From bugzilla at redhat.com Wed Nov 2 13:23:15 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Nov 2005 08:23:15 -0500 Subject: [RHSA-2005:807-00] Moderate: curl security update Message-ID: <200511021323.jA2DNFdw023841@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: curl security update Advisory ID: RHSA-2005:807-00 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-807.html Issue date: 2005-11-02 Updated on: 2005-11-02 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3185 - --------------------------------------------------------------------- 1. Summary: Updated curl packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. A stack based buffer overflow bug was found in cURL's NTLM authentication module. It is possible to execute arbitrary code on a user's machine if the user can be tricked into connecting to a malicious web server using NTLM authentication. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3185 to this issue. All users of curl are advised to upgrade to these updated packages, which contain a backported patch that resolve this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 170678 - CAN-2005-3185 NTLM buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/curl-7.10.6-7.rhel3.src.rpm 1b0d0a36924e60bf0c6ef75974c04ca8 curl-7.10.6-7.rhel3.src.rpm i386: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 70ad959c7f566c2145d6024845d3a78f curl-devel-7.10.6-7.rhel3.i386.rpm ia64: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 199d6a6f2e21733a86ed346b2cbe089f curl-7.10.6-7.rhel3.ia64.rpm 0b95f082281ae4d9d460281b39b46aa0 curl-devel-7.10.6-7.rhel3.ia64.rpm ppc: 77a1836af930e5326110ee8690317901 curl-7.10.6-7.rhel3.ppc.rpm 908d24e3cbc7d08036d43733d7ae2022 curl-7.10.6-7.rhel3.ppc64.rpm 0fc4b76591d36237efc18d58bb1566ec curl-devel-7.10.6-7.rhel3.ppc.rpm s390: 7ade82b95dae4bc22e4030731ffbc641 curl-7.10.6-7.rhel3.s390.rpm 1ceb1c3662fb96ea90ebda1c46df2706 curl-devel-7.10.6-7.rhel3.s390.rpm s390x: 7ade82b95dae4bc22e4030731ffbc641 curl-7.10.6-7.rhel3.s390.rpm b246e88f93093cb48eb1a86a8b80fe71 curl-7.10.6-7.rhel3.s390x.rpm aa34b35194bba528ed3b2c066b709508 curl-devel-7.10.6-7.rhel3.s390x.rpm x86_64: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 8646b2ff68f5f1ee2cc1ff5da875e7c7 curl-7.10.6-7.rhel3.x86_64.rpm 65db40cfdfc676fd1a12c0b6bfae699a curl-devel-7.10.6-7.rhel3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/curl-7.10.6-7.rhel3.src.rpm 1b0d0a36924e60bf0c6ef75974c04ca8 curl-7.10.6-7.rhel3.src.rpm i386: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 70ad959c7f566c2145d6024845d3a78f curl-devel-7.10.6-7.rhel3.i386.rpm x86_64: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 8646b2ff68f5f1ee2cc1ff5da875e7c7 curl-7.10.6-7.rhel3.x86_64.rpm 65db40cfdfc676fd1a12c0b6bfae699a curl-devel-7.10.6-7.rhel3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/curl-7.10.6-7.rhel3.src.rpm 1b0d0a36924e60bf0c6ef75974c04ca8 curl-7.10.6-7.rhel3.src.rpm i386: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 70ad959c7f566c2145d6024845d3a78f curl-devel-7.10.6-7.rhel3.i386.rpm ia64: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 199d6a6f2e21733a86ed346b2cbe089f curl-7.10.6-7.rhel3.ia64.rpm 0b95f082281ae4d9d460281b39b46aa0 curl-devel-7.10.6-7.rhel3.ia64.rpm x86_64: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 8646b2ff68f5f1ee2cc1ff5da875e7c7 curl-7.10.6-7.rhel3.x86_64.rpm 65db40cfdfc676fd1a12c0b6bfae699a curl-devel-7.10.6-7.rhel3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/curl-7.10.6-7.rhel3.src.rpm 1b0d0a36924e60bf0c6ef75974c04ca8 curl-7.10.6-7.rhel3.src.rpm i386: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 70ad959c7f566c2145d6024845d3a78f curl-devel-7.10.6-7.rhel3.i386.rpm ia64: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 199d6a6f2e21733a86ed346b2cbe089f curl-7.10.6-7.rhel3.ia64.rpm 0b95f082281ae4d9d460281b39b46aa0 curl-devel-7.10.6-7.rhel3.ia64.rpm x86_64: ecfce4eee3ede7414af9419bb857a663 curl-7.10.6-7.rhel3.i386.rpm 8646b2ff68f5f1ee2cc1ff5da875e7c7 curl-7.10.6-7.rhel3.x86_64.rpm 65db40cfdfc676fd1a12c0b6bfae699a curl-devel-7.10.6-7.rhel3.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/curl-7.12.1-6.rhel4.src.rpm 354e2083a66997cc4f868b08f049798e curl-7.12.1-6.rhel4.src.rpm i386: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm 0bab280280fa3770e00b88cf34dab80e curl-devel-7.12.1-6.rhel4.i386.rpm ia64: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm 07c388d071c757bbc7333538f3258ea3 curl-7.12.1-6.rhel4.ia64.rpm 1009a4b23eccdf737d123cd073000d57 curl-devel-7.12.1-6.rhel4.ia64.rpm ppc: bbb86cd7e5976de2a7784c32db0e4233 curl-7.12.1-6.rhel4.ppc.rpm f12164cdc06758194f8c5c7893a63836 curl-7.12.1-6.rhel4.ppc64.rpm e410212395e7af4797aae342bdf1a590 curl-devel-7.12.1-6.rhel4.ppc.rpm s390: cc8e0c6478a8af638c61e406ddafbaaa curl-7.12.1-6.rhel4.s390.rpm 61b6e8d9e57dcf391b202bb81db6955b curl-devel-7.12.1-6.rhel4.s390.rpm s390x: cc8e0c6478a8af638c61e406ddafbaaa curl-7.12.1-6.rhel4.s390.rpm 5c79c8a8422d02e326f9b3654fd6805c curl-7.12.1-6.rhel4.s390x.rpm e5c6bb0ff192c70f77557235b9791c96 curl-devel-7.12.1-6.rhel4.s390x.rpm x86_64: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm dc308198a4f9c9e5477911096a5e65de curl-7.12.1-6.rhel4.x86_64.rpm 6cc5d58957f9ddb9fef20c6201fe4e33 curl-devel-7.12.1-6.rhel4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/curl-7.12.1-6.rhel4.src.rpm 354e2083a66997cc4f868b08f049798e curl-7.12.1-6.rhel4.src.rpm i386: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm 0bab280280fa3770e00b88cf34dab80e curl-devel-7.12.1-6.rhel4.i386.rpm x86_64: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm dc308198a4f9c9e5477911096a5e65de curl-7.12.1-6.rhel4.x86_64.rpm 6cc5d58957f9ddb9fef20c6201fe4e33 curl-devel-7.12.1-6.rhel4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/curl-7.12.1-6.rhel4.src.rpm 354e2083a66997cc4f868b08f049798e curl-7.12.1-6.rhel4.src.rpm i386: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm 0bab280280fa3770e00b88cf34dab80e curl-devel-7.12.1-6.rhel4.i386.rpm ia64: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm 07c388d071c757bbc7333538f3258ea3 curl-7.12.1-6.rhel4.ia64.rpm 1009a4b23eccdf737d123cd073000d57 curl-devel-7.12.1-6.rhel4.ia64.rpm x86_64: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm dc308198a4f9c9e5477911096a5e65de curl-7.12.1-6.rhel4.x86_64.rpm 6cc5d58957f9ddb9fef20c6201fe4e33 curl-devel-7.12.1-6.rhel4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/curl-7.12.1-6.rhel4.src.rpm 354e2083a66997cc4f868b08f049798e curl-7.12.1-6.rhel4.src.rpm i386: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm 0bab280280fa3770e00b88cf34dab80e curl-devel-7.12.1-6.rhel4.i386.rpm ia64: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm 07c388d071c757bbc7333538f3258ea3 curl-7.12.1-6.rhel4.ia64.rpm 1009a4b23eccdf737d123cd073000d57 curl-devel-7.12.1-6.rhel4.ia64.rpm x86_64: 7932c8695503fdf03165952b4c5ded91 curl-7.12.1-6.rhel4.i386.rpm