From bugzilla at redhat.com Tue Dec 6 15:29:16 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 6 Dec 2005 10:29:16 -0500 Subject: [RHSA-2005:840-01] Important: xpdf security update Message-ID: <200512061529.jB6FTGeR013665@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: xpdf security update Advisory ID: RHSA-2005:840-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-840.html Issue date: 2005-12-06 Updated on: 2005-12-06 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-3193 - --------------------------------------------------------------------- 1. Summary: An updated xpdf package that fixes several security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files. Several flaws were discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-3193 to these issues. Users of Xpdf should upgrade to this updated package, which contains a backported patch to resolve these issues. Red Hat would like to thank Derek B. Noonburg for reporting this issue and providing a patch. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 173888 - CVE-2005-3193 xpdf issues 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/xpdf-0.92-16.src.rpm 7a1ec5ee2b0e182671178e129d23d02f xpdf-0.92-16.src.rpm i386: 631fd9d85e54b843f39cfece3c96e299 xpdf-0.92-16.i386.rpm ia64: bd83cdfddc43521d6877fef706fda973 xpdf-0.92-16.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/xpdf-0.92-16.src.rpm 7a1ec5ee2b0e182671178e129d23d02f xpdf-0.92-16.src.rpm ia64: bd83cdfddc43521d6877fef706fda973 xpdf-0.92-16.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/xpdf-0.92-16.src.rpm 7a1ec5ee2b0e182671178e129d23d02f xpdf-0.92-16.src.rpm i386: 631fd9d85e54b843f39cfece3c96e299 xpdf-0.92-16.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/xpdf-0.92-16.src.rpm 7a1ec5ee2b0e182671178e129d23d02f xpdf-0.92-16.src.rpm i386: 631fd9d85e54b843f39cfece3c96e299 xpdf-0.92-16.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xpdf-2.02-9.7.src.rpm 2faf50967ceb94d897d52eb9c29429c3 xpdf-2.02-9.7.src.rpm i386: e5ec318a045404236d7515c512c52e18 xpdf-2.02-9.7.i386.rpm ia64: 1dc462b0bfeb0a11a608d2de041adafd xpdf-2.02-9.7.ia64.rpm ppc: 0d98945bc02703d08dbf833d0e1787aa xpdf-2.02-9.7.ppc.rpm s390: 3cb519b83be112558603623fee44c528 xpdf-2.02-9.7.s390.rpm s390x: eac98a768aa2c0b25af4d102ff1569b8 xpdf-2.02-9.7.s390x.rpm x86_64: a6e7d4a9449af1f6147b094497aa33b9 xpdf-2.02-9.7.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/xpdf-2.02-9.7.src.rpm 2faf50967ceb94d897d52eb9c29429c3 xpdf-2.02-9.7.src.rpm i386: e5ec318a045404236d7515c512c52e18 xpdf-2.02-9.7.i386.rpm x86_64: a6e7d4a9449af1f6147b094497aa33b9 xpdf-2.02-9.7.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/xpdf-2.02-9.7.src.rpm 2faf50967ceb94d897d52eb9c29429c3 xpdf-2.02-9.7.src.rpm i386: e5ec318a045404236d7515c512c52e18 xpdf-2.02-9.7.i386.rpm ia64: 1dc462b0bfeb0a11a608d2de041adafd xpdf-2.02-9.7.ia64.rpm x86_64: a6e7d4a9449af1f6147b094497aa33b9 xpdf-2.02-9.7.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/xpdf-2.02-9.7.src.rpm 2faf50967ceb94d897d52eb9c29429c3 xpdf-2.02-9.7.src.rpm i386: e5ec318a045404236d7515c512c52e18 xpdf-2.02-9.7.i386.rpm ia64: 1dc462b0bfeb0a11a608d2de041adafd xpdf-2.02-9.7.ia64.rpm x86_64: a6e7d4a9449af1f6147b094497aa33b9 xpdf-2.02-9.7.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/xpdf-3.00-11.9.src.rpm 4a2f45dcb7f3fae59d0e8f1c50c646e8 xpdf-3.00-11.9.src.rpm i386: f163be62a078caab1af3dcda85b9245a xpdf-3.00-11.9.i386.rpm ia64: 7efbfbbabf316a14db820ab56dba5c33 xpdf-3.00-11.9.ia64.rpm ppc: d8352411a6ea0994d8dbd1aa607395bf xpdf-3.00-11.9.ppc.rpm s390: 29e164b50b4e59d2211658d965a9168b xpdf-3.00-11.9.s390.rpm s390x: ff27714a2c97cf072a87517b38c117c9 xpdf-3.00-11.9.s390x.rpm x86_64: e39e5160c5f8da5bbd850f411bc09cee xpdf-3.00-11.9.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/xpdf-3.00-11.9.src.rpm 4a2f45dcb7f3fae59d0e8f1c50c646e8 xpdf-3.00-11.9.src.rpm i386: f163be62a078caab1af3dcda85b9245a xpdf-3.00-11.9.i386.rpm x86_64: e39e5160c5f8da5bbd850f411bc09cee xpdf-3.00-11.9.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/xpdf-3.00-11.9.src.rpm 4a2f45dcb7f3fae59d0e8f1c50c646e8 xpdf-3.00-11.9.src.rpm i386: f163be62a078caab1af3dcda85b9245a xpdf-3.00-11.9.i386.rpm ia64: 7efbfbbabf316a14db820ab56dba5c33 xpdf-3.00-11.9.ia64.rpm x86_64: e39e5160c5f8da5bbd850f411bc09cee xpdf-3.00-11.9.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/xpdf-3.00-11.9.src.rpm 4a2f45dcb7f3fae59d0e8f1c50c646e8 xpdf-3.00-11.9.src.rpm i386: f163be62a078caab1af3dcda85b9245a xpdf-3.00-11.9.i386.rpm ia64: 7efbfbbabf316a14db820ab56dba5c33 xpdf-3.00-11.9.ia64.rpm x86_64: e39e5160c5f8da5bbd850f411bc09cee xpdf-3.00-11.9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3193 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDla4sXlSAg2UNWIIRAtNhAJ4u9OGeJymLARo+KsbCSM0s6PJyiwCgpAsV 9Vb6O0R85EZ8kObT4vUMLz0= =kmFE -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 6 15:29:46 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 6 Dec 2005 10:29:46 -0500 Subject: [RHSA-2005:848-01] Moderate: libc-client security update Message-ID: <200512061529.jB6FTll4013731@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: libc-client security update Advisory ID: RHSA-2005:848-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-848.html Issue date: 2005-12-06 Updated on: 2005-12-06 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-2933 - --------------------------------------------------------------------- 1. Summary: Updated libc-client packages that fix a buffer overflow issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: C-client is a common API for accessing mailboxes. A buffer overflow flaw was discovered in the way C-client parses user supplied mailboxes. If an authenticated user requests a specially crafted mailbox name, it may be possible to execute arbitrary code on a server that uses C-client to access mailboxes. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2933 to this issue. All users of libc-client should upgrade to these updated packages, which contain a backported patch that resolves this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 171344 - CVE-2005-2933 imap buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libc-client-2002e-14.src.rpm e050f3b294c3a810f9c62a5a4ad8ee35 libc-client-2002e-14.src.rpm i386: c6460f746fa52858d1e617e5aa5f8791 libc-client-2002e-14.i386.rpm 15a992bb5fd6a334e430626d194efb83 libc-client-devel-2002e-14.i386.rpm ia64: c6460f746fa52858d1e617e5aa5f8791 libc-client-2002e-14.i386.rpm d82f92b0aa198d5c57a74f849b6233db libc-client-2002e-14.ia64.rpm e997fd97ca8970294bb50378ff86de69 libc-client-devel-2002e-14.ia64.rpm ppc: 895819bc9ab63446494b0771da35da91 libc-client-2002e-14.ppc.rpm 075bae7362a94821ef9b329eca9ab239 libc-client-2002e-14.ppc64.rpm 7a7af03991228dd6e8904f7e6ae152bf libc-client-devel-2002e-14.ppc.rpm s390: 782730a8a1ad886fd69ad0918369e5d7 libc-client-2002e-14.s390.rpm bd98ece7dc7ad68aa1e2d5d54f2c7a30 libc-client-devel-2002e-14.s390.rpm s390x: 782730a8a1ad886fd69ad0918369e5d7 libc-client-2002e-14.s390.rpm bede6046b6b14dc2e7e3fe7a7a3c35df libc-client-2002e-14.s390x.rpm 4662ba7a95544c1860fce45152ceb659 libc-client-devel-2002e-14.s390x.rpm x86_64: c6460f746fa52858d1e617e5aa5f8791 libc-client-2002e-14.i386.rpm 37898475b279206da3375d5f4d95b91e libc-client-2002e-14.x86_64.rpm 678b838f2f0e13af8343ccac76c0b82a libc-client-devel-2002e-14.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libc-client-2002e-14.src.rpm e050f3b294c3a810f9c62a5a4ad8ee35 libc-client-2002e-14.src.rpm i386: c6460f746fa52858d1e617e5aa5f8791 libc-client-2002e-14.i386.rpm 15a992bb5fd6a334e430626d194efb83 libc-client-devel-2002e-14.i386.rpm x86_64: c6460f746fa52858d1e617e5aa5f8791 libc-client-2002e-14.i386.rpm 37898475b279206da3375d5f4d95b91e libc-client-2002e-14.x86_64.rpm 678b838f2f0e13af8343ccac76c0b82a libc-client-devel-2002e-14.