From bugzilla at redhat.com Tue Feb 1 14:50:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Feb 2005 09:50 -0500 Subject: [RHSA-2005:039-01] Updated enscript package fixes security issues Message-ID: <200502011450.j11EoQl02109@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated enscript package fixes security issues Advisory ID: RHSA-2005:039-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-039.html Issue date: 2005-02-01 Updated on: 2005-02-01 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-1184 CAN-2004-1185 CAN-2004-1186 - --------------------------------------------------------------------- 1. Summary: An updated enscript package that fixes several security issues is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: GNU enscript converts ASCII files to PostScript. Enscript has the ability to interpret special escape sequences. A flaw was found in the handling of the epsf command used to insert inline EPS files into a document. An attacker could create a carefully crafted ASCII file which made use of the epsf pipe command in such a way that it could execute arbitrary commands if the file was opened with enscript by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1184 to this issue. Additional flaws in Enscript were also discovered which can only be triggered by executing enscript with carefully crafted command line arguments. These flaws therefore only have a security impact if enscript is executed by other programs and passed untrusted data from remote users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-1185 and CAN-2004-1186 to these issues. All users of enscript should upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 144683 - CAN-2004-1184 multiple security issues in enscript (CAN-2004-1185 CAN-2004-1186) 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/enscript-1.6.1-16.5.src.rpm 8e405e471e4419319c6ac65c80d02d5c enscript-1.6.1-16.5.src.rpm i386: 9f3d90e1f1d723669b77f7f814f15923 enscript-1.6.1-16.5.i386.rpm ia64: 872542b1728ba95a680a703fd49b88ab enscript-1.6.1-16.5.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/enscript-1.6.1-16.5.src.rpm 8e405e471e4419319c6ac65c80d02d5c enscript-1.6.1-16.5.src.rpm ia64: 872542b1728ba95a680a703fd49b88ab enscript-1.6.1-16.5.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/enscript-1.6.1-16.5.src.rpm 8e405e471e4419319c6ac65c80d02d5c enscript-1.6.1-16.5.src.rpm i386: 9f3d90e1f1d723669b77f7f814f15923 enscript-1.6.1-16.5.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/enscript-1.6.1-16.5.src.rpm 8e405e471e4419319c6ac65c80d02d5c enscript-1.6.1-16.5.src.rpm i386: 9f3d90e1f1d723669b77f7f814f15923 enscript-1.6.1-16.5.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/enscript-1.6.1-24.4.src.rpm 25774a6b655e1b1b1647b5b45a70ddee enscript-1.6.1-24.4.src.rpm i386: 8396407a881a05c9a139a1d324f179f8 enscript-1.6.1-24.4.i386.rpm ia64: 93bfe25753b73dbcaa8390a82671cf09 enscript-1.6.1-24.4.ia64.rpm ppc: 3ca7dfe2d1b9525000c5483c697de3e1 enscript-1.6.1-24.4.ppc.rpm s390: b54d139ecc5862c27517afa75adcc376 enscript-1.6.1-24.4.s390.rpm s390x: 069ca11ef416ffd0914bd72fba54cbdb enscript-1.6.1-24.4.s390x.rpm x86_64: abc897af6cc5379b87964c7d03d3ad8f enscript-1.6.1-24.4.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/enscript-1.6.1-24.4.src.rpm 25774a6b655e1b1b1647b5b45a70ddee enscript-1.6.1-24.4.src.rpm i386: 8396407a881a05c9a139a1d324f179f8 enscript-1.6.1-24.4.i386.rpm x86_64: abc897af6cc5379b87964c7d03d3ad8f enscript-1.6.1-24.4.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/enscript-1.6.1-24.4.src.rpm 25774a6b655e1b1b1647b5b45a70ddee enscript-1.6.1-24.4.src.rpm i386: 8396407a881a05c9a139a1d324f179f8 enscript-1.6.1-24.4.i386.rpm ia64: 93bfe25753b73dbcaa8390a82671cf09 enscript-1.6.1-24.4.ia64.rpm x86_64: abc897af6cc5379b87964c7d03d3ad8f enscript-1.6.1-24.4.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/enscript-1.6.1-24.4.src.rpm 25774a6b655e1b1b1647b5b45a70ddee enscript-1.6.1-24.4.src.rpm i386: 8396407a881a05c9a139a1d324f179f8 enscript-1.6.1-24.4.i386.rpm ia64: 93bfe25753b73dbcaa8390a82671cf09 enscript-1.6.1-24.4.ia64.rpm x86_64: abc897af6cc5379b87964c7d03d3ad8f enscript-1.6.1-24.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1186 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFB/5ctXlSAg2UNWIIRApavAJ9c63+NZKidcSzkMAWCEVReuWrDSgCggiQp 2Cfhdx+SPewjI06CgeJV+og= =Y+t/ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 1 14:50:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Feb 2005 09:50 -0500 Subject: [RHSA-2005:049-01] Updated CUPS packages fix security issue Message-ID: <200502011450.j11EoYl02169@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated CUPS packages fix security issue Advisory ID: RHSA-2005:049-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-049.html Issue date: 2005-02-01 Updated on: 2005-02-01 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0064 - --------------------------------------------------------------------- 1. Summary: Updated CUPS packages that fixes a security issue are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The Common UNIX Printing System provides a portable printing layer for UNIX(R) operating systems. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects the CUPS pdftops filter due to a shared codebase. An attacker who has the ability to send a malicious PDF file to a printer could possibly execute arbitrary code as the "lp" user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to this issue. Red Hat believes that the Exec-Shield technology (enabled by default since Update 3) will block attempts to remotely exploit these buffer overflow vulnerabilities on x86 architectures. All users of cups should upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 145102 - CAN-2005-0064 xpdf buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cups-1.1.17-13.3.24.src.rpm c10364f036e8a808a133e3ac3a9f40e1 cups-1.1.17-13.3.24.src.rpm i386: 4be61430a89b3f5ce5d6fca42ef20fcd cups-1.1.17-13.3.24.i386.rpm 9fc05a57866b62e645fac812f9b28979 cups-devel-1.1.17-13.3.24.i386.rpm 8d68b5b6fcb85c1e80ba033d86d9739f cups-libs-1.1.17-13.3.24.i386.rpm ia64: 375e937a6fcc48bb7727e65d79b5571f cups-1.1.17-13.3.24.ia64.rpm 6f508dc25cefbc66a15fb145225ebb1a cups-devel-1.1.17-13.3.24.ia64.rpm 48379200aa4fb109014240cc2f36211f cups-libs-1.1.17-13.3.24.ia64.rpm 8d68b5b6fcb85c1e80ba033d86d9739f cups-libs-1.1.17-13.3.24.i386.rpm ppc: ec3b759fdc24f9905c5eb95464860af9 cups-1.1.17-13.3.24.ppc.rpm fce0e22e2092bcdcfe9b96c0613e5dcb cups-devel-1.1.17-13.3.24.ppc.rpm b46b705341066f844045655060cb5d18 cups-libs-1.1.17-13.3.24.ppc.rpm ppc64: dba813f9a9d674512c30125d1c33f9b2 cups-libs-1.1.17-13.3.24.ppc64.rpm s390: 31f1b879dc8382c663a480f01036ad62 cups-1.1.17-13.3.24.s390.rpm 385b3041a05f712ed8eda1864ff39770 cups-devel-1.1.17-13.3.24.s390.rpm 308ef15cc52e3e0b8cef91ee090b292c cups-libs-1.1.17-13.3.24.s390.rpm s390x: b3b0fb4f6dc5cb5f3c6999e17f65b0a9 cups-1.1.17-13.3.24.s390x.rpm 09b18d8c490e7d02960f863128cb7ad9 cups-devel-1.1.17-13.3.24.s390x.rpm 0f467551fdc91cca02bec10c1d2e0d32 cups-libs-1.1.17-13.3.24.s390x.rpm 308ef15cc52e3e0b8cef91ee090b292c cups-libs-1.1.17-13.3.24.s390.rpm x86_64: 13b6bd8315e1db39f732d7d7b729e7dd cups-1.1.17-13.3.24.x86_64.rpm 648504d431a45cefc3ea2a63cb0a215a cups-devel-1.1.17-13.3.24.x86_64.rpm 36e1f1cfe2c069ff5af18d7fa0d7c003 cups-libs-1.1.17-13.3.24.x86_64.rpm 8d68b5b6fcb85c1e80ba033d86d9739f cups-libs-1.1.17-13.3.24.i386.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cups-1.1.17-13.3.24.src.rpm c10364f036e8a808a133e3ac3a9f40e1 cups-1.1.17-13.3.24.src.rpm i386: 4be61430a89b3f5ce5d6fca42ef20fcd cups-1.1.17-13.3.24.i386.rpm 9fc05a57866b62e645fac812f9b28979 cups-devel-1.1.17-13.3.24.i386.rpm 8d68b5b6fcb85c1e80ba033d86d9739f cups-libs-1.1.17-13.3.24.i386.rpm x86_64: 13b6bd8315e1db39f732d7d7b729e7dd cups-1.1.17-13.3.24.x86_64.rpm 648504d431a45cefc3ea2a63cb0a215a cups-devel-1.1.17-13.3.24.x86_64.rpm 36e1f1cfe2c069ff5af18d7fa0d7c003 cups-libs-1.1.17-13.3.24.x86_64.rpm 8d68b5b6fcb85c1e80ba033d86d9739f cups-libs-1.1.17-13.3.24.i386.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cups-1.1.17-13.3.24.src.rpm c10364f036e8a808a133e3ac3a9f40e1 cups-1.1.17-13.3.24.src.rpm i386: 4be61430a89b3f5ce5d6fca42ef20fcd cups-1.1.17-13.3.24.i386.rpm 9fc05a57866b62e645fac812f9b28979 cups-devel-1.1.17-13.3.24.i386.rpm 8d68b5b6fcb85c1e80ba033d86d9739f cups-libs-1.1.17-13.3.24.i386.rpm ia64: 375e937a6fcc48bb7727e65d79b5571f cups-1.1.17-13.3.24.ia64.rpm 6f508dc25cefbc66a15fb145225ebb1a cups-devel-1.1.17-13.3.24.ia64.rpm 48379200aa4fb109014240cc2f36211f cups-libs-1.1.17-13.3.24.ia64.rpm 8d68b5b6fcb85c1e80ba033d86d9739f cups-libs-1.1.17-13.3.24.i386.rpm x86_64: 13b6bd8315e1db39f732d7d7b729e7dd cups-1.1.17-13.3.24.x86_64.rpm 648504d431a45cefc3ea2a63cb0a215a cups-devel-1.1.17-13.3.24.x86_64.rpm 36e1f1cfe2c069ff5af18d7fa0d7c003 cups-libs-1.1.17-13.3.24.x86_64.rpm 8d68b5b6fcb85c1e80ba033d86d9739f cups-libs-1.1.17-13.3.24.i386.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cups-1.1.17-13.3.24.src.rpm c10364f036e8a808a133e3ac3a9f40e1 cups-1.1.17-13.3.24.src.rpm i386: 4be61430a89b3f5ce5d6fca42ef20fcd cups-1.1.17-13.3.24.i386.rpm 9fc05a57866b62e645fac812f9b28979 cups-devel-1.1.17-13.3.24.i386.rpm 8d68b5b6fcb85c1e80ba033d86d9739f cups-libs-1.1.17-13.3.24.i386.rpm ia64: 375e937a6fcc48bb7727e65d79b5571f cups-1.1.17-13.3.24.ia64.rpm 6f508dc25cefbc66a15fb145225ebb1a cups-devel-1.1.17-13.3.24.ia64.rpm 48379200aa4fb109014240cc2f36211f cups-libs-1.1.17-13.3.24.ia64.rpm 8d68b5b6fcb85c1e80ba033d86d9739f cups-libs-1.1.17-13.3.24.i386.rpm x86_64: 13b6bd8315e1db39f732d7d7b729e7dd cups-1.1.17-13.3.24.x86_64.rpm 648504d431a45cefc3ea2a63cb0a215a cups-devel-1.1.17-13.3.24.x86_64.rpm 36e1f1cfe2c069ff5af18d7fa0d7c003 cups-libs-1.1.17-13.3.24.x86_64.rpm 8d68b5b6fcb85c1e80ba033d86d9739f cups-libs-1.1.17-13.3.24.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFB/5c4XlSAg2UNWIIRApEVAJ0cRf6cDL4U2Ehm7HGDPHclzGYIDgCguh48 vv7UTlAAF3DKmM6fYQ9b04Q= =LRtt -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 1 14:50:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Feb 2005 09:50 -0500 Subject: [RHSA-2005:069-01] Updated perl-DBI package fixes security issue Message-ID: <200502011450.j11Eoll02199@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated perl-DBI package fixes security issue Advisory ID: RHSA-2005:069-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-069.html Issue date: 2005-02-01 Updated on: 2005-02-01 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0077 - --------------------------------------------------------------------- 1. Summary: An updated perl-DBI package that fixes a temporary file flaw in DBI::ProxyServer is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: DBI is a database access Application Programming Interface (API) for the Perl programming language. The Debian Security Audit Project discovered that the DBI library creates a temporary PID file in an insecure manner. A local user could overwrite or create files as a different user who happens to run an application which uses DBI::ProxyServer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0077 to this issue. Users should update to this erratum package which disables the temporary PID file unless configured. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 145577 - CAN-2005-0077 perl-DBI insecure temporary file usage 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/perl-DBI-1.18-3.src.rpm b614c046679c98e6cee4b3ef143aff6e perl-DBI-1.18-3.src.rpm i386: 22af0266ecb99d0997a2d9f245e3a048 perl-DBI-1.18-3.i386.rpm ia64: c77842c2d3164aaaccbdbc835b28834b perl-DBI-1.18-3.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/perl-DBI-1.18-3.src.rpm b614c046679c98e6cee4b3ef143aff6e perl-DBI-1.18-3.src.rpm ia64: c77842c2d3164aaaccbdbc835b28834b perl-DBI-1.18-3.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/perl-DBI-1.18-3.src.rpm b614c046679c98e6cee4b3ef143aff6e perl-DBI-1.18-3.src.rpm i386: 22af0266ecb99d0997a2d9f245e3a048 perl-DBI-1.18-3.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/perl-DBI-1.18-3.src.rpm b614c046679c98e6cee4b3ef143aff6e perl-DBI-1.18-3.src.rpm i386: 22af0266ecb99d0997a2d9f245e3a048 perl-DBI-1.18-3.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/perl-DBI-1.32-9.src.rpm eabf3cd83dd61c9b09d2bb6e2160755a perl-DBI-1.32-9.src.rpm i386: 6aea6d47ab2a26300af6ed577405e6b7 perl-DBI-1.32-9.i386.rpm ia64: 9f9dbb9313e84f86908b00aeb737c424 perl-DBI-1.32-9.ia64.rpm ppc: ff90be122c3636ba3b2b253428092633 perl-DBI-1.32-9.ppc.rpm s390: fc8faf4640441c1b5cd77972a23ac4ec perl-DBI-1.32-9.s390.rpm s390x: 371823a6fb25f64dd773073c814d513b perl-DBI-1.32-9.s390x.rpm x86_64: 86936f627f02c8f96da5467c536997e6 perl-DBI-1.32-9.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/perl-DBI-1.32-9.src.rpm eabf3cd83dd61c9b09d2bb6e2160755a perl-DBI-1.32-9.src.rpm i386: 6aea6d47ab2a26300af6ed577405e6b7 perl-DBI-1.32-9.i386.rpm x86_64: 86936f627f02c8f96da5467c536997e6 perl-DBI-1.32-9.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/perl-DBI-1.32-9.src.rpm eabf3cd83dd61c9b09d2bb6e2160755a perl-DBI-1.32-9.src.rpm i386: 6aea6d47ab2a26300af6ed577405e6b7 perl-DBI-1.32-9.i386.rpm ia64: 9f9dbb9313e84f86908b00aeb737c424 perl-DBI-1.32-9.ia64.rpm x86_64: 86936f627f02c8f96da5467c536997e6 perl-DBI-1.32-9.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/perl-DBI-1.32-9.src.rpm eabf3cd83dd61c9b09d2bb6e2160755a perl-DBI-1.32-9.src.rpm i386: 6aea6d47ab2a26300af6ed577405e6b7 perl-DBI-1.32-9.i386.rpm ia64: 9f9dbb9313e84f86908b00aeb737c424 perl-DBI-1.32-9.ia64.rpm x86_64: 86936f627f02c8f96da5467c536997e6 perl-DBI-1.32-9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0077 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFB/5dGXlSAg2UNWIIRAh+nAKCsoTEeQdb54x75qKfB6Gz+hMV83QCgoYsk 0FCT4y+2FmyGyuP6SGlv388= =oisj -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 2 12:08:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Feb 2005 07:08 -0500 Subject: [RHSA-2005:011-01] Updated Ethereal packages fix security issues Message-ID: <200502021208.j12C8xl14659@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated Ethereal packages fix security issues Advisory ID: RHSA-2005:011-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-011.html Issue date: 2005-02-02 Updated on: 2005-02-02 Product: Red Hat Enterprise Linux Obsoletes: RHSA-2004:378 CVE Names: CAN-2004-1139 CAN-2004-1140 CAN-2004-1141 CAN-2004-1142 CAN-2005-0007 CAN-2005-0008 CAN-2005-0009 CAN-2005-0010 CAN-2005-0084 - --------------------------------------------------------------------- 1. Summary: Updated Ethereal packages that fix various security vulnerabilities are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Ethereal is a program for monitoring network traffic. A number of security flaws have been discovered in Ethereal. On a system where Ethereal is running, a remote attacker could send malicious packets to trigger these flaws. A flaw in the DICOM dissector could cause a crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1139 to this issue. A invalid RTP timestamp could hang Ethereal and create a large temporary file, possibly filling available disk space. (CAN-2004-1140) The HTTP dissector could access previously-freed memory, causing a crash. (CAN-2004-1141) An improperly formatted SMB packet could make Ethereal hang, maximizing CPU utilization. (CAN-2004-1142) The COPS dissector could go into an infinite loop. (CAN-2005-0006) The DLSw dissector could cause an assertion, making Ethereal exit prematurely. (CAN-2005-0007) The DNP dissector could cause memory corruption. (CAN-2005-0008) The Gnutella dissector could cause an assertion, making Ethereal exit prematurely. (CAN-2005-0009) The MMSE dissector could free static memory, causing a crash. (CAN-2005-0010) The X11 protocol dissector is vulnerable to a string buffer overflow. (CAN-2005-0084) Users of Ethereal should upgrade to these updated packages which contain version 0.10.9 that is not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 142952 - CAN-2004-1139 Ethereal flaws (CAN-2004-1140 CAN-2004-1141 CAN-2004-1142) 145481 - CAN-2005-0006 multiple ethereal issues (CAN-2005-0007 CAN-2005-0008 CAN-2005-0009 CAN-2005-0010 CAN-2005-0084) 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ethereal-0.10.9-1.AS21.1.src.rpm d34ab57b362f91de5700585f2dfe7c8b ethereal-0.10.9-1.AS21.1.src.rpm i386: 77bd956f37f71564833412f6524a0e1c ethereal-0.10.9-1.AS21.1.i386.rpm 7a8a36ad8bcc2ba31c00090416f06e3c ethereal-gnome-0.10.9-1.AS21.1.i386.rpm ia64: 849dc6fe5edd7ca3d1bc38c72270253c ethereal-0.10.9-1.AS21.1.ia64.rpm 52bf0df7688828650a9a89d1e1d55910 ethereal-gnome-0.10.9-1.AS21.1.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ethereal-0.10.9-1.AS21.1.src.rpm d34ab57b362f91de5700585f2dfe7c8b ethereal-0.10.9-1.AS21.1.src.rpm ia64: 849dc6fe5edd7ca3d1bc38c72270253c ethereal-0.10.9-1.AS21.1.ia64.rpm 52bf0df7688828650a9a89d1e1d55910 ethereal-gnome-0.10.9-1.AS21.1.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ethereal-0.10.9-1.AS21.1.src.rpm d34ab57b362f91de5700585f2dfe7c8b ethereal-0.10.9-1.AS21.1.src.rpm i386: 77bd956f37f71564833412f6524a0e1c ethereal-0.10.9-1.AS21.1.i386.rpm 7a8a36ad8bcc2ba31c00090416f06e3c ethereal-gnome-0.10.9-1.AS21.1.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ethereal-0.10.9-1.AS21.1.src.rpm d34ab57b362f91de5700585f2dfe7c8b ethereal-0.10.9-1.AS21.1.src.rpm i386: 77bd956f37f71564833412f6524a0e1c ethereal-0.10.9-1.AS21.1.i386.rpm 7a8a36ad8bcc2ba31c00090416f06e3c ethereal-gnome-0.10.9-1.AS21.1.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ethereal-0.10.9-1.EL3.1.src.rpm 04fec41b6b2bb91daeac6a798aa7851c ethereal-0.10.9-1.EL3.1.src.rpm i386: 9d49bf8347c7959c5e25193017ace76d ethereal-0.10.9-1.EL3.1.i386.rpm 2c2783bacc7346d4e6c2e5e4ca03be7b ethereal-gnome-0.10.9-1.EL3.1.i386.rpm ia64: 4fc0567ea34cf3a2739eae5164716447 ethereal-0.10.9-1.EL3.1.ia64.rpm c2561995bed9ceae011ed0919ad20a1a ethereal-gnome-0.10.9-1.EL3.1.ia64.rpm ppc: b31e416c3e60700b89dcf159ad17ae12 ethereal-0.10.9-1.EL3.1.ppc.rpm b107c7af04873dc6f1ad36fb7997be06 ethereal-gnome-0.10.9-1.EL3.1.ppc.rpm s390: 091392ff4fd5c7622be8d400472d81a3 ethereal-0.10.9-1.EL3.1.s390.rpm 4ea3d5ca3dc80d44c148e6d0c1fa5e5d ethereal-gnome-0.10.9-1.EL3.1.s390.rpm s390x: a3be8c593e45081a19ed649de55345d7 ethereal-0.10.9-1.EL3.1.s390x.rpm 60009d9e0687857a0d20503d4637ca0f ethereal-gnome-0.10.9-1.EL3.1.s390x.rpm x86_64: 6cd423bc315ba6512d502a42ea0704d4 ethereal-0.10.9-1.EL3.1.x86_64.rpm 85a1ef6aa68b81f2eee6508b6fcf332c ethereal-gnome-0.10.9-1.EL3.1.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ethereal-0.10.9-1.EL3.1.src.rpm 04fec41b6b2bb91daeac6a798aa7851c ethereal-0.10.9-1.EL3.1.src.rpm i386: 9d49bf8347c7959c5e25193017ace76d ethereal-0.10.9-1.EL3.1.i386.rpm 2c2783bacc7346d4e6c2e5e4ca03be7b ethereal-gnome-0.10.9-1.EL3.1.i386.rpm x86_64: 6cd423bc315ba6512d502a42ea0704d4 ethereal-0.10.9-1.EL3.1.x86_64.rpm 85a1ef6aa68b81f2eee6508b6fcf332c ethereal-gnome-0.10.9-1.EL3.1.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ethereal-0.10.9-1.EL3.1.src.rpm 04fec41b6b2bb91daeac6a798aa7851c ethereal-0.10.9-1.EL3.1.src.rpm i386: 9d49bf8347c7959c5e25193017ace76d ethereal-0.10.9-1.EL3.1.i386.rpm 2c2783bacc7346d4e6c2e5e4ca03be7b ethereal-gnome-0.10.9-1.EL3.1.i386.rpm ia64: 4fc0567ea34cf3a2739eae5164716447 ethereal-0.10.9-1.EL3.1.ia64.rpm c2561995bed9ceae011ed0919ad20a1a ethereal-gnome-0.10.9-1.EL3.1.ia64.rpm x86_64: 6cd423bc315ba6512d502a42ea0704d4 ethereal-0.10.9-1.EL3.1.x86_64.rpm 85a1ef6aa68b81f2eee6508b6fcf332c ethereal-gnome-0.10.9-1.EL3.1.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ethereal-0.10.9-1.EL3.1.src.rpm 04fec41b6b2bb91daeac6a798aa7851c ethereal-0.10.9-1.EL3.1.src.rpm i386: 9d49bf8347c7959c5e25193017ace76d ethereal-0.10.9-1.EL3.1.i386.rpm 2c2783bacc7346d4e6c2e5e4ca03be7b ethereal-gnome-0.10.9-1.EL3.1.i386.rpm ia64: 4fc0567ea34cf3a2739eae5164716447 ethereal-0.10.9-1.EL3.1.ia64.rpm c2561995bed9ceae011ed0919ad20a1a ethereal-gnome-0.10.9-1.EL3.1.ia64.rpm x86_64: 6cd423bc315ba6512d502a42ea0704d4 ethereal-0.10.9-1.EL3.1.x86_64.rpm 85a1ef6aa68b81f2eee6508b6fcf332c ethereal-gnome-0.10.9-1.EL3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.ethereal.com/appnotes/enpa-sa-00016.html http://www.ethereal.com/appnotes/enpa-sa-00017.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1140 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1141 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0009 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0010 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0084 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCAMLYXlSAg2UNWIIRAuUBAJsGvabhxfCZtV4gL0giX+MAo1574QCgkOMt 1zMyWjtbOIddJBPRitwpDbQ= =cU8o -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Feb 7 16:45:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 7 Feb 2005 11:45 -0500 Subject: [RHSA-2005:105-01] Updated Perl packages fix security issues Message-ID: <200502071645.j17GjOF19891@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated Perl packages fix security issues Advisory ID: RHSA-2005:105-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-105.html Issue date: 2005-02-07 Updated on: 2005-02-07 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0155 CAN-2005-0156 - --------------------------------------------------------------------- 1. Summary: Updated Perl packages that fix several security issues are now available for Red Hat Enterprise Linux 3. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Perl is a high-level programming language commonly used for system administration utilities and Web programming. Kevin Finisterre discovered a stack based buffer overflow flaw in sperl, the Perl setuid wrapper. A local user could create a sperl executable script with a carefully created path name, overflowing the buffer and leading to root privilege escalation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0156 to this issue. Kevin Finisterre discovered a flaw in sperl which can cause debugging information to be logged to arbitrary files. By setting an environment variable, a local user could cause sperl to create, as root, files with arbitrary filenames, or append the debugging information to existing files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0155 to this issue. Users of Perl are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 146737 - CAN-2005-0155 multiple setuid perl issues (CAN-2005-0156) 140227 - Potential insecurity in CGI.pm 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/perl-5.8.0-89.10.src.rpm a2cd9b5eae8853f8bf336ad63e304d9d perl-5.8.0-89.10.src.rpm i386: f223540941913b1d8b55568626028560 perl-5.8.0-89.10.i386.rpm c3edc74d92002a36b1b5148027f55f34 perl-CGI-2.81-89.10.i386.rpm a3b61ea8cafa5243a8d46e5ab98e73bf perl-CPAN-1.61-89.10.i386.rpm 58b85c5089fd027fb4a8cf905c8ec011 perl-DB_File-1.804-89.10.i386.rpm 4f5b8e750cccb89ae45bf4c98bc4cda7 perl-suidperl-5.8.0-89.10.i386.rpm ia64: 5a10e253f3f2157b4368075eccf54175 perl-5.8.0-89.10.ia64.rpm f223540941913b1d8b55568626028560 perl-5.8.0-89.10.i386.rpm 05ea625a88b1e659b5a6880edac843c7 perl-CGI-2.81-89.10.ia64.rpm 8724618846f36f99812357b454f7c55c perl-CPAN-1.61-89.10.ia64.rpm 825c3f4ef53327a732378c949e1b147c perl-DB_File-1.804-89.10.ia64.rpm b324050c23db82bc43bc8a51ac2ac007 perl-suidperl-5.8.0-89.10.ia64.rpm ppc: 2362025e5f6d031811ee22f74843fb94 perl-5.8.0-89.10.ppc.rpm 6e9457f9598a2e4e188533817b23e33a perl-CGI-2.81-89.10.ppc.rpm ce29cbfa817b49b9a412be3f55615f45 perl-CPAN-1.61-89.10.ppc.rpm 102055d8cf74105148c5daceb28f1910 perl-DB_File-1.804-89.10.ppc.rpm e3eba2620074e27bcb5fa946f4fd4777 perl-suidperl-5.8.0-89.10.ppc.rpm ppc64: 91ba6731fee5562e06ba624d60398a57 perl-5.8.0-89.10.ppc64.rpm s390: 1615bfaeed759172f02469c15c67f699 perl-5.8.0-89.10.s390.rpm fa7f3cd690f121378b1672fdf8eef997 perl-CGI-2.81-89.10.s390.rpm 318cdf1c55f23444c688955717466b74 perl-CPAN-1.61-89.10.s390.rpm 93274d0a1f1fd9b8dc0119d8b9b7b737 perl-DB_File-1.804-89.10.s390.rpm 3367fbba7b1e02c2b7d41c0f6fde0f3a perl-suidperl-5.8.0-89.10.s390.rpm s390x: f71c7397ad5802d3d13dd6b795f8e150 perl-5.8.0-89.10.s390x.rpm 1615bfaeed759172f02469c15c67f699 perl-5.8.0-89.10.s390.rpm a86fa1fa4f7f63ce00e156678f54e479 perl-CGI-2.81-89.10.s390x.rpm f9957856800d1d8693de6a621c32796c perl-CPAN-1.61-89.10.s390x.rpm c406fb5ed06667f7263e0faaf8cf7276 perl-DB_File-1.804-89.10.s390x.rpm 9a94ee60285209ed064915c19f8d59d7 perl-suidperl-5.8.0-89.10.s390x.rpm x86_64: 8db0f4090e24987d0c8441bc7a51e279 perl-5.8.0-89.10.x86_64.rpm f223540941913b1d8b55568626028560 perl-5.8.0-89.10.i386.rpm df2aa650b197e77760f34f01e6b53531 perl-CGI-2.81-89.10.x86_64.rpm 123bd96c68b24decf64225873e4d7b27 perl-CPAN-1.61-89.10.x86_64.rpm b8c4afe9bb806c65b9dd38e3ba20c49a perl-DB_File-1.804-89.10.x86_64.rpm e1b1a5af0febb77cedcd523f13a8d129 perl-suidperl-5.8.0-89.10.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/perl-5.8.0-89.10.src.rpm a2cd9b5eae8853f8bf336ad63e304d9d perl-5.8.0-89.10.src.rpm i386: f223540941913b1d8b55568626028560 perl-5.8.0-89.10.i386.rpm c3edc74d92002a36b1b5148027f55f34 perl-CGI-2.81-89.10.i386.rpm a3b61ea8cafa5243a8d46e5ab98e73bf perl-CPAN-1.61-89.10.i386.rpm 58b85c5089fd027fb4a8cf905c8ec011 perl-DB_File-1.804-89.10.i386.rpm 4f5b8e750cccb89ae45bf4c98bc4cda7 perl-suidperl-5.8.0-89.10.i386.rpm x86_64: 8db0f4090e24987d0c8441bc7a51e279 perl-5.8.0-89.10.x86_64.rpm f223540941913b1d8b55568626028560 perl-5.8.0-89.10.i386.rpm df2aa650b197e77760f34f01e6b53531 perl-CGI-2.81-89.10.x86_64.rpm 123bd96c68b24decf64225873e4d7b27 perl-CPAN-1.61-89.10.x86_64.rpm b8c4afe9bb806c65b9dd38e3ba20c49a perl-DB_File-1.804-89.10.x86_64.rpm e1b1a5af0febb77cedcd523f13a8d129 perl-suidperl-5.8.0-89.10.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/perl-5.8.0-89.10.src.rpm a2cd9b5eae8853f8bf336ad63e304d9d perl-5.8.0-89.10.src.rpm i386: f223540941913b1d8b55568626028560 perl-5.8.0-89.10.i386.rpm c3edc74d92002a36b1b5148027f55f34 perl-CGI-2.81-89.10.i386.rpm a3b61ea8cafa5243a8d46e5ab98e73bf perl-CPAN-1.61-89.10.i386.rpm 58b85c5089fd027fb4a8cf905c8ec011 perl-DB_File-1.804-89.10.i386.rpm 4f5b8e750cccb89ae45bf4c98bc4cda7 perl-suidperl-5.8.0-89.10.i386.rpm ia64: 5a10e253f3f2157b4368075eccf54175 perl-5.8.0-89.10.ia64.rpm f223540941913b1d8b55568626028560 perl-5.8.0-89.10.i386.rpm 05ea625a88b1e659b5a6880edac843c7 perl-CGI-2.81-89.10.ia64.rpm 8724618846f36f99812357b454f7c55c perl-CPAN-1.61-89.10.ia64.rpm 825c3f4ef53327a732378c949e1b147c perl-DB_File-1.804-89.10.ia64.rpm b324050c23db82bc43bc8a51ac2ac007 perl-suidperl-5.8.0-89.10.ia64.rpm x86_64: 8db0f4090e24987d0c8441bc7a51e279 perl-5.8.0-89.10.x86_64.rpm f223540941913b1d8b55568626028560 perl-5.8.0-89.10.i386.rpm df2aa650b197e77760f34f01e6b53531 perl-CGI-2.81-89.10.x86_64.rpm 123bd96c68b24decf64225873e4d7b27 perl-CPAN-1.61-89.10.x86_64.rpm b8c4afe9bb806c65b9dd38e3ba20c49a perl-DB_File-1.804-89.10.x86_64.rpm e1b1a5af0febb77cedcd523f13a8d129 perl-suidperl-5.8.0-89.10.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/perl-5.8.0-89.10.src.rpm a2cd9b5eae8853f8bf336ad63e304d9d perl-5.8.0-89.10.src.rpm i386: f223540941913b1d8b55568626028560 perl-5.8.0-89.10.i386.rpm c3edc74d92002a36b1b5148027f55f34 perl-CGI-2.81-89.10.i386.rpm a3b61ea8cafa5243a8d46e5ab98e73bf perl-CPAN-1.61-89.10.i386.rpm 58b85c5089fd027fb4a8cf905c8ec011 perl-DB_File-1.804-89.10.i386.rpm 4f5b8e750cccb89ae45bf4c98bc4cda7 perl-suidperl-5.8.0-89.10.i386.rpm ia64: 5a10e253f3f2157b4368075eccf54175 perl-5.8.0-89.10.ia64.rpm f223540941913b1d8b55568626028560 perl-5.8.0-89.10.i386.rpm 05ea625a88b1e659b5a6880edac843c7 perl-CGI-2.81-89.10.ia64.rpm 8724618846f36f99812357b454f7c55c perl-CPAN-1.61-89.10.ia64.rpm 825c3f4ef53327a732378c949e1b147c perl-DB_File-1.804-89.10.ia64.rpm b324050c23db82bc43bc8a51ac2ac007 perl-suidperl-5.8.0-89.10.ia64.rpm x86_64: 8db0f4090e24987d0c8441bc7a51e279 perl-5.8.0-89.10.x86_64.rpm f223540941913b1d8b55568626028560 perl-5.8.0-89.10.i386.rpm df2aa650b197e77760f34f01e6b53531 perl-CGI-2.81-89.10.x86_64.rpm 123bd96c68b24decf64225873e4d7b27 perl-CPAN-1.61-89.10.x86_64.rpm b8c4afe9bb806c65b9dd38e3ba20c49a perl-DB_File-1.804-89.10.x86_64.rpm e1b1a5af0febb77cedcd523f13a8d129 perl-suidperl-5.8.0-89.10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0156 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCB5sQXlSAg2UNWIIRAm6tAJ9dbKrvgyUC8QTre+ioudPGlYiaSACeLmbx wNCkPh2vl6JYxFrU/Q9Y67I= =tRA6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 10 14:22:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Feb 2005 09:22 -0500 Subject: [RHSA-2005:136-01] Updated mailman packages fix security vulnerability Message-ID: <200502101422.j1AEMAF14895@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated mailman packages fix security vulnerability Advisory ID: RHSA-2005:136-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-136.html Issue date: 2005-02-10 Updated on: 2005-02-10 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0202 - --------------------------------------------------------------------- 1. Summary: Updated mailman packages that correct a mailman security issue are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The mailman package is software to help manage email discussion lists. A flaw in the true_path function of Mailman was discovered. A remote attacker who is a member of a private mailman list could use a carefully crafted URL and gain access to arbitrary files on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0202 to this issue. Note: Mailman installations running on Apache 2.0-based servers are not vulnerable to this issue. Users of mailman should update to these erratum packages that contain a patch and are not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mailman-2.0.13-7.src.rpm 260191010b33b847cff74a0987a149d9 mailman-2.0.13-7.src.rpm i386: cf827db7f2ebd3f61984be805a0ba9ef mailman-2.0.13-7.i386.rpm ia64: fadcb0f97df37d7b7e76e3b02527c75c mailman-2.0.13-7.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mailman-2.0.13-7.src.rpm 260191010b33b847cff74a0987a149d9 mailman-2.0.13-7.src.rpm ia64: fadcb0f97df37d7b7e76e3b02527c75c mailman-2.0.13-7.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mailman-2.0.13-7.src.rpm 260191010b33b847cff74a0987a149d9 mailman-2.0.13-7.src.rpm i386: cf827db7f2ebd3f61984be805a0ba9ef mailman-2.0.13-7.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mailman-2.1.5-24.rhel3.src.rpm fc80029809707e28804793106c318980 mailman-2.1.5-24.rhel3.src.rpm i386: dadadb745865351551bf19414a5cd117 mailman-2.1.5-24.rhel3.i386.rpm ia64: bb4e5bbe816d2f6367a9ce95294bcc16 mailman-2.1.5-24.rhel3.ia64.rpm ppc: 65e7d8774cce2917d3fc5a0caa852e14 mailman-2.1.5-24.rhel3.ppc.rpm s390: 46808237cd331ec20b5f5fdd6e648c32 mailman-2.1.5-24.rhel3.s390.rpm s390x: f71588d6b4e3d731296aad6491887e35 mailman-2.1.5-24.rhel3.s390x.rpm x86_64: 9c4a565c522a774ce07e50270a554c83 mailman-2.1.5-24.rhel3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mailman-2.1.5-24.rhel3.src.rpm fc80029809707e28804793106c318980 mailman-2.1.5-24.rhel3.src.rpm i386: dadadb745865351551bf19414a5cd117 mailman-2.1.5-24.rhel3.i386.rpm x86_64: 9c4a565c522a774ce07e50270a554c83 mailman-2.1.5-24.rhel3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mailman-2.1.5-24.rhel3.src.rpm fc80029809707e28804793106c318980 mailman-2.1.5-24.rhel3.src.rpm i386: dadadb745865351551bf19414a5cd117 mailman-2.1.5-24.rhel3.i386.rpm ia64: bb4e5bbe816d2f6367a9ce95294bcc16 mailman-2.1.5-24.rhel3.ia64.rpm x86_64: 9c4a565c522a774ce07e50270a554c83 mailman-2.1.5-24.rhel3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mailman-2.1.5-24.rhel3.src.rpm fc80029809707e28804793106c318980 mailman-2.1.5-24.rhel3.src.rpm i386: dadadb745865351551bf19414a5cd117 mailman-2.1.5-24.rhel3.i386.rpm ia64: bb4e5bbe816d2f6367a9ce95294bcc16 mailman-2.1.5-24.rhel3.ia64.rpm x86_64: 9c4a565c522a774ce07e50270a554c83 mailman-2.1.5-24.rhel3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 6. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0202 7. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCC235XlSAg2UNWIIRAjCaAKCCVmR8FvyBcu4WcI8iIonX/ny8hgCfYL77 k6nBJwmfc0tnwuaV/gJPqO4= =oFVJ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 10 17:11:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Feb 2005 12:11 -0500 Subject: [RHSA-2005:009-01] Updated kdelibs and kdebase packages correct security issues Message-ID: <200502101711.j1AHBaF26759@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated kdelibs and kdebase packages correct security issues Advisory ID: RHSA-2005:009-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-009.html Issue date: 2005-02-10 Updated on: 2005-02-10 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-1158 CAN-2004-1165 CAN-2005-0078 - --------------------------------------------------------------------- 1. Summary: Updated kdelib and kdebase packages that resolve several security issues are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The kdelibs packages include libraries for the K Desktop Environment. The kdebase packages include core applications for the K Desktop Environment. Secunia Research discovered a window injection spoofing vulnerability affecting the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1158 to this issue. A bug was discovered in the way kioslave handles URL-encoded newline (%0a) characters before the FTP command. It is possible that a specially crafted URL could be used to execute any ftp command on a remote server, or potentially send unsolicited email. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1165 to this issue. A bug was discovered that can crash KDE screensaver under certain local circumstances. This could allow an attacker with physical access to the workstation to take over a locked desktop session. Please note that this issue only affects Red Hat Enterprise Linux 2.1. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-0078 to this issue. All users of KDE are advised to upgrade to this updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 142393 - CAN-2004-1158 Frame injection vulnerability. 139265 - KDE+Cadence bug 146760 - CAN-2004-1165 kioslave command injection 145381 - CAN-2005-0078 password bypass in kde screensaver 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kdebase-2.2.2-15.src.rpm 42ea76d700ba15316ed91ce65cf771f9 kdebase-2.2.2-15.src.rpm ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kdelibs-2.2.2-15.src.rpm 2effc951a3ee4ae25512280243542b5c kdelibs-2.2.2-15.src.rpm i386: 4d38bae519a161f1452bb554fb04ba81 arts-2.2.2-15.i386.rpm 030a200855eb2be8bdc42800eeb06cef kdebase-2.2.2-15.i386.rpm 774d4f3c8b056b807279149410432482 kdebase-devel-2.2.2-15.i386.rpm bb8d504cb0c377299863c4b5a49fdeab kdelibs-2.2.2-15.i386.rpm 5cdcc1ff323a76d713de8b602a8681e5 kdelibs-devel-2.2.2-15.i386.rpm 134afda3f20237a143a48b05efa19ce3 kdelibs-sound-2.2.2-15.i386.rpm f4be4258a190a5dcf32c4c9cd338d9f9 kdelibs-sound-devel-2.2.2-15.i386.rpm ia64: 29b839c2620301ae2abfc6f26511e64e arts-2.2.2-15.ia64.rpm aceb3a74103fd439be563eb1c5346890 kdebase-2.2.2-15.ia64.rpm 8b5de25703a71498f6ce9c316a7be391 kdebase-devel-2.2.2-15.ia64.rpm ebd5bc9dd5419cf9dc00e8c663e0b722 kdelibs-2.2.2-15.ia64.rpm 6788128e0c457af8c7531f4ad4cf0620 kdelibs-devel-2.2.2-15.ia64.rpm 0eced9a280854ff5a56cf9248778aa91 kdelibs-sound-2.2.2-15.ia64.rpm c30d0494f359483f5ea45c216a75fb83 kdelibs-sound-devel-2.2.2-15.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdebase-2.2.2-15.src.rpm 42ea76d700ba15316ed91ce65cf771f9 kdebase-2.2.2-15.src.rpm ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdelibs-2.2.2-15.src.rpm 2effc951a3ee4ae25512280243542b5c kdelibs-2.2.2-15.src.rpm ia64: 29b839c2620301ae2abfc6f26511e64e arts-2.2.2-15.ia64.rpm aceb3a74103fd439be563eb1c5346890 kdebase-2.2.2-15.ia64.rpm 8b5de25703a71498f6ce9c316a7be391 kdebase-devel-2.2.2-15.ia64.rpm ebd5bc9dd5419cf9dc00e8c663e0b722 kdelibs-2.2.2-15.ia64.rpm 6788128e0c457af8c7531f4ad4cf0620 kdelibs-devel-2.2.2-15.ia64.rpm 0eced9a280854ff5a56cf9248778aa91 kdelibs-sound-2.2.2-15.ia64.rpm c30d0494f359483f5ea45c216a75fb83 kdelibs-sound-devel-2.2.2-15.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdebase-2.2.2-15.src.rpm 42ea76d700ba15316ed91ce65cf771f9 kdebase-2.2.2-15.src.rpm ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdelibs-2.2.2-15.src.rpm 2effc951a3ee4ae25512280243542b5c kdelibs-2.2.2-15.src.rpm i386: 4d38bae519a161f1452bb554fb04ba81 arts-2.2.2-15.i386.rpm 030a200855eb2be8bdc42800eeb06cef kdebase-2.2.2-15.i386.rpm 774d4f3c8b056b807279149410432482 kdebase-devel-2.2.2-15.i386.rpm bb8d504cb0c377299863c4b5a49fdeab kdelibs-2.2.2-15.i386.rpm 5cdcc1ff323a76d713de8b602a8681e5 kdelibs-devel-2.2.2-15.i386.rpm 134afda3f20237a143a48b05efa19ce3 kdelibs-sound-2.2.2-15.i386.rpm f4be4258a190a5dcf32c4c9cd338d9f9 kdelibs-sound-devel-2.2.2-15.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdebase-2.2.2-15.src.rpm 42ea76d700ba15316ed91ce65cf771f9 kdebase-2.2.2-15.src.rpm ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdelibs-2.2.2-15.src.rpm 2effc951a3ee4ae25512280243542b5c kdelibs-2.2.2-15.src.rpm i386: 4d38bae519a161f1452bb554fb04ba81 arts-2.2.2-15.i386.rpm 030a200855eb2be8bdc42800eeb06cef kdebase-2.2.2-15.i386.rpm 774d4f3c8b056b807279149410432482 kdebase-devel-2.2.2-15.i386.rpm bb8d504cb0c377299863c4b5a49fdeab kdelibs-2.2.2-15.i386.rpm 5cdcc1ff323a76d713de8b602a8681e5 kdelibs-devel-2.2.2-15.i386.rpm 134afda3f20237a143a48b05efa19ce3 kdelibs-sound-2.2.2-15.i386.rpm f4be4258a190a5dcf32c4c9cd338d9f9 kdelibs-sound-devel-2.2.2-15.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kdebase-3.1.3-5.8.src.rpm 82bd5517a6dc195ca5c7a4fcf4cc3fcf kdebase-3.1.3-5.8.src.rpm ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kdelibs-3.1.3-6.9.src.rpm 6b5b2aba61ac2ced6df5689de2721a71 kdelibs-3.1.3-6.9.src.rpm i386: 559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm a66570d58774ae59253985e9089f7074 kdebase-devel-3.1.3-5.8.i386.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 65ff2276ebd06a84363734aac1e819c2 kdelibs-devel-3.1.3-6.9.i386.rpm ia64: 3fff6529152bac165097691689afd5ae kdebase-3.1.3-5.8.ia64.rpm 559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm 9e9245aceb7cb8d4422f91798ee47fcf kdebase-devel-3.1.3-5.8.ia64.rpm 3ff097e232c2c1ecd0a8684c8b526581 kdelibs-3.1.3-6.9.ia64.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 155776d1b23d3c1c881f805416ecc9fa kdelibs-devel-3.1.3-6.9.ia64.rpm ppc: 0fc9e4a1708c61b2206768e1394ecebd kdebase-3.1.3-5.8.ppc.rpm 2dd6ee38cd14fa2fe23738288ccbedba kdebase-devel-3.1.3-5.8.ppc.rpm 4a16bc2c6e43daab1e89c2325524b05a kdelibs-3.1.3-6.9.ppc.rpm e502d549dfd189d1adc737ec8465b891 kdelibs-devel-3.1.3-6.9.ppc.rpm ppc64: 72499cac48e0a01419aab74f7ede3aac kdebase-3.1.3-5.8.ppc64.rpm e90b5b1341b2b3b377ffd29ae77f851a kdelibs-3.1.3-6.9.ppc64.rpm s390: f0a4e0e6fdf9eee9f2825da3736a7885 kdebase-3.1.3-5.8.s390.rpm 2147f372980f4df3d112545c3de5c0a8 kdebase-devel-3.1.3-5.8.s390.rpm 3a4b1bc5571900b494af7082ab7a1a13 kdelibs-3.1.3-6.9.s390.rpm bf90245b516428c7d9ef4cf0cef37342 kdelibs-devel-3.1.3-6.9.s390.rpm s390x: 755768f2b7ad338f8d66aaa05d66cec7 kdebase-3.1.3-5.8.s390x.rpm f0a4e0e6fdf9eee9f2825da3736a7885 kdebase-3.1.3-5.8.s390.rpm cfd77c86b6f3a565c5799b057fbb5798 kdebase-devel-3.1.3-5.8.s390x.rpm 4273cbc141a3c025b40a121a320f569e kdelibs-3.1.3-6.9.s390x.rpm 3a4b1bc5571900b494af7082ab7a1a13 kdelibs-3.1.3-6.9.s390.rpm 050516f5c80f0cc06466d8698bef3833 kdelibs-devel-3.1.3-6.9.s390x.rpm x86_64: 85c1ebcce8e37502e4c57ac5666bd5b6 kdebase-3.1.3-5.8.x86_64.rpm 559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm cc159d0af68f93775029e72c98fa67cd kdebase-devel-3.1.3-5.8.x86_64.rpm ea4f3a20b3b90e64c065dd1a43047f01 kdelibs-3.1.3-6.9.x86_64.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 8c99f2100c9f3e5b03efff7165eff15c kdelibs-devel-3.1.3-6.9.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kdebase-3.1.3-5.8.src.rpm 82bd5517a6dc195ca5c7a4fcf4cc3fcf kdebase-3.1.3-5.8.src.rpm ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kdelibs-3.1.3-6.9.src.rpm 6b5b2aba61ac2ced6df5689de2721a71 kdelibs-3.1.3-6.9.src.rpm i386: 559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm a66570d58774ae59253985e9089f7074 kdebase-devel-3.1.3-5.8.i386.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 65ff2276ebd06a84363734aac1e819c2 kdelibs-devel-3.1.3-6.9.i386.rpm x86_64: 85c1ebcce8e37502e4c57ac5666bd5b6 kdebase-3.1.3-5.8.x86_64.rpm 559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm cc159d0af68f93775029e72c98fa67cd kdebase-devel-3.1.3-5.8.x86_64.rpm ea4f3a20b3b90e64c065dd1a43047f01 kdelibs-3.1.3-6.9.x86_64.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 8c99f2100c9f3e5b03efff7165eff15c kdelibs-devel-3.1.3-6.9.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kdebase-3.1.3-5.8.src.rpm 82bd5517a6dc195ca5c7a4fcf4cc3fcf kdebase-3.1.3-5.8.src.rpm ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kdelibs-3.1.3-6.9.src.rpm 6b5b2aba61ac2ced6df5689de2721a71 kdelibs-3.1.3-6.9.src.rpm i386: 559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm a66570d58774ae59253985e9089f7074 kdebase-devel-3.1.3-5.8.i386.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 65ff2276ebd06a84363734aac1e819c2 kdelibs-devel-3.1.3-6.9.i386.rpm ia64: 3fff6529152bac165097691689afd5ae kdebase-3.1.3-5.8.ia64.rpm 559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm 9e9245aceb7cb8d4422f91798ee47fcf kdebase-devel-3.1.3-5.8.ia64.rpm 3ff097e232c2c1ecd0a8684c8b526581 kdelibs-3.1.3-6.9.ia64.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 155776d1b23d3c1c881f805416ecc9fa kdelibs-devel-3.1.3-6.9.ia64.rpm x86_64: 85c1ebcce8e37502e4c57ac5666bd5b6 kdebase-3.1.3-5.8.x86_64.rpm 559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm cc159d0af68f93775029e72c98fa67cd kdebase-devel-3.1.3-5.8.x86_64.rpm ea4f3a20b3b90e64c065dd1a43047f01 kdelibs-3.1.3-6.9.x86_64.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 8c99f2100c9f3e5b03efff7165eff15c kdelibs-devel-3.1.3-6.9.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kdebase-3.1.3-5.8.src.rpm 82bd5517a6dc195ca5c7a4fcf4cc3fcf kdebase-3.1.3-5.8.src.rpm ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kdelibs-3.1.3-6.9.src.rpm 6b5b2aba61ac2ced6df5689de2721a71 kdelibs-3.1.3-6.9.src.rpm i386: 559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm a66570d58774ae59253985e9089f7074 kdebase-devel-3.1.3-5.8.i386.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 65ff2276ebd06a84363734aac1e819c2 kdelibs-devel-3.1.3-6.9.i386.rpm ia64: 3fff6529152bac165097691689afd5ae kdebase-3.1.3-5.8.ia64.rpm 559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm 9e9245aceb7cb8d4422f91798ee47fcf kdebase-devel-3.1.3-5.8.ia64.rpm 3ff097e232c2c1ecd0a8684c8b526581 kdelibs-3.1.3-6.9.ia64.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 155776d1b23d3c1c881f805416ecc9fa kdelibs-devel-3.1.3-6.9.ia64.rpm x86_64: 85c1ebcce8e37502e4c57ac5666bd5b6 kdebase-3.1.3-5.8.x86_64.rpm 559c33d7383e7c81f2642f02c5aed26a kdebase-3.1.3-5.8.i386.rpm cc159d0af68f93775029e72c98fa67cd kdebase-devel-3.1.3-5.8.x86_64.rpm ea4f3a20b3b90e64c065dd1a43047f01 kdelibs-3.1.3-6.9.x86_64.rpm 1b9bf6cfbedde310068e7b47ec43dab0 kdelibs-3.1.3-6.9.i386.rpm 8c99f2100c9f3e5b03efff7165eff15c kdelibs-devel-3.1.3-6.9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.kde.org/info/security/advisory-20041213-1.txt http://www.kde.org/info/security/advisory-20050101-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1158 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0078 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCC5W2XlSAg2UNWIIRAkmlAKCE6816oEZPlLm3ukFVSyso2/wRwwCfXKM8 Wkp2VQj+bsIQD1eTcQDjZJY= =TPjS -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 10 17:12:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Feb 2005 12:12 -0500 Subject: [RHSA-2005:104-01] Updated mod_python package fixes security issue Message-ID: <200502101712.j1AHCDF26798@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated mod_python package fixes security issue Advisory ID: RHSA-2005:104-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-104.html Issue date: 2005-02-10 Updated on: 2005-02-10 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0088 - --------------------------------------------------------------------- 1. Summary: An Updated mod_python package that fixes a security issue in the publisher handler is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Mod_python is a module that embeds the Python language interpreter within the Apache web server, allowing handlers to be written in Python. Graham Dumpleton discovered a flaw affecting the publisher handler of mod_python, used to make objects inside modules callable via URL. A remote user could visit a carefully crafted URL that would gain access to objects that should not be visible, leading to an information leak. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0088 to this issue. Users of mod_python are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 146655 - CAN-2005-0088 mod_python information leak 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mod_python-2.7.8-3.1.src.rpm 50b86b5d12fb752e233d06bbf27e25e4 mod_python-2.7.8-3.1.src.rpm i386: b51bdac75600cd7c80060334ce5373f2 mod_python-2.7.8-3.1.i386.rpm ia64: f6645270af7c98323e7779ac1be4501b mod_python-2.7.8-3.1.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mod_python-2.7.8-3.1.src.rpm 50b86b5d12fb752e233d06bbf27e25e4 mod_python-2.7.8-3.1.src.rpm ia64: f6645270af7c98323e7779ac1be4501b mod_python-2.7.8-3.1.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mod_python-2.7.8-3.1.src.rpm 50b86b5d12fb752e233d06bbf27e25e4 mod_python-2.7.8-3.1.src.rpm i386: b51bdac75600cd7c80060334ce5373f2 mod_python-2.7.8-3.1.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mod_python-2.7.8-3.1.src.rpm 50b86b5d12fb752e233d06bbf27e25e4 mod_python-2.7.8-3.1.src.rpm i386: b51bdac75600cd7c80060334ce5373f2 mod_python-2.7.8-3.1.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mod_python-3.0.3-5.ent.src.rpm d1cb5d2b6e13fc10998d481716b32097 mod_python-3.0.3-5.ent.src.rpm i386: d8cc1605bb68dddd5c51a4300600a16a mod_python-3.0.3-5.ent.i386.rpm ia64: 2c09223945087dd8948b2b3c4dfe3f01 mod_python-3.0.3-5.ent.ia64.rpm ppc: b02b5f309e8b1791b5ce1fe2543541c0 mod_python-3.0.3-5.ent.ppc.rpm s390: 95c7d6c8747e8b04bb8dcc5678c4d465 mod_python-3.0.3-5.ent.s390.rpm s390x: bee109211e88d46749152476a17f94c3 mod_python-3.0.3-5.ent.s390x.rpm x86_64: 781ce623934b25860708c3989d0d8d22 mod_python-3.0.3-5.ent.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mod_python-3.0.3-5.ent.src.rpm d1cb5d2b6e13fc10998d481716b32097 mod_python-3.0.3-5.ent.src.rpm i386: d8cc1605bb68dddd5c51a4300600a16a mod_python-3.0.3-5.ent.i386.rpm x86_64: 781ce623934b25860708c3989d0d8d22 mod_python-3.0.3-5.ent.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mod_python-3.0.3-5.ent.src.rpm d1cb5d2b6e13fc10998d481716b32097 mod_python-3.0.3-5.ent.src.rpm i386: d8cc1605bb68dddd5c51a4300600a16a mod_python-3.0.3-5.ent.i386.rpm ia64: 2c09223945087dd8948b2b3c4dfe3f01 mod_python-3.0.3-5.ent.ia64.rpm x86_64: 781ce623934b25860708c3989d0d8d22 mod_python-3.0.3-5.ent.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mod_python-3.0.3-5.ent.src.rpm d1cb5d2b6e13fc10998d481716b32097 mod_python-3.0.3-5.ent.src.rpm i386: d8cc1605bb68dddd5c51a4300600a16a mod_python-3.0.3-5.ent.i386.rpm ia64: 2c09223945087dd8948b2b3c4dfe3f01 mod_python-3.0.3-5.ent.ia64.rpm x86_64: 781ce623934b25860708c3989d0d8d22 mod_python-3.0.3-5.ent.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0088 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCC5XaXlSAg2UNWIIRAhtZAJ4hsbnP+/K5RvNf8Kti6UONo77pUwCeJ1jK dFJuDM/k8jyFjl+eARxDCd8= =n4Ka -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 10 17:12:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Feb 2005 12:12 -0500 Subject: [RHSA-2005:112-01] Updated emacs packages fix security issue Message-ID: <200502101712.j1AHCoF26814@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated emacs packages fix security issue Advisory ID: RHSA-2005:112-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-112.html Issue date: 2005-02-10 Updated on: 2005-02-10 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0100 - --------------------------------------------------------------------- 1. Summary: Updated Emacs packages that fix a string format issue are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Emacs is a powerful, customizable, self-documenting, modeless text editor. Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running emacs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0100 to this issue. Users of Emacs are advised to upgrade to these updated packages, which contain backported patches to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 146700 - CAN-2005-0100 Arbitrary code execution in *emacs* 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/emacs-20.7-41.2.src.rpm fba39e7105979086a856bc1523298219 emacs-20.7-41.2.src.rpm i386: d69a461fb714a8320df49cd0bc0a2948 emacs-20.7-41.2.i386.rpm 81d716a2780da4bd70b2e9ff65a59e04 emacs-X11-20.7-41.2.i386.rpm e791e0b8b5d3fdb9302dba7cffd6600d emacs-el-20.7-41.2.i386.rpm b3460f46f0aca2143b255e5664d0cbcf emacs-leim-20.7-41.2.i386.rpm 23a6cddea1a2d693da09ef6ce6a04cb4 emacs-nox-20.7-41.2.i386.rpm ia64: 9907122cb87f25b145fc64d249e1f373 emacs-20.7-41.2.ia64.rpm a5c29b47a726c3464cea29db223bf0a3 emacs-X11-20.7-41.2.ia64.rpm b9bb6d89f90ca8c04621c1f4658a02e3 emacs-el-20.7-41.2.ia64.rpm 5f524f16502e44f00fbada64070ac220 emacs-leim-20.7-41.2.ia64.rpm 4d0fbe779bed8c187f3ffea7829e15f0 emacs-nox-20.7-41.2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/emacs-20.7-41.2.src.rpm fba39e7105979086a856bc1523298219 emacs-20.7-41.2.src.rpm ia64: 9907122cb87f25b145fc64d249e1f373 emacs-20.7-41.2.ia64.rpm a5c29b47a726c3464cea29db223bf0a3 emacs-X11-20.7-41.2.ia64.rpm b9bb6d89f90ca8c04621c1f4658a02e3 emacs-el-20.7-41.2.ia64.rpm 5f524f16502e44f00fbada64070ac220 emacs-leim-20.7-41.2.ia64.rpm 4d0fbe779bed8c187f3ffea7829e15f0 emacs-nox-20.7-41.2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/emacs-20.7-41.2.src.rpm fba39e7105979086a856bc1523298219 emacs-20.7-41.2.src.rpm i386: d69a461fb714a8320df49cd0bc0a2948 emacs-20.7-41.2.i386.rpm 81d716a2780da4bd70b2e9ff65a59e04 emacs-X11-20.7-41.2.i386.rpm e791e0b8b5d3fdb9302dba7cffd6600d emacs-el-20.7-41.2.i386.rpm b3460f46f0aca2143b255e5664d0cbcf emacs-leim-20.7-41.2.i386.rpm 23a6cddea1a2d693da09ef6ce6a04cb4 emacs-nox-20.7-41.2.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/emacs-20.7-41.2.src.rpm fba39e7105979086a856bc1523298219 emacs-20.7-41.2.src.rpm i386: d69a461fb714a8320df49cd0bc0a2948 emacs-20.7-41.2.i386.rpm 81d716a2780da4bd70b2e9ff65a59e04 emacs-X11-20.7-41.2.i386.rpm e791e0b8b5d3fdb9302dba7cffd6600d emacs-el-20.7-41.2.i386.rpm b3460f46f0aca2143b255e5664d0cbcf emacs-leim-20.7-41.2.i386.rpm 23a6cddea1a2d693da09ef6ce6a04cb4 emacs-nox-20.7-41.2.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/emacs-21.3-4.1.src.rpm 38a1b0b661869980b73ea958a387330f emacs-21.3-4.1.src.rpm i386: 7c2da1fc15e4d71c90ed05fcaf7f2aff emacs-21.3-4.1.i386.rpm e3288f21fab6feb6709c283e206f3b09 emacs-el-21.3-4.1.i386.rpm 1cc586a20f047c0d5a3245bf2b4a9d12 emacs-leim-21.3-4.1.i386.rpm ia64: 3e09e53a65636ac4046db955d9b21e0a emacs-21.3-4.1.ia64.rpm 470539029a0dc531e2f0982015624231 emacs-el-21.3-4.1.ia64.rpm f26f3a45cecbb9faae945ba862cc3308 emacs-leim-21.3-4.1.ia64.rpm ppc: 3074759a6d154377204e1b40119c1a34 emacs-21.3-4.1.ppc.rpm d523a8d4b7248f5c9733cf56568ab32e emacs-el-21.3-4.1.ppc.rpm 52a931ab8acae24e97b61808cf2155a0 emacs-leim-21.3-4.1.ppc.rpm s390: 3adbd2b469cb0f3a1806127d995aee61 emacs-21.3-4.1.s390.rpm 9660ccd43c5d52d61a67df0d3dee06aa emacs-el-21.3-4.1.s390.rpm 93866792827d67299f54d1b5ec607275 emacs-leim-21.3-4.1.s390.rpm s390x: 0072da2a620ada0451182e160af05756 emacs-21.3-4.1.s390x.rpm b56396b351324f8e5f196479bd767f0e emacs-el-21.3-4.1.s390x.rpm e499de9b21b997711499ba6d337ebbf0 emacs-leim-21.3-4.1.s390x.rpm x86_64: c8f3808bce03e80e42a7882f3669046f emacs-21.3-4.1.x86_64.rpm fc0c5e3f92832839fe21ff5907e2a64e emacs-el-21.3-4.1.x86_64.rpm 027a0799972d81241e5b04917c092678 emacs-leim-21.3-4.1.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/emacs-21.3-4.1.src.rpm 38a1b0b661869980b73ea958a387330f emacs-21.3-4.1.src.rpm i386: 7c2da1fc15e4d71c90ed05fcaf7f2aff emacs-21.3-4.1.i386.rpm e3288f21fab6feb6709c283e206f3b09 emacs-el-21.3-4.1.i386.rpm 1cc586a20f047c0d5a3245bf2b4a9d12 emacs-leim-21.3-4.1.i386.rpm x86_64: c8f3808bce03e80e42a7882f3669046f emacs-21.3-4.1.x86_64.rpm fc0c5e3f92832839fe21ff5907e2a64e emacs-el-21.3-4.1.x86_64.rpm 027a0799972d81241e5b04917c092678 emacs-leim-21.3-4.1.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/emacs-21.3-4.1.src.rpm 38a1b0b661869980b73ea958a387330f emacs-21.3-4.1.src.rpm i386: 7c2da1fc15e4d71c90ed05fcaf7f2aff emacs-21.3-4.1.i386.rpm e3288f21fab6feb6709c283e206f3b09 emacs-el-21.3-4.1.i386.rpm 1cc586a20f047c0d5a3245bf2b4a9d12 emacs-leim-21.3-4.1.i386.rpm ia64: 3e09e53a65636ac4046db955d9b21e0a emacs-21.3-4.1.ia64.rpm 470539029a0dc531e2f0982015624231 emacs-el-21.3-4.1.ia64.rpm f26f3a45cecbb9faae945ba862cc3308 emacs-leim-21.3-4.1.ia64.rpm x86_64: c8f3808bce03e80e42a7882f3669046f emacs-21.3-4.1.x86_64.rpm fc0c5e3f92832839fe21ff5907e2a64e emacs-el-21.3-4.1.x86_64.rpm 027a0799972d81241e5b04917c092678 emacs-leim-21.3-4.1.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/emacs-21.3-4.1.src.rpm 38a1b0b661869980b73ea958a387330f emacs-21.3-4.1.src.rpm i386: 7c2da1fc15e4d71c90ed05fcaf7f2aff emacs-21.3-4.1.i386.rpm e3288f21fab6feb6709c283e206f3b09 emacs-el-21.3-4.1.i386.rpm 1cc586a20f047c0d5a3245bf2b4a9d12 emacs-leim-21.3-4.1.i386.rpm ia64: 3e09e53a65636ac4046db955d9b21e0a emacs-21.3-4.1.ia64.rpm 470539029a0dc531e2f0982015624231 emacs-el-21.3-4.1.ia64.rpm f26f3a45cecbb9faae945ba862cc3308 emacs-leim-21.3-4.1.ia64.rpm x86_64: c8f3808bce03e80e42a7882f3669046f emacs-21.3-4.1.x86_64.rpm fc0c5e3f92832839fe21ff5907e2a64e emacs-el-21.3-4.1.x86_64.rpm 027a0799972d81241e5b04917c092678 emacs-leim-21.3-4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCC5X9XlSAg2UNWIIRAv/PAKCXFeOtAkgv7K7ZpdFNOsbJvc/aEACfa2wF LsrCFBunckJQdPJBW0+Bx3U= =yImk -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 10 17:13:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Feb 2005 12:13 -0500 Subject: [RHSA-2005:134-01] Updated xemacs packages fix security issue Message-ID: <200502101713.j1AHDFF26847@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated xemacs packages fix security issue Advisory ID: RHSA-2005:134-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-134.html Issue date: 2005-02-10 Updated on: 2005-02-10 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0100 - --------------------------------------------------------------------- 1. Summary: Updated XEmacs packages that fix a string format issue are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: XEmacs is a powerful, customizable, self-documenting, modeless text editor. Max Vozeler discovered several format string vulnerabilities in the movemail utility of XEmacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running xemacs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0100 to this issue. Users of XEmacs are advised to upgrade to these updated packages, which contain backported patches to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 146704 - CAN-2005-0100 Arbitrary code execution in *emacs* 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/xemacs-21.4.6-6.9.1.src.rpm 4d31836bc71ca0e31ffdcd2601699d85 xemacs-21.4.6-6.9.1.src.rpm i386: 9b918791022dbd365d1c2ffc7487ad37 xemacs-21.4.6-6.9.1.i386.rpm e951c1189a2098befdb5f3e7c7806e38 xemacs-el-21.4.6-6.9.1.i386.rpm 0ae98221a5979e4d22c6c5a82ec88682 xemacs-info-21.4.6-6.9.1.i386.rpm ia64: f4ef0907a0a8b648307095916e59e5e2 xemacs-21.4.6-6.9.1.ia64.rpm 165bffd4faf333bef4d6f1c9d1be28f4 xemacs-el-21.4.6-6.9.1.ia64.rpm 42fdb40e2f69005f5d574e633c889ca7 xemacs-info-21.4.6-6.9.1.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/xemacs-21.4.6-6.9.1.src.rpm 4d31836bc71ca0e31ffdcd2601699d85 xemacs-21.4.6-6.9.1.src.rpm ia64: f4ef0907a0a8b648307095916e59e5e2 xemacs-21.4.6-6.9.1.ia64.rpm 165bffd4faf333bef4d6f1c9d1be28f4 xemacs-el-21.4.6-6.9.1.ia64.rpm 42fdb40e2f69005f5d574e633c889ca7 xemacs-info-21.4.6-6.9.1.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/xemacs-21.4.6-6.9.1.src.rpm 4d31836bc71ca0e31ffdcd2601699d85 xemacs-21.4.6-6.9.1.src.rpm i386: 9b918791022dbd365d1c2ffc7487ad37 xemacs-21.4.6-6.9.1.i386.rpm e951c1189a2098befdb5f3e7c7806e38 xemacs-el-21.4.6-6.9.1.i386.rpm 0ae98221a5979e4d22c6c5a82ec88682 xemacs-info-21.4.6-6.9.1.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/xemacs-21.4.6-6.9.1.src.rpm 4d31836bc71ca0e31ffdcd2601699d85 xemacs-21.4.6-6.9.1.src.rpm i386: 9b918791022dbd365d1c2ffc7487ad37 xemacs-21.4.6-6.9.1.i386.rpm e951c1189a2098befdb5f3e7c7806e38 xemacs-el-21.4.6-6.9.1.i386.rpm 0ae98221a5979e4d22c6c5a82ec88682 xemacs-info-21.4.6-6.9.1.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xemacs-21.4.13-8.ent.1.src.rpm 6366093e19b29b094e694f9c98dd247b xemacs-21.4.13-8.ent.1.src.rpm i386: cf850b6ef4f2d8cb5b135d64d06603e7 xemacs-21.4.13-8.ent.1.i386.rpm 20ce76b7491f4925c6eb50988c1ee6fd xemacs-el-21.4.13-8.ent.1.i386.rpm 30591934bda8c960d6a4a7413a0c99b9 xemacs-info-21.4.13-8.ent.1.i386.rpm ia64: 92b20d9de180d11b88c5fa58ad5a0dbf xemacs-21.4.13-8.ent.1.ia64.rpm c3070054bc6a0b31744538b5e007d4ba xemacs-el-21.4.13-8.ent.1.ia64.rpm 9e025747828aab85df935b8549a7785d xemacs-info-21.4.13-8.ent.1.ia64.rpm ppc: 108e7a89e0a3fa98f68eb577a27d282c xemacs-21.4.13-8.ent.1.ppc.rpm ffa9533b7ce42210266485f03a23415c xemacs-el-21.4.13-8.ent.1.ppc.rpm f72e70f4cd85f1ad8313984d3d4107fc xemacs-info-21.4.13-8.ent.1.ppc.rpm s390: 59a254a6ceab69616f83826e50ae7a30 xemacs-21.4.13-8.ent.1.s390.rpm c50eacecae3000edd5fbc8a878c72142 xemacs-el-21.4.13-8.ent.1.s390.rpm d25d73f36604c415b8ec6e7c95fda9fe xemacs-info-21.4.13-8.ent.1.s390.rpm s390x: 2788db105bb473b1d773495006d7aee7 xemacs-21.4.13-8.ent.1.s390x.rpm c337eb51c51849a1d1d3580b206a0dd3 xemacs-el-21.4.13-8.ent.1.s390x.rpm 2accf5d242d37dd20a194c3f9231cd4d xemacs-info-21.4.13-8.ent.1.s390x.rpm x86_64: 8b043f8ee239f9ddfc3fd06fea0a2610 xemacs-21.4.13-8.ent.1.x86_64.rpm da4c3c22771c470f641156ae392364b3 xemacs-el-21.4.13-8.ent.1.x86_64.rpm e3eee7414558f7da341a7544fd2de084 xemacs-info-21.4.13-8.ent.1.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/xemacs-21.4.13-8.ent.1.src.rpm 6366093e19b29b094e694f9c98dd247b xemacs-21.4.13-8.ent.1.src.rpm i386: cf850b6ef4f2d8cb5b135d64d06603e7 xemacs-21.4.13-8.ent.1.i386.rpm 20ce76b7491f4925c6eb50988c1ee6fd xemacs-el-21.4.13-8.ent.1.i386.rpm 30591934bda8c960d6a4a7413a0c99b9 xemacs-info-21.4.13-8.ent.1.i386.rpm x86_64: 8b043f8ee239f9ddfc3fd06fea0a2610 xemacs-21.4.13-8.ent.1.x86_64.rpm da4c3c22771c470f641156ae392364b3 xemacs-el-21.4.13-8.ent.1.x86_64.rpm e3eee7414558f7da341a7544fd2de084 xemacs-info-21.4.13-8.ent.1.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/xemacs-21.4.13-8.ent.1.src.rpm 6366093e19b29b094e694f9c98dd247b xemacs-21.4.13-8.ent.1.src.rpm i386: cf850b6ef4f2d8cb5b135d64d06603e7 xemacs-21.4.13-8.ent.1.i386.rpm 20ce76b7491f4925c6eb50988c1ee6fd xemacs-el-21.4.13-8.ent.1.i386.rpm 30591934bda8c960d6a4a7413a0c99b9 xemacs-info-21.4.13-8.ent.1.i386.rpm ia64: 92b20d9de180d11b88c5fa58ad5a0dbf xemacs-21.4.13-8.ent.1.ia64.rpm c3070054bc6a0b31744538b5e007d4ba xemacs-el-21.4.13-8.ent.1.ia64.rpm 9e025747828aab85df935b8549a7785d xemacs-info-21.4.13-8.ent.1.ia64.rpm x86_64: 8b043f8ee239f9ddfc3fd06fea0a2610 xemacs-21.4.13-8.ent.1.x86_64.rpm da4c3c22771c470f641156ae392364b3 xemacs-el-21.4.13-8.ent.1.x86_64.rpm e3eee7414558f7da341a7544fd2de084 xemacs-info-21.4.13-8.ent.1.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/xemacs-21.4.13-8.ent.1.src.rpm 6366093e19b29b094e694f9c98dd247b xemacs-21.4.13-8.ent.1.src.rpm i386: cf850b6ef4f2d8cb5b135d64d06603e7 xemacs-21.4.13-8.ent.1.i386.rpm 20ce76b7491f4925c6eb50988c1ee6fd xemacs-el-21.4.13-8.ent.1.i386.rpm 30591934bda8c960d6a4a7413a0c99b9 xemacs-info-21.4.13-8.ent.1.i386.rpm ia64: 92b20d9de180d11b88c5fa58ad5a0dbf xemacs-21.4.13-8.ent.1.ia64.rpm c3070054bc6a0b31744538b5e007d4ba xemacs-el-21.4.13-8.ent.1.ia64.rpm 9e025747828aab85df935b8549a7785d xemacs-info-21.4.13-8.ent.1.ia64.rpm x86_64: 8b043f8ee239f9ddfc3fd06fea0a2610 xemacs-21.4.13-8.ent.1.x86_64.rpm da4c3c22771c470f641156ae392364b3 xemacs-el-21.4.13-8.ent.1.x86_64.rpm e3eee7414558f7da341a7544fd2de084 xemacs-info-21.4.13-8.ent.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCC5YjXlSAg2UNWIIRAptLAJ4k7yi6F8Jh5FWEF0gwcafmzkpdbgCgjMBt pFs1yPW7dM8/I32FR9BKOLc= =gTKu -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Feb 10 17:13:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Feb 2005 12:13 -0500 Subject: [RHSA-2005:135-01] Updated Squirrelmail package fixes security issues Message-ID: <200502101713.j1AHDiF26870@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated Squirrelmail package fixes security issues Advisory ID: RHSA-2005:135-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-135.html Issue date: 2005-02-10 Updated on: 2005-02-10 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0075 CAN-2005-0103 CAN-2005-0104 - --------------------------------------------------------------------- 1. Summary: An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - noarch Red Hat Desktop version 3 - noarch Red Hat Enterprise Linux ES version 3 - noarch Red Hat Enterprise Linux WS version 3 - noarch 3. Problem description: SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner discovered a missing variable initialization in Squirrelmail. This flaw could allow potential insecure file inclusions on servers where the PHP setting "register_globals" is set to "On". This is not a default or recommended setting. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0075 to this issue. A URL sanitisation bug was found in Squirrelmail. This flaw could allow a cross site scripting attack when loading the URL for the sidebar. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0103 to this issue. A missing variable initialization bug was found in Squirrelmail. This flaw could allow a cross site scripting attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0104 to this issue. Users of Squirrelmail are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 145384 - CAN-2005-0075 Arbitrary code injection in Squirrelmail 145964 - CAN-2005-0103 Multiple issues in squirrelmail (CAN-2005-0104) 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squirrelmail-1.4.3a-9.EL3.src.rpm 02b0f904180ad4dabaa93721641a3efa squirrelmail-1.4.3a-9.EL3.src.rpm noarch: 2e22c82b0b1986cad90a8fe38cd44845 squirrelmail-1.4.3a-9.EL3.noarch.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squirrelmail-1.4.3a-9.EL3.src.rpm 02b0f904180ad4dabaa93721641a3efa squirrelmail-1.4.3a-9.EL3.src.rpm noarch: 2e22c82b0b1986cad90a8fe38cd44845 squirrelmail-1.4.3a-9.EL3.noarch.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squirrelmail-1.4.3a-9.EL3.src.rpm 02b0f904180ad4dabaa93721641a3efa squirrelmail-1.4.3a-9.EL3.src.rpm noarch: 2e22c82b0b1986cad90a8fe38cd44845 squirrelmail-1.4.3a-9.EL3.noarch.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squirrelmail-1.4.3a-9.EL3.src.rpm 02b0f904180ad4dabaa93721641a3efa squirrelmail-1.4.3a-9.EL3.src.rpm noarch: 2e22c82b0b1986cad90a8fe38cd44845 squirrelmail-1.4.3a-9.EL3.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.squirrelmail.org/security/issue/2005-01-20 http://www.squirrelmail.org/security/issue/2005-01-19 http://www.squirrelmail.org/security/issue/2005-01-14 http://www.php.net/register_globals http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0104 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCC5Y3XlSAg2UNWIIRAp87AKDBioH/Ff/SlsM+PG23yhLz4g+6TQCghbnN TKetTdzqcj9K4xPrwtxCLkQ= =RjEw -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Feb 11 13:50:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 11 Feb 2005 08:50 -0500 Subject: [RHSA-2005:061-01] Updated Squid package fixes security issues Message-ID: <200502111350.j1BDoqF31153@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated Squid package fixes security issues Advisory ID: RHSA-2005:061-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-061.html Issue date: 2005-02-11 Updated on: 2005-02-11 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0094 CAN-2005-0095 CAN-2005-0096 CAN-2005-0097 CAN-2005-0173 CAN-2005-0174 CAN-2005-0175 CAN-2005-0211 CAN-2005-0241 - --------------------------------------------------------------------- 1. Summary: An updated Squid package that fixes several security issues is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Squid is a full-featured Web proxy cache. A buffer overflow flaw was found in the Gopher relay parser. This bug could allow a remote Gopher server to crash the Squid proxy that reads data from it. Although Gopher servers are now quite rare, a malicious web page (for example) could redirect or contain a frame pointing to an attacker's malicious gopher server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0094 to this issue. An integer overflow flaw was found in the WCCP message parser. It is possible to crash the Squid server if an attacker is able to send a malformed WCCP message with a spoofed source address matching Squid's "home router". The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0095 to this issue. A memory leak was found in the NTLM fakeauth_auth helper. It is possible that an attacker could place the Squid server under high load, causing the NTML fakeauth_auth helper to consume a large amount of memory, resulting in a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0096 to this issue. A NULL pointer de-reference bug was found in the NTLM fakeauth_auth helper. It is possible for an attacker to send a malformed NTLM type 3 message, causing the Squid server to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0097 to this issue. A username validation bug was found in squid_ldap_auth. It is possible for a username to be padded with spaces, which could allow a user to bypass explicit access control rules or confuse accounting. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0173 to this issue. The way Squid handles HTTP responses was found to need strengthening. It is possible that a malicious web server could send a series of HTTP responses in such a way that the Squid cache could be poisoned, presenting users with incorrect webpages. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0174 and CAN-2005-0175 to these issues. A bug was found in the way Squid handled oversized HTTP response headers. It is possible that a malicious web server could send a specially crafted HTTP header which could cause the Squid cache to be poisoned, presenting users with incorrect webpages. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0241 to this issue. A buffer overflow bug was found in the WCCP message parser. It is possible that an attacker could send a malformed WCCP message which could crash the Squid server or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0211 to this issue. Users of Squid should upgrade to this updated package, which contains backported patches, and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 145540 - CAN-2005-0094 Multiple issues with squid (CAN-2005-0095 CAN-2005-0096 CAN-2005-0097) 146159 - CAN-2005-0173 Multiple squid issues (CAN-2005-0174 CAN-2005-0175) 146780 - CAN-2005-0241 Correct handling of oversized reply headers 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/squid-2.4.STABLE7-1.21as.4.src.rpm 95b8c52d164e1178ca73d0f7751fe920 squid-2.4.STABLE7-1.21as.4.src.rpm i386: a950517eec9d75e9f9255c22098cb942 squid-2.4.STABLE7-1.21as.4.i386.rpm ia64: 223ad64e00405758e505b1412a83ca65 squid-2.4.STABLE7-1.21as.4.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/squid-2.4.STABLE7-1.21as.4.src.rpm 95b8c52d164e1178ca73d0f7751fe920 squid-2.4.STABLE7-1.21as.4.src.rpm ia64: 223ad64e00405758e505b1412a83ca65 squid-2.4.STABLE7-1.21as.4.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/squid-2.4.STABLE7-1.21as.4.src.rpm 95b8c52d164e1178ca73d0f7751fe920 squid-2.4.STABLE7-1.21as.4.src.rpm i386: a950517eec9d75e9f9255c22098cb942 squid-2.4.STABLE7-1.21as.4.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squid-2.5.STABLE3-6.3E.7.src.rpm d8641aa493868a48143ff7ad71fb515a squid-2.5.STABLE3-6.3E.7.src.rpm i386: 3da9a078535a549a941c35dd4efcb07e squid-2.5.STABLE3-6.3E.7.i386.rpm ia64: 44ba7d01ebfde6643bbca67ed612f71e squid-2.5.STABLE3-6.3E.7.ia64.rpm ppc: eeabefd918d66aed11cfc1b28403b141 squid-2.5.STABLE3-6.3E.7.ppc.rpm s390: 7a2b9540c7b55ee44984f796e39d806d squid-2.5.STABLE3-6.3E.7.s390.rpm s390x: 372366d5fbaa404527a43e9de8f46cdd squid-2.5.STABLE3-6.3E.7.s390x.rpm x86_64: cd4a5c1528339547803f7784a494ef61 squid-2.5.STABLE3-6.3E.7.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squid-2.5.STABLE3-6.3E.7.src.rpm d8641aa493868a48143ff7ad71fb515a squid-2.5.STABLE3-6.3E.7.src.rpm i386: 3da9a078535a549a941c35dd4efcb07e squid-2.5.STABLE3-6.3E.7.i386.rpm x86_64: cd4a5c1528339547803f7784a494ef61 squid-2.5.STABLE3-6.3E.7.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squid-2.5.STABLE3-6.3E.7.src.rpm d8641aa493868a48143ff7ad71fb515a squid-2.5.STABLE3-6.3E.7.src.rpm i386: 3da9a078535a549a941c35dd4efcb07e squid-2.5.STABLE3-6.3E.7.i386.rpm ia64: 44ba7d01ebfde6643bbca67ed612f71e squid-2.5.STABLE3-6.3E.7.ia64.rpm x86_64: cd4a5c1528339547803f7784a494ef61 squid-2.5.STABLE3-6.3E.7.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squid-2.5.STABLE3-6.3E.7.src.rpm d8641aa493868a48143ff7ad71fb515a squid-2.5.STABLE3-6.3E.7.src.rpm i386: 3da9a078535a549a941c35dd4efcb07e squid-2.5.STABLE3-6.3E.7.i386.rpm ia64: 44ba7d01ebfde6643bbca67ed612f71e squid-2.5.STABLE3-6.3E.7.ia64.rpm x86_64: cd4a5c1528339547803f7784a494ef61 squid-2.5.STABLE3-6.3E.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.squid-cache.org/Advisories/SQUID-2005_1.txt http://www.squid-cache.org/Advisories/SQUID-2005_2.txt http://www.squid-cache.org/Advisories/SQUID-2005_3.txt http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0241 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCDLgwXlSAg2UNWIIRAijmAJ9RPVzVaX2fDMS9Qs032YUMt3BHTQCgl9Mb HTTQgPJBJ8xIXwFBTezCvZ0= =OsgH -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:13:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:13 -0500 Subject: [RHSA-2005:025-01] Moderate: exim security update Message-ID: <200502151013.j1FADaF18782@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: exim security update Advisory ID: RHSA-2005:025-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-025.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0021 CAN-2005-0022 - --------------------------------------------------------------------- 1. Summary: Updated exim packages that resolve security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. A buffer overflow was discovered in the spa_base64_to_bits function in Exim, as originally obtained from Samba code. If SPA authentication is enabled, a remote attacker may be able to exploit this vulnerability to execute arbitrary code as the 'exim' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0022 to this issue. Please note that SPA authentication is not enabled by default in Red Hat Enterprise Linux 4. Buffer overflow flaws were discovered in the host_aton and dns_build_reverse functions in Exim. A local user can trigger these flaws by executing exim with carefully crafted command line arguments and may be able to gain the privileges of the 'exim' account. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0021 to this issue. Users of Exim are advised to update to these erratum packages which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 144099 - CAN-2005-0021 exim security issues (CAN-2005-0022) 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/exim-4.43-1.RHEL4.3.src.rpm a10f8ceafb030dd8de34dfe88479e2fd exim-4.43-1.RHEL4.3.src.rpm i386: 953e48531b0c37fc6f61757fcf7f94ff exim-4.43-1.RHEL4.3.i386.rpm b08043eb300a0c9ba8e7ebf0ec9f5ed9 exim-doc-4.43-1.RHEL4.3.i386.rpm e5489e72dcfd31ab422f43327e7f4a25 exim-mon-4.43-1.RHEL4.3.i386.rpm dd7df7b1937b40edc8e85e3368fa61ab exim-sa-4.43-1.RHEL4.3.i386.rpm ia64: 3ca53a1ee343019a8681c61de01903e4 exim-4.43-1.RHEL4.3.ia64.rpm 5783878bf0fdf7eb62e299b59faa6841 exim-doc-4.43-1.RHEL4.3.ia64.rpm 551864772dc619dae8d8bcdb54eb98c8 exim-mon-4.43-1.RHEL4.3.ia64.rpm a70d6117be6adb454d52996237a6d793 exim-sa-4.43-1.RHEL4.3.ia64.rpm ppc: 839898ae13692a849bc44967d49ca323 exim-4.43-1.RHEL4.3.ppc.rpm 090ee7ef5efb7065f8e28e60c045f174 exim-doc-4.43-1.RHEL4.3.ppc.rpm d14f71166fccc3430b5dc329149ad26b exim-mon-4.43-1.RHEL4.3.ppc.rpm 8e7aedae94f8b35f2020b90e3596d360 exim-sa-4.43-1.RHEL4.3.ppc.rpm s390: fc8c48abd7d386ad9451a1d8467716b8 exim-4.43-1.RHEL4.3.s390.rpm c271ac458a358e66c246046c6d6caf66 exim-doc-4.43-1.RHEL4.3.s390.rpm 6384f141a2c1f720127724586dffa881 exim-mon-4.43-1.RHEL4.3.s390.rpm 6a98adae223421e131e4c656bd21c0da exim-sa-4.43-1.RHEL4.3.s390.rpm s390x: 8c06e65bb46c3ad31dfa140b57184b6d exim-4.43-1.RHEL4.3.s390x.rpm 6f7ebfe85bcd5612ac9e1cedb2b9ffe4 exim-doc-4.43-1.RHEL4.3.s390x.rpm ad1ca1dccbc96f16123a9defc5185e58 exim-mon-4.43-1.RHEL4.3.s390x.rpm 68b146dabe15178ebea73db4ddc16f03 exim-sa-4.43-1.RHEL4.3.s390x.rpm x86_64: 6df49cc0a0e16121f82901f001237f57 exim-4.43-1.RHEL4.3.x86_64.rpm 7f4bed1a8742d92fd4b0b50b6fb00a27 exim-doc-4.43-1.RHEL4.3.x86_64.rpm dfa83c2ee122e616aad216cd040de2f0 exim-mon-4.43-1.RHEL4.3.x86_64.rpm 9e698a46464a5aa565b592e3cdcd5ac2 exim-sa-4.43-1.RHEL4.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/exim-4.43-1.RHEL4.3.src.rpm a10f8ceafb030dd8de34dfe88479e2fd exim-4.43-1.RHEL4.3.src.rpm i386: 953e48531b0c37fc6f61757fcf7f94ff exim-4.43-1.RHEL4.3.i386.rpm b08043eb300a0c9ba8e7ebf0ec9f5ed9 exim-doc-4.43-1.RHEL4.3.i386.rpm e5489e72dcfd31ab422f43327e7f4a25 exim-mon-4.43-1.RHEL4.3.i386.rpm dd7df7b1937b40edc8e85e3368fa61ab exim-sa-4.43-1.RHEL4.3.i386.rpm x86_64: 6df49cc0a0e16121f82901f001237f57 exim-4.43-1.RHEL4.3.x86_64.rpm 7f4bed1a8742d92fd4b0b50b6fb00a27 exim-doc-4.43-1.RHEL4.3.x86_64.rpm dfa83c2ee122e616aad216cd040de2f0 exim-mon-4.43-1.RHEL4.3.x86_64.rpm 9e698a46464a5aa565b592e3cdcd5ac2 exim-sa-4.43-1.RHEL4.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/exim-4.43-1.RHEL4.3.src.rpm a10f8ceafb030dd8de34dfe88479e2fd exim-4.43-1.RHEL4.3.src.rpm i386: 953e48531b0c37fc6f61757fcf7f94ff exim-4.43-1.RHEL4.3.i386.rpm b08043eb300a0c9ba8e7ebf0ec9f5ed9 exim-doc-4.43-1.RHEL4.3.i386.rpm e5489e72dcfd31ab422f43327e7f4a25 exim-mon-4.43-1.RHEL4.3.i386.rpm dd7df7b1937b40edc8e85e3368fa61ab exim-sa-4.43-1.RHEL4.3.i386.rpm ia64: 3ca53a1ee343019a8681c61de01903e4 exim-4.43-1.RHEL4.3.ia64.rpm 5783878bf0fdf7eb62e299b59faa6841 exim-doc-4.43-1.RHEL4.3.ia64.rpm 551864772dc619dae8d8bcdb54eb98c8 exim-mon-4.43-1.RHEL4.3.ia64.rpm a70d6117be6adb454d52996237a6d793 exim-sa-4.43-1.RHEL4.3.ia64.rpm x86_64: 6df49cc0a0e16121f82901f001237f57 exim-4.43-1.RHEL4.3.x86_64.rpm 7f4bed1a8742d92fd4b0b50b6fb00a27 exim-doc-4.43-1.RHEL4.3.x86_64.rpm dfa83c2ee122e616aad216cd040de2f0 exim-mon-4.43-1.RHEL4.3.x86_64.rpm 9e698a46464a5aa565b592e3cdcd5ac2 exim-sa-4.43-1.RHEL4.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/exim-4.43-1.RHEL4.3.src.rpm a10f8ceafb030dd8de34dfe88479e2fd exim-4.43-1.RHEL4.3.src.rpm i386: 953e48531b0c37fc6f61757fcf7f94ff exim-4.43-1.RHEL4.3.i386.rpm b08043eb300a0c9ba8e7ebf0ec9f5ed9 exim-doc-4.43-1.RHEL4.3.i386.rpm e5489e72dcfd31ab422f43327e7f4a25 exim-mon-4.43-1.RHEL4.3.i386.rpm dd7df7b1937b40edc8e85e3368fa61ab exim-sa-4.43-1.RHEL4.3.i386.rpm ia64: 3ca53a1ee343019a8681c61de01903e4 exim-4.43-1.RHEL4.3.ia64.rpm 5783878bf0fdf7eb62e299b59faa6841 exim-doc-4.43-1.RHEL4.3.ia64.rpm 551864772dc619dae8d8bcdb54eb98c8 exim-mon-4.43-1.RHEL4.3.ia64.rpm a70d6117be6adb454d52996237a6d793 exim-sa-4.43-1.RHEL4.3.ia64.rpm x86_64: 6df49cc0a0e16121f82901f001237f57 exim-4.43-1.RHEL4.3.x86_64.rpm 7f4bed1a8742d92fd4b0b50b6fb00a27 exim-doc-4.43-1.RHEL4.3.x86_64.rpm dfa83c2ee122e616aad216cd040de2f0 exim-mon-4.43-1.RHEL4.3.x86_64.rpm 9e698a46464a5aa565b592e3cdcd5ac2 exim-sa-4.43-1.RHEL4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0022 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEcswXlSAg2UNWIIRAk55AJoCCWdlhf9N7Hp97yIl7eGfcaG+DgCgi8dW Z8TfLTOUbJLst7e5EK7a8OM= =tuxF -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:13:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:13 -0500 Subject: [RHSA-2005:032-01] Important: php security update Message-ID: <200502151013.j1FADrF18786@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: php security update Advisory ID: RHSA-2005:032-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-032.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-1018 CAN-2004-1019 CAN-2004-1065 - --------------------------------------------------------------------- 1. Summary: Updated php packages that fix various security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. Flaws including possible information disclosure, double free, and negative reference index array underflow were found in the deserialization code of PHP. PHP applications may use the unserialize function on untrusted user data, which could allow a remote attacker to gain access to memory or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1019 to this issue. A flaw in the exif extension of PHP was found which lead to a stack overflow. An attacker could create a carefully crafted image file in such a way which, if parsed by a PHP script using the exif extension, could cause a crash or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1065 to this issue. Flaws were found in shmop_write, pack, and unpack PHP functions. These functions are not normally passed user supplied data, so would require a malicious PHP script to be exploited. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1018 to this issue. Users of PHP should upgrade to these updated packages, which contain fixes for these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 141136 - CAN-2004-1018 Multiple issues in PHP (CAN-2004-1019 CAN-2004-1020) 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/php-4.3.9-3.2.src.rpm fc65a769aac0b814cb80d770908bab8d php-4.3.9-3.2.src.rpm i386: c0cfaf104d4b4441cb2777ea65b42b30 php-4.3.9-3.2.i386.rpm 96a5987611f22f4a651b548c84e74612 php-devel-4.3.9-3.2.i386.rpm 925362468c2c39b58a51246fc8a7f9f3 php-domxml-4.3.9-3.2.i386.rpm e0cdc6f7fe656251bcd9a44b2f5b1f57 php-gd-4.3.9-3.2.i386.rpm 09ecc9ad90a15600c30bfc7d54ef7628 php-imap-4.3.9-3.2.i386.rpm 58e8a8f9212f28b33558ad0ef4693016 php-ldap-4.3.9-3.2.i386.rpm a33faab51e315ac78fef240cbde23143 php-mbstring-4.3.9-3.2.i386.rpm a838a98ab1c5c8c8e3fd055de3494f23 php-mysql-4.3.9-3.2.i386.rpm c781a5687974878b5ec142d41dbcf7b7 php-ncurses-4.3.9-3.2.i386.rpm fa326edc13960ff30b48ed764b1d104c php-odbc-4.3.9-3.2.i386.rpm 8f7b8c9e932c5db973dfcb2d413f4272 php-pear-4.3.9-3.2.i386.rpm a593a4118f00a49cb62bbd5970c1c83d php-pgsql-4.3.9-3.2.i386.rpm b58ab3eeeed682c636923ac24753588f php-snmp-4.3.9-3.2.i386.rpm 2c45d74355d5d624d58bda66b77ac8ff php-xmlrpc-4.3.9-3.2.i386.rpm ia64: b333b86813879d6a4f2dd9b9ba204ba7 php-4.3.9-3.2.ia64.rpm 0badbfc2bf23a6f596ba21a11a59610a php-devel-4.3.9-3.2.ia64.rpm 6b36d3b3a5cdea614ee614c41e48a4d9 php-domxml-4.3.9-3.2.ia64.rpm 7b3d7952e594023d432513e44f0b2451 php-gd-4.3.9-3.2.ia64.rpm 1643742dd2f44c0a4c7cffd2d48024ef php-imap-4.3.9-3.2.ia64.rpm 24135af471d684e2d507e98f9a390479 php-ldap-4.3.9-3.2.ia64.rpm 02843110ba55b31f2070b213c1195e3c php-mbstring-4.3.9-3.2.ia64.rpm bee55e5b62c12af74be2e7750bf2b934 php-mysql-4.3.9-3.2.ia64.rpm 10038161168be8eb548d84a2bd2a7ed5 php-ncurses-4.3.9-3.2.ia64.rpm ec9099233d5576ec720226760188b20c php-odbc-4.3.9-3.2.ia64.rpm f6dfd4139e4d342d3e1a82368b725a58 php-pear-4.3.9-3.2.ia64.rpm 129e73d39b860105958d1724f56f1e6b php-pgsql-4.3.9-3.2.ia64.rpm 66f1d135c46bec3067edc724761722b3 php-snmp-4.3.9-3.2.ia64.rpm 4de790fc9d785827f7184a27553b507f php-xmlrpc-4.3.9-3.2.ia64.rpm ppc: 30c7f09f0ed1201d20d315c9a4846ce5 php-4.3.9-3.2.ppc.rpm d5e5f34283bfad5825dcbdd6ac30d59b php-devel-4.3.9-3.2.ppc.rpm a185c7f00e415d3c24a6b27656dcebed php-domxml-4.3.9-3.2.ppc.rpm 45cbbccabed0cd331a4e4f03fc1c1f4a php-gd-4.3.9-3.2.ppc.rpm 3cac5d322a08a56c1c1806e0c0186e3d php-imap-4.3.9-3.2.ppc.rpm 4e168f7245bfef63576d5e5522e20029 php-ldap-4.3.9-3.2.ppc.rpm 772c610c01f7055d0929ade8cc0f6029 php-mbstring-4.3.9-3.2.ppc.rpm f591719d2b5be6938a4ecd4d15d2efab php-mysql-4.3.9-3.2.ppc.rpm 5ce4bdba03e706417128062c23890df1 php-ncurses-4.3.9-3.2.ppc.rpm 1535820aa08c6070e7ebd5f82921eb8a php-odbc-4.3.9-3.2.ppc.rpm dc1e8c7e7f1966078eec77d8531f2913 php-pear-4.3.9-3.2.ppc.rpm 30ed911d39593f6f26cb91d160248a18 php-pgsql-4.3.9-3.2.ppc.rpm 73348b040374b09fa99c4839635b274a php-snmp-4.3.9-3.2.ppc.rpm 556b7a6935f7028c43bb88854b9860f7 php-xmlrpc-4.3.9-3.2.ppc.rpm s390: 90ae0d6cbd37882d3811025cf19f5dcc php-4.3.9-3.2.s390.rpm c6de5694ba62e68bb61f21c192ab506f php-devel-4.3.9-3.2.s390.rpm e4d0bdc8489bfd284ec066a3f085ea73 php-domxml-4.3.9-3.2.s390.rpm 6d6ccc0902ccdfc56f8940137471d1ad php-gd-4.3.9-3.2.s390.rpm f2aaf04f2f4ca446898b1d57036a69fd php-imap-4.3.9-3.2.s390.rpm 4741fd3d52e04308cb800ee6ddb33460 php-ldap-4.3.9-3.2.s390.rpm 77fb496a418df81d169c61fc46649e35 php-mbstring-4.3.9-3.2.s390.rpm 373ce50905f30024d8dac3a883d6b4c1 php-mysql-4.3.9-3.2.s390.rpm ce830da26dd64edc218c85675b9c2b6a php-ncurses-4.3.9-3.2.s390.rpm 46a7e1782d644d9af3ced133183fd5ac php-odbc-4.3.9-3.2.s390.rpm 306f70a41ba51efbd4f068385297d8e3 php-pear-4.3.9-3.2.s390.rpm f807cfae4f7f5545f3a40e7650349818 php-pgsql-4.3.9-3.2.s390.rpm f184a47c723580e32622f5701e759dbd php-snmp-4.3.9-3.2.s390.rpm 18e4875bb4d55eca18b368d18d4a47ae php-xmlrpc-4.3.9-3.2.s390.rpm s390x: 92dcfc65d64c590f2fea9576bc768b7b php-4.3.9-3.2.s390x.rpm 72235a08f7d7d97e58c5087ff6599c22 php-devel-4.3.9-3.2.s390x.rpm 1a831203a2d2d0ddba6046b572c771f1 php-domxml-4.3.9-3.2.s390x.rpm 86eece16d143cf7baf31ab58d8d7b4f0 php-gd-4.3.9-3.2.s390x.rpm cfc54f4a580843917408a633d7f00669 php-imap-4.3.9-3.2.s390x.rpm dc4572d4101d71b6700f24b3db7225ca php-ldap-4.3.9-3.2.s390x.rpm 0ed7b9e2ba7113b33440b801d1ba3376 php-mbstring-4.3.9-3.2.s390x.rpm 727f0fa8d097ac4113aec54731790317 php-mysql-4.3.9-3.2.s390x.rpm 8b436392aad35822f55cd555c11a154a php-ncurses-4.3.9-3.2.s390x.rpm 3536efc7e164792893b289e63b42ec6a php-odbc-4.3.9-3.2.s390x.rpm a35b2ff5da0e926230be36a131048c05 php-pear-4.3.9-3.2.s390x.rpm 535ec64fbbcaa3dd8ae9dff5809f2846 php-pgsql-4.3.9-3.2.s390x.rpm 7fd3223265db955e94fe26ab7bf5a778 php-snmp-4.3.9-3.2.s390x.rpm ea47c074b9b6bc65cf8d08740d1db5f3 php-xmlrpc-4.3.9-3.2.s390x.rpm x86_64: bcf47aad57e1cde5dd62731ef4f1d024 php-4.3.9-3.2.x86_64.rpm f2db5a268729f84fef40b4644e34ff79 php-devel-4.3.9-3.2.x86_64.rpm a2ef82437e0763e2df6748c04013379d php-domxml-4.3.9-3.2.x86_64.rpm 57818fbf95428d1fcf20fcf82cae8d8d php-gd-4.3.9-3.2.x86_64.rpm 33d72c034b40b670caa1d1a33569176e php-imap-4.3.9-3.2.x86_64.rpm 6e1ff3a7fb755cec6b2d9c4ef51ce69a php-ldap-4.3.9-3.2.x86_64.rpm 72e75173187d095501d16a925f2df0a9 php-mbstring-4.3.9-3.2.x86_64.rpm 430f9460e9fbe7bde95cad74f46d4cea php-mysql-4.3.9-3.2.x86_64.rpm e90c213ab04c6d7a4706d0633c2dd45d php-ncurses-4.3.9-3.2.x86_64.rpm 6a1ec6a6e42b1d04cef5a623fa94f6d5 php-odbc-4.3.9-3.2.x86_64.rpm 7efd7f533efaa772d4ea0c0b52ad9410 php-pear-4.3.9-3.2.x86_64.rpm fd5a4286f18394cf28d946f1f6f56095 php-pgsql-4.3.9-3.2.x86_64.rpm 76e6e5be65487215841fcf06c962fc11 php-snmp-4.3.9-3.2.x86_64.rpm 8b582eb7c5eaf2cf60e0623e644dfd44 php-xmlrpc-4.3.9-3.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/php-4.3.9-3.2.src.rpm fc65a769aac0b814cb80d770908bab8d php-4.3.9-3.2.src.rpm i386: c0cfaf104d4b4441cb2777ea65b42b30 php-4.3.9-3.2.i386.rpm 96a5987611f22f4a651b548c84e74612 php-devel-4.3.9-3.2.i386.rpm 925362468c2c39b58a51246fc8a7f9f3 php-domxml-4.3.9-3.2.i386.rpm e0cdc6f7fe656251bcd9a44b2f5b1f57 php-gd-4.3.9-3.2.i386.rpm 09ecc9ad90a15600c30bfc7d54ef7628 php-imap-4.3.9-3.2.i386.rpm 58e8a8f9212f28b33558ad0ef4693016 php-ldap-4.3.9-3.2.i386.rpm a33faab51e315ac78fef240cbde23143 php-mbstring-4.3.9-3.2.i386.rpm a838a98ab1c5c8c8e3fd055de3494f23 php-mysql-4.3.9-3.2.i386.rpm c781a5687974878b5ec142d41dbcf7b7 php-ncurses-4.3.9-3.2.i386.rpm fa326edc13960ff30b48ed764b1d104c php-odbc-4.3.9-3.2.i386.rpm 8f7b8c9e932c5db973dfcb2d413f4272 php-pear-4.3.9-3.2.i386.rpm a593a4118f00a49cb62bbd5970c1c83d php-pgsql-4.3.9-3.2.i386.rpm b58ab3eeeed682c636923ac24753588f php-snmp-4.3.9-3.2.i386.rpm 2c45d74355d5d624d58bda66b77ac8ff php-xmlrpc-4.3.9-3.2.i386.rpm x86_64: bcf47aad57e1cde5dd62731ef4f1d024 php-4.3.9-3.2.x86_64.rpm f2db5a268729f84fef40b4644e34ff79 php-devel-4.3.9-3.2.x86_64.rpm a2ef82437e0763e2df6748c04013379d php-domxml-4.3.9-3.2.x86_64.rpm 57818fbf95428d1fcf20fcf82cae8d8d php-gd-4.3.9-3.2.x86_64.rpm 33d72c034b40b670caa1d1a33569176e php-imap-4.3.9-3.2.x86_64.rpm 6e1ff3a7fb755cec6b2d9c4ef51ce69a php-ldap-4.3.9-3.2.x86_64.rpm 72e75173187d095501d16a925f2df0a9 php-mbstring-4.3.9-3.2.x86_64.rpm 430f9460e9fbe7bde95cad74f46d4cea php-mysql-4.3.9-3.2.x86_64.rpm e90c213ab04c6d7a4706d0633c2dd45d php-ncurses-4.3.9-3.2.x86_64.rpm 6a1ec6a6e42b1d04cef5a623fa94f6d5 php-odbc-4.3.9-3.2.x86_64.rpm 7efd7f533efaa772d4ea0c0b52ad9410 php-pear-4.3.9-3.2.x86_64.rpm fd5a4286f18394cf28d946f1f6f56095 php-pgsql-4.3.9-3.2.x86_64.rpm 76e6e5be65487215841fcf06c962fc11 php-snmp-4.3.9-3.2.x86_64.rpm 8b582eb7c5eaf2cf60e0623e644dfd44 php-xmlrpc-4.3.9-3.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/php-4.3.9-3.2.src.rpm fc65a769aac0b814cb80d770908bab8d php-4.3.9-3.2.src.rpm i386: c0cfaf104d4b4441cb2777ea65b42b30 php-4.3.9-3.2.i386.rpm 96a5987611f22f4a651b548c84e74612 php-devel-4.3.9-3.2.i386.rpm 925362468c2c39b58a51246fc8a7f9f3 php-domxml-4.3.9-3.2.i386.rpm e0cdc6f7fe656251bcd9a44b2f5b1f57 php-gd-4.3.9-3.2.i386.rpm 09ecc9ad90a15600c30bfc7d54ef7628 php-imap-4.3.9-3.2.i386.rpm 58e8a8f9212f28b33558ad0ef4693016 php-ldap-4.3.9-3.2.i386.rpm a33faab51e315ac78fef240cbde23143 php-mbstring-4.3.9-3.2.i386.rpm a838a98ab1c5c8c8e3fd055de3494f23 php-mysql-4.3.9-3.2.i386.rpm c781a5687974878b5ec142d41dbcf7b7 php-ncurses-4.3.9-3.2.i386.rpm fa326edc13960ff30b48ed764b1d104c php-odbc-4.3.9-3.2.i386.rpm 8f7b8c9e932c5db973dfcb2d413f4272 php-pear-4.3.9-3.2.i386.rpm a593a4118f00a49cb62bbd5970c1c83d php-pgsql-4.3.9-3.2.i386.rpm b58ab3eeeed682c636923ac24753588f php-snmp-4.3.9-3.2.i386.rpm 2c45d74355d5d624d58bda66b77ac8ff php-xmlrpc-4.3.9-3.2.i386.rpm ia64: b333b86813879d6a4f2dd9b9ba204ba7 php-4.3.9-3.2.ia64.rpm 0badbfc2bf23a6f596ba21a11a59610a php-devel-4.3.9-3.2.ia64.rpm 6b36d3b3a5cdea614ee614c41e48a4d9 php-domxml-4.3.9-3.2.ia64.rpm 7b3d7952e594023d432513e44f0b2451 php-gd-4.3.9-3.2.ia64.rpm 1643742dd2f44c0a4c7cffd2d48024ef php-imap-4.3.9-3.2.ia64.rpm 24135af471d684e2d507e98f9a390479 php-ldap-4.3.9-3.2.ia64.rpm 02843110ba55b31f2070b213c1195e3c php-mbstring-4.3.9-3.2.ia64.rpm bee55e5b62c12af74be2e7750bf2b934 php-mysql-4.3.9-3.2.ia64.rpm 10038161168be8eb548d84a2bd2a7ed5 php-ncurses-4.3.9-3.2.ia64.rpm ec9099233d5576ec720226760188b20c php-odbc-4.3.9-3.2.ia64.rpm f6dfd4139e4d342d3e1a82368b725a58 php-pear-4.3.9-3.2.ia64.rpm 129e73d39b860105958d1724f56f1e6b php-pgsql-4.3.9-3.2.ia64.rpm 66f1d135c46bec3067edc724761722b3 php-snmp-4.3.9-3.2.ia64.rpm 4de790fc9d785827f7184a27553b507f php-xmlrpc-4.3.9-3.2.ia64.rpm x86_64: bcf47aad57e1cde5dd62731ef4f1d024 php-4.3.9-3.2.x86_64.rpm f2db5a268729f84fef40b4644e34ff79 php-devel-4.3.9-3.2.x86_64.rpm a2ef82437e0763e2df6748c04013379d php-domxml-4.3.9-3.2.x86_64.rpm 57818fbf95428d1fcf20fcf82cae8d8d php-gd-4.3.9-3.2.x86_64.rpm 33d72c034b40b670caa1d1a33569176e php-imap-4.3.9-3.2.x86_64.rpm 6e1ff3a7fb755cec6b2d9c4ef51ce69a php-ldap-4.3.9-3.2.x86_64.rpm 72e75173187d095501d16a925f2df0a9 php-mbstring-4.3.9-3.2.x86_64.rpm 430f9460e9fbe7bde95cad74f46d4cea php-mysql-4.3.9-3.2.x86_64.rpm e90c213ab04c6d7a4706d0633c2dd45d php-ncurses-4.3.9-3.2.x86_64.rpm 6a1ec6a6e42b1d04cef5a623fa94f6d5 php-odbc-4.3.9-3.2.x86_64.rpm 7efd7f533efaa772d4ea0c0b52ad9410 php-pear-4.3.9-3.2.x86_64.rpm fd5a4286f18394cf28d946f1f6f56095 php-pgsql-4.3.9-3.2.x86_64.rpm 76e6e5be65487215841fcf06c962fc11 php-snmp-4.3.9-3.2.x86_64.rpm 8b582eb7c5eaf2cf60e0623e644dfd44 php-xmlrpc-4.3.9-3.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/php-4.3.9-3.2.src.rpm fc65a769aac0b814cb80d770908bab8d php-4.3.9-3.2.src.rpm i386: c0cfaf104d4b4441cb2777ea65b42b30 php-4.3.9-3.2.i386.rpm 96a5987611f22f4a651b548c84e74612 php-devel-4.3.9-3.2.i386.rpm 925362468c2c39b58a51246fc8a7f9f3 php-domxml-4.3.9-3.2.i386.rpm e0cdc6f7fe656251bcd9a44b2f5b1f57 php-gd-4.3.9-3.2.i386.rpm 09ecc9ad90a15600c30bfc7d54ef7628 php-imap-4.3.9-3.2.i386.rpm 58e8a8f9212f28b33558ad0ef4693016 php-ldap-4.3.9-3.2.i386.rpm a33faab51e315ac78fef240cbde23143 php-mbstring-4.3.9-3.2.i386.rpm a838a98ab1c5c8c8e3fd055de3494f23 php-mysql-4.3.9-3.2.i386.rpm c781a5687974878b5ec142d41dbcf7b7 php-ncurses-4.3.9-3.2.i386.rpm fa326edc13960ff30b48ed764b1d104c php-odbc-4.3.9-3.2.i386.rpm 8f7b8c9e932c5db973dfcb2d413f4272 php-pear-4.3.9-3.2.i386.rpm a593a4118f00a49cb62bbd5970c1c83d php-pgsql-4.3.9-3.2.i386.rpm b58ab3eeeed682c636923ac24753588f php-snmp-4.3.9-3.2.i386.rpm 2c45d74355d5d624d58bda66b77ac8ff php-xmlrpc-4.3.9-3.2.i386.rpm ia64: b333b86813879d6a4f2dd9b9ba204ba7 php-4.3.9-3.2.ia64.rpm 0badbfc2bf23a6f596ba21a11a59610a php-devel-4.3.9-3.2.ia64.rpm 6b36d3b3a5cdea614ee614c41e48a4d9 php-domxml-4.3.9-3.2.ia64.rpm 7b3d7952e594023d432513e44f0b2451 php-gd-4.3.9-3.2.ia64.rpm 1643742dd2f44c0a4c7cffd2d48024ef php-imap-4.3.9-3.2.ia64.rpm 24135af471d684e2d507e98f9a390479 php-ldap-4.3.9-3.2.ia64.rpm 02843110ba55b31f2070b213c1195e3c php-mbstring-4.3.9-3.2.ia64.rpm bee55e5b62c12af74be2e7750bf2b934 php-mysql-4.3.9-3.2.ia64.rpm 10038161168be8eb548d84a2bd2a7ed5 php-ncurses-4.3.9-3.2.ia64.rpm ec9099233d5576ec720226760188b20c php-odbc-4.3.9-3.2.ia64.rpm f6dfd4139e4d342d3e1a82368b725a58 php-pear-4.3.9-3.2.ia64.rpm 129e73d39b860105958d1724f56f1e6b php-pgsql-4.3.9-3.2.ia64.rpm 66f1d135c46bec3067edc724761722b3 php-snmp-4.3.9-3.2.ia64.rpm 4de790fc9d785827f7184a27553b507f php-xmlrpc-4.3.9-3.2.ia64.rpm x86_64: bcf47aad57e1cde5dd62731ef4f1d024 php-4.3.9-3.2.x86_64.rpm f2db5a268729f84fef40b4644e34ff79 php-devel-4.3.9-3.2.x86_64.rpm a2ef82437e0763e2df6748c04013379d php-domxml-4.3.9-3.2.x86_64.rpm 57818fbf95428d1fcf20fcf82cae8d8d php-gd-4.3.9-3.2.x86_64.rpm 33d72c034b40b670caa1d1a33569176e php-imap-4.3.9-3.2.x86_64.rpm 6e1ff3a7fb755cec6b2d9c4ef51ce69a php-ldap-4.3.9-3.2.x86_64.rpm 72e75173187d095501d16a925f2df0a9 php-mbstring-4.3.9-3.2.x86_64.rpm 430f9460e9fbe7bde95cad74f46d4cea php-mysql-4.3.9-3.2.x86_64.rpm e90c213ab04c6d7a4706d0633c2dd45d php-ncurses-4.3.9-3.2.x86_64.rpm 6a1ec6a6e42b1d04cef5a623fa94f6d5 php-odbc-4.3.9-3.2.x86_64.rpm 7efd7f533efaa772d4ea0c0b52ad9410 php-pear-4.3.9-3.2.x86_64.rpm fd5a4286f18394cf28d946f1f6f56095 php-pgsql-4.3.9-3.2.x86_64.rpm 76e6e5be65487215841fcf06c962fc11 php-snmp-4.3.9-3.2.x86_64.rpm 8b582eb7c5eaf2cf60e0623e644dfd44 php-xmlrpc-4.3.9-3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.php.net/release_4_3_10.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1018 http://cve.mitre.org/cgi-bin/cvename.cgi?name= http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1019 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1065 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEctbXlSAg2UNWIIRAnw8AJ97Mk4qW6vFso5fKGPD9FFRG8wY8QCggaGB U81cxlPV3fpp1sTZNB7KDG4= =3RPb -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:14:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:14 -0500 Subject: [RHSA-2005:033-01] Important: alsa-lib security update Message-ID: <200502151014.j1FAE4F18801@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: alsa-lib security update Advisory ID: RHSA-2005:033-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-033.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0087 - --------------------------------------------------------------------- 1. Summary: An updated alsa-lib package that fixes a flaw that disabled stack execution protection is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The alsa-lib package provides a library of functions for communication with kernel sound drivers. A flaw in the alsa mixer code was discovered that caused stack execution protection to be disabled for the libasound.so library. The effect of this flaw is that stack execution protection, through NX or Exec-Shield, would be disabled for any application linked to libasound. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0087 to this issue Users are advised to upgrade to this updated package, which contains a patched version of the library which correctly enables stack execution protection. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 144518 - CAN-2005-0087 alsa-lib disables stack protection for it's users 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/alsa-lib-1.0.6-5.RHEL4.src.rpm 4c4ffa9e77dcef4c1d45efc7b5e3932f alsa-lib-1.0.6-5.RHEL4.src.rpm i386: 15d551c0081c6b85c069b0bf9f3dfdb0 alsa-lib-1.0.6-5.RHEL4.i386.rpm 31b453b7305ebad6a469048501f780cf alsa-lib-devel-1.0.6-5.RHEL4.i386.rpm ia64: 666b5e0b9f08c3a0580fe46641dcf8b9 alsa-lib-1.0.6-5.RHEL4.ia64.rpm 15d551c0081c6b85c069b0bf9f3dfdb0 alsa-lib-1.0.6-5.RHEL4.i386.rpm 4179237adf07297536f5107cef76bfa4 alsa-lib-devel-1.0.6-5.RHEL4.ia64.rpm ppc: 320bf92b231352c6cc27a147f33132bb alsa-lib-1.0.6-5.RHEL4.ppc.rpm d795c813312663606b58d2d4ca9bdca5 alsa-lib-devel-1.0.6-5.RHEL4.ppc.rpm ppc64: 867682ad2b16a5c45d2b41ac6fcaf0f3 alsa-lib-1.0.6-5.RHEL4.ppc64.rpm 1e2e4caebd33ff05fe9c4ab37226cdd2 alsa-lib-devel-1.0.6-5.RHEL4.ppc64.rpm s390: 463ffa6bc954c2362cd8cf16ee1804e1 alsa-lib-1.0.6-5.RHEL4.s390.rpm 1b42794cdc693591521cdf6fb2711fce alsa-lib-devel-1.0.6-5.RHEL4.s390.rpm s390x: dc2930e6d9d7170dab5d490d73585abc alsa-lib-1.0.6-5.RHEL4.s390x.rpm 463ffa6bc954c2362cd8cf16ee1804e1 alsa-lib-1.0.6-5.RHEL4.s390.rpm a656d2b3293e00452d9e7414d8dc05e4 alsa-lib-devel-1.0.6-5.RHEL4.s390x.rpm x86_64: c852817cd45646e21d17f352f635a6cd alsa-lib-1.0.6-5.RHEL4.x86_64.rpm 15d551c0081c6b85c069b0bf9f3dfdb0 alsa-lib-1.0.6-5.RHEL4.i386.rpm abc62c50a283959b03d9439747b11a2f alsa-lib-devel-1.0.6-5.RHEL4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/alsa-lib-1.0.6-5.RHEL4.src.rpm 4c4ffa9e77dcef4c1d45efc7b5e3932f alsa-lib-1.0.6-5.RHEL4.src.rpm i386: 15d551c0081c6b85c069b0bf9f3dfdb0 alsa-lib-1.0.6-5.RHEL4.i386.rpm 31b453b7305ebad6a469048501f780cf alsa-lib-devel-1.0.6-5.RHEL4.i386.rpm x86_64: c852817cd45646e21d17f352f635a6cd alsa-lib-1.0.6-5.RHEL4.x86_64.rpm 15d551c0081c6b85c069b0bf9f3dfdb0 alsa-lib-1.0.6-5.RHEL4.i386.rpm abc62c50a283959b03d9439747b11a2f alsa-lib-devel-1.0.6-5.RHEL4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/alsa-lib-1.0.6-5.RHEL4.src.rpm 4c4ffa9e77dcef4c1d45efc7b5e3932f alsa-lib-1.0.6-5.RHEL4.src.rpm i386: 15d551c0081c6b85c069b0bf9f3dfdb0 alsa-lib-1.0.6-5.RHEL4.i386.rpm 31b453b7305ebad6a469048501f780cf alsa-lib-devel-1.0.6-5.RHEL4.i386.rpm ia64: 666b5e0b9f08c3a0580fe46641dcf8b9 alsa-lib-1.0.6-5.RHEL4.ia64.rpm 15d551c0081c6b85c069b0bf9f3dfdb0 alsa-lib-1.0.6-5.RHEL4.i386.rpm 4179237adf07297536f5107cef76bfa4 alsa-lib-devel-1.0.6-5.RHEL4.ia64.rpm x86_64: c852817cd45646e21d17f352f635a6cd alsa-lib-1.0.6-5.RHEL4.x86_64.rpm 15d551c0081c6b85c069b0bf9f3dfdb0 alsa-lib-1.0.6-5.RHEL4.i386.rpm abc62c50a283959b03d9439747b11a2f alsa-lib-devel-1.0.6-5.RHEL4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/alsa-lib-1.0.6-5.RHEL4.src.rpm 4c4ffa9e77dcef4c1d45efc7b5e3932f alsa-lib-1.0.6-5.RHEL4.src.rpm i386: 15d551c0081c6b85c069b0bf9f3dfdb0 alsa-lib-1.0.6-5.RHEL4.i386.rpm 31b453b7305ebad6a469048501f780cf alsa-lib-devel-1.0.6-5.RHEL4.i386.rpm ia64: 666b5e0b9f08c3a0580fe46641dcf8b9 alsa-lib-1.0.6-5.RHEL4.ia64.rpm 15d551c0081c6b85c069b0bf9f3dfdb0 alsa-lib-1.0.6-5.RHEL4.i386.rpm 4179237adf07297536f5107cef76bfa4 alsa-lib-devel-1.0.6-5.RHEL4.ia64.rpm x86_64: c852817cd45646e21d17f352f635a6cd alsa-lib-1.0.6-5.RHEL4.x86_64.rpm 15d551c0081c6b85c069b0bf9f3dfdb0 alsa-lib-1.0.6-5.RHEL4.i386.rpm abc62c50a283959b03d9439747b11a2f alsa-lib-devel-1.0.6-5.RHEL4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0087 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEctoXlSAg2UNWIIRApJnAJ9k8BukssH4soSwOYSvGg45j0/vHQCcCY7+ ou2NQytHHZClj3Yaq1bVhPA= =MCWY -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:14:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:14 -0500 Subject: [RHSA-2005:034-01] Important: xpdf security update Message-ID: <200502151014.j1FAEDF18805@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: xpdf security update Advisory ID: RHSA-2005:034-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-034.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-1125 CAN-2005-0064 CAN-2005-0206 - --------------------------------------------------------------------- 1. Summary: An updated xpdf package that fixes several security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to this issue. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. This issue was assigned the name CAN-2004-0888 by The Common Vulnerabilities and Exposures project (cve.mitre.org). Red Hat Enterprise Linux 4 contained a fix for this issue, but it was found to be incomplete and left 64-bit architectures vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0206 to this issue. All users of Xpdf should upgrade to this updated package, which contains backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 135066 - PDF is displayed garbled, older xpdf works 144197 - CAN-2004-1125 xpdf buffer overflow 145052 - CAN-2005-0064 xpdf buffer overflow 147498 - CAN-2004-0888 xpdf integer overflows 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/xpdf-3.00-11.5.src.rpm b60b54705036ba2e88cb3dcef571345f xpdf-3.00-11.5.src.rpm i386: 10c5366f6a05e00c1adccd347540eaa3 xpdf-3.00-11.5.i386.rpm ia64: 13c4121b81b9f23823a1520bbbe32dc2 xpdf-3.00-11.5.ia64.rpm ppc: 718b4a6f293d7ce1f86beef56045e1ce xpdf-3.00-11.5.ppc.rpm s390: c71bcd78d9b3b2809e352c2fb9ec41e9 xpdf-3.00-11.5.s390.rpm s390x: 0a6fa78e35440fea22fe15a4dd6f8d77 xpdf-3.00-11.5.s390x.rpm x86_64: 2ff61884d72162aa86136d6e938ad2e8 xpdf-3.00-11.5.