab29ce32e70dd5471de91560bdd4f6 irb-1.8.1-7.EL4.1.i386.rpm eba2cc72188020b2b9bbc5bbde939bb8 ruby-1.8.1-7.EL4.1.i386.rpm 4257ac1ab4709dfa464f81054bd12c39 ruby-devel-1.8.1-7.EL4.1.i386.rpm dedecf5621f2859495d52f0b02282841 ruby-docs-1.8.1-7.EL4.1.i386.rpm f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm c380cbac78da65fbb897c646cb3b5459 ruby-mode-1.8.1-7.EL4.1.i386.rpm e9e56dd4415929b52a4c90d6839659b9 ruby-tcltk-1.8.1-7.EL4.1.i386.rpm ia64: ed8843b0bfe19091e0c533d8db33196c irb-1.8.1-7.EL4.1.ia64.rpm 4c5ce3e8cbb7c57cee6f66849fc763cc ruby-1.8.1-7.EL4.1.ia64.rpm 34e76823bfaeda823383bde64d0df4e0 ruby-devel-1.8.1-7.EL4.1.ia64.rpm 21647391f11e72744b0be03dc8028602 ruby-docs-1.8.1-7.EL4.1.ia64.rpm f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm b4073db97e76467866f7d85a45765595 ruby-libs-1.8.1-7.EL4.1.ia64.rpm fa21b028a1b2a5799def731cb846b344 ruby-mode-1.8.1-7.EL4.1.ia64.rpm 193f81cc54cf1227b139a6e5ac119ea6 ruby-tcltk-1.8.1-7.EL4.1.ia64.rpm x86_64: bc12397f3bb00edddf14f64f74ab67ba irb-1.8.1-7.EL4.1.x86_64.rpm b26063e6a2aa63710e6944d5bb79b453 ruby-1.8.1-7.EL4.1.x86_64.rpm 427f4782a84142f57a1af1b7c61cdf9d ruby-devel-1.8.1-7.EL4.1.x86_64.rpm f0c0d0ea9a30b3d3f66dfd8373e9b499 ruby-docs-1.8.1-7.EL4.1.x86_64.rpm f7ed1bed02b2f79fe4cd097dc567a2c7 ruby-libs-1.8.1-7.EL4.1.i386.rpm 1725ca62b635102dfcbb093227acb20c ruby-libs-1.8.1-7.EL4.1.x86_64.rpm 8cc745ce2f953090fb82ba0b85a0b63c ruby-mode-1.8.1-7.EL4.1.x86_64.rpm 4bb79c1c55987a45937382465bc4522f ruby-tcltk-1.8.1-7.EL4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1992 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFC8235XlSAg2UNWIIRAp4bAJ9qABBnljFS367+VGWTEQt94CToOQCeKNJw 8BEFXOhNcrV4U/1FD3eOPSk= =N/nD -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Aug 5 13:48:18 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 5 Aug 2005 09:48:18 -0400 Subject: [RHSA-2005:595-02] Moderate: squirrelmail security update Message-ID: <200508051348.j75DmIUE032011@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: squirrelmail security update Advisory ID: RHSA-2005:595-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-595.html Issue date: 2005-08-03 Updated on: 2005-08-05 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2095 CAN-2005-1769 - --------------------------------------------------------------------- 1. Summary: An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 04 Aug 2005] The previous SquirrelMail package released with this errata contained a bug which rendered the addressbook unusable. The erratum has been updated with a package which corrects this issue. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - noarch Red Hat Desktop version 3 - noarch Red Hat Enterprise Linux ES version 3 - noarch Red Hat Enterprise Linux WS version 3 - noarch Red Hat Enterprise Linux AS version 4 - noarch Red Hat Enterprise Linux Desktop version 4 - noarch Red Hat Enterprise Linux ES version 4 - noarch Red Hat Enterprise Linux WS version 4 - noarch 3. Problem description: SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail handled the $_POST variable. If a user is tricked into visiting a malicious URL, the user's SquirrelMail preferences could be read or modified. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2095 to this issue. Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary Javascript or HTML content into SquirrelMail pages by tricking a user into visiting a carefully crafted URL, or by sending them a carefully constructed HTML email message. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-1769 to this issue. All users of SquirrelMail should upgrade to this updated package, which contains backported patches that resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ Additionally, users will have to bring up the "Network Proxy" dialog and reset their keys for the settings to take place. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 160241 - CAN-2005-1769 Multiple XSS issues in squirrelmail 162275 - CAN-2005-2095 squirrelmail cross site posting issue 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squirrelmail-1.4.3a-11.EL3.src.rpm 51264a9a13d8166c6a0d45893043136a squirrelmail-1.4.3a-11.EL3.src.rpm noarch: 8bae28c011cc422745118524c6f9e4d5 squirrelmail-1.4.3a-11.EL3.noarch.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squirrelmail-1.4.3a-11.EL3.src.rpm 51264a9a13d8166c6a0d45893043136a squirrelmail-1.4.3a-11.EL3.src.rpm noarch: 8bae28c011cc422745118524c6f9e4d5 squirrelmail-1.4.3a-11.EL3.noarch.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squirrelmail-1.4.3a-11.EL3.src.rpm 51264a9a13d8166c6a0d45893043136a squirrelmail-1.4.3a-11.EL3.src.rpm noarch: 8bae28c011cc422745118524c6f9e4d5 squirrelmail-1.4.3a-11.EL3.noarch.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squirrelmail-1.4.3a-11.EL3.src.rpm 51264a9a13d8166c6a0d45893043136a squirrelmail-1.4.3a-11.EL3.src.rpm noarch: 8bae28c011cc422745118524c6f9e4d5 squirrelmail-1.4.3a-11.EL3.noarch.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/squirrelmail-1.4.3a-12.EL4.src.rpm 95770004b2ff1aa0f0ed3819e8b077a0 squirrelmail-1.4.3a-12.EL4.src.rpm noarch: d5cbae9acad77bd520328aed41841904 squirrelmail-1.4.3a-12.EL4.noarch.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/squirrelmail-1.4.3a-12.EL4.src.rpm 95770004b2ff1aa0f0ed3819e8b077a0 squirrelmail-1.4.3a-12.EL4.src.rpm noarch: d5cbae9acad77bd520328aed41841904 squirrelmail-1.4.3a-12.EL4.noarch.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/squirrelmail-1.4.3a-12.EL4.src.rpm 95770004b2ff1aa0f0ed3819e8b077a0 squirrelmail-1.4.3a-12.EL4.src.rpm noarch: d5cbae9acad77bd520328aed41841904 squirrelmail-1.4.3a-12.EL4.noarch.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/squirrelmail-1.4.3a-12.EL4.src.rpm 95770004b2ff1aa0f0ed3819e8b077a0 squirrelmail-1.4.3a-12.EL4.src.rpm noarch: d5cbae9acad77bd520328aed41841904 squirrelmail-1.4.3a-12.EL4.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1769 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFC824PXlSAg2UNWIIRAo6oAJ0blrhAkASHndgkoySeWwKsHYrR8wCeJz76 oDjMcEg7Hk4FYE9vDpHIbFM= =LQmk -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 9 16:56:42 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Aug 2005 12:56:42 -0400 Subject: [RHSA-2005:598-01] Low: sysreport security update Message-ID: <200508091656.j79Gugah003739@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: sysreport security update Advisory ID: RHSA-2005:598-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-598.html Issue date: 2005-08-09 Updated on: 2005-08-09 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2104 - --------------------------------------------------------------------- 1. Summary: An updated sysreport package that fixes an insecure temporary file flaw is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - noarch Red Hat Linux Advanced Workstation 2.1 - noarch Red Hat Enterprise Linux ES version 2.1 - noarch Red Hat Enterprise Linux WS version 2.1 - noarch Red Hat Enterprise Linux AS version 3 - noarch Red Hat Desktop version 3 - noarch Red Hat Enterprise Linux ES version 3 - noarch Red Hat Enterprise Linux WS version 3 - noarch Red Hat Enterprise Linux AS version 4 - noarch Red Hat Enterprise Linux Desktop version 4 - noarch Red Hat Enterprise Linux ES version 4 - noarch Red Hat Enterprise Linux WS version 4 - noarch 3. Problem description: Sysreport is a utility that gathers information about a system's hardware and configuration. The information can then be used for diagnostic purposes and debugging. Bill Stearns discovered a bug in the way sysreport creates temporary files. It is possible that a local attacker could obtain sensitive information about the system when sysreport is run. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2104 to this issue. Users of sysreport should update to this erratum package, which contains a patch that resolves this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 162978 - CAN-2005-2104 sysreport insecure temporary directory usage 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/sysreport-1.3.7.0-7.src.rpm 4558755e1cc511396658944e1053f6aa sysreport-1.3.7.0-7.src.rpm noarch: daf737b43a6d4f16404f5770611c65a3 sysreport-1.3.7.0-7.noarch.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/sysreport-1.3.7.0-7.src.rpm 4558755e1cc511396658944e1053f6aa sysreport-1.3.7.0-7.src.rpm noarch: daf737b43a6d4f16404f5770611c65a3 sysreport-1.3.7.0-7.noarch.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/sysreport-1.3.7.0-7.src.rpm 4558755e1cc511396658944e1053f6aa sysreport-1.3.7.0-7.src.rpm noarch: daf737b43a6d4f16404f5770611c65a3 sysreport-1.3.7.0-7.noarch.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/sysreport-1.3.7.0-7.src.rpm 4558755e1cc511396658944e1053f6aa sysreport-1.3.7.0-7.src.rpm noarch: daf737b43a6d4f16404f5770611c65a3 sysreport-1.3.7.0-7.noarch.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/sysreport-1.3.7.2-9.src.rpm 3f70a16e5d4f624b5be103e605c90173 sysreport-1.3.7.2-9.src.rpm noarch: 6f4d2d6c29e37480481c63f6926fe0bd sysreport-1.3.7.2-9.noarch.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/sysreport-1.3.7.2-9.src.rpm 3f70a16e5d4f624b5be103e605c90173 sysreport-1.3.7.2-9.src.rpm noarch: 6f4d2d6c29e37480481c63f6926fe0bd sysreport-1.3.7.2-9.noarch.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/sysreport-1.3.7.2-9.src.rpm 3f70a16e5d4f624b5be103e605c90173 sysreport-1.3.7.2-9.src.rpm noarch: 6f4d2d6c29e37480481c63f6926fe0bd sysreport-1.3.7.2-9.noarch.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/sysreport-1.3.7.2-9.src.rpm 3f70a16e5d4f624b5be103e605c90173 sysreport-1.3.7.2-9.src.rpm noarch: 6f4d2d6c29e37480481c63f6926fe0bd sysreport-1.3.7.2-9.noarch.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/sysreport-1.3.15-5.src.rpm aa4ea7507b4bf5709f6b19b48cb70350 sysreport-1.3.15-5.src.rpm noarch: f7f12746b9e39765250b75ccca71a9b6 sysreport-1.3.15-5.noarch.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/sysreport-1.3.15-5.src.rpm aa4ea7507b4bf5709f6b19b48cb70350 sysreport-1.3.15-5.src.rpm noarch: f7f12746b9e39765250b75ccca71a9b6 sysreport-1.3.15-5.noarch.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/sysreport-1.3.15-5.src.rpm aa4ea7507b4bf5709f6b19b48cb70350 sysreport-1.3.15-5.src.rpm noarch: f7f12746b9e39765250b75ccca71a9b6 sysreport-1.3.15-5.noarch.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/sysreport-1.3.15-5.src.rpm aa4ea7507b4bf5709f6b19b48cb70350 sysreport-1.3.15-5.src.rpm noarch: f7f12746b9e39765250b75ccca71a9b6 sysreport-1.3.15-5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2104 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFC+OA8XlSAg2UNWIIRApVAAKCtXHzRfnojQqIdJmaPrKGhdXTMFQCgwWxp My/RD1bt6vg2SMsTqHvoFOQ= =wIRP -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 9 16:57:04 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Aug 2005 12:57:04 -0400 Subject: [RHSA-2005:670-01] Moderate: xpdf security update Message-ID: <200508091657.j79Gv5CW004146@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: xpdf security update Advisory ID: RHSA-2005:670-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-670.html Issue date: 2005-08-09 Updated on: 2005-08-09 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2097 - --------------------------------------------------------------------- 1. Summary: An updated xpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files. A flaw was discovered in Xpdf in that an attacker could construct a carefully crafted PDF file that would cause Xpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2097 to this issue. Note this issue does not affect the version of Xpdf in Red Hat Enterprise Linux 3 or 2.1. Users of xpdf should upgrade to this updated package, which contains a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 163918 - CAN-2005-2097 xpdf DoS 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/xpdf-3.00-11.8.src.rpm d240eb91ed91898d1285f1b03738830c xpdf-3.00-11.8.src.rpm i386: 857ffad14cc068f9f8df520c7cfe4244 xpdf-3.00-11.8.i386.rpm ia64: ce1db852d78a52c46fae89854717f406 xpdf-3.00-11.8.ia64.rpm ppc: a7b363839ba04fe12b2f2f26d7bf86c6 xpdf-3.00-11.8.ppc.rpm s390: 711b388ba7cd77eced5055b8963cd85a xpdf-3.00-11.8.s390.rpm s390x: a7e5d1f17050507f015ed8f9960b4db4 xpdf-3.00-11.8.s390x.rpm x86_64: ea5eecf2b5cde55196ad66c3e2713867 xpdf-3.00-11.8.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/xpdf-3.00-11.8.src.rpm d240eb91ed91898d1285f1b03738830c xpdf-3.00-11.8.src.rpm i386: 857ffad14cc068f9f8df520c7cfe4244 xpdf-3.00-11.8.i386.rpm x86_64: ea5eecf2b5cde55196ad66c3e2713867 xpdf-3.00-11.8.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/xpdf-3.00-11.8.src.rpm d240eb91ed91898d1285f1b03738830c xpdf-3.00-11.8.src.rpm i386: 857ffad14cc068f9f8df520c7cfe4244 xpdf-3.00-11.8.i386.rpm ia64: ce1db852d78a52c46fae89854717f406 xpdf-3.00-11.8.ia64.rpm x86_64: ea5eecf2b5cde55196ad66c3e2713867 xpdf-3.00-11.8.