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libc-client-2002e-14.src.rpm e050f3b294c3a810f9c62a5a4ad8ee35 libc-client-2002e-14.src.rpm i386: c6460f746fa52858d1e617e5aa5f8791 libc-client-2002e-14.i386.rpm 15a992bb5fd6a334e430626d194efb83 libc-client-devel-2002e-14.i386.rpm ia64: c6460f746fa52858d1e617e5aa5f8791 libc-client-2002e-14.i386.rpm d82f92b0aa198d5c57a74f849b6233db libc-client-2002e-14.ia64.rpm e997fd97ca8970294bb50378ff86de69 libc-client-devel-2002e-14.ia64.rpm x86_64: c6460f746fa52858d1e617e5aa5f8791 libc-client-2002e-14.i386.rpm 37898475b279206da3375d5f4d95b91e libc-client-2002e-14.x86_64.rpm 678b838f2f0e13af8343ccac76c0b82a libc-client-devel-2002e-14.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libc-client-2002e-14.src.rpm e050f3b294c3a810f9c62a5a4ad8ee35 libc-client-2002e-14.src.rpm i386: c6460f746fa52858d1e617e5aa5f8791 libc-client-2002e-14.i386.rpm 15a992bb5fd6a334e430626d194efb83 libc-client-devel-2002e-14.i386.rpm ia64: c6460f746fa52858d1e617e5aa5f8791 libc-client-2002e-14.i386.rpm d82f92b0aa198d5c57a74f849b6233db libc-client-2002e-14.ia64.rpm e997fd97ca8970294bb50378ff86de69 libc-client-devel-2002e-14.ia64.rpm x86_64: c6460f746fa52858d1e617e5aa5f8791 libc-client-2002e-14.i386.rpm 37898475b279206da3375d5f4d95b91e libc-client-2002e-14.x86_64.rpm 678b838f2f0e13af8343ccac76c0b82a libc-client-devel-2002e-14.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2933 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDla5WXlSAg2UNWIIRAj4RAKCHaTStbBBDheEadXLNUpPJomc7VgCfVM92 V/3/YCqtcV72NY7vw2nCkhA= =cPKW -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 6 15:30:27 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 6 Dec 2005 10:30:27 -0500 Subject: [RHSA-2005:850-01] Moderate: imap security update Message-ID: <200512061530.jB6FUSRD014496@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: imap security update Advisory ID: RHSA-2005:850-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-850.html Issue date: 2005-12-06 Updated on: 2005-12-06 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-2933 - --------------------------------------------------------------------- 1. Summary: An updated imap package that fixes a buffer overflow issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The imap package provides server daemons for both the IMAP (Internet Message Access Protocol) and POP (Post Office Protocol) mail access protocols. A buffer overflow flaw was discovered in the way the c-client library parses user supplied mailboxes. If an authenticated user requests a specially crafted mailbox name, it may be possible to execute arbitrary code on a server that uses the library. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2933 to this issue. All users of imap should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 169953 - CVE-2005-2933 imap buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/imap-2001a-19.src.rpm 368ed3b9cf30c88c562daf57b6dc314f imap-2001a-19.src.rpm i386: b04aa8f1b0aa703871346700d28fc64e imap-2001a-19.i386.rpm 1fdbd1eb8cf467af263ed9972df9409d imap-devel-2001a-19.i386.rpm ia64: fb5d1b22b2df69c1f468f16df9ebfdce imap-2001a-19.ia64.rpm 5599797731d68a60df45c689a8ceb509 imap-devel-2001a-19.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/imap-2001a-19.src.rpm 368ed3b9cf30c88c562daf57b6dc314f imap-2001a-19.src.rpm ia64: fb5d1b22b2df69c1f468f16df9ebfdce imap-2001a-19.ia64.rpm 5599797731d68a60df45c689a8ceb509 imap-devel-2001a-19.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/imap-2001a-19.src.rpm 368ed3b9cf30c88c562daf57b6dc314f imap-2001a-19.src.rpm i386: b04aa8f1b0aa703871346700d28fc64e imap-2001a-19.i386.rpm 1fdbd1eb8cf467af263ed9972df9409d imap-devel-2001a-19.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/imap-2002d-12.src.rpm 8685e5bf17d4768f5254d8bd69debdf1 imap-2002d-12.src.rpm i386: 7eef6e0ecc4147cc73a60be3e0d76647 imap-2002d-12.i386.rpm 820c2d446fd800cec6ce64ec2c42f494 imap-devel-2002d-12.i386.rpm 88d23ffc188f1d196d60ae43f7aa1939 imap-utils-2002d-12.i386.rpm ia64: 070f9e193a84fe7d67dd022eb98e4889 imap-2002d-12.ia64.rpm 6b5594df0491c151995d36ec5e88fd63 imap-devel-2002d-12.ia64.rpm 39b5b378efec1b4242c5b5a1ae188846 imap-utils-2002d-12.ia64.rpm ppc: f23db230f9b7ecde5cad18cf1a6dd000 imap-2002d-12.ppc.rpm ac380108e2da663c4feeedd010c65954 imap-devel-2002d-12.ppc.rpm d034338b4712651ab02d7ae40d4fd538 imap-utils-2002d-12.ppc.rpm s390: 8e7c079ca5ec95e9767fbceb88403232 imap-2002d-12.s390.rpm 56dab9d88d5a7cf231da1b9321c62852 imap-devel-2002d-12.s390.rpm 10e343ab7ba2f7ba41b37309e8bd026e imap-utils-2002d-12.s390.rpm s390x: 72f38762833f5f615b812b78bf5c0529 imap-2002d-12.s390x.rpm c10832b30b30c614069e8be2bf062060 imap-devel-2002d-12.s390x.rpm f23cdbc5a4a1c50375a36474dddabdd0 imap-utils-2002d-12.s390x.rpm x86_64: f90db06f0e5c48b220d071a698cec537 imap-2002d-12.x86_64.rpm 075645d561e9e7bac634d3f42855f6b4 imap-devel-2002d-12.x86_64.rpm a4d5f9aad62c46de9d5b8fa4800402f2 imap-utils-2002d-12.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/imap-2002d-12.src.rpm 8685e5bf17d4768f5254d8bd69debdf1 imap-2002d-12.src.rpm i386: 7eef6e0ecc4147cc73a60be3e0d76647 imap-2002d-12.i386.rpm 820c2d446fd800cec6ce64ec2c42f494 imap-devel-2002d-12.i386.rpm 88d23ffc188f1d196d60ae43f7aa1939 imap-utils-2002d-12.i386.rpm x86_64: f90db06f0e5c48b220d071a698cec537 imap-2002d-12.x86_64.rpm 075645d561e9e7bac634d3f42855f6b4 imap-devel-2002d-12.x86_64.rpm a4d5f9aad62c46de9d5b8fa4800402f2 imap-utils-2002d-12.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/imap-2002d-12.src.rpm 8685e5bf17d4768f5254d8bd69debdf1 imap-2002d-12.src.rpm i386: 7eef6e0ecc4147cc73a60be3e0d76647 imap-2002d-12.i386.rpm 820c2d446fd800cec6ce64ec2c42f494 imap-devel-2002d-12.i386.rpm 88d23ffc188f1d196d60ae43f7aa1939 imap-utils-2002d-12.i386.rpm ia64: 070f9e193a84fe7d67dd022eb98e4889 imap-2002d-12.ia64.rpm 6b5594df0491c151995d36ec5e88fd63 imap-devel-2002d-12.ia64.rpm 39b5b378efec1b4242c5b5a1ae188846 imap-utils-2002d-12.ia64.rpm x86_64: f90db06f0e5c48b220d071a698cec537 imap-2002d-12.x86_64.rpm 075645d561e9e7bac634d3f42855f6b4 imap-devel-2002d-12.x86_64.rpm a4d5f9aad62c46de9d5b8fa4800402f2 imap-utils-2002d-12.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/imap-2002d-12.src.rpm 8685e5bf17d4768f5254d8bd69debdf1 imap-2002d-12.src.rpm i386: 7eef6e0ecc4147cc73a60be3e0d76647 imap-2002d-12.i386.rpm 820c2d446fd800cec6ce64ec2c42f494 imap-devel-2002d-12.i386.rpm 88d23ffc188f1d196d60ae43f7aa1939 imap-utils-2002d-12.i386.rpm ia64: 070f9e193a84fe7d67dd022eb98e4889 imap-2002d-12.ia64.rpm 6b5594df0491c151995d36ec5e88fd63 imap-devel-2002d-12.ia64.rpm 39b5b378efec1b4242c5b5a1ae188846 imap-utils-2002d-12.ia64.rpm x86_64: f90db06f0e5c48b220d071a698cec537 imap-2002d-12.x86_64.rpm 075645d561e9e7bac634d3f42855f6b4 imap-devel-2002d-12.x86_64.rpm a4d5f9aad62c46de9d5b8fa4800402f2 imap-utils-2002d-12.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2933 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDla6CXlSAg2UNWIIRAqr/AJ9Cx5aMFa0CFAoFi4gK5lGsUUODXgCgnNCd 2OuxnvpFfgGwhmsgtuCzv8c= =tEuh -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 20 15:15:05 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 Dec 2005 10:15:05 -0500 Subject: [RHSA-2005:843-01] Moderate: netpbm security update Message-ID: <200512201515.jBKFF57r020238@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: netpbm security update Advisory ID: RHSA-2005:843-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-843.html Issue date: 2005-12-20 Updated on: 2005-12-20 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3632 CVE-2005-3662 - --------------------------------------------------------------------- 1. Summary: Updated netpbm packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The netpbm package contains a library of functions that support programs for handling various graphics file formats. A stack based buffer overflow bug was found in the way netpbm converts Portable Anymap (PNM) files into Portable Network Graphics (PNG). A specially crafted PNM file could allow an attacker to execute arbitrary code by attempting to convert a PNM file to a PNG file when using pnmtopng with the '-text' option. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3632 to this issue. An "off by one" bug was found in the way netpbm converts Portable Anymap (PNM) files into Portable Network Graphics (PNG). If a victim attempts to convert a specially crafted 256 color PNM file to a PNG file, then it can cause the pnmtopng utility to crash. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3662 to this issue. All users of netpbm should upgrade to these updated packages, which contain backported patches that resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 173342 - CVE-2005-3662 netpbm off by one error 173344 - CVE-2005-3632 Netpbm buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/netpbm-9.24-9.AS21.6.src.rpm f9ba7f06f41f2aa95d2d86931f2aa7fd netpbm-9.24-9.AS21.6.src.rpm i386: 360ae1d9aaef8544b3a1ca00a2feaa4b netpbm-9.24-9.AS21.6.i386.rpm c45c19f689ba6628ef0e609e00854d89 netpbm-devel-9.24-9.AS21.6.i386.rpm 6bc5d1878c9ebf6aaab762ed99bdfcfb netpbm-progs-9.24-9.AS21.6.i386.rpm ia64: c014f290d818568f0d58605aa3b143dd netpbm-9.24-9.AS21.6.ia64.rpm ddddb9b88c82496eccab50ffc0173fc4 netpbm-devel-9.24-9.AS21.6.ia64.rpm b11ae66486d6d362984ba99ab972b4b3 netpbm-progs-9.24-9.AS21.6.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/netpbm-9.24-9.AS21.6.src.rpm f9ba7f06f41f2aa95d2d86931f2aa7fd netpbm-9.24-9.AS21.6.src.rpm ia64: c014f290d818568f0d58605aa3b143dd netpbm-9.24-9.AS21.6.ia64.rpm ddddb9b88c82496eccab50ffc0173fc4 netpbm-devel-9.24-9.AS21.6.ia64.rpm b11ae66486d6d362984ba99ab972b4b3 netpbm-progs-9.24-9.AS21.6.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/netpbm-9.24-9.AS21.6.src.rpm f9ba7f06f41f2aa95d2d86931f2aa7fd netpbm-9.24-9.AS21.6.src.rpm i386: 360ae1d9aaef8544b3a1ca00a2feaa4b netpbm-9.24-9.AS21.6.i386.rpm c45c19f689ba6628ef0e609e00854d89 netpbm-devel-9.24-9.AS21.6.i386.rpm 6bc5d1878c9ebf6aaab762ed99bdfcfb netpbm-progs-9.24-9.AS21.6.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/netpbm-9.24-9.AS21.6.src.rpm f9ba7f06f41f2aa95d2d86931f2aa7fd netpbm-9.24-9.AS21.6.src.rpm i386: 360ae1d9aaef8544b3a1ca00a2feaa4b netpbm-9.24-9.AS21.6.i386.rpm c45c19f689ba6628ef0e609e00854d89 netpbm-devel-9.24-9.AS21.6.i386.rpm 6bc5d1878c9ebf6aaab762ed99bdfcfb netpbm-progs-9.24-9.AS21.6.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/netpbm-9.24-11.30.4.src.rpm 19ad9f0ab04dbd18bb443a2f894c34eb netpbm-9.24-11.30.4.src.rpm i386: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm 70469787c6d5c6b30e8a3dfd6398befb netpbm-devel-9.24-11.30.4.i386.rpm 4f09f963a50fd68ca3945b384d2c6f0c netpbm-progs-9.24-11.30.4.i386.rpm ia64: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm b60f5790cc03bcaf05efa8bcfce97f73 netpbm-9.24-11.30.4.ia64.rpm d04b6fb6473d8ba03c98d14b78780c52 netpbm-devel-9.24-11.30.4.ia64.rpm 277c76e67e11b69aa4d5c15cfb831715 netpbm-progs-9.24-11.30.4.ia64.rpm ppc: b2a3cd86dbd9927b0ba1b6189886bcb5 netpbm-9.24-11.30.4.ppc.rpm cab079cbf11baf472ce9b7d775dc897c netpbm-9.24-11.30.4.ppc64.rpm 37a16559b3e387d60c6095812dfa64a6 netpbm-devel-9.24-11.30.4.ppc.rpm ff27be9c5b2075bf3ca9e27e0fe14383 netpbm-progs-9.24-11.30.4.ppc.rpm s390: 2beab978ada99868ab0e9cc3180af5e2 netpbm-9.24-11.30.4.s390.rpm b8de7d98668ff912c0c1f80bcb06de56 netpbm-devel-9.24-11.30.4.s390.rpm b8907a301fef7ec9b53dc39cce290099 netpbm-progs-9.24-11.30.4.s390.rpm s390x: 2beab978ada99868ab0e9cc3180af5e2 netpbm-9.24-11.30.4.s390.rpm 1da23fee520b2afe4f598f14afffe7b2 netpbm-9.24-11.30.4.s390x.rpm dec2d8f223ebd2bf912bc6b3af987e42 netpbm-devel-9.24-11.30.4.s390x.rpm 8edfb12940f8ff15ab8e5043ed41b8bc netpbm-progs-9.24-11.30.4.s390x.rpm x86_64: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm e0ef48b3172d3be3ff41fb0165c92cec netpbm-9.24-11.30.4.x86_64.rpm 11101f273f9010346e2f66f0320dfeb2 netpbm-devel-9.24-11.30.4.x86_64.rpm 2daa6fadc97f817f4a1aac69d1730e9d netpbm-progs-9.24-11.30.4.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/netpbm-9.24-11.30.4.src.rpm 19ad9f0ab04dbd18bb443a2f894c34eb netpbm-9.24-11.30.4.src.rpm i386: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm 70469787c6d5c6b30e8a3dfd6398befb netpbm-devel-9.24-11.30.4.i386.rpm 4f09f963a50fd68ca3945b384d2c6f0c netpbm-progs-9.24-11.30.4.i386.rpm x86_64: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm e0ef48b3172d3be3ff41fb0165c92cec netpbm-9.24-11.30.4.x86_64.rpm 11101f273f9010346e2f66f0320dfeb2 netpbm-devel-9.24-11.30.4.x86_64.rpm 2daa6fadc97f817f4a1aac69d1730e9d netpbm-progs-9.24-11.30.4.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/netpbm-9.24-11.30.4.src.rpm 19ad9f0ab04dbd18bb443a2f894c34eb netpbm-9.24-11.30.4.src.rpm i386: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm 70469787c6d5c6b30e8a3dfd6398befb netpbm-devel-9.24-11.30.4.i386.rpm 4f09f963a50fd68ca3945b384d2c6f0c netpbm-progs-9.24-11.30.4.i386.rpm ia64: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm b60f5790cc03bcaf05efa8bcfce97f73 netpbm-9.24-11.30.4.ia64.rpm d04b6fb6473d8ba03c98d14b78780c52 netpbm-devel-9.24-11.30.4.ia64.rpm 277c76e67e11b69aa4d5c15cfb831715 netpbm-progs-9.24-11.30.4.ia64.rpm x86_64: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm e0ef48b3172d3be3ff41fb0165c92cec netpbm-9.24-11.30.4.x86_64.rpm 11101f273f9010346e2f66f0320dfeb2 netpbm-devel-9.24-11.30.4.x86_64.rpm 2daa6fadc97f817f4a1aac69d1730e9d netpbm-progs-9.24-11.30.4.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/netpbm-9.24-11.30.4.src.rpm 19ad9f0ab04dbd18bb443a2f894c34eb netpbm-9.24-11.30.4.src.rpm i386: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm 70469787c6d5c6b30e8a3dfd6398befb netpbm-devel-9.24-11.30.4.i386.rpm 4f09f963a50fd68ca3945b384d2c6f0c netpbm-progs-9.24-11.30.4.i386.rpm ia64: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm b60f5790cc03bcaf05efa8bcfce97f73 netpbm-9.24-11.30.4.ia64.rpm d04b6fb6473d8ba03c98d14b78780c52 netpbm-devel-9.24-11.30.4.ia64.rpm 277c76e67e11b69aa4d5c15cfb831715 netpbm-progs-9.24-11.30.4.ia64.rpm x86_64: 36cae065fd4d943f53a4eb76ab1fc6b0 netpbm-9.24-11.30.4.i386.rpm e0ef48b3172d3be3ff41fb0165c92cec netpbm-9.24-11.30.4.x86_64.rpm 11101f273f9010346e2f66f0320dfeb2 netpbm-devel-9.24-11.30.4.x86_64.rpm 2daa6fadc97f817f4a1aac69d1730e9d netpbm-progs-9.24-11.30.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3632 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3662 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDqB/hXlSAg2UNWIIRAgc+AJ0bjqkC48Nafghjh+oeIiWlHtDJ4wCfVRr2 AJhyAG7cNTBLyQzxts6KzuY= =4OR+ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 20 15:18:18 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 Dec 2005 10:18:18 -0500 Subject: [RHSA-2005:864-01] Important: udev security update Message-ID: <200512201518.jBKFIIDb021187@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: udev security update Advisory ID: RHSA-2005:864-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-864.html Issue date: 2005-12-20 Updated on: 2005-12-20 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3631 - --------------------------------------------------------------------- 1. Summary: Updated udev packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The udev package contains an implementation of devfs in userspace using sysfs and /sbin/hotplug. Richard Cunningham discovered a flaw in the way udev sets permissions on various files in /dev/input. It may be possible for an authenticated attacker to gather sensitive data entered by a user at the console, such as passwords. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3631 to this issue. All users of udev should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 174845 - CVE-2005-3631 /dev/input/* incorrect permissions 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/udev-039-10.10.EL4.3.src.rpm 479e8b3ac5f9ca72193827d40e0fdd13 udev-039-10.10.EL4.3.src.rpm i386: 0f694e4ae57487ce5e2c23627f8076ce udev-039-10.10.EL4.3.i386.rpm ia64: 117b4faf0ff4c5204b27f84da509e5eb udev-039-10.10.EL4.3.ia64.rpm ppc: e80ead84ea6e72323006f5f1cdcde4f1 udev-039-10.10.EL4.3.ppc.rpm s390: bf2a4abfe19dd9d37296e002d8308f74 udev-039-10.10.EL4.3.s390.rpm s390x: 60b1c19d6b0c198054032c943368e633 udev-039-10.10.EL4.3.s390x.rpm x86_64: 2dd7e790e730dc1e5b64048e02e90225 udev-039-10.10.EL4.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/udev-039-10.10.EL4.3.src.rpm 479e8b3ac5f9ca72193827d40e0fdd13 udev-039-10.10.EL4.3.src.rpm i386: 0f694e4ae57487ce5e2c23627f8076ce udev-039-10.10.EL4.3.i386.rpm x86_64: 2dd7e790e730dc1e5b64048e02e90225 udev-039-10.10.EL4.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/udev-039-10.10.EL4.3.src.rpm 479e8b3ac5f9ca72193827d40e0fdd13 udev-039-10.10.EL4.3.src.rpm i386: 0f694e4ae57487ce5e2c23627f8076ce udev-039-10.10.EL4.3.i386.rpm ia64: 117b4faf0ff4c5204b27f84da509e5eb udev-039-10.10.EL4.3.ia64.rpm x86_64: 2dd7e790e730dc1e5b64048e02e90225 udev-039-10.10.EL4.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/udev-039-10.10.EL4.3.src.rpm 479e8b3ac5f9ca72193827d40e0fdd13 udev-039-10.10.EL4.3.src.rpm i386: 0f694e4ae57487ce5e2c23627f8076ce udev-039-10.10.EL4.3.i386.rpm ia64: 117b4faf0ff4c5204b27f84da509e5eb udev-039-10.10.EL4.3.ia64.rpm x86_64: 2dd7e790e730dc1e5b64048e02e90225 udev-039-10.10.EL4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3631 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDqCCvXlSAg2UNWIIRAigZAJ9K2rGNCa6VkcvF2vs5pGe3J7khcwCfYmAX NF7I3mQ5i9BTYm1D9R0UUCs= =9r5j -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 20 15:18:50 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 Dec 2005 10:18:50 -0500 Subject: [RHSA-2005:867-01] Important: gpdf security update Message-ID: <200512201518.jBKFIoim021315@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: gpdf security update Advisory ID: RHSA-2005:867-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-867.html Issue date: 2005-12-20 Updated on: 2005-12-20 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 - --------------------------------------------------------------------- 1. Summary: An updated gpdf package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The gpdf package is a GNOME based viewer for Portable Document Format (PDF) files. Several flaws were discovered in gpdf. An attacker could construct a carefully crafted PDF file that could cause gpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, and CVE-2005-3193 to these issues. Users of gpdf should upgrade to this updated package, which contains a backported patch to resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 175100 - CVE-2005-3193 xpdf issues (CVE-2005-3191 CVE-2005-3192) 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gpdf-2.8.2-7.3.src.rpm b365aac32d140ef324ab0eb2c7cf3bfd gpdf-2.8.2-7.3.src.rpm i386: a3f8659efab116042f37cfc9d227dc82 gpdf-2.8.2-7.3.i386.rpm ia64: d429fc7fef00acef1468cddd11d2bbea gpdf-2.8.2-7.3.ia64.rpm ppc: af418aad8b7c3b556359d41b42860745 gpdf-2.8.2-7.3.ppc.rpm s390: dc073f271f99420aea8d2bf7a3fc13a4 gpdf-2.8.2-7.3.s390.rpm s390x: 3978d2d5f302b2313f6a06162dffdc20 gpdf-2.8.2-7.3.s390x.rpm x86_64: e7aff4c218078b599959d90b968fffd0 gpdf-2.8.2-7.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gpdf-2.8.2-7.3.src.rpm b365aac32d140ef324ab0eb2c7cf3bfd gpdf-2.8.2-7.3.src.rpm i386: a3f8659efab116042f37cfc9d227dc82 gpdf-2.8.2-7.3.i386.rpm x86_64: e7aff4c218078b599959d90b968fffd0 gpdf-2.8.2-7.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gpdf-2.8.2-7.3.src.rpm b365aac32d140ef324ab0eb2c7cf3bfd gpdf-2.8.2-7.3.src.rpm i386: a3f8659efab116042f37cfc9d227dc82 gpdf-2.8.2-7.3.i386.rpm ia64: d429fc7fef00acef1468cddd11d2bbea gpdf-2.8.2-7.3.ia64.rpm x86_64: e7aff4c218078b599959d90b968fffd0 gpdf-2.8.2-7.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gpdf-2.8.2-7.3.src.rpm b365aac32d140ef324ab0eb2c7cf3bfd gpdf-2.8.2-7.3.src.rpm i386: a3f8659efab116042f37cfc9d227dc82 gpdf-2.8.2-7.3.i386.rpm ia64: d429fc7fef00acef1468cddd11d2bbea gpdf-2.8.2-7.3.ia64.rpm x86_64: e7aff4c218078b599959d90b968fffd0 gpdf-2.8.2-7.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDqCDHXlSAg2UNWIIRApynAJ9nt+b/3/h5qyf+1sVMMvFq08pn0QCgui0T 70JHzFYMlday2f7El0UuEQ8= =PPty -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 20 15:19:44 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 Dec 2005 10:19:44 -0500 Subject: [RHSA-2005:868-01] Important: kdegraphics security update Message-ID: <200512201519.jBKFJiJB021598@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kdegraphics security update Advisory ID: RHSA-2005:868-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-868.html Issue date: 2005-12-20 Updated on: 2005-12-20 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 - --------------------------------------------------------------------- 1. Summary: Updated kdegraphics packages that resolve several security issues in kpdf are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. Several flaws were discovered in kpdf. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, and CVE-2005-3193 to these issues. Users of kpdf should upgrade to these updated packages, which contain a backported patch to resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 175105 - CVE-2005-3193 xpdf issues (CVE-2005-3191 CVE-2005-3192) 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdegraphics-3.3.1-3.6.src.rpm d72af47a55eabd5bfd0f95538951007d kdegraphics-3.3.1-3.6.src.rpm i386: 216eabcf4313d5a3a66f849cc446cdaf kdegraphics-3.3.1-3.6.i386.rpm 6558e85cef158b8c45e7069cc2a567b4 kdegraphics-devel-3.3.1-3.6.i386.rpm ia64: 7859a256f616e79311a5faf64227bfdf kdegraphics-3.3.1-3.6.ia64.rpm 7f4312d4a79011edd8694f3b19106e78 kdegraphics-devel-3.3.1-3.6.ia64.rpm ppc: 0beeafa85a6715a4040b7355bd21fda5 kdegraphics-3.3.1-3.6.ppc.rpm 4b4880c8edd72320b0fe475cb245a8e2 kdegraphics-devel-3.3.1-3.6.ppc.rpm s390: 64bfbe394e5988987ab7d1784361e39a kdegraphics-3.3.1-3.6.s390.rpm 557cc641cf9c85e0dc44335b747e8970 kdegraphics-devel-3.3.1-3.6.s390.rpm s390x: cf7f965ab80723da2775442c931590d8 kdegraphics-3.3.1-3.6.s390x.rpm b475339a5a98ddda8abf6f1b3838b5c0 kdegraphics-devel-3.3.1-3.6.s390x.rpm x86_64: b68f28b7ceb0a76d5a34cc02c4f6aeaf kdegraphics-3.3.1-3.6.x86_64.rpm 358bd292294d3e5bf6c71da1f7349a0d kdegraphics-devel-3.3.1-3.6.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdegraphics-3.3.1-3.6.src.rpm d72af47a55eabd5bfd0f95538951007d kdegraphics-3.3.1-3.6.src.rpm i386: 216eabcf4313d5a3a66f849cc446cdaf kdegraphics-3.3.1-3.6.i386.rpm 6558e85cef158b8c45e7069cc2a567b4 kdegraphics-devel-3.3.1-3.6.i386.rpm x86_64: b68f28b7ceb0a76d5a34cc02c4f6aeaf kdegraphics-3.3.1-3.6.x86_64.rpm 358bd292294d3e5bf6c71da1f7349a0d kdegraphics-devel-3.3.1-3.6.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdegraphics-3.3.1-3.6.src.rpm d72af47a55eabd5bfd0f95538951007d kdegraphics-3.3.1-3.6.src.rpm i386: 216eabcf4313d5a3a66f849cc446cdaf kdegraphics-3.3.1-3.6.i386.rpm 6558e85cef158b8c45e7069cc2a567b4 kdegraphics-devel-3.3.1-3.6.i386.rpm ia64: 7859a256f616e79311a5faf64227bfdf kdegraphics-3.3.1-3.6.ia64.rpm 7f4312d4a79011edd8694f3b19106e78 kdegraphics-devel-3.3.1-3.6.ia64.rpm x86_64: b68f28b7ceb0a76d5a34cc02c4f6aeaf kdegraphics-3.3.1-3.6.x86_64.rpm 358bd292294d3e5bf6c71da1f7349a0d kdegraphics-devel-3.3.1-3.6.