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/xpdf-3.00-11.5.src.rpm b60b54705036ba2e88cb3dcef571345f xpdf-3.00-11.5.src.rpm i386: 10c5366f6a05e00c1adccd347540eaa3 xpdf-3.00-11.5.i386.rpm x86_64: 2ff61884d72162aa86136d6e938ad2e8 xpdf-3.00-11.5.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/xpdf-3.00-11.5.src.rpm b60b54705036ba2e88cb3dcef571345f xpdf-3.00-11.5.src.rpm i386: 10c5366f6a05e00c1adccd347540eaa3 xpdf-3.00-11.5.i386.rpm ia64: 13c4121b81b9f23823a1520bbbe32dc2 xpdf-3.00-11.5.ia64.rpm x86_64: 2ff61884d72162aa86136d6e938ad2e8 xpdf-3.00-11.5.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/xpdf-3.00-11.5.src.rpm b60b54705036ba2e88cb3dcef571345f xpdf-3.00-11.5.src.rpm i386: 10c5366f6a05e00c1adccd347540eaa3 xpdf-3.00-11.5.i386.rpm ia64: 13c4121b81b9f23823a1520bbbe32dc2 xpdf-3.00-11.5.ia64.rpm x86_64: 2ff61884d72162aa86136d6e938ad2e8 xpdf-3.00-11.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0206 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEctzXlSAg2UNWIIRAnJkAKCO95nauwy8LP67fSjb7iRAa882TACgtwgj OYmZpTWCruqaGI7kZymRFNk= =ZFFp -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:14:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:14 -0500 Subject: [RHSA-2005:035-01] Important: libtiff security update Message-ID: <200502151014.j1FAETF18816@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: libtiff security update Advisory ID: RHSA-2005:035-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-035.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-1308 CAN-2004-1183 - --------------------------------------------------------------------- 1. Summary: Updated libtiff packages that fix various integer overflows are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. infamous41md discovered integer overflow flaws in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to overflow a heap buffer when the file was opened by a victim. Due to the nature of the overflow it is unlikely that it is possible to use this flaw to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1308 to this issue. Dmitry V. Levin discovered an integer overflow flaw in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1183 to this issue. All users are advised to upgrade to these updated packages, which contain backported fixes for these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 144185 - CAN-2004-1308 LibTIFF Directory Entry Count Integer Overflow Vulnerability 144186 - CAN-2004-1183 libtiff integer overflow 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libtiff-3.6.1-8.src.rpm 1231de2ad44c83f90b1ccd59bcf222fb libtiff-3.6.1-8.src.rpm i386: 172adeaba5a5efeae19f56d4d4cc925e libtiff-3.6.1-8.i386.rpm 10cccc6007ef1846f4ab7aa91af54913 libtiff-devel-3.6.1-8.i386.rpm ia64: b3e56c86f56c8399baaa1b607ba226ef libtiff-3.6.1-8.ia64.rpm 172adeaba5a5efeae19f56d4d4cc925e libtiff-3.6.1-8.i386.rpm 90a0a7eb986ce01573eaf95ef06dbcbb libtiff-devel-3.6.1-8.ia64.rpm ppc: faa56a6dee1762dd4e696ff9c2084e0f libtiff-3.6.1-8.ppc.rpm 3bcb41db180fcf71d49956f4cebf2aa5 libtiff-devel-3.6.1-8.ppc.rpm ppc64: b8cd13aa286e591c136bb20c02105e1a libtiff-3.6.1-8.ppc64.rpm s390: 6d4f2211e52c62b579d97834c8d19e08 libtiff-3.6.1-8.s390.rpm 8c8f60a577dd28417a417051a3671f04 libtiff-devel-3.6.1-8.s390.rpm s390x: 4913c4598567f577ba3a44403611b57d libtiff-3.6.1-8.s390x.rpm 6d4f2211e52c62b579d97834c8d19e08 libtiff-3.6.1-8.s390.rpm 00ab748be2a3873eebf29bbccd10380d libtiff-devel-3.6.1-8.s390x.rpm x86_64: 8d608c89299ffb95d7040ba57b5e6fb9 libtiff-3.6.1-8.x86_64.rpm 172adeaba5a5efeae19f56d4d4cc925e libtiff-3.6.1-8.i386.rpm ad03c18c62ea661d9c14ff1ed7efe738 libtiff-devel-3.6.1-8.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libtiff-3.6.1-8.src.rpm 1231de2ad44c83f90b1ccd59bcf222fb libtiff-3.6.1-8.src.rpm i386: 172adeaba5a5efeae19f56d4d4cc925e libtiff-3.6.1-8.i386.rpm 10cccc6007ef1846f4ab7aa91af54913 libtiff-devel-3.6.1-8.i386.rpm x86_64: 8d608c89299ffb95d7040ba57b5e6fb9 libtiff-3.6.1-8.x86_64.rpm 172adeaba5a5efeae19f56d4d4cc925e libtiff-3.6.1-8.i386.rpm ad03c18c62ea661d9c14ff1ed7efe738 libtiff-devel-3.6.1-8.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libtiff-3.6.1-8.src.rpm 1231de2ad44c83f90b1ccd59bcf222fb libtiff-3.6.1-8.src.rpm i386: 172adeaba5a5efeae19f56d4d4cc925e libtiff-3.6.1-8.i386.rpm 10cccc6007ef1846f4ab7aa91af54913 libtiff-devel-3.6.1-8.i386.rpm ia64: b3e56c86f56c8399baaa1b607ba226ef libtiff-3.6.1-8.ia64.rpm 172adeaba5a5efeae19f56d4d4cc925e libtiff-3.6.1-8.i386.rpm 90a0a7eb986ce01573eaf95ef06dbcbb libtiff-devel-3.6.1-8.ia64.rpm x86_64: 8d608c89299ffb95d7040ba57b5e6fb9 libtiff-3.6.1-8.x86_64.rpm 172adeaba5a5efeae19f56d4d4cc925e libtiff-3.6.1-8.i386.rpm ad03c18c62ea661d9c14ff1ed7efe738 libtiff-devel-3.6.1-8.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libtiff-3.6.1-8.src.rpm 1231de2ad44c83f90b1ccd59bcf222fb libtiff-3.6.1-8.src.rpm i386: 172adeaba5a5efeae19f56d4d4cc925e libtiff-3.6.1-8.i386.rpm 10cccc6007ef1846f4ab7aa91af54913 libtiff-devel-3.6.1-8.i386.rpm ia64: b3e56c86f56c8399baaa1b607ba226ef libtiff-3.6.1-8.ia64.rpm 172adeaba5a5efeae19f56d4d4cc925e libtiff-3.6.1-8.i386.rpm 90a0a7eb986ce01573eaf95ef06dbcbb libtiff-devel-3.6.1-8.ia64.rpm x86_64: 8d608c89299ffb95d7040ba57b5e6fb9 libtiff-3.6.1-8.x86_64.rpm 172adeaba5a5efeae19f56d4d4cc925e libtiff-3.6.1-8.i386.rpm ad03c18c62ea661d9c14ff1ed7efe738 libtiff-devel-3.6.1-8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1183 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEcuCXlSAg2UNWIIRAr7QAJ9TmnHbB+WK5R1lfFas9lRnfF1t7wCeIxSp 0S2SATRcYVyfCVa+E5M4AcU= =CcCm -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:15:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:15 -0500 Subject: [RHSA-2005:036-01] Low: vim security update Message-ID: <200502151015.j1FAFfF18909@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: vim security update Advisory ID: RHSA-2005:036-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-036.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-1138 CAN-2005-0069 - --------------------------------------------------------------------- 1. Summary: Updated vim packages that fix security vulnerabilities are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: VIM (Vi IMproved) is an updated and improved version of the vi screen-based editor. Ciaran McCreesh discovered a modeline vulnerability in VIM. An attacker could create a text file containing a specially crafted modeline which could cause arbitrary command execution when viewed by a victim using VIM. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1138 to this issue. Please note that this issue only affects users who have modelines and filetype plugins enabled, which is not the default. The Debian Security Audit Project discovered an insecure temporary file usage in VIM. A local user could overwrite or create files as a different user who happens to run one of the the vulnerable utilities. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0069 to this issue. All users of VIM are advised to upgrade to these erratum packages, which contain backported patches for these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 144187 - CAN-2004-1138 vim arbitrary command execution vulnerability 144880 - CAN-2005-0069 vim unsafe temporary file usage. 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/vim-6.3.046-0.40E.4.src.rpm c96fd67779f1d099a58a7a0743ce6928 vim-6.3.046-0.40E.4.src.rpm i386: dd31e23fcbdb6bade1294d31174f5103 vim-X11-6.3.046-0.40E.4.i386.rpm f4c5333040a94853faf12be26ba382ed vim-common-6.3.046-0.40E.4.i386.rpm 33be00e17c1107915e305043f136119e vim-enhanced-6.3.046-0.40E.4.i386.rpm 1a8c629691d5782e80fc8956effdacd1 vim-minimal-6.3.046-0.40E.4.i386.rpm ia64: b10674df5347e8d9e2a613ef2023279e vim-X11-6.3.046-0.40E.4.ia64.rpm 8473b75ed1d176059ab23d7b897d56f2 vim-common-6.3.046-0.40E.4.ia64.rpm f5e7c7f0856b427e776ebc3712b636a7 vim-enhanced-6.3.046-0.40E.4.ia64.rpm 6a469afce1bad5b376fa06d3e41fb418 vim-minimal-6.3.046-0.40E.4.ia64.rpm ppc: c829b578e44be749f702bba972dc6aaf vim-X11-6.3.046-0.40E.4.ppc.rpm 75b89a824a1ef85720daab79d4643994 vim-common-6.3.046-0.40E.4.ppc.rpm 8ed3cc589a078b1a98241ef5f66a4635 vim-enhanced-6.3.046-0.40E.4.ppc.rpm ff9420a3210b7d9fec7c22ac84cd45b0 vim-minimal-6.3.046-0.40E.4.ppc.rpm s390: 48904dd9de9b25720c4c43a147683298 vim-X11-6.3.046-0.40E.4.s390.rpm 4bd0c5889d0b90459ecaf49c105a3b26 vim-common-6.3.046-0.40E.4.s390.rpm 6c9a14e740ef7bb2e6ba4569adf65339 vim-enhanced-6.3.046-0.40E.4.s390.rpm 98de86875b9d54219b2f37ca303a41ed vim-minimal-6.3.046-0.40E.4.s390.rpm s390x: 97c53980f49b3bcc057bec6e197f9f79 vim-X11-6.3.046-0.40E.4.s390x.rpm 123bf0b4f37202089e1c5336e8d3527a vim-common-6.3.046-0.40E.4.s390x.rpm 747c5efa7e3f93757475dc9743c19d75 vim-enhanced-6.3.046-0.40E.4.s390x.rpm d691bc9d0fd6ec63fbcf8cdf5abfef4e vim-minimal-6.3.046-0.40E.4.s390x.rpm x86_64: 5e8698376c3c385d5041499f462b0c2a vim-X11-6.3.046-0.40E.4.x86_64.rpm 73074abbe35bef46b42d41e36319391e vim-common-6.3.046-0.40E.4.x86_64.rpm 050e7da706e074b4571376f3c93e0267 vim-enhanced-6.3.046-0.40E.4.x86_64.rpm 3864e1d8b4cff3314120f99c30887483 vim-minimal-6.3.046-0.40E.4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/vim-6.3.046-0.40E.4.src.rpm c96fd67779f1d099a58a7a0743ce6928 vim-6.3.046-0.40E.4.src.rpm i386: dd31e23fcbdb6bade1294d31174f5103 vim-X11-6.3.046-0.40E.4.i386.rpm f4c5333040a94853faf12be26ba382ed vim-common-6.3.046-0.40E.4.i386.rpm 33be00e17c1107915e305043f136119e vim-enhanced-6.3.046-0.40E.4.i386.rpm 1a8c629691d5782e80fc8956effdacd1 vim-minimal-6.3.046-0.40E.4.i386.rpm x86_64: 5e8698376c3c385d5041499f462b0c2a vim-X11-6.3.046-0.40E.4.x86_64.rpm 73074abbe35bef46b42d41e36319391e vim-common-6.3.046-0.40E.4.x86_64.rpm 050e7da706e074b4571376f3c93e0267 vim-enhanced-6.3.046-0.40E.4.x86_64.rpm 3864e1d8b4cff3314120f99c30887483 vim-minimal-6.3.046-0.40E.4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/vim-6.3.046-0.40E.4.src.rpm c96fd67779f1d099a58a7a0743ce6928 vim-6.3.046-0.40E.4.src.rpm i386: dd31e23fcbdb6bade1294d31174f5103 vim-X11-6.3.046-0.40E.4.i386.rpm f4c5333040a94853faf12be26ba382ed vim-common-6.3.046-0.40E.4.i386.rpm 33be00e17c1107915e305043f136119e vim-enhanced-6.3.046-0.40E.4.i386.rpm 1a8c629691d5782e80fc8956effdacd1 vim-minimal-6.3.046-0.40E.4.i386.rpm ia64: b10674df5347e8d9e2a613ef2023279e vim-X11-6.3.046-0.40E.4.ia64.rpm 8473b75ed1d176059ab23d7b897d56f2 vim-common-6.3.046-0.40E.4.ia64.rpm f5e7c7f0856b427e776ebc3712b636a7 vim-enhanced-6.3.046-0.40E.4.ia64.rpm 6a469afce1bad5b376fa06d3e41fb418 vim-minimal-6.3.046-0.40E.4.ia64.rpm x86_64: 5e8698376c3c385d5041499f462b0c2a vim-X11-6.3.046-0.40E.4.x86_64.rpm 73074abbe35bef46b42d41e36319391e vim-common-6.3.046-0.40E.4.x86_64.rpm 050e7da706e074b4571376f3c93e0267 vim-enhanced-6.3.046-0.40E.4.x86_64.rpm 3864e1d8b4cff3314120f99c30887483 vim-minimal-6.3.046-0.40E.4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/vim-6.3.046-0.40E.4.src.rpm c96fd67779f1d099a58a7a0743ce6928 vim-6.3.046-0.40E.4.src.rpm i386: dd31e23fcbdb6bade1294d31174f5103 vim-X11-6.3.046-0.40E.4.i386.rpm f4c5333040a94853faf12be26ba382ed vim-common-6.3.046-0.40E.4.i386.rpm 33be00e17c1107915e305043f136119e vim-enhanced-6.3.046-0.40E.4.i386.rpm 1a8c629691d5782e80fc8956effdacd1 vim-minimal-6.3.046-0.40E.4.i386.rpm ia64: b10674df5347e8d9e2a613ef2023279e vim-X11-6.3.046-0.40E.4.ia64.rpm 8473b75ed1d176059ab23d7b897d56f2 vim-common-6.3.046-0.40E.4.ia64.rpm f5e7c7f0856b427e776ebc3712b636a7 vim-enhanced-6.3.046-0.40E.4.ia64.rpm 6a469afce1bad5b376fa06d3e41fb418 vim-minimal-6.3.046-0.40E.4.ia64.rpm x86_64: 5e8698376c3c385d5041499f462b0c2a vim-X11-6.3.046-0.40E.4.x86_64.rpm 73074abbe35bef46b42d41e36319391e vim-common-6.3.046-0.40E.4.x86_64.rpm 050e7da706e074b4571376f3c93e0267 vim-enhanced-6.3.046-0.40E.4.x86_64.rpm 3864e1d8b4cff3314120f99c30887483 vim-minimal-6.3.046-0.40E.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=289560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0069 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEcvKXlSAg2UNWIIRAlCqAKDFTyx0fjjIcj5rfeOyjHpIFlDcjwCfXRfL gwyfa1fLp83ofIW3yQNvMMw= =tGIA -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:15:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:15 -0500 Subject: [RHSA-2005:037-01] Moderate: ethereal security update Message-ID: <200502151015.j1FAFoF18915@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: ethereal security update Advisory ID: RHSA-2005:037-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-037.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-1139 CAN-2004-1140 CAN-2004-1141 CAN-2004-1142 CAN-2005-0006 CAN-2005-0007 CAN-2005-0008 CAN-2005-0009 CAN-2005-0010 CAN-2005-0084 - --------------------------------------------------------------------- 1. Summary: Updated Ethereal packages that fix various security vulnerabilities are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Ethereal is a program for monitoring network traffic. A number of security flaws have been discovered in Ethereal. On a system where Ethereal is running, a remote attacker could send malicious packets to trigger these flaws. A flaw in the DICOM dissector could cause a crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1139 to this issue. A invalid RTP timestamp could hang Ethereal and create a large temporary file, possibly filling available disk space. (CAN-2004-1140) The HTTP dissector could access previously-freed memory, causing a crash. (CAN-2004-1141) An improperly formatted SMB packet could make Ethereal hang, maximizing CPU utilization. (CAN-2004-1142) The COPS dissector could go into an infinite loop. (CAN-2005-0006) The DLSw dissector could cause an assertion, making Ethereal exit prematurely. (CAN-2005-0007) The DNP dissector could cause memory corruption. (CAN-2005-0008) The Gnutella dissector could cause an assertion, making Ethereal exit prematurely. (CAN-2005-0009) The MMSE dissector could free static memory, causing a crash. (CAN-2005-0010) The X11 protocol dissector is vulnerable to a string buffer overflow. (CAN-2005-0084) Users of Ethereal should upgrade to these updated packages which contain version 0.10.9 that is not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 144188 - CAN-2004-1139 Ethereal flaws (CAN-2004-1140 CAN-2004-1141 CAN-2004-1142) 145483 - CAN-2005-0006 multiple ethereal issues (CAN-2005-0007 CAN-2005-0008 CAN-2005-0009 CAN-2005-0010 CAN-2005-0084) 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ethereal-0.10.9-1.EL4.1.src.rpm 98adae2cb40674c2da7bc19d1788b38e ethereal-0.10.9-1.EL4.1.src.rpm i386: 2d813b3bb16b56c6142a56b83d62da4e ethereal-0.10.9-1.EL4.1.i386.rpm d50a4b284c96a523f1d29d3e42b729e4 ethereal-gnome-0.10.9-1.EL4.1.i386.rpm ia64: dd815b3dd40251338ade17fa6b7cb603 ethereal-0.10.9-1.EL4.1.ia64.rpm 741f5eccaa7c14a7ef02acec35b01fb4 ethereal-gnome-0.10.9-1.EL4.1.ia64.rpm ppc: 0c02256756928dcb3a43b776ae1aa8fb ethereal-0.10.9-1.EL4.1.ppc.rpm 96834137b6929162596795ac56322e7a ethereal-gnome-0.10.9-1.EL4.1.ppc.rpm s390: 750e58ab013b38908d989ba00b8c006d ethereal-0.10.9-1.EL4.1.s390.rpm f53e3e172467d9d41b9b8ef292aca8b5 ethereal-gnome-0.10.9-1.EL4.1.s390.rpm s390x: 8b9ad8f8dec08ef07fa9012976c6282a ethereal-0.10.9-1.EL4.1.s390x.rpm 80c90b967616f9e450c03158e15bc120 ethereal-gnome-0.10.9-1.EL4.1.s390x.rpm x86_64: a8614ae5539dc9a504c46d73bd422d68 ethereal-0.10.9-1.EL4.1.x86_64.rpm 3f24ccf818fb3fefc2b1bac4794cd702 ethereal-gnome-0.10.9-1.EL4.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ethereal-0.10.9-1.EL4.1.src.rpm 98adae2cb40674c2da7bc19d1788b38e ethereal-0.10.9-1.EL4.1.src.rpm i386: 2d813b3bb16b56c6142a56b83d62da4e ethereal-0.10.9-1.EL4.1.i386.rpm d50a4b284c96a523f1d29d3e42b729e4 ethereal-gnome-0.10.9-1.EL4.1.i386.rpm x86_64: a8614ae5539dc9a504c46d73bd422d68 ethereal-0.10.9-1.EL4.1.x86_64.rpm 3f24ccf818fb3fefc2b1bac4794cd702 ethereal-gnome-0.10.9-1.EL4.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ethereal-0.10.9-1.EL4.1.src.rpm 98adae2cb40674c2da7bc19d1788b38e ethereal-0.10.9-1.EL4.1.src.rpm i386: 2d813b3bb16b56c6142a56b83d62da4e ethereal-0.10.9-1.EL4.1.i386.rpm d50a4b284c96a523f1d29d3e42b729e4 ethereal-gnome-0.10.9-1.EL4.1.i386.rpm ia64: dd815b3dd40251338ade17fa6b7cb603 ethereal-0.10.9-1.EL4.1.ia64.rpm 741f5eccaa7c14a7ef02acec35b01fb4 ethereal-gnome-0.10.9-1.EL4.1.ia64.rpm x86_64: a8614ae5539dc9a504c46d73bd422d68 ethereal-0.10.9-1.EL4.1.x86_64.rpm 3f24ccf818fb3fefc2b1bac4794cd702 ethereal-gnome-0.10.9-1.EL4.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ethereal-0.10.9-1.EL4.1.src.rpm 98adae2cb40674c2da7bc19d1788b38e ethereal-0.10.9-1.EL4.1.src.rpm i386: 2d813b3bb16b56c6142a56b83d62da4e ethereal-0.10.9-1.EL4.1.i386.rpm d50a4b284c96a523f1d29d3e42b729e4 ethereal-gnome-0.10.9-1.EL4.1.i386.rpm ia64: dd815b3dd40251338ade17fa6b7cb603 ethereal-0.10.9-1.EL4.1.ia64.rpm 741f5eccaa7c14a7ef02acec35b01fb4 ethereal-gnome-0.10.9-1.EL4.1.ia64.rpm x86_64: a8614ae5539dc9a504c46d73bd422d68 ethereal-0.10.9-1.EL4.1.x86_64.rpm 3f24ccf818fb3fefc2b1bac4794cd702 ethereal-gnome-0.10.9-1.EL4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.ethereal.com/appnotes/enpa-sa-00016.html http://www.ethereal.com/appnotes/enpa-sa-00017.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1140 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1141 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0006 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0009 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0010 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0084 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEcvUXlSAg2UNWIIRAliEAKCB6cXLxxATisilzssdR2QBnX7k3ACgrDy4 oXIh2yCfDIyv1RVq9tWSyqk= =fPTG -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:16:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:16 -0500 Subject: [RHSA-2005:040-01] Low: enscript security update Message-ID: <200502151016.j1FAG0F18922@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: enscript security update Advisory ID: RHSA-2005:040-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-040.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-1184 CAN-2004-1185 CAN-2004-1186 - --------------------------------------------------------------------- 1. Summary: An updated enscript package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: GNU enscript converts ASCII files to PostScript. Enscript has the ability to interpret special escape sequences. A flaw was found in the handling of the epsf command used to insert inline EPS files into a document. An attacker could create a carefully crafted ASCII file which made use of the epsf pipe command in such a way that it could execute arbitrary commands if the file was opened with enscript by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1184 to this issue. Additional flaws in Enscript were also discovered which can only be triggered by executing enscript with carefully crafted command line arguments. These flaws therefore only have a security impact if enscript is executed by other programs and passed untrusted data from remote users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-1185 and CAN-2004-1186 to these issues. All users of enscript should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 144686 - CAN-2004-1184 multiple security issues in enscript (CAN-2004-1185 CAN-2004-1186) 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/enscript-1.6.1-28.3.src.rpm 6136608a19ec0ba813c7afdbdfa24515 enscript-1.6.1-28.3.src.rpm i386: d714abdae2f34960e2e8b629a4e4c468 enscript-1.6.1-28.3.i386.rpm ia64: 037e9d631eb07d7675477f0c43e936ad enscript-1.6.1-28.3.ia64.rpm ppc: 87dd4e16ae03373117bc6f996d3f9c7a enscript-1.6.1-28.3.ppc.rpm s390: 9190d5795d0ee630864c7bf628a76995 enscript-1.6.1-28.3.s390.rpm s390x: 7394a1fc69dfa447bba88b53087595a2 enscript-1.6.1-28.3.s390x.rpm x86_64: fe7d069e80c458b73bab137b2d00c434 enscript-1.6.1-28.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/enscript-1.6.1-28.3.src.rpm 6136608a19ec0ba813c7afdbdfa24515 enscript-1.6.1-28.3.src.rpm i386: d714abdae2f34960e2e8b629a4e4c468 enscript-1.6.1-28.3.i386.rpm x86_64: fe7d069e80c458b73bab137b2d00c434 enscript-1.6.1-28.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/enscript-1.6.1-28.3.src.rpm 6136608a19ec0ba813c7afdbdfa24515 enscript-1.6.1-28.3.src.rpm i386: d714abdae2f34960e2e8b629a4e4c468 enscript-1.6.1-28.3.i386.rpm ia64: 037e9d631eb07d7675477f0c43e936ad enscript-1.6.1-28.3.ia64.rpm x86_64: fe7d069e80c458b73bab137b2d00c434 enscript-1.6.1-28.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/enscript-1.6.1-28.3.src.rpm 6136608a19ec0ba813c7afdbdfa24515 enscript-1.6.1-28.3.src.rpm i386: d714abdae2f34960e2e8b629a4e4c468 enscript-1.6.1-28.3.i386.rpm ia64: 037e9d631eb07d7675477f0c43e936ad enscript-1.6.1-28.3.ia64.rpm x86_64: fe7d069e80c458b73bab137b2d00c434 enscript-1.6.1-28.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1184 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1186 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEcveXlSAg2UNWIIRAvfPAJ4lIzQ14Rt4vMf13cvCjCJ8/mdP2ACfab7y pWzJ56NjR4VkT7jZhtAMgpU= =lkRZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:16:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:16 -0500 Subject: [RHSA-2005:045-01] Moderate: krb5 security update Message-ID: <200502151016.j1FAGCF18928@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: krb5 security update Advisory ID: RHSA-2005:045-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-045.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-1189 - --------------------------------------------------------------------- 1. Summary: Updated Kerberos (krb5) packages that correct a buffer overflow bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Kerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other. A heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This bug could allow an authenticated remote attacker to execute arbitrary commands on a realm's master Kerberos KDC. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1189 to this issue. All users of krb5 should upgrade to these updated packages, which contain backported security patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 139235 - krsh problem 144196 - CAN-2004-1189 buffer overflow in krb5 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/krb5-1.3.4-10.src.rpm d6d9c9ec9e80975fa043edcfe302c0dc krb5-1.3.4-10.src.rpm i386: 78799ca1e8c98f8fcb00209b46dfce41 krb5-devel-1.3.4-10.i386.rpm 840838ec3616305979c304fda0e8d7fe krb5-libs-1.3.4-10.i386.rpm 41539a24d42aded4759aea32192ac1d6 krb5-server-1.3.4-10.i386.rpm 0cffdea74c77bf39d41ee5ea93976f01 krb5-workstation-1.3.4-10.i386.rpm ia64: 14ecc7c0ece19e49b7cc6bd7c5858949 krb5-devel-1.3.4-10.ia64.rpm fdd4eed7c2481af9d3ffb2d41c3f07f9 krb5-libs-1.3.4-10.ia64.rpm 840838ec3616305979c304fda0e8d7fe krb5-libs-1.3.4-10.i386.rpm 5d6d33738eb5a7ab0063a72ce3adc94c krb5-server-1.3.4-10.ia64.rpm 03038d68414e227a70916fa8355ef7e9 krb5-workstation-1.3.4-10.ia64.rpm ppc: d0adec45ee8e0a5bda3b97f6f68a5199 krb5-devel-1.3.4-10.ppc.rpm 16790be4051537f2656459da6a37067c krb5-libs-1.3.4-10.ppc.rpm b2fd65dbd28b0ec275f4a37c86f557d7 krb5-server-1.3.4-10.ppc.rpm c1b37834a125fad0ae9f3f4cf9d17ae0 krb5-workstation-1.3.4-10.ppc.rpm ppc64: 896c76f83d8f4234e926709d806f6254 krb5-libs-1.3.4-10.ppc64.rpm s390: 567fe5f87682f08910e9771eb90036dd krb5-devel-1.3.4-10.s390.rpm c42bbb32fceaca6aae6ba4a42f821245 krb5-libs-1.3.4-10.s390.rpm 04d67d9043a1e7ac33e00caeaed7b880 krb5-server-1.3.4-10.s390.rpm 2669caea6f3d4b583e2a85dd3e1b9c03 krb5-workstation-1.3.4-10.s390.rpm s390x: 96192adee5cd4cc22aacede6d1622700 krb5-devel-1.3.4-10.s390x.rpm dabae34a4365ed7506965c0f225bb640 krb5-libs-1.3.4-10.s390x.rpm c42bbb32fceaca6aae6ba4a42f821245 krb5-libs-1.3.4-10.s390.rpm ab19809471f301094225c850e6a46024 krb5-server-1.3.4-10.s390x.rpm 5d685ebb30c8889f86171dd7c16d6606 krb5-workstation-1.3.4-10.s390x.rpm x86_64: 9108d9950729adeb09f3ad103cec7381 krb5-devel-1.3.4-10.x86_64.rpm 8e5f807f0aa56cb4111fb26a6e36badd krb5-libs-1.3.4-10.x86_64.rpm 840838ec3616305979c304fda0e8d7fe krb5-libs-1.3.4-10.i386.rpm 1e52826d2c9770b1e57b94d2083a14dd krb5-server-1.3.4-10.x86_64.rpm 627d3c67962cd3410fa410543a849116 krb5-workstation-1.3.4-10.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/krb5-1.3.4-10.src.rpm d6d9c9ec9e80975fa043edcfe302c0dc krb5-1.3.4-10.src.rpm i386: 78799ca1e8c98f8fcb00209b46dfce41 krb5-devel-1.3.4-10.i386.rpm 840838ec3616305979c304fda0e8d7fe krb5-libs-1.3.4-10.i386.rpm 41539a24d42aded4759aea32192ac1d6 krb5-server-1.3.4-10.i386.rpm 0cffdea74c77bf39d41ee5ea93976f01 krb5-workstation-1.3.4-10.i386.rpm x86_64: 9108d9950729adeb09f3ad103cec7381 krb5-devel-1.3.4-10.x86_64.rpm 8e5f807f0aa56cb4111fb26a6e36badd krb5-libs-1.3.4-10.x86_64.rpm 840838ec3616305979c304fda0e8d7fe krb5-libs-1.3.4-10.i386.rpm 1e52826d2c9770b1e57b94d2083a14dd krb5-server-1.3.4-10.x86_64.rpm 627d3c67962cd3410fa410543a849116 krb5-workstation-1.3.4-10.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/krb5-1.3.4-10.src.rpm d6d9c9ec9e80975fa043edcfe302c0dc krb5-1.3.4-10.src.rpm i386: 78799ca1e8c98f8fcb00209b46dfce41 krb5-devel-1.3.4-10.i386.rpm 840838ec3616305979c304fda0e8d7fe krb5-libs-1.3.4-10.i386.rpm 41539a24d42aded4759aea32192ac1d6 krb5-server-1.3.4-10.i386.rpm 0cffdea74c77bf39d41ee5ea93976f01 krb5-workstation-1.3.4-10.i386.rpm ia64: 14ecc7c0ece19e49b7cc6bd7c5858949 krb5-devel-1.3.4-10.ia64.rpm fdd4eed7c2481af9d3ffb2d41c3f07f9 krb5-libs-1.3.4-10.ia64.rpm 840838ec3616305979c304fda0e8d7fe krb5-libs-1.3.4-10.i386.rpm 5d6d33738eb5a7ab0063a72ce3adc94c krb5-server-1.3.4-10.ia64.rpm 03038d68414e227a70916fa8355ef7e9 krb5-workstation-1.3.4-10.ia64.rpm x86_64: 9108d9950729adeb09f3ad103cec7381 krb5-devel-1.3.4-10.x86_64.rpm 8e5f807f0aa56cb4111fb26a6e36badd krb5-libs-1.3.4-10.x86_64.rpm 840838ec3616305979c304fda0e8d7fe krb5-libs-1.3.4-10.i386.rpm 1e52826d2c9770b1e57b94d2083a14dd krb5-server-1.3.4-10.x86_64.rpm 627d3c67962cd3410fa410543a849116 krb5-workstation-1.3.4-10.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/krb5-1.3.4-10.src.rpm d6d9c9ec9e80975fa043edcfe302c0dc krb5-1.3.4-10.src.rpm i386: 78799ca1e8c98f8fcb00209b46dfce41 krb5-devel-1.3.4-10.i386.rpm 840838ec3616305979c304fda0e8d7fe krb5-libs-1.3.4-10.i386.rpm 41539a24d42aded4759aea32192ac1d6 krb5-server-1.3.4-10.i386.rpm 0cffdea74c77bf39d41ee5ea93976f01 krb5-workstation-1.3.4-10.i386.rpm ia64: 14ecc7c0ece19e49b7cc6bd7c5858949 krb5-devel-1.3.4-10.ia64.rpm fdd4eed7c2481af9d3ffb2d41c3f07f9 krb5-libs-1.3.4-10.ia64.rpm 840838ec3616305979c304fda0e8d7fe krb5-libs-1.3.4-10.i386.rpm 5d6d33738eb5a7ab0063a72ce3adc94c krb5-server-1.3.4-10.ia64.rpm 03038d68414e227a70916fa8355ef7e9 krb5-workstation-1.3.4-10.ia64.rpm x86_64: 9108d9950729adeb09f3ad103cec7381 krb5-devel-1.3.4-10.x86_64.rpm 8e5f807f0aa56cb4111fb26a6e36badd krb5-libs-1.3.4-10.x86_64.rpm 840838ec3616305979c304fda0e8d7fe krb5-libs-1.3.4-10.i386.rpm 1e52826d2c9770b1e57b94d2083a14dd krb5-server-1.3.4-10.x86_64.rpm 627d3c67962cd3410fa410543a849116 krb5-workstation-1.3.4-10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-004-pwhist.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1189 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEcvqXlSAg2UNWIIRArFyAJwJPwQx2g3pAwE1UtCV7Cmb17aHkwCeIcfk pUBq9II2FUeMXu85faaHi9Y= =Kh78 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:17:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:17 -0500 Subject: [RHSA-2005:053-01] Important: CUPS security update Message-ID: <200502151017.j1FAH7F19021@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: CUPS security update Advisory ID: RHSA-2005:053-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-053.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-1125 CAN-2004-1267 CAN-2004-1268 CAN-2004-1269 CAN-2004-1270 CAN-2005-0064 CAN-2005-0206 - --------------------------------------------------------------------- 1. Summary: Updated CUPS packages that fix several security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The Common UNIX Printing System provides a portable printing layer for UNIX(R) operating systems. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf, which also affects CUPS due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause CUPS to crash or possibly execute arbitrary code when opened. This issue was assigned the name CAN-2004-0888 by The Common Vulnerabilities and Exposures project (cve.mitre.org). Red Hat Enterprise Linux 4 contained a fix for this issue, but it was found to be incomplete and left 64-bit architectures vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0206 to this issue. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which also affects the CUPS pdftops filter due to a shared codebase. An attacker who has the ability to send a malicious PDF file to a printer could possibly execute arbitrary code as the "lp" user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue. A buffer overflow flaw was found in the ParseCommand function in the hpgltops program. An attacker who has the ability to send a malicious HPGL file to a printer could possibly execute arbitrary code as the "lp" user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1267 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects the CUPS pdftops filter due to a shared codebase. An attacker who has the ability to send a malicious PDF file to a printer could possibly execute arbitrary code as the "lp" user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to this issue. The lppasswd utility was found to ignore write errors when modifying the CUPS passwd file. A local user who is able to fill the associated file system could corrupt the CUPS password file or prevent future uses of lppasswd. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-1268 and CAN-2004-1269 to these issues. The lppasswd utility was found to not verify that the passwd.new file is different from STDERR, which could allow local users to control output to passwd.new via certain user input that triggers an error message. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1270 to this issue. All users of cups should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 144191 - CAN-2004-1267 Bernstein cups issues (CAN-2004-1268 CAN-2004-1269 CAN-2004-1270) 144194 - CAN-2004-1125 xpdf buffer overflow 145088 - CAN-2005-0064 xpdf buffer overflow 147480 - CAN-2004-0888 xpdf issues affect cups (CAN-2005-0206) 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cups-1.1.22-0.rc1.9.6.src.rpm 5b34a0b5b4b92c00c2749e69677812ce cups-1.1.22-0.rc1.9.6.src.rpm i386: f03c9683b85077d490b9a5d1a12dbf02 cups-1.1.22-0.rc1.9.6.i386.rpm 2c494e4a5db28b42289eff83235067d1 cups-devel-1.1.22-0.rc1.9.6.i386.rpm 881ce46b1a0828bf88560372b9900d56 cups-libs-1.1.22-0.rc1.9.6.i386.rpm ia64: b29b182820006775fc18004fdbb43afc cups-1.1.22-0.rc1.9.6.ia64.rpm 3611e17b23990951b1d61747dfe195d9 cups-devel-1.1.22-0.rc1.9.6.ia64.rpm ca8aef782179f2027ffacc8e8309594b cups-libs-1.1.22-0.rc1.9.6.ia64.rpm 881ce46b1a0828bf88560372b9900d56 cups-libs-1.1.22-0.rc1.9.6.i386.rpm ppc: 5c208f69a019f0f2f96b851af386fc6c cups-1.1.22-0.rc1.9.6.ppc.rpm 30ad7d6e59830a0ea9c488265b605eee cups-devel-1.1.22-0.rc1.9.6.ppc.rpm 9fb369e243e1a43806727d97b98733af cups-libs-1.1.22-0.rc1.9.6.ppc.rpm b0044742ecf8db6d67e8f91a94d445bf cups-libs-1.1.22-0.rc1.9.6.ppc64.rpm s390: bc9eda3c1e297990bcde213b15a075f2 cups-1.1.22-0.rc1.9.6.s390.rpm c31831240bcabef05ac45010a1bc72a1 cups-devel-1.1.22-0.rc1.9.6.s390.rpm 4987b5dfdb7a550d8a706da6ad6667f0 cups-libs-1.1.22-0.rc1.9.6.s390.rpm s390x: 95afc86836c586a381c6036ad040f12e cups-1.1.22-0.rc1.9.6.s390x.rpm 5d99e8d249a023ed7d0563b0dd7f53ad cups-devel-1.1.22-0.rc1.9.6.s390x.rpm 3306eafd9bc433d027f6630fa7cb5613 cups-libs-1.1.22-0.rc1.9.6.s390x.rpm 4987b5dfdb7a550d8a706da6ad6667f0 cups-libs-1.1.22-0.rc1.9.6.s390.rpm x86_64: 1bc2ddfe634054bfad3b7f1cf77aedb4 cups-1.1.22-0.rc1.9.6.x86_64.rpm 243af656ba1608d1e333e58b39596e81 cups-devel-1.1.22-0.rc1.9.6.x86_64.rpm c3a609ed5adb389aeb835a83c251f14a cups-libs-1.1.22-0.rc1.9.6.x86_64.rpm 881ce46b1a0828bf88560372b9900d56 cups-libs-1.1.22-0.rc1.9.6.i386.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cups-1.1.22-0.rc1.9.6.src.rpm 5b34a0b5b4b92c00c2749e69677812ce cups-1.1.22-0.rc1.9.6.src.rpm i386: f03c9683b85077d490b9a5d1a12dbf02 cups-1.1.22-0.rc1.9.6.i386.rpm 2c494e4a5db28b42289eff83235067d1 cups-devel-1.1.22-0.rc1.9.6.i386.rpm 881ce46b1a0828bf88560372b9900d56 cups-libs-1.1.22-0.rc1.9.6.i386.rpm x86_64: 1bc2ddfe634054bfad3b7f1cf77aedb4 cups-1.1.22-0.rc1.9.6.x86_64.rpm 243af656ba1608d1e333e58b39596e81 cups-devel-1.1.22-0.rc1.9.6.x86_64.rpm c3a609ed5adb389aeb835a83c251f14a cups-libs-1.1.22-0.rc1.9.6.x86_64.rpm 881ce46b1a0828bf88560372b9900d56 cups-libs-1.1.22-0.rc1.9.6.i386.