dc308198a4f9c9e5477911096a5e65de curl-7.12.1-6.rhel4.x86_64.rpm 6cc5d58957f9ddb9fef20c6201fe4e33 curl-devel-7.12.1-6.rhel4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDaL2zXlSAg2UNWIIRAijrAJ9+RCOmoT1snIc9dWW6n1F4T6w+wQCfR/bt J7pLvxJbZ2gb6IwmUvBDtRo= =aGua -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 2 13:23:43 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Nov 2005 08:23:43 -0500 Subject: [RHSA-2005:812-00] Important: wget security update Message-ID: <200511021323.jA2DNhwA023913@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: wget security update Advisory ID: RHSA-2005:812-00 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-812.html Issue date: 2005-11-02 Updated on: 2005-11-02 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3185 - --------------------------------------------------------------------- 1. Summary: Updated wget packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: GNU Wget is a file retrieval utility that can use either the HTTP or FTP protocols. A stack based buffer overflow bug was found in the wget implementation of NTLM authentication. An attacker could execute arbitrary code on a user's machine if the user can be tricked into connecting to a malicious web server using NTLM authentication. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3185 to this issue. All users of wget are advised to upgrade to these updated packages, which contain a backported patch that resolves this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 170666 - CVE-2005-3185 NTLM buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/wget-1.10.2-0.AS21.src.rpm 0dd94796b428fabe87d435d390923e4f wget-1.10.2-0.AS21.src.rpm i386: 5d73e35b5004f90f7ab30ed5ffeba1a7 wget-1.10.2-0.AS21.i386.rpm ia64: fa8c7f9f0911416de1d9bb78dbe73316 wget-1.10.2-0.AS21.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/wget-1.10.2-0.AS21.src.rpm 0dd94796b428fabe87d435d390923e4f wget-1.10.2-0.AS21.src.rpm ia64: fa8c7f9f0911416de1d9bb78dbe73316 wget-1.10.2-0.AS21.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/wget-1.10.2-0.AS21.src.rpm 0dd94796b428fabe87d435d390923e4f wget-1.10.2-0.AS21.src.rpm i386: 5d73e35b5004f90f7ab30ed5ffeba1a7 wget-1.10.2-0.AS21.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/wget-1.10.2-0.AS21.src.rpm 0dd94796b428fabe87d435d390923e4f wget-1.10.2-0.AS21.src.rpm i386: 5d73e35b5004f90f7ab30ed5ffeba1a7 wget-1.10.2-0.AS21.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/wget-1.10.2-0.30E.src.rpm 79bf9be891b5493cd9d5153be5c8b643 wget-1.10.2-0.30E.src.rpm i386: 3b51c53ecfc891e3cd90b7b81c090b99 wget-1.10.2-0.30E.i386.rpm ia64: b42610ab3c9738f03293e72d1403f9bc wget-1.10.2-0.30E.ia64.rpm ppc: f296b346305bfdd99c425d1a625a8591 wget-1.10.2-0.30E.ppc.rpm s390: b1c8afce794bc0b32c49829f6ad13c52 wget-1.10.2-0.30E.s390.rpm s390x: a59dde0223e12244246f4ee835d62bfb wget-1.10.2-0.30E.s390x.rpm x86_64: 542385844df09deab610d2cb3ff0c50d wget-1.10.2-0.30E.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/wget-1.10.2-0.30E.src.rpm 79bf9be891b5493cd9d5153be5c8b643 wget-1.10.2-0.30E.src.rpm i386: 3b51c53ecfc891e3cd90b7b81c090b99 wget-1.10.2-0.30E.i386.rpm x86_64: 542385844df09deab610d2cb3ff0c50d wget-1.10.2-0.30E.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/wget-1.10.2-0.30E.src.rpm 79bf9be891b5493cd9d5153be5c8b643 wget-1.10.2-0.30E.src.rpm i386: 3b51c53ecfc891e3cd90b7b81c090b99 wget-1.10.2-0.30E.i386.rpm ia64: b42610ab3c9738f03293e72d1403f9bc wget-1.10.2-0.30E.ia64.rpm x86_64: 542385844df09deab610d2cb3ff0c50d wget-1.10.2-0.30E.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/wget-1.10.2-0.30E.src.rpm 79bf9be891b5493cd9d5153be5c8b643 wget-1.10.2-0.30E.src.rpm i386: 3b51c53ecfc891e3cd90b7b81c090b99 wget-1.10.2-0.30E.i386.rpm ia64: b42610ab3c9738f03293e72d1403f9bc wget-1.10.2-0.30E.ia64.rpm x86_64: 542385844df09deab610d2cb3ff0c50d wget-1.10.2-0.30E.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/wget-1.10.2-0.40E.src.rpm 76148f568dbde50da629ff33998a334e wget-1.10.2-0.40E.src.rpm i386: 4fa60c8abfe3101d2fa306e4513cc0c1 wget-1.10.2-0.40E.i386.rpm ia64: bd35b55e665f3d1d6209bb1444c8447e wget-1.10.2-0.40E.ia64.rpm ppc: f7c373c33aaa7e34a0d733879570a636 wget-1.10.2-0.40E.ppc.rpm s390: 733d76696609ec7c97e61070a2e60d42 wget-1.10.2-0.40E.s390.rpm s390x: 9313ccd44f1c99dbe6522c649263377d wget-1.10.2-0.40E.s390x.rpm x86_64: 577a2bba859b45cdae671c724172bcef wget-1.10.2-0.40E.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/wget-1.10.2-0.40E.src.rpm 76148f568dbde50da629ff33998a334e wget-1.10.2-0.40E.src.rpm i386: 4fa60c8abfe3101d2fa306e4513cc0c1 wget-1.10.2-0.40E.i386.rpm x86_64: 577a2bba859b45cdae671c724172bcef wget-1.10.2-0.40E.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/wget-1.10.2-0.40E.src.rpm 76148f568dbde50da629ff33998a334e wget-1.10.2-0.40E.src.rpm i386: 4fa60c8abfe3101d2fa306e4513cc0c1 wget-1.10.2-0.40E.i386.rpm ia64: bd35b55e665f3d1d6209bb1444c8447e wget-1.10.2-0.40E.ia64.rpm x86_64: 577a2bba859b45cdae671c724172bcef wget-1.10.2-0.40E.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/wget-1.10.2-0.40E.src.rpm 76148f568dbde50da629ff33998a334e wget-1.10.2-0.40E.src.rpm i386: 4fa60c8abfe3101d2fa306e4513cc0c1 wget-1.10.2-0.40E.i386.rpm ia64: bd35b55e665f3d1d6209bb1444c8447e wget-1.10.2-0.40E.ia64.rpm x86_64: 577a2bba859b45cdae671c724172bcef wget-1.10.2-0.40E.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDaL3RXlSAg2UNWIIRAtOeAJsEFz205OdeSsj5/XPTwuE2m+rYugCgjchp mt/mvCgBauO9H5bft40Eyac= =KWZ4 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 2 13:24:16 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Nov 2005 08:24:16 -0500 Subject: [RHSA-2005:829-00] Important: openssl security update Message-ID: <200511021324.jA2DOGaf023975@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2005:829-00 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-829.html Issue date: 2005-11-02 Updated on: 2005-11-02 Product: Red Hat Enterprise Linux CVE Names: CVE-2004-0079 - --------------------------------------------------------------------- 1. Summary: Updated OpenSSL packages that fix a remote denial of service vulnerability are now available for Red Hat Enterprise Linux 2.1 This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: The OpenSSL toolkit implements Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1) protocols, and serves as a full-strength general purpose cryptography library. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that uses the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the server this could lead to a denial of service. (CVE-2004-0079) This issue was reported as not affecting OpenSSL versions prior to 0.9.6c, and testing with the Codenomicon Test Tool showed that OpenSSL 0.9.6b as shipped in Red Hat Enterprise Linux 2.1 did not crash. However, an alternative reproducer has been written which shows that this issue does affect versions of OpenSSL prior to 0.9.6c. Users of OpenSSL are advised to upgrade to these updated packages, which contain a patch provided by the OpenSSL group that protects against this issue. NOTE: Because server applications are affected by this issue, users are advised to either restart all services that use OpenSSL functionality or restart their systems after installing these updates. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 172092 - CVE-2004-0079 OpenSSL remote DoS 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl-0.9.6b-42.src.rpm 5d3842e1c8c96b582868b7e78df6e068 openssl-0.9.6b-42.src.rpm ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl095a-0.9.5a-28.src.rpm cdec5ba64c9530f5d96ea6a3e61520e9 openssl095a-0.9.5a-28.src.rpm ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl096-0.9.6-28.src.rpm 7c660c40b240fcad363586037ad4f51c openssl096-0.9.6-28.src.rpm i386: dc940cb4df552742d6c7d3fd9c5c9f03 openssl-0.9.6b-42.i386.rpm 09831ac8bbf5d1bbe22c0ead3d13df6d openssl-0.9.6b-42.i686.rpm 94bbc8a314bd892369ff750276c368ad openssl-devel-0.9.6b-42.i386.rpm 8270f82a34c0076248d1a5345c94f212 openssl-perl-0.9.6b-42.i386.rpm f579bb9c0315c7e58050af57e69d0732 openssl095a-0.9.5a-28.i386.rpm a19dce85b7090aec5392b6661c46c359 openssl096-0.9.6-28.i386.rpm ia64: 648efec54ef4c0b7882758aa42ff06c5 openssl-0.9.6b-42.ia64.rpm 44a3f01e959b0d90ae4400164c5b1bbe openssl-devel-0.9.6b-42.ia64.rpm 6bdbd18626254156036ce14a5b424343 openssl-perl-0.9.6b-42.ia64.rpm 1e00b7e4fb4ac90f5459baabd638b635 openssl095a-0.9.5a-28.ia64.rpm 605647590985d7b470662007caf37e58 openssl096-0.9.6-28.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl-0.9.6b-42.src.rpm 5d3842e1c8c96b582868b7e78df6e068 openssl-0.9.6b-42.src.rpm ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl095a-0.9.5a-28.src.rpm cdec5ba64c9530f5d96ea6a3e61520e9 openssl095a-0.9.5a-28.src.rpm ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl096-0.9.6-28.src.rpm 7c660c40b240fcad363586037ad4f51c openssl096-0.9.6-28.src.rpm ia64: 648efec54ef4c0b7882758aa42ff06c5 openssl-0.9.6b-42.ia64.rpm 44a3f01e959b0d90ae4400164c5b1bbe openssl-devel-0.9.6b-42.ia64.rpm 6bdbd18626254156036ce14a5b424343 openssl-perl-0.9.6b-42.ia64.rpm 1e00b7e4fb4ac90f5459baabd638b635 openssl095a-0.9.5a-28.ia64.rpm 605647590985d7b470662007caf37e58 openssl096-0.9.6-28.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openssl-0.9.6b-42.src.rpm 5d3842e1c8c96b582868b7e78df6e068 openssl-0.9.6b-42.src.rpm i386: dc940cb4df552742d6c7d3fd9c5c9f03 openssl-0.9.6b-42.i386.rpm 09831ac8bbf5d1bbe22c0ead3d13df6d openssl-0.9.6b-42.i686.rpm 94bbc8a314bd892369ff750276c368ad openssl-devel-0.9.6b-42.i386.rpm 8270f82a34c0076248d1a5345c94f212 openssl-perl-0.9.6b-42.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openssl-0.9.6b-42.src.rpm 5d3842e1c8c96b582868b7e78df6e068 openssl-0.9.6b-42.src.rpm i386: dc940cb4df552742d6c7d3fd9c5c9f03 openssl-0.9.6b-42.i386.rpm 09831ac8bbf5d1bbe22c0ead3d13df6d openssl-0.9.6b-42.i686.rpm 94bbc8a314bd892369ff750276c368ad openssl-devel-0.9.6b-42.i386.rpm 8270f82a34c0076248d1a5345c94f212 openssl-perl-0.9.6b-42.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0079 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDaL3sXlSAg2UNWIIRAongAJ0Tow0yGkrr/9NSEgXY85rKi9gx7gCeJPp1 v3lM5zXBaZ45jTknKF1VIgQ= =20Tx -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 2 13:24:44 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Nov 2005 08:24:44 -0500 Subject: [RHSA-2005:830-00] Moderate: openssl096b security update Message-ID: <200511021324.jA2DOjPX023999@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: openssl096b security update Advisory ID: RHSA-2005:830-00 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-830.html Issue date: 2005-11-02 Updated on: 2005-11-02 Product: Red Hat Enterprise Linux CVE Names: CVE-2004-0079 - --------------------------------------------------------------------- 1. Summary: Updated OpenSSL096b compatibility packages that fix a remote denial of service vulnerability are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The OpenSSL toolkit implements Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1) protocols, and serves as a full-strength general purpose cryptography library. OpenSSL 0.9.6b libraries are provided for Red Hat Enterprise Linux 3 and 4 to allow compatibility with legacy applications. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that uses the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the server this could lead to a denial of service. (CVE-2004-0079) This issue was reported as not affecting OpenSSL versions prior to 0.9.6c, and testing with the Codenomicon Test Tool showed that OpenSSL 0.9.6b as shipped as a compatibility library with Red Hat Enterprise Linux 3 and 4 did not crash. However, an alternative reproducer has been written which shows that this issue does affect versions of OpenSSL prior to 0.9.6c. Note that Red Hat does not ship any applications with Red Hat Enterprise Linux 3 or 4 that use these compatibility libraries. Users of the OpenSSL096b compatibility package are advised to upgrade to these updated packages, which contain a patch provided by the OpenSSL group that protect against this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 172094 - CVE-2004-0079 OpenSSL remote DoS 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl096b-0.9.6b-16.42.src.rpm 50ad02ad6fb78f4b23f595caeeca9413 openssl096b-0.9.6b-16.42.src.rpm i386: e4fca853e3b159453813f3b6ad9da041 openssl096b-0.9.6b-16.42.i386.rpm ia64: e4fca853e3b159453813f3b6ad9da041 openssl096b-0.9.6b-16.42.i386.rpm 4c273f57f6fdfd14d8ff524037cbeef4 openssl096b-0.9.6b-16.42.ia64.rpm ppc: c2bc9f3fa590e7a9ed94a168f3f5cb3d openssl096b-0.9.6b-16.42.ppc.rpm s390: e464c40f299530262a953501e7ac9469 openssl096b-0.9.6b-16.42.s390.rpm s390x: e464c40f299530262a953501e7ac9469 openssl096b-0.9.6b-16.42.s390.rpm x86_64: e4fca853e3b159453813f3b6ad9da041 openssl096b-0.9.6b-16.42.i386.rpm b74da4a6998851214c751c074b07f6ca openssl096b-0.9.6b-16.42.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl096b-0.9.6b-16.42.src.rpm 50ad02ad6fb78f4b23f595caeeca9413 openssl096b-0.9.6b-16.42.src.rpm i386: e4fca853e3b159453813f3b6ad9da041 openssl096b-0.9.6b-16.42.i386.rpm x86_64: e4fca853e3b159453813f3b6ad9da041 openssl096b-0.9.6b-16.42.i386.rpm b74da4a6998851214c751c074b07f6ca openssl096b-0.9.6b-16.42.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl096b-0.9.6b-16.42.src.rpm 50ad02ad6fb78f4b23f595caeeca9413 openssl096b-0.9.6b-16.42.src.rpm i386: e4fca853e3b159453813f3b6ad9da041 openssl096b-0.9.6b-16.42.i386.rpm ia64: e4fca853e3b159453813f3b6ad9da041 openssl096b-0.9.6b-16.42.i386.rpm 4c273f57f6fdfd14d8ff524037cbeef4 openssl096b-0.9.6b-16.42.ia64.rpm x86_64: e4fca853e3b159453813f3b6ad9da041 openssl096b-0.9.6b-16.42.i386.rpm b74da4a6998851214c751c074b07f6ca openssl096b-0.9.6b-16.42.