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdegraphics-3.3.1-3.6.src.rpm d72af47a55eabd5bfd0f95538951007d kdegraphics-3.3.1-3.6.src.rpm i386: 216eabcf4313d5a3a66f849cc446cdaf kdegraphics-3.3.1-3.6.i386.rpm 6558e85cef158b8c45e7069cc2a567b4 kdegraphics-devel-3.3.1-3.6.i386.rpm ia64: 7859a256f616e79311a5faf64227bfdf kdegraphics-3.3.1-3.6.ia64.rpm 7f4312d4a79011edd8694f3b19106e78 kdegraphics-devel-3.3.1-3.6.ia64.rpm x86_64: b68f28b7ceb0a76d5a34cc02c4f6aeaf kdegraphics-3.3.1-3.6.x86_64.rpm 358bd292294d3e5bf6c71da1f7349a0d kdegraphics-devel-3.3.1-3.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDqCECXlSAg2UNWIIRAjE+AJ9LngBmern3q+WIU6KEmNn6NdIQzgCgjEd/ fo5pTSXVGAQPpznm0bgNd7U= =tQeM -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 20 15:20:21 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 Dec 2005 10:20:21 -0500 Subject: [RHSA-2005:875-01] Moderate: curl security update Message-ID: <200512201520.jBKFKLIV022290@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: curl security update Advisory ID: RHSA-2005:875-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-875.html Issue date: 2005-12-20 Updated on: 2005-12-20 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-4077 - --------------------------------------------------------------------- 1. Summary: Updated curl packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. Stefan Esser discovered an off-by-one bug in curl. It may be possible to execute arbitrary code on a user's machine if the user can be tricked into executing curl with a carefully crafted URL. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-4077 to this issue. All users of curl are advised to upgrade to these updated packages, which contain a backported patch that resolves this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 175266 - CVE-2005-4077 SA17907 cURL/libcURL URL Parsing Off-By-One Vulnerability 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/curl-7.12.1-8.rhel4.src.rpm 83b66ac5f655c0675c73a754fb36968f curl-7.12.1-8.rhel4.src.rpm i386: 8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm 40e4373395a73d48813e5826302217ce curl-devel-7.12.1-8.rhel4.i386.rpm ia64: 8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm db6a1983890b2d4b9c087047703ffbfa curl-7.12.1-8.rhel4.ia64.rpm c1ee175858e2694554850a6074e05a78 curl-devel-7.12.1-8.rhel4.ia64.rpm ppc: c102b9482bfea7ed549468cbd527643a curl-7.12.1-8.rhel4.ppc.rpm 5dca0663e9cea384f6c4b07d2b2c819e curl-7.12.1-8.rhel4.ppc64.rpm 1d695a5ff574dfb7e04ad1f71eed6334 curl-devel-7.12.1-8.rhel4.ppc.rpm s390: 71d21e63880d3f4f620e5bb7c2aa7786 curl-7.12.1-8.rhel4.s390.rpm 95b81b8528ed3f77e72ba904b3438f6c curl-devel-7.12.1-8.rhel4.s390.rpm s390x: 71d21e63880d3f4f620e5bb7c2aa7786 curl-7.12.1-8.rhel4.s390.rpm 2975ba72bc7b028a73cb8f34c4e02c7c curl-7.12.1-8.rhel4.s390x.rpm e1f25c48b701ba616cf9cc8f340107f4 curl-devel-7.12.1-8.rhel4.s390x.rpm x86_64: 8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm cac21a3c7f52b473547a7537a777c240 curl-7.12.1-8.rhel4.x86_64.rpm 257b3566961c1e49ae9ab8b92cf9584b curl-devel-7.12.1-8.rhel4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/curl-7.12.1-8.rhel4.src.rpm 83b66ac5f655c0675c73a754fb36968f curl-7.12.1-8.rhel4.src.rpm i386: 8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm 40e4373395a73d48813e5826302217ce curl-devel-7.12.1-8.rhel4.i386.rpm x86_64: 8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm cac21a3c7f52b473547a7537a777c240 curl-7.12.1-8.rhel4.x86_64.rpm 257b3566961c1e49ae9ab8b92cf9584b curl-devel-7.12.1-8.rhel4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/curl-7.12.1-8.rhel4.src.rpm 83b66ac5f655c0675c73a754fb36968f curl-7.12.1-8.rhel4.src.rpm i386: 8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm 40e4373395a73d48813e5826302217ce curl-devel-7.12.1-8.rhel4.i386.rpm ia64: 8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm db6a1983890b2d4b9c087047703ffbfa curl-7.12.1-8.rhel4.ia64.rpm c1ee175858e2694554850a6074e05a78 curl-devel-7.12.1-8.rhel4.ia64.rpm x86_64: 8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm cac21a3c7f52b473547a7537a777c240 curl-7.12.1-8.rhel4.x86_64.rpm 257b3566961c1e49ae9ab8b92cf9584b curl-devel-7.12.1-8.rhel4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/curl-7.12.1-8.rhel4.src.rpm 83b66ac5f655c0675c73a754fb36968f curl-7.12.1-8.rhel4.src.rpm i386: 8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm 40e4373395a73d48813e5826302217ce curl-devel-7.12.1-8.rhel4.i386.rpm ia64: 8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm db6a1983890b2d4b9c087047703ffbfa curl-7.12.1-8.rhel4.ia64.rpm c1ee175858e2694554850a6074e05a78 curl-devel-7.12.1-8.rhel4.ia64.rpm x86_64: 8eb8d6c18a0098a29c74762e3b5917b1 curl-7.12.1-8.rhel4.i386.rpm cac21a3c7f52b473547a7537a777c240 curl-7.12.1-8.rhel4.x86_64.rpm 257b3566961c1e49ae9ab8b92cf9584b curl-devel-7.12.1-8.rhel4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDqCEgXlSAg2UNWIIRAnL2AJ0au7M8t7kLNAiN35uoOkG9/JecCwCeOuRH wp99YbwLnuDepBeiq0ULGOc= =omxg -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 20 15:20:57 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 Dec 2005 10:20:57 -0500 Subject: [RHSA-2005:878-01] Important: cups security update Message-ID: <200512201520.jBKFKwWx023165@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: cups security update Advisory ID: RHSA-2005:878-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-878.html Issue date: 2005-12-20 Updated on: 2005-12-20 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 - --------------------------------------------------------------------- 1. Summary: Updated CUPS packages that fix multiple security issues are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Several flaws were discovered in the way CUPS processes PDF files. An attacker could construct a carefully crafted PDF file that could cause CUPS to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, and CVE-2005-3193 to these issues. All users of CUPS should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 175645 - CVE-2005-3193 xpdf issues (CVE-2005-3191 CVE-2005-3192) 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cups-1.1.17-13.3.34.src.rpm 5053f756d66be461123f8f31ed613588 cups-1.1.17-13.3.34.src.rpm i386: 6ae0b5bb5a2e0163ae2a3ced2578f454 cups-1.1.17-13.3.34.i386.rpm 8286175d3e766671964412c5e64a9cc2 cups-devel-1.1.17-13.3.34.i386.rpm 881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm ia64: 2b5227adaa4067c3ae00123b111ec202 cups-1.1.17-13.3.34.ia64.rpm bc4eb43419e0914d27ae7e28272fbc62 cups-devel-1.1.17-13.3.34.ia64.rpm 881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm 4130b86879fd4560b8ce7425415f50de cups-libs-1.1.17-13.3.34.ia64.rpm ppc: 36b424532fa9e47ec5464d2ce3ddee9c cups-1.1.17-13.3.34.ppc.rpm 6dd01d61c3a8245ce2f9b4aa93a404f6 cups-devel-1.1.17-13.3.34.ppc.rpm 95798e222ce9388ca26d52306d91bf79 cups-libs-1.1.17-13.3.34.ppc.rpm 4119d70822a8b14b70d0693adcc24a84 cups-libs-1.1.17-13.3.34.ppc64.rpm s390: 50cb26f6a50c17e5832e1b2729429920 cups-1.1.17-13.3.34.s390.rpm 9285ffc9691aae167241b80cd191cf4b cups-devel-1.1.17-13.3.34.s390.rpm 3a97374955e71eb48fd249fd67ec07a4 cups-libs-1.1.17-13.3.34.s390.rpm s390x: 848068e7af6be3c449ec8727ffc4c096 cups-1.1.17-13.3.34.s390x.rpm d286c2a1183a0e51abbf1d5190b8ec16 cups-devel-1.1.17-13.3.34.s390x.rpm 3a97374955e71eb48fd249fd67ec07a4 cups-libs-1.1.17-13.3.34.s390.rpm d88f8c43f5e4037a0a2d0abb328b54a5 cups-libs-1.1.17-13.3.34.s390x.rpm x86_64: 101cb50eb0d1c5af24a4706fd9366827 cups-1.1.17-13.3.34.x86_64.rpm 44c3d1ccbdaa8f3b388815f77eff86f9 cups-devel-1.1.17-13.3.34.x86_64.rpm 881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm be321cf14f72587d6fb9aeea6f3cd4b0 cups-libs-1.1.17-13.3.34.