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/xpdf-3.00-11.8.src.rpm d240eb91ed91898d1285f1b03738830c xpdf-3.00-11.8.src.rpm i386: 857ffad14cc068f9f8df520c7cfe4244 xpdf-3.00-11.8.i386.rpm ia64: ce1db852d78a52c46fae89854717f406 xpdf-3.00-11.8.ia64.rpm x86_64: ea5eecf2b5cde55196ad66c3e2713867 xpdf-3.00-11.8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFC+OBUXlSAg2UNWIIRAodrAJ9QGQX50J1Ara/+q4lpOIX2Q0MqvwCghiDs O8ailA8IsUkd5gyXPbHsJzg= =kRnl -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 9 16:57:26 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Aug 2005 12:57:26 -0400 Subject: [RHSA-2005:671-01] Moderate: kdegraphics security update Message-ID: <200508091657.j79GvQW1004157@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: kdegraphics security update Advisory ID: RHSA-2005:671-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-671.html Issue date: 2005-08-09 Updated on: 2005-08-09 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2097 - --------------------------------------------------------------------- 1. Summary: Updated kdegraphics packages that resolve a security issue in kpdf are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. A flaw was discovered in kpdf. An attacker could construct a carefully crafted PDF file that would cause kpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2097 to this issue. Note this issue does not affect Red Hat Enterprise Linux 3 or 2.1. Users of kpdf should upgrade to these updated packages, which contains a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 163925 - CAN-2005-2097 kpdf DoS 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdegraphics-3.3.1-3.4.src.rpm 034c8c6c6f6b306170dd84943f4caebf kdegraphics-3.3.1-3.4.src.rpm i386: 551912cff4672ac8e5d8c9e1c1aa6bd5 kdegraphics-3.3.1-3.4.i386.rpm 7d26d5de1c406e6e89333eb17c4d9720 kdegraphics-devel-3.3.1-3.4.i386.rpm ia64: c26447459cac09d0b8a680f8aff37cce kdegraphics-3.3.1-3.4.ia64.rpm 1072f640b595f512ba217264d2c77aec kdegraphics-devel-3.3.1-3.4.ia64.rpm ppc: 5f05c498a6515ea03b567691a1795588 kdegraphics-3.3.1-3.4.ppc.rpm 12f3c69ef13a8617ef6e3c3ef7108b6f kdegraphics-devel-3.3.1-3.4.ppc.rpm s390: 6492a12dd82ab6ad78977b36f6acc277 kdegraphics-3.3.1-3.4.s390.rpm 644af9b7f094d9fad6eb43423b04854a kdegraphics-devel-3.3.1-3.4.s390.rpm s390x: 8a8e96eacc5ebff6f6cb9d4d0f87b229 kdegraphics-3.3.1-3.4.s390x.rpm 6a83d580fe2d065f1f2cff4978c00ec5 kdegraphics-devel-3.3.1-3.4.s390x.rpm x86_64: ff88d2ce2b9129ba3cc8f0b90d8350cc kdegraphics-3.3.1-3.4.x86_64.rpm 4e67a2cb74e2dbd7d264c2967ade9f97 kdegraphics-devel-3.3.1-3.4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdegraphics-3.3.1-3.4.src.rpm 034c8c6c6f6b306170dd84943f4caebf kdegraphics-3.3.1-3.4.src.rpm i386: 551912cff4672ac8e5d8c9e1c1aa6bd5 kdegraphics-3.3.1-3.4.i386.rpm 7d26d5de1c406e6e89333eb17c4d9720 kdegraphics-devel-3.3.1-3.4.i386.rpm x86_64: ff88d2ce2b9129ba3cc8f0b90d8350cc kdegraphics-3.3.1-3.4.x86_64.rpm 4e67a2cb74e2dbd7d264c2967ade9f97 kdegraphics-devel-3.3.1-3.4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdegraphics-3.3.1-3.4.src.rpm 034c8c6c6f6b306170dd84943f4caebf kdegraphics-3.3.1-3.4.src.rpm i386: 551912cff4672ac8e5d8c9e1c1aa6bd5 kdegraphics-3.3.1-3.4.i386.rpm 7d26d5de1c406e6e89333eb17c4d9720 kdegraphics-devel-3.3.1-3.4.i386.rpm ia64: c26447459cac09d0b8a680f8aff37cce kdegraphics-3.3.1-3.4.ia64.rpm 1072f640b595f512ba217264d2c77aec kdegraphics-devel-3.3.1-3.4.ia64.rpm x86_64: ff88d2ce2b9129ba3cc8f0b90d8350cc kdegraphics-3.3.1-3.4.x86_64.rpm 4e67a2cb74e2dbd7d264c2967ade9f97 kdegraphics-devel-3.3.1-3.4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdegraphics-3.3.1-3.4.src.rpm 034c8c6c6f6b306170dd84943f4caebf kdegraphics-3.3.1-3.4.src.rpm i386: 551912cff4672ac8e5d8c9e1c1aa6bd5 kdegraphics-3.3.1-3.4.i386.rpm 7d26d5de1c406e6e89333eb17c4d9720 kdegraphics-devel-3.3.1-3.4.i386.rpm ia64: c26447459cac09d0b8a680f8aff37cce kdegraphics-3.3.1-3.4.ia64.rpm 1072f640b595f512ba217264d2c77aec kdegraphics-devel-3.3.1-3.4.ia64.rpm x86_64: ff88d2ce2b9129ba3cc8f0b90d8350cc kdegraphics-3.3.1-3.4.x86_64.rpm 4e67a2cb74e2dbd7d264c2967ade9f97 kdegraphics-devel-3.3.1-3.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFC+OBrXlSAg2UNWIIRAqGMAKCPkWFZQiUexmduQSEw7CuIPpoxMwCfWsmj 9Aj707XyQ9aDoOkbFKRUsLQ= =jeZ9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 9 16:57:50 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Aug 2005 12:57:50 -0400 Subject: [RHSA-2005:706-01] Important: cups security update Message-ID: <200508091657.j79GvoC8004174@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: cups security update Advisory ID: RHSA-2005:706-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-706.html Issue date: 2005-08-09 Updated on: 2005-08-09 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2097 - --------------------------------------------------------------------- 1. Summary: Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. When processing a PDF file, bounds checking was not correctly performed on some fields. This could cause the pdftops filter (running as user "lp") to crash. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2097 to this issue. All users of CUPS should upgrade to these erratum packages, which contain a patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 164510 - CAN-2005-2097 pdf flaw 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cups-1.1.17-13.3.31.src.rpm 6fdfeda1620e95a6ed9141398adb88be cups-1.1.17-13.3.31.src.rpm i386: 6f53077afd334ef360da78265a1d3015 cups-1.1.17-13.3.31.i386.rpm 313336568455c6bf53c465b6b9ddfe6b cups-devel-1.1.17-13.3.31.i386.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm ia64: 0e3c6790b045e27c30c8546ef147a6b6 cups-1.1.17-13.3.31.ia64.rpm da9e2d61e6ea694b691d43015d044648 cups-devel-1.1.17-13.3.31.ia64.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm 42bbd422f83eae3bd94a67709aabc9b6 cups-libs-1.1.17-13.3.31.ia64.rpm ppc: 2ef8571cde9f6fc0ba6ffa7cf4bcffcf cups-1.1.17-13.3.31.ppc.rpm ea06586a5d0edece302f465cc06655b9 cups-devel-1.1.17-13.3.31.ppc.rpm d5864d0bc6ffafb60e5512b72cd1deee cups-libs-1.1.17-13.3.31.ppc.rpm 070c52a8fff483d5b2977f41af8c2d48 cups-libs-1.1.17-13.3.31.ppc64.rpm s390: e8a3333a4f41f4d286e30d2ba6dac182 cups-1.1.17-13.3.31.s390.rpm 64b0004da2a22335600116c4fd62655a cups-devel-1.1.17-13.3.31.s390.rpm 73fd8d9b5532dfcb6512af45e2e0bb4c cups-libs-1.1.17-13.3.31.s390.rpm s390x: 930e0db46c1e076b8e79d6bf712a5996 cups-1.1.17-13.3.31.s390x.rpm 624a554a09a737def3b20b19a65755e0 cups-devel-1.1.17-13.3.31.s390x.rpm 73fd8d9b5532dfcb6512af45e2e0bb4c cups-libs-1.1.17-13.3.31.s390.rpm d56b117031bccc86a8c827e9d0cf7ade cups-libs-1.1.17-13.3.31.s390x.rpm x86_64: d737dd5cb793f4ad445d93d33b48e082 cups-1.1.17-13.3.31.x86_64.rpm 75ad39e7ec8114ceb2dd1653df48f6c9 cups-devel-1.1.17-13.3.31.x86_64.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm 7a874e6ac4f4b128041f150cc08a90bb cups-libs-1.1.17-13.3.31.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cups-1.1.17-13.3.31.src.rpm 6fdfeda1620e95a6ed9141398adb88be cups-1.1.17-13.3.31.src.rpm i386: 6f53077afd334ef360da78265a1d3015 cups-1.1.17-13.3.31.i386.rpm 313336568455c6bf53c465b6b9ddfe6b cups-devel-1.1.17-13.3.31.i386.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm x86_64: d737dd5cb793f4ad445d93d33b48e082 cups-1.1.17-13.3.31.x86_64.rpm 75ad39e7ec8114ceb2dd1653df48f6c9 cups-devel-1.1.17-13.3.31.x86_64.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm 7a874e6ac4f4b128041f150cc08a90bb cups-libs-1.1.17-13.3.31.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cups-1.1.17-13.3.31.src.rpm 6fdfeda1620e95a6ed9141398adb88be cups-1.1.17-13.3.31.src.rpm i386: 6f53077afd334ef360da78265a1d3015 cups-1.1.17-13.3.31.i386.rpm 313336568455c6bf53c465b6b9ddfe6b cups-devel-1.1.17-13.3.31.i386.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm ia64: 0e3c6790b045e27c30c8546ef147a6b6 cups-1.1.17-13.3.31.ia64.rpm da9e2d61e6ea694b691d43015d044648 cups-devel-1.1.17-13.3.31.ia64.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm 42bbd422f83eae3bd94a67709aabc9b6 cups-libs-1.1.17-13.3.31.ia64.rpm x86_64: d737dd5cb793f4ad445d93d33b48e082 cups-1.1.17-13.3.31.x86_64.rpm 75ad39e7ec8114ceb2dd1653df48f6c9 cups-devel-1.1.17-13.3.31.x86_64.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm 7a874e6ac4f4b128041f150cc08a90bb cups-libs-1.1.17-13.3.31.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cups-1.1.17-13.3.31.src.rpm 6fdfeda1620e95a6ed9141398adb88be cups-1.1.17-13.3.31.src.rpm i386: 6f53077afd334ef360da78265a1d3015 cups-1.1.17-13.3.31.i386.rpm 313336568455c6bf53c465b6b9ddfe6b cups-devel-1.1.17-13.3.31.i386.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm ia64: 0e3c6790b045e27c30c8546ef147a6b6 cups-1.1.17-13.3.31.ia64.rpm da9e2d61e6ea694b691d43015d044648 cups-devel-1.1.17-13.3.31.ia64.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm 42bbd422f83eae3bd94a67709aabc9b6 cups-libs-1.1.17-13.3.31.ia64.rpm x86_64: d737dd5cb793f4ad445d93d33b48e082 cups-1.1.17-13.3.31.x86_64.rpm 75ad39e7ec8114ceb2dd1653df48f6c9 cups-devel-1.1.17-13.3.31.x86_64.rpm f38c9a11506ae85d5de4ddf721dfd1a0 cups-libs-1.1.17-13.3.31.i386.rpm 7a874e6ac4f4b128041f150cc08a90bb cups-libs-1.1.17-13.3.31.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cups-1.1.22-0.rc1.9.7.src.rpm 9b035487b0771701ede6d2127d250127 cups-1.1.22-0.rc1.9.7.src.rpm i386: 4c7c20b95e38b497aa610332ce2d0551 cups-1.1.22-0.rc1.9.7.i386.rpm b8863c846afdf0fce99de34e2ad0ee27 cups-devel-1.1.22-0.rc1.9.7.i386.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm ia64: 3ff6481aeaeef012e63a7effe7aad71b cups-1.1.22-0.rc1.9.7.ia64.rpm 133970e22eb1094d10c431809374e897 cups-devel-1.1.22-0.rc1.9.7.ia64.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm 9b1edfb8aef5edfe2a77e717dd0908cd cups-libs-1.1.22-0.rc1.9.7.ia64.rpm ppc: aeee85359fb8d62f7cadfdbd70389018 cups-1.1.22-0.rc1.9.7.ppc.rpm e40bc2adb4e988b6cfc6a6f76ab3d361 cups-devel-1.1.22-0.rc1.9.7.ppc.rpm 18c43f70e182dd5fc45af75678f47e92 cups-libs-1.1.22-0.rc1.9.7.ppc.rpm 44fc714c998b6c4a6ae88ffade39b55c cups-libs-1.1.22-0.rc1.9.7.ppc64.rpm s390: 017e4f6095f827dcd84351b1555ac841 cups-1.1.22-0.rc1.9.7.s390.rpm 3b66ab340809a2638405e34b02811e9a cups-devel-1.1.22-0.rc1.9.7.s390.rpm 75e83909b63136a6ba8ab2913d790e06 cups-libs-1.1.22-0.rc1.9.7.s390.rpm s390x: 7e7dc1aa097cadb6add6c1c9276632f3 cups-1.1.22-0.rc1.9.7.s390x.rpm f871a5bfcc2b6a8d29a5809a9fef438d cups-devel-1.1.22-0.rc1.9.7.s390x.rpm 75e83909b63136a6ba8ab2913d790e06 cups-libs-1.1.22-0.rc1.9.7.s390.rpm ca9e6f369441b2e9049a5ee86cd330dc cups-libs-1.1.22-0.rc1.9.7.s390x.rpm x86_64: f8cdf81a6645b4b7c4955a36a35d0f2f cups-1.1.22-0.rc1.9.7.x86_64.rpm e6d59fe158d842f92594c3fc0f12a04a cups-devel-1.1.22-0.rc1.9.7.x86_64.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm 723689c347475e508dd2adf82d6c8a0c cups-libs-1.1.22-0.rc1.9.7.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cups-1.1.22-0.rc1.9.7.src.rpm 9b035487b0771701ede6d2127d250127 cups-1.1.22-0.rc1.9.7.src.rpm i386: 4c7c20b95e38b497aa610332ce2d0551 cups-1.1.22-0.rc1.9.7.i386.rpm b8863c846afdf0fce99de34e2ad0ee27 cups-devel-1.1.22-0.rc1.9.7.i386.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm x86_64: f8cdf81a6645b4b7c4955a36a35d0f2f cups-1.1.22-0.rc1.9.7.x86_64.rpm e6d59fe158d842f92594c3fc0f12a04a cups-devel-1.1.22-0.rc1.9.7.x86_64.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm 723689c347475e508dd2adf82d6c8a0c cups-libs-1.1.22-0.rc1.9.7.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cups-1.1.22-0.rc1.9.7.src.rpm 9b035487b0771701ede6d2127d250127 cups-1.1.22-0.rc1.9.7.src.rpm i386: 4c7c20b95e38b497aa610332ce2d0551 cups-1.1.22-0.rc1.9.7.i386.rpm b8863c846afdf0fce99de34e2ad0ee27 cups-devel-1.1.22-0.rc1.9.7.i386.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm ia64: 3ff6481aeaeef012e63a7effe7aad71b cups-1.1.22-0.rc1.9.7.ia64.rpm 133970e22eb1094d10c431809374e897 cups-devel-1.1.22-0.rc1.9.7.ia64.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm 9b1edfb8aef5edfe2a77e717dd0908cd cups-libs-1.1.22-0.rc1.9.7.ia64.rpm x86_64: f8cdf81a6645b4b7c4955a36a35d0f2f cups-1.1.22-0.rc1.9.7.x86_64.rpm e6d59fe158d842f92594c3fc0f12a04a cups-devel-1.1.22-0.rc1.9.7.x86_64.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm 723689c347475e508dd2adf82d6c8a0c cups-libs-1.1.22-0.rc1.9.7.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cups-1.1.22-0.rc1.9.7.src.rpm 9b035487b0771701ede6d2127d250127 cups-1.1.22-0.rc1.9.7.src.rpm i386: 4c7c20b95e38b497aa610332ce2d0551 cups-1.1.22-0.rc1.9.7.i386.rpm b8863c846afdf0fce99de34e2ad0ee27 cups-devel-1.1.22-0.rc1.9.7.i386.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm ia64: 3ff6481aeaeef012e63a7effe7aad71b cups-1.1.22-0.rc1.9.7.ia64.rpm 133970e22eb1094d10c431809374e897 cups-devel-1.1.22-0.rc1.9.7.ia64.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm 9b1edfb8aef5edfe2a77e717dd0908cd cups-libs-1.1.22-0.rc1.9.7.ia64.rpm x86_64: f8cdf81a6645b4b7c4955a36a35d0f2f cups-1.1.22-0.rc1.9.7.x86_64.rpm e6d59fe158d842f92594c3fc0f12a04a cups-devel-1.1.22-0.rc1.9.7.x86_64.rpm 83c915a577bb1e14ff7b41971c37088d cups-libs-1.1.22-0.rc1.9.7.i386.rpm 723689c347475e508dd2adf82d6c8a0c cups-libs-1.1.22-0.rc1.9.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFC+OCBXlSAg2UNWIIRAihEAJ48NUJqFiPrQ6Zxra/u51LBfdWaYQCcCs/R EHn1qTjgim7AYTJZnpOLwuo= =cUmo -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 9 16:58:13 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Aug 2005 12:58:13 -0400 Subject: [RHSA-2005:720-01] Low: ucd-snmp security update Message-ID: <200508091658.j79GwDEC004198@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: ucd-snmp security update Advisory ID: RHSA-2005:720-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-720.html Issue date: 2005-08-09 Updated on: 2005-08-09 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2177 - --------------------------------------------------------------------- 1. Summary: Updated ucd-snmp packages that a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: SNMP (Simple Network Management Protocol) is a protocol used for network management. A denial of service bug was found in the way ucd-snmp uses network stream protocols. A remote attacker could send a ucd-snmp agent a specially crafted packet which will cause the agent to crash. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2177 to this issue. All users of ucd-snmp should upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 162909 - CAN-2005-2177 net-snmp denial of service 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ucd-snmp-4.2.5-8.AS21.5.src.rpm 95d02f970a3f1516eb2209c99f6673cd ucd-snmp-4.2.5-8.AS21.5.src.rpm i386: 95b6a7b3aa250ca78ae73bb8a620d0a1 ucd-snmp-4.2.5-8.AS21.5.i386.rpm 7c56c8c44e344d35e0282c0be6bb4050 ucd-snmp-devel-4.2.5-8.AS21.5.i386.rpm a7ce1fdfd8a6ed295ae7ec2e92b91b7b ucd-snmp-utils-4.2.5-8.AS21.5.i386.rpm ia64: 29187855bd3e961bd44dea46673a9a86 ucd-snmp-4.2.5-8.AS21.5.ia64.rpm 0dd50f511b5b9d26d0f6285acda199e3 ucd-snmp-devel-4.2.5-8.AS21.5.ia64.rpm acf0d1be8e39bbd7640bd349a12fb776 ucd-snmp-utils-4.2.5-8.AS21.5.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ucd-snmp-4.2.5-8.AS21.5.src.rpm 95d02f970a3f1516eb2209c99f6673cd ucd-snmp-4.2.5-8.AS21.5.src.rpm ia64: 29187855bd3e961bd44dea46673a9a86 ucd-snmp-4.2.5-8.AS21.5.ia64.rpm 0dd50f511b5b9d26d0f6285acda199e3 ucd-snmp-devel-4.2.5-8.AS21.5.ia64.rpm acf0d1be8e39bbd7640bd349a12fb776 ucd-snmp-utils-4.2.5-8.AS21.5.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ucd-snmp-4.2.5-8.AS21.5.src.rpm 95d02f970a3f1516eb2209c99f6673cd ucd-snmp-4.2.5-8.AS21.5.src.rpm i386: 95b6a7b3aa250ca78ae73bb8a620d0a1 ucd-snmp-4.2.5-8.AS21.5.i386.rpm 7c56c8c44e344d35e0282c0be6bb4050 ucd-snmp-devel-4.2.5-8.AS21.5.i386.rpm a7ce1fdfd8a6ed295ae7ec2e92b91b7b ucd-snmp-utils-4.2.5-8.AS21.5.