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cups-1.1.22-0.rc1.9.6.src.rpm 5b34a0b5b4b92c00c2749e69677812ce cups-1.1.22-0.rc1.9.6.src.rpm i386: f03c9683b85077d490b9a5d1a12dbf02 cups-1.1.22-0.rc1.9.6.i386.rpm 2c494e4a5db28b42289eff83235067d1 cups-devel-1.1.22-0.rc1.9.6.i386.rpm 881ce46b1a0828bf88560372b9900d56 cups-libs-1.1.22-0.rc1.9.6.i386.rpm ia64: b29b182820006775fc18004fdbb43afc cups-1.1.22-0.rc1.9.6.ia64.rpm 3611e17b23990951b1d61747dfe195d9 cups-devel-1.1.22-0.rc1.9.6.ia64.rpm ca8aef782179f2027ffacc8e8309594b cups-libs-1.1.22-0.rc1.9.6.ia64.rpm 881ce46b1a0828bf88560372b9900d56 cups-libs-1.1.22-0.rc1.9.6.i386.rpm x86_64: 1bc2ddfe634054bfad3b7f1cf77aedb4 cups-1.1.22-0.rc1.9.6.x86_64.rpm 243af656ba1608d1e333e58b39596e81 cups-devel-1.1.22-0.rc1.9.6.x86_64.rpm c3a609ed5adb389aeb835a83c251f14a cups-libs-1.1.22-0.rc1.9.6.x86_64.rpm 881ce46b1a0828bf88560372b9900d56 cups-libs-1.1.22-0.rc1.9.6.i386.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cups-1.1.22-0.rc1.9.6.src.rpm 5b34a0b5b4b92c00c2749e69677812ce cups-1.1.22-0.rc1.9.6.src.rpm i386: f03c9683b85077d490b9a5d1a12dbf02 cups-1.1.22-0.rc1.9.6.i386.rpm 2c494e4a5db28b42289eff83235067d1 cups-devel-1.1.22-0.rc1.9.6.i386.rpm 881ce46b1a0828bf88560372b9900d56 cups-libs-1.1.22-0.rc1.9.6.i386.rpm ia64: b29b182820006775fc18004fdbb43afc cups-1.1.22-0.rc1.9.6.ia64.rpm 3611e17b23990951b1d61747dfe195d9 cups-devel-1.1.22-0.rc1.9.6.ia64.rpm ca8aef782179f2027ffacc8e8309594b cups-libs-1.1.22-0.rc1.9.6.ia64.rpm 881ce46b1a0828bf88560372b9900d56 cups-libs-1.1.22-0.rc1.9.6.i386.rpm x86_64: 1bc2ddfe634054bfad3b7f1cf77aedb4 cups-1.1.22-0.rc1.9.6.x86_64.rpm 243af656ba1608d1e333e58b39596e81 cups-devel-1.1.22-0.rc1.9.6.x86_64.rpm c3a609ed5adb389aeb835a83c251f14a cups-libs-1.1.22-0.rc1.9.6.x86_64.rpm 881ce46b1a0828bf88560372b9900d56 cups-libs-1.1.22-0.rc1.9.6.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1269 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0206 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEcwhXlSAg2UNWIIRArRrAKCs9hTEIfnTdMUkYz5vc6YvC7p+GQCdG7fG X4k2dB/yI8j56zG1v7kxrpY= =v8Uz -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:17:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:17 -0500 Subject: [RHSA-2005:057-01] Important: gpdf security update Message-ID: <200502151017.j1FAHMF19025@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: gpdf security update Advisory ID: RHSA-2005:057-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-057.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-1125 CAN-2005-0064 CAN-2005-0206 - --------------------------------------------------------------------- 1. Summary: An updated gpdf package that fixes two security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: GPdf is a viewer for Portable Document Format (PDF) files for GNOME. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which also affects GPdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause GPdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects GPdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause GPdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to this issue. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf, which also affects GPdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause GPdf to crash or possibly execute arbitrary code when opened. This issue was assigned the name CAN-2004-0888 by The Common Vulnerabilities and Exposures project (cve.mitre.org). Red Hat Enterprise Linux 4 contained a fix for this issue, but it was found to be incomplete and left 64-bit architectures vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0206 to this issue. Users should update to this erratum package which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 144210 - CAN-2004-1125 gpdf buffer overflow 145054 - CAN-2005-0064 xpdf buffer overflow 147518 - CAN-2004-0888 xpdf integer overflows 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gpdf-2.8.2-4.3.src.rpm 0d2d40d1e98b5e2ecbebabf18f4941f7 gpdf-2.8.2-4.3.src.rpm i386: bd095233bada6a9596cc0a27a88c3991 gpdf-2.8.2-4.3.i386.rpm ia64: e8ad37d8c0c724526af8d0d59f7bc8e3 gpdf-2.8.2-4.3.ia64.rpm ppc: 226b1a316072a0aa69e9c8729a8a37ed gpdf-2.8.2-4.3.ppc.rpm s390: 7945af0b72f4ddc8942d00a8b279fc1c gpdf-2.8.2-4.3.s390.rpm s390x: 18935e86dc836057e5bc7bb0da86d281 gpdf-2.8.2-4.3.s390x.rpm x86_64: 7438f03d85d8e28d180fa4aebc16e624 gpdf-2.8.2-4.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gpdf-2.8.2-4.3.src.rpm 0d2d40d1e98b5e2ecbebabf18f4941f7 gpdf-2.8.2-4.3.src.rpm i386: bd095233bada6a9596cc0a27a88c3991 gpdf-2.8.2-4.3.i386.rpm x86_64: 7438f03d85d8e28d180fa4aebc16e624 gpdf-2.8.2-4.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gpdf-2.8.2-4.3.src.rpm 0d2d40d1e98b5e2ecbebabf18f4941f7 gpdf-2.8.2-4.3.src.rpm i386: bd095233bada6a9596cc0a27a88c3991 gpdf-2.8.2-4.3.i386.rpm ia64: e8ad37d8c0c724526af8d0d59f7bc8e3 gpdf-2.8.2-4.3.ia64.rpm x86_64: 7438f03d85d8e28d180fa4aebc16e624 gpdf-2.8.2-4.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gpdf-2.8.2-4.3.src.rpm 0d2d40d1e98b5e2ecbebabf18f4941f7 gpdf-2.8.2-4.3.src.rpm i386: bd095233bada6a9596cc0a27a88c3991 gpdf-2.8.2-4.3.i386.rpm ia64: e8ad37d8c0c724526af8d0d59f7bc8e3 gpdf-2.8.2-4.3.ia64.rpm x86_64: 7438f03d85d8e28d180fa4aebc16e624 gpdf-2.8.2-4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0206 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEcwwXlSAg2UNWIIRAr2KAKCUF0J398aXkz2kMNFZ7RmUoKLxZQCfaInC i0W10wuCqbLiT7T2d8eHfOU= =CUDi -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:17:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:17 -0500 Subject: [RHSA-2005:060-01] Important: squid security update Message-ID: <200502151017.j1FAHXF19030@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: squid security update Advisory ID: RHSA-2005:060-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-060.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0094 CAN-2005-0095 CAN-2005-0096 CAN-2005-0097 CAN-2005-0173 CAN-2005-0174 CAN-2005-0175 CAN-2005-0211 CAN-2005-0241 - --------------------------------------------------------------------- 1. Summary: An updated Squid package that fixes several security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Squid is a full-featured Web proxy cache. A buffer overflow flaw was found in the Gopher relay parser. This bug could allow a remote Gopher server to crash the Squid proxy that reads data from it. Although Gopher servers are now quite rare, a malicious webpage (for example) could redirect or contain a frame pointing to an attacker's malicious gopher server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0094 to this issue. An integer overflow flaw was found in the WCCP message parser. It is possible to crash the Squid server if an attacker is able to send a malformed WCCP message with a spoofed source address matching Squid's "home router". The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0095 to this issue. A memory leak was found in the NTLM fakeauth_auth helper. It is possible that an attacker could place the Squid server under high load, causing the NTML fakeauth_auth helper to consume a large amount of memory, resulting in a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0096 to this issue. A NULL pointer de-reference bug was found in the NTLM fakeauth_auth helper. It is possible for an attacker to send a malformed NTLM type 3 message, causing the Squid server to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0097 to this issue. A username validation bug was found in squid_ldap_auth. It is possible for a username to be padded with spaces, which could allow a user to bypass explicit access control rules or confuse accounting. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0173 to this issue. The way Squid handles HTTP responses was found to need strengthening. It is possible that a malicious Web server could send a series of HTTP responses in such a way that the Squid cache could be poisoned, presenting users with incorrect webpages. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0174 and CAN-2005-0175 to these issues. A bug was found in the way Squid handled oversized HTTP response headers. It is possible that a malicious Web server could send a specially crafted HTTP header which could cause the Squid cache to be poisoned, presenting users with incorrect webpages. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0241 to this issue. A buffer overflow bug was found in the WCCP message parser. It is possible that an attacker could send a malformed WCCP message which could crash the Squid server or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0211 to this issue. Users of Squid should upgrade to this updated package, which contains backported patches, and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 145545 - CAN-2005-0094 Multiple issues with squid (CAN-2005-0095 CAN-2005-0096 CAN-2005-0097) 146161 - CAN-2005-0173 Multiple squid issues (CAN-2005-0174 CAN-2005-0175) 146779 - CAN-2005-0211 Buffer overflow in WCCP recvfrom() call 146785 - CAN-2005-0241 Correct handling of oversized reply headers 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/squid-2.5.STABLE6-3.4E.3.src.rpm 7277978921fd67b35f6deeee0cc32273 squid-2.5.STABLE6-3.4E.3.src.rpm i386: dc2dd466144276fcb01f3bd73a989668 squid-2.5.STABLE6-3.4E.3.i386.rpm ia64: df80c5246c60f9539bb6bfb1a07ee7b2 squid-2.5.STABLE6-3.4E.3.ia64.rpm ppc: 7d7514da0ef3c1e1202acbd592bc81b7 squid-2.5.STABLE6-3.4E.3.ppc.rpm s390: 255a26fb9e66cfdef033a0b5b447d514 squid-2.5.STABLE6-3.4E.3.s390.rpm s390x: b15467fc7e196cc321c5408258202344 squid-2.5.STABLE6-3.4E.3.s390x.rpm x86_64: 2cb406db7fc4c97d4f4b33452cae9f15 squid-2.5.STABLE6-3.4E.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/squid-2.5.STABLE6-3.4E.3.src.rpm 7277978921fd67b35f6deeee0cc32273 squid-2.5.STABLE6-3.4E.3.src.rpm i386: dc2dd466144276fcb01f3bd73a989668 squid-2.5.STABLE6-3.4E.3.i386.rpm x86_64: 2cb406db7fc4c97d4f4b33452cae9f15 squid-2.5.STABLE6-3.4E.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/squid-2.5.STABLE6-3.4E.3.src.rpm 7277978921fd67b35f6deeee0cc32273 squid-2.5.STABLE6-3.4E.3.src.rpm i386: dc2dd466144276fcb01f3bd73a989668 squid-2.5.STABLE6-3.4E.3.i386.rpm ia64: df80c5246c60f9539bb6bfb1a07ee7b2 squid-2.5.STABLE6-3.4E.3.ia64.rpm x86_64: 2cb406db7fc4c97d4f4b33452cae9f15 squid-2.5.STABLE6-3.4E.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/squid-2.5.STABLE6-3.4E.3.src.rpm 7277978921fd67b35f6deeee0cc32273 squid-2.5.STABLE6-3.4E.3.src.rpm i386: dc2dd466144276fcb01f3bd73a989668 squid-2.5.STABLE6-3.4E.3.i386.rpm ia64: df80c5246c60f9539bb6bfb1a07ee7b2 squid-2.5.STABLE6-3.4E.3.ia64.rpm x86_64: 2cb406db7fc4c97d4f4b33452cae9f15 squid-2.5.STABLE6-3.4E.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.squid-cache.org/Advisories/SQUID-2005_1.txt http://www.squid-cache.org/Advisories/SQUID-2005_2.txt http://www.squid-cache.org/Advisories/SQUID-2005_3.txt http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0241 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEcw7XlSAg2UNWIIRAgMuAJ9Gw0VxImbVSOBCgPHMOjnsBSd58QCgkxuS NXCO/iSVmSIlJeNTimYOWrk= =uacN -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:17:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:17 -0500 Subject: [RHSA-2005:065-01] Important: kdelibs security update Message-ID: <200502151017.j1FAHqF19036@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kdelibs security update Advisory ID: RHSA-2005:065-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-065.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-1145 CAN-2004-1165 - --------------------------------------------------------------------- 1. Summary: Updated kdelibs packages that resolve security issues in Konqueror are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The kdelibs packages include libraries for the K Desktop Environment. Two flaws were found in the sandbox environment used to run Java-applets in the Konqueror web browser. If a user has Java enabled in Konqueror and visits a malicious website, the website could run a carefully crafted Java-applet and obtain escalated privileges allowing reading and writing of arbitrary files with the privileges of the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1145 to this issue. A flaw was discovered in the FTP kioslave. KDE applications such as Konqueror could be forced to execute arbitrary FTP commands via a carefully crafted ftp URL. The URL could also be crafted in such a way as to send an arbitrary email via SMTP. An attacker could make use of this flaw if a victim visits a malicious web site. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1165 to this issue. Users should update to these erratum packages which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 144211 - CAN-2004-1145 Konqueror Java Vulnerability 145938 - CAN-2004-1165 kioslave command injection 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdelibs-3.3.1-3.3.src.rpm 5361226de2446cf2eacbbeb66565fdd6 kdelibs-3.3.1-3.3.src.rpm i386: 338f9be9bfec9b233170bf38e6d73a83 kdelibs-3.3.1-3.3.i386.rpm b92c766a5e34edac7cdca06be7e67bb9 kdelibs-devel-3.3.1-3.3.i386.rpm ia64: 097f3c9774d0867aebf7df5f3ef6edde kdelibs-3.3.1-3.3.ia64.rpm 338f9be9bfec9b233170bf38e6d73a83 kdelibs-3.3.1-3.3.i386.rpm 3db1e5ddd0a793abaa62c0225db07c63 kdelibs-devel-3.3.1-3.3.ia64.rpm ppc: b77dbf1e928c66536e922da0efca942b kdelibs-3.3.1-3.3.ppc.rpm 11f62497d39fab066b5692835c0a9c70 kdelibs-devel-3.3.1-3.3.ppc.rpm ppc64: 6aed2db2e226d86cb158e7dbd9c902d1 kdelibs-3.3.1-3.3.ppc64.rpm s390: 490a057b8610865e1e76cb03722c4c92 kdelibs-3.3.1-3.3.s390.rpm 9d55af5321f66361c64972378f7b8c81 kdelibs-devel-3.3.1-3.3.s390.rpm s390x: 36015705878aa72f4061970dda699cc6 kdelibs-3.3.1-3.3.s390x.rpm 490a057b8610865e1e76cb03722c4c92 kdelibs-3.3.1-3.3.s390.rpm fca155ce1696dbc5abb2f9dc80ddbd62 kdelibs-devel-3.3.1-3.3.s390x.rpm x86_64: ba9a83417d3bce133f30a75842659cd4 kdelibs-3.3.1-3.3.x86_64.rpm 338f9be9bfec9b233170bf38e6d73a83 kdelibs-3.3.1-3.3.i386.rpm 8ffea04c6e684d8d592ff3971fb1f287 kdelibs-devel-3.3.1-3.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdelibs-3.3.1-3.3.src.rpm 5361226de2446cf2eacbbeb66565fdd6 kdelibs-3.3.1-3.3.src.rpm i386: 338f9be9bfec9b233170bf38e6d73a83 kdelibs-3.3.1-3.3.i386.rpm b92c766a5e34edac7cdca06be7e67bb9 kdelibs-devel-3.3.1-3.3.i386.rpm x86_64: ba9a83417d3bce133f30a75842659cd4 kdelibs-3.3.1-3.3.x86_64.rpm 338f9be9bfec9b233170bf38e6d73a83 kdelibs-3.3.1-3.3.i386.rpm 8ffea04c6e684d8d592ff3971fb1f287 kdelibs-devel-3.3.1-3.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdelibs-3.3.1-3.3.src.rpm 5361226de2446cf2eacbbeb66565fdd6 kdelibs-3.3.1-3.3.src.rpm i386: 338f9be9bfec9b233170bf38e6d73a83 kdelibs-3.3.1-3.3.i386.rpm b92c766a5e34edac7cdca06be7e67bb9 kdelibs-devel-3.3.1-3.3.i386.rpm ia64: 097f3c9774d0867aebf7df5f3ef6edde kdelibs-3.3.1-3.3.ia64.rpm 338f9be9bfec9b233170bf38e6d73a83 kdelibs-3.3.1-3.3.i386.rpm 3db1e5ddd0a793abaa62c0225db07c63 kdelibs-devel-3.3.1-3.3.ia64.rpm x86_64: ba9a83417d3bce133f30a75842659cd4 kdelibs-3.3.1-3.3.x86_64.rpm 338f9be9bfec9b233170bf38e6d73a83 kdelibs-3.3.1-3.3.i386.rpm 8ffea04c6e684d8d592ff3971fb1f287 kdelibs-devel-3.3.1-3.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdelibs-3.3.1-3.3.src.rpm 5361226de2446cf2eacbbeb66565fdd6 kdelibs-3.3.1-3.3.src.rpm i386: 338f9be9bfec9b233170bf38e6d73a83 kdelibs-3.3.1-3.3.i386.rpm b92c766a5e34edac7cdca06be7e67bb9 kdelibs-devel-3.3.1-3.3.i386.rpm ia64: 097f3c9774d0867aebf7df5f3ef6edde kdelibs-3.3.1-3.3.ia64.rpm 338f9be9bfec9b233170bf38e6d73a83 kdelibs-3.3.1-3.3.i386.rpm 3db1e5ddd0a793abaa62c0225db07c63 kdelibs-devel-3.3.1-3.3.ia64.rpm x86_64: ba9a83417d3bce133f30a75842659cd4 kdelibs-3.3.1-3.3.x86_64.rpm 338f9be9bfec9b233170bf38e6d73a83 kdelibs-3.3.1-3.3.i386.rpm 8ffea04c6e684d8d592ff3971fb1f287 kdelibs-devel-3.3.1-3.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.kde.org/info/security/advisory-20041220-1.txt http://www.kde.org/info/security/advisory-20050101-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1165 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEcxOXlSAg2UNWIIRAgTsAKCag0rpa3NUqTLcuMbRasd5mCIrqACfZabj 7cFqkzUUo63C7v0YAtki2a4= =lOfn -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:18:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:18 -0500 Subject: [RHSA-2005:066-01] Important: kdegraphics security update Message-ID: <200502151018.j1FAIZF19067@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kdegraphics security update Advisory ID: RHSA-2005:066-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-066.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-0888 CAN-2004-1125 CAN-2005-0064 - --------------------------------------------------------------------- 1. Summary: Updated kdegraphics packages that resolve security issues in kpdf are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf that also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0064 to this issue. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf which also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0888 to this issue. Users should update to these erratum packages which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 144231 - CAN-2004-1125 kpdf buffer overflows (CAN-2005-0064) 147517 - CAN-2004-0888 xpdf integer overflows 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdegraphics-3.3.1-3.3.src.rpm fd1d7060c8cca799483a27173d5bc7b6 kdegraphics-3.3.1-3.3.src.rpm i386: 4a2e830f82d3aa0e05dd95426d5a109b kdegraphics-3.3.1-3.3.i386.rpm 5937d9c3e8c5f7175f71078ffb7f717e kdegraphics-devel-3.3.1-3.3.i386.rpm ia64: e2fd3f531b80d5bb50c3ae080639f4f8 kdegraphics-3.3.1-3.3.ia64.rpm b383cbe0daccb73a4fe053d156a73164 kdegraphics-devel-3.3.1-3.3.ia64.rpm ppc: 331f2f1866dbe6eae83af3c2724f6fa7 kdegraphics-3.3.1-3.3.ppc.rpm 640fe6bd9af17924905c7039e3638dff kdegraphics-devel-3.3.1-3.3.ppc.rpm s390: b09f34cabeb4bfde4bd32aa829fd5976 kdegraphics-3.3.1-3.3.s390.rpm 5b94414dc45320387c924fd2ecc5877c kdegraphics-devel-3.3.1-3.3.s390.rpm s390x: af43161748d3a158d954aeab1175fdba kdegraphics-3.3.1-3.3.s390x.rpm c43192a518f3ee03420c4d29aedc12f0 kdegraphics-devel-3.3.1-3.3.s390x.rpm x86_64: a4e5fd8221c93b22a601abcdfb310886 kdegraphics-3.3.1-3.3.x86_64.rpm 7e462597879404f94abb47e742fc1851 kdegraphics-devel-3.3.1-3.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdegraphics-3.3.1-3.3.src.rpm fd1d7060c8cca799483a27173d5bc7b6 kdegraphics-3.3.1-3.3.src.rpm i386: 4a2e830f82d3aa0e05dd95426d5a109b kdegraphics-3.3.1-3.3.i386.rpm 5937d9c3e8c5f7175f71078ffb7f717e kdegraphics-devel-3.3.1-3.3.i386.rpm x86_64: a4e5fd8221c93b22a601abcdfb310886 kdegraphics-3.3.1-3.3.x86_64.rpm 7e462597879404f94abb47e742fc1851 kdegraphics-devel-3.3.1-3.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdegraphics-3.3.1-3.3.src.rpm fd1d7060c8cca799483a27173d5bc7b6 kdegraphics-3.3.1-3.3.src.rpm i386: 4a2e830f82d3aa0e05dd95426d5a109b kdegraphics-3.3.1-3.3.i386.rpm 5937d9c3e8c5f7175f71078ffb7f717e kdegraphics-devel-3.3.1-3.3.i386.rpm ia64: e2fd3f531b80d5bb50c3ae080639f4f8 kdegraphics-3.3.1-3.3.ia64.rpm b383cbe0daccb73a4fe053d156a73164 kdegraphics-devel-3.3.1-3.3.ia64.rpm x86_64: a4e5fd8221c93b22a601abcdfb310886 kdegraphics-3.3.1-3.3.x86_64.rpm 7e462597879404f94abb47e742fc1851 kdegraphics-devel-3.3.1-3.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdegraphics-3.3.1-3.3.src.rpm fd1d7060c8cca799483a27173d5bc7b6 kdegraphics-3.3.1-3.3.src.rpm i386: 4a2e830f82d3aa0e05dd95426d5a109b kdegraphics-3.3.1-3.3.i386.rpm 5937d9c3e8c5f7175f71078ffb7f717e kdegraphics-devel-3.3.1-3.3.i386.rpm ia64: e2fd3f531b80d5bb50c3ae080639f4f8 kdegraphics-3.3.1-3.3.ia64.rpm b383cbe0daccb73a4fe053d156a73164 kdegraphics-devel-3.3.1-3.3.ia64.rpm x86_64: a4e5fd8221c93b22a601abcdfb310886 kdegraphics-3.3.1-3.3.x86_64.rpm 7e462597879404f94abb47e742fc1851 kdegraphics-devel-3.3.1-3.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.kde.org/info/security/advisory-20041223-1.txt http://www.kde.org/info/security/advisory-20050119-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEcx5XlSAg2UNWIIRAmiYAKCB6I9P5nAjmXrvfO/eHRda5QEbMgCfe08W W1LNPoYWZIVsTNukM2lhJx0= =MVn9 -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:18:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:18 -0500 Subject: [RHSA-2005:071-01] Moderate: ImageMagick security update Message-ID: <200502151018.j1FAIjF19091@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: ImageMagick security update Advisory ID: RHSA-2005:071-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-071.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0005 - --------------------------------------------------------------------- 1. Summary: Updated ImageMagick packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: ImageMagick is an image display and manipulation tool for the X Window System. Andrei Nigmatulin discovered a heap based buffer overflow flaw in the ImageMagick image handler. An attacker could create a carefully crafted Photoshop Document (PSD) image in such a way that it would cause ImageMagick to execute arbitrary code when processing the image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0005 to this issue. Users of ImageMagick should upgrade to these updated packages, which contain a backported patch, and are not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 145123 - CAN-2005-0005 buffer overflow in ImageMagick 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ImageMagick-6.0.7.1-6.src.rpm a5c8511327dc216e6543f2bcce9dbaef ImageMagick-6.0.7.1-6.src.rpm i386: 1145a7d29a8b8f444d94834b5e6c32af ImageMagick-6.0.7.1-6.i386.rpm 7f77e9423e940706e843737c6caaf53f ImageMagick-c++-6.0.7.1-6.i386.rpm e1b8cf2f535ba390f07619327540cb84 ImageMagick-c++-devel-6.0.7.1-6.i386.rpm 7748f74dadba601fb43eb04b6bd5787a ImageMagick-devel-6.0.7.1-6.i386.rpm e907c9aaab08c87c815d289ae3e34d24 ImageMagick-perl-6.0.7.1-6.i386.rpm ia64: 6389e67ad2ec903f8744355a026671c0 ImageMagick-6.0.7.1-6.ia64.rpm 0a5415a7dd437424be36edda7e59404f ImageMagick-c++-6.0.7.1-6.ia64.rpm 7ccc183bce8e328c017a6acd15f85746 ImageMagick-c++-devel-6.0.7.1-6.ia64.rpm 0fbfca7d0531822f1b64fe28410b089a ImageMagick-devel-6.0.7.1-6.ia64.rpm 975b389ef4c61819221a33b46d5798c5 ImageMagick-perl-6.0.7.1-6.ia64.rpm ppc: 0005695a74c40faa555381d9294bbce8 ImageMagick-6.0.7.1-6.ppc.rpm 7e07a4f6de79a6185867b12b13263200 ImageMagick-c++-6.0.7.1-6.ppc.rpm ab2dac355d35242988da6873de6422e2 ImageMagick-c++-devel-6.0.7.1-6.ppc.rpm 62a235627ca1eee014b69ee68ee6b93f ImageMagick-devel-6.0.7.1-6.ppc.rpm 76d2a6e6ab17003535fa8019d3fbeab9 ImageMagick-perl-6.0.7.1-6.ppc.rpm s390: 6d43807788a76a876b4abef3ff0ff1b0 ImageMagick-6.0.7.1-6.s390.rpm 321e1f007114e0bd581bd83b0eda7fe6 ImageMagick-c++-6.0.7.1-6.s390.rpm 3b0d090b96e796c6aff5507d13ed35ae ImageMagick-c++-devel-6.0.7.1-6.s390.rpm 764d139053a2964c1ecee0407ea60c41 ImageMagick-devel-6.0.7.1-6.s390.rpm c239527e5377076c6d57afea04fa18c3 ImageMagick-perl-6.0.7.1-6.s390.rpm s390x: 83717e077a6401a30f9d52b858d62809 ImageMagick-6.0.7.1-6.s390x.rpm c4898fe5d9b06b537f7871c812846d22 ImageMagick-c++-6.0.7.1-6.s390x.rpm 5aaf3be1910b8ce7b4e7ed01fb35e049 ImageMagick-c++-devel-6.0.7.1-6.s390x.rpm 7672587e292ef5e94490749e367508a8 ImageMagick-devel-6.0.7.1-6.s390x.rpm 7bc82308c1b8b405ba45ced6553a1fe0 ImageMagick-perl-6.0.7.1-6.s390x.rpm x86_64: 2f0ee7ea6c2facad27ef786ded68e8c1 ImageMagick-6.0.7.1-6.x86_64.rpm f0950411b38e248645c771ea85b9125d ImageMagick-c++-6.0.7.1-6.x86_64.rpm 4fdf0a7ccc22f73ddb510ac627bc63d5 ImageMagick-c++-devel-6.0.7.1-6.x86_64.rpm 0f8e9d58c905273acc2a5a0410bbd801 ImageMagick-devel-6.0.7.1-6.x86_64.rpm 616716d249de35ad9e3888a251757675 ImageMagick-perl-6.0.7.1-6.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ImageMagick-6.0.7.1-6.src.rpm a5c8511327dc216e6543f2bcce9dbaef ImageMagick-6.0.7.1-6.src.rpm i386: 1145a7d29a8b8f444d94834b5e6c32af ImageMagick-6.0.7.1-6.i386.rpm 7f77e9423e940706e843737c6caaf53f ImageMagick-c++-6.0.7.1-6.i386.rpm e1b8cf2f535ba390f07619327540cb84 ImageMagick-c++-devel-6.0.7.1-6.i386.rpm 7748f74dadba601fb43eb04b6bd5787a ImageMagick-devel-6.0.7.1-6.i386.rpm e907c9aaab08c87c815d289ae3e34d24 ImageMagick-perl-6.0.7.1-6.i386.rpm x86_64: 2f0ee7ea6c2facad27ef786ded68e8c1 ImageMagick-6.0.7.1-6.x86_64.rpm f0950411b38e248645c771ea85b9125d ImageMagick-c++-6.0.7.1-6.x86_64.rpm 4fdf0a7ccc22f73ddb510ac627bc63d5 ImageMagick-c++-devel-6.0.7.1-6.x86_64.rpm 0f8e9d58c905273acc2a5a0410bbd801 ImageMagick-devel-6.0.7.1-6.x86_64.rpm 616716d249de35ad9e3888a251757675 ImageMagick-perl-6.0.7.1-6.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ImageMagick-6.0.7.1-6.src.rpm a5c8511327dc216e6543f2bcce9dbaef ImageMagick-6.0.7.1-6.src.rpm i386: 1145a7d29a8b8f444d94834b5e6c32af ImageMagick-6.0.7.1-6.i386.rpm 7f77e9423e940706e843737c6caaf53f ImageMagick-c++-6.0.7.1-6.i386.rpm e1b8cf2f535ba390f07619327540cb84 ImageMagick-c++-devel-6.0.7.1-6.i386.rpm 7748f74dadba601fb43eb04b6bd5787a ImageMagick-devel-6.0.7.1-6.i386.rpm e907c9aaab08c87c815d289ae3e34d24 ImageMagick-perl-6.0.7.1-6.i386.rpm ia64: 6389e67ad2ec903f8744355a026671c0 ImageMagick-6.0.7.1-6.ia64.rpm 0a5415a7dd437424be36edda7e59404f ImageMagick-c++-6.0.7.1-6.ia64.rpm 7ccc183bce8e328c017a6acd15f85746 ImageMagick-c++-devel-6.0.7.1-6.ia64.rpm 0fbfca7d0531822f1b64fe28410b089a ImageMagick-devel-6.0.7.1-6.ia64.rpm 975b389ef4c61819221a33b46d5798c5 ImageMagick-perl-6.0.7.1-6.ia64.rpm x86_64: 2f0ee7ea6c2facad27ef786ded68e8c1 ImageMagick-6.0.7.1-6.x86_64.rpm f0950411b38e248645c771ea85b9125d ImageMagick-c++-6.0.7.1-6.x86_64.rpm 4fdf0a7ccc22f73ddb510ac627bc63d5 ImageMagick-c++-devel-6.0.7.1-6.x86_64.rpm 0f8e9d58c905273acc2a5a0410bbd801 ImageMagick-devel-6.0.7.1-6.x86_64.rpm 616716d249de35ad9e3888a251757675 ImageMagick-perl-6.0.7.1-6.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ImageMagick-6.0.7.1-6.src.rpm a5c8511327dc216e6543f2bcce9dbaef ImageMagick-6.0.7.1-6.src.rpm i386: 1145a7d29a8b8f444d94834b5e6c32af ImageMagick-6.0.7.1-6.i386.rpm 7f77e9423e940706e843737c6caaf53f ImageMagick-c++-6.0.7.1-6.i386.rpm e1b8cf2f535ba390f07619327540cb84 ImageMagick-c++-devel-6.0.7.1-6.i386.rpm 7748f74dadba601fb43eb04b6bd5787a ImageMagick-devel-6.0.7.1-6.i386.rpm e907c9aaab08c87c815d289ae3e34d24 ImageMagick-perl-6.0.7.1-6.i386.rpm ia64: 6389e67ad2ec903f8744355a026671c0 ImageMagick-6.0.7.1-6.ia64.rpm 0a5415a7dd437424be36edda7e59404f ImageMagick-c++-6.0.7.1-6.ia64.rpm 7ccc183bce8e328c017a6acd15f85746 ImageMagick-c++-devel-6.0.7.1-6.ia64.rpm 0fbfca7d0531822f1b64fe28410b089a ImageMagick-devel-6.0.7.1-6.ia64.rpm 975b389ef4c61819221a33b46d5798c5 ImageMagick-perl-6.0.7.1-6.ia64.rpm x86_64: 2f0ee7ea6c2facad27ef786ded68e8c1 ImageMagick-6.0.7.1-6.x86_64.rpm f0950411b38e248645c771ea85b9125d ImageMagick-c++-6.0.7.1-6.x86_64.rpm 4fdf0a7ccc22f73ddb510ac627bc63d5 ImageMagick-c++-devel-6.0.7.1-6.x86_64.rpm 0f8e9d58c905273acc2a5a0410bbd801 ImageMagick-devel-6.0.7.1-6.x86_64.rpm 616716d249de35ad9e3888a251757675 ImageMagick-perl-6.0.7.1-6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0005 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEcyEXlSAg2UNWIIRAskuAKC10/Xi5883UVe4hB+cMDDUo2ksOQCdEvka +u9EVyCFUobEDbMm0nQR+2o= =ixMf -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:18:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:18 -0500 Subject: [RHSA-2005:072-01] Low: perl-DBI security update Message-ID: <200502151018.j1FAIrF19095@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: perl-DBI security update Advisory ID: RHSA-2005:072-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-072.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0077 - --------------------------------------------------------------------- 1. Summary: An updated perl-DBI package that fixes a temporary file flaw in DBI::ProxyServer is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: DBI is a database access Application Programming Interface (API) for the Perl programming language. The Debian Security Audit Project discovered that the DBI library creates a temporary PID file in an insecure manner. A local user could overwrite or create files as a different user who happens to run an application which uses DBI::ProxyServer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0077 to this issue. Users should update to this erratum package which disables the temporary PID file unless configured. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 145577 - CAN-2005-0077 perl-DBI insecure temporary file usage 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/perl-DBI-1.40-8.src.rpm 3f5f00c7f9484f6d1aa1eb2b5b0d2614 perl-DBI-1.40-8.src.rpm i386: 0407a8b42dc926caaa4cdbae2400b8be perl-DBI-1.40-8.i386.rpm ia64: 2f1629ca7602562481639da97f5e009a perl-DBI-1.40-8.ia64.rpm ppc: a9a28fb845faf483e66253830c095cc9 perl-DBI-1.40-8.ppc.rpm s390: 1574b5f38084c6a0bde8a7c8c83ccb0c perl-DBI-1.40-8.s390.rpm s390x: 04b4f82b9627867ce69f796512fa0fb8 perl-DBI-1.40-8.s390x.rpm x86_64: 81976ba94390dd25e69409de4cf4fcf0 perl-DBI-1.40-8.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/perl-DBI-1.40-8.src.rpm 3f5f00c7f9484f6d1aa1eb2b5b0d2614 perl-DBI-1.40-8.src.rpm i386: 0407a8b42dc926caaa4cdbae2400b8be perl-DBI-1.40-8.i386.rpm x86_64: 81976ba94390dd25e69409de4cf4fcf0 perl-DBI-1.40-8.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/perl-DBI-1.40-8.src.rpm 3f5f00c7f9484f6d1aa1eb2b5b0d2614 perl-DBI-1.40-8.src.rpm i386: 0407a8b42dc926caaa4cdbae2400b8be perl-DBI-1.40-8.i386.rpm ia64: 2f1629ca7602562481639da97f5e009a perl-DBI-1.40-8.ia64.rpm x86_64: 81976ba94390dd25e69409de4cf4fcf0 perl-DBI-1.40-8.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/perl-DBI-1.40-8.src.rpm 3f5f00c7f9484f6d1aa1eb2b5b0d2614 perl-DBI-1.40-8.src.rpm i386: 0407a8b42dc926caaa4cdbae2400b8be perl-DBI-1.40-8.i386.rpm ia64: 2f1629ca7602562481639da97f5e009a perl-DBI-1.40-8.ia64.rpm x86_64: 81976ba94390dd25e69409de4cf4fcf0 perl-DBI-1.40-8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0077 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEcyLXlSAg2UNWIIRAq2FAJ9yf/DpAmcZmlng1VJwJbv5HQ2WmQCfY05U n99EtzgTEtMrOxYkaGqnayM= =Gnmg -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:19:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:19 -0500 Subject: [RHSA-2005:073-01] Low: cpio security update Message-ID: <200502151019.j1FAJ5F19103@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: cpio security update Advisory ID: RHSA-2005:073-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-073.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-1999-1572 - --------------------------------------------------------------------- 1. Summary: An updated cpio package that fixes a umask bug is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: GNU cpio copies files into or out of a cpio or tar archive. It was discovered that cpio uses a 0 umask when creating files using the -O (archive) option. This creates output files with mode 0666 (all can read and write) regardless of the user's umask setting. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-1999-1572 to this issue. Users of cpio should upgrade to this updated package, which resolves this issue. Red Hat would like to thank Mike O'Connor for bringing this issue to our attention. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 145725 - CAN-1999-1572 cpio insecure file creation 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cpio-2.5-7.EL4.1.src.rpm f81762b300053347ae0a624a459c60eb cpio-2.5-7.EL4.1.src.rpm i386: 3d34cc1565e00928cd59b33b3cc25bec cpio-2.5-7.EL4.1.i386.rpm ia64: c51a21e61349908197e629af8c86e619 cpio-2.5-7.EL4.1.ia64.rpm ppc: 38e0e1b27dd0175e38ff67fceaf36ab9 cpio-2.5-7.EL4.1.ppc.rpm s390: dd7b191ed868f845fd1d74646a6ec3f8 cpio-2.5-7.EL4.1.s390.rpm s390x: 21f6e67def41f73d71bfdfed5174b7a9 cpio-2.5-7.EL4.1.s390x.rpm x86_64: 6e75a65c6f877fc4d7603f749642aabc cpio-2.5-7.EL4.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cpio-2.5-7.EL4.1.src.rpm f81762b300053347ae0a624a459c60eb cpio-2.5-7.EL4.1.src.rpm i386: 3d34cc1565e00928cd59b33b3cc25bec cpio-2.5-7.EL4.1.i386.rpm x86_64: 6e75a65c6f877fc4d7603f749642aabc cpio-2.5-7.EL4.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cpio-2.5-7.EL4.1.src.rpm f81762b300053347ae0a624a459c60eb cpio-2.5-7.EL4.1.src.rpm i386: 3d34cc1565e00928cd59b33b3cc25bec cpio-2.5-7.EL4.1.i386.rpm ia64: c51a21e61349908197e629af8c86e619 cpio-2.5-7.EL4.1.ia64.rpm x86_64: 6e75a65c6f877fc4d7603f749642aabc cpio-2.5-7.EL4.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cpio-2.5-7.EL4.1.src.rpm f81762b300053347ae0a624a459c60eb cpio-2.5-7.EL4.1.src.rpm i386: 3d34cc1565e00928cd59b33b3cc25bec cpio-2.5-7.EL4.1.i386.rpm ia64: c51a21e61349908197e629af8c86e619 cpio-2.5-7.EL4.1.ia64.rpm x86_64: 6e75a65c6f877fc4d7603f749642aabc cpio-2.5-7.EL4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1572 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEcyXXlSAg2UNWIIRAs5JAJ41i08JPvrRX0YX8ZM5g9GQXyDF8QCfcyiR yeOin8xllV26v0L6RMvu7gs= =i1Os -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:20:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:20 -0500 Subject: [RHSA-2005:090-01] Moderate: htdig security update Message-ID: <200502151020.j1FAKPF19234@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: htdig security update Advisory ID: RHSA-2005:090-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-090.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0085 - --------------------------------------------------------------------- 1. Summary: Updated htdig packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The ht://Dig system is a Web search and indexing system for a small domain or intranet. Michael Krax reported a cross-site scripting bug affecting htdig. An attacker could construct a carefully crafted URL which can cause a web browser to execute malicious script once visited. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-0085 to this issue. Users of htdig should upgrade to these updated packages, which contain a backported patch, and are not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 144261 - CAN-2005-0085 XSS vulnerability in htdig 3.2.0b6 145649 - htdig packaging cleanups 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/htdig-3.2.0b6-3.40.1.src.rpm bb2c2485bc40ac6842dc81c17d63f0af htdig-3.2.0b6-3.40.1.src.rpm i386: 3a92066c374c430a9e581b76b65358db htdig-3.2.0b6-3.40.1.i386.rpm f7af349ddce35eb4681a416ca0d24ad9 htdig-web-3.2.0b6-3.40.1.i386.rpm ia64: 764d07486a1df065acf0e4b41145efea htdig-3.2.0b6-3.40.1.ia64.rpm 42f417c64c812c224cb061b09bf819d8 htdig-web-3.2.0b6-3.40.1.ia64.rpm ppc: 0b67dcc567f484da5a2100cbb4974b40 htdig-3.2.0b6-3.40.1.ppc.rpm 4c6cad4ee1320469cf8fb5916ccc2f0d htdig-web-3.2.0b6-3.40.1.ppc.rpm s390: db34676305160bc30d1a47dd4e2a15cc htdig-3.2.0b6-3.40.1.s390.rpm 103e9d013e58acb9888bf2894a22f0d8 htdig-web-3.2.0b6-3.40.1.s390.rpm s390x: e9afa0d245cf733c2c14c7815de4dc7e htdig-3.2.0b6-3.40.1.s390x.rpm 5e93175510c2734e7bc15224bac7d9b7 htdig-web-3.2.0b6-3.40.1.s390x.rpm x86_64: 1c00d64041cd9b2a2975222d1a6285a3 htdig-3.2.0b6-3.40.1.x86_64.rpm 4e295161fb868cb875a3e581d680138c htdig-web-3.2.0b6-3.40.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/htdig-3.2.0b6-3.40.1.src.rpm bb2c2485bc40ac6842dc81c17d63f0af htdig-3.2.0b6-3.40.1.src.rpm i386: 3a92066c374c430a9e581b76b65358db htdig-3.2.0b6-3.40.1.i386.rpm f7af349ddce35eb4681a416ca0d24ad9 htdig-web-3.2.0b6-3.40.1.i386.rpm x86_64: 1c00d64041cd9b2a2975222d1a6285a3 htdig-3.2.0b6-3.40.1.x86_64.rpm 4e295161fb868cb875a3e581d680138c htdig-web-3.2.0b6-3.40.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/htdig-3.2.0b6-3.40.1.src.rpm bb2c2485bc40ac6842dc81c17d63f0af htdig-3.2.0b6-3.40.1.src.rpm i386: 3a92066c374c430a9e581b76b65358db htdig-3.2.0b6-3.40.1.i386.rpm f7af349ddce35eb4681a416ca0d24ad9 htdig-web-3.2.0b6-3.40.1.i386.rpm ia64: 764d07486a1df065acf0e4b41145efea htdig-3.2.0b6-3.40.1.ia64.rpm 42f417c64c812c224cb061b09bf819d8 htdig-web-3.2.0b6-3.40.1.ia64.rpm x86_64: 1c00d64041cd9b2a2975222d1a6285a3 htdig-3.2.0b6-3.40.1.x86_64.rpm 4e295161fb868cb875a3e581d680138c htdig-web-3.2.0b6-3.40.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/htdig-3.2.0b6-3.40.1.src.rpm bb2c2485bc40ac6842dc81c17d63f0af htdig-3.2.0b6-3.40.1.src.rpm i386: 3a92066c374c430a9e581b76b65358db htdig-3.2.0b6-3.40.1.i386.rpm f7af349ddce35eb4681a416ca0d24ad9 htdig-web-3.2.0b6-3.40.1.i386.rpm ia64: 764d07486a1df065acf0e4b41145efea htdig-3.2.0b6-3.40.1.ia64.rpm 42f417c64c812c224cb061b09bf819d8 htdig-web-3.2.0b6-3.40.1.ia64.rpm x86_64: 1c00d64041cd9b2a2975222d1a6285a3 htdig-3.2.0b6-3.40.1.x86_64.rpm 4e295161fb868cb875a3e581d680138c htdig-web-3.2.0b6-3.40.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0085 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEczmXlSAg2UNWIIRAgtFAJ4qv5SNPQ+T1ds2X5ATl86JS+xx2wCcCYJX /Rv3qB9VeIkoybtEHMbbIAU= =6A4f -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:26:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:26 -0500 Subject: [RHSA-2005:094-01] Moderate: thunderbird security update Message-ID: <200502151026.j1FAQcF19614@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2005:094-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-094.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0149 - --------------------------------------------------------------------- 1. Summary: An updated Thunderbird package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Thunderbird is a standalone mail and newsgroup client. A bug was found in the way Thunderbird handled cookies when loading content over HTTP regardless of the user's preference. It is possible that a particular user could be tracked through the use of malicious mail messages which load content over HTTP. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0149 to this issue. Users of Thunderbird are advised to upgrade to this updated package, which contains Thunderbird version 1.0 and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 146315 - CAN-2005-0149 Mail responds to cookie requests 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.0-1.1.EL4.src.rpm 76e18155389b33fd9c0134b91a07978b thunderbird-1.0-1.1.EL4.src.rpm i386: bd342e4fbb3831a9919e7250aededa48 thunderbird-1.0-1.1.EL4.i386.rpm ia64: da564a7723608a34e4c8328cc253f3fc thunderbird-1.0-1.1.EL4.ia64.rpm ppc: fa2c446956ad7c6c57e87ff8c7d41ce3 thunderbird-1.0-1.1.EL4.ppc.rpm s390: 023f47ebde9e7571489d9f1dd7432b2a thunderbird-1.0-1.1.EL4.s390.rpm s390x: ea1f170d8da068229c12743e3d141fa7 thunderbird-1.0-1.1.EL4.s390x.rpm x86_64: 41dd86a3c4d963a0f0cef43479eda4f2 thunderbird-1.0-1.1.EL4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.0-1.1.EL4.src.rpm 76e18155389b33fd9c0134b91a07978b thunderbird-1.0-1.1.EL4.src.rpm i386: bd342e4fbb3831a9919e7250aededa48 thunderbird-1.0-1.1.EL4.i386.rpm x86_64: 41dd86a3c4d963a0f0cef43479eda4f2 thunderbird-1.0-1.1.EL4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.0-1.1.EL4.src.rpm 76e18155389b33fd9c0134b91a07978b thunderbird-1.0-1.1.EL4.src.rpm i386: bd342e4fbb3831a9919e7250aededa48 thunderbird-1.0-1.1.EL4.i386.rpm ia64: da564a7723608a34e4c8328cc253f3fc thunderbird-1.0-1.1.EL4.ia64.rpm x86_64: 41dd86a3c4d963a0f0cef43479eda4f2 thunderbird-1.0-1.1.EL4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.0-1.1.EL4.src.rpm 76e18155389b33fd9c0134b91a07978b thunderbird-1.0-1.1.EL4.src.rpm i386: bd342e4fbb3831a9919e7250aededa48 thunderbird-1.0-1.1.EL4.i386.rpm ia64: da564a7723608a34e4c8328cc253f3fc thunderbird-1.0-1.1.EL4.ia64.rpm x86_64: 41dd86a3c4d963a0f0cef43479eda4f2 thunderbird-1.0-1.1.EL4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0149 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEc5bXlSAg2UNWIIRAiLnAJ0X2zeFYAgnwIDF5v5qMzSK1sx8FQCguakQ Ut1JGPZ0RZo/nr/E9YWELpI= =ArGd -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:26:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:26 -0500 Subject: [RHSA-2005:099-01] Moderate: squirrelmail security update Message-ID: <200502151026.j1FAQmF19618@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: squirrelmail security update Advisory ID: RHSA-2005:099-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-099.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0075 CAN-2005-0103 CAN-2005-0104 - --------------------------------------------------------------------- 1. Summary: An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - noarch Red Hat Enterprise Linux Desktop version 4 - noarch Red Hat Enterprise Linux ES version 4 - noarch Red Hat Enterprise Linux WS version 4 - noarch 3. Problem description: SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner discovered a missing variable initialization in Squirrelmail. This flaw could allow potential insecure file inclusions on servers where the PHP setting "register_globals" is set to "On". This is not a default or recommended setting. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0075 to this issue. A URL sanitisation bug was found in Squirrelmail. This flaw could allow a cross site scripting attack when loading the URL for the sidebar. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0103 to this issue. A missing variable initialization bug was found in Squirrelmail. This flaw could allow a cross site scripting attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0104 to this issue. Users of Squirrelmail are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 145387 - CAN-2005-0075 Arbitrary code injection in Squirrelmail 145967 - CAN-2005-0103 Multiple issues in squirrelmail (CAN-2005-0104) 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/squirrelmail-1.4.3a-9.EL4.src.rpm 67b27d7b6cf0638bc11ebf95f7b3f7f8 squirrelmail-1.4.3a-9.EL4.src.rpm noarch: 37baa8ae8e06f758db9f3026edb96a29 squirrelmail-1.4.3a-9.EL4.noarch.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/squirrelmail-1.4.3a-9.EL4.src.rpm 67b27d7b6cf0638bc11ebf95f7b3f7f8 squirrelmail-1.4.3a-9.EL4.src.rpm noarch: 37baa8ae8e06f758db9f3026edb96a29 squirrelmail-1.4.3a-9.EL4.noarch.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/squirrelmail-1.4.3a-9.EL4.src.rpm 67b27d7b6cf0638bc11ebf95f7b3f7f8 squirrelmail-1.4.3a-9.EL4.src.rpm noarch: 37baa8ae8e06f758db9f3026edb96a29 squirrelmail-1.4.3a-9.EL4.noarch.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/squirrelmail-1.4.3a-9.EL4.src.rpm 67b27d7b6cf0638bc11ebf95f7b3f7f8 squirrelmail-1.4.3a-9.EL4.src.rpm noarch: 37baa8ae8e06f758db9f3026edb96a29 squirrelmail-1.4.3a-9.EL4.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.squirrelmail.org/security/issue/2005-01-20 http://www.squirrelmail.org/security/issue/2005-01-19 http://www.squirrelmail.org/security/issue/2005-01-14 http://www.php.net/register_globals http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0104 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEc5lXlSAg2UNWIIRAgCOAJ4qeK9gQ4B3x5mngBMkSBBMclBeMgCgrdYm fPYXx2Eq0pcBQT5NLuY5yS0= =fP2W -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:26:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:26 -0500 Subject: [RHSA-2005:100-01] Moderate: mod_python security update Message-ID: <200502151026.j1FAQvF19628@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: mod_python security update Advisory ID: RHSA-2005:100-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-100.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0088 - --------------------------------------------------------------------- 1. Summary: An updated mod_python package that fixes a security issue in the publisher handle is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Mod_python is a module that embeds the Python language interpreter within the Apache web server, allowing handlers to be written in Python. Graham Dumpleton discovered a flaw affecting the publisher handler of mod_python, used to make objects inside modules callable via URL. A remote user could visit a carefully crafted URL that would gain access to objects that should not be visible, leading to an information leak. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0088 to this issue. Users of mod_python are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 146657 - CAN-2005-0088 mod_python information leak 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mod_python-3.1.3-5.1.src.rpm 9b347c87be626bf3db5d6dd48baa3361 mod_python-3.1.3-5.1.src.rpm i386: 23fa47b1d2f39be88f9e5822a2285773 mod_python-3.1.3-5.1.i386.rpm ia64: 7d0d70022fc49b14cce22a5c9cce2897 mod_python-3.1.3-5.1.ia64.rpm ppc: d0ee5d0be27d284ca33ede8d8df802f6 mod_python-3.1.3-5.1.ppc.rpm s390: 66c04ae4fe581508f12e2de2c8168deb mod_python-3.1.3-5.1.s390.rpm s390x: e01c827fd8713607826eaae61b7c2723 mod_python-3.1.3-5.1.s390x.rpm x86_64: d2606f761ce9e4eef03774c052d86720 mod_python-3.1.3-5.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mod_python-3.1.3-5.1.src.rpm 9b347c87be626bf3db5d6dd48baa3361 mod_python-3.1.3-5.1.src.rpm i386: 23fa47b1d2f39be88f9e5822a2285773 mod_python-3.1.3-5.1.i386.rpm x86_64: d2606f761ce9e4eef03774c052d86720 mod_python-3.1.3-5.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mod_python-3.1.3-5.1.src.rpm 9b347c87be626bf3db5d6dd48baa3361 mod_python-3.1.3-5.1.src.rpm i386: 23fa47b1d2f39be88f9e5822a2285773 mod_python-3.1.3-5.1.i386.rpm ia64: 7d0d70022fc49b14cce22a5c9cce2897 mod_python-3.1.3-5.1.ia64.rpm x86_64: d2606f761ce9e4eef03774c052d86720 mod_python-3.1.3-5.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mod_python-3.1.3-5.1.src.rpm 9b347c87be626bf3db5d6dd48baa3361 mod_python-3.1.3-5.1.src.rpm i386: 23fa47b1d2f39be88f9e5822a2285773 mod_python-3.1.3-5.1.i386.rpm ia64: 7d0d70022fc49b14cce22a5c9cce2897 mod_python-3.1.3-5.1.ia64.rpm x86_64: d2606f761ce9e4eef03774c052d86720 mod_python-3.1.3-5.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0088 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEc5wXlSAg2UNWIIRAqwPAKCNlYEsFmvGtB886+avhXQchnWCjwCeNMc1 KLnLU4vibO3S1THPnYYySSk= =LKai -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:27:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:27 -0500 Subject: [RHSA-2005:103-01] Important: perl security update Message-ID: <200502151027.j1FAR6F19636@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: perl security update Advisory ID: RHSA-2005:103-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-103.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-0452 CAN-2005-0155 CAN-2005-0156 - --------------------------------------------------------------------- 1. Summary: Updated Perl packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Perl is a high-level programming language commonly used for system administration utilities and Web programming. Kevin Finisterre discovered a stack based buffer overflow flaw in sperl, the Perl setuid wrapper. A local user could create a sperl executable script with a carefully created path name, overflowing the buffer and leading to root privilege escalation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0156 to this issue. Kevin Finisterre discovered a flaw in sperl which can cause debugging information to be logged to arbitrary files. By setting an environment variable, a local user could cause sperl to create, as root, files with arbitrary filenames, or append the debugging information to existing files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0155 to this issue. An unsafe file permission bug was discovered in the rmtree() function in the File::Path module. The rmtree() function removes files and directories in an insecure manner, which could allow a local user to read or delete arbitrary files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0452 to this issue. Users of Perl are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 146774 - CAN-2004-0452 File::Path::rmtree() issue 146739 - CAN-2005-0155 multiple setuid perl issues (CAN-2005-0156 ) 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/perl-5.8.5-12.1.src.rpm 7a96cedf79d1a432017d98dba0d0a942 perl-5.8.5-12.1.src.rpm i386: 54b5fa19cb57d751ab97f6af23aaa2c8 perl-5.8.5-12.1.i386.rpm 1c2bea7fbcc7314a8d4ef6e1b6740612 perl-suidperl-5.8.5-12.1.1.i386.rpm ia64: f62cd1880ef37655fc3f899167506210 perl-5.8.5-12.1.ia64.rpm f44de9b35fbea3e3008a54af398f9f85 perl-suidperl-5.8.5-12.1.1.ia64.rpm ppc: b6f57d5e260d76af9545746834ca11b8 perl-5.8.5-12.1.ppc.rpm 1f1ca5442c04035daa6d3ca39a3aec46 perl-suidperl-5.8.5-12.1.1.ppc.rpm s390: bd38a15ca6df61c3dccfd36b04ba6726 perl-5.8.5-12.1.s390.rpm 8cf6fe94b55cc0f549d090eff2011636 perl-suidperl-5.8.5-12.1.1.s390.rpm s390x: cc5cf1b33baa869bf1ee4e23e0cc7b35 perl-5.8.5-12.1.s390x.rpm 9f84a323e964c3a451768b739e548fec perl-suidperl-5.8.5-12.1.1.s390x.rpm x86_64: 935d0324608cb6929e2cab7a18f0e100 perl-5.8.5-12.1.x86_64.rpm d9371f44f8d263d1fabe88d55509c43b perl-suidperl-5.8.5-12.1.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/perl-5.8.5-12.1.src.rpm 7a96cedf79d1a432017d98dba0d0a942 perl-5.8.5-12.1.src.rpm i386: 54b5fa19cb57d751ab97f6af23aaa2c8 perl-5.8.5-12.1.i386.rpm 1c2bea7fbcc7314a8d4ef6e1b6740612 perl-suidperl-5.8.5-12.1.1.i386.rpm x86_64: 935d0324608cb6929e2cab7a18f0e100 perl-5.8.5-12.1.x86_64.rpm d9371f44f8d263d1fabe88d55509c43b perl-suidperl-5.8.5-12.1.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/perl-5.8.5-12.1.src.rpm 7a96cedf79d1a432017d98dba0d0a942 perl-5.8.5-12.1.src.rpm i386: 54b5fa19cb57d751ab97f6af23aaa2c8 perl-5.8.5-12.1.i386.rpm 1c2bea7fbcc7314a8d4ef6e1b6740612 perl-suidperl-5.8.5-12.1.1.i386.rpm ia64: f62cd1880ef37655fc3f899167506210 perl-5.8.5-12.1.ia64.rpm f44de9b35fbea3e3008a54af398f9f85 perl-suidperl-5.8.5-12.1.1.ia64.rpm x86_64: 935d0324608cb6929e2cab7a18f0e100 perl-5.8.5-12.1.x86_64.rpm d9371f44f8d263d1fabe88d55509c43b perl-suidperl-5.8.5-12.1.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/perl-5.8.5-12.1.src.rpm 7a96cedf79d1a432017d98dba0d0a942 perl-5.8.5-12.1.src.rpm i386: 54b5fa19cb57d751ab97f6af23aaa2c8 perl-5.8.5-12.1.i386.rpm 1c2bea7fbcc7314a8d4ef6e1b6740612 perl-suidperl-5.8.5-12.1.1.i386.rpm ia64: f62cd1880ef37655fc3f899167506210 perl-5.8.5-12.1.ia64.rpm f44de9b35fbea3e3008a54af398f9f85 perl-suidperl-5.8.5-12.1.1.ia64.rpm x86_64: 935d0324608cb6929e2cab7a18f0e100 perl-5.8.5-12.1.x86_64.rpm d9371f44f8d263d1fabe88d55509c43b perl-suidperl-5.8.5-12.1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0452 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0156 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEc55XlSAg2UNWIIRAlI5AJ9c4dku22D+O+12Oo69qYL6XydcKgCgulxF 9jzoGhrTgyuOAZRG+6H97js= =wGqu -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:27:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:27 -0500 Subject: [RHSA-2005:108-01] Important: python security update Message-ID: <200502151027.j1FARJF19650@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: python security update Advisory ID: RHSA-2005:108-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-108.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0089 - --------------------------------------------------------------------- 1. Summary: Updated Python packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Python is an interpreted, interactive, object-oriented programming language. An object traversal bug was found in the Python SimpleXMLRPCServer. This bug could allow a remote untrusted user to do unrestricted object traversal and allow them to access or change function internals using the im_* and func_* attributes. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0089 to this issue. Users of Python are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 146649 - CAN-2005-0089 python SimpleXMLRPCServer security issue 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/python-2.3.4-14.1.src.rpm d189468154d7cf63aa6af6678cb8613d python-2.3.4-14.1.src.rpm i386: 2712b8f9d2912600d8f646d35f689996 python-2.3.4-14.1.i386.rpm be88db797f56d1a501ed3732757b657d python-devel-2.3.4-14.1.i386.rpm 20a88af26a767018c87e39032552a57a python-docs-2.3.4-14.1.i386.rpm 05a2588346ef5950ae83b76f140cd029 python-tools-2.3.4-14.1.i386.rpm 689f7fc46cf2e5e2107653f5f338f471 tkinter-2.3.4-14.1.i386.rpm ia64: 6ba1f92092692ce7dc000f2396444430 python-2.3.4-14.1.ia64.rpm f45375f74a80c5a541c5c6f8c511c6ed python-devel-2.3.4-14.1.ia64.rpm aea178005376626a739f9e9deb46d85e python-docs-2.3.4-14.1.ia64.rpm 68884aa4b76210190f984b0a644b7bcc python-tools-2.3.4-14.1.ia64.rpm 1182fdc4661ee0aaa6187a4adcf88309 tkinter-2.3.4-14.1.ia64.rpm ppc: ef9131d7daa839fb8b80051c0a248ec8 python-2.3.4-14.1.ppc.rpm 974938aea5959d3b9d7dfe17bee28bc8 python-devel-2.3.4-14.1.ppc.rpm 29b6d4fc9a8e46a5dd4ea76eb0262ec5 python-docs-2.3.4-14.1.ppc.rpm ad59f7d118c70b89c522a28054df5abd python-tools-2.3.4-14.1.ppc.rpm 85e2c0aec90cd30f2b6a0bb4f711f06e tkinter-2.3.4-14.1.ppc.rpm s390: c2c5d0e3a66dcfd17ebaffdadbb84d8a python-2.3.4-14.1.s390.rpm 1192f7711e7296bd55e407afe275dea2 python-devel-2.3.4-14.1.s390.rpm baaccfd176d523a9019befc6ca3e4546 python-docs-2.3.4-14.1.s390.rpm 757b1117779443567ae9f9ba5470397d python-tools-2.3.4-14.1.s390.rpm 8ab54fcc6429685ca89a004255da2302 tkinter-2.3.4-14.1.s390.rpm s390x: 7364a75ad005e960d90c68c26db1b9d6 python-2.3.4-14.1.s390x.rpm 57ed41904fd90af8020cb2a12c6b9efa python-devel-2.3.4-14.1.s390x.rpm 5c001929d0620a477310cfcc611b57bf python-docs-2.3.4-14.1.s390x.rpm 4ec4346b001bd2b2568ac7b3d2fc18ba python-tools-2.3.4-14.1.s390x.rpm cd2d59c73aa0dee5c8140b653b74792c tkinter-2.3.4-14.1.s390x.rpm x86_64: ba4668c9e17ec0a36950f84a6e4d6ed9 python-2.3.4-14.1.x86_64.rpm 51c6c2801c10e1ab406303446b2b2f11 python-devel-2.3.4-14.1.x86_64.rpm 5f32fc6f75760f31ca259534af097eb2 python-docs-2.3.4-14.1.x86_64.rpm fdabec76f02d3616b5a540f0402c5237 python-tools-2.3.4-14.1.x86_64.rpm 26bb9a58781a462848dc632bfd08eb81 tkinter-2.3.4-14.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/python-2.3.4-14.1.src.rpm d189468154d7cf63aa6af6678cb8613d python-2.3.4-14.1.src.rpm i386: 2712b8f9d2912600d8f646d35f689996 python-2.3.4-14.1.i386.rpm be88db797f56d1a501ed3732757b657d python-devel-2.3.4-14.1.i386.rpm 20a88af26a767018c87e39032552a57a python-docs-2.3.4-14.1.i386.rpm 05a2588346ef5950ae83b76f140cd029 python-tools-2.3.4-14.1.i386.rpm 689f7fc46cf2e5e2107653f5f338f471 tkinter-2.3.4-14.1.i386.rpm x86_64: ba4668c9e17ec0a36950f84a6e4d6ed9 python-2.3.4-14.1.x86_64.rpm 51c6c2801c10e1ab406303446b2b2f11 python-devel-2.3.4-14.1.x86_64.rpm 5f32fc6f75760f31ca259534af097eb2 python-docs-2.3.4-14.1.x86_64.rpm fdabec76f02d3616b5a540f0402c5237 python-tools-2.3.4-14.1.x86_64.rpm 26bb9a58781a462848dc632bfd08eb81 tkinter-2.3.4-14.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/python-2.3.4-14.1.src.rpm d189468154d7cf63aa6af6678cb8613d python-2.3.4-14.1.src.rpm i386: 2712b8f9d2912600d8f646d35f689996 python-2.3.4-14.1.i386.rpm be88db797f56d1a501ed3732757b657d python-devel-2.3.4-14.1.i386.rpm 20a88af26a767018c87e39032552a57a python-docs-2.3.4-14.1.i386.rpm 05a2588346ef5950ae83b76f140cd029 python-tools-2.3.4-14.1.i386.rpm 689f7fc46cf2e5e2107653f5f338f471 tkinter-2.3.4-14.1.i386.rpm ia64: 6ba1f92092692ce7dc000f2396444430 python-2.3.4-14.1.ia64.rpm f45375f74a80c5a541c5c6f8c511c6ed python-devel-2.3.4-14.1.ia64.rpm aea178005376626a739f9e9deb46d85e python-docs-2.3.4-14.1.ia64.rpm 68884aa4b76210190f984b0a644b7bcc python-tools-2.3.4-14.1.ia64.rpm 1182fdc4661ee0aaa6187a4adcf88309 tkinter-2.3.4-14.1.ia64.rpm x86_64: ba4668c9e17ec0a36950f84a6e4d6ed9 python-2.3.4-14.1.x86_64.rpm 51c6c2801c10e1ab406303446b2b2f11 python-devel-2.3.4-14.1.x86_64.rpm 5f32fc6f75760f31ca259534af097eb2 python-docs-2.3.4-14.1.x86_64.rpm fdabec76f02d3616b5a540f0402c5237 python-tools-2.3.4-14.1.x86_64.rpm 26bb9a58781a462848dc632bfd08eb81 tkinter-2.3.4-14.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/python-2.3.4-14.1.src.rpm d189468154d7cf63aa6af6678cb8613d python-2.3.4-14.1.src.rpm i386: 2712b8f9d2912600d8f646d35f689996 python-2.3.4-14.1.i386.rpm be88db797f56d1a501ed3732757b657d python-devel-2.3.4-14.1.i386.rpm 20a88af26a767018c87e39032552a57a python-docs-2.3.4-14.1.i386.rpm 05a2588346ef5950ae83b76f140cd029 python-tools-2.3.4-14.1.i386.rpm 689f7fc46cf2e5e2107653f5f338f471 tkinter-2.3.4-14.1.i386.rpm ia64: 6ba1f92092692ce7dc000f2396444430 python-2.3.4-14.1.ia64.rpm f45375f74a80c5a541c5c6f8c511c6ed python-devel-2.3.4-14.1.ia64.rpm aea178005376626a739f9e9deb46d85e python-docs-2.3.4-14.1.ia64.rpm 68884aa4b76210190f984b0a644b7bcc python-tools-2.3.4-14.1.ia64.rpm 1182fdc4661ee0aaa6187a4adcf88309 tkinter-2.3.4-14.1.ia64.rpm x86_64: ba4668c9e17ec0a36950f84a6e4d6ed9 python-2.3.4-14.1.x86_64.rpm 51c6c2801c10e1ab406303446b2b2f11 python-devel-2.3.4-14.1.x86_64.rpm 5f32fc6f75760f31ca259534af097eb2 python-docs-2.3.4-14.1.x86_64.rpm fdabec76f02d3616b5a540f0402c5237 python-tools-2.3.4-14.1.x86_64.rpm 26bb9a58781a462848dc632bfd08eb81 tkinter-2.3.4-14.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.python.org/security/PSF-2005-001/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0089 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEc6FXlSAg2UNWIIRAmm9AJ9aL7Sswi3F/oxjWHMv8sHPB425KQCfUAR8 bjnPw/Kk5h6q6PANnBQC5h8= =YvZd -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:27:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:27 -0500 Subject: [RHSA-2005:110-01] Important: emacs security update Message-ID: <200502151027.j1FARUF19657@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: emacs security update Advisory ID: RHSA-2005:110-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-110.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0100 - --------------------------------------------------------------------- 1. Summary: Updated Emacs packages that fix a string format issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Emacs is a powerful, customizable, self-documenting, modeless text editor. Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running emacs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0100 to this issue. Users of Emacs are advised to upgrade to these updated packages, which contain backported patches to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 146702 - CAN-2005-0100 Arbitrary code execution in *emacs* 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/emacs-21.3-19.EL.1.src.rpm 0308af5b40cbfa7da72179f9eba9d0a6 emacs-21.3-19.EL.1.src.rpm i386: e14739371b9e77a4a378bfe8482bae68 emacs-21.3-19.EL.1.i386.rpm 4e54441289c467b48a030aae49b5b11d emacs-common-21.3-19.EL.1.i386.rpm e87076de3bf4ad67983466f6fc381b9f emacs-el-21.3-19.EL.1.i386.rpm 5f239b2f9044b4bb06356973bce0fbf7 emacs-leim-21.3-19.EL.1.i386.rpm 7bb7fd34f5c089056a9cb828d8a08f22 emacs-nox-21.3-19.EL.1.i386.rpm ia64: 107b4db24feb6f15baf646bd3b216abf emacs-21.3-19.EL.1.ia64.rpm ac6fbbd121e3a1e4b77873752508036c emacs-common-21.3-19.EL.1.ia64.rpm e43232ea8746ca44d11005038bdba491 emacs-el-21.3-19.EL.1.ia64.rpm 3e56b6f8f4e8018780be9aae9505bb21 emacs-leim-21.3-19.EL.1.ia64.rpm a607f49467d0ac4b843bee6976465aa0 emacs-nox-21.3-19.EL.1.ia64.rpm ppc: aa1df458e29f1fc3a9c5683cc63569db emacs-21.3-19.EL.1.ppc.rpm cf1c15b8b68fea1700873af27a6224fb emacs-common-21.3-19.EL.1.ppc.rpm b329aa4d9525c604cecec7cd8dd51a6e emacs-el-21.3-19.EL.1.ppc.rpm cc8d208922f5008ab6804b6a9e63a614 emacs-leim-21.3-19.EL.1.ppc.rpm 9bccad4563f257e4163fea463e36eb82 emacs-nox-21.3-19.EL.1.ppc.rpm s390: d88c1758f21c4220c3df0711343908f0 emacs-21.3-19.EL.1.s390.rpm ca6a5718a17bdd4bb8658d120f09cc83 emacs-common-21.3-19.EL.1.s390.rpm 82525d517fb1e6b2ece6c6358c06c816 emacs-el-21.3-19.EL.1.s390.rpm a396774e36429c5ebd427b737903f687 emacs-leim-21.3-19.EL.1.s390.rpm 8462339636d4c473187c91df847a0819 emacs-nox-21.3-19.EL.1.s390.rpm s390x: 12a3ccc10b35c10326bc6bb5f0debc0b emacs-21.3-19.EL.1.s390x.rpm 3cae3da5240a0f9b58917ebcdccc96b1 emacs-common-21.3-19.EL.1.s390x.rpm e5ecc6b2391f279dbf5e277d294496a9 emacs-el-21.3-19.EL.1.s390x.rpm 3c03be453391e596378a3ae06b537dc6 emacs-leim-21.3-19.EL.1.s390x.rpm 9d03750e15609eb23e5c782ceeb39d7d emacs-nox-21.3-19.EL.1.s390x.rpm x86_64: 533c8768fa5fb1e70b11544eb1b9d4a5 emacs-21.3-19.EL.1.x86_64.rpm 76dba36b790c49ce2b8b3d336260cd11 emacs-common-21.3-19.EL.1.x86_64.rpm 9b93ee334811512c29792c8418f85cb6 emacs-el-21.3-19.EL.1.x86_64.rpm 938772be956ff93dbd1dc9e1a4182a22 emacs-leim-21.3-19.EL.1.x86_64.rpm 39f97ade0ab062a36f5e5dce43e134ab emacs-nox-21.3-19.EL.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/emacs-21.3-19.EL.1.src.rpm 0308af5b40cbfa7da72179f9eba9d0a6 emacs-21.3-19.EL.1.src.rpm i386: e14739371b9e77a4a378bfe8482bae68 emacs-21.3-19.EL.1.i386.rpm 4e54441289c467b48a030aae49b5b11d emacs-common-21.3-19.EL.1.i386.rpm e87076de3bf4ad67983466f6fc381b9f emacs-el-21.3-19.EL.1.i386.rpm 5f239b2f9044b4bb06356973bce0fbf7 emacs-leim-21.3-19.EL.1.i386.rpm 7bb7fd34f5c089056a9cb828d8a08f22 emacs-nox-21.3-19.EL.1.i386.rpm x86_64: 533c8768fa5fb1e70b11544eb1b9d4a5 emacs-21.3-19.EL.1.x86_64.rpm 76dba36b790c49ce2b8b3d336260cd11 emacs-common-21.3-19.EL.1.x86_64.rpm 9b93ee334811512c29792c8418f85cb6 emacs-el-21.3-19.EL.1.x86_64.rpm 938772be956ff93dbd1dc9e1a4182a22 emacs-leim-21.3-19.EL.1.x86_64.rpm 39f97ade0ab062a36f5e5dce43e134ab emacs-nox-21.3-19.EL.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/emacs-21.3-19.EL.1.src.rpm 0308af5b40cbfa7da72179f9eba9d0a6 emacs-21.3-19.EL.1.src.rpm i386: e14739371b9e77a4a378bfe8482bae68 emacs-21.3-19.EL.1.i386.rpm 4e54441289c467b48a030aae49b5b11d emacs-common-21.3-19.EL.1.i386.rpm e87076de3bf4ad67983466f6fc381b9f emacs-el-21.3-19.EL.1.i386.rpm 5f239b2f9044b4bb06356973bce0fbf7 emacs-leim-21.3-19.EL.1.i386.rpm 7bb7fd34f5c089056a9cb828d8a08f22 emacs-nox-21.3-19.EL.1.i386.rpm ia64: 107b4db24feb6f15baf646bd3b216abf emacs-21.3-19.EL.1.ia64.rpm ac6fbbd121e3a1e4b77873752508036c emacs-common-21.3-19.EL.1.ia64.rpm e43232ea8746ca44d11005038bdba491 emacs-el-21.3-19.EL.1.ia64.rpm 3e56b6f8f4e8018780be9aae9505bb21 emacs-leim-21.3-19.EL.1.ia64.rpm a607f49467d0ac4b843bee6976465aa0 emacs-nox-21.3-19.EL.1.ia64.rpm x86_64: 533c8768fa5fb1e70b11544eb1b9d4a5 emacs-21.3-19.EL.1.x86_64.rpm 76dba36b790c49ce2b8b3d336260cd11 emacs-common-21.3-19.EL.1.x86_64.rpm 9b93ee334811512c29792c8418f85cb6 emacs-el-21.3-19.EL.1.x86_64.rpm 938772be956ff93dbd1dc9e1a4182a22 emacs-leim-21.3-19.EL.1.x86_64.rpm 39f97ade0ab062a36f5e5dce43e134ab emacs-nox-21.3-19.EL.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/emacs-21.3-19.EL.1.src.rpm 0308af5b40cbfa7da72179f9eba9d0a6 emacs-21.3-19.EL.1.src.rpm i386: e14739371b9e77a4a378bfe8482bae68 emacs-21.3-19.EL.1.i386.rpm 4e54441289c467b48a030aae49b5b11d emacs-common-21.3-19.EL.1.i386.rpm e87076de3bf4ad67983466f6fc381b9f emacs-el-21.3-19.EL.1.i386.rpm 5f239b2f9044b4bb06356973bce0fbf7 emacs-leim-21.3-19.EL.1.i386.rpm 7bb7fd34f5c089056a9cb828d8a08f22 emacs-nox-21.3-19.EL.1.i386.rpm ia64: 107b4db24feb6f15baf646bd3b216abf emacs-21.3-19.EL.1.ia64.rpm ac6fbbd121e3a1e4b77873752508036c emacs-common-21.3-19.EL.1.ia64.rpm e43232ea8746ca44d11005038bdba491 emacs-el-21.3-19.EL.1.ia64.rpm 3e56b6f8f4e8018780be9aae9505bb21 emacs-leim-21.3-19.EL.1.ia64.rpm a607f49467d0ac4b843bee6976465aa0 emacs-nox-21.3-19.EL.1.ia64.rpm x86_64: 533c8768fa5fb1e70b11544eb1b9d4a5 emacs-21.3-19.EL.1.x86_64.rpm 76dba36b790c49ce2b8b3d336260cd11 emacs-common-21.3-19.EL.1.x86_64.rpm 9b93ee334811512c29792c8418f85cb6 emacs-el-21.3-19.EL.1.x86_64.rpm 938772be956ff93dbd1dc9e1a4182a22 emacs-leim-21.3-19.EL.1.x86_64.rpm 39f97ade0ab062a36f5e5dce43e134ab emacs-nox-21.3-19.EL.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEc6QXlSAg2UNWIIRAk+hAKC0zl4FAY1FFiCMhxGRFUfS8eqAMACgq8qB caZgivwMOk/QOA2WKsCtZwM= =WgpV -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:27:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:27 -0500 Subject: [RHSA-2005:133-01] Important: xemacs security update Message-ID: <200502151027.j1FARcF19661@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: xemacs security update Advisory ID: RHSA-2005:133-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-133.