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cups-1.1.17-13.3.34.src.rpm 5053f756d66be461123f8f31ed613588 cups-1.1.17-13.3.34.src.rpm i386: 6ae0b5bb5a2e0163ae2a3ced2578f454 cups-1.1.17-13.3.34.i386.rpm 8286175d3e766671964412c5e64a9cc2 cups-devel-1.1.17-13.3.34.i386.rpm 881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm x86_64: 101cb50eb0d1c5af24a4706fd9366827 cups-1.1.17-13.3.34.x86_64.rpm 44c3d1ccbdaa8f3b388815f77eff86f9 cups-devel-1.1.17-13.3.34.x86_64.rpm 881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm be321cf14f72587d6fb9aeea6f3cd4b0 cups-libs-1.1.17-13.3.34.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cups-1.1.17-13.3.34.src.rpm 5053f756d66be461123f8f31ed613588 cups-1.1.17-13.3.34.src.rpm i386: 6ae0b5bb5a2e0163ae2a3ced2578f454 cups-1.1.17-13.3.34.i386.rpm 8286175d3e766671964412c5e64a9cc2 cups-devel-1.1.17-13.3.34.i386.rpm 881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm ia64: 2b5227adaa4067c3ae00123b111ec202 cups-1.1.17-13.3.34.ia64.rpm bc4eb43419e0914d27ae7e28272fbc62 cups-devel-1.1.17-13.3.34.ia64.rpm 881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm 4130b86879fd4560b8ce7425415f50de cups-libs-1.1.17-13.3.34.ia64.rpm x86_64: 101cb50eb0d1c5af24a4706fd9366827 cups-1.1.17-13.3.34.x86_64.rpm 44c3d1ccbdaa8f3b388815f77eff86f9 cups-devel-1.1.17-13.3.34.x86_64.rpm 881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm be321cf14f72587d6fb9aeea6f3cd4b0 cups-libs-1.1.17-13.3.34.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cups-1.1.17-13.3.34.src.rpm 5053f756d66be461123f8f31ed613588 cups-1.1.17-13.3.34.src.rpm i386: 6ae0b5bb5a2e0163ae2a3ced2578f454 cups-1.1.17-13.3.34.i386.rpm 8286175d3e766671964412c5e64a9cc2 cups-devel-1.1.17-13.3.34.i386.rpm 881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm ia64: 2b5227adaa4067c3ae00123b111ec202 cups-1.1.17-13.3.34.ia64.rpm bc4eb43419e0914d27ae7e28272fbc62 cups-devel-1.1.17-13.3.34.ia64.rpm 881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm 4130b86879fd4560b8ce7425415f50de cups-libs-1.1.17-13.3.34.ia64.rpm x86_64: 101cb50eb0d1c5af24a4706fd9366827 cups-1.1.17-13.3.34.x86_64.rpm 44c3d1ccbdaa8f3b388815f77eff86f9 cups-devel-1.1.17-13.3.34.x86_64.rpm 881034b340bd7fe9ac3d34cd9d269195 cups-libs-1.1.17-13.3.34.i386.rpm be321cf14f72587d6fb9aeea6f3cd4b0 cups-libs-1.1.17-13.3.34.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cups-1.1.22-0.rc1.9.9.src.rpm d718800ea8bb89d10541219c418a1e5e cups-1.1.22-0.rc1.9.9.src.rpm i386: f750dba7bddeed26ad1246a13d67b4cc cups-1.1.22-0.rc1.9.9.i386.rpm 75f3d226a45dc479659d3d8a841d92b0 cups-devel-1.1.22-0.rc1.9.9.i386.rpm 4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm ia64: fce05f1785514904e476428c143cacbf cups-1.1.22-0.rc1.9.9.ia64.rpm ebf3ca248025a33cbb432f3f51dac1f3 cups-devel-1.1.22-0.rc1.9.9.ia64.rpm 4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm d673d6538e126c4374be81bf513000f2 cups-libs-1.1.22-0.rc1.9.9.ia64.rpm ppc: 01c56000521d94ec20114c5d2fc9352a cups-1.1.22-0.rc1.9.9.ppc.rpm 5feab7e486e2044e721dcfe189564367 cups-devel-1.1.22-0.rc1.9.9.ppc.rpm eaf2422032dc92e48bcd8edaefe2bd30 cups-libs-1.1.22-0.rc1.9.9.ppc.rpm f826ff1b99dd00a120123eda6bcc3890 cups-libs-1.1.22-0.rc1.9.9.ppc64.rpm s390: f5ba40ec0ca7ec1e299ba2e83a54418a cups-1.1.22-0.rc1.9.9.s390.rpm fc53e26073e8c43f3bef1b35f23ec242 cups-devel-1.1.22-0.rc1.9.9.s390.rpm 59f346d414766d86c69fc8ef135b2ce8 cups-libs-1.1.22-0.rc1.9.9.s390.rpm s390x: 1cd6f5df3663a21dce64c3a84d96f2ed cups-1.1.22-0.rc1.9.9.s390x.rpm 16c8b331fd9484161427aa3f2bca5bfe cups-devel-1.1.22-0.rc1.9.9.s390x.rpm 59f346d414766d86c69fc8ef135b2ce8 cups-libs-1.1.22-0.rc1.9.9.s390.rpm d14b17dee1958bf7dcd105f1997b515b cups-libs-1.1.22-0.rc1.9.9.s390x.rpm x86_64: 8930858f2aa35547ef280ca80b2fbbf1 cups-1.1.22-0.rc1.9.9.x86_64.rpm 1451d04888bb8285c4eff2f39843dcf9 cups-devel-1.1.22-0.rc1.9.9.x86_64.rpm 4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm 0663930f0ad6bb3648c71ab252c7e37d cups-libs-1.1.22-0.rc1.9.9.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cups-1.1.22-0.rc1.9.9.src.rpm d718800ea8bb89d10541219c418a1e5e cups-1.1.22-0.rc1.9.9.src.rpm i386: f750dba7bddeed26ad1246a13d67b4cc cups-1.1.22-0.rc1.9.9.i386.rpm 75f3d226a45dc479659d3d8a841d92b0 cups-devel-1.1.22-0.rc1.9.9.i386.rpm 4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm x86_64: 8930858f2aa35547ef280ca80b2fbbf1 cups-1.1.22-0.rc1.9.9.x86_64.rpm 1451d04888bb8285c4eff2f39843dcf9 cups-devel-1.1.22-0.rc1.9.9.x86_64.rpm 4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm 0663930f0ad6bb3648c71ab252c7e37d cups-libs-1.1.22-0.rc1.9.9.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cups-1.1.22-0.rc1.9.9.src.rpm d718800ea8bb89d10541219c418a1e5e cups-1.1.22-0.rc1.9.9.src.rpm i386: f750dba7bddeed26ad1246a13d67b4cc cups-1.1.22-0.rc1.9.9.i386.rpm 75f3d226a45dc479659d3d8a841d92b0 cups-devel-1.1.22-0.rc1.9.9.i386.rpm 4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm ia64: fce05f1785514904e476428c143cacbf cups-1.1.22-0.rc1.9.9.ia64.rpm ebf3ca248025a33cbb432f3f51dac1f3 cups-devel-1.1.22-0.rc1.9.9.ia64.rpm 4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm d673d6538e126c4374be81bf513000f2 cups-libs-1.1.22-0.rc1.9.9.ia64.rpm x86_64: 8930858f2aa35547ef280ca80b2fbbf1 cups-1.1.22-0.rc1.9.9.x86_64.rpm 1451d04888bb8285c4eff2f39843dcf9 cups-devel-1.1.22-0.rc1.9.9.x86_64.rpm 4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm 0663930f0ad6bb3648c71ab252c7e37d cups-libs-1.1.22-0.rc1.9.9.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cups-1.1.22-0.rc1.9.9.src.rpm d718800ea8bb89d10541219c418a1e5e cups-1.1.22-0.rc1.9.9.src.rpm i386: f750dba7bddeed26ad1246a13d67b4cc cups-1.1.22-0.rc1.9.9.i386.rpm 75f3d226a45dc479659d3d8a841d92b0 cups-devel-1.1.22-0.rc1.9.9.i386.rpm 4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm ia64: fce05f1785514904e476428c143cacbf cups-1.1.22-0.rc1.9.9.ia64.rpm ebf3ca248025a33cbb432f3f51dac1f3 cups-devel-1.1.22-0.rc1.9.9.ia64.rpm 4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm d673d6538e126c4374be81bf513000f2 cups-libs-1.1.22-0.rc1.9.9.ia64.rpm x86_64: 8930858f2aa35547ef280ca80b2fbbf1 cups-1.1.22-0.rc1.9.9.x86_64.rpm 1451d04888bb8285c4eff2f39843dcf9 cups-devel-1.1.22-0.rc1.9.9.x86_64.rpm 4b3f8ea8167580e91849649f82c44349 cups-libs-1.1.22-0.rc1.9.9.i386.rpm 0663930f0ad6bb3648c71ab252c7e37d cups-libs-1.1.22-0.rc1.9.9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDqCFBXlSAg2UNWIIRAtQZAJ0S9fuOETzgC8P1thEnk7L+PGG2IwCfeRIJ MSfcuhoHq7Rhw6Otbjcm2sQ= =SxR3 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 20 15:21:31 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 Dec 2005 10:21:31 -0500 Subject: [RHSA-2005:880-01] Moderate: perl security update Message-ID: <200512201521.jBKFLWll023923@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: perl security update Advisory ID: RHSA-2005:880-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-880.html Issue date: 2005-12-20 Updated on: 2005-12-20 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3962 - --------------------------------------------------------------------- 1. Summary: Updated Perl packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Perl is a high-level programming language commonly used for system administration utilities and Web programming. An integer overflow bug was found in Perl's format string processor. It is possible for an attacker to cause perl to crash or execute arbitrary code if the attacker is able to process a malicious format string. This issue is only exploitable through a script which passes arbitrary untrusted strings to the format string processor. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3962 to this issue. Users of Perl are advised to upgrade to these updated packages, which contain backported patches to correct these issues as well as fixes for several bugs. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 170088 - bits/resource.ph has syntax errors 171111 - (libperl) could not run system-config-printer 172327 - getgrnam() crashes with "Out of memory" if /etc/group contains long lines 174683 - CVE-2005-3962 Perl integer overflow issue 175104 - MakeMaker::MM_Unix doesn't honor LD_RUN_PATH requirements 175129 - missing C standard headers 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/perl-5.8.5-24.RHEL4.src.rpm 44fee2aba88f5e9f95c6380f59d96168 perl-5.8.5-24.RHEL4.src.rpm i386: 41acc2458d49e5993f2166e4e3011158 perl-5.8.5-24.RHEL4.i386.rpm fc333a6a5b0823ae264ccc0034d16d3b perl-suidperl-5.8.5-24.RHEL4.i386.rpm ia64: bce950fab06eac39fabf74060746e50a perl-5.8.5-24.RHEL4.ia64.rpm 70ab2ffbeac438218a37f295dac5308e perl-suidperl-5.8.5-24.RHEL4.ia64.rpm ppc: 9865ec5607eb3ef32a39d1ba5969d34a perl-5.8.5-24.RHEL4.ppc.rpm 62c2ce1ff78671de1fca6bb34fc29fc5 perl-suidperl-5.8.5-24.RHEL4.ppc.rpm s390: b62ef568796c54ef8e0d8defb3931f41 perl-5.8.5-24.RHEL4.s390.rpm e3fe98dd7c5b19aefc38597bab186327 perl-suidperl-5.8.5-24.RHEL4.s390.rpm s390x: b76f72b60b736d4c143bf8cbb435c789 perl-5.8.5-24.RHEL4.s390x.rpm c55fbbc676950f192923a526fa0c2177 perl-suidperl-5.8.5-24.RHEL4.s390x.rpm x86_64: 21b444319af3893c7dfc522fd81b8a3f perl-5.8.5-24.RHEL4.x86_64.rpm 20880d1430449d763eb54688e2ab6f24 perl-suidperl-5.8.5-24.RHEL4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/perl-5.8.5-24.RHEL4.src.rpm 44fee2aba88f5e9f95c6380f59d96168 perl-5.8.5-24.RHEL4.src.rpm i386: 41acc2458d49e5993f2166e4e3011158 perl-5.8.5-24.RHEL4.i386.rpm fc333a6a5b0823ae264ccc0034d16d3b perl-suidperl-5.8.5-24.RHEL4.i386.rpm x86_64: 21b444319af3893c7dfc522fd81b8a3f perl-5.8.5-24.RHEL4.x86_64.rpm 20880d1430449d763eb54688e2ab6f24 perl-suidperl-5.8.5-24.RHEL4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/perl-5.8.5-24.RHEL4.src.rpm 44fee2aba88f5e9f95c6380f59d96168 perl-5.8.5-24.RHEL4.src.rpm i386: 41acc2458d49e5993f2166e4e3011158 perl-5.8.5-24.RHEL4.i386.rpm fc333a6a5b0823ae264ccc0034d16d3b perl-suidperl-5.8.5-24.RHEL4.i386.rpm ia64: bce950fab06eac39fabf74060746e50a perl-5.8.5-24.RHEL4.ia64.rpm 70ab2ffbeac438218a37f295dac5308e perl-suidperl-5.8.5-24.RHEL4.ia64.rpm x86_64: 21b444319af3893c7dfc522fd81b8a3f perl-5.8.5-24.RHEL4.x86_64.rpm 20880d1430449d763eb54688e2ab6f24 perl-suidperl-5.8.5-24.RHEL4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/perl-5.8.5-24.RHEL4.src.rpm 44fee2aba88f5e9f95c6380f59d96168 perl-5.8.5-24.RHEL4.src.rpm i386: 41acc2458d49e5993f2166e4e3011158 perl-5.8.5-24.RHEL4.i386.rpm fc333a6a5b0823ae264ccc0034d16d3b perl-suidperl-5.8.5-24.RHEL4.i386.rpm ia64: bce950fab06eac39fabf74060746e50a perl-5.8.5-24.RHEL4.ia64.rpm 70ab2ffbeac438218a37f295dac5308e perl-suidperl-5.8.5-24.RHEL4.ia64.rpm x86_64: 21b444319af3893c7dfc522fd81b8a3f perl-5.8.5-24.RHEL4.x86_64.rpm 20880d1430449d763eb54688e2ab6f24 perl-suidperl-5.8.5-24.RHEL4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDqCFnXlSAg2UNWIIRAlmEAJ9WwF1K5PXv6gboYPhhjxFz0ZOyCACeLcYR AJEcdbkFKKYfo/JGrjFkTeE= =R4d5 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 20 15:22:06 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 Dec 2005 10:22:06 -0500 Subject: [RHSA-2005:881-01] Moderate: perl security update Message-ID: <200512201522.jBKFM8RD024706@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: perl security update Advisory ID: RHSA-2005:881-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-881.html Issue date: 2005-12-20 Updated on: 2005-12-20 Product: Red Hat Enterprise Linux CVE Names: CVE-2004-0976 CVE-2005-0448 CVE-2005-3962 - --------------------------------------------------------------------- 1. Summary: Updated Perl packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Perl is a high-level programming language commonly used for system administration utilities and Web programming. An integer overflow bug was found in Perl's format string processor. It is possible for an attacker to cause perl to crash or execute arbitrary code if the attacker is able to process a malicious format string. This issue is only exploitable through a script wich passes arbitrary untrusted strings to the format string processor. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3962 to this issue. Paul Szabo discovered a bug in the way Perl's File::Path::rmtree module removed directory trees. If a local user has write permissions to a subdirectory within the tree being removed by File::Path::rmtree, it is possible for them to create setuid binary files. (CVE-2005-0448) Solar Designer discovered several temporary file bugs in various Perl modules. A local attacker could overwrite or create files as the user running a Perl script that uses a vulnerable module. (CVE-2004-0976) Users of Perl are advised to upgrade to these updated packages, which contain backported patches to correct these issues as well as fixes for several bugs. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 123176 - [RFE] Need new perl rpm release that fixes threaded memory leak 135975 - Perl's 'study' function breaks regexp matching 136325 - CVE-2004-0976 temporary file vulnerabilities in Perl 137075 - Apparent utf8 bug in Perl's join() 145215 - garbage after split() 147946 - Man::Pod does not return true 161053 - CVE-2005-0448 perl File::Path.pm rmtree race condition 165078 - Broken POSIX in perl-5.8.0 166732 - 'split'/'index' problem for utf8 172160 - perl bug # 22372: SIGSEGV in sv_chop() 172256 - bits/resource.ph has syntax errors 172317 - (libperl) could not run system-config-printer 174717 - CVE-2005-3962 Perl integer overflow issue 175135 - Cannot set undef timeout in perl 5.8.0 IO::Socket 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/perl-5.8.0-90.4.src.rpm 732162aa9a88b4779706cc1cc06344f9 perl-5.8.0-90.4.src.rpm i386: 78177ebde77064068ebf925cc15b1d67 perl-5.8.0-90.4.i386.rpm 69441cfee13c7e04766f9e714b051a4b perl-CGI-2.89-90.4.i386.rpm 92ac8571485d4e56c12b835483728737 perl-CPAN-1.61-90.4.i386.rpm e629b861b7fcd2f917c421c79706682d perl-DB_File-1.806-90.4.i386.rpm b113523d560d3c27923a09994c5b54e2 perl-suidperl-5.8.0-90.4.i386.rpm ia64: f3493073826f80edbfee6d980af7cc6a perl-5.8.0-90.4.ia64.rpm c6dd319875d4b081955919c9f8b3eeba perl-CGI-2.89-90.4.ia64.rpm 69b76323d8bc7f3f5b40763d4260c476 perl-CPAN-1.61-90.4.ia64.rpm 4031db198bf03d9410400124ef185dff perl-DB_File-1.806-90.4.ia64.rpm 7d14344fa92c85506b713c4b3551f19f perl-suidperl-5.8.0-90.4.ia64.rpm ppc: 20663b13234fad4e533a042c2ea2e078 perl-5.8.0-90.4.ppc.rpm 2a16d5691e90218ac70a810a436274e1 perl-CGI-2.89-90.4.ppc.rpm 61992925635d3b993bd303076b692e0e perl-CPAN-1.61-90.4.ppc.rpm 4c8895c132b00d975df57ae618a8fd4a perl-DB_File-1.806-90.4.ppc.rpm 12c9bb78fa07b099d0bfc20900479c0a perl-suidperl-5.8.0-90.4.ppc.rpm s390: b59b220721d5a0824d67b4e7647ea735 perl-5.8.0-90.4.s390.rpm 6b6d19548c4c078dc64cf5060421109e perl-CGI-2.89-90.4.s390.rpm b51489ce07d5061c77f4ff14e872062b perl-CPAN-1.61-90.4.s390.rpm 185358bca8789230b8ab17cb2f591092 perl-DB_File-1.806-90.4.s390.rpm c733e89e94050bd25aef942c388ecfab perl-suidperl-5.8.0-90.4.s390.rpm s390x: 22004167b7eb049df997b40db9d0166a perl-5.8.0-90.4.s390x.rpm bbc8d4d03248abb40557624e43ed3d3a perl-CGI-2.89-90.4.s390x.rpm 99bdc9bbeb27e4c346afd02302723164 perl-CPAN-1.61-90.4.s390x.rpm a9a0b5d9ff574a410c02caeac367df2c perl-DB_File-1.806-90.4.s390x.rpm 70b6d64902faeec8f6c14ecb50acc2e7 perl-suidperl-5.8.0-90.4.s390x.rpm x86_64: e39a68b1ba815a6bb23c5bcb879c225e perl-5.8.0-90.4.x86_64.rpm b1bf852ffa7a2957f6c11da02cc64952 perl-CGI-2.89-90.4.x86_64.rpm 328cd2fe7d8280c2dea5fbccdcfb3686 perl-CPAN-1.61-90.4.x86_64.rpm 8ece4d9db534e25c98afdaa02b73aa1c perl-DB_File-1.806-90.4.x86_64.rpm dabc256c1e23aeb09d88b74b90150f98 perl-suidperl-5.8.0-90.4.