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ucd-snmp-4.2.5-8.AS21.5.src.rpm 95d02f970a3f1516eb2209c99f6673cd ucd-snmp-4.2.5-8.AS21.5.src.rpm i386: 95b6a7b3aa250ca78ae73bb8a620d0a1 ucd-snmp-4.2.5-8.AS21.5.i386.rpm 7c56c8c44e344d35e0282c0be6bb4050 ucd-snmp-devel-4.2.5-8.AS21.5.i386.rpm a7ce1fdfd8a6ed295ae7ec2e92b91b7b ucd-snmp-utils-4.2.5-8.AS21.5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2177 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFC+OCYXlSAg2UNWIIRAgGHAJ0dkLFMNG/CpTWCJkxdAHUlHrbk0gCgiWKD KP6y2qWEvZQiOm+hZfEmVxw= =aCfw -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 10 03:56:48 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Aug 2005 23:56:48 -0400 Subject: [RHSA-2005:589-01] Critical: gaim security update Message-ID: <200508100356.j7A3umJD025934@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: gaim security update Advisory ID: RHSA-2005:589-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-589.html Issue date: 2005-08-09 Updated on: 2005-08-09 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2103 - --------------------------------------------------------------------- 1. Summary: An updated gaim package that fixes a buffer overflow security issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: Gaim is an Internet Instant Messaging client. A heap based buffer overflow issue was discovered in the way Gaim processes away messages. A remote attacker could send a specially crafted away message to a Gaim user logged into AIM or ICQ which could result in arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2103 to this issue. Users of gaim are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 165444 - CAN-2005-2103 Gaim malformed away message remote code execution 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gaim-0.59.9-5.el2.src.rpm c959811c5c3f72070e4cdd6a89f145d5 gaim-0.59.9-5.el2.src.rpm i386: a2f73e3b6da0814f7f3841ae4601621c gaim-0.59.9-5.el2.i386.rpm ia64: 8e9964a5627d7543a696de91faaadb1e gaim-0.59.9-5.el2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gaim-0.59.9-5.el2.src.rpm c959811c5c3f72070e4cdd6a89f145d5 gaim-0.59.9-5.el2.src.rpm ia64: 8e9964a5627d7543a696de91faaadb1e gaim-0.59.9-5.el2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gaim-0.59.9-5.el2.src.rpm c959811c5c3f72070e4cdd6a89f145d5 gaim-0.59.9-5.el2.src.rpm i386: a2f73e3b6da0814f7f3841ae4601621c gaim-0.59.9-5.el2.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gaim-0.59.9-5.el2.src.rpm c959811c5c3f72070e4cdd6a89f145d5 gaim-0.59.9-5.el2.src.rpm i386: a2f73e3b6da0814f7f3841ae4601621c gaim-0.59.9-5.el2.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFC+XrwXlSAg2UNWIIRAjX1AKCPSEkJPkzRJfp1myJMAMLo78VquACfZtht fbgUR1Bhr0ugO9qvDjrGsk0= =U9fS -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 10 03:57:39 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 9 Aug 2005 23:57:39 -0400 Subject: [RHSA-2005:627-01] Critical: gaim security update Message-ID: <200508100357.j7A3vdL8026213@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: gaim security update Advisory ID: RHSA-2005:627-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-627.html Issue date: 2005-08-09 Updated on: 2005-08-09 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2102 CAN-2005-2103 CAN-2005-2370 - --------------------------------------------------------------------- 1. Summary: An updated gaim package that fixes multiple security issues is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Gaim is an Internet Messaging client. A heap based buffer overflow issue was discovered in the way Gaim processes away messages. A remote attacker could send a specially crafted away message to a Gaim user logged into AIM or ICQ that could result in arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2103 to this issue. Daniel Atallah discovered a denial of service issue in Gaim. A remote attacker could attempt to upload a file with a specially crafted name to a user logged into AIM or ICQ, causing Gaim to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2102 to this issue. A denial of service bug was found in Gaim's Gadu Gadu protocol handler. A remote attacker could send a specially crafted message to a Gaim user logged into Gadu Gadu, causing Gaim to crash. Please note that this issue only affects PPC and IBM S/390 systems running Gaim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2370 to this issue. Users of gaim are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 165392 - CAN-2005-2370 gadu gadu memory alignment issue 165400 - CAN-2005-2102 gaim AIM invalid filename DoS 165402 - CAN-2005-2103 Gaim malformed away message remote code execution 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gaim-1.3.1-0.el3.3.src.rpm dc0bc2cebe945bd90e85ad349909a1b6 gaim-1.3.1-0.el3.3.src.rpm i386: 33c487f6fe88c3573f63bc4044997cad gaim-1.3.1-0.el3.3.i386.rpm ia64: ab1a9e0a24a296ced5779462f46c26a5 gaim-1.3.1-0.el3.3.ia64.rpm ppc: 2d58f880338491f34713a51db6aba3ec gaim-1.3.1-0.el3.3.ppc.rpm s390: a0e34b7891936843e174ed7a50634536 gaim-1.3.1-0.el3.3.s390.rpm s390x: c3e794cd5b905baf5b29848e47a7b8b2 gaim-1.3.1-0.el3.3.s390x.rpm x86_64: 5e8c3bf3eb8679f85774713462db8242 gaim-1.3.1-0.el3.3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gaim-1.3.1-0.el3.3.src.rpm dc0bc2cebe945bd90e85ad349909a1b6 gaim-1.3.1-0.el3.3.src.rpm i386: 33c487f6fe88c3573f63bc4044997cad gaim-1.3.1-0.el3.3.i386.rpm x86_64: 5e8c3bf3eb8679f85774713462db8242 gaim-1.3.1-0.el3.3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gaim-1.3.1-0.el3.3.src.rpm dc0bc2cebe945bd90e85ad349909a1b6 gaim-1.3.1-0.el3.3.src.rpm i386: 33c487f6fe88c3573f63bc4044997cad gaim-1.3.1-0.el3.3.i386.rpm ia64: ab1a9e0a24a296ced5779462f46c26a5 gaim-1.3.1-0.el3.3.ia64.rpm x86_64: 5e8c3bf3eb8679f85774713462db8242 gaim-1.3.1-0.el3.3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gaim-1.3.1-0.el3.3.src.rpm dc0bc2cebe945bd90e85ad349909a1b6 gaim-1.3.1-0.el3.3.src.rpm i386: 33c487f6fe88c3573f63bc4044997cad gaim-1.3.1-0.el3.3.i386.rpm ia64: ab1a9e0a24a296ced5779462f46c26a5 gaim-1.3.1-0.el3.3.ia64.rpm x86_64: 5e8c3bf3eb8679f85774713462db8242 gaim-1.3.1-0.el3.3.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gaim-1.3.1-0.el4.3.src.rpm 0dad5d23bfa33dde0464cbe7cbe05e53 gaim-1.3.1-0.el4.3.src.rpm i386: c7343c6cc89f9e6e3dd30a9b918a9c8e gaim-1.3.1-0.el4.3.i386.rpm ia64: 717a21a30f477f71d6aac3052a6f2fcb gaim-1.3.1-0.el4.3.ia64.rpm ppc: c8609fd4b5cc9801ea6cd131833da6c7 gaim-1.3.1-0.el4.3.ppc.rpm s390: 5a2aa34b2844b9916e2f2cd2c39f6bb3 gaim-1.3.1-0.el4.3.s390.rpm s390x: 40f2ac0065deb7cfda303d2efabbf9ac gaim-1.3.1-0.el4.3.s390x.rpm x86_64: 7611deb734363f6dceef660f19c3f4b9 gaim-1.3.1-0.el4.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gaim-1.3.1-0.el4.3.src.rpm 0dad5d23bfa33dde0464cbe7cbe05e53 gaim-1.3.1-0.el4.3.src.rpm i386: c7343c6cc89f9e6e3dd30a9b918a9c8e gaim-1.3.1-0.el4.3.i386.rpm x86_64: 7611deb734363f6dceef660f19c3f4b9 gaim-1.3.1-0.el4.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gaim-1.3.1-0.el4.3.src.rpm 0dad5d23bfa33dde0464cbe7cbe05e53 gaim-1.3.1-0.el4.3.src.rpm i386: c7343c6cc89f9e6e3dd30a9b918a9c8e gaim-1.3.1-0.el4.3.i386.rpm ia64: 717a21a30f477f71d6aac3052a6f2fcb gaim-1.3.1-0.el4.3.ia64.rpm x86_64: 7611deb734363f6dceef660f19c3f4b9 gaim-1.3.1-0.el4.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gaim-1.3.1-0.el4.3.src.rpm 0dad5d23bfa33dde0464cbe7cbe05e53 gaim-1.3.1-0.el4.3.src.rpm i386: c7343c6cc89f9e6e3dd30a9b918a9c8e gaim-1.3.1-0.el4.3.i386.rpm ia64: 717a21a30f477f71d6aac3052a6f2fcb gaim-1.3.1-0.el4.3.ia64.rpm x86_64: 7611deb734363f6dceef660f19c3f4b9 gaim-1.3.1-0.el4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFC+XsMXlSAg2UNWIIRAkchAJ4xRZ0K4XDogeWreByJk0PtEG2jhgCgiYM7 jnQXMv4y3qeWpjZztS/wgQQ= =MD2b -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 10 17:43:35 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Aug 2005 13:43:35 -0400 Subject: [RHSA-2005:687-01] Moderate: ethereal security update Message-ID: <200508101743.j7AHhZPG005398@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: ethereal security update Advisory ID: RHSA-2005:687-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-687.html Issue date: 2005-08-10 Updated on: 2005-08-10 Product: Red Hat Enterprise Linux Obsoletes: RHSA-2005:427 CVE Names: CAN-2005-2360 CAN-2005-2361 CAN-2005-2362 CAN-2005-2363 CAN-2005-2364 CAN-2005-2365 CAN-2005-2366 CAN-2005-2367 - --------------------------------------------------------------------- 1. Summary: Updated Ethereal packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The ethereal package is a program for monitoring network traffic. A number of security flaws have been discovered in Ethereal. On a system where Ethereal is running, a remote attacker could send malicious packets to trigger these flaws and cause Ethereal to crash or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-2360, CAN-2005-2361, CAN-2005-2362, CAN-2005-2363, CAN-2005-2364, CAN-2005-2365, CAN-2005-2366, and CAN-2005-2367 to these issues. Users of ethereal should upgrade to these updated packages, which contain version 0.10.12 which is not vulnerable to these issues. Note: To reduce the risk of future vulnerabilities in Ethereal, the ethereal and tethereal programs in this update have been compiled as Position Independant Executables (PIE) for Red Hat Enterprise Linux 3 and 4. In addition FORTIFY_SOURCE has been enabled for Red Hat Enterprise Linux 4 packages to provide compile time and runtime buffer checks. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 164243 - CAN-2005-2360 Multiple ethereal flaws (CAN-2005-2361 CAN-2005-2362 CAN-2005-2363 CAN-2005-2364 CAN-2005-2365 CAN-2005-2366 CAN-2005-2367) 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ethereal-0.10.12-1.AS21.1.src.rpm e6750808d58dcab86c89fb8bea90fd56 ethereal-0.10.12-1.AS21.1.src.rpm i386: d9f59051dd15229d3136d3cd086aa1bd ethereal-0.10.12-1.AS21.1.i386.rpm 34c9f803f3e8883ef90b45e4d9b6899e ethereal-gnome-0.10.12-1.AS21.1.i386.rpm ia64: d965e4d14df330b9472e71cc644a2c04 ethereal-0.10.12-1.AS21.1.ia64.rpm 9a9e68e06569570af83f2528fce370ff ethereal-gnome-0.10.12-1.AS21.1.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ethereal-0.10.12-1.AS21.1.src.rpm e6750808d58dcab86c89fb8bea90fd56 ethereal-0.10.12-1.AS21.1.src.rpm ia64: d965e4d14df330b9472e71cc644a2c04 ethereal-0.10.12-1.AS21.1.ia64.rpm 9a9e68e06569570af83f2528fce370ff ethereal-gnome-0.10.12-1.AS21.1.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ethereal-0.10.12-1.AS21.1.src.rpm e6750808d58dcab86c89fb8bea90fd56 ethereal-0.10.12-1.AS21.1.src.rpm i386: d9f59051dd15229d3136d3cd086aa1bd ethereal-0.10.12-1.AS21.1.i386.rpm 34c9f803f3e8883ef90b45e4d9b6899e ethereal-gnome-0.10.12-1.AS21.1.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ethereal-0.10.12-1.AS21.1.src.rpm e6750808d58dcab86c89fb8bea90fd56 ethereal-0.10.12-1.AS21.1.src.rpm i386: d9f59051dd15229d3136d3cd086aa1bd ethereal-0.10.12-1.AS21.1.i386.rpm 34c9f803f3e8883ef90b45e4d9b6899e ethereal-gnome-0.10.12-1.AS21.1.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ethereal-0.10.12-1.EL3.1.src.rpm 3e50f832d29b79703b52d8c25327a732 ethereal-0.10.12-1.EL3.1.src.rpm i386: 3b9374ed115e8d4c08c5bc32dcff533d ethereal-0.10.12-1.EL3.1.i386.rpm efd0edce76a730ee37e77b5628a38ff6 ethereal-gnome-0.10.12-1.EL3.1.i386.rpm ia64: 8b65506122145cea403b959002ecdb7b ethereal-0.10.12-1.EL3.1.ia64.rpm 5b1391d4baf56783cbeaf0cb6815e2a7 ethereal-gnome-0.10.12-1.EL3.1.ia64.rpm ppc: cf94f863f2c79287a3e0dd6ab239d5fe ethereal-0.10.12-1.EL3.1.ppc.rpm 683bb719663cb5194a14388fca391887 ethereal-gnome-0.10.12-1.EL3.1.ppc.rpm s390: 3994cd06d7170bd1d9ed62c4631bec7b ethereal-0.10.12-1.EL3.1.s390.rpm 6632eb70244590a4af639f44836081c7 ethereal-gnome-0.10.12-1.EL3.1.s390.rpm s390x: 93252c0310e567261fcff82306eab140 ethereal-0.10.12-1.EL3.1.s390x.rpm cf84809b605cff0fe99157a771e75a3f ethereal-gnome-0.10.12-1.EL3.1.s390x.rpm x86_64: 0b1cc1d9ae386ae1b83c80ed1902e649 ethereal-0.10.12-1.EL3.1.x86_64.rpm 1d628d14c0aeb1316e4e28e4748e714f ethereal-gnome-0.10.12-1.EL3.1.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ethereal-0.10.12-1.EL3.1.src.rpm 3e50f832d29b79703b52d8c25327a732 ethereal-0.10.12-1.EL3.1.src.rpm i386: 3b9374ed115e8d4c08c5bc32dcff533d ethereal-0.10.12-1.EL3.1.i386.rpm efd0edce76a730ee37e77b5628a38ff6 ethereal-gnome-0.10.12-1.EL3.1.i386.rpm x86_64: 0b1cc1d9ae386ae1b83c80ed1902e649 ethereal-0.10.12-1.EL3.1.x86_64.rpm 1d628d14c0aeb1316e4e28e4748e714f ethereal-gnome-0.10.12-1.EL3.1.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ethereal-0.10.12-1.EL3.1.src.rpm 3e50f832d29b79703b52d8c25327a732 ethereal-0.10.12-1.EL3.1.src.rpm i386: 3b9374ed115e8d4c08c5bc32dcff533d ethereal-0.10.12-1.EL3.1.i386.rpm efd0edce76a730ee37e77b5628a38ff6 ethereal-gnome-0.10.12-1.EL3.1.i386.rpm ia64: 8b65506122145cea403b959002ecdb7b ethereal-0.10.12-1.EL3.1.ia64.rpm 5b1391d4baf56783cbeaf0cb6815e2a7 ethereal-gnome-0.10.12-1.EL3.1.ia64.rpm x86_64: 0b1cc1d9ae386ae1b83c80ed1902e649 ethereal-0.10.12-1.EL3.1.x86_64.rpm 1d628d14c0aeb1316e4e28e4748e714f ethereal-gnome-0.10.12-1.EL3.1.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ethereal-0.10.12-1.EL3.1.src.rpm 3e50f832d29b79703b52d8c25327a732 ethereal-0.10.12-1.EL3.1.src.rpm i386: 3b9374ed115e8d4c08c5bc32dcff533d ethereal-0.10.12-1.EL3.1.i386.rpm efd0edce76a730ee37e77b5628a38ff6 ethereal-gnome-0.10.12-1.EL3.1.i386.rpm ia64: 8b65506122145cea403b959002ecdb7b ethereal-0.10.12-1.EL3.1.ia64.rpm 5b1391d4baf56783cbeaf0cb6815e2a7 ethereal-gnome-0.10.12-1.EL3.1.ia64.rpm x86_64: 0b1cc1d9ae386ae1b83c80ed1902e649 ethereal-0.10.12-1.EL3.1.x86_64.rpm 1d628d14c0aeb1316e4e28e4748e714f ethereal-gnome-0.10.12-1.EL3.1.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ethereal-0.10.12-1.EL4.1.src.rpm 7b2f445f71663732f4b93ebf07eba0db ethereal-0.10.12-1.EL4.1.src.rpm i386: 36f28de8181662837cd29222f0a33ab6 ethereal-0.10.12-1.EL4.1.i386.rpm f8c99a3e1df81926048514614389aa69 ethereal-gnome-0.10.12-1.EL4.1.i386.rpm ia64: c2ce14b507a87145a200cf2649371abb ethereal-0.10.12-1.EL4.1.ia64.rpm 7ac1e011517a6b19ef0f18a7fa92dcf1 ethereal-gnome-0.10.12-1.EL4.1.ia64.rpm ppc: 192fdbdbac0a1cab814c6db7f9d1c2ae ethereal-0.10.12-1.EL4.1.ppc.rpm 43677627abf7b80cca85f1a3106570f4 ethereal-gnome-0.10.12-1.EL4.1.ppc.rpm s390: ebb550293e7f538d11a8b03dbbcdaafd ethereal-0.10.12-1.EL4.1.s390.rpm 0b9b64e01534188c24606bf6e4a29c81 ethereal-gnome-0.10.12-1.EL4.1.s390.rpm s390x: 949e09f01dec2c8d732585ea23afa630 ethereal-0.10.12-1.EL4.1.s390x.rpm b4a19f717ab41ed5e73c7a1042f5fd2e ethereal-gnome-0.10.12-1.EL4.1.s390x.rpm x86_64: e84d5eb87488a595a6ef47a2e4893fa7 ethereal-0.10.12-1.EL4.1.x86_64.rpm 987beed8f2d30e115d4ee35ea79958c7 ethereal-gnome-0.10.12-1.EL4.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ethereal-0.10.12-1.EL4.1.src.rpm 7b2f445f71663732f4b93ebf07eba0db ethereal-0.10.12-1.EL4.1.src.rpm i386: 36f28de8181662837cd29222f0a33ab6 ethereal-0.10.12-1.EL4.1.i386.rpm f8c99a3e1df81926048514614389aa69 ethereal-gnome-0.10.12-1.EL4.1.i386.rpm x86_64: e84d5eb87488a595a6ef47a2e4893fa7 ethereal-0.10.12-1.EL4.1.x86_64.rpm 987beed8f2d30e115d4ee35ea79958c7 ethereal-gnome-0.10.12-1.EL4.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ethereal-0.10.12-1.EL4.1.src.rpm 7b2f445f71663732f4b93ebf07eba0db ethereal-0.10.12-1.EL4.1.src.rpm i386: 36f28de8181662837cd29222f0a33ab6 ethereal-0.10.12-1.EL4.1.i386.rpm f8c99a3e1df81926048514614389aa69 ethereal-gnome-0.10.12-1.EL4.1.i386.rpm ia64: c2ce14b507a87145a200cf2649371abb ethereal-0.10.12-1.EL4.1.ia64.rpm 7ac1e011517a6b19ef0f18a7fa92dcf1 ethereal-gnome-0.10.12-1.EL4.1.ia64.rpm x86_64: e84d5eb87488a595a6ef47a2e4893fa7 ethereal-0.10.12-1.EL4.1.x86_64.rpm 987beed8f2d30e115d4ee35ea79958c7 ethereal-gnome-0.10.12-1.EL4.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ethereal-0.10.12-1.EL4.1.src.rpm 7b2f445f71663732f4b93ebf07eba0db ethereal-0.10.12-1.EL4.1.src.rpm i386: 36f28de8181662837cd29222f0a33ab6 ethereal-0.10.12-1.EL4.1.i386.rpm f8c99a3e1df81926048514614389aa69 ethereal-gnome-0.10.12-1.EL4.1.i386.rpm ia64: c2ce14b507a87145a200cf2649371abb ethereal-0.10.12-1.EL4.1.ia64.rpm 7ac1e011517a6b19ef0f18a7fa92dcf1 ethereal-gnome-0.10.12-1.EL4.1.ia64.rpm x86_64: e84d5eb87488a595a6ef47a2e4893fa7 ethereal-0.10.12-1.EL4.1.x86_64.rpm 987beed8f2d30e115d4ee35ea79958c7 ethereal-gnome-0.10.12-1.EL4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.redhat.com/magazine/009jul05/features/execshield/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2361 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2362 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2363 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2365 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2366 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2367 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFC+jy8XlSAg2UNWIIRAkzJAKCRyy8bmKlyPQwLqRm2Q/HczGMebgCdGjOD mNYGxxwMHcdY34sO45kxWTA= =bznC -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Aug 10 17:43:56 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 10 Aug 2005 13:43:56 -0400 Subject: [RHSA-2005:708-01] Moderate: gpdf security update Message-ID: <200508101743.j7AHhut5005411@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: gpdf security update Advisory ID: RHSA-2005:708-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-708.html Issue date: 2005-08-10 Updated on: 2005-08-10 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2097 - --------------------------------------------------------------------- 1. Summary: An updated gpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The gpdf package is an GNOME based viewer for Portable Document Format (PDF) files. Marcus Meissner reported a flaw in gpdf. An attacker could construct a carefully crafted PDF file that would cause gpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2097 to this issue. Note that this issue does not affect the version of gpdf in Red Hat Enterprise Linux 3 or 2.1. Users of gpdf should upgrade to this updated package, which contains a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 163920 - CAN-2005-2097 gpdf DoS 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gpdf-2.8.2-4.4.src.rpm 63426feab3b4515c77dd7f3429ced2b1 gpdf-2.8.2-4.4.src.rpm i386: 328bfb4b68c3c9d400356c68ee8d094e gpdf-2.8.2-4.4.i386.rpm ia64: 6975af509ac9ce826b0828827fe7a383 gpdf-2.8.2-4.4.ia64.rpm ppc: bd4f621b08a94d827a5ecef47a405b03 gpdf-2.8.2-4.4.ppc.rpm s390: f74928bb8de575316382103d764c9303 gpdf-2.8.2-4.4.s390.rpm s390x: e7d8b9ad37c21008c0726a526914fac5 gpdf-2.8.2-4.4.s390x.rpm x86_64: 060885532310ab317c726490a9802e7e gpdf-2.8.2-4.4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gpdf-2.8.2-4.4.src.rpm 63426feab3b4515c77dd7f3429ced2b1 gpdf-2.8.2-4.4.src.rpm i386: 328bfb4b68c3c9d400356c68ee8d094e gpdf-2.8.2-4.4.i386.rpm x86_64: 060885532310ab317c726490a9802e7e gpdf-2.8.2-4.4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gpdf-2.8.2-4.4.src.rpm 63426feab3b4515c77dd7f3429ced2b1 gpdf-2.8.2-4.4.src.rpm i386: 328bfb4b68c3c9d400356c68ee8d094e gpdf-2.8.2-4.4.i386.rpm ia64: 6975af509ac9ce826b0828827fe7a383 gpdf-2.8.2-4.4.ia64.rpm x86_64: 060885532310ab317c726490a9802e7e gpdf-2.8.2-4.4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gpdf-2.8.2-4.4.src.rpm 63426feab3b4515c77dd7f3429ced2b1 gpdf-2.8.2-4.4.src.rpm i386: 328bfb4b68c3c9d400356c68ee8d094e gpdf-2.8.2-4.4.i386.rpm ia64: 6975af509ac9ce826b0828827fe7a383 gpdf-2.8.2-4.4.ia64.rpm x86_64: 060885532310ab317c726490a9802e7e gpdf-2.8.2-4.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFC+jzRXlSAg2UNWIIRAmgOAKCCLlxD4ue9ZtuSuuyfePFD5EZ7kQCfROZ9 sjPnyvTTtU3NYYu/jmGNRJw= =bk8R -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 16 20:25:03 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 16 Aug 2005 16:25:03 -0400 Subject: [RHSA-2005:750-01] Critical: Adobe Acrobat Reader security update Message-ID: <200508162025.j7GKP7gJ009684@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: Adobe Acrobat Reader security update Advisory ID: RHSA-2005:750-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-750.html Issue date: 2005-08-16 Updated on: 2005-08-16 Product: Red Hat Enterprise Linux Extras CVE Names: CAN-2005-2470 - --------------------------------------------------------------------- 1. Summary: Updated acroread packages that fix a security issue are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 Extras - i386, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 3. Problem description: The Adobe Acrobat Reader allows users to view and print documents in portable document format (PDF). A buffer overflow bug has been found in Adobe Acrobat Reader. It is possible to execute arbitrary code on a victim's machine if the victim opens a malicious PDF file. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2470 to this issue. All users of Acrobat Reader are advised to upgrade to these updated packages, which contain Acrobat Reader version 7.0.1 and are not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 166057 - CAN-2005-2470 acroread buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS version 3 Extras: i386: cba6f10446ece7d23d163b81699dbb45 acroread-7.0.1-1.1.0.EL3.i386.rpm f324b6da881852c784c293d968d569e4 acroread-plugin-7.0.1-1.1.0.EL3.i386.rpm x86_64: cba6f10446ece7d23d163b81699dbb45 acroread-7.0.1-1.1.0.EL3.i386.rpm Red Hat Desktop version 3 Extras: i386: cba6f10446ece7d23d163b81699dbb45 acroread-7.0.1-1.1.0.EL3.i386.rpm f324b6da881852c784c293d968d569e4 acroread-plugin-7.0.1-1.1.0.EL3.i386.rpm x86_64: cba6f10446ece7d23d163b81699dbb45 acroread-7.0.1-1.1.0.EL3.i386.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: cba6f10446ece7d23d163b81699dbb45 acroread-7.0.1-1.1.0.EL3.i386.rpm f324b6da881852c784c293d968d569e4 acroread-plugin-7.0.1-1.1.0.EL3.i386.rpm x86_64: cba6f10446ece7d23d163b81699dbb45 acroread-7.0.1-1.1.0.EL3.i386.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: cba6f10446ece7d23d163b81699dbb45 acroread-7.0.1-1.1.0.EL3.i386.rpm f324b6da881852c784c293d968d569e4 acroread-plugin-7.0.1-1.1.0.EL3.i386.rpm x86_64: cba6f10446ece7d23d163b81699dbb45 acroread-7.0.1-1.1.0.EL3.i386.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: 4f61e327835b438d3cb3f385c8acfb13 acroread-7.0.1-1.2.0.EL4.i386.rpm f038b6dbf5e5bd2c1ca375deaebfac77 acroread-plugin-7.0.1-1.2.0.EL4.i386.rpm x86_64: 4f61e327835b438d3cb3f385c8acfb13 acroread-7.0.1-1.2.0.EL4.i386.rpm Red Hat Desktop version 4 Extras: i386: 4f61e327835b438d3cb3f385c8acfb13 acroread-7.0.1-1.2.0.EL4.i386.rpm f038b6dbf5e5bd2c1ca375deaebfac77 acroread-plugin-7.0.1-1.2.0.EL4.i386.rpm x86_64: 4f61e327835b438d3cb3f385c8acfb13 acroread-7.0.1-1.2.0.EL4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: 4f61e327835b438d3cb3f385c8acfb13 acroread-7.0.1-1.2.0.EL4.i386.rpm f038b6dbf5e5bd2c1ca375deaebfac77 acroread-plugin-7.0.1-1.2.0.EL4.i386.rpm x86_64: 4f61e327835b438d3cb3f385c8acfb13 acroread-7.0.1-1.2.0.EL4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: 4f61e327835b438d3cb3f385c8acfb13 acroread-7.0.1-1.2.0.EL4.i386.rpm f038b6dbf5e5bd2c1ca375deaebfac77 acroread-plugin-7.0.1-1.2.0.EL4.i386.rpm x86_64: 4f61e327835b438d3cb3f385c8acfb13 acroread-7.0.1-1.2.0.EL4.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.adobe.com/support/techdocs/321644.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2470 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDAkt5XlSAg2UNWIIRAog8AJ9dtFyoWy/dxI1BcGG12NhN8w7fwwCcC39X VuNHW2KkKyY4Tjq+dFDOqDE= =Rby2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Aug 19 17:44:22 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 19 Aug 2005 13:44:22 -0400 Subject: [RHSA-2005:748-01] Important: php security update Message-ID: <200508191744.j7JHiUU9011066@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: php security update Advisory ID: RHSA-2005:748-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-748.html Issue date: 2005-08-19 Updated on: 2005-08-19 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2498 - --------------------------------------------------------------------- 1. Summary: Updated PHP packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the 'apache' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2498 to this issue. When using the default SELinux "targeted" policy on Red Hat Enterprise Linux 4, the impact of this issue is reduced since the scripts executed by PHP are constrained within the httpd_sys_script_t security context. Users of PHP should upgrade to these updated packages, which contain backported fixes for these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 165846 - CAN-2005-2498 PHP PEAR:XMLRPC eval code injection 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/php-4.3.2-25.ent.src.rpm 04d580976153ca074a872fc0f4e46b0c php-4.3.2-25.ent.src.rpm i386: fed51b67a5d48a8522bc8d8148a2bfee php-4.3.2-25.ent.i386.rpm 15cd9ab7e1ef1c95c6ecd8e1f8cbae46 php-devel-4.3.2-25.ent.i386.rpm 6163adee50194e74e37fa24c17e5bfa8 php-imap-4.3.2-25.ent.i386.rpm 7c5d52e3aed50297dbd5d5a75f94ba41 php-ldap-4.3.2-25.ent.i386.rpm aaa8a6a7d4b023c04073b7cae2bf58f6 php-mysql-4.3.2-25.ent.i386.rpm 1e7de237085d4f881c41de6a98b51157 php-odbc-4.3.2-25.ent.i386.rpm c044ec476bf4d3b45892da90d62a3f1a php-pgsql-4.3.2-25.ent.i386.rpm ia64: 9a4dbeb30cc5405a7a48e1bc02f363ea php-4.3.2-25.ent.ia64.rpm 853345e24ec67719dc509a8efac7fc1f php-devel-4.3.2-25.ent.ia64.rpm 55611e3eb2ad4386eaf9f2aeefbae207 php-imap-4.3.2-25.ent.ia64.rpm 0b5e1dfb9ff9299cd0b9d27bfdba8c09 php-ldap-4.3.2-25.ent.ia64.rpm f734685a65e4224edc92cc64ac5e995e php-mysql-4.3.2-25.ent.ia64.rpm 21c6e481bcece62c684f5cc7dcddb8f9 php-odbc-4.3.2-25.ent.ia64.rpm d1cad3dac8d7f922990853ff48478f97 php-pgsql-4.3.2-25.ent.ia64.rpm ppc: 7eca26595c589909d14f1304ba2ee375 php-4.3.2-25.ent.ppc.rpm 580e11d514426001888b1330cb1e1cce php-devel-4.3.2-25.ent.ppc.rpm 8bd6ff8a589e48582b1ad2ab3d0b3d55 php-imap-4.3.2-25.ent.ppc.rpm 447160dea22d85fd27e7a58fcf3958b9 php-ldap-4.3.2-25.ent.ppc.rpm c3690c46988ded0628a05b970efbbe74 php-mysql-4.3.2-25.ent.ppc.rpm 1c993e2d91f8885b747fada9911d43f2 php-odbc-4.3.2-25.ent.ppc.rpm 9d90e82de707dda53eaab3ce775da349 php-pgsql-4.3.2-25.ent.ppc.rpm s390: a5689c1761a08e33c0c28e0aec878d69 php-4.3.2-25.ent.s390.rpm a8762e56d83756f462b13f5d5a2303e7 php-devel-4.3.2-25.ent.s390.rpm 546936bc35e28275086aa5461e7fe8fe php-imap-4.3.2-25.ent.s390.rpm 4b7239fe911530391679eb68e5348ceb php-ldap-4.3.2-25.ent.s390.rpm e6e9819c2421ac68fb27a33de1a9ea4a php-mysql-4.3.2-25.ent.s390.rpm c06f394b3c9410342623ef004658d923 php-odbc-4.3.2-25.ent.s390.rpm a49b311fd89c0c92d85e87ba064d24cb php-pgsql-4.3.2-25.ent.s390.rpm s390x: f249944850b28f3c11318e8c19d1ace9 php-4.3.2-25.ent.s390x.rpm 60f7b03fe3e933319a24b0670a56b1bc php-devel-4.3.2-25.ent.s390x.rpm c7036910984bd31a3d60c51427e39747 php-imap-4.3.2-25.ent.s390x.rpm 6dad978fbd65a0b008401d8a0e421f7d php-ldap-4.3.2-25.ent.s390x.rpm 930d2e0c4aa0d09c2756a3e6760e00d3 php-mysql-4.3.2-25.ent.s390x.rpm 5f231e51c0de5c41419d49723ad3e46f php-odbc-4.3.2-25.ent.s390x.rpm b3750b470d85481353c41428b83277d2 php-pgsql-4.3.2-25.ent.s390x.rpm x86_64: b7de30bf4d9789c9e74a7a47a2450591 php-4.3.2-25.ent.x86_64.rpm e4bfa968ea149b4438ec2c5acf0b7241 php-devel-4.3.2-25.ent.x86_64.rpm 7c5e7a65cb3cad8a0a8c5fb404e96448 php-imap-4.3.2-25.ent.x86_64.rpm 89180e6c640883a91a646891e394b57f php-ldap-4.3.2-25.ent.x86_64.rpm f3b6592a91c9dda2e96c8b7f737fb595 php-mysql-4.3.2-25.ent.x86_64.rpm 2aa2463b9ddd90200ecce28cf9509d0a php-odbc-4.3.2-25.ent.x86_64.rpm 2ad89b967736ac5cb3916216cc448cd6 php-pgsql-4.3.2-25.ent.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/php-4.3.2-25.ent.src.rpm 04d580976153ca074a872fc0f4e46b0c php-4.3.2-25.ent.src.rpm i386: fed51b67a5d48a8522bc8d8148a2bfee php-4.3.2-25.ent.i386.rpm 15cd9ab7e1ef1c95c6ecd8e1f8cbae46 php-devel-4.3.2-25.ent.i386.rpm 6163adee50194e74e37fa24c17e5bfa8 php-imap-4.3.2-25.ent.i386.rpm 7c5d52e3aed50297dbd5d5a75f94ba41 php-ldap-4.3.2-25.ent.i386.rpm aaa8a6a7d4b023c04073b7cae2bf58f6 php-mysql-4.3.2-25.ent.i386.rpm 1e7de237085d4f881c41de6a98b51157 php-odbc-4.3.2-25.ent.i386.rpm c044ec476bf4d3b45892da90d62a3f1a php-pgsql-4.3.2-25.ent.i386.rpm x86_64: b7de30bf4d9789c9e74a7a47a2450591 php-4.3.2-25.ent.x86_64.rpm e4bfa968ea149b4438ec2c5acf0b7241 php-devel-4.3.2-25.ent.x86_64.rpm 7c5e7a65cb3cad8a0a8c5fb404e96448 php-imap-4.3.2-25.ent.x86_64.rpm 89180e6c640883a91a646891e394b57f php-ldap-4.3.2-25.ent.x86_64.rpm f3b6592a91c9dda2e96c8b7f737fb595 php-mysql-4.3.2-25.ent.x86_64.rpm 2aa2463b9ddd90200ecce28cf9509d0a php-odbc-4.3.2-25.ent.x86_64.rpm 2ad89b967736ac5cb3916216cc448cd6 php-pgsql-4.3.2-25.ent.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/php-4.3.2-25.ent.src.rpm 04d580976153ca074a872fc0f4e46b0c php-4.3.2-25.ent.src.rpm i386: fed51b67a5d48a8522bc8d8148a2bfee php-4.3.2-25.ent.i386.rpm 15cd9ab7e1ef1c95c6ecd8e1f8cbae46 php-devel-4.3.2-25.ent.i386.rpm 6163adee50194e74e37fa24c17e5bfa8 php-imap-4.3.2-25.ent.i386.rpm 7c5d52e3aed50297dbd5d5a75f94ba41 php-ldap-4.3.2-25.ent.i386.rpm aaa8a6a7d4b023c04073b7cae2bf58f6 php-mysql-4.3.2-25.ent.i386.rpm 1e7de237085d4f881c41de6a98b51157 php-odbc-4.3.2-25.ent.i386.rpm c044ec476bf4d3b45892da90d62a3f1a php-pgsql-4.3.2-25.ent.i386.rpm ia64: 9a4dbeb30cc5405a7a48e1bc02f363ea php-4.3.2-25.ent.ia64.rpm 853345e24ec67719dc509a8efac7fc1f php-devel-4.3.2-25.ent.ia64.rpm 55611e3eb2ad4386eaf9f2aeefbae207 php-imap-4.3.2-25.ent.ia64.rpm 0b5e1dfb9ff9299cd0b9d27bfdba8c09 php-ldap-4.3.2-25.ent.ia64.rpm f734685a65e4224edc92cc64ac5e995e php-mysql-4.3.2-25.ent.ia64.rpm 21c6e481bcece62c684f5cc7dcddb8f9 php-odbc-4.3.2-25.ent.ia64.rpm d1cad3dac8d7f922990853ff48478f97 php-pgsql-4.3.2-25.ent.ia64.rpm x86_64: b7de30bf4d9789c9e74a7a47a2450591 php-4.3.2-25.ent.x86_64.rpm e4bfa968ea149b4438ec2c5acf0b7241 php-devel-4.3.2-25.ent.x86_64.rpm 7c5e7a65cb3cad8a0a8c5fb404e96448 php-imap-4.3.2-25.ent.x86_64.rpm 89180e6c640883a91a646891e394b57f php-ldap-4.3.2-25.ent.x86_64.rpm f3b6592a91c9dda2e96c8b7f737fb595 php-mysql-4.3.2-25.ent.x86_64.rpm 2aa2463b9ddd90200ecce28cf9509d0a php-odbc-4.3.2-25.ent.x86_64.rpm 2ad89b967736ac5cb3916216cc448cd6 php-pgsql-4.3.2-25.ent.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/php-4.3.2-25.ent.src.rpm 04d580976153ca074a872fc0f4e46b0c php-4.3.2-25.ent.src.rpm i386: fed51b67a5d48a8522bc8d8148a2bfee php-4.3.2-25.ent.i386.rpm 15cd9ab7e1ef1c95c6ecd8e1f8cbae46 php-devel-4.3.2-25.ent.i386.rpm 6163adee50194e74e37fa24c17e5bfa8 php-imap-4.3.2-25.ent.i386.rpm 7c5d52e3aed50297dbd5d5a75f94ba41 php-ldap-4.3.2-25.ent.i386.rpm aaa8a6a7d4b023c04073b7cae2bf58f6 php-mysql-4.3.2-25.ent.i386.rpm 1e7de237085d4f881c41de6a98b51157 php-odbc-4.3.2-25.ent.i386.rpm c044ec476bf4d3b45892da90d62a3f1a php-pgsql-4.3.2-25.ent.i386.rpm ia64: 9a4dbeb30cc5405a7a48e1bc02f363ea php-4.3.2-25.ent.ia64.rpm 853345e24ec67719dc509a8efac7fc1f php-devel-4.3.2-25.ent.ia64.rpm 55611e3eb2ad4386eaf9f2aeefbae207 php-imap-4.3.2-25.ent.ia64.rpm 0b5e1dfb9ff9299cd0b9d27bfdba8c09 php-ldap-4.3.2-25.ent.ia64.rpm f734685a65e4224edc92cc64ac5e995e php-mysql-4.3.2-25.ent.ia64.rpm 21c6e481bcece62c684f5cc7dcddb8f9 php-odbc-4.3.2-25.ent.ia64.rpm d1cad3dac8d7f922990853ff48478f97 php-pgsql-4.3.2-25.ent.ia64.rpm x86_64: b7de30bf4d9789c9e74a7a47a2450591 php-4.3.2-25.ent.x86_64.rpm e4bfa968ea149b4438ec2c5acf0b7241 php-devel-4.3.2-25.ent.x86_64.rpm 7c5e7a65cb3cad8a0a8c5fb404e96448 php-imap-4.3.2-25.ent.x86_64.rpm 89180e6c640883a91a646891e394b57f php-ldap-4.3.2-25.ent.x86_64.rpm f3b6592a91c9dda2e96c8b7f737fb595 php-mysql-4.3.2-25.ent.x86_64.rpm 2aa2463b9ddd90200ecce28cf9509d0a php-odbc-4.3.2-25.ent.x86_64.rpm 2ad89b967736ac5cb3916216cc448cd6 php-pgsql-4.3.2-25.ent.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/php-4.3.9-3.8.src.rpm c42be2ce45b0347e36124fe7a4fb5924 php-4.3.9-3.8.src.rpm i386: 26900c293a14aec11b98f5470c339275 php-4.3.9-3.8.i386.rpm f6327a1bcee45695f1615a48f4dd3608 php-devel-4.3.9-3.8.i386.rpm 5fb7b2579224bddee01be068ea34d64f php-domxml-4.3.9-3.8.i386.rpm fe7ed9022e75667cf57d7e8863b5e05b php-gd-4.3.9-3.8.i386.rpm a3cbdfcbf5f2dbba9f60ff6d61ac58c8 php-imap-4.3.9-3.8.i386.rpm 167a9f3d83dd454a6abbb3132ccbff53 php-ldap-4.3.9-3.8.i386.rpm 01c11bd52d1d51d1f6550a9464c76fd5 php-mbstring-4.3.9-3.8.i386.rpm 991eb09293d6100356d4bc3f3c54976d php-mysql-4.3.9-3.8.i386.rpm 207176609633419e6b3964adc5bfd620 php-ncurses-4.3.9-3.8.i386.rpm 875a5d7dd417e01453c9d66a45a06e8e php-odbc-4.3.9-3.8.i386.rpm b1c9a565e056e223c6f00e13bac9df68 php-pear-4.3.9-3.8.i386.rpm dd7a8b3ba60dc7a720f1d48c5471a6b3 php-pgsql-4.3.9-3.8.i386.rpm 1db2702320f71c20c7ecfebaec1277b5 php-snmp-4.3.9-3.8.i386.rpm 207cd0c9311cf50db0360f31821cf019 php-xmlrpc-4.3.9-3.8.i386.rpm ia64: 31fb5e5a7900f6d18f92c09f5b53af90 php-4.3.9-3.8.ia64.rpm 13f62dcaeb16dc91b4443c9d4e523b84 php-devel-4.3.9-3.8.ia64.rpm 6756575f3575d16a6f43a07be9909779 php-domxml-4.3.9-3.8.ia64.rpm 950bb064c3c71440f7f90c07ae84889e php-gd-4.3.9-3.8.ia64.rpm e720736aa9bbe451e325ed700b84a9a0 php-imap-4.3.9-3.8.ia64.rpm dfb52afcdceddfeb9ae1e688add1eb8d php-ldap-4.3.9-3.8.ia64.rpm ea84d79e2c9f9b5f52238bf5b01fdaf3 php-mbstring-4.3.9-3.8.ia64.rpm 0df8783bc4adb9c3a74f59da40744d41 php-mysql-4.3.9-3.8.ia64.rpm 0a36c7e443e76c389814bb284fbf5ded php-ncurses-4.3.9-3.8.ia64.rpm 181dda661bd4150366ec8fc5e1315b49 php-odbc-4.3.9-3.8.ia64.rpm 0020e01ff72c0c0f999f962d0bae513b php-pear-4.3.9-3.8.ia64.rpm b45d0b44eb5b343d3a4cd600b5754611 php-pgsql-4.3.9-3.8.ia64.rpm d6d4ccc44ee12736ee65780ddaffdae5 php-snmp-4.3.9-3.8.ia64.rpm b71a96ce00186e024fb0ead2a8f4e100 php-xmlrpc-4.3.9-3.8.ia64.rpm ppc: bd34db8f23114905bcc56376ce1fd0b7 php-4.3.9-3.8.ppc.rpm fa58e7518f05706a98b35745c1d4b913 php-devel-4.3.9-3.8.ppc.rpm 48ce6b37b6ad12be24d4f84e9e67452b php-domxml-4.3.9-3.8.ppc.rpm 5b066afed81a791aace7cdcbb6a90947 php-gd-4.3.9-3.8.ppc.rpm fd84f47ef66dc4ff55464eae3df2efc4 php-imap-4.3.9-3.8.ppc.rpm b48ca33c593124d6c8c59008041b79cb php-ldap-4.3.9-3.8.ppc.rpm 82e4b5e99580c7d308b4ecea56df6738 php-mbstring-4.3.9-3.8.ppc.rpm 552a51dbe98d0f4ae22228ae1f13e19a php-mysql-4.3.9-3.8.ppc.rpm 550ebfa0b4d3d9684d2523b50603f881 php-ncurses-4.3.9-3.8.ppc.rpm 1196dc21d9ee440787f679876ed440b2 php-odbc-4.3.9-3.8.ppc.rpm ba14e117c2754801a06870022468d207 php-pear-4.3.9-3.8.ppc.rpm 2183466fbf6bc9fcf5b5e7725fc5cb5a php-pgsql-4.3.9-3.8.ppc.rpm dbab2c19b448606ac1ef87af64c8dd35 php-snmp-4.3.9-3.8.ppc.rpm 77dac822b135a91c931390e365a3a3c0 php-xmlrpc-4.3.9-3.8.ppc.rpm s390: d180410bf180e90c8a40be0fdc80ff29 php-4.3.9-3.8.s390.rpm cfb3f3e2546aa13a9623a6012a08995e php-devel-4.3.9-3.8.s390.rpm 71abbaefd50c44f73f0df6881fe69e5e php-domxml-4.3.9-3.8.s390.rpm 37fc36bd054c106e5303873c326401ef php-gd-4.3.9-3.8.s390.rpm 1c630c18aff48f8219c9e0f4f096df3c php-imap-4.3.9-3.8.s390.rpm 1c8bf3ba6fce68d3983a0ac3565f6023 php-ldap-4.3.9-3.8.s390.rpm cc5051676df9580ed8a861aad3c8c8d8 php-mbstring-4.3.9-3.8.s390.rpm b7314f018786de79b4399646b54b5403 php-mysql-4.3.9-3.8.s390.rpm 387f8205ec3cb69519d5d4de63446c90 php-ncurses-4.3.9-3.8.s390.rpm e0ac0c167353567c5cca3b036f343064 php-odbc-4.3.9-3.8.s390.rpm 90a71adefa907cb35419d4cf923868e0 php-pear-4.3.9-3.8.s390.rpm d35ddfb3cd210c006f3d1df6d5d61c02 php-pgsql-4.3.9-3.8.s390.rpm 01757c42045de567d808402c7d8f737c php-snmp-4.3.9-3.8.s390.rpm c94551d25c1934782cdd7ed662ab1fea php-xmlrpc-4.3.9-3.8.s390.rpm s390x: 61f9ac19c4ba7716404b48de56373521 php-4.3.9-3.8.s390x.rpm deb89d9fb54a82fb915ca021a54e2e68 php-devel-4.3.9-3.8.s390x.rpm a28bbddd28f97d0da1580df4d374d447 php-domxml-4.3.9-3.8.s390x.rpm fc4bc891dfb91e5082c4cbb0dda02314 php-gd-4.3.9-3.8.s390x.rpm 887c4678d7966f6035e90737fda4afd1 php-imap-4.3.9-3.8.s390x.rpm 003e92e07d789c19d902f8301b628178 php-ldap-4.3.9-3.8.s390x.rpm fd0ee023262407e6e1cd629e74217e63 php-mbstring-4.3.9-3.8.s390x.rpm 9859ebd83766c0a6c7b1d9d6177c410a php-mysql-4.3.9-3.8.s390x.rpm bdcd50dafb2b4ca148072ee1695fd1bb php-ncurses-4.3.9-3.8.s390x.rpm fba112c1ea14563d92343c2f2bb86d14 php-odbc-4.3.9-3.8.s390x.rpm c1279024b71f8bbaac74a3950447699d php-pear-4.3.9-3.8.s390x.rpm fc44cb66d82b6d8c81caa37eb2cb1ea5 php-pgsql-4.3.9-3.8.s390x.rpm d5ed53874ff1be6a2d84d8cd1a14876a php-snmp-4.3.9-3.8.s390x.rpm 25f1527864ffeee21dc3f665c5576f2e php-xmlrpc-4.3.9-3.8.s390x.rpm x86_64: 745cfb9496358bde45c201dcd0fe4c90 php-4.3.9-3.8.x86_64.rpm 4aa30d7eda48f1c8cdc6ce5afcf966df php-devel-4.3.9-3.8.x86_64.rpm 319c16cb8d5c49eb22ac35c96c4ca88f php-domxml-4.3.9-3.8.x86_64.rpm b6da99b5bd00ccd411a880bfd41eaffe php-gd-4.3.9-3.8.x86_64.rpm 95597dc53ed20dd035f868d3df3381b3 php-imap-4.3.9-3.8.x86_64.rpm 7542e656c771567c10b01d414e1ad608 php-ldap-4.3.9-3.8.x86_64.rpm 48884af41341ffaaa417298c9bee56b3 php-mbstring-4.3.9-3.8.x86_64.rpm 890e6b5bc9cf6df4d583a3826b68c83a php-mysql-4.3.9-3.8.x86_64.rpm 2e441ee60fb1abd2797c713de8510326 php-ncurses-4.3.9-3.8.x86_64.rpm cc2986371ebc3600f1facd5738eef5ca php-odbc-4.3.9-3.8.x86_64.rpm 10d45ce3202aefec649a89a417b51cda php-pear-4.3.9-3.8.x86_64.rpm ef1c012749995b02d39cfe617b55ca7d php-pgsql-4.3.9-3.8.x86_64.rpm 4bdfd3d0d24ecee14d5635e55a833ca1 php-snmp-4.3.9-3.8.x86_64.rpm 9ba9283f2dc4a2b86c48eb835e54e88f php-xmlrpc-4.3.9-3.8.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/php-4.3.9-3.8.src.rpm c42be2ce45b0347e36124fe7a4fb5924 php-4.3.9-3.8.src.rpm i386: 26900c293a14aec11b98f5470c339275 php-4.3.9-3.8.i386.rpm f6327a1bcee45695f1615a48f4dd3608 php-devel-4.3.9-3.8.i386.rpm 5fb7b2579224bddee01be068ea34d64f php-domxml-4.3.9-3.8.i386.rpm fe7ed9022e75667cf57d7e8863b5e05b php-gd-4.3.9-3.8.i386.rpm a3cbdfcbf5f2dbba9f60ff6d61ac58c8 php-imap-4.3.9-3.8.i386.rpm 167a9f3d83dd454a6abbb3132ccbff53 php-ldap-4.3.9-3.8.i386.rpm 01c11bd52d1d51d1f6550a9464c76fd5 php-mbstring-4.3.9-3.8.i386.rpm 991eb09293d6100356d4bc3f3c54976d php-mysql-4.3.9-3.8.i386.rpm 207176609633419e6b3964adc5bfd620 php-ncurses-4.3.9-3.8.i386.rpm 875a5d7dd417e01453c9d66a45a06e8e php-odbc-4.3.9-3.8.i386.rpm b1c9a565e056e223c6f00e13bac9df68 php-pear-4.3.9-3.8.i386.rpm dd7a8b3ba60dc7a720f1d48c5471a6b3 php-pgsql-4.3.9-3.8.i386.rpm 1db2702320f71c20c7ecfebaec1277b5 php-snmp-4.3.9-3.8.i386.rpm 207cd0c9311cf50db0360f31821cf019 php-xmlrpc-4.3.9-3.8.i386.rpm x86_64: 745cfb9496358bde45c201dcd0fe4c90 php-4.3.9-3.8.x86_64.rpm 4aa30d7eda48f1c8cdc6ce5afcf966df php-devel-4.3.9-3.8.x86_64.rpm 319c16cb8d5c49eb22ac35c96c4ca88f php-domxml-4.3.9-3.8.x86_64.rpm b6da99b5bd00ccd411a880bfd41eaffe php-gd-4.3.9-3.8.x86_64.rpm 95597dc53ed20dd035f868d3df3381b3 php-imap-4.3.9-3.8.x86_64.rpm 7542e656c771567c10b01d414e1ad608 php-ldap-4.3.9-3.8.x86_64.rpm 48884af41341ffaaa417298c9bee56b3 php-mbstring-4.3.9-3.8.x86_64.rpm 890e6b5bc9cf6df4d583a3826b68c83a php-mysql-4.3.9-3.8.x86_64.rpm 2e441ee60fb1abd2797c713de8510326 php-ncurses-4.3.9-3.8.x86_64.rpm cc2986371ebc3600f1facd5738eef5ca php-odbc-4.3.9-3.8.x86_64.rpm 10d45ce3202aefec649a89a417b51cda php-pear-4.3.9-3.8.x86_64.rpm ef1c012749995b02d39cfe617b55ca7d php-pgsql-4.3.9-3.8.x86_64.rpm 4bdfd3d0d24ecee14d5635e55a833ca1 php-snmp-4.3.9-3.8.x86_64.rpm 9ba9283f2dc4a2b86c48eb835e54e88f php-xmlrpc-4.3.9-3.8.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/php-4.3.9-3.8.src.rpm c42be2ce45b0347e36124fe7a4fb5924 php-4.3.9-3.8.src.rpm i386: 26900c293a14aec11b98f5470c339275 php-4.3.9-3.8.i386.rpm f6327a1bcee45695f1615a48f4dd3608 php-devel-4.3.9-3.8.i386.rpm 5fb7b2579224bddee01be068ea34d64f php-domxml-4.3.9-3.8.i386.rpm fe7ed9022e75667cf57d7e8863b5e05b php-gd-4.3.9-3.8.i386.rpm a3cbdfcbf5f2dbba9f60ff6d61ac58c8 php-imap-4.3.9-3.8.i386.rpm 167a9f3d83dd454a6abbb3132ccbff53 php-ldap-4.3.9-3.8.i386.rpm 01c11bd52d1d51d1f6550a9464c76fd5 php-mbstring-4.3.9-3.8.i386.rpm 991eb09293d6100356d4bc3f3c54976d php-mysql-4.3.9-3.8.i386.rpm 207176609633419e6b3964adc5bfd620 php-ncurses-4.3.9-3.8.i386.rpm 875a5d7dd417e01453c9d66a45a06e8e php-odbc-4.3.9-3.8.i386.rpm b1c9a565e056e223c6f00e13bac9df68 php-pear-4.3.9-3.8.i386.rpm dd7a8b3ba60dc7a720f1d48c5471a6b3 php-pgsql-4.3.9-3.8.i386.rpm 1db2702320f71c20c7ecfebaec1277b5 php-snmp-4.3.9-3.8.i386.rpm 207cd0c9311cf50db0360f31821cf019 php-xmlrpc-4.3.9-3.8.i386.rpm ia64: 31fb5e5a7900f6d18f92c09f5b53af90 php-4.3.9-3.8.ia64.rpm 13f62dcaeb16dc91b4443c9d4e523b84 php-devel-4.3.9-3.8.ia64.rpm 6756575f3575d16a6f43a07be9909779 php-domxml-4.3.9-3.8.ia64.rpm 950bb064c3c71440f7f90c07ae84889e php-gd-4.3.9-3.8.ia64.rpm e720736aa9bbe451e325ed700b84a9a0 php-imap-4.3.9-3.8.ia64.rpm dfb52afcdceddfeb9ae1e688add1eb8d php-ldap-4.3.9-3.8.ia64.rpm ea84d79e2c9f9b5f52238bf5b01fdaf3 php-mbstring-4.3.9-3.8.ia64.rpm 0df8783bc4adb9c3a74f59da40744d41 php-mysql-4.3.9-3.8.ia64.rpm 0a36c7e443e76c389814bb284fbf5ded php-ncurses-4.3.9-3.8.ia64.rpm 181dda661bd4150366ec8fc5e1315b49 php-odbc-4.3.9-3.8.ia64.rpm 0020e01ff72c0c0f999f962d0bae513b php-pear-4.3.9-3.8.ia64.rpm b45d0b44eb5b343d3a4cd600b5754611 php-pgsql-4.3.9-3.8.ia64.rpm d6d4ccc44ee12736ee65780ddaffdae5 php-snmp-4.3.9-3.8.ia64.rpm b71a96ce00186e024fb0ead2a8f4e100 php-xmlrpc-4.3.9-3.8.ia64.rpm x86_64: 745cfb9496358bde45c201dcd0fe4c90 php-4.3.9-3.8.x86_64.rpm 4aa30d7eda48f1c8cdc6ce5afcf966df php-devel-4.3.9-3.8.x86_64.rpm 319c16cb8d5c49eb22ac35c96c4ca88f php-domxml-4.3.9-3.8.x86_64.rpm b6da99b5bd00ccd411a880bfd41eaffe php-gd-4.3.9-3.8.x86_64.rpm 95597dc53ed20dd035f868d3df3381b3 php-imap-4.3.9-3.8.x86_64.rpm 7542e656c771567c10b01d414e1ad608 php-ldap-4.3.9-3.8.x86_64.rpm 48884af41341ffaaa417298c9bee56b3 php-mbstring-4.3.9-3.8.x86_64.rpm 890e6b5bc9cf6df4d583a3826b68c83a php-mysql-4.3.9-3.8.x86_64.rpm 2e441ee60fb1abd2797c713de8510326 php-ncurses-4.3.9-3.8.x86_64.rpm cc2986371ebc3600f1facd5738eef5ca php-odbc-4.3.9-3.8.x86_64.rpm 10d45ce3202aefec649a89a417b51cda php-pear-4.3.9-3.8.x86_64.rpm ef1c012749995b02d39cfe617b55ca7d php-pgsql-4.3.9-3.8.x86_64.rpm 4bdfd3d0d24ecee14d5635e55a833ca1 php-snmp-4.3.9-3.8.x86_64.rpm 9ba9283f2dc4a2b86c48eb835e54e88f php-xmlrpc-4.3.9-3.8.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/php-4.3.9-3.8.src.rpm c42be2ce45b0347e36124fe7a4fb5924 php-4.3.9-3.8.src.rpm i386: 26900c293a14aec11b98f5470c339275 php-4.3.9-3.8.i386.rpm f6327a1bcee45695f1615a48f4dd3608 php-devel-4.3.9-3.8.i386.rpm 5fb7b2579224bddee01be068ea34d64f php-domxml-4.3.9-3.8.i386.rpm fe7ed9022e75667cf57d7e8863b5e05b php-gd-4.3.9-3.8.i386.rpm a3cbdfcbf5f2dbba9f60ff6d61ac58c8 php-imap-4.3.9-3.8.i386.rpm 167a9f3d83dd454a6abbb3132ccbff53 php-ldap-4.3.9-3.8.i386.rpm 01c11bd52d1d51d1f6550a9464c76fd5 php-mbstring-4.3.9-3.8.i386.rpm 991eb09293d6100356d4bc3f3c54976d php-mysql-4.3.9-3.8.i386.rpm 207176609633419e6b3964adc5bfd620 php-ncurses-4.3.9-3.8.i386.rpm 875a5d7dd417e01453c9d66a45a06e8e php-odbc-4.3.9-3.8.i386.rpm b1c9a565e056e223c6f00e13bac9df68 php-pear-4.3.9-3.8.i386.rpm dd7a8b3ba60dc7a720f1d48c5471a6b3 php-pgsql-4.3.9-3.8.i386.rpm 1db2702320f71c20c7ecfebaec1277b5 php-snmp-4.3.9-3.8.i386.rpm 207cd0c9311cf50db0360f31821cf019 php-xmlrpc-4.3.9-3.8.i386.rpm ia64: 31fb5e5a7900f6d18f92c09f5b53af90 php-4.3.9-3.8.ia64.rpm 13f62dcaeb16dc91b4443c9d4e523b84 php-devel-4.3.9-3.8.ia64.rpm 6756575f3575d16a6f43a07be9909779 php-domxml-4.3.9-3.8.ia64.rpm 950bb064c3c71440f7f90c07ae84889e php-gd-4.3.9-3.8.ia64.rpm e720736aa9bbe451e325ed700b84a9a0 php-imap-4.3.9-3.8.ia64.rpm dfb52afcdceddfeb9ae1e688add1eb8d php-ldap-4.3.9-3.8.ia64.rpm ea84d79e2c9f9b5f52238bf5b01fdaf3 php-mbstring-4.3.9-3.8.ia64.rpm 0df8783bc4adb9c3a74f59da40744d41 php-mysql-4.3.9-3.8.ia64.rpm 0a36c7e443e76c389814bb284fbf5ded php-ncurses-4.3.9-3.8.ia64.rpm 181dda661bd4150366ec8fc5e1315b49 php-odbc-4.3.9-3.8.ia64.rpm 0020e01ff72c0c0f999f962d0bae513b php-pear-4.3.9-3.8.ia64.rpm b45d0b44eb5b343d3a4cd600b5754611 php-pgsql-4.3.9-3.8.ia64.rpm d6d4ccc44ee12736ee65780ddaffdae5 php-snmp-4.3.9-3.8.ia64.rpm b71a96ce00186e024fb0ead2a8f4e100 php-xmlrpc-4.3.9-3.8.ia64.rpm x86_64: 745cfb9496358bde45c201dcd0fe4c90 php-4.3.9-3.8.x86_64.rpm 4aa30d7eda48f1c8cdc6ce5afcf966df php-devel-4.3.9-3.8.x86_64.rpm 319c16cb8d5c49eb22ac35c96c4ca88f php-domxml-4.3.9-3.8.x86_64.rpm b6da99b5bd00ccd411a880bfd41eaffe php-gd-4.3.9-3.8.x86_64.rpm 95597dc53ed20dd035f868d3df3381b3 php-imap-4.3.9-3.8.x86_64.rpm 7542e656c771567c10b01d414e1ad608 php-ldap-4.3.9-3.8.x86_64.rpm 48884af41341ffaaa417298c9bee56b3 php-mbstring-4.3.9-3.8.x86_64.rpm 890e6b5bc9cf6df4d583a3826b68c83a php-mysql-4.3.9-3.8.x86_64.rpm 2e441ee60fb1abd2797c713de8510326 php-ncurses-4.3.9-3.8.x86_64.rpm cc2986371ebc3600f1facd5738eef5ca php-odbc-4.3.9-3.8.x86_64.rpm 10d45ce3202aefec649a89a417b51cda php-pear-4.3.9-3.8.x86_64.rpm ef1c012749995b02d39cfe617b55ca7d php-pgsql-4.3.9-3.8.x86_64.rpm 4bdfd3d0d24ecee14d5635e55a833ca1 php-snmp-4.3.9-3.8.x86_64.rpm 9ba9283f2dc4a2b86c48eb835e54e88f php-xmlrpc-4.3.9-3.8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDBhpuXlSAg2UNWIIRAht2AKCKNTyBleqPN0NCBkvfatjXQFCZKwCeO5eG w3j1/7JddU7Xvn+7aTkVLjs= =Uqxk -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 22 14:16:44 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 22 Aug 2005 10:16:44 -0400 Subject: [RHSA-2005:743-01] Low: netpbm security update Message-ID: <200508221416.j7MEGj6g014655@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: netpbm security update Advisory ID: RHSA-2005:743-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-743.html Issue date: 2005-08-22 Updated on: 2005-08-22 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2471 - --------------------------------------------------------------------- 1. Summary: Updated netpbm packages that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The netpbm package contains a library of functions that support programs for handling various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. A bug was found in the way netpbm converts PostScript files into PBM, PGM or PPM files. An attacker could create a carefully crafted PostScript file in such a way that it could execute arbitrary commands when the file is processed by a victim using pstopnm. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2471 to this issue. All users of netpbm should upgrade to the updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 165354 - CAN-2005-2471 netpbm should use the -dSAFER option when calling Ghostscript 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/netpbm-9.24-9.AS21.4.src.rpm 811dca197324094d79f4242325b08609 netpbm-9.24-9.AS21.4.src.rpm i386: ac0b56e01dd861b14e4510a793c9ea8e netpbm-9.24-9.AS21.4.i386.rpm b7d87039c032a6dbf6b7831d18e7a103 netpbm-devel-9.24-9.AS21.4.i386.rpm 9befb02310e527a72767c80e21e47eda netpbm-progs-9.24-9.AS21.4.i386.rpm ia64: 8286f19e1a7d5ad225c4ca1515d3bbbf netpbm-9.24-9.AS21.4.ia64.rpm 20d1855ff0ecb091485c02d495433239 netpbm-devel-9.24-9.AS21.4.ia64.rpm 00d36b5c9a0aa343e0cb26ca578490e5 netpbm-progs-9.24-9.AS21.4.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/netpbm-9.24-9.AS21.4.src.rpm 811dca197324094d79f4242325b08609 netpbm-9.24-9.AS21.4.src.rpm ia64: 8286f19e1a7d5ad225c4ca1515d3bbbf netpbm-9.24-9.AS21.4.ia64.rpm 20d1855ff0ecb091485c02d495433239 netpbm-devel-9.24-9.AS21.4.ia64.rpm 00d36b5c9a0aa343e0cb26ca578490e5 netpbm-progs-9.24-9.AS21.4.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/netpbm-9.24-9.AS21.4.src.rpm 811dca197324094d79f4242325b08609 netpbm-9.24-9.AS21.4.src.rpm i386: ac0b56e01dd861b14e4510a793c9ea8e netpbm-9.24-9.AS21.4.i386.rpm b7d87039c032a6dbf6b7831d18e7a103 netpbm-devel-9.24-9.AS21.4.i386.rpm 9befb02310e527a72767c80e21e47eda netpbm-progs-9.24-9.AS21.4.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/netpbm-9.24-9.AS21.4.src.rpm 811dca197324094d79f4242325b08609 netpbm-9.24-9.AS21.4.src.rpm i386: ac0b56e01dd861b14e4510a793c9ea8e netpbm-9.24-9.AS21.4.i386.rpm b7d87039c032a6dbf6b7831d18e7a103 netpbm-devel-9.24-9.AS21.4.i386.rpm 9befb02310e527a72767c80e21e47eda netpbm-progs-9.24-9.AS21.4.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/netpbm-9.24-11.30.2.src.rpm 0cbc57173d4c67641b1cd4c6d554d7d5 netpbm-9.24-11.30.2.src.rpm i386: 54e4b9b1f3148d653642b0207bb95a05 netpbm-9.24-11.30.2.i386.rpm e00bf44ef1264face9d30f1f3ea447f0 netpbm-devel-9.24-11.30.2.i386.rpm 577fbbf1e292e68e33673505db2f27b8 netpbm-progs-9.24-11.30.2.i386.rpm ia64: 54e4b9b1f3148d653642b0207bb95a05 netpbm-9.24-11.30.2.i386.rpm 8c62264a5d040d869228ef07c356d511 netpbm-9.24-11.30.2.ia64.rpm 70717ab0600b1f0d9fddb7c3ce55a726 netpbm-devel-9.24-11.30.2.ia64.rpm 0cb39d2f07227be71af3e90ac228ac5d netpbm-progs-9.24-11.30.2.ia64.rpm ppc: 8810fb53342e7c9b54777dd15157980d netpbm-9.24-11.30.2.ppc.rpm c8a377dcabf4cb2700b5d2921b0f36d6 netpbm-9.24-11.30.2.ppc64.rpm d5abadde29b8ffcb4dc4ce33ba51e160 netpbm-devel-9.24-11.30.2.ppc.rpm cdca8f666ca2f2e6e6d73173cc078cda netpbm-progs-9.24-11.30.2.ppc.rpm s390: ae7c0c83795b2f9d919d632ecbec98e4 netpbm-9.24-11.30.2.s390.rpm 4f77dc9899e24faa336881dc90f049f4 netpbm-devel-9.24-11.30.2.s390.rpm f6949ce9913ee9c6b4ae5c1282d45ec8 netpbm-progs-9.24-11.30.2.s390.rpm s390x: ae7c0c83795b2f9d919d632ecbec98e4 netpbm-9.24-11.30.2.s390.rpm 42f272052b23f14c4593d59613110e4f netpbm-9.24-11.30.2.s390x.rpm f192270764af4be44d9040e8ee0960fc netpbm-devel-9.24-11.30.2.s390x.rpm cba3eb031401a348108e762b26a558d7 netpbm-progs-9.24-11.30.2.s390x.rpm x86_64: 54e4b9b1f3148d653642b0207bb95a05 netpbm-9.24-11.30.2.i386.rpm aeeb5e951717021ee5c3e0bcc25106f4 netpbm-9.24-11.30.2.x86_64.rpm 077468df7b231dfc7940c683d8c0d61c netpbm-devel-9.24-11.30.2.x86_64.rpm 895c4f320449d7458705b79262f8566c netpbm-progs-9.24-11.30.2.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/netpbm-9.24-11.30.2.src.rpm 0cbc57173d4c67641b1cd4c6d554d7d5 netpbm-9.24-11.30.2.src.rpm i386: 54e4b9b1f3148d653642b0207bb95a05 netpbm-9.24-11.30.2.i386.rpm e00bf44ef1264face9d30f1f3ea447f0 netpbm-devel-9.24-11.30.2.i386.rpm 577fbbf1e292e68e33673505db2f27b8 netpbm-progs-9.24-11.30.2.i386.rpm x86_64: 54e4b9b1f3148d653642b0207bb95a05 netpbm-9.24-11.30.2.i386.rpm aeeb5e951717021ee5c3e0bcc25106f4 netpbm-9.24-11.30.2.x86_64.rpm 077468df7b231dfc7940c683d8c0d61c netpbm-devel-9.24-11.30.2.x86_64.rpm 895c4f320449d7458705b79262f8566c netpbm-progs-9.24-11.30.2.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/netpbm-9.24-11.30.2.src.rpm 0cbc57173d4c67641b1cd4c6d554d7d5 netpbm-9.24-11.30.2.src.rpm i386: 54e4b9b1f3148d653642b0207bb95a05 netpbm-9.24-11.30.2.i386.rpm e00bf44ef1264face9d30f1f3ea447f0 netpbm-devel-9.24-11.30.2.i386.rpm 577fbbf1e292e68e33673505db2f27b8 netpbm-progs-9.24-11.30.2.i386.rpm ia64: 54e4b9b1f3148d653642b0207bb95a05 netpbm-9.24-11.30.2.i386.rpm 8c62264a5d040d869228ef07c356d511 netpbm-9.24-11.30.2.ia64.rpm 70717ab0600b1f0d9fddb7c3ce55a726 netpbm-devel-9.24-11.30.2.ia64.rpm 0cb39d2f07227be71af3e90ac228ac5d netpbm-progs-9.24-11.30.2.ia64.rpm x86_64: 54e4b9b1f3148d653642b0207bb95a05 netpbm-9.24-11.30.2.i386.rpm aeeb5e951717021ee5c3e0bcc25106f4 netpbm-9.24-11.30.2.x86_64.rpm 077468df7b231dfc7940c683d8c0d61c netpbm-devel-9.24-11.30.2.x86_64.rpm 895c4f320449d7458705b79262f8566c netpbm-progs-9.24-11.30.2.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/netpbm-9.24-11.30.2.src.rpm 0cbc57173d4c67641b1cd4c6d554d7d5 netpbm-9.24-11.30.2.src.rpm i386: 54e4b9b1f3148d653642b0207bb95a05 netpbm-9.24-11.30.2.i386.rpm e00bf44ef1264face9d30f1f3ea447f0 netpbm-devel-9.24-11.30.2.i386.rpm 577fbbf1e292e68e33673505db2f27b8 netpbm-progs-9.24-11.30.2.i386.rpm ia64: 54e4b9b1f3148d653642b0207bb95a05 netpbm-9.24-11.30.2.i386.rpm 8c62264a5d040d869228ef07c356d511 netpbm-9.24-11.30.2.ia64.rpm 70717ab0600b1f0d9fddb7c3ce55a726 netpbm-devel-9.24-11.30.2.ia64.rpm 0cb39d2f07227be71af3e90ac228ac5d netpbm-progs-9.24-11.30.2.ia64.rpm x86_64: 54e4b9b1f3148d653642b0207bb95a05 netpbm-9.24-11.30.2.i386.rpm aeeb5e951717021ee5c3e0bcc25106f4 netpbm-9.24-11.30.2.x86_64.rpm 077468df7b231dfc7940c683d8c0d61c netpbm-devel-9.24-11.30.2.x86_64.rpm 895c4f320449d7458705b79262f8566c netpbm-progs-9.24-11.30.2.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/netpbm-10.25-2.EL4.1.src.rpm 869e0f21cfd0377739445c391731eedd netpbm-10.25-2.EL4.1.src.rpm i386: 4c9721788faee4772a53714354ddeeaf netpbm-10.25-2.EL4.1.i386.rpm 1dbb7efb0c0263385155d384d4391b98 netpbm-devel-10.25-2.EL4.1.i386.rpm 171ac58a455d11573617987a1d1491b5 netpbm-progs-10.25-2.EL4.1.i386.rpm ia64: 4c9721788faee4772a53714354ddeeaf netpbm-10.25-2.EL4.1.i386.rpm 880f3a657940bc52db851023867a0352 netpbm-10.25-2.EL4.1.ia64.rpm 71a8155fef4920eb70a810731fc5f692 netpbm-devel-10.25-2.EL4.1.ia64.rpm d37c2f791950d4956a628ecbb8747615 netpbm-progs-10.25-2.EL4.1.ia64.rpm ppc: cc0188a8ccbddfda6740ac2022e8863f netpbm-10.25-2.EL4.1.ppc.rpm b058426aed7fac9f713733f457744538 netpbm-10.25-2.EL4.1.ppc64.rpm 8a540650f6c8902973b3e8df86a8b154 netpbm-devel-10.25-2.EL4.1.ppc.rpm b8cc6b71ad253855729e181bc5efecdc netpbm-progs-10.25-2.EL4.1.ppc.rpm s390: 19f7fa268d1030ed163ee10c578bd915 netpbm-10.25-2.EL4.1.s390.rpm 6ffe8964ea0ddd43ebd3ae1ce7710c89 netpbm-devel-10.25-2.EL4.1.s390.rpm ca7ec7adb7519cde1ea22407e412bf04 netpbm-progs-10.25-2.EL4.1.s390.rpm s390x: 19f7fa268d1030ed163ee10c578bd915 netpbm-10.25-2.EL4.1.s390.rpm 146544c0a2ad3b1dce15cfe1957d98cf netpbm-10.25-2.EL4.1.s390x.rpm 744c222b67dbb77f83d60ba9fc45e9eb netpbm-devel-10.25-2.EL4.1.s390x.rpm a7d0e17a1693d02734ffebc4d00496bb netpbm-progs-10.25-2.EL4.1.s390x.rpm x86_64: 4c9721788faee4772a53714354ddeeaf netpbm-10.25-2.EL4.1.i386.rpm 79ab9dcf0c19661719ef8d19d778aea0 netpbm-10.25-2.EL4.1.x86_64.rpm cddf4e0c5e2bbcac02002376e7830ae8 netpbm-devel-10.25-2.EL4.1.x86_64.rpm 1de2e67ae51b427005999b2ad413c5d6 netpbm-progs-10.25-2.EL4.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/netpbm-10.25-2.EL4.1.src.rpm 869e0f21cfd0377739445c391731eedd netpbm-10.25-2.EL4.1.src.rpm i386: 4c9721788faee4772a53714354ddeeaf netpbm-10.25-2.EL4.1.i386.rpm 1dbb7efb0c0263385155d384d4391b98 netpbm-devel-10.25-2.EL4.1.i386.rpm 171ac58a455d11573617987a1d1491b5 netpbm-progs-10.25-2.EL4.1.i386.rpm x86_64: 4c9721788faee4772a53714354ddeeaf netpbm-10.25-2.EL4.1.i386.rpm 79ab9dcf0c19661719ef8d19d778aea0 netpbm-10.25-2.EL4.1.x86_64.rpm cddf4e0c5e2bbcac02002376e7830ae8 netpbm-devel-10.25-2.EL4.1.x86_64.rpm 1de2e67ae51b427005999b2ad413c5d6 netpbm-progs-10.25-2.EL4.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/netpbm-10.25-2.EL4.1.src.rpm 869e0f21cfd0377739445c391731eedd netpbm-10.25-2.EL4.1.src.rpm i386: 4c9721788faee4772a53714354ddeeaf netpbm-10.25-2.EL4.1.i386.rpm 1dbb7efb0c0263385155d384d4391b98 netpbm-devel-10.25-2.EL4.1.i386.rpm 171ac58a455d11573617987a1d1491b5 netpbm-progs-10.25-2.EL4.1.i386.rpm ia64: 4c9721788faee4772a53714354ddeeaf netpbm-10.25-2.EL4.1.i386.rpm 880f3a657940bc52db851023867a0352 netpbm-10.25-2.EL4.1.ia64.rpm 71a8155fef4920eb70a810731fc5f692 netpbm-devel-10.25-2.EL4.1.ia64.rpm d37c2f791950d4956a628ecbb8747615 netpbm-progs-10.25-2.EL4.1.ia64.rpm x86_64: 4c9721788faee4772a53714354ddeeaf netpbm-10.25-2.EL4.1.i386.rpm 79ab9dcf0c19661719ef8d19d778aea0 netpbm-10.25-2.EL4.1.x86_64.rpm cddf4e0c5e2bbcac02002376e7830ae8 netpbm-devel-10.25-2.EL4.1.x86_64.rpm 1de2e67ae51b427005999b2ad413c5d6 netpbm-progs-10.25-2.EL4.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/netpbm-10.25-2.EL4.1.src.rpm 869e0f21cfd0377739445c391731eedd netpbm-10.25-2.EL4.1.src.rpm i386: 4c9721788faee4772a53714354ddeeaf netpbm-10.25-2.EL4.1.i386.rpm 1dbb7efb0c0263385155d384d4391b98 netpbm-devel-10.25-2.EL4.1.i386.rpm 171ac58a455d11573617987a1d1491b5 netpbm-progs-10.25-2.EL4.1.i386.rpm ia64: 4c9721788faee4772a53714354ddeeaf netpbm-10.25-2.EL4.1.i386.rpm 880f3a657940bc52db851023867a0352 netpbm-10.25-2.EL4.1.ia64.rpm 71a8155fef4920eb70a810731fc5f692 netpbm-devel-10.25-2.EL4.1.ia64.rpm d37c2f791950d4956a628ecbb8747615 netpbm-progs-10.25-2.EL4.1.ia64.rpm x86_64: 4c9721788faee4772a53714354ddeeaf netpbm-10.25-2.EL4.1.i386.rpm 79ab9dcf0c19661719ef8d19d778aea0 netpbm-10.25-2.EL4.1.x86_64.rpm cddf4e0c5e2bbcac02002376e7830ae8 netpbm-devel-10.25-2.EL4.1.x86_64.rpm 1de2e67ae51b427005999b2ad413c5d6 netpbm-progs-10.25-2.EL4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2471 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDCd5JXlSAg2UNWIIRAsQfAJ9z6t0YOvu74lYoGq+Guok8aJBLsQCfRJvk S/v3VzWuL2OSlctXOqkJEtc= =wy6K -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 22 14:16:53 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 22 Aug 2005 10:16:53 -0400 Subject: [RHSA-2005:745-01] Low: vim security update Message-ID: <200508221416.j7MEGsvv014843@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: vim security update Advisory ID: RHSA-2005:745-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-745.html Issue date: 2005-08-22 Updated on: 2005-08-22 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2368 - --------------------------------------------------------------------- 1. Summary: Updated vim packages that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: VIM (VIsual editor iMproved) is a version of the vi editor. A bug was found in the way VIM processes modelines. If a user with modelines enabled opens a text file with a carefully crafted modeline, arbitrary commands may be executed as the user running VIM. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2368 to this issue. Users of VIM are advised to upgrade to these updated packages, which resolve this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 164279 - CAN-2005-2368 vim modeline arbitrary command execution 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/vim-6.0-7.22.src.rpm 719114adb0832e14e2e88e6ff83a6ffe vim-6.0-7.22.src.rpm i386: 104bac9feab3d01ea8925c0481f0804f vim-X11-6.0-7.22.i386.rpm 99ee9e8ff887b9478b2fa8395edc2c6a vim-common-6.0-7.22.i386.rpm 27bfb5ae7f01b5d33100d0c71c1b18ce vim-enhanced-6.0-7.22.i386.rpm 16abf305958e4491998f58de45703b79 vim-minimal-6.0-7.22.i386.rpm ia64: a59088f23c02c6f9d52d4d630a38eda6 vim-X11-6.0-7.22.ia64.rpm eec185f945687b4e40ab7bf531de6229 vim-common-6.0-7.22.ia64.rpm bd90b0f4c9b28ed43ba28acd2f8a312f vim-enhanced-6.0-7.22.ia64.rpm 54578b4ca37bad8ff0a3be7a4b654d0c vim-minimal-6.0-7.22.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/vim-6.0-7.22.src.rpm 719114adb0832e14e2e88e6ff83a6ffe vim-6.0-7.22.src.rpm ia64: a59088f23c02c6f9d52d4d630a38eda6 vim-X11-6.0-7.22.ia64.rpm eec185f945687b4e40ab7bf531de6229 vim-common-6.0-7.22.ia64.rpm bd90b0f4c9b28ed43ba28acd2f8a312f vim-enhanced-6.0-7.22.ia64.rpm 54578b4ca37bad8ff0a3be7a4b654d0c vim-minimal-6.0-7.22.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/vim-6.0-7.22.src.rpm 719114adb0832e14e2e88e6ff83a6ffe vim-6.0-7.22.src.rpm i386: 104bac9feab3d01ea8925c0481f0804f vim-X11-6.0-7.22.i386.rpm 99ee9e8ff887b9478b2fa8395edc2c6a vim-common-6.0-7.22.i386.rpm 27bfb5ae7f01b5d33100d0c71c1b18ce vim-enhanced-6.0-7.22.i386.rpm 16abf305958e4491998f58de45703b79 vim-minimal-6.0-7.22.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/vim-6.0-7.22.src.rpm 719114adb0832e14e2e88e6ff83a6ffe vim-6.0-7.22.src.rpm i386: 104bac9feab3d01ea8925c0481f0804f vim-X11-6.0-7.22.i386.rpm 99ee9e8ff887b9478b2fa8395edc2c6a vim-common-6.0-7.22.i386.rpm 27bfb5ae7f01b5d33100d0c71c1b18ce vim-enhanced-6.0-7.22.i386.rpm 16abf305958e4491998f58de45703b79 vim-minimal-6.0-7.22.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/vim-6.3.046-0.30E.4.src.rpm b641243591379284dac93099ecf5d97d vim-6.3.046-0.30E.4.src.rpm i386: 62a9c4c046c7ca958b0b6904261dfb0e vim-X11-6.3.046-0.30E.4.i386.rpm 4696813b685d6afd35be1496978e7dbe vim-common-6.3.046-0.30E.4.i386.rpm 91335f3fe94955e8214df17e5c90083f vim-enhanced-6.3.046-0.30E.4.i386.rpm 44b31284599dea17971d04d69831f8fb vim-minimal-6.3.046-0.30E.4.i386.rpm ia64: 6f9589a9d973060b71f642cf727e2f58 vim-X11-6.3.046-0.30E.4.ia64.rpm 2ceba89647f26fdf8c7e893d8bfa7e8d vim-common-6.3.046-0.30E.4.ia64.rpm 73c566459e7e8de46cc6f19431a57b2c vim-enhanced-6.3.046-0.30E.4.ia64.rpm 8087a713fd9d3cdbf1074926519166d5 vim-minimal-6.3.046-0.30E.4.ia64.rpm ppc: 813ffad3b98f8c892b8c5903e4d27d2e vim-X11-6.3.046-0.30E.4.ppc.rpm 5c2ca151372e51d5a20b10cce19890bf vim-common-6.3.046-0.30E.4.ppc.rpm 221fe7968c756a0f00072421aaf30158 vim-enhanced-6.3.046-0.30E.4.ppc.rpm fb5741c3b749ca84ecdb09d211d5898b vim-minimal-6.3.046-0.30E.4.ppc.rpm s390: 65d7f40c16974dd9072100f1f1f7d1d1 vim-X11-6.3.046-0.30E.4.s390.rpm 2d48d6be2667ad5ec03e06700c945175 vim-common-6.3.046-0.30E.4.s390.rpm ce22307cf11d8426505791ca6d233cb6 vim-enhanced-6.3.046-0.30E.4.s390.rpm a4a0e10883721dc72b1febf19bd89c6c vim-minimal-6.3.046-0.30E.4.s390.rpm s390x: 5547916eb79a26e110fa4c684f4112e6 vim-X11-6.3.046-0.30E.4.s390x.rpm b345578932db26bff59472a8bab31d4a vim-common-6.3.046-0.30E.4.s390x.rpm ddedf5962c2e1564b5a819e8d2e07b90 vim-enhanced-6.3.046-0.30E.4.s390x.rpm b2a44ba8b8211147931a652e10780b15 vim-minimal-6.3.046-0.30E.4.s390x.rpm x86_64: f486ae74052fd72b3232e03c6d04892d vim-X11-6.3.046-0.30E.4.x86_64.rpm 0ba8572080b6337f494cea32402b8770 vim-common-6.3.046-0.30E.4.x86_64.rpm 023d6e760c0ed69bb4d266ac9e95c5aa vim-enhanced-6.3.046-0.30E.4.x86_64.rpm dbda6a6fa0e3fb84b656d7bbedf589d9 vim-minimal-6.3.046-0.30E.4.