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl096b-0.9.6b-16.42.src.rpm 50ad02ad6fb78f4b23f595caeeca9413 openssl096b-0.9.6b-16.42.src.rpm i386: e4fca853e3b159453813f3b6ad9da041 openssl096b-0.9.6b-16.42.i386.rpm ia64: e4fca853e3b159453813f3b6ad9da041 openssl096b-0.9.6b-16.42.i386.rpm 4c273f57f6fdfd14d8ff524037cbeef4 openssl096b-0.9.6b-16.42.ia64.rpm x86_64: e4fca853e3b159453813f3b6ad9da041 openssl096b-0.9.6b-16.42.i386.rpm b74da4a6998851214c751c074b07f6ca openssl096b-0.9.6b-16.42.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl096b-0.9.6b-22.42.src.rpm 87764837c37b72897a99cea4a555fc76 openssl096b-0.9.6b-22.42.src.rpm i386: a740d87afa3309f0d19b177c8b9bb09d openssl096b-0.9.6b-22.42.i386.rpm ia64: a740d87afa3309f0d19b177c8b9bb09d openssl096b-0.9.6b-22.42.i386.rpm 1d9aac84065f8de480c9c83d12c9bc3c openssl096b-0.9.6b-22.42.ia64.rpm ppc: 6fb51e41445470772b1afac87405283d openssl096b-0.9.6b-22.42.ppc.rpm s390: 776e47d982ba98f3c612ed236d179aa0 openssl096b-0.9.6b-22.42.s390.rpm s390x: 776e47d982ba98f3c612ed236d179aa0 openssl096b-0.9.6b-22.42.s390.rpm x86_64: a740d87afa3309f0d19b177c8b9bb09d openssl096b-0.9.6b-22.42.i386.rpm 291c137c181fce02fda11523027b8835 openssl096b-0.9.6b-22.42.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl096b-0.9.6b-22.42.src.rpm 87764837c37b72897a99cea4a555fc76 openssl096b-0.9.6b-22.42.src.rpm i386: a740d87afa3309f0d19b177c8b9bb09d openssl096b-0.9.6b-22.42.i386.rpm x86_64: a740d87afa3309f0d19b177c8b9bb09d openssl096b-0.9.6b-22.42.i386.rpm 291c137c181fce02fda11523027b8835 openssl096b-0.9.6b-22.42.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl096b-0.9.6b-22.42.src.rpm 87764837c37b72897a99cea4a555fc76 openssl096b-0.9.6b-22.42.src.rpm i386: a740d87afa3309f0d19b177c8b9bb09d openssl096b-0.9.6b-22.42.i386.rpm ia64: a740d87afa3309f0d19b177c8b9bb09d openssl096b-0.9.6b-22.42.i386.rpm 1d9aac84065f8de480c9c83d12c9bc3c openssl096b-0.9.6b-22.42.ia64.rpm x86_64: a740d87afa3309f0d19b177c8b9bb09d openssl096b-0.9.6b-22.42.i386.rpm 291c137c181fce02fda11523027b8835 openssl096b-0.9.6b-22.42.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl096b-0.9.6b-22.42.src.rpm 87764837c37b72897a99cea4a555fc76 openssl096b-0.9.6b-22.42.src.rpm i386: a740d87afa3309f0d19b177c8b9bb09d openssl096b-0.9.6b-22.42.i386.rpm ia64: a740d87afa3309f0d19b177c8b9bb09d openssl096b-0.9.6b-22.42.i386.rpm 1d9aac84065f8de480c9c83d12c9bc3c openssl096b-0.9.6b-22.42.ia64.rpm x86_64: a740d87afa3309f0d19b177c8b9bb09d openssl096b-0.9.6b-22.42.i386.rpm 291c137c181fce02fda11523027b8835 openssl096b-0.9.6b-22.42.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0079 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDaL4QXlSAg2UNWIIRAvX0AJ9VeJD7HOfD31Lc2vcc+NogWnPdsACbBJ+H kk2MHmsVkN1iShdpEBJvnfM= =py0z -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 3 18:46:46 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 3 Nov 2005 13:46:46 -0500 Subject: [RHSA-2005:828-01] Important: libungif security update Message-ID: <200511031846.jA3Ikk4U031449@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: libungif security update Advisory ID: RHSA-2005:828-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-828.html Issue date: 2005-11-03 Updated on: 2005-11-03 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-2974 CVE-2005-3350 - --------------------------------------------------------------------- 1. Summary: Updated libungif packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The libungif package contains a shared library of functions for loading and saving GIF format image files. Several bugs in the way libungif decodes GIF images were discovered. An attacker could create a carefully crafted GIF image file in such a way that it could cause an application linked with libungif to crash or execute arbitrary code when the file is opened by a victim. The Common Vulnerabilities and Exposures project has assigned the names CVE-2005-2974 and CVE-2005-3350 to these issues. All users of libungif are advised to upgrade to these updated packages, which contain backported patches that resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 171413 - CVE-2005-2974 Several libungif issues (CVE-2005-3350) 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libungif-4.1.0-9.5.src.rpm e56ab6dbd063ad9f7ce270d469e91fa1 libungif-4.1.0-9.5.src.rpm i386: 36acb8ed19d5c20d906a9508e8bf7305 libungif-4.1.0-9.5.i386.rpm 3a154e3dcc9b7e938d90843bdfe4b450 libungif-devel-4.1.0-9.5.i386.rpm f27dd46b945755985280c26f22dee762 libungif-progs-4.1.0-9.5.i386.rpm ia64: b318e8b61a7ffe25754095412317092e libungif-4.1.0-9.5.ia64.rpm 84a95d616bd748c8a9f08cd795cbead1 libungif-devel-4.1.0-9.5.ia64.rpm 2f34606d66720b885a6f72d1bc51e9a7 libungif-progs-4.1.0-9.5.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libungif-4.1.0-9.5.src.rpm e56ab6dbd063ad9f7ce270d469e91fa1 libungif-4.1.0-9.5.src.rpm ia64: b318e8b61a7ffe25754095412317092e libungif-4.1.0-9.5.ia64.rpm 84a95d616bd748c8a9f08cd795cbead1 libungif-devel-4.1.0-9.5.ia64.rpm 2f34606d66720b885a6f72d1bc51e9a7 libungif-progs-4.1.0-9.5.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libungif-4.1.0-9.5.src.rpm e56ab6dbd063ad9f7ce270d469e91fa1 libungif-4.1.0-9.5.src.rpm i386: 36acb8ed19d5c20d906a9508e8bf7305 libungif-4.1.0-9.5.i386.rpm 3a154e3dcc9b7e938d90843bdfe4b450 libungif-devel-4.1.0-9.5.i386.rpm f27dd46b945755985280c26f22dee762 libungif-progs-4.1.0-9.5.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libungif-4.1.0-9.5.src.rpm e56ab6dbd063ad9f7ce270d469e91fa1 libungif-4.1.0-9.5.src.rpm i386: 36acb8ed19d5c20d906a9508e8bf7305 libungif-4.1.0-9.5.i386.rpm 3a154e3dcc9b7e938d90843bdfe4b450 libungif-devel-4.1.0-9.5.i386.rpm f27dd46b945755985280c26f22dee762 libungif-progs-4.1.0-9.5.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/libungif-4.1.0-15.el3.3.src.rpm da8a62137ee54bdd7db5f1d54981d5ff libungif-4.1.0-15.el3.3.src.rpm i386: 164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm 68ffa2a86da615dedf5a7ced4ff7baf3 libungif-devel-4.1.0-15.el3.3.i386.rpm ia64: 164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm 2d633b6c29a30b31f1d43a4a16904cf9 libungif-4.1.0-15.el3.3.ia64.rpm 60774b099eced3d03b2fe545b329412b libungif-devel-4.1.0-15.el3.3.ia64.rpm ppc: ceabdafb3ddbfd59ddcca8841a73b154 libungif-4.1.0-15.el3.3.ppc.rpm 8889b6269d28035e829f74b253650282 libungif-4.1.0-15.el3.3.ppc64.rpm b2451ee8075934f12fed4546d0e0d432 libungif-devel-4.1.0-15.el3.3.ppc.rpm s390: d2ab90f1f5e711b715cb37a7f2bd8b69 libungif-4.1.0-15.el3.3.s390.rpm 7a3a9d5dd30cbfe3f00abdb2170ab856 libungif-devel-4.1.0-15.el3.3.s390.rpm s390x: d2ab90f1f5e711b715cb37a7f2bd8b69 libungif-4.1.0-15.el3.3.s390.rpm b32cf8513df8dde6ed0196a6cdc808a3 libungif-4.1.0-15.el3.3.s390x.rpm eac268049e3e0189aad33d8f9a7fba96 libungif-devel-4.1.0-15.el3.3.s390x.rpm x86_64: 164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm 97a4db4e1b075d498b419e226e4985fb libungif-4.1.0-15.el3.3.x86_64.rpm 748454935fb5a2d99cfe13ac510e39e4 libungif-devel-4.1.0-15.el3.3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/libungif-4.1.0-15.el3.3.src.rpm