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/perl-5.8.0-90.4.src.rpm 732162aa9a88b4779706cc1cc06344f9 perl-5.8.0-90.4.src.rpm i386: 78177ebde77064068ebf925cc15b1d67 perl-5.8.0-90.4.i386.rpm 69441cfee13c7e04766f9e714b051a4b perl-CGI-2.89-90.4.i386.rpm 92ac8571485d4e56c12b835483728737 perl-CPAN-1.61-90.4.i386.rpm e629b861b7fcd2f917c421c79706682d perl-DB_File-1.806-90.4.i386.rpm b113523d560d3c27923a09994c5b54e2 perl-suidperl-5.8.0-90.4.i386.rpm x86_64: e39a68b1ba815a6bb23c5bcb879c225e perl-5.8.0-90.4.x86_64.rpm b1bf852ffa7a2957f6c11da02cc64952 perl-CGI-2.89-90.4.x86_64.rpm 328cd2fe7d8280c2dea5fbccdcfb3686 perl-CPAN-1.61-90.4.x86_64.rpm 8ece4d9db534e25c98afdaa02b73aa1c perl-DB_File-1.806-90.4.x86_64.rpm dabc256c1e23aeb09d88b74b90150f98 perl-suidperl-5.8.0-90.4.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/perl-5.8.0-90.4.src.rpm 732162aa9a88b4779706cc1cc06344f9 perl-5.8.0-90.4.src.rpm i386: 78177ebde77064068ebf925cc15b1d67 perl-5.8.0-90.4.i386.rpm 69441cfee13c7e04766f9e714b051a4b perl-CGI-2.89-90.4.i386.rpm 92ac8571485d4e56c12b835483728737 perl-CPAN-1.61-90.4.i386.rpm e629b861b7fcd2f917c421c79706682d perl-DB_File-1.806-90.4.i386.rpm b113523d560d3c27923a09994c5b54e2 perl-suidperl-5.8.0-90.4.i386.rpm ia64: f3493073826f80edbfee6d980af7cc6a perl-5.8.0-90.4.ia64.rpm c6dd319875d4b081955919c9f8b3eeba perl-CGI-2.89-90.4.ia64.rpm 69b76323d8bc7f3f5b40763d4260c476 perl-CPAN-1.61-90.4.ia64.rpm 4031db198bf03d9410400124ef185dff perl-DB_File-1.806-90.4.ia64.rpm 7d14344fa92c85506b713c4b3551f19f perl-suidperl-5.8.0-90.4.ia64.rpm x86_64: e39a68b1ba815a6bb23c5bcb879c225e perl-5.8.0-90.4.x86_64.rpm b1bf852ffa7a2957f6c11da02cc64952 perl-CGI-2.89-90.4.x86_64.rpm 328cd2fe7d8280c2dea5fbccdcfb3686 perl-CPAN-1.61-90.4.x86_64.rpm 8ece4d9db534e25c98afdaa02b73aa1c perl-DB_File-1.806-90.4.x86_64.rpm dabc256c1e23aeb09d88b74b90150f98 perl-suidperl-5.8.0-90.4.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/perl-5.8.0-90.4.src.rpm 732162aa9a88b4779706cc1cc06344f9 perl-5.8.0-90.4.src.rpm i386: 78177ebde77064068ebf925cc15b1d67 perl-5.8.0-90.4.i386.rpm 69441cfee13c7e04766f9e714b051a4b perl-CGI-2.89-90.4.i386.rpm 92ac8571485d4e56c12b835483728737 perl-CPAN-1.61-90.4.i386.rpm e629b861b7fcd2f917c421c79706682d perl-DB_File-1.806-90.4.i386.rpm b113523d560d3c27923a09994c5b54e2 perl-suidperl-5.8.0-90.4.i386.rpm ia64: f3493073826f80edbfee6d980af7cc6a perl-5.8.0-90.4.ia64.rpm c6dd319875d4b081955919c9f8b3eeba perl-CGI-2.89-90.4.ia64.rpm 69b76323d8bc7f3f5b40763d4260c476 perl-CPAN-1.61-90.4.ia64.rpm 4031db198bf03d9410400124ef185dff perl-DB_File-1.806-90.4.ia64.rpm 7d14344fa92c85506b713c4b3551f19f perl-suidperl-5.8.0-90.4.ia64.rpm x86_64: e39a68b1ba815a6bb23c5bcb879c225e perl-5.8.0-90.4.x86_64.rpm b1bf852ffa7a2957f6c11da02cc64952 perl-CGI-2.89-90.4.x86_64.rpm 328cd2fe7d8280c2dea5fbccdcfb3686 perl-CPAN-1.61-90.4.x86_64.rpm 8ece4d9db534e25c98afdaa02b73aa1c perl-DB_File-1.806-90.4.x86_64.rpm dabc256c1e23aeb09d88b74b90150f98 perl-suidperl-5.8.0-90.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDqCGKXlSAg2UNWIIRAt4SAJ0amZOkoJFSZfTdE/BhtxEKsC0UtgCgoYG9 mV85tGZo0sTtIOqqF9//IcI= =Z4la -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 20 17:21:54 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 20 Dec 2005 12:21:54 -0500 Subject: [RHSA-2005:840-02] Important: xpdf security update Message-ID: <200512201721.jBKHLsrh009555@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: xpdf security update Advisory ID: RHSA-2005:840-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-840.html Issue date: 2005-12-06 Updated on: 2005-12-20 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 - --------------------------------------------------------------------- 1. Summary: An updated xpdf package that fixes several security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 20 Dec 2005] The initial fix for these issues was incomplete. The packages have been updated with a more complete fix. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files. Several flaws were discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, and CVE-2005-3193 to these issues. Users of Xpdf should upgrade to this updated package, which contains a backported patch to resolve these issues. Red Hat would like to thank Derek B. Noonburg for reporting this issue and providing a patch. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 173888 - CVE-2005-3193 xpdf issues (CVE-2005-3191 CVE-2005-3192) 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/xpdf-0.92-17.src.rpm 62488b664f387dbc445f2599cd271fb1 xpdf-0.92-17.src.rpm i386: a35ec0b6b7dc5b0e3da4ef9693bb4f10 xpdf-0.92-17.i386.rpm ia64: 35b35e3afa2988670448cbb11416f295 xpdf-0.92-17.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/xpdf-0.92-17.src.rpm 62488b664f387dbc445f2599cd271fb1 xpdf-0.92-17.src.rpm ia64: 35b35e3afa2988670448cbb11416f295 xpdf-0.92-17.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/xpdf-0.92-17.src.rpm 62488b664f387dbc445f2599cd271fb1 xpdf-0.92-17.src.rpm i386: a35ec0b6b7dc5b0e3da4ef9693bb4f10 xpdf-0.92-17.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/xpdf-0.92-17.src.rpm 62488b664f387dbc445f2599cd271fb1 xpdf-0.92-17.src.rpm i386: a35ec0b6b7dc5b0e3da4ef9693bb4f10 xpdf-0.92-17.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xpdf-2.02-9.8.src.rpm d36145286daa040f00c2c4a8f279aa1e xpdf-2.02-9.8.src.rpm i386: 5588e8d776743176ee1988803d1d7ad1 xpdf-2.02-9.8.i386.rpm ia64: a8a44a7875d791e4a41ebc523b2a4160 xpdf-2.02-9.8.ia64.rpm ppc: 2f0bb7d6a85d9887b9a6f8baa48c1914 xpdf-2.02-9.8.ppc.rpm s390: bbcffd95a3f13dd2b007d4719a7baf10 xpdf-2.02-9.8.s390.rpm s390x: ec00da6cceeace46c20c8396564c7bc9 xpdf-2.02-9.8.s390x.rpm x86_64: 710b1db79adecdee276eae828602ee1e xpdf-2.02-9.8.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/xpdf-2.02-9.8.src.rpm d36145286daa040f00c2c4a8f279aa1e xpdf-2.02-9.8.src.rpm i386: 5588e8d776743176ee1988803d1d7ad1 xpdf-2.02-9.8.i386.rpm x86_64: 710b1db79adecdee276eae828602ee1e xpdf-2.02-9.8.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/xpdf-2.02-9.8.src.rpm d36145286daa040f00c2c4a8f279aa1e xpdf-2.02-9.8.src.rpm i386: 5588e8d776743176ee1988803d1d7ad1 xpdf-2.02-9.8.i386.rpm ia64: a8a44a7875d791e4a41ebc523b2a4160 xpdf-2.02-9.8.ia64.rpm x86_64: 710b1db79adecdee276eae828602ee1e xpdf-2.02-9.8.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/xpdf-2.02-9.8.src.rpm d36145286daa040f00c2c4a8f279aa1e xpdf-2.02-9.8.src.rpm i386: 5588e8d776743176ee1988803d1d7ad1 xpdf-2.02-9.8.i386.rpm ia64: a8a44a7875d791e4a41ebc523b2a4160 xpdf-2.02-9.8.ia64.rpm x86_64: 710b1db79adecdee276eae828602ee1e xpdf-2.02-9.8.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/xpdf-3.00-11.10.src.rpm d9b785314985cb40a6140d3cb73fd2ab xpdf-3.00-11.10.src.rpm i386: 79efaf8403963ebb2506c295d6b2f77d xpdf-3.00-11.10.i386.rpm ia64: b058289401c54ace50b57dae59b86fa0 xpdf-3.00-11.10.ia64.rpm ppc: 128da0cd0f68b2953c131369f2028939 xpdf-3.00-11.10.ppc.rpm s390: 134f14919b8015aa392a0eab434d4d88 xpdf-3.00-11.10.s390.rpm s390x: 1647a4a8b76bbe27b2c4dc30d47ee7b8 xpdf-3.00-11.10.s390x.rpm x86_64: 05f1e4ecdf15bc2509b1807951f59298 xpdf-3.00-11.10.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/xpdf-3.00-11.10.src.rpm d9b785314985cb40a6140d3cb73fd2ab xpdf-3.00-11.10.src.rpm i386: 79efaf8403963ebb2506c295d6b2f77d xpdf-3.00-11.10.i386.rpm x86_64: 05f1e4ecdf15bc2509b1807951f59298 xpdf-3.00-11.10.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/xpdf-3.00-11.10.src.rpm d9b785314985cb40a6140d3cb73fd2ab xpdf-3.00-11.10.src.rpm i386: 79efaf8403963ebb2506c295d6b2f77d xpdf-3.00-11.10.i386.rpm ia64: b058289401c54ace50b57dae59b86fa0 xpdf-3.00-11.10.ia64.rpm x86_64: 05f1e4ecdf15bc2509b1807951f59298 xpdf-3.00-11.10.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/xpdf-3.00-11.10.src.rpm d9b785314985cb40a6140d3cb73fd2ab xpdf-3.00-11.10.src.rpm i386: 79efaf8403963ebb2506c295d6b2f77d xpdf-3.00-11.10.i386.rpm ia64: b058289401c54ace50b57dae59b86fa0 xpdf-3.00-11.10.ia64.rpm x86_64: 05f1e4ecdf15bc2509b1807951f59298 xpdf-3.00-11.10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDqD2hXlSAg2UNWIIRAuFcAJ9Lp/qOLd3JxaRxa6RnyvALaPU7+wCcDPQm gApIKycM0ct7E2yto7I5tNM= =eSTZ -----END PGP SIGNATURE-----