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/vim-6.3.046-0.30E.4.src.rpm b641243591379284dac93099ecf5d97d vim-6.3.046-0.30E.4.src.rpm i386: 62a9c4c046c7ca958b0b6904261dfb0e vim-X11-6.3.046-0.30E.4.i386.rpm 4696813b685d6afd35be1496978e7dbe vim-common-6.3.046-0.30E.4.i386.rpm 91335f3fe94955e8214df17e5c90083f vim-enhanced-6.3.046-0.30E.4.i386.rpm 44b31284599dea17971d04d69831f8fb vim-minimal-6.3.046-0.30E.4.i386.rpm x86_64: f486ae74052fd72b3232e03c6d04892d vim-X11-6.3.046-0.30E.4.x86_64.rpm 0ba8572080b6337f494cea32402b8770 vim-common-6.3.046-0.30E.4.x86_64.rpm 023d6e760c0ed69bb4d266ac9e95c5aa vim-enhanced-6.3.046-0.30E.4.x86_64.rpm dbda6a6fa0e3fb84b656d7bbedf589d9 vim-minimal-6.3.046-0.30E.4.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/vim-6.3.046-0.30E.4.src.rpm b641243591379284dac93099ecf5d97d vim-6.3.046-0.30E.4.src.rpm i386: 62a9c4c046c7ca958b0b6904261dfb0e vim-X11-6.3.046-0.30E.4.i386.rpm 4696813b685d6afd35be1496978e7dbe vim-common-6.3.046-0.30E.4.i386.rpm 91335f3fe94955e8214df17e5c90083f vim-enhanced-6.3.046-0.30E.4.i386.rpm 44b31284599dea17971d04d69831f8fb vim-minimal-6.3.046-0.30E.4.i386.rpm ia64: 6f9589a9d973060b71f642cf727e2f58 vim-X11-6.3.046-0.30E.4.ia64.rpm 2ceba89647f26fdf8c7e893d8bfa7e8d vim-common-6.3.046-0.30E.4.ia64.rpm 73c566459e7e8de46cc6f19431a57b2c vim-enhanced-6.3.046-0.30E.4.ia64.rpm 8087a713fd9d3cdbf1074926519166d5 vim-minimal-6.3.046-0.30E.4.ia64.rpm x86_64: f486ae74052fd72b3232e03c6d04892d vim-X11-6.3.046-0.30E.4.x86_64.rpm 0ba8572080b6337f494cea32402b8770 vim-common-6.3.046-0.30E.4.x86_64.rpm 023d6e760c0ed69bb4d266ac9e95c5aa vim-enhanced-6.3.046-0.30E.4.x86_64.rpm dbda6a6fa0e3fb84b656d7bbedf589d9 vim-minimal-6.3.046-0.30E.4.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/vim-6.3.046-0.30E.4.src.rpm b641243591379284dac93099ecf5d97d vim-6.3.046-0.30E.4.src.rpm i386: 62a9c4c046c7ca958b0b6904261dfb0e vim-X11-6.3.046-0.30E.4.i386.rpm 4696813b685d6afd35be1496978e7dbe vim-common-6.3.046-0.30E.4.i386.rpm 91335f3fe94955e8214df17e5c90083f vim-enhanced-6.3.046-0.30E.4.i386.rpm 44b31284599dea17971d04d69831f8fb vim-minimal-6.3.046-0.30E.4.i386.rpm ia64: 6f9589a9d973060b71f642cf727e2f58 vim-X11-6.3.046-0.30E.4.ia64.rpm 2ceba89647f26fdf8c7e893d8bfa7e8d vim-common-6.3.046-0.30E.4.ia64.rpm 73c566459e7e8de46cc6f19431a57b2c vim-enhanced-6.3.046-0.30E.4.ia64.rpm 8087a713fd9d3cdbf1074926519166d5 vim-minimal-6.3.046-0.30E.4.ia64.rpm x86_64: f486ae74052fd72b3232e03c6d04892d vim-X11-6.3.046-0.30E.4.x86_64.rpm 0ba8572080b6337f494cea32402b8770 vim-common-6.3.046-0.30E.4.x86_64.rpm 023d6e760c0ed69bb4d266ac9e95c5aa vim-enhanced-6.3.046-0.30E.4.x86_64.rpm dbda6a6fa0e3fb84b656d7bbedf589d9 vim-minimal-6.3.046-0.30E.4.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/vim-6.3.046-0.40E.7.src.rpm 998b74b81555dd0de71aff94af5974bc vim-6.3.046-0.40E.7.src.rpm i386: 4b5da36806ad3797360adc3bdcdb228e vim-X11-6.3.046-0.40E.7.i386.rpm 6318e32a59fbb384b134bb7374c55b86 vim-common-6.3.046-0.40E.7.i386.rpm 1f22c28d6d856ece02748167a9369f6d vim-enhanced-6.3.046-0.40E.7.i386.rpm 206c32710b4bc504c2be35b4b5ecf127 vim-minimal-6.3.046-0.40E.7.i386.rpm ia64: ef7404bd22dbd423098bf698e6ecb26a vim-X11-6.3.046-0.40E.7.ia64.rpm ad363dd68e1b7a17124c9fb53366b4c2 vim-common-6.3.046-0.40E.7.ia64.rpm f51bfd05a709cf238a8cc7ded20486cb vim-enhanced-6.3.046-0.40E.7.ia64.rpm 16d524482f33edb3330e1e7be7e2b5ac vim-minimal-6.3.046-0.40E.7.ia64.rpm ppc: 5ad278b1e5491d8e8c972e9a77a58255 vim-X11-6.3.046-0.40E.7.ppc.rpm 1db40dd090924c092f2de2e3a6feb92e vim-common-6.3.046-0.40E.7.ppc.rpm 68a488570856102b877df40c21d9533d vim-enhanced-6.3.046-0.40E.7.ppc.rpm 0100e370d117ee4f3519a0082be21797 vim-minimal-6.3.046-0.40E.7.ppc.rpm s390: 71667bd231b7e487dfa358f6778a3e4b vim-X11-6.3.046-0.40E.7.s390.rpm a84d5604e9d2774ad021433a56194a94 vim-common-6.3.046-0.40E.7.s390.rpm 9f71ff6c9a67e6274d9001852a3c8b19 vim-enhanced-6.3.046-0.40E.7.s390.rpm 171d74ca135383894c1ed0beb01c8c1e vim-minimal-6.3.046-0.40E.7.s390.rpm s390x: fa609585aa9e1560d54b06aeefc9719a vim-X11-6.3.046-0.40E.7.s390x.rpm 4c76afa7473c9b84af1b4c02969fa931 vim-common-6.3.046-0.40E.7.s390x.rpm 879bddaefa444fc0ae4fb1b44aa93869 vim-enhanced-6.3.046-0.40E.7.s390x.rpm 51b8c7371ea60611350746b9e5ac68ea vim-minimal-6.3.046-0.40E.7.s390x.rpm x86_64: ebd79be3473d17260d4facd9509a73e6 vim-X11-6.3.046-0.40E.7.x86_64.rpm 7d2ae388363aaa07f110739706b13599 vim-common-6.3.046-0.40E.7.x86_64.rpm c8057314de1c5e21bf34cf064b512964 vim-enhanced-6.3.046-0.40E.7.x86_64.rpm 271b29bbb88eb5b453d9a70c3207338a vim-minimal-6.3.046-0.40E.7.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/vim-6.3.046-0.40E.7.src.rpm 998b74b81555dd0de71aff94af5974bc vim-6.3.046-0.40E.7.src.rpm i386: 4b5da36806ad3797360adc3bdcdb228e vim-X11-6.3.046-0.40E.7.i386.rpm 6318e32a59fbb384b134bb7374c55b86 vim-common-6.3.046-0.40E.7.i386.rpm 1f22c28d6d856ece02748167a9369f6d vim-enhanced-6.3.046-0.40E.7.i386.rpm 206c32710b4bc504c2be35b4b5ecf127 vim-minimal-6.3.046-0.40E.7.i386.rpm x86_64: ebd79be3473d17260d4facd9509a73e6 vim-X11-6.3.046-0.40E.7.x86_64.rpm 7d2ae388363aaa07f110739706b13599 vim-common-6.3.046-0.40E.7.x86_64.rpm c8057314de1c5e21bf34cf064b512964 vim-enhanced-6.3.046-0.40E.7.x86_64.rpm 271b29bbb88eb5b453d9a70c3207338a vim-minimal-6.3.046-0.40E.7.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/vim-6.3.046-0.40E.7.src.rpm 998b74b81555dd0de71aff94af5974bc vim-6.3.046-0.40E.7.src.rpm i386: 4b5da36806ad3797360adc3bdcdb228e vim-X11-6.3.046-0.40E.7.i386.rpm 6318e32a59fbb384b134bb7374c55b86 vim-common-6.3.046-0.40E.7.i386.rpm 1f22c28d6d856ece02748167a9369f6d vim-enhanced-6.3.046-0.40E.7.i386.rpm 206c32710b4bc504c2be35b4b5ecf127 vim-minimal-6.3.046-0.40E.7.i386.rpm ia64: ef7404bd22dbd423098bf698e6ecb26a vim-X11-6.3.046-0.40E.7.ia64.rpm ad363dd68e1b7a17124c9fb53366b4c2 vim-common-6.3.046-0.40E.7.ia64.rpm f51bfd05a709cf238a8cc7ded20486cb vim-enhanced-6.3.046-0.40E.7.ia64.rpm 16d524482f33edb3330e1e7be7e2b5ac vim-minimal-6.3.046-0.40E.7.ia64.rpm x86_64: ebd79be3473d17260d4facd9509a73e6 vim-X11-6.3.046-0.40E.7.x86_64.rpm 7d2ae388363aaa07f110739706b13599 vim-common-6.3.046-0.40E.7.x86_64.rpm c8057314de1c5e21bf34cf064b512964 vim-enhanced-6.3.046-0.40E.7.x86_64.rpm 271b29bbb88eb5b453d9a70c3207338a vim-minimal-6.3.046-0.40E.7.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/vim-6.3.046-0.40E.7.src.rpm 998b74b81555dd0de71aff94af5974bc vim-6.3.046-0.40E.7.src.rpm i386: 4b5da36806ad3797360adc3bdcdb228e vim-X11-6.3.046-0.40E.7.i386.rpm 6318e32a59fbb384b134bb7374c55b86 vim-common-6.3.046-0.40E.7.i386.rpm 1f22c28d6d856ece02748167a9369f6d vim-enhanced-6.3.046-0.40E.7.i386.rpm 206c32710b4bc504c2be35b4b5ecf127 vim-minimal-6.3.046-0.40E.7.i386.rpm ia64: ef7404bd22dbd423098bf698e6ecb26a vim-X11-6.3.046-0.40E.7.ia64.rpm ad363dd68e1b7a17124c9fb53366b4c2 vim-common-6.3.046-0.40E.7.ia64.rpm f51bfd05a709cf238a8cc7ded20486cb vim-enhanced-6.3.046-0.40E.7.ia64.rpm 16d524482f33edb3330e1e7be7e2b5ac vim-minimal-6.3.046-0.40E.7.ia64.rpm x86_64: ebd79be3473d17260d4facd9509a73e6 vim-X11-6.3.046-0.40E.7.x86_64.rpm 7d2ae388363aaa07f110739706b13599 vim-common-6.3.046-0.40E.7.x86_64.rpm c8057314de1c5e21bf34cf064b512964 vim-enhanced-6.3.046-0.40E.7.x86_64.rpm 271b29bbb88eb5b453d9a70c3207338a vim-minimal-6.3.046-0.40E.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2368 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDCd5UXlSAg2UNWIIRApPbAJsGqtRhB0WDZdiiqOHUxMOf3PhAVgCdGY/v 9TDz3N/seCyAmHw4BJPxNYE= =niXL -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 22 14:25:08 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 22 Aug 2005 10:25:08 -0400 Subject: [RHSA-2005:747-02] Low: slocate security update Message-ID: <200508221425.j7MEP8ZM018337@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: slocate security update Advisory ID: RHSA-2005:747-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-747.html Issue date: 2005-08-22 Updated on: 2005-08-22 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2499 - --------------------------------------------------------------------- 1. Summary: An updated slocate package that fixes a denial of service issue is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: Slocate is a security-enhanced version of locate. Like locate, slocate searches through a nightly-updated central database for files that match a given pattern. A bug was found in the way slocate processes very long paths. A local user could create a carefully crafted directory structure that would prevent updatedb from completing its file system scan, resulting in an incomplete slocate database. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2499 to this issue. Users are advised to upgrade to this updated package, which includes a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 165430 - CAN-2005-2499 slocate DOS 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/slocate-2.7-1.el2.1.src.rpm 48bc2399648a71b9cdc6f7eee3457f5c slocate-2.7-1.el2.1.src.rpm i386: 422f42516805c04797c817a4e8c4d333 slocate-2.7-1.el2.1.i386.rpm ia64: 68f823b854a10eec8a180b05cca7a240 slocate-2.7-1.el2.1.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/slocate-2.7-1.el2.1.src.rpm 48bc2399648a71b9cdc6f7eee3457f5c slocate-2.7-1.el2.1.src.rpm ia64: 68f823b854a10eec8a180b05cca7a240 slocate-2.7-1.el2.1.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/slocate-2.7-1.el2.1.src.rpm 48bc2399648a71b9cdc6f7eee3457f5c slocate-2.7-1.el2.1.src.rpm i386: 422f42516805c04797c817a4e8c4d333 slocate-2.7-1.el2.1.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/slocate-2.7-1.el2.1.src.rpm 48bc2399648a71b9cdc6f7eee3457f5c slocate-2.7-1.el2.1.src.rpm i386: 422f42516805c04797c817a4e8c4d333 slocate-2.7-1.el2.1.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2499 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDCeA5XlSAg2UNWIIRAoS6AJ9Jic50A9zX3HHTbGiodEaG4N0HCgCgoygR AznF3V+gwnjw3LRKSiBMH0E= =v3Cf -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Aug 23 18:20:51 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 23 Aug 2005 14:20:51 -0400 Subject: [RHSA-2005:755-01] Critical: elm security update Message-ID: <200508231820.j7NIKpbW002539@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: elm security update Advisory ID: RHSA-2005:755-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-755.html Issue date: 2005-08-23 Updated on: 2005-08-23 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2665 - --------------------------------------------------------------------- 1. Summary: An updated elm package is now available that fixes a buffer overflow issue for Red Hat Enterprise Linux 2.1 AS and AW. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 3. Problem description: Elm is a terminal mode email client. A buffer overflow flaw in Elm was discovered that was triggered by viewing a mailbox containing a message with a carefully crafted 'Expires' header. An attacker could create a malicious message that would execute arbitrary code with the privileges of the user who received it. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2665 to this issue. Users of Elm should update to this updated package, which contains a backported patch that corrects this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 166580 - CAN-2005-2665 elm buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/elm-2.5.6-6.src.rpm 479f0512285ad516895777c2e995a9a7 elm-2.5.6-6.src.rpm i386: 71cba99974d435407927cffd9901eaf9 elm-2.5.6-6.i386.rpm ia64: 6272e2c92c5eb207992b60d79c096565 elm-2.5.6-6.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/elm-2.5.6-6.src.rpm 479f0512285ad516895777c2e995a9a7 elm-2.5.6-6.src.rpm ia64: 6272e2c92c5eb207992b60d79c096565 elm-2.5.6-6.ia64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2665 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDC2j1XlSAg2UNWIIRAvnzAJ4i/5z71CA1v/qyWmu32tje9DPn/QCeMXDV JqmHY8zdBTOSuzdVDDAXoM4= =BB3R -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 25 13:32:29 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 25 Aug 2005 09:32:29 -0400 Subject: [RHSA-2005:529-01] Important: kernel security update Message-ID: <200508251332.j7PDWTGO019931@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2005:529-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-529.html Issue date: 2005-08-25 Updated on: 2005-08-25 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0504 CAN-2005-0749 CAN-2005-1263 CAN-2004-1056 - --------------------------------------------------------------------- 1. Summary: Updated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 (32 bit architectures) This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: The Linux kernel handles the basic functions of the operating system. This is a kernel maintenance update to Red Hat Enterprise Linux 2.1. The following security issues were corrected: A flaw between execve() syscall handling and core dumping of ELF-format executables allowed local unprivileged users to cause a denial of service (system crash) or possibly gain privileges. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-1263 to this issue. A flaw when freeing a pointer in load_elf_library was discovered. A local user could potentially use this flaw to cause a denial of service (crash). (CAN-2005-0749) The Direct Rendering Manager (DRM) driver did not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) or possibly modify the video output. (CAN-2004-1056) A flaw in the moxa serial driver could allow a local user to perform privileged operations such as replacing the firmware. (CAN-2005-0504) The following bug fixes were also made: - - Fix a race condition that can cause a panic in __get_lease() - - Fix a race condition that can cause a panic when reading /proc/mdstat - - Fix incorrect ide accounting - - Prevent non-root users from reloading moxa driver firmware - - Fix a null-pointer-dereference bug in rpciod - - Fix legacy-usb handoff for certain IBM platforms - - Fix a bug that caused busy inodes after unmount - - Provide an additional fix for a memory leak in scsi_scan_single. - - Fix a potential kswapd/dquot deadlock. - - Fix a potential local DoS in shmemfs. - - Fix a random poolsize vulnerability. Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to the packages associated with their machine configurations as listed in this erratum. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 127105 - RHEL 2.1: x445 Legacy USB support workaround needed 138517 - Memory Leak in AS 2.1 and 3.0 kernels 139775 - Filesystem quota GFP_KERNEL deadlock kswapd on dqio_sem. 144389 - CAN-2004-1056 insufficient locking checks in DRM code 144534 - random poolsize sysctl handler integer overflow 146103 - CAN-2005-0504 moxa CAP_SYS_RAWIO missing 152412 - CAN-2005-0749 load_elf_library possible DoS 156636 - [IT 54907] System oopsing in __get_lease() 157452 - CAN-2005-1263 Linux kernel ELF core dump privilege elevation 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kernel-2.4.9-e.65.src.rpm 75b21788376ac66ca843550c609e7b2f kernel-2.4.9-e.65.src.rpm i386: 0115ce5492ec4690d964445d2d9d5a28 kernel-2.4.9-e.65.athlon.rpm 9177fbe85508b0871b351084b4cf2cff kernel-2.4.9-e.65.i686.rpm dbf1e8c201a371fe826c1a702790901b kernel-BOOT-2.4.9-e.65.i386.rpm 0891cd9a3a384918658ed9dd39c957f5 kernel-debug-2.4.9-e.65.i686.rpm d2c0e5ba807aa9ea06100def9e8a6d63 kernel-doc-2.4.9-e.65.i386.rpm 0bbcb37e9f86b979d5befa0088dc94ca kernel-enterprise-2.4.9-e.65.i686.rpm 183e048e76fe3a621bcc1ae58bad4ab7 kernel-headers-2.4.9-e.65.i386.rpm 7681a9e9032ca8428d91de93de8acac2 kernel-smp-2.4.9-e.65.athlon.rpm 93cf8bdce245676880fb5f69bd679a77 kernel-smp-2.4.9-e.65.i686.rpm c29148136ede778664b6ce6400a3e48a kernel-source-2.4.9-e.65.i386.rpm 595da28faf3f8de4e830479d42671f50 kernel-summit-2.4.9-e.65.i686.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kernel-2.4.9-e.65.src.rpm 75b21788376ac66ca843550c609e7b2f kernel-2.4.9-e.65.src.rpm i386: 0115ce5492ec4690d964445d2d9d5a28 kernel-2.4.9-e.65.athlon.rpm 9177fbe85508b0871b351084b4cf2cff kernel-2.4.9-e.65.i686.rpm dbf1e8c201a371fe826c1a702790901b kernel-BOOT-2.4.9-e.65.i386.rpm 0891cd9a3a384918658ed9dd39c957f5 kernel-debug-2.4.9-e.65.i686.rpm d2c0e5ba807aa9ea06100def9e8a6d63 kernel-doc-2.4.9-e.65.i386.rpm 183e048e76fe3a621bcc1ae58bad4ab7 kernel-headers-2.4.9-e.65.i386.rpm 7681a9e9032ca8428d91de93de8acac2 kernel-smp-2.4.9-e.65.athlon.rpm 93cf8bdce245676880fb5f69bd679a77 kernel-smp-2.4.9-e.65.i686.rpm c29148136ede778664b6ce6400a3e48a kernel-source-2.4.9-e.65.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kernel-2.4.9-e.65.src.rpm 75b21788376ac66ca843550c609e7b2f kernel-2.4.9-e.65.src.rpm i386: 0115ce5492ec4690d964445d2d9d5a28 kernel-2.4.9-e.65.athlon.rpm 9177fbe85508b0871b351084b4cf2cff kernel-2.4.9-e.65.i686.rpm dbf1e8c201a371fe826c1a702790901b kernel-BOOT-2.4.9-e.65.i386.rpm 0891cd9a3a384918658ed9dd39c957f5 kernel-debug-2.4.9-e.65.i686.rpm d2c0e5ba807aa9ea06100def9e8a6d63 kernel-doc-2.4.9-e.65.i386.rpm 0bbcb37e9f86b979d5befa0088dc94ca kernel-enterprise-2.4.9-e.65.i686.rpm 183e048e76fe3a621bcc1ae58bad4ab7 kernel-headers-2.4.9-e.65.i386.rpm 7681a9e9032ca8428d91de93de8acac2 kernel-smp-2.4.9-e.65.athlon.rpm 93cf8bdce245676880fb5f69bd679a77 kernel-smp-2.4.9-e.65.i686.rpm c29148136ede778664b6ce6400a3e48a kernel-source-2.4.9-e.65.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0504 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0749 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1263 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1056 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDDchYXlSAg2UNWIIRApnVAJ9PzqTKOO2t+sfmxNSBYYH/kYRKKACglH1d umOlLr3pkqThHe+E4qnOzNY= =S5lR -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Aug 25 13:32:38 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 25 Aug 2005 09:32:38 -0400 Subject: [RHSA-2005:551-01] Important: kernel security update Message-ID: <200508251332.j7PDWcoS019941@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2005:551-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-551.html Issue date: 2005-08-25 Updated on: 2005-08-25 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0504 CAN-2005-0749 CAN-2005-1263 CAN-2005-1768 CAN-2005-1761 CAN-2004-1056 - --------------------------------------------------------------------- 1. Summary: Updated kernel packages are now available to correct security issues and bugs for Red Hat Enterprise Linux version 2.1 (Itanium). This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 3. Problem description: The Linux kernel handles the basic functions of the operating system. This is a kernel maintenance update to Red Hat Enterprise Linux 2.1. The following security issues are corrected: A flaw between execve() syscall handling and core dumping of ELF-format executables allowed local unprivileged users to cause a denial of service (system crash) or possibly gain privileges. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-1263 to this issue. A flaw in ptrace for Itanium architectures was discovered. A local user could use this flaw to cause a denial of service (crash) or possibly gain privileges. (CAN-2005-1761) A race condition in the ia32 compatibility code for the execve system call was discovered. A local user could use this flaw to cause a denial of service (kernel panic) or possibly gain privileges. (CAN-2005-1768) A flaw when freeing a pointer in load_elf_library was discovered. A local user could potentially use this flaw to cause a denial of service (crash). (CAN-2005-0749) The Direct Rendering Manager (DRM) driver did not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) or possibly modify the video output. (CAN-2004-1056) A flaw in the moxa serial driver could allow a local user to perform privileged operations such as replacing the firmware. (CAN-2005-0504) The following bug fixes were also made: - - "busy inodes after unmount" error on NFS volumes - - Establish 64-bit limits even for 32-bit threads - - Fix a race condition in __get_lease - - Fix error in IDE disk accounting. This last fix causes IO accounting to occur only on READ and WRITE operations. This fixes several bugs in various accounting and statistic utilities. - - Fix kswapd/dquot deadlock bug - - Fix loop control bug in do_shmem_file_read All Red Hat Enterprise Linux 2.1 Itanium users are advised to upgrade their kernels to the packages associated with their machine configurations as listed in this erratum. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 139775 - Filesystem quota GFP_KERNEL deadlock kswapd on dqio_sem. 144389 - CAN-2004-1056 insufficient locking checks in DRM code 144533 - random poolsize sysctl handler integer overflow 146104 - CAN-2005-0504 moxa CAP_SYS_RAWIO missing (ipf) 151230 - System hangs with kernel patch e.52 while dce install/run 152413 - CAN-2005-0749 load_elf_library possible DoS (ipf) 157453 - CAN-2005-1263 Linux kernel ELF core dump privilege elevation (ipf) 159824 - CAN-2005-1761 local user can use ptrace to crash system 160200 - CAN-2005-1768 64bit execve() race leads to buffer overflow 160562 - Race condition in __get_lease() 165950 - Unexpected error: VFS: Busy inodes after unmount. Self-destruct in 5 seconds. 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kernel-2.4.18-e.58.src.rpm 405aef6d6b5f0aa4746276382c4a4524 kernel-2.4.18-e.58.src.rpm ia64: b8667d554215df25d99ac30fb723a265 kernel-2.4.18-e.58.ia64.rpm bc09fcf07e63bb0d12ca88bdb3e077a0 kernel-doc-2.4.18-e.58.ia64.rpm ee7570ac40f9f6d0bcfa0393ba4c0d71 kernel-smp-2.4.18-e.58.ia64.rpm 46666a903e05bf47f6109766c7563003 kernel-source-2.4.18-e.58.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kernel-2.4.18-e.58.src.rpm 405aef6d6b5f0aa4746276382c4a4524 kernel-2.4.18-e.58.src.rpm ia64: b8667d554215df25d99ac30fb723a265 kernel-2.4.18-e.58.ia64.rpm bc09fcf07e63bb0d12ca88bdb3e077a0 kernel-doc-2.4.18-e.58.ia64.rpm ee7570ac40f9f6d0bcfa0393ba4c0d71 kernel-smp-2.4.18-e.58.ia64.rpm 46666a903e05bf47f6109766c7563003 kernel-source-2.4.18-e.58.ia64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0504 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0749 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1263 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1768 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1056 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDDch0XlSAg2UNWIIRAon4AKC3O088vBr6GCyQcoAGcTr/ilrVIQCgqsuW MI28Q3bTnwzb711BugvuLxo= =ngID -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Aug 29 18:34:38 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 29 Aug 2005 14:34:38 -0400 Subject: [RHSA-2005:267-01] Important: Evolution security update Message-ID: <200508291834.j7TIYcTB011725@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: Evolution security update Advisory ID: RHSA-2005:267-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-267.html Issue date: 2005-08-29 Updated on: 2005-08-29 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2549 CAN-2005-2550 - --------------------------------------------------------------------- 1. Summary: Updated evolution packages that fix a format string issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Evolution is the GNOME collection of personal information management (PIM) tools. A format string bug was found in Evolution. If a user tries to save a carefully crafted meeting or appointment, arbitrary code may be executed as the user running Evolution. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2550 to this issue. Additionally, several other format string bugs were found in Evolution. If a user views a malicious vCard, connects to a malicious LDAP server, or displays a task list from a malicious remote server, arbitrary code may be executed as the user running Evolution. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2549 to this issue. Please note that this issue only affects Red Hat Enterprise Linux 4. All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 165235 - CAN-2005-2549 Sitic Vulnerability Advisory: SA05-001 Evolution multiple remote format string bugs (RHEL4) (CAN-2005-2550) 165236 - CAN-2005-2550 Sitic Vulnerability Advisory: SA05-001 Evolution multiple remote format string bugs (RHEL3) 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/evolution-1.4.5-16.src.rpm 64de9c454f1985ac261404de29171459 evolution-1.4.5-16.src.rpm i386: b6ab1aee94253b982a327828d201ab90 evolution-1.4.5-16.i386.rpm 72e961d8fafbd83ed5f354a1f066f308 evolution-devel-1.4.5-16.i386.rpm ia64: 0afe128ad8d995daf7e52d1f718ac3fa evolution-1.4.5-16.ia64.rpm 841a301e4f8f0b7fdf9254278d2a0d01 evolution-devel-1.4.5-16.ia64.rpm ppc: 45ccb2ad1cad38000bdf9735d89740cd evolution-1.4.5-16.ppc.rpm 471dbd100230ec85140667ab4afe4f9a evolution-devel-1.4.5-16.ppc.rpm s390: f21d2bbe58e1d4bc10451d3b66d477df evolution-1.4.5-16.s390.rpm c1f9135edee72d450f822da6b70517c1 evolution-devel-1.4.5-16.s390.rpm s390x: e4845774c8ae63f2c754ee18bbfb08dd evolution-1.4.5-16.s390x.rpm 144becdb2a59b78e2510cac31968a4e1 evolution-devel-1.4.5-16.s390x.rpm x86_64: ee6f495c0204f84f7d2ed4e96cbca4dd evolution-1.4.5-16.x86_64.rpm acba6d9167cedfec8b52f7acb0ce5773 evolution-devel-1.4.5-16.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/evolution-1.4.5-16.src.rpm 64de9c454f1985ac261404de29171459 evolution-1.4.5-16.src.rpm i386: b6ab1aee94253b982a327828d201ab90 evolution-1.4.5-16.i386.rpm 72e961d8fafbd83ed5f354a1f066f308 evolution-devel-1.4.5-16.i386.rpm x86_64: ee6f495c0204f84f7d2ed4e96cbca4dd evolution-1.4.5-16.x86_64.rpm acba6d9167cedfec8b52f7acb0ce5773 evolution-devel-1.4.5-16.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/evolution-1.4.5-16.src.rpm 64de9c454f1985ac261404de29171459 evolution-1.4.5-16.src.rpm i386: b6ab1aee94253b982a327828d201ab90 evolution-1.4.5-16.i386.rpm 72e961d8fafbd83ed5f354a1f066f308 evolution-devel-1.4.5-16.i386.rpm ia64: 0afe128ad8d995daf7e52d1f718ac3fa evolution-1.4.5-16.ia64.rpm 841a301e4f8f0b7fdf9254278d2a0d01 evolution-devel-1.4.5-16.ia64.rpm x86_64: ee6f495c0204f84f7d2ed4e96cbca4dd evolution-1.4.5-16.x86_64.rpm acba6d9167cedfec8b52f7acb0ce5773 evolution-devel-1.4.5-16.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/evolution-1.4.5-16.src.rpm 64de9c454f1985ac261404de29171459 evolution-1.4.5-16.src.rpm i386: b6ab1aee94253b982a327828d201ab90 evolution-1.4.5-16.i386.rpm 72e961d8fafbd83ed5f354a1f066f308 evolution-devel-1.4.5-16.i386.rpm ia64: 0afe128ad8d995daf7e52d1f718ac3fa evolution-1.4.5-16.ia64.rpm 841a301e4f8f0b7fdf9254278d2a0d01 evolution-devel-1.4.5-16.ia64.rpm x86_64: ee6f495c0204f84f7d2ed4e96cbca4dd evolution-1.4.5-16.x86_64.rpm acba6d9167cedfec8b52f7acb0ce5773 evolution-devel-1.4.5-16.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/evolution-2.0.2-16.3.src.rpm 38e6363d976371f9c506e85d85964f80 evolution-2.0.2-16.3.src.rpm i386: ebebd06e957857c33718dbeae32fe191 evolution-2.0.2-16.3.i386.rpm 4a5434ff49d485307516b7074be33452 evolution-devel-2.0.2-16.3.i386.rpm ia64: 0c5f0fa243d7344c7c08e53fa9cf567c evolution-2.0.2-16.3.ia64.rpm c6436a6670f2e95d57553a4be64727dd evolution-devel-2.0.2-16.3.ia64.rpm ppc: fa014dc0973f2c0e6e9e53eada2870a9 evolution-2.0.2-16.3.ppc.rpm eaca77794ce77f996dcb0edc2be28efa evolution-devel-2.0.2-16.3.ppc.rpm s390: 3aead415dfd8b2bd14cc365fbc2c72a5 evolution-2.0.2-16.3.s390.rpm c2f76dc40fc4cabf40684b334ff61f3d evolution-devel-2.0.2-16.3.s390.rpm s390x: cd24f2f5e1b30c7e316e9de46c113270 evolution-2.0.2-16.3.s390x.rpm 44e56bc1727578db18e4fddc06c62a97 evolution-devel-2.0.2-16.3.s390x.rpm x86_64: ec340d42ffdcb8de1d8ec844868f92b7 evolution-2.0.2-16.3.x86_64.rpm 55df9a9c087385075c1acc9864349d7c evolution-devel-2.0.2-16.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/evolution-2.0.2-16.3.src.rpm 38e6363d976371f9c506e85d85964f80 evolution-2.0.2-16.3.src.rpm i386: ebebd06e957857c33718dbeae32fe191 evolution-2.0.2-16.3.i386.rpm 4a5434ff49d485307516b7074be33452 evolution-devel-2.0.2-16.3.i386.rpm x86_64: ec340d42ffdcb8de1d8ec844868f92b7 evolution-2.0.2-16.3.x86_64.rpm 55df9a9c087385075c1acc9864349d7c evolution-devel-2.0.2-16.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/evolution-2.0.2-16.3.src.rpm 38e6363d976371f9c506e85d85964f80 evolution-2.0.2-16.3.src.rpm i386: ebebd06e957857c33718dbeae32fe191 evolution-2.0.2-16.3.i386.rpm 4a5434ff49d485307516b7074be33452 evolution-devel-2.0.2-16.3.i386.rpm ia64: 0c5f0fa243d7344c7c08e53fa9cf567c evolution-2.0.2-16.3.ia64.rpm c6436a6670f2e95d57553a4be64727dd evolution-devel-2.0.2-16.3.ia64.rpm x86_64: ec340d42ffdcb8de1d8ec844868f92b7 evolution-2.0.2-16.3.x86_64.rpm 55df9a9c087385075c1acc9864349d7c evolution-devel-2.0.2-16.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/evolution-2.0.2-16.3.src.rpm 38e6363d976371f9c506e85d85964f80 evolution-2.0.2-16.3.src.rpm i386: ebebd06e957857c33718dbeae32fe191 evolution-2.0.2-16.3.i386.rpm 4a5434ff49d485307516b7074be33452 evolution-devel-2.0.2-16.3.i386.rpm ia64: 0c5f0fa243d7344c7c08e53fa9cf567c evolution-2.0.2-16.3.ia64.rpm c6436a6670f2e95d57553a4be64727dd evolution-devel-2.0.2-16.3.ia64.rpm x86_64: ec340d42ffdcb8de1d8ec844868f92b7 evolution-2.0.2-16.3.x86_64.rpm 55df9a9c087385075c1acc9864349d7c evolution-devel-2.0.2-16.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2550 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDE1UgXlSAg2UNWIIRAtfFAKC2/faDYnVNJRiqzGdZkFm4OwFwUgCfa8Pe NtEdxozL0WgCKiFgqWzFlSc= =Ell4 -----END PGP SIGNATURE-----