da8a62137ee54bdd7db5f1d54981d5ff libungif-4.1.0-15.el3.3.src.rpm i386: 164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm 68ffa2a86da615dedf5a7ced4ff7baf3 libungif-devel-4.1.0-15.el3.3.i386.rpm x86_64: 164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm 97a4db4e1b075d498b419e226e4985fb libungif-4.1.0-15.el3.3.x86_64.rpm 748454935fb5a2d99cfe13ac510e39e4 libungif-devel-4.1.0-15.el3.3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/libungif-4.1.0-15.el3.3.src.rpm da8a62137ee54bdd7db5f1d54981d5ff libungif-4.1.0-15.el3.3.src.rpm i386: 164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm 68ffa2a86da615dedf5a7ced4ff7baf3 libungif-devel-4.1.0-15.el3.3.i386.rpm ia64: 164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm 2d633b6c29a30b31f1d43a4a16904cf9 libungif-4.1.0-15.el3.3.ia64.rpm 60774b099eced3d03b2fe545b329412b libungif-devel-4.1.0-15.el3.3.ia64.rpm x86_64: 164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm 97a4db4e1b075d498b419e226e4985fb libungif-4.1.0-15.el3.3.x86_64.rpm 748454935fb5a2d99cfe13ac510e39e4 libungif-devel-4.1.0-15.el3.3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/libungif-4.1.0-15.el3.3.src.rpm da8a62137ee54bdd7db5f1d54981d5ff libungif-4.1.0-15.el3.3.src.rpm i386: 164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm 68ffa2a86da615dedf5a7ced4ff7baf3 libungif-devel-4.1.0-15.el3.3.i386.rpm ia64: 164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm 2d633b6c29a30b31f1d43a4a16904cf9 libungif-4.1.0-15.el3.3.ia64.rpm 60774b099eced3d03b2fe545b329412b libungif-devel-4.1.0-15.el3.3.ia64.rpm x86_64: 164b768be58ab848de11b807e2965b09 libungif-4.1.0-15.el3.3.i386.rpm 97a4db4e1b075d498b419e226e4985fb libungif-4.1.0-15.el3.3.x86_64.rpm 748454935fb5a2d99cfe13ac510e39e4 libungif-devel-4.1.0-15.el3.3.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libungif-4.1.3-1.el4.2.src.rpm e241666690d657eeeaa5ead5b3bbfadd libungif-4.1.3-1.el4.2.src.rpm i386: 0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm 0c3fd8a9ef630b0c463c1023f887d811 libungif-devel-4.1.3-1.el4.2.i386.rpm 1bda7d495675421af2e528244dff8ed4 libungif-progs-4.1.3-1.el4.2.i386.rpm ia64: 0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm aea54ec43692c8cff548e80dc816f404 libungif-4.1.3-1.el4.2.ia64.rpm 86c0a610b5294c673c075d6b345009c1 libungif-devel-4.1.3-1.el4.2.ia64.rpm 123867a704cdcbab79c5c9ba581e4c06 libungif-progs-4.1.3-1.el4.2.ia64.rpm ppc: 5a6f7b590f2bfbd183704df45df12693 libungif-4.1.3-1.el4.2.ppc.rpm 893a3232c0eba8f05ebcdc312c127569 libungif-4.1.3-1.el4.2.ppc64.rpm eaf656fe93aafcfb1dbea1a3e96b8d0e libungif-devel-4.1.3-1.el4.2.ppc.rpm b887c1101a8a2eb77ae1870663b0104b libungif-progs-4.1.3-1.el4.2.ppc.rpm s390: d9e60023f796e9592c8ad6769994396a libungif-4.1.3-1.el4.2.s390.rpm 85be309902a46d69331ed7cfbbbf77ac libungif-devel-4.1.3-1.el4.2.s390.rpm 36c47021928a75b4f01cfff9ee70933a libungif-progs-4.1.3-1.el4.2.s390.rpm s390x: d9e60023f796e9592c8ad6769994396a libungif-4.1.3-1.el4.2.s390.rpm 174dbd3ff4ece6690f58e7141cead9a6 libungif-4.1.3-1.el4.2.s390x.rpm f8206bece19a3880051bc6afea0bb16f libungif-devel-4.1.3-1.el4.2.s390x.rpm 4cb4dea2bece5ec618b9e81ac205c984 libungif-progs-4.1.3-1.el4.2.s390x.rpm x86_64: 0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm 8b86bf10b45e74a2da545ff9a4841c66 libungif-4.1.3-1.el4.2.x86_64.rpm 43b1c3400e73db747c99a3cb8f78ad9c libungif-devel-4.1.3-1.el4.2.x86_64.rpm af5059a0c3ec86f9829002226ea8e9af libungif-progs-4.1.3-1.el4.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libungif-4.1.3-1.el4.2.src.rpm e241666690d657eeeaa5ead5b3bbfadd libungif-4.1.3-1.el4.2.src.rpm i386: 0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm 0c3fd8a9ef630b0c463c1023f887d811 libungif-devel-4.1.3-1.el4.2.i386.rpm 1bda7d495675421af2e528244dff8ed4 libungif-progs-4.1.3-1.el4.2.i386.rpm x86_64: 0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm 8b86bf10b45e74a2da545ff9a4841c66 libungif-4.1.3-1.el4.2.x86_64.rpm 43b1c3400e73db747c99a3cb8f78ad9c libungif-devel-4.1.3-1.el4.2.x86_64.rpm af5059a0c3ec86f9829002226ea8e9af libungif-progs-4.1.3-1.el4.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libungif-4.1.3-1.el4.2.src.rpm e241666690d657eeeaa5ead5b3bbfadd libungif-4.1.3-1.el4.2.src.rpm i386: 0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm 0c3fd8a9ef630b0c463c1023f887d811 libungif-devel-4.1.3-1.el4.2.i386.rpm 1bda7d495675421af2e528244dff8ed4 libungif-progs-4.1.3-1.el4.2.i386.rpm ia64: 0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm aea54ec43692c8cff548e80dc816f404 libungif-4.1.3-1.el4.2.ia64.rpm 86c0a610b5294c673c075d6b345009c1 libungif-devel-4.1.3-1.el4.2.ia64.rpm 123867a704cdcbab79c5c9ba581e4c06 libungif-progs-4.1.3-1.el4.2.ia64.rpm x86_64: 0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm 8b86bf10b45e74a2da545ff9a4841c66 libungif-4.1.3-1.el4.2.x86_64.rpm 43b1c3400e73db747c99a3cb8f78ad9c libungif-devel-4.1.3-1.el4.2.x86_64.rpm af5059a0c3ec86f9829002226ea8e9af libungif-progs-4.1.3-1.el4.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libungif-4.1.3-1.el4.2.src.rpm e241666690d657eeeaa5ead5b3bbfadd libungif-4.1.3-1.el4.2.src.rpm i386: 0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm 0c3fd8a9ef630b0c463c1023f887d811 libungif-devel-4.1.3-1.el4.2.i386.rpm 1bda7d495675421af2e528244dff8ed4 libungif-progs-4.1.3-1.el4.2.i386.rpm ia64: 0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm aea54ec43692c8cff548e80dc816f404 libungif-4.1.3-1.el4.2.ia64.rpm 86c0a610b5294c673c075d6b345009c1 libungif-devel-4.1.3-1.el4.2.ia64.rpm 123867a704cdcbab79c5c9ba581e4c06 libungif-progs-4.1.3-1.el4.2.ia64.rpm x86_64: 0f0bbddea36d3b7a54c4549c10486ed1 libungif-4.1.3-1.el4.2.i386.rpm 8b86bf10b45e74a2da545ff9a4841c66 libungif-4.1.3-1.el4.2.x86_64.rpm 43b1c3400e73db747c99a3cb8f78ad9c libungif-devel-4.1.3-1.el4.2.x86_64.rpm af5059a0c3ec86f9829002226ea8e9af libungif-progs-4.1.3-1.el4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2974 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3350 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDalryXlSAg2UNWIIRAokdAKCdkqEHnsSs6zW4sfNUwhbiT/kxwwCeIHR8 VSabVe2KHa06YrMi2F0jFKc= =sRMC -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Nov 9 22:54:16 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 Nov 2005 17:54:16 -0500 Subject: [RHSA-2005:835-00] Critical: flash-plugin security update Message-ID: <200511092254.jA9MsIqp030733@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2005:835-00 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-835.html Issue date: 2005-11-09 Updated on: 2005-11-09 Product: Red Hat Enterprise Linux Extras CVE Names: CVE-2005-2628 - --------------------------------------------------------------------- 1. Summary: Updated Macromedia Flash Player packages that fix a security issue are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 Extras - i386 Red Hat Desktop version 3 Extras - i386 Red Hat Enterprise Linux ES version 3 Extras - i386 Red Hat Enterprise Linux WS version 3 Extras - i386 Red Hat Enterprise Linux AS version 4 Extras - i386 Red Hat Desktop version 4 Extras - i386 Red Hat Enterprise Linux ES version 4 Extras - i386 Red Hat Enterprise Linux WS version 4 Extras - i386 3. Problem description: The flash-plugin package contains a Mozilla-compatible Macromedia Flash Player browser plug-in. A buffer overflow bug was discovered in the Macromedia Flash Player. It may be possible to execute arbitrary code on a victim's machine if the victim opens a malicious Macromedia Flash file. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2628 to this issue. Users of Macromedia Flash Player should upgrade to these updated packages, which contain version 7.0.61 and are not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 172731 - CVE-2005-2628 Macromedia Flash buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS version 3 Extras: i386: 3004e90cda5e12d317bfb32c748f89df flash-plugin-7.0.61-1.EL3.i386.rpm Red Hat Desktop version 3 Extras: i386: 3004e90cda5e12d317bfb32c748f89df flash-plugin-7.0.61-1.EL3.i386.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: 3004e90cda5e12d317bfb32c748f89df flash-plugin-7.0.61-1.EL3.i386.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: 3004e90cda5e12d317bfb32c748f89df flash-plugin-7.0.61-1.EL3.i386.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: 3a9df0fb2ff8d58b388cea9a4cb414d5 flash-plugin-7.0.61-1.EL4.i386.rpm Red Hat Desktop version 4 Extras: i386: 3a9df0fb2ff8d58b388cea9a4cb414d5 flash-plugin-7.0.61-1.EL4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: 3a9df0fb2ff8d58b388cea9a4cb414d5 flash-plugin-7.0.61-1.EL4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: 3a9df0fb2ff8d58b388cea9a4cb414d5 flash-plugin-7.0.61-1.EL4.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2628 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDcn4JXlSAg2UNWIIRAiFmAKCDvMkJq0EhpIc9+iW9SmBiQwvThwCgvRco lNSF6gpHqtoDxCR+ksD53JY= =MieB -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 10 19:43:44 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Nov 2005 14:43:44 -0500 Subject: [RHSA-2005:806-01] Low: cpio security update Message-ID: <200511101943.jAAJhkYT010033@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: cpio security update Advisory ID: RHSA-2005:806-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-806.html Issue date: 2005-11-10 Updated on: 2005-11-10 Product: Red Hat Enterprise Linux CVE Names: CVE-1999-1572 CVE-2005-1111 - --------------------------------------------------------------------- 1. Summary: An updated cpio package that fixes multiple issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: GNU cpio copies files into or out of a cpio or tar archive. A race condition bug was found in cpio. It is possible for a local malicious user to modify the permissions of a local file if they have write access to a directory in which a cpio archive is being extracted. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-1111 to this issue. It was discovered that cpio uses a 0 umask when creating files using the -O (archive) option. This creates output files with mode 0666 (all users can read and write) regardless of the user's umask setting. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-1999-1572 to this issue. All users of cpio are advised to upgrade to this updated package, which contains backported fixes for these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 169760 - CVE-2005-1111 Race condition in cpio 172191 - CVE-1999-1572 cpio insecure file creation 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/cpio-2.4.2-25.src.rpm fb1356ef5473ad0fc59ef0e3b1763e25 cpio-2.4.2-25.src.rpm i386: 661957107d50447b2bd13a83713b7d92 cpio-2.4.2-25.i386.rpm ia64: c49084cb373e105cdba632f58c7f2d3f cpio-2.4.2-25.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/cpio-2.4.2-25.src.rpm fb1356ef5473ad0fc59ef0e3b1763e25 cpio-2.4.2-25.src.rpm ia64: c49084cb373e105cdba632f58c7f2d3f cpio-2.4.2-25.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/cpio-2.4.2-25.src.rpm fb1356ef5473ad0fc59ef0e3b1763e25 cpio-2.4.2-25.src.rpm i386: 661957107d50447b2bd13a83713b7d92 cpio-2.4.2-25.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/cpio-2.4.2-25.src.rpm fb1356ef5473ad0fc59ef0e3b1763e25 cpio-2.4.2-25.src.rpm i386: 661957107d50447b2bd13a83713b7d92 cpio-2.4.2-25.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1111 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDc6LmXlSAg2UNWIIRAoLZAJ4jWs9KcCTRX1Y1NjX7zv5dxwma3QCfZfIo ktQnhUiSqKEJojKOpgFfYeM= =hJ7d -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 10 19:44:23 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Nov 2005 14:44:23 -0500 Subject: [RHSA-2005:825-01] Low: lm_sensors security update Message-ID: <200511101944.jAAJiNQj010111@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: lm_sensors security update Advisory ID: RHSA-2005:825-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-825.html Issue date: 2005-11-10 Updated on: 2005-11-10 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-2672 - --------------------------------------------------------------------- 1. Summary: Updated lm_sensors packages that fix an insecure file issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The lm_sensors package includes a collection of modules for general SMBus access and hardware monitoring. This package requires special support which is not in standard version 2.2 kernels. A bug was found in the way the pwmconfig tool creates temporary files. It is possible that a local attacker could leverage this flaw to overwrite arbitrary files located on the system. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2672 to this issue. Users of lm_sensors are advised to upgrade to these updated packages, which contain a backported patch that resolves this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 166672 - CVE-2005-2672 lm_sensors pwmconfig insecure temporary file usage 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/lm_sensors-2.8.7-2.40.3.src.rpm 196630152fb8a0021e695417b2d81abe lm_sensors-2.8.7-2.40.3.src.rpm i386: b7a50e079501018ccef1196551aaef13 lm_sensors-2.8.7-2.40.3.i386.rpm f9aa0903706ad5b78d6fb456e4a73879 lm_sensors-devel-2.8.7-2.40.3.i386.rpm ia64: b7a50e079501018ccef1196551aaef13 lm_sensors-2.8.7-2.40.3.i386.rpm x86_64: b7a50e079501018ccef1196551aaef13 lm_sensors-2.8.7-2.40.3.i386.rpm 71668d4442fa5d9871d4d0197208c1ce lm_sensors-2.8.7-2.40.3.x86_64.rpm 7c52e53754616474eae1d9263eba092c lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/lm_sensors-2.8.7-2.40.3.src.rpm 196630152fb8a0021e695417b2d81abe lm_sensors-2.8.7-2.40.3.src.rpm i386: b7a50e079501018ccef1196551aaef13 lm_sensors-2.8.7-2.40.3.i386.rpm f9aa0903706ad5b78d6fb456e4a73879 lm_sensors-devel-2.8.7-2.40.3.i386.rpm x86_64: b7a50e079501018ccef1196551aaef13 lm_sensors-2.8.7-2.40.3.i386.rpm 