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0100 - --------------------------------------------------------------------- 1. Summary: Updated XEmacs packages that fix a string format issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: XEmacs is a powerful, customizable, self-documenting, modeless text editor. Max Vozeler discovered several format string vulnerabilities in the movemail utility of XEmacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running xemacs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0100 to this issue. Users of XEmacs are advised to upgrade to these updated packages, which contain backported patches to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 146706 - CAN-2005-0100 Arbitrary code execution in *emacs* 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/xemacs-21.4.15-10.EL.1.src.rpm 3578571b8fbfa877446ff2bf2aba4d33 xemacs-21.4.15-10.EL.1.src.rpm i386: 32769fed540b952fa0b13099656c99df xemacs-21.4.15-10.EL.1.i386.rpm 7ea9196d920a918309f882b4ec36daff xemacs-common-21.4.15-10.EL.1.i386.rpm 28a03178e6cda6a0f9ae41a63cf604ce xemacs-el-21.4.15-10.EL.1.i386.rpm 7edc52f8b80c8c108bc8144736a758be xemacs-info-21.4.15-10.EL.1.i386.rpm 7adf376bc1a202d1509c39e17b6ca47d xemacs-nox-21.4.15-10.EL.1.i386.rpm ia64: 5da6d5f42eaf911e2d3531dd6bb3a438 xemacs-21.4.15-10.EL.1.ia64.rpm 0d62c335e2dd1f2b97f6d7700882ce73 xemacs-common-21.4.15-10.EL.1.ia64.rpm 6a55af1abbe00a4ff5fc8bea3f8f362b xemacs-el-21.4.15-10.EL.1.ia64.rpm b014369cff4e33efb41d2e1926f1ebe6 xemacs-info-21.4.15-10.EL.1.ia64.rpm 170a29a6e539d290a8a1e0a4aa04f80a xemacs-nox-21.4.15-10.EL.1.ia64.rpm ppc: 604b838be1c70f78a069838aedd3583f xemacs-21.4.15-10.EL.1.ppc.rpm 19ca8f80d9150c61a4e4532003caa40a xemacs-common-21.4.15-10.EL.1.ppc.rpm 98623c7463fa2f35562a7bac89f24a59 xemacs-el-21.4.15-10.EL.1.ppc.rpm 659cf3c867f3c1089936c0eae8646995 xemacs-info-21.4.15-10.EL.1.ppc.rpm ce04905c75b1c1b4e250ec64b646c088 xemacs-nox-21.4.15-10.EL.1.ppc.rpm s390: 67c1e30c3da90c9f929a0454cda90480 xemacs-21.4.15-10.EL.1.s390.rpm 87f1b473112c1417e3e5005898aeaba7 xemacs-common-21.4.15-10.EL.1.s390.rpm 62b74ac3cc227f94c7385616e6e98bb9 xemacs-el-21.4.15-10.EL.1.s390.rpm 931788a7c98b15bf3971f512e74f6c9a xemacs-info-21.4.15-10.EL.1.s390.rpm 1c4fc34a77f266dd46036f28f2355552 xemacs-nox-21.4.15-10.EL.1.s390.rpm s390x: 43e7f05b16a56833fba58286f84aff3a xemacs-21.4.15-10.EL.1.s390x.rpm 9d5ab2fcf69ede7e50beca7d057c364e xemacs-common-21.4.15-10.EL.1.s390x.rpm 705516d8db6bfae82a7c600db243a55e xemacs-el-21.4.15-10.EL.1.s390x.rpm 0d10cc5bb25fcf0e7f8a135c5d59dfb9 xemacs-info-21.4.15-10.EL.1.s390x.rpm 0f2a83207bd62d69ad51e35c8ba7713a xemacs-nox-21.4.15-10.EL.1.s390x.rpm x86_64: 60675f3441482c33d304cb6ba1c055fc xemacs-21.4.15-10.EL.1.x86_64.rpm 625de01c2f5f6385597ce95fb636a88b xemacs-common-21.4.15-10.EL.1.x86_64.rpm 3dcd4dabcf9e7967ff381f74f8a55804 xemacs-el-21.4.15-10.EL.1.x86_64.rpm 2b0b2d67309d87609dd1d3e7d0cd457f xemacs-info-21.4.15-10.EL.1.x86_64.rpm 2ba03342b10f3002db64e4247eab39e2 xemacs-nox-21.4.15-10.EL.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/xemacs-21.4.15-10.EL.1.src.rpm 3578571b8fbfa877446ff2bf2aba4d33 xemacs-21.4.15-10.EL.1.src.rpm i386: 32769fed540b952fa0b13099656c99df xemacs-21.4.15-10.EL.1.i386.rpm 7ea9196d920a918309f882b4ec36daff xemacs-common-21.4.15-10.EL.1.i386.rpm 28a03178e6cda6a0f9ae41a63cf604ce xemacs-el-21.4.15-10.EL.1.i386.rpm 7edc52f8b80c8c108bc8144736a758be xemacs-info-21.4.15-10.EL.1.i386.rpm 7adf376bc1a202d1509c39e17b6ca47d xemacs-nox-21.4.15-10.EL.1.i386.rpm x86_64: 60675f3441482c33d304cb6ba1c055fc xemacs-21.4.15-10.EL.1.x86_64.rpm 625de01c2f5f6385597ce95fb636a88b xemacs-common-21.4.15-10.EL.1.x86_64.rpm 3dcd4dabcf9e7967ff381f74f8a55804 xemacs-el-21.4.15-10.EL.1.x86_64.rpm 2b0b2d67309d87609dd1d3e7d0cd457f xemacs-info-21.4.15-10.EL.1.x86_64.rpm 2ba03342b10f3002db64e4247eab39e2 xemacs-nox-21.4.15-10.EL.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/xemacs-21.4.15-10.EL.1.src.rpm 3578571b8fbfa877446ff2bf2aba4d33 xemacs-21.4.15-10.EL.1.src.rpm i386: 32769fed540b952fa0b13099656c99df xemacs-21.4.15-10.EL.1.i386.rpm 7ea9196d920a918309f882b4ec36daff xemacs-common-21.4.15-10.EL.1.i386.rpm 28a03178e6cda6a0f9ae41a63cf604ce xemacs-el-21.4.15-10.EL.1.i386.rpm 7edc52f8b80c8c108bc8144736a758be xemacs-info-21.4.15-10.EL.1.i386.rpm 7adf376bc1a202d1509c39e17b6ca47d xemacs-nox-21.4.15-10.EL.1.i386.rpm ia64: 5da6d5f42eaf911e2d3531dd6bb3a438 xemacs-21.4.15-10.EL.1.ia64.rpm 0d62c335e2dd1f2b97f6d7700882ce73 xemacs-common-21.4.15-10.EL.1.ia64.rpm 6a55af1abbe00a4ff5fc8bea3f8f362b xemacs-el-21.4.15-10.EL.1.ia64.rpm b014369cff4e33efb41d2e1926f1ebe6 xemacs-info-21.4.15-10.EL.1.ia64.rpm 170a29a6e539d290a8a1e0a4aa04f80a xemacs-nox-21.4.15-10.EL.1.ia64.rpm x86_64: 60675f3441482c33d304cb6ba1c055fc xemacs-21.4.15-10.EL.1.x86_64.rpm 625de01c2f5f6385597ce95fb636a88b xemacs-common-21.4.15-10.EL.1.x86_64.rpm 3dcd4dabcf9e7967ff381f74f8a55804 xemacs-el-21.4.15-10.EL.1.x86_64.rpm 2b0b2d67309d87609dd1d3e7d0cd457f xemacs-info-21.4.15-10.EL.1.x86_64.rpm 2ba03342b10f3002db64e4247eab39e2 xemacs-nox-21.4.15-10.EL.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/xemacs-21.4.15-10.EL.1.src.rpm 3578571b8fbfa877446ff2bf2aba4d33 xemacs-21.4.15-10.EL.1.src.rpm i386: 32769fed540b952fa0b13099656c99df xemacs-21.4.15-10.EL.1.i386.rpm 7ea9196d920a918309f882b4ec36daff xemacs-common-21.4.15-10.EL.1.i386.rpm 28a03178e6cda6a0f9ae41a63cf604ce xemacs-el-21.4.15-10.EL.1.i386.rpm 7edc52f8b80c8c108bc8144736a758be xemacs-info-21.4.15-10.EL.1.i386.rpm 7adf376bc1a202d1509c39e17b6ca47d xemacs-nox-21.4.15-10.EL.1.i386.rpm ia64: 5da6d5f42eaf911e2d3531dd6bb3a438 xemacs-21.4.15-10.EL.1.ia64.rpm 0d62c335e2dd1f2b97f6d7700882ce73 xemacs-common-21.4.15-10.EL.1.ia64.rpm 6a55af1abbe00a4ff5fc8bea3f8f362b xemacs-el-21.4.15-10.EL.1.ia64.rpm b014369cff4e33efb41d2e1926f1ebe6 xemacs-info-21.4.15-10.EL.1.ia64.rpm 170a29a6e539d290a8a1e0a4aa04f80a xemacs-nox-21.4.15-10.EL.1.ia64.rpm x86_64: 60675f3441482c33d304cb6ba1c055fc xemacs-21.4.15-10.EL.1.x86_64.rpm 625de01c2f5f6385597ce95fb636a88b xemacs-common-21.4.15-10.EL.1.x86_64.rpm 3dcd4dabcf9e7967ff381f74f8a55804 xemacs-el-21.4.15-10.EL.1.x86_64.rpm 2b0b2d67309d87609dd1d3e7d0cd457f xemacs-info-21.4.15-10.EL.1.x86_64.rpm 2ba03342b10f3002db64e4247eab39e2 xemacs-nox-21.4.15-10.EL.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEc6ZXlSAg2UNWIIRArLxAJ9ZVBCN6Zk3E7vYDFGgMEQ8biO1pwCdGta2 kscvWLyy0CTGozRQCgygFqo= =vXHr -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:28:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:28 -0500 Subject: [RHSA-2005:137-01] Important: mailman security update Message-ID: <200502151028.j1FAS9F19669@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: mailman security update Advisory ID: RHSA-2005:137-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-137.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0202 - --------------------------------------------------------------------- 1. Summary: Updated mailman packages to correct a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Mailman is software to help manage email discussion lists. A flaw in the true_path function of Mailman was discovered. A remote attacker who is a member of a private mailman list could use a carefully crafted URL and gain access to arbitrary files on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0202 to this issue. Note: Mailman installations running on Apache 2.0-based servers are not vulnerable to this issue. Users of Mailman should update to these erratum packages that contain a patch and are not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 147344 - CAN-2005-0202 mailman flaw 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mailman-2.1.5-31.rhel4.src.rpm ad672a2d1781f5ae59185fcf7f6c2bbc mailman-2.1.5-31.rhel4.src.rpm i386: acae7750fb5a10b3cf4c48b98c5bae02 mailman-2.1.5-31.rhel4.i386.rpm ia64: 9762cb809921814537ec2fed5236383f mailman-2.1.5-31.rhel4.ia64.rpm ppc: 45efaecb49707ae8f6d5f530cf114deb mailman-2.1.5-31.rhel4.ppc.rpm s390: 9572eac980ee2013e0ce991d8936a7d6 mailman-2.1.5-31.rhel4.s390.rpm s390x: b50808f3b6bdd658b664320af68c5d0d mailman-2.1.5-31.rhel4.s390x.rpm x86_64: 3cba282612d0ca34edc58dae386c5d21 mailman-2.1.5-31.rhel4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mailman-2.1.5-31.rhel4.src.rpm ad672a2d1781f5ae59185fcf7f6c2bbc mailman-2.1.5-31.rhel4.src.rpm i386: acae7750fb5a10b3cf4c48b98c5bae02 mailman-2.1.5-31.rhel4.i386.rpm x86_64: 3cba282612d0ca34edc58dae386c5d21 mailman-2.1.5-31.rhel4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mailman-2.1.5-31.rhel4.src.rpm ad672a2d1781f5ae59185fcf7f6c2bbc mailman-2.1.5-31.rhel4.src.rpm i386: acae7750fb5a10b3cf4c48b98c5bae02 mailman-2.1.5-31.rhel4.i386.rpm ia64: 9762cb809921814537ec2fed5236383f mailman-2.1.5-31.rhel4.ia64.rpm x86_64: 3cba282612d0ca34edc58dae386c5d21 mailman-2.1.5-31.rhel4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mailman-2.1.5-31.rhel4.src.rpm ad672a2d1781f5ae59185fcf7f6c2bbc mailman-2.1.5-31.rhel4.src.rpm i386: acae7750fb5a10b3cf4c48b98c5bae02 mailman-2.1.5-31.rhel4.i386.rpm ia64: 9762cb809921814537ec2fed5236383f mailman-2.1.5-31.rhel4.ia64.rpm x86_64: 3cba282612d0ca34edc58dae386c5d21 mailman-2.1.5-31.rhel4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0202 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEc63XlSAg2UNWIIRAkU4AKCzFlemmEWgGLDXG/sifgSuFYpOeQCgsdhH 33YOp9VwjOWQCkcTrRpPW20= =gMFo -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Feb 15 10:28:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Feb 2005 05:28 -0500 Subject: [RHSA-2005:138-01] Important: postgresql security update Message-ID: <200502151028.j1FASKF19673@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: postgresql security update Advisory ID: RHSA-2005:138-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-138.html Issue date: 2005-02-15 Updated on: 2005-02-15 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0227 CAN-2005-0244 CAN-2005-0245 CAN-2005-0246 CAN-2005-0247 - --------------------------------------------------------------------- 1. Summary: Updated postresql packages that correct various security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: A flaw in the LOAD command in PostgreSQL was discovered. A local user could use this flaw to load arbitrary shared libraries and therefore execute arbitrary code, gaining the privileges of the PostgreSQL server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0227 to this issue. A permission checking flaw in PostgreSQL was discovered. A local user could bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0244 to this issue. Multiple buffer overflows were found in PL/PgSQL. A database user who has permissions to create plpgsql functions could trigger this flaw which could lead to arbitrary code execution, gaining the privileges of the PostgreSQL server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0245 and CAN-2005-0247 to these issues. A flaw in the integer aggregator (intagg) contrib module for PostgreSQL was found. A user could create carefully crafted arrays and cause a denial of service (crash). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0246 to this issue. The update also fixes some minor problems, notably conflicts with SELinux. Users of postgresql should update to these erratum packages that contain patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 147380 - CAN-2005-0227 Multiple security issues in PostgreSQL (CAN-2005-0244 CAN-2005-0245 CAN-2005-0246 CAN-2005-0247) 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/postgresql-7.4.7-2.RHEL4.1.src.rpm 4e1fd5385bbc6c2f7e916b812695c7c3 postgresql-7.4.7-2.RHEL4.1.src.rpm i386: 94d767f2f6ef199da85b02a329831df4 postgresql-7.4.7-2.RHEL4.1.i386.rpm 24d8c367ea671793886694acee47dd46 postgresql-contrib-7.4.7-2.RHEL4.1.i386.rpm 97cf17eadcfa47e8a5935ef934ad80c1 postgresql-devel-7.4.7-2.RHEL4.1.i386.rpm 617ef0322d65637391f4a5ec829c0b48 postgresql-docs-7.4.7-2.RHEL4.1.i386.rpm a7290745d3b10152905c7a9b6e5d2303 postgresql-jdbc-7.4.7-2.RHEL4.1.i386.rpm fc57db8cf70d429f50f47de0de273a5d postgresql-libs-7.4.7-2.RHEL4.1.i386.rpm 215a38538bac632bd75ea928f83c8dea postgresql-pl-7.4.7-2.RHEL4.1.i386.rpm 03f5055d27b62fce264aacb6871da359 postgresql-python-7.4.7-2.RHEL4.1.i386.rpm f595f6046a7b3f8edb58433670423000 postgresql-server-7.4.7-2.RHEL4.1.i386.rpm b11d6077c7eeeb024b52aa3e2d17bf33 postgresql-tcl-7.4.7-2.RHEL4.1.i386.rpm 21bbaa0275666e60f729ebafd1b09bd7 postgresql-test-7.4.7-2.RHEL4.1.i386.rpm ia64: 413493d8d89ddb33b71529f196cd8eeb postgresql-7.4.7-2.RHEL4.1.ia64.rpm a429b5ccf6d1a3a72ef877d8937a1d38 postgresql-contrib-7.4.7-2.RHEL4.1.ia64.rpm 3493f3559c39fbe7252646da33ba9612 postgresql-devel-7.4.7-2.RHEL4.1.ia64.rpm cfe7b3d303df0853d29293fda459f2ce postgresql-docs-7.4.7-2.RHEL4.1.ia64.rpm c68a2c4dd41262805118c2a6d5f3bcdf postgresql-jdbc-7.4.7-2.RHEL4.1.ia64.rpm 05574b6e2d668682fdf8b2615c377e1e postgresql-libs-7.4.7-2.RHEL4.1.ia64.rpm fc57db8cf70d429f50f47de0de273a5d postgresql-libs-7.4.7-2.RHEL4.1.i386.rpm 4fb94f23fab1495b66015b24ebb8ef84 postgresql-pl-7.4.7-2.RHEL4.1.ia64.rpm 8dd8fe43a6aa7c2015e011b8daeb260b postgresql-python-7.4.7-2.RHEL4.1.ia64.rpm bf72451ec862491282b438dfadfb621b postgresql-server-7.4.7-2.RHEL4.1.ia64.rpm 3ff85543fdd87549364b43dc259073bb postgresql-tcl-7.4.7-2.RHEL4.1.ia64.rpm 1a6659e0f87faadd4ddd7b04ca38b40e postgresql-test-7.4.7-2.RHEL4.1.ia64.rpm ppc: 28069c3cf0b64b60ed7cda8385428d21 postgresql-7.4.7-2.RHEL4.1.ppc.rpm 5a8fce1393a87d1145598816e3e59ebc postgresql-contrib-7.4.7-2.RHEL4.1.ppc.rpm 466949412bc1fd0562215700b865cb13 postgresql-devel-7.4.7-2.RHEL4.1.ppc.rpm 8cb56dd3587845c27bc7e069781c51cb postgresql-docs-7.4.7-2.RHEL4.1.ppc.rpm c36b270aa3901ff81f8ff85dbcf73b24 postgresql-jdbc-7.4.7-2.RHEL4.1.ppc.rpm 6b1f843eece8de00649b14d5d26c5eee postgresql-libs-7.4.7-2.RHEL4.1.ppc.rpm bbc66b7ba8c115bc4c695f108f028896 postgresql-libs-7.4.7-2.RHEL4.1.ppc64.rpm ad1e0bf7d9cbdb7572731e6cb28167e3 postgresql-pl-7.4.7-2.RHEL4.1.ppc.rpm 879694c738be3084741bf2a451588c5f postgresql-python-7.4.7-2.RHEL4.1.ppc.rpm b20480752175008f288b151ba8faa912 postgresql-server-7.4.7-2.RHEL4.1.ppc.rpm ac5d99ee20d5fc8c0d3aef5fb68daf21 postgresql-tcl-7.4.7-2.RHEL4.1.ppc.rpm 7eee8e20e25a42b5a2b634212480e3d7 postgresql-test-7.4.7-2.RHEL4.1.ppc.rpm ppc64: bbc66b7ba8c115bc4c695f108f028896 postgresql-libs-7.4.7-2.RHEL4.1.ppc64.rpm s390: 561284e5fb73124623b6cd3c677fb29f postgresql-7.4.7-2.RHEL4.1.s390.rpm d473ed1d448b44c19567f2d2ec8be404 postgresql-contrib-7.4.7-2.RHEL4.1.s390.rpm 4fbd490194bb0892ad7a5c4f90311df5 postgresql-devel-7.4.7-2.RHEL4.1.s390.rpm 0a6691dd19025858f4a0bfbd0d4f8529 postgresql-docs-7.4.7-2.RHEL4.1.s390.rpm 457bf0a874ae3529085d9b16c254feed postgresql-jdbc-7.4.7-2.RHEL4.1.s390.rpm 476ed4d0d0b1ee2510cfca96628391e0 postgresql-libs-7.4.7-2.RHEL4.1.s390.rpm 20966510599cb51fea0842ac46350b8b postgresql-pl-7.4.7-2.RHEL4.1.s390.rpm 1634740126a0c0e9f6c3d32ee0440dff postgresql-python-7.4.7-2.RHEL4.1.s390.rpm e5cc410a24ab084811269c8cfb82baeb postgresql-server-7.4.7-2.RHEL4.1.s390.rpm 146614ff66aef3c562d8e40f73642a8c postgresql-tcl-7.4.7-2.RHEL4.1.s390.rpm 096895ed7da7e396b509e5342b8ca156 postgresql-test-7.4.7-2.RHEL4.1.s390.rpm s390x: cdb2c8d8affde739ff8c09ec203414cb postgresql-7.4.7-2.RHEL4.1.s390x.rpm c89c16f717478055f6c5a3262a5c904d postgresql-contrib-7.4.7-2.RHEL4.1.s390x.rpm 7155f40e42f605b4c3db49951db86c0f postgresql-devel-7.4.7-2.RHEL4.1.s390x.rpm e70c52d4ec436cbed3a47febb8152e72 postgresql-docs-7.4.7-2.RHEL4.1.s390x.rpm d82f643222f0e542ed5357619b058365 postgresql-jdbc-7.4.7-2.RHEL4.1.s390x.rpm d774caa8a4fdfa0211d3ebff6ffa0c93 postgresql-libs-7.4.7-2.RHEL4.1.s390x.rpm 476ed4d0d0b1ee2510cfca96628391e0 postgresql-libs-7.4.7-2.RHEL4.1.s390.rpm 5c6713ee95d04ba7703245d38573deaf postgresql-pl-7.4.7-2.RHEL4.1.s390x.rpm cf0b594f982c34e805d895e19c3de52e postgresql-python-7.4.7-2.RHEL4.1.s390x.rpm 63da4f50fb669b7b2dfa7b02efc66d6b postgresql-server-7.4.7-2.RHEL4.1.s390x.rpm 883fe4ec6c243fd7967240933aa6edd8 postgresql-tcl-7.4.7-2.RHEL4.1.s390x.rpm bd301c03b0af52655c530a0a388755a4 postgresql-test-7.4.7-2.RHEL4.1.s390x.rpm x86_64: 160c62ec767ff02044312f7ac8dedcb9 postgresql-7.4.7-2.RHEL4.1.x86_64.rpm 566bcbd048c537b1af7c1292c02a0b4a postgresql-contrib-7.4.7-2.RHEL4.1.x86_64.rpm e97a12835837cc113d5eafbd3cfe837a postgresql-devel-7.4.7-2.RHEL4.1.x86_64.rpm 3f836c1c3dbdd9e9267666e3d469c009 postgresql-docs-7.4.7-2.RHEL4.1.x86_64.rpm bc4f32b5a6365cbf8fe19d18ee301584 postgresql-jdbc-7.4.7-2.RHEL4.1.x86_64.rpm 688d65282a1391f2188c356d88c21424 postgresql-libs-7.4.7-2.RHEL4.1.x86_64.rpm fc57db8cf70d429f50f47de0de273a5d postgresql-libs-7.4.7-2.RHEL4.1.i386.rpm 811345247cc87ce5e29a68cf60119ac5 postgresql-pl-7.4.7-2.RHEL4.1.x86_64.rpm 3fc8e7c2cfc2403227eacdc00f633dcb postgresql-python-7.4.7-2.RHEL4.1.x86_64.rpm 86aff4b1ad4a271516ea5f4a67a716f3 postgresql-server-7.4.7-2.RHEL4.1.x86_64.rpm a8d738af14ae28007fa34594b3f93ca9 postgresql-tcl-7.4.7-2.RHEL4.1.x86_64.rpm d771483eb87fa3cf2b53585f99a95d57 postgresql-test-7.4.7-2.RHEL4.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/postgresql-7.4.7-2.RHEL4.1.src.rpm 4e1fd5385bbc6c2f7e916b812695c7c3 postgresql-7.4.7-2.RHEL4.1.src.rpm i386: 94d767f2f6ef199da85b02a329831df4 postgresql-7.4.7-2.RHEL4.1.i386.rpm 24d8c367ea671793886694acee47dd46 postgresql-contrib-7.4.7-2.RHEL4.1.i386.rpm 97cf17eadcfa47e8a5935ef934ad80c1 postgresql-devel-7.4.7-2.RHEL4.1.i386.rpm 617ef0322d65637391f4a5ec829c0b48 postgresql-docs-7.4.7-2.RHEL4.1.i386.rpm a7290745d3b10152905c7a9b6e5d2303 postgresql-jdbc-7.4.7-2.RHEL4.1.i386.rpm fc57db8cf70d429f50f47de0de273a5d postgresql-libs-7.4.7-2.RHEL4.1.i386.rpm 215a38538bac632bd75ea928f83c8dea postgresql-pl-7.4.7-2.RHEL4.1.i386.rpm 03f5055d27b62fce264aacb6871da359 postgresql-python-7.4.7-2.RHEL4.1.i386.rpm f595f6046a7b3f8edb58433670423000 postgresql-server-7.4.7-2.RHEL4.1.i386.rpm b11d6077c7eeeb024b52aa3e2d17bf33 postgresql-tcl-7.4.7-2.RHEL4.1.i386.rpm 21bbaa0275666e60f729ebafd1b09bd7 postgresql-test-7.4.7-2.RHEL4.1.i386.rpm x86_64: 160c62ec767ff02044312f7ac8dedcb9 postgresql-7.4.7-2.RHEL4.1.x86_64.rpm 566bcbd048c537b1af7c1292c02a0b4a postgresql-contrib-7.4.7-2.RHEL4.1.x86_64.rpm e97a12835837cc113d5eafbd3cfe837a postgresql-devel-7.4.7-2.RHEL4.1.x86_64.rpm 3f836c1c3dbdd9e9267666e3d469c009 postgresql-docs-7.4.7-2.RHEL4.1.x86_64.rpm bc4f32b5a6365cbf8fe19d18ee301584 postgresql-jdbc-7.4.7-2.RHEL4.1.x86_64.rpm 688d65282a1391f2188c356d88c21424 postgresql-libs-7.4.7-2.RHEL4.1.x86_64.rpm fc57db8cf70d429f50f47de0de273a5d postgresql-libs-7.4.7-2.RHEL4.1.i386.rpm 811345247cc87ce5e29a68cf60119ac5 postgresql-pl-7.4.7-2.RHEL4.1.x86_64.rpm 3fc8e7c2cfc2403227eacdc00f633dcb postgresql-python-7.4.7-2.RHEL4.1.x86_64.rpm 86aff4b1ad4a271516ea5f4a67a716f3 postgresql-server-7.4.7-2.RHEL4.1.x86_64.rpm a8d738af14ae28007fa34594b3f93ca9 postgresql-tcl-7.4.7-2.RHEL4.1.x86_64.rpm d771483eb87fa3cf2b53585f99a95d57 postgresql-test-7.4.7-2.RHEL4.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/postgresql-7.4.7-2.RHEL4.1.src.rpm 4e1fd5385bbc6c2f7e916b812695c7c3 postgresql-7.4.7-2.RHEL4.1.src.rpm i386: 94d767f2f6ef199da85b02a329831df4 postgresql-7.4.7-2.RHEL4.1.i386.rpm 24d8c367ea671793886694acee47dd46 postgresql-contrib-7.4.7-2.RHEL4.1.i386.rpm 97cf17eadcfa47e8a5935ef934ad80c1 postgresql-devel-7.4.7-2.RHEL4.1.i386.rpm 617ef0322d65637391f4a5ec829c0b48 postgresql-docs-7.4.7-2.RHEL4.1.i386.rpm a7290745d3b10152905c7a9b6e5d2303 postgresql-jdbc-7.4.7-2.RHEL4.1.i386.rpm fc57db8cf70d429f50f47de0de273a5d postgresql-libs-7.4.7-2.RHEL4.1.i386.rpm 215a38538bac632bd75ea928f83c8dea postgresql-pl-7.4.7-2.RHEL4.1.i386.rpm 03f5055d27b62fce264aacb6871da359 postgresql-python-7.4.7-2.RHEL4.1.i386.rpm f595f6046a7b3f8edb58433670423000 postgresql-server-7.4.7-2.RHEL4.1.i386.rpm b11d6077c7eeeb024b52aa3e2d17bf33 postgresql-tcl-7.4.7-2.RHEL4.1.i386.rpm 21bbaa0275666e60f729ebafd1b09bd7 postgresql-test-7.4.7-2.RHEL4.1.i386.rpm ia64: 413493d8d89ddb33b71529f196cd8eeb postgresql-7.4.7-2.RHEL4.1.ia64.rpm a429b5ccf6d1a3a72ef877d8937a1d38 postgresql-contrib-7.4.7-2.RHEL4.1.ia64.rpm 3493f3559c39fbe7252646da33ba9612 postgresql-devel-7.4.7-2.RHEL4.1.ia64.rpm cfe7b3d303df0853d29293fda459f2ce postgresql-docs-7.4.7-2.RHEL4.1.ia64.rpm c68a2c4dd41262805118c2a6d5f3bcdf postgresql-jdbc-7.4.7-2.RHEL4.1.ia64.rpm 05574b6e2d668682fdf8b2615c377e1e postgresql-libs-7.4.7-2.RHEL4.1.ia64.rpm fc57db8cf70d429f50f47de0de273a5d postgresql-libs-7.4.7-2.RHEL4.1.i386.rpm 4fb94f23fab1495b66015b24ebb8ef84 postgresql-pl-7.4.7-2.RHEL4.1.ia64.rpm 8dd8fe43a6aa7c2015e011b8daeb260b postgresql-python-7.4.7-2.RHEL4.1.ia64.rpm bf72451ec862491282b438dfadfb621b postgresql-server-7.4.7-2.RHEL4.1.ia64.rpm 3ff85543fdd87549364b43dc259073bb postgresql-tcl-7.4.7-2.RHEL4.1.ia64.rpm 1a6659e0f87faadd4ddd7b04ca38b40e postgresql-test-7.4.7-2.RHEL4.1.ia64.rpm x86_64: 160c62ec767ff02044312f7ac8dedcb9 postgresql-7.4.7-2.RHEL4.1.x86_64.rpm 566bcbd048c537b1af7c1292c02a0b4a postgresql-contrib-7.4.7-2.RHEL4.1.x86_64.rpm e97a12835837cc113d5eafbd3cfe837a postgresql-devel-7.4.7-2.RHEL4.1.x86_64.rpm 3f836c1c3dbdd9e9267666e3d469c009 postgresql-docs-7.4.7-2.RHEL4.1.x86_64.rpm bc4f32b5a6365cbf8fe19d18ee301584 postgresql-jdbc-7.4.7-2.RHEL4.1.x86_64.rpm 688d65282a1391f2188c356d88c21424 postgresql-libs-7.4.7-2.RHEL4.1.x86_64.rpm fc57db8cf70d429f50f47de0de273a5d postgresql-libs-7.4.7-2.RHEL4.1.i386.rpm 811345247cc87ce5e29a68cf60119ac5 postgresql-pl-7.4.7-2.RHEL4.1.x86_64.rpm 3fc8e7c2cfc2403227eacdc00f633dcb postgresql-python-7.4.7-2.RHEL4.1.x86_64.rpm 86aff4b1ad4a271516ea5f4a67a716f3 postgresql-server-7.4.7-2.RHEL4.1.x86_64.rpm a8d738af14ae28007fa34594b3f93ca9 postgresql-tcl-7.4.7-2.RHEL4.1.x86_64.rpm d771483eb87fa3cf2b53585f99a95d57 postgresql-test-7.4.7-2.RHEL4.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/postgresql-7.4.7-2.RHEL4.1.src.rpm 4e1fd5385bbc6c2f7e916b812695c7c3 postgresql-7.4.7-2.RHEL4.1.src.rpm i386: 94d767f2f6ef199da85b02a329831df4 postgresql-7.4.7-2.RHEL4.1.i386.rpm 24d8c367ea671793886694acee47dd46 postgresql-contrib-7.4.7-2.RHEL4.1.i386.rpm 97cf17eadcfa47e8a5935ef934ad80c1 postgresql-devel-7.4.7-2.RHEL4.1.i386.rpm 617ef0322d65637391f4a5ec829c0b48 postgresql-docs-7.4.7-2.RHEL4.1.i386.rpm a7290745d3b10152905c7a9b6e5d2303 postgresql-jdbc-7.4.7-2.RHEL4.1.i386.rpm fc57db8cf70d429f50f47de0de273a5d postgresql-libs-7.4.7-2.RHEL4.1.i386.rpm 215a38538bac632bd75ea928f83c8dea postgresql-pl-7.4.7-2.RHEL4.1.i386.rpm 03f5055d27b62fce264aacb6871da359 postgresql-python-7.4.7-2.RHEL4.1.i386.rpm f595f6046a7b3f8edb58433670423000 postgresql-server-7.4.7-2.RHEL4.1.i386.rpm b11d6077c7eeeb024b52aa3e2d17bf33 postgresql-tcl-7.4.7-2.RHEL4.1.i386.rpm 21bbaa0275666e60f729ebafd1b09bd7 postgresql-test-7.4.7-2.RHEL4.1.i386.rpm ia64: 413493d8d89ddb33b71529f196cd8eeb postgresql-7.4.7-2.RHEL4.1.ia64.rpm a429b5ccf6d1a3a72ef877d8937a1d38 postgresql-contrib-7.4.7-2.RHEL4.1.ia64.rpm 3493f3559c39fbe7252646da33ba9612 postgresql-devel-7.4.7-2.RHEL4.1.ia64.rpm cfe7b3d303df0853d29293fda459f2ce postgresql-docs-7.4.7-2.RHEL4.1.ia64.rpm c68a2c4dd41262805118c2a6d5f3bcdf postgresql-jdbc-7.4.7-2.RHEL4.1.ia64.rpm 05574b6e2d668682fdf8b2615c377e1e postgresql-libs-7.4.7-2.RHEL4.1.ia64.rpm fc57db8cf70d429f50f47de0de273a5d postgresql-libs-7.4.7-2.RHEL4.1.i386.rpm 4fb94f23fab1495b66015b24ebb8ef84 postgresql-pl-7.4.7-2.RHEL4.1.ia64.rpm 8dd8fe43a6aa7c2015e011b8daeb260b postgresql-python-7.4.7-2.RHEL4.1.ia64.rpm bf72451ec862491282b438dfadfb621b postgresql-server-7.4.7-2.RHEL4.1.ia64.rpm 3ff85543fdd87549364b43dc259073bb postgresql-tcl-7.4.7-2.RHEL4.1.ia64.rpm 1a6659e0f87faadd4ddd7b04ca38b40e postgresql-test-7.4.7-2.RHEL4.1.ia64.rpm x86_64: 160c62ec767ff02044312f7ac8dedcb9 postgresql-7.4.7-2.RHEL4.1.x86_64.rpm 566bcbd048c537b1af7c1292c02a0b4a postgresql-contrib-7.4.7-2.RHEL4.1.x86_64.rpm e97a12835837cc113d5eafbd3cfe837a postgresql-devel-7.4.7-2.RHEL4.1.x86_64.rpm 3f836c1c3dbdd9e9267666e3d469c009 postgresql-docs-7.4.7-2.RHEL4.1.x86_64.rpm bc4f32b5a6365cbf8fe19d18ee301584 postgresql-jdbc-7.4.7-2.RHEL4.1.x86_64.rpm 688d65282a1391f2188c356d88c21424 postgresql-libs-7.4.7-2.RHEL4.1.x86_64.rpm fc57db8cf70d429f50f47de0de273a5d postgresql-libs-7.4.7-2.RHEL4.1.i386.rpm 811345247cc87ce5e29a68cf60119ac5 postgresql-pl-7.4.7-2.RHEL4.1.x86_64.rpm 3fc8e7c2cfc2403227eacdc00f633dcb postgresql-python-7.4.7-2.RHEL4.1.x86_64.rpm 86aff4b1ad4a271516ea5f4a67a716f3 postgresql-server-7.4.7-2.RHEL4.1.x86_64.rpm a8d738af14ae28007fa34594b3f93ca9 postgresql-tcl-7.4.7-2.RHEL4.1.x86_64.rpm d771483eb87fa3cf2b53585f99a95d57 postgresql-test-7.4.7-2.RHEL4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0244 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0246 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0247 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCEc7CXlSAg2UNWIIRAiHVAJ494OtF/DlfTlGC/QDLm0z43cUrHwCcDtWx vdsV6Q74aAH4IxQ1fLl7DJQ= =9SHg -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 16 16:27:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 16 Feb 2005 11:27 -0500 Subject: [RHSA-2005:150-01] Important: postgresql security update Message-ID: <200502161627.j1GGRYF31962@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: postgresql security update Advisory ID: RHSA-2005:150-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-150.html Issue date: 2005-02-16 Updated on: 2005-02-16 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0227 CAN-2005-0245 CAN-2005-0247 - --------------------------------------------------------------------- 1. Summary: Updated PostgreSQL packages to fix various security flaws are now available for Red Hat Enterprise Linux 2.1AS. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: PostgreSQL is an advanced Object-Relational database management system (DBMS). A flaw in the LOAD command in PostgreSQL was discovered. A local user could use this flaw to load arbitrary shared libraries and therefore execute arbitrary code, gaining the privileges of the PostgreSQL server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0227 to this issue. Multiple buffer overflows were found in PL/PgSQL. A database user who has permissions to create plpgsql functions could trigger this flaw which could lead to arbitrary code execution, gaining the privileges of the PostgreSQL server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0245 and CAN-2005-0247 to these issues. Users of PostgreSQL are advised to update to these erratum packages which are not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 147703 - CAN-2005-0227 Multiple security and data-loss issues in PostgreSQL (CAN-2004-0977 CAN-2005-0245 CAN-2005-0247) 130818 - PostgreSQL can lose committed transactions 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/postgresql-7.1.3-6.rhel2.1AS.src.rpm d6372acaa5a690ea28fa6db8514467f4 postgresql-7.1.3-6.rhel2.1AS.src.rpm i386: d5dd4645e60377652a3b20b8ea2075c8 postgresql-7.1.3-6.rhel2.1AS.i386.rpm 900fff68faddf8a4a74d9f28c1798228 postgresql-contrib-7.1.3-6.rhel2.1AS.i386.rpm fa7a457aca0a82c84695343029f01daa postgresql-devel-7.1.3-6.rhel2.1AS.i386.rpm 6413c9dff17164013e41dfc7e9abc4fb postgresql-docs-7.1.3-6.rhel2.1AS.i386.rpm 14052b797b37408cc83842869128602b postgresql-jdbc-7.1.3-6.rhel2.1AS.i386.rpm 5f63b3466fad8ba0c95ca8f895c01d52 postgresql-libs-7.1.3-6.rhel2.1AS.i386.rpm 44b516e32296194ee2f4087a5f1b673e postgresql-odbc-7.1.3-6.rhel2.1AS.i386.rpm 6b4f6323a147590a7347cbf0f92042e5 postgresql-perl-7.1.3-6.rhel2.1AS.i386.rpm cdbe160b61882748a38f7cc9d251ab61 postgresql-python-7.1.3-6.rhel2.1AS.i386.rpm b1b051ed6aaf151c461ccf39a460f8bc postgresql-server-7.1.3-6.rhel2.1AS.i386.rpm 24a53c8b9b10697f2cfa6c690cc8b37b postgresql-tcl-7.1.3-6.rhel2.1AS.i386.rpm 340239bd5986f62ec040ba42b12c108d postgresql-test-7.1.3-6.rhel2.1AS.i386.rpm a79a012ff3eadfd2630dc863b29479dc postgresql-tk-7.1.3-6.rhel2.1AS.i386.rpm ia64: ab956518e3d0a552e193316444fdebe8 postgresql-7.1.3-6.rhel2.1AS.ia64.rpm 7af5314c1bfaadcf4f8837caa41b5b9b postgresql-contrib-7.1.3-6.rhel2.1AS.ia64.rpm 9b8d0b95c2c386dd16ca225185c70446 postgresql-devel-7.1.3-6.rhel2.1AS.ia64.rpm 8f178d5340ef48550351970e0954bcb6 postgresql-docs-7.1.3-6.rhel2.1AS.ia64.rpm 53a27c906e4930481e3d8bccac9b1aed postgresql-jdbc-7.1.3-6.rhel2.1AS.ia64.rpm 9426664bacc88b2836f917c00ae8022d postgresql-libs-7.1.3-6.rhel2.1AS.ia64.rpm f764dc209d0447701ca238571d192d43 postgresql-odbc-7.1.3-6.rhel2.1AS.ia64.rpm 59054a3ca270a50180dabf602f3fc64a postgresql-perl-7.1.3-6.rhel2.1AS.ia64.rpm d0f46f72f7e01f1db5f4226813bde4d9 postgresql-python-7.1.3-6.rhel2.1AS.ia64.rpm cfba743e7d03547bb4042a7e35821f89 postgresql-server-7.1.3-6.rhel2.1AS.ia64.rpm 39886dba0d0b65c0df5ac717eb947c38 postgresql-tcl-7.1.3-6.rhel2.1AS.ia64.rpm 7a37f6ece0ca1f03fd54c83b70379c85 postgresql-test-7.1.3-6.rhel2.1AS.ia64.rpm db8137c889d035f1cf4ab47e6687cfaf postgresql-tk-7.1.3-6.rhel2.1AS.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/postgresql-7.1.3-6.rhel2.1AS.src.rpm d6372acaa5a690ea28fa6db8514467f4 postgresql-7.1.3-6.rhel2.1AS.src.rpm ia64: ab956518e3d0a552e193316444fdebe8 postgresql-7.1.3-6.rhel2.1AS.ia64.rpm 7af5314c1bfaadcf4f8837caa41b5b9b postgresql-contrib-7.1.3-6.rhel2.1AS.ia64.rpm 9b8d0b95c2c386dd16ca225185c70446 postgresql-devel-7.1.3-6.rhel2.1AS.ia64.rpm 8f178d5340ef48550351970e0954bcb6 postgresql-docs-7.1.3-6.rhel2.1AS.ia64.rpm 53a27c906e4930481e3d8bccac9b1aed postgresql-jdbc-7.1.3-6.rhel2.1AS.ia64.rpm 9426664bacc88b2836f917c00ae8022d postgresql-libs-7.1.3-6.rhel2.1AS.ia64.rpm f764dc209d0447701ca238571d192d43 postgresql-odbc-7.1.3-6.rhel2.1AS.ia64.rpm 59054a3ca270a50180dabf602f3fc64a postgresql-perl-7.1.3-6.rhel2.1AS.ia64.rpm d0f46f72f7e01f1db5f4226813bde4d9 postgresql-python-7.1.3-6.rhel2.1AS.ia64.rpm cfba743e7d03547bb4042a7e35821f89 postgresql-server-7.1.3-6.rhel2.1AS.ia64.rpm 39886dba0d0b65c0df5ac717eb947c38 postgresql-tcl-7.1.3-6.rhel2.1AS.ia64.rpm 7a37f6ece0ca1f03fd54c83b70379c85 postgresql-test-7.1.3-6.rhel2.1AS.ia64.rpm db8137c889d035f1cf4ab47e6687cfaf postgresql-tk-7.1.3-6.rhel2.1AS.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/postgresql-7.1.3-6.rhel2.1AS.src.rpm d6372acaa5a690ea28fa6db8514467f4 postgresql-7.1.3-6.rhel2.1AS.src.rpm i386: d5dd4645e60377652a3b20b8ea2075c8 postgresql-7.1.3-6.rhel2.1AS.i386.rpm 900fff68faddf8a4a74d9f28c1798228 postgresql-contrib-7.1.3-6.rhel2.1AS.i386.rpm fa7a457aca0a82c84695343029f01daa postgresql-devel-7.1.3-6.rhel2.1AS.i386.rpm 6413c9dff17164013e41dfc7e9abc4fb postgresql-docs-7.1.3-6.rhel2.1AS.i386.rpm 14052b797b37408cc83842869128602b postgresql-jdbc-7.1.3-6.rhel2.1AS.i386.rpm 5f63b3466fad8ba0c95ca8f895c01d52 postgresql-libs-7.1.3-6.rhel2.1AS.i386.rpm 44b516e32296194ee2f4087a5f1b673e postgresql-odbc-7.1.3-6.rhel2.1AS.i386.rpm 6b4f6323a147590a7347cbf0f92042e5 postgresql-perl-7.1.3-6.rhel2.1AS.i386.rpm cdbe160b61882748a38f7cc9d251ab61 postgresql-python-7.1.3-6.rhel2.1AS.i386.rpm b1b051ed6aaf151c461ccf39a460f8bc postgresql-server-7.1.3-6.rhel2.1AS.i386.rpm 24a53c8b9b10697f2cfa6c690cc8b37b postgresql-tcl-7.1.3-6.rhel2.1AS.i386.rpm 340239bd5986f62ec040ba42b12c108d postgresql-test-7.1.3-6.rhel2.1AS.i386.rpm a79a012ff3eadfd2630dc863b29479dc postgresql-tk-7.1.3-6.rhel2.1AS.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/postgresql-7.1.3-6.rhel2.1AS.src.rpm d6372acaa5a690ea28fa6db8514467f4 postgresql-7.1.3-6.rhel2.1AS.src.rpm i386: d5dd4645e60377652a3b20b8ea2075c8 postgresql-7.1.3-6.rhel2.1AS.i386.rpm 900fff68faddf8a4a74d9f28c1798228 postgresql-contrib-7.1.3-6.rhel2.1AS.i386.rpm fa7a457aca0a82c84695343029f01daa postgresql-devel-7.1.3-6.rhel2.1AS.i386.rpm 6413c9dff17164013e41dfc7e9abc4fb postgresql-docs-7.1.3-6.rhel2.1AS.i386.rpm 14052b797b37408cc83842869128602b postgresql-jdbc-7.1.3-6.rhel2.1AS.i386.rpm 5f63b3466fad8ba0c95ca8f895c01d52 postgresql-libs-7.1.3-6.rhel2.1AS.i386.rpm 44b516e32296194ee2f4087a5f1b673e postgresql-odbc-7.1.3-6.rhel2.1AS.i386.rpm 6b4f6323a147590a7347cbf0f92042e5 postgresql-perl-7.1.3-6.rhel2.1AS.i386.rpm cdbe160b61882748a38f7cc9d251ab61 postgresql-python-7.1.3-6.rhel2.1AS.i386.rpm b1b051ed6aaf151c461ccf39a460f8bc postgresql-server-7.1.3-6.rhel2.1AS.i386.rpm 24a53c8b9b10697f2cfa6c690cc8b37b postgresql-tcl-7.1.3-6.rhel2.1AS.i386.rpm 340239bd5986f62ec040ba42b12c108d postgresql-test-7.1.3-6.rhel2.1AS.i386.rpm a79a012ff3eadfd2630dc863b29479dc postgresql-tk-7.1.3-6.rhel2.1AS.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0247 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCE3RUXlSAg2UNWIIRAhqEAJsHfUc+AOmCEY0JBkeIuJyHJWtAaQCgv/wK MdHHTHS8ghYNmkky3QsDo6c= =at0x -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Feb 18 15:38:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 18 Feb 2005 10:38 -0500 Subject: [RHSA-2005:080-01] Low: cpio security update Message-ID: <200502181538.j1IFc7F25055@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: cpio security update Advisory ID: RHSA-2005:080-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-080.html Issue date: 2005-02-18 Updated on: 2005-02-18 Product: Red Hat Enterprise Linux Keywords: cpio umask CVE Names: CAN-1999-1572 - --------------------------------------------------------------------- 1. Summary: An updated cpio package that fixes a umask bug and supports large files (>2GB) is now available. This update has been rated as having low security impact by the Red Hat Security Response Team 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: GNU cpio copies files into or out of a cpio or tar archive. It was discovered that cpio uses a 0 umask when creating files using the -O (archive) option. This creates output files with mode 0666 (all can read and write) regardless of the user's umask setting. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-1999-1572 to this issue. All users of cpio should upgrade to this updated package, which resolves this issue, and adds support for large files (> 2GB). 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 145720 - CAN-1999-1572 cpio insecure file creation 105617 - cpio does not support large files > 2GB 144688 - cpio fails to unpack initrd on ppc 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cpio-2.5-3e.3.src.rpm 53c26afeb29e541f23e3bf74049632e0 cpio-2.5-3e.3.src.rpm i386: 2f7640bac79d70881542b4ea2f27b9a9 cpio-2.5-3e.3.i386.rpm ia64: af616c0444113d8056fc9b462da9ea1e cpio-2.5-3e.3.ia64.rpm ppc: b7af34936d1cf57f43ae4f47cdb4a320 cpio-2.5-3e.3.ppc.rpm s390: 6a3deef23563bffca6a8b50cc153408a cpio-2.5-3e.3.s390.rpm s390x: 67ea8870629f5355f5935699c19e95a9 cpio-2.5-3e.3.s390x.rpm x86_64: 64839becc965195850d50c074c375a68 cpio-2.5-3e.3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cpio-2.5-3e.3.src.rpm 53c26afeb29e541f23e3bf74049632e0 cpio-2.5-3e.3.src.rpm i386: 2f7640bac79d70881542b4ea2f27b9a9 cpio-2.5-3e.3.i386.rpm x86_64: 64839becc965195850d50c074c375a68 cpio-2.5-3e.3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cpio-2.5-3e.3.src.rpm 53c26afeb29e541f23e3bf74049632e0 cpio-2.5-3e.3.src.rpm i386: 2f7640bac79d70881542b4ea2f27b9a9 cpio-2.5-3e.3.i386.rpm ia64: af616c0444113d8056fc9b462da9ea1e cpio-2.5-3e.3.ia64.rpm x86_64: 64839becc965195850d50c074c375a68 cpio-2.5-3e.3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cpio-2.5-3e.3.src.rpm 53c26afeb29e541f23e3bf74049632e0 cpio-2.5-3e.3.src.rpm i386: 2f7640bac79d70881542b4ea2f27b9a9 cpio-2.5-3e.3.i386.rpm ia64: af616c0444113d8056fc9b462da9ea1e cpio-2.5-3e.3.ia64.rpm x86_64: 64839becc965195850d50c074c375a68 cpio-2.5-3e.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1572 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCFguwXlSAg2UNWIIRAs8NAKCpH58d22K+//GGLPmPzLOezV80HgCeOgO7 fHrz4giIJgvEA/YKOeEvoho= =qtby -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Feb 18 15:38:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 18 Feb 2005 10:38 -0500 Subject: [RHSA-2005:114-01] Low: imap security update Message-ID: <200502181538.j1IFcXF25065@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: imap security update Advisory ID: RHSA-2005:114-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-114.html Issue date: 2005-02-18 Updated on: 2005-02-18 Product: Red Hat Enterprise Linux CVE Names: CAN-2003-0297 - --------------------------------------------------------------------- 1. Summary: Updated imap packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 3. Problem description: The imap package provides server daemons for both the IMAP (Internet Message Access Protocol) and POP (Post Office Protocol) mail access protocols. A buffer overflow flaw was found in the c-client IMAP client. An attacker could create a malicious IMAP server that if connected to by a victim could execute arbitrary code on the client machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0297 to this issue. Users of imap are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 97344 - CAN-2003-0297 c-client imap issue 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/imap-2001a-11.0as.src.rpm 9e1292058931aa176223e9cbf553d44f imap-2001a-11.0as.src.rpm i386: c938f43eedcfd404d05e5852e6dc68d1 imap-2001a-11.0as.i386.rpm be2e164e602d430cc75be33cbc19caf2 imap-devel-2001a-11.0as.i386.rpm ia64: b8eefa1621ec847853338ccd7ddd1145 imap-2001a-11.0as.ia64.rpm cdbd9327ae35f1017542e03110dd26ae imap-devel-2001a-11.0as.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/imap-2001a-11.0as.src.rpm 9e1292058931aa176223e9cbf553d44f imap-2001a-11.0as.src.rpm ia64: b8eefa1621ec847853338ccd7ddd1145 imap-2001a-11.0as.ia64.rpm cdbd9327ae35f1017542e03110dd26ae imap-devel-2001a-11.0as.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/imap-2001a-11.0as.src.rpm 9e1292058931aa176223e9cbf553d44f imap-2001a-11.0as.src.rpm i386: c938f43eedcfd404d05e5852e6dc68d1 imap-2001a-11.0as.i386.rpm be2e164e602d430cc75be33cbc19caf2 imap-devel-2001a-11.0as.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0297 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCFgvrXlSAg2UNWIIRAnKyAJ9p26Na4dEZbFEfVjTq/7L9NI/6oACgqjvA iFwWZ4cSWcE/DbFkh2jBR7Q= =Fdsa -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Feb 18 15:39:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 18 Feb 2005 10:39 -0500 Subject: [RHSA-2005:122-01] Low: vim security update Message-ID: <200502181539.j1IFdTF25113@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: vim security update Advisory ID: RHSA-2005:122-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-122.html Issue date: 2005-02-18 Updated on: 2005-02-18 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0069 - --------------------------------------------------------------------- 1. Summary: Updated vim packages that fix a security vulnerability are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: VIM (Vi IMproved) is an updated and improved version of the vi screen-based editor. The Debian Security Audit Project discovered an insecure temporary file usage in VIM. A local user could overwrite or create files as a different user who happens to run one of the the vulnerable utilities. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0069 to this issue. All users of VIM are advised to upgrade to these erratum packages, which contain a backported patche for this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 144695 - CAN-2005-0069 vim unsafe temporary file usage. 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/vim-6.0-7.21.src.rpm 25a0d0da8e8dcd06a732260aed6092de vim-6.0-7.21.src.rpm i386: 858074120fd8d3aacfa597234bd2bf9e vim-X11-6.0-7.21.i386.rpm 2dc635b4493df94730bda4f0ce6c3537 vim-common-6.0-7.21.i386.rpm 55afb35d89ef238125ec9742ff5bb71c vim-enhanced-6.0-7.21.i386.rpm 57de71f48376a1aeb896e4d2ee824b87 vim-minimal-6.0-7.21.i386.rpm ia64: 00f330fbc80b4e95f575128b13266604 vim-X11-6.0-7.21.ia64.rpm 0f2e04e3039df74739f56e3ebcf64076 vim-common-6.0-7.21.ia64.rpm a1eb0b17a2c76bf46ec90442f7e99885 vim-enhanced-6.0-7.21.ia64.rpm 4a0c680069a6eff71523ecfc7effbeae vim-minimal-6.0-7.21.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/vim-6.0-7.21.src.rpm 25a0d0da8e8dcd06a732260aed6092de vim-6.0-7.21.src.rpm ia64: 00f330fbc80b4e95f575128b13266604 vim-X11-6.0-7.21.ia64.rpm 0f2e04e3039df74739f56e3ebcf64076 vim-common-6.0-7.21.ia64.rpm a1eb0b17a2c76bf46ec90442f7e99885 vim-enhanced-6.0-7.21.ia64.rpm 4a0c680069a6eff71523ecfc7effbeae vim-minimal-6.0-7.21.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/vim-6.0-7.21.src.rpm 25a0d0da8e8dcd06a732260aed6092de vim-6.0-7.21.src.rpm i386: 858074120fd8d3aacfa597234bd2bf9e vim-X11-6.0-7.21.i386.rpm 2dc635b4493df94730bda4f0ce6c3537 vim-common-6.0-7.21.i386.rpm 55afb35d89ef238125ec9742ff5bb71c vim-enhanced-6.0-7.21.i386.rpm 57de71f48376a1aeb896e4d2ee824b87 vim-minimal-6.0-7.21.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/vim-6.0-7.21.src.rpm 25a0d0da8e8dcd06a732260aed6092de vim-6.0-7.21.src.rpm i386: 858074120fd8d3aacfa597234bd2bf9e vim-X11-6.0-7.21.i386.rpm 2dc635b4493df94730bda4f0ce6c3537 vim-common-6.0-7.21.i386.rpm 55afb35d89ef238125ec9742ff5bb71c vim-enhanced-6.0-7.21.i386.rpm 57de71f48376a1aeb896e4d2ee824b87 vim-minimal-6.0-7.21.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/vim-6.3.046-0.30E.3.src.rpm d0c6d095fc3fd947b96f48cf80fb75d2 vim-6.3.046-0.30E.3.src.rpm i386: 5ecea903ba72a0e85b5e035b28b4aef9 vim-X11-6.3.046-0.30E.3.i386.rpm d814d3d83213dfa0517dff6cc27f453a vim-common-6.3.046-0.30E.3.i386.rpm ec4d0de61e6d0b20bfdbe0a29bb8a41f vim-enhanced-6.3.046-0.30E.3.i386.rpm f7890066d7cbc0220355c538043e1d56 vim-minimal-6.3.046-0.30E.3.i386.rpm ia64: 6d5b53a1d2ff995eaa980957f448f23d vim-X11-6.3.046-0.30E.3.ia64.rpm ff174d2a96c64ec41312c3a7da5494b4 vim-common-6.3.046-0.30E.3.ia64.rpm 9461ef263141b100edaf384fa44f1262 vim-enhanced-6.3.046-0.30E.3.ia64.rpm 78dc091a9c3d1e111988eced0b81d697 vim-minimal-6.3.046-0.30E.3.ia64.rpm ppc: 1e7ce04e602be9cc364d55f71f1e700e vim-X11-6.3.046-0.30E.3.ppc.rpm e4dd0527a573d86a9a9f39953377459b vim-common-6.3.046-0.30E.3.ppc.rpm cf3f4b6152b2c40683bdb5c7308e35be vim-enhanced-6.3.046-0.30E.3.ppc.rpm 775f2116d03996ce9ccea101ca7250b0 vim-minimal-6.3.046-0.30E.3.ppc.rpm s390: 93c551ed8fcaa5884a46bc4cfa2b5d2a vim-X11-6.3.046-0.30E.3.s390.rpm 9d17aa93c46223feb88dd957606173a6 vim-common-6.3.046-0.30E.3.s390.rpm 0426391991938cca456ce7ddd2684227 vim-enhanced-6.3.046-0.30E.3.s390.rpm 4ad9e677f5a154733a84eef2fa76167f vim-minimal-6.3.046-0.30E.3.s390.rpm s390x: 5adf3d0ac7c6b060fb3a595852614442 vim-X11-6.3.046-0.30E.3.s390x.rpm c677152124ad31ac7f7c853f36dd9538 vim-common-6.3.046-0.30E.3.s390x.rpm 43324fd6361cef7eb591cba2a9344885 vim-enhanced-6.3.046-0.30E.3.s390x.rpm ecab3cd04492c2ef6cef5b6558cf26fe vim-minimal-6.3.046-0.30E.3.s390x.rpm x86_64: 8c9d5111273676a1c6f16eef3b2f0822 vim-X11-6.3.046-0.30E.3.x86_64.rpm 32a2aa7b56236079908bb8decdc4877f vim-common-6.3.046-0.30E.3.x86_64.rpm 7e46ae1ba637e5d95c532962853943ca vim-enhanced-6.3.046-0.30E.3.x86_64.rpm 53726767c2dcb8b26c81445c41cc4abf vim-minimal-6.3.046-0.30E.3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/vim-6.3.046-0.30E.3.src.rpm d0c6d095fc3fd947b96f48cf80fb75d2 vim-6.3.046-0.30E.3.src.rpm i386: 5ecea903ba72a0e85b5e035b28b4aef9 vim-X11-6.3.046-0.30E.3.i386.rpm d814d3d83213dfa0517dff6cc27f453a vim-common-6.3.046-0.30E.3.i386.rpm ec4d0de61e6d0b20bfdbe0a29bb8a41f vim-enhanced-6.3.046-0.30E.3.i386.rpm f7890066d7cbc0220355c538043e1d56 vim-minimal-6.3.046-0.30E.3.i386.rpm x86_64: 8c9d5111273676a1c6f16eef3b2f0822 vim-X11-6.3.046-0.30E.3.x86_64.rpm 32a2aa7b56236079908bb8decdc4877f vim-common-6.3.046-0.30E.3.x86_64.rpm 7e46ae1ba637e5d95c532962853943ca vim-enhanced-6.3.046-0.30E.3.x86_64.rpm 53726767c2dcb8b26c81445c41cc4abf vim-minimal-6.3.046-0.30E.3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/vim-6.3.046-0.30E.3.src.rpm d0c6d095fc3fd947b96f48cf80fb75d2 vim-6.3.046-0.30E.3.src.rpm i386: 5ecea903ba72a0e85b5e035b28b4aef9 vim-X11-6.3.046-0.30E.3.i386.rpm d814d3d83213dfa0517dff6cc27f453a vim-common-6.3.046-0.30E.3.i386.rpm ec4d0de61e6d0b20bfdbe0a29bb8a41f vim-enhanced-6.3.046-0.30E.3.i386.rpm f7890066d7cbc0220355c538043e1d56 vim-minimal-6.3.046-0.30E.3.i386.rpm ia64: 6d5b53a1d2ff995eaa980957f448f23d vim-X11-6.3.046-0.30E.3.ia64.rpm ff174d2a96c64ec41312c3a7da5494b4 vim-common-6.3.046-0.30E.3.ia64.rpm 9461ef263141b100edaf384fa44f1262 vim-enhanced-6.3.046-0.30E.3.ia64.rpm 78dc091a9c3d1e111988eced0b81d697 vim-minimal-6.3.046-0.30E.3.ia64.rpm x86_64: 8c9d5111273676a1c6f16eef3b2f0822 vim-X11-6.3.046-0.30E.3.x86_64.rpm 32a2aa7b56236079908bb8decdc4877f vim-common-6.3.046-0.30E.3.x86_64.rpm 7e46ae1ba637e5d95c532962853943ca vim-enhanced-6.3.046-0.30E.3.x86_64.rpm 53726767c2dcb8b26c81445c41cc4abf vim-minimal-6.3.046-0.30E.3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/vim-6.3.046-0.30E.3.src.rpm d0c6d095fc3fd947b96f48cf80fb75d2 vim-6.3.046-0.30E.3.src.rpm i386: 5ecea903ba72a0e85b5e035b28b4aef9 vim-X11-6.3.046-0.30E.3.i386.rpm d814d3d83213dfa0517dff6cc27f453a vim-common-6.3.046-0.30E.3.i386.rpm ec4d0de61e6d0b20bfdbe0a29bb8a41f vim-enhanced-6.3.046-0.30E.3.i386.rpm f7890066d7cbc0220355c538043e1d56 vim-minimal-6.3.046-0.30E.3.i386.rpm ia64: 6d5b53a1d2ff995eaa980957f448f23d vim-X11-6.3.046-0.30E.3.ia64.rpm ff174d2a96c64ec41312c3a7da5494b4 vim-common-6.3.046-0.30E.3.ia64.rpm 9461ef263141b100edaf384fa44f1262 vim-enhanced-6.3.046-0.30E.3.ia64.rpm 78dc091a9c3d1e111988eced0b81d697 vim-minimal-6.3.046-0.30E.3.ia64.rpm x86_64: 8c9d5111273676a1c6f16eef3b2f0822 vim-X11-6.3.046-0.30E.3.x86_64.rpm 32a2aa7b56236079908bb8decdc4877f vim-common-6.3.046-0.30E.3.x86_64.rpm 7e46ae1ba637e5d95c532962853943ca vim-enhanced-6.3.046-0.30E.3.x86_64.rpm 53726767c2dcb8b26c81445c41cc4abf vim-minimal-6.3.046-0.30E.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=289560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0069 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCFgweXlSAg2UNWIIRAgl3AKDD8m5pEQdGhlB+rhd88hP6GqehNwCfT5UL TXg+xP9PIgh9xWFHHI5gSqk= =N7cb -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Feb 18 15:40:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 18 Feb 2005 10:40 -0500 Subject: [RHSA-2005:132-01] Important: cups security update Message-ID: <200502181540.j1IFeiF25316@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: cups security update Advisory ID: RHSA-2005:132-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-132.html Issue date: 2005-02-18 Updated on: 2005-02-18 Product: Red Hat Enterprise Linux Obsoletes: RHSA-2004:543 CVE Names: CAN-2005-0206 - --------------------------------------------------------------------- 1. Summary: Updated cups packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The Common UNIX Printing System (CUPS) is a print spooler. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect Xpdf. CUPS contained a copy of the Xpdf code used for parsing PDF files and was therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2004-0888 to this issue, and Red Hat released erratum RHSA-2004:543 with updated packages. It was found that the patch used to correct this issue was not sufficient and did not fully protect CUPS running on 64-bit architectures. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0206 to this issue. These updated packages also include a fix that prevents the CUPS initscript from being accidentally replaced. All users of CUPS on 64-bit architectures should upgrade to these updated packages, which contain a corrected patch and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 135378 - CAN-2004-0888 xpdf issues affect cups 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cups-1.1.17-13.3.27.src.rpm 1ca98f1f5febd86bbffd2d9fea1e0e1e cups-1.1.17-13.3.27.src.rpm i386: f6104caf27bb21ad67f198319fd4cc95 cups-1.1.17-13.3.27.i386.rpm 6ec238f22033f8ee1d276d5199a24674 cups-devel-1.1.17-13.3.27.i386.rpm 0a13cb856be593ee65af8897a55e7096 cups-libs-1.1.17-13.3.27.i386.rpm ia64: 197b6abe4fb153a8741817093ba58dda cups-1.1.17-13.3.27.ia64.rpm 0ccc933c63e966874bef2cc81d1efc86 cups-devel-1.1.17-13.3.27.ia64.rpm ad247ca0c4e4201d8477877be9b2f1ad cups-libs-1.1.17-13.3.27.ia64.rpm 0a13cb856be593ee65af8897a55e7096 cups-libs-1.1.17-13.3.27.i386.rpm ppc: f0281159b37f277befa0f5a165d04ccd cups-1.1.17-13.3.27.ppc.rpm 0cf8168e59ddee013e070a3d754dddd6 cups-devel-1.1.17-13.3.27.ppc.rpm 79f954ef8ed389b3e48f5d66fc1937f8 cups-libs-1.1.17-13.3.27.ppc.rpm f82140b38c712450d6ee507cc003ab90 cups-libs-1.1.17-13.3.27.ppc64.rpm s390: d7af94a9f8e711d85c9abfee9b0619f2 cups-1.1.17-13.3.27.s390.rpm 7786faa68f814a37e1b4979a22b2aec4 cups-devel-1.1.17-13.3.27.s390.rpm fbfc97f372d0010300a9ac1094e19a04 cups-libs-1.1.17-13.3.27.s390.rpm s390x: 231161818abf90a6746cf50fca215250 cups-1.1.17-13.3.27.s390x.rpm 8f622556db1d14d833347d5629439a94 cups-devel-1.1.17-13.3.27.s390x.rpm b7b6ab4b8d1cd37e6ea31bd97b4630ec cups-libs-1.1.17-13.3.27.s390x.rpm fbfc97f372d0010300a9ac1094e19a04 cups-libs-1.1.17-13.3.27.s390.rpm x86_64: 7b68b04b926693bec7ad1d74ddbbfeb5 cups-1.1.17-13.3.27.x86_64.rpm b3b88c0f375bf459af82b87e0a66d0e7 cups-devel-1.1.17-13.3.27.x86_64.rpm 92710b16c28b8e71fc7b82e7e8f743fd cups-libs-1.1.17-13.3.27.x86_64.rpm 0a13cb856be593ee65af8897a55e7096 cups-libs-1.1.17-13.3.27.i386.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cups-1.1.17-13.3.27.src.rpm 1ca98f1f5febd86bbffd2d9fea1e0e1e cups-1.1.17-13.3.27.src.rpm i386: f6104caf27bb21ad67f198319fd4cc95 cups-1.1.17-13.3.27.i386.rpm 6ec238f22033f8ee1d276d5199a24674 cups-devel-1.1.17-13.3.27.i386.rpm 0a13cb856be593ee65af8897a55e7096 cups-libs-1.1.17-13.3.27.i386.rpm x86_64: 7b68b04b926693bec7ad1d74ddbbfeb5 cups-1.1.17-13.3.27.x86_64.rpm b3b88c0f375bf459af82b87e0a66d0e7 cups-devel-1.1.17-13.3.27.x86_64.rpm 92710b16c28b8e71fc7b82e7e8f743fd cups-libs-1.1.17-13.3.27.x86_64.rpm 0a13cb856be593ee65af8897a55e7096 cups-libs-1.1.17-13.3.27.i386.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cups-1.1.17-13.3.27.src.rpm 1ca98f1f5febd86bbffd2d9fea1e0e1e cups-1.1.17-13.3.27.src.rpm i386: f6104caf27bb21ad67f198319fd4cc95 cups-1.1.17-13.3.27.i386.rpm 6ec238f22033f8ee1d276d5199a24674 cups-devel-1.1.17-13.3.27.i386.rpm 0a13cb856be593ee65af8897a55e7096 cups-libs-1.1.17-13.3.27.i386.rpm ia64: 197b6abe4fb153a8741817093ba58dda cups-1.1.17-13.3.27.ia64.rpm 0ccc933c63e966874bef2cc81d1efc86 cups-devel-1.1.17-13.3.27.ia64.rpm ad247ca0c4e4201d8477877be9b2f1ad cups-libs-1.1.17-13.3.27.ia64.rpm 0a13cb856be593ee65af8897a55e7096 cups-libs-1.1.17-13.3.27.i386.rpm x86_64: 7b68b04b926693bec7ad1d74ddbbfeb5 cups-1.1.17-13.3.27.x86_64.rpm b3b88c0f375bf459af82b87e0a66d0e7 cups-devel-1.1.17-13.3.27.x86_64.rpm 92710b16c28b8e71fc7b82e7e8f743fd cups-libs-1.1.17-13.3.27.x86_64.rpm 0a13cb856be593ee65af8897a55e7096 cups-libs-1.1.17-13.3.27.i386.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cups-1.1.17-13.3.27.src.rpm 1ca98f1f5febd86bbffd2d9fea1e0e1e cups-1.1.17-13.3.27.src.rpm i386: f6104caf27bb21ad67f198319fd4cc95 cups-1.1.17-13.3.27.i386.rpm 6ec238f22033f8ee1d276d5199a24674 cups-devel-1.1.17-13.3.27.i386.rpm 0a13cb856be593ee65af8897a55e7096 cups-libs-1.1.17-13.3.27.i386.rpm ia64: 197b6abe4fb153a8741817093ba58dda cups-1.1.17-13.3.27.ia64.rpm 0ccc933c63e966874bef2cc81d1efc86 cups-devel-1.1.17-13.3.27.ia64.rpm ad247ca0c4e4201d8477877be9b2f1ad cups-libs-1.1.17-13.3.27.ia64.rpm 0a13cb856be593ee65af8897a55e7096 cups-libs-1.1.17-13.3.27.i386.rpm x86_64: 7b68b04b926693bec7ad1d74ddbbfeb5 cups-1.1.17-13.3.27.x86_64.rpm b3b88c0f375bf459af82b87e0a66d0e7 cups-devel-1.1.17-13.3.27.x86_64.rpm 92710b16c28b8e71fc7b82e7e8f743fd cups-libs-1.1.17-13.3.27.x86_64.rpm 0a13cb856be593ee65af8897a55e7096 cups-libs-1.1.17-13.3.27.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0206 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCFgxyXlSAg2UNWIIRAueIAJ4t70dXF8ySPpMCYNaMTa3/xp25sgCglEH1 iE4k+8Phwg5VBnwPTHDVSFI= =oNGr -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Feb 18 17:30:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 18 Feb 2005 12:30 -0500 Subject: [RHSA-2005:092-01] Important: kernel security update Message-ID: <200502181730.j1IHUkF01351@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2005:092-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-092.html Issue date: 2005-02-18 Updated on: 2005-02-18 Product: Red Hat Enterprise Linux Keywords: nahant kernel security errata CVE Names: CAN-2004-1056 CAN-2004-1137 CAN-2004-1235 CAN-2005-0001 CAN-2005-0090 CAN-2005-0091 CAN-2005-0092 CAN-2005-0176 CAN-2005-0177 CAN-2005-0178 CAN-2005-0179 CAN-2005-0180 CAN-2005-0204 - --------------------------------------------------------------------- 1. Summary: Updated kernel packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i686, ia64, noarch, ppc64, ppc64iseries, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i686, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i686, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i686, ia64, noarch, x86_64 3. Problem description: The Linux kernel handles the basic functions of the operating system. This advisory includes fixes for several security issues: iSEC Security Research discovered multiple vulnerabilities in the IGMP functionality. These flaws could allow a local user to cause a denial of service (crash) or potentially gain privileges. Where multicast applications are being used on a system, these flaws may also allow remote users to cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1137 to this issue. iSEC Security Research discovered a flaw in the page fault handler code that could lead to local users gaining elevated (root) privileges on multiprocessor machines. (CAN-2005-0001) iSEC Security Research discovered a VMA handling flaw in the uselib(2) system call of the Linux kernel. A local user could make use of this flaw to gain elevated (root) privileges. (CAN-2004-1235) A flaw affecting the OUTS instruction on the AMD64 and Intel EM64T architecture was discovered. A local user could use this flaw to write to privileged IO ports. (CAN-2005-0204) The Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) or possibly modify the video output. (CAN-2004-1056) OGAWA Hirofumi discovered incorrect tables sizes being used in the filesystem Native Language Support ASCII translation table. This could lead to a denial of service (system crash). (CAN-2005-0177) Michael Kerrisk discovered a flaw in the 2.6.9 kernel which allows users to unlock arbitrary shared memory segments. This flaw could lead to applications not behaving as expected. (CAN-2005-0176) Improvements in the POSIX signal and tty standards compliance exposed a race condition. This flaw can be triggered accidentally by threaded applications or deliberately by a malicious user and can result in a denial of service (crash) or in occasional cases give access to a small random chunk of kernel memory. (CAN-2005-0178) The PaX team discovered a flaw in mlockall introduced in the 2.6.9 kernel. An unprivileged user could use this flaw to cause a denial of service (CPU and memory consumption or crash). (CAN-2005-0179) Brad Spengler discovered multiple flaws in sg_scsi_ioctl in the 2.6 kernel. An unprivileged user may be able to use this flaw to cause a denial of service (crash) or possibly other actions. (CAN-2005-0180) Kirill Korotaev discovered a missing access check regression in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch. On systems using the hugemem kernel, a local unprivileged user could use this flaw to cause a denial of service (crash). (CAN-2005-0090) A flaw in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch can allow syscalls to read and write arbitrary kernel memory. On systems using the hugemem kernel, a local unprivileged user could use this flaw to gain privileges. (CAN-2005-0091) An additional flaw in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch was discovered. On x86 systems using the hugemem kernel, a local unprivileged user may be able to use this flaw to cause a denial of service (crash). (CAN-2005-0092) All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 139436 - Kernel does not export get_sb_pseudo() 144471 - CAN-2005-0176 unlock someone elses ipc memory 146095 - CAN-2005-0177 nls_ascii incorrect table size 146101 - CAN-2005-0178 tty/setsid race 141390 - Harmless yet annoying parted message about using deprecated SCSI ioctl 146083 - 20041212 Clear ebp on sysenter return 144412 - CAN-2005-0001 page fault @ SMP privilege escalation 142670 - CAN-2004-1137 IGMP flaws 144131 - CAN-2005-0090 4GB split DoS 144658 - CAN-2005-0091 4g4g PROT_NONE fix (CAN-2005-0092) 144136 - CAN-2004-1235 isec.pl do_brk() privilege escalation 144391 - CAN-2004-1056 insufficient locking checks in DRM code 144528 - CAN-2005-0179 RLIMIT_MEMLOCK bypass and (2.6) unprivileged user DoS 144532 - random poolsize sysctl handler integer overflow 144522 - CAN-2005-0180 2.6 scsi ioctl integer overflow and information leak 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-5.0.3.EL.src.rpm 410c49d04b3b8cf9a2c1130096982f9a kernel-2.6.9-5.0.3.EL.src.rpm i686: 01f51a962183d419fe8a2ecf6cb561a1 kernel-2.6.9-5.0.3.EL.i686.rpm 3fad66e2d75c44e4fd94f9eb84034986 kernel-devel-2.6.9-5.0.3.EL.i686.rpm f09d1f49812c9218b89cf0cf487cc1de kernel-hugemem-2.6.9-5.0.3.EL.i686.rpm 6e4d734755067abe92a365d13b2f2e2b kernel-hugemem-devel-2.6.9-5.0.3.EL.i686.rpm 474806e4323053105d958ca722d4d03c kernel-smp-2.6.9-5.0.3.EL.i686.rpm e94313c04ffe8780b01cb070e97fae89 kernel-smp-devel-2.6.9-5.0.3.EL.i686.rpm ia64: 59f8eac832cf916f5e39aec276c4701e kernel-2.6.9-5.0.3.EL.ia64.rpm df40e96eda8774eeafff8b9049e2a130 kernel-devel-2.6.9-5.0.3.EL.ia64.rpm noarch: 8a47fc40c6ee9edb36379830dd25e8b6 kernel-doc-2.6.9-5.0.3.EL.noarch.rpm ppc64: c1d102a9d0ebc3b14b9fb234b7ad6c71 kernel-2.6.9-5.0.3.EL.ppc64.rpm cc5518c843849f4dc8bb63bf5ea8f78f kernel-devel-2.6.9-5.0.3.EL.ppc64.rpm ppc64iseries: 9a72c2b7b88fb0adccbe673b7cbe48cb kernel-2.6.9-5.0.3.EL.ppc64iseries.rpm 5e83f4285d7c6db08c8c8c848a1115b8 kernel-devel-2.6.9-5.0.3.EL.ppc64iseries.rpm s390: 05f40027c7f763cf9cfa7a2c85b33e5d kernel-2.6.9-5.0.3.EL.s390.rpm 620deab947a69c3441b8d99b2e7ac8d1 kernel-devel-2.6.9-5.0.3.EL.s390.rpm s390x: a9c65e57550e2f17bc0b214eb826c0d4 kernel-2.6.9-5.0.3.EL.s390x.rpm b7c7b8103dbc691ca1ba7e9623157fd6 kernel-devel-2.6.9-5.0.3.EL.s390x.rpm x86_64: ef50566b246b62f8ab06beca078f82f8 kernel-2.6.9-5.0.3.EL.x86_64.rpm 3fda2109ae4d02fedd1b94e6b0bb0169 kernel-devel-2.6.9-5.0.3.EL.x86_64.rpm 61df8eb584e32c495b3a119ff37c6601 kernel-smp-2.6.9-5.0.3.EL.x86_64.rpm 0102536cb72ffa87dacd953eaef04a3b kernel-smp-devel-2.6.9-5.0.3.EL.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-5.0.3.EL.src.rpm 410c49d04b3b8cf9a2c1130096982f9a kernel-2.6.9-5.0.3.EL.src.rpm i686: 01f51a962183d419fe8a2ecf6cb561a1 kernel-2.6.9-5.0.3.EL.i686.rpm 3fad66e2d75c44e4fd94f9eb84034986 kernel-devel-2.6.9-5.0.3.EL.i686.rpm f09d1f49812c9218b89cf0cf487cc1de kernel-hugemem-2.6.9-5.0.3.EL.i686.rpm 6e4d734755067abe92a365d13b2f2e2b kernel-hugemem-devel-2.6.9-5.0.3.EL.i686.rpm 474806e4323053105d958ca722d4d03c kernel-smp-2.6.9-5.0.3.EL.i686.rpm e94313c04ffe8780b01cb070e97fae89 kernel-smp-devel-2.6.9-5.0.3.EL.i686.rpm noarch: 8a47fc40c6ee9edb36379830dd25e8b6 kernel-doc-2.6.9-5.0.3.EL.noarch.rpm x86_64: ef50566b246b62f8ab06beca078f82f8 kernel-2.6.9-5.0.3.EL.x86_64.rpm 3fda2109ae4d02fedd1b94e6b0bb0169 kernel-devel-2.6.9-5.0.3.EL.x86_64.rpm 61df8eb584e32c495b3a119ff37c6601 kernel-smp-2.6.9-5.0.3.EL.x86_64.rpm 0102536cb72ffa87dacd953eaef04a3b kernel-smp-devel-2.6.9-5.0.3.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-5.0.3.EL.src.rpm 410c49d04b3b8cf9a2c1130096982f9a kernel-2.6.9-5.0.3.EL.src.rpm i686: 01f51a962183d419fe8a2ecf6cb561a1 kernel-2.6.9-5.0.3.EL.i686.rpm 3fad66e2d75c44e4fd94f9eb84034986 kernel-devel-2.6.9-5.0.3.EL.i686.rpm f09d1f49812c9218b89cf0cf487cc1de kernel-hugemem-2.6.9-5.0.3.EL.i686.rpm 6e4d734755067abe92a365d13b2f2e2b kernel-hugemem-devel-2.6.9-5.0.3.EL.i686.rpm 474806e4323053105d958ca722d4d03c kernel-smp-2.6.9-5.0.3.EL.i686.rpm e94313c04ffe8780b01cb070e97fae89 kernel-smp-devel-2.6.9-5.0.3.EL.i686.rpm ia64: 59f8eac832cf916f5e39aec276c4701e kernel-2.6.9-5.0.3.EL.ia64.rpm df40e96eda8774eeafff8b9049e2a130 kernel-devel-2.6.9-5.0.3.EL.ia64.rpm noarch: 8a47fc40c6ee9edb36379830dd25e8b6 kernel-doc-2.6.9-5.0.3.EL.noarch.rpm x86_64: ef50566b246b62f8ab06beca078f82f8 kernel-2.6.9-5.0.3.EL.x86_64.rpm 3fda2109ae4d02fedd1b94e6b0bb0169 kernel-devel-2.6.9-5.0.3.EL.x86_64.rpm 61df8eb584e32c495b3a119ff37c6601 kernel-smp-2.6.9-5.0.3.EL.x86_64.rpm 0102536cb72ffa87dacd953eaef04a3b kernel-smp-devel-2.6.9-5.0.3.EL.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-5.0.3.EL.src.rpm 410c49d04b3b8cf9a2c1130096982f9a kernel-2.6.9-5.0.3.EL.src.rpm i686: 01f51a962183d419fe8a2ecf6cb561a1 kernel-2.6.9-5.0.3.EL.i686.rpm 3fad66e2d75c44e4fd94f9eb84034986 kernel-devel-2.6.9-5.0.3.EL.i686.rpm f09d1f49812c9218b89cf0cf487cc1de kernel-hugemem-2.6.9-5.0.3.EL.i686.rpm 6e4d734755067abe92a365d13b2f2e2b kernel-hugemem-devel-2.6.9-5.0.3.EL.i686.rpm 474806e4323053105d958ca722d4d03c kernel-smp-2.6.9-5.0.3.EL.i686.rpm e94313c04ffe8780b01cb070e97fae89 kernel-smp-devel-2.6.9-5.0.3.EL.i686.rpm ia64: 59f8eac832cf916f5e39aec276c4701e kernel-2.6.9-5.0.3.EL.ia64.rpm df40e96eda8774eeafff8b9049e2a130 kernel-devel-2.6.9-5.0.3.EL.ia64.rpm noarch: 8a47fc40c6ee9edb36379830dd25e8b6 kernel-doc-2.6.9-5.0.3.EL.noarch.rpm x86_64: ef50566b246b62f8ab06beca078f82f8 kernel-2.6.9-5.0.3.EL.x86_64.rpm 3fda2109ae4d02fedd1b94e6b0bb0169 kernel-devel-2.6.9-5.0.3.EL.x86_64.rpm 61df8eb584e32c495b3a119ff37c6601 kernel-smp-2.6.9-5.0.3.EL.x86_64.rpm 0102536cb72ffa87dacd953eaef04a3b kernel-smp-devel-2.6.9-5.0.3.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.isec.pl/vulnerabilities/isec-0018-igmp.txt http://www.isec.pl/vulnerabilities/isec-0021-uselib.txt http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1056 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0177 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0204 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCFiWWXlSAg2UNWIIRArEnAJ4pykOD9vQDM4rF19nnrAwchJxVngCfejNd aDeOLO4by5bLntIUE5mBTjk= =FAcE -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Feb 23 17:20:00 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 23 Feb 2005 12:20 -0500 Subject: [RHSA-2005:128-01] Moderate: imap security update Message-ID: <200502231720.j1NHK7F29244@lacrosse.corp.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: imap security update Advisory ID: RHSA-2005:128-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-128.html Issue date: 2005-02-23 Updated on: 2005-02-23 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0198 - --------------------------------------------------------------------- 1. Summary: Updated imap packages to correct a security vulnerability in CRAM-MD5 authentication are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The imap package provides server daemons for both the IMAP (Internet Message Access Protocol) and POP (Post Office Protocol) mail access protocols. A logic error in the CRAM-MD5 code in the University of Washington IMAP (UW-IMAP) server was discovered. When Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, UW-IMAP does not properly enforce all the required conditions for successful authentication, which could allow remote attackers to authenticate as arbitrary users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0198 to this issue. All users of imap should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 145469 - CAN-2005-0198 user validation issue in imap when using CRAM-MD5 authetication 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/imap-2002d-11.src.rpm 2d7e7e03477577aabeb0f176db08740f imap-2002d-11.src.rpm i386: 97da6c0d242f8a18dcc547e4000a02a1 imap-2002d-11.i386.rpm 09ad8c9c216ac02298a27ba8afbe55a1 imap-devel-2002d-11.i386.rpm 6755ed4aad9da6dcaaefd653817f4583 imap-utils-2002d-11.i386.rpm ia64: 5e6d328fc48312da633abe55e7a6034e imap-2002d-11.ia64.rpm 980543c94ca17afb7edf519a33438e77 imap-devel-2002d-11.ia64.rpm ac83beb7897cac768ce91bec28e674c4 imap-utils-2002d-11.ia64.rpm ppc: 7d902e8d3a7e589bc6bf8667399ec300 imap-2002d-11.ppc.rpm 3ac8da353576a52130dc83f2dff3c4bc imap-devel-2002d-11.ppc.rpm d2401167861ea55636c881c32811605c imap-utils-2002d-11.ppc.rpm s390: 8370cf8ec7531f8486fb787ec3d6280c imap-2002d-11.s390.rpm 2018192b39bb7b7657ba838efe5720f2 imap-devel-2002d-11.s390.rpm 9dabfb512ad8ca7b6da646ea42d1cf30 imap-utils-2002d-11.s390.rpm s390x: 30c5d71303d6eee24b760d086716c4c1 imap-2002d-11.s390x.rpm d5408c52538e4cb779602dc791436067 imap-devel-2002d-11.s390x.rpm 2887fb3d5b130332f276bca1dbe76fae imap-utils-2002d-11.s390x.rpm x86_64: 80f67d9bf7b6df94118e22a3b32aa53f imap-2002d-11.x86_64.rpm 5bcf24eba1918795fe755b96d8da590b imap-devel-2002d-11.x86_64.rpm 841c05f81ac892ccc9c1f92b5c17203d imap-utils-2002d-11.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/imap-2002d-11.src.rpm 2d7e7e03477577aabeb0f176db08740f imap-2002d-11.src.rpm i386: 97da6c0d242f8a18dcc547e4000a02a1 imap-2002d-11.i386.rpm 09ad8c9c216ac02298a27ba8afbe55a1 imap-devel-2002d-11.i386.rpm 6755ed4aad9da6dcaaefd653817f4583 imap-utils-2002d-11.i386.rpm x86_64: 80f67d9bf7b6df94118e22a3b32aa53f imap-2002d-11.x86_64.rpm 5bcf24eba1918795fe755b96d8da590b imap-devel-2002d-11.x86_64.rpm 841c05f81ac892ccc9c1f92b5c17203d imap-utils-2002d-11.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/imap-2002d-11.src.rpm 2d7e7e03477577aabeb0f176db08740f imap-2002d-11.src.rpm i386: 97da6c0d242f8a18dcc547e4000a02a1 imap-2002d-11.i386.rpm 09ad8c9c216ac02298a27ba8afbe55a1 imap-devel-2002d-11.i386.rpm 6755ed4aad9da6dcaaefd653817f4583 imap-utils-2002d-11.i386.rpm ia64: 5e6d328fc48312da633abe55e7a6034e imap-2002d-11.ia64.rpm 980543c94ca17afb7edf519a33438e77 imap-devel-2002d-11.ia64.rpm ac83beb7897cac768ce91bec28e674c4 imap-utils-2002d-11.ia64.rpm x86_64: 80f67d9bf7b6df94118e22a3b32aa53f imap-2002d-11.x86_64.rpm 5bcf24eba1918795fe755b96d8da590b imap-devel-2002d-11.x86_64.rpm 841c05f81ac892ccc9c1f92b5c17203d imap-utils-2002d-11.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/imap-2002d-11.src.rpm 2d7e7e03477577aabeb0f176db08740f imap-2002d-11.src.rpm i386: 97da6c0d242f8a18dcc547e4000a02a1 imap-2002d-11.i386.rpm 09ad8c9c216ac02298a27ba8afbe55a1 imap-devel-2002d-11.i386.rpm 6755ed4aad9da6dcaaefd653817f4583 imap-utils-2002d-11.i386.rpm ia64: 5e6d328fc48312da633abe55e7a6034e imap-2002d-11.ia64.rpm 980543c94ca17afb7edf519a33438e77 imap-devel-2002d-11.ia64.rpm ac83beb7897cac768ce91bec28e674c4 imap-utils-2002d-11.ia64.rpm x86_64: 80f67d9bf7b6df94118e22a3b32aa53f imap-2002d-11.x86_64.rpm 5bcf24eba1918795fe755b96d8da590b imap-devel-2002d-11.x86_64.rpm 841c05f81ac892ccc9c1f92b5c17203d imap-utils-2002d-11.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.kb.cert.org/vuls/id/702777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0198 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCHLs2XlSAg2UNWIIRAgF3AKCplCZghnXNjzCUS9vDb/tSGqYBfQCgxXM0 RmgucHVB0awn3lEOFvOIrEY= =CBQA -----END PGP SIGNATURE-----