71668d4442fa5d9871d4d0197208c1ce lm_sensors-2.8.7-2.40.3.x86_64.rpm 7c52e53754616474eae1d9263eba092c lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/lm_sensors-2.8.7-2.40.3.src.rpm 196630152fb8a0021e695417b2d81abe lm_sensors-2.8.7-2.40.3.src.rpm i386: b7a50e079501018ccef1196551aaef13 lm_sensors-2.8.7-2.40.3.i386.rpm f9aa0903706ad5b78d6fb456e4a73879 lm_sensors-devel-2.8.7-2.40.3.i386.rpm ia64: b7a50e079501018ccef1196551aaef13 lm_sensors-2.8.7-2.40.3.i386.rpm x86_64: b7a50e079501018ccef1196551aaef13 lm_sensors-2.8.7-2.40.3.i386.rpm 71668d4442fa5d9871d4d0197208c1ce lm_sensors-2.8.7-2.40.3.x86_64.rpm 7c52e53754616474eae1d9263eba092c lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/lm_sensors-2.8.7-2.40.3.src.rpm 196630152fb8a0021e695417b2d81abe lm_sensors-2.8.7-2.40.3.src.rpm i386: b7a50e079501018ccef1196551aaef13 lm_sensors-2.8.7-2.40.3.i386.rpm f9aa0903706ad5b78d6fb456e4a73879 lm_sensors-devel-2.8.7-2.40.3.i386.rpm ia64: b7a50e079501018ccef1196551aaef13 lm_sensors-2.8.7-2.40.3.i386.rpm x86_64: b7a50e079501018ccef1196551aaef13 lm_sensors-2.8.7-2.40.3.i386.rpm 71668d4442fa5d9871d4d0197208c1ce lm_sensors-2.8.7-2.40.3.x86_64.rpm 7c52e53754616474eae1d9263eba092c lm_sensors-devel-2.8.7-2.40.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2672 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDc6MIXlSAg2UNWIIRAqLNAJ9UZrBuUOygqph6Vvr/O35kVCtEDwCffjWa AsHCEDmQV76kOo+1fKEYzKo= =D2DR -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 10 19:44:39 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Nov 2005 14:44:39 -0500 Subject: [RHSA-2005:831-01] Moderate: php security update Message-ID: <200511101944.jAAJinZL010187@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2005:831-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-831.html Issue date: 2005-11-10 Updated on: 2005-11-10 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3353 CVE-2005-3388 CVE-2005-3389 CVE-2005-3390 - --------------------------------------------------------------------- 1. Summary: Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A flaw was found in the way PHP registers global variables during a file upload request. A remote attacker could submit a carefully crafted multipart/form-data POST request that would overwrite the $GLOBALS array, altering expected script behavior, and possibly leading to the execution of arbitrary PHP commands. Please note that this vulnerability only affects installations which have register_globals enabled in the PHP configuration file, which is not a default or recommended option. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3390 to this issue. A flaw was found in the PHP parse_str() function. If a PHP script passes only one argument to the parse_str() function, and the script can be forced to abort execution during operation (for example due to the memory_limit setting), the register_globals may be enabled even if it is disabled in the PHP configuration file. This vulnerability only affects installations that have PHP scripts using the parse_str function in this way. (CVE-2005-3389) A Cross-Site Scripting flaw was found in the phpinfo() function. If a victim can be tricked into following a malicious URL to a site with a page displaying the phpinfo() output, it may be possible to inject javascript or HTML content into the displayed page or steal data such as cookies. This vulnerability only affects installations which allow users to view the output of the phpinfo() function. As the phpinfo() function outputs a large amount of information about the current state of PHP, it should only be used during debugging or if protected by authentication. (CVE-2005-3388) A denial of service flaw was found in the way PHP processes EXIF image data. It is possible for an attacker to cause PHP to crash by supplying carefully crafted EXIF image data. (CVE-2005-3353) Users of PHP should upgrade to these updated packages, which contain backported patches that resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 172207 - CVE-2005-3390 PHP register globals arbitrary code execution 172209 - CVE-2005-3389 PHP parse_str can enable register_globals 172212 - CVE-2005-3388 PHP phpinfo() XSS attack 172589 - CVE-2005-3353 PHP exif data DoS 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/php-4.3.2-26.ent.src.rpm d46e8398fdd5b7824c035e1fd1d1da68 php-4.3.2-26.ent.src.rpm i386: d93ec4e3c3f203b201943729c0364ffd php-4.3.2-26.ent.i386.rpm 053003467491195a6e115d51ead1aebd php-devel-4.3.2-26.ent.i386.rpm bf1565d0e0c50902a7d6288ce5bcf579 php-imap-4.3.2-26.ent.i386.rpm 853b0a5358e6e5b9bd25cb4bfa8a67a2 php-ldap-4.3.2-26.ent.i386.rpm 451bd6cbf36b999d99a27709065b8022 php-mysql-4.3.2-26.ent.i386.rpm 22322bb52f035398d2ce7c99776427e3 php-odbc-4.3.2-26.ent.i386.rpm 3a0ddf1eee717e81e4536de19a262915 php-pgsql-4.3.2-26.ent.i386.rpm ia64: bceaf10fe0ba0c7c95c1f01c3c2c2c26 php-4.3.2-26.ent.ia64.rpm 33347cbad2ebf3f8ec25c4f39488c3aa php-devel-4.3.2-26.ent.ia64.rpm 0272cc5dc65035ff67d11b191b0eb132 php-imap-4.3.2-26.ent.ia64.rpm 2c8414b3b43f806065de630e4b24850a php-ldap-4.3.2-26.ent.ia64.rpm 3c82d4485790e149eb89c6692cc11438 php-mysql-4.3.2-26.ent.ia64.rpm 0856e5a1db31cadd22b9afc485fe9f41 php-odbc-4.3.2-26.ent.ia64.rpm 70cf8e4f495021d8bcd178ef050a380f php-pgsql-4.3.2-26.ent.ia64.rpm ppc: c9cacbe8f9af60a7b8d8b694f66bdd97 php-4.3.2-26.ent.ppc.rpm ab3438a10e9d75c2983716a366b40dad php-devel-4.3.2-26.ent.ppc.rpm 2760b4df66a293054afc9f7c548a9f39 php-imap-4.3.2-26.ent.ppc.rpm 778f66821c4221ada23408018e851e64 php-ldap-4.3.2-26.ent.ppc.rpm b6d3f51255a5c19c2c21e5db451108cb php-mysql-4.3.2-26.ent.ppc.rpm dd8198ffc35d1c444f2c37cd5b52d7e3 php-odbc-4.3.2-26.ent.ppc.rpm be3baaa3d577953956ae84e71dbf92fe php-pgsql-4.3.2-26.ent.ppc.rpm s390: 0d8655a2d4ada8b43aa069fc7281a4bb php-4.3.2-26.ent.s390.rpm 1a02dbeb07ed152e80a365d2fea3d543 php-devel-4.3.2-26.ent.s390.rpm d880db28130375e82bc78abde75bcd7e php-imap-4.3.2-26.ent.s390.rpm dd97855b16bb9db0fd6439bcb699c477 php-ldap-4.3.2-26.ent.s390.rpm e7dbcb83120a51ebba485f4cbbc43f50 php-mysql-4.3.2-26.ent.s390.rpm a84ba06a5053db4074eadbbc6da72361 php-odbc-4.3.2-26.ent.s390.rpm 42df4a8dfd2ec10ad0081fa541f5ad68 php-pgsql-4.3.2-26.ent.s390.rpm s390x: 66f783b90235bad52971f7b6b8325cae php-4.3.2-26.ent.s390x.rpm f88355fae4b772a00ca7c085a819e9c5 php-devel-4.3.2-26.ent.s390x.rpm fc70ce66b38d5e6c46867985cb4588d8 php-imap-4.3.2-26.ent.s390x.rpm a8b561fd412269831bc44f4db64571ae php-ldap-4.3.2-26.ent.s390x.rpm db71f01094bd949c14b6e8ae55d15f50 php-mysql-4.3.2-26.ent.s390x.rpm 3ad660c7e71845f10bb81dad49a096d1 php-odbc-4.3.2-26.ent.s390x.rpm 6878954b18c5e8f45e0cded465818a40 php-pgsql-4.3.2-26.ent.s390x.rpm x86_64: 1f6ad6872aa68c65fe129ffd0ebae3c7 php-4.3.2-26.ent.x86_64.rpm f767a494e0124ff0b4db922acc00d205 php-devel-4.3.2-26.ent.x86_64.rpm 21ef0dfa84983afb4d97031e84e3d331 php-imap-4.3.2-26.ent.x86_64.rpm 284bcd98fe1b9280c025372f480d0e0c php-ldap-4.3.2-26.ent.x86_64.rpm da7cb0a6caafd4c1b5e0a0ab280c7b68 php-mysql-4.3.2-26.ent.x86_64.rpm a41070197293f10cd69fdc0eca53d8b5 php-odbc-4.3.2-26.ent.x86_64.rpm 733a7d34cf81a8d36c6677f70798c8f2 php-pgsql-4.3.2-26.ent.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/php-4.3.2-26.ent.src.rpm d46e8398fdd5b7824c035e1fd1d1da68 php-4.3.2-26.ent.src.rpm i386: d93ec4e3c3f203b201943729c0364ffd php-4.3.2-26.ent.i386.rpm 053003467491195a6e115d51ead1aebd php-devel-4.3.2-26.ent.i386.rpm bf1565d0e0c50902a7d6288ce5bcf579 php-imap-4.3.2-26.ent.i386.rpm 853b0a5358e6e5b9bd25cb4bfa8a67a2 php-ldap-4.3.2-26.ent.i386.rpm 451bd6cbf36b999d99a27709065b8022 php-mysql-4.3.2-26.ent.i386.rpm 22322bb52f035398d2ce7c99776427e3 php-odbc-4.3.2-26.ent.i386.rpm 3a0ddf1eee717e81e4536de19a262915 php-pgsql-4.3.2-26.ent.i386.rpm x86_64: 1f6ad6872aa68c65fe129ffd0ebae3c7 php-4.3.2-26.ent.x86_64.rpm f767a494e0124ff0b4db922acc00d205 php-devel-4.3.2-26.ent.x86_64.rpm 21ef0dfa84983afb4d97031e84e3d331 php-imap-4.3.2-26.ent.x86_64.rpm 284bcd98fe1b9280c025372f480d0e0c php-ldap-4.3.2-26.ent.x86_64.rpm da7cb0a6caafd4c1b5e0a0ab280c7b68 php-mysql-4.3.2-26.ent.x86_64.rpm a41070197293f10cd69fdc0eca53d8b5 php-odbc-4.3.2-26.ent.x86_64.rpm 733a7d34cf81a8d36c6677f70798c8f2 php-pgsql-4.3.2-26.ent.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/php-4.3.2-26.ent.src.rpm d46e8398fdd5b7824c035e1fd1d1da68 php-4.3.2-26.ent.src.rpm i386: d93ec4e3c3f203b201943729c0364ffd php-4.3.2-26.ent.i386.rpm 053003467491195a6e115d51ead1aebd php-devel-4.3.2-26.ent.i386.rpm bf1565d0e0c50902a7d6288ce5bcf579 php-imap-4.3.2-26.ent.i386.rpm 853b0a5358e6e5b9bd25cb4bfa8a67a2 php-ldap-4.3.2-26.ent.i386.rpm 451bd6cbf36b999d99a27709065b8022 php-mysql-4.3.2-26.ent.i386.rpm 22322bb52f035398d2ce7c99776427e3 php-odbc-4.3.2-26.ent.i386.rpm 3a0ddf1eee717e81e4536de19a262915 php-pgsql-4.3.2-26.ent.i386.rpm ia64: bceaf10fe0ba0c7c95c1f01c3c2c2c26 php-4.3.2-26.ent.ia64.rpm 33347cbad2ebf3f8ec25c4f39488c3aa php-devel-4.3.2-26.ent.ia64.rpm 0272cc5dc65035ff67d11b191b0eb132 php-imap-4.3.2-26.ent.ia64.rpm 2c8414b3b43f806065de630e4b24850a php-ldap-4.3.2-26.ent.ia64.rpm 3c82d4485790e149eb89c6692cc11438 php-mysql-4.3.2-26.ent.ia64.rpm 0856e5a1db31cadd22b9afc485fe9f41 php-odbc-4.3.2-26.ent.ia64.rpm 70cf8e4f495021d8bcd178ef050a380f php-pgsql-4.3.2-26.ent.ia64.rpm x86_64: 1f6ad6872aa68c65fe129ffd0ebae3c7 php-4.3.2-26.ent.x86_64.rpm f767a494e0124ff0b4db922acc00d205 php-devel-4.3.2-26.ent.x86_64.rpm 21ef0dfa84983afb4d97031e84e3d331 php-imap-4.3.2-26.ent.x86_64.rpm 284bcd98fe1b9280c025372f480d0e0c php-ldap-4.3.2-26.ent.x86_64.rpm da7cb0a6caafd4c1b5e0a0ab280c7b68 php-mysql-4.3.2-26.ent.x86_64.rpm a41070197293f10cd69fdc0eca53d8b5 php-odbc-4.3.2-26.ent.x86_64.rpm 733a7d34cf81a8d36c6677f70798c8f2 php-pgsql-4.3.2-26.ent.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/php-4.3.2-26.ent.src.rpm d46e8398fdd5b7824c035e1fd1d1da68 php-4.3.2-26.ent.src.rpm i386: d93ec4e3c3f203b201943729c0364ffd php-4.3.2-26.ent.i386.rpm 053003467491195a6e115d51ead1aebd php-devel-4.3.2-26.ent.i386.rpm bf1565d0e0c50902a7d6288ce5bcf579 php-imap-4.3.2-26.ent.i386.rpm 853b0a5358e6e5b9bd25cb4bfa8a67a2 php-ldap-4.3.2-26.ent.i386.rpm 451bd6cbf36b999d99a27709065b8022 php-mysql-4.3.2-26.ent.i386.rpm 22322bb52f035398d2ce7c99776427e3 php-odbc-4.3.2-26.ent.i386.rpm 3a0ddf1eee717e81e4536de19a262915 php-pgsql-4.3.2-26.ent.i386.rpm ia64: bceaf10fe0ba0c7c95c1f01c3c2c2c26 php-4.3.2-26.ent.ia64.rpm 33347cbad2ebf3f8ec25c4f39488c3aa php-devel-4.3.2-26.ent.ia64.rpm 0272cc5dc65035ff67d11b191b0eb132 php-imap-4.3.2-26.ent.ia64.rpm 2c8414b3b43f806065de630e4b24850a php-ldap-4.3.2-26.ent.ia64.rpm 3c82d4485790e149eb89c6692cc11438 php-mysql-4.3.2-26.ent.ia64.rpm 0856e5a1db31cadd22b9afc485fe9f41 php-odbc-4.3.2-26.ent.ia64.rpm 70cf8e4f495021d8bcd178ef050a380f php-pgsql-4.3.2-26.ent.ia64.rpm x86_64: 1f6ad6872aa68c65fe129ffd0ebae3c7 php-4.3.2-26.ent.x86_64.rpm f767a494e0124ff0b4db922acc00d205 php-devel-4.3.2-26.ent.x86_64.rpm 21ef0dfa84983afb4d97031e84e3d331 php-imap-4.3.2-26.ent.x86_64.rpm 284bcd98fe1b9280c025372f480d0e0c php-ldap-4.3.2-26.ent.x86_64.rpm da7cb0a6caafd4c1b5e0a0ab280c7b68 php-mysql-4.3.2-26.ent.x86_64.rpm a41070197293f10cd69fdc0eca53d8b5 php-odbc-4.3.2-26.ent.x86_64.rpm 733a7d34cf81a8d36c6677f70798c8f2 php-pgsql-4.3.2-26.ent.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/php-4.3.9-3.9.src.rpm 7493ae509d6129a32c5ce3bd998fd68a php-4.3.9-3.9.src.rpm i386: 3a0734832da6be3b2f1e910ceee773f4 php-4.3.9-3.9.i386.rpm a256cc6a4dd5ee99ffd683da89beb1ac php-devel-4.3.9-3.9.i386.rpm 335d54777f27ef02576cc0a7adf5af56 php-domxml-4.3.9-3.9.i386.rpm ea53e838519685d493612d0bbf2a67dc php-gd-4.3.9-3.9.i386.rpm bb141447a9e98510ffc25abdf4e9006e php-imap-4.3.9-3.9.i386.rpm 195e680107e9a1d40abf07fbc80ed865 php-ldap-4.3.9-3.9.i386.rpm a0c41be5a1bda27540f43a8107fb6939 php-mbstring-4.3.9-3.9.i386.rpm 3da385c562d5c3beb8520699d84b198b php-mysql-4.3.9-3.9.i386.rpm 8ff6dd7a0951d83c43a5fe17e88ec088 php-ncurses-4.3.9-3.9.i386.rpm 1c111fb9b5175448b6952a94197631c6 php-odbc-4.3.9-3.9.i386.rpm d1c4e5b4030588a941508940d75d41ed php-pear-4.3.9-3.9.i386.rpm a5996fcc6334eedb9dc2f77301c7e026 php-pgsql-4.3.9-3.9.i386.rpm b1e993a096b30326e5ccf76661f29d08 php-snmp-4.3.9-3.9.i386.rpm c43ee16df0d60804d762a5dbdb5a67eb php-xmlrpc-4.3.9-3.9.i386.rpm ia64: 38c446f563ccade410b70440b8b67677 php-4.3.9-3.9.ia64.rpm 6aabf55df846c96c72b236f2632dc966 php-devel-4.3.9-3.9.ia64.rpm c23e8d86007cad9a7823c1dc0e3d155e php-domxml-4.3.9-3.9.ia64.rpm 19c46d57b82b105a0c2666508206d375 php-gd-4.3.9-3.9.ia64.rpm ad908e367fcee4cc061043157df6b126 php-imap-4.3.9-3.9.ia64.rpm a266652f6bbc80d40d16a1356226e325 php-ldap-4.3.9-3.9.ia64.rpm 195d5c8df90f8f368aa25beb0746f9ee php-mbstring-4.3.9-3.9.ia64.rpm 05dddd1f73ad1dd682eed2143d9dfb35 php-mysql-4.3.9-3.9.ia64.rpm e000540478ca795e05ca1cc4e2087194 php-ncurses-4.3.9-3.9.ia64.rpm 8fd55a417536a3068467d6450b02f70e php-odbc-4.3.9-3.9.ia64.rpm eb33f45a81e1fbf0470cf52fb11dcd87 php-pear-4.3.9-3.9.ia64.rpm 7b7cd7373a87c1eff02e89b3acbe754c php-pgsql-4.3.9-3.9.ia64.rpm da5bea293e9d6254998719f12a6c1e7f php-snmp-4.3.9-3.9.ia64.rpm 7440c3dbf7b7850e43efb2f094e87970 php-xmlrpc-4.3.9-3.9.ia64.rpm ppc: d4dac54549328cf2ff8bc5ae0d824e61 php-4.3.9-3.9.ppc.rpm 9c620f638a126eb2c8af88ce98c57f7d php-devel-4.3.9-3.9.ppc.rpm d3225c82fa9620b32f992809d428f914 php-domxml-4.3.9-3.9.ppc.rpm d6ed5fdda80868cba05deca4a17b5bd1 php-gd-4.3.9-3.9.ppc.rpm 1ead9724f6db9b85b0557f4bbe325c67 php-imap-4.3.9-3.9.ppc.rpm 2e5a8fc1abf984fd633790c9262b18de php-ldap-4.3.9-3.9.ppc.rpm 48099e091ec856cf07e113a42fa86aa5 php-mbstring-4.3.9-3.9.ppc.rpm 3c5f6267d377927eab8d8f661dd35f31 php-mysql-4.3.9-3.9.ppc.rpm 642f49e77bdde84fa27e38c4c2c8ca3a php-ncurses-4.3.9-3.9.ppc.rpm 08628cc16fe3d543571e065dfb9ca40a php-odbc-4.3.9-3.9.ppc.rpm 538447d84fab27658b72aa86a87904b0 php-pear-4.3.9-3.9.ppc.rpm 5ddb04a978ed936b2135445e7c8f29f8 php-pgsql-4.3.9-3.9.ppc.rpm 250c8919ecdebbed3681a406ba774584 php-snmp-4.3.9-3.9.ppc.rpm 0b0c0a49a7563d4ce8e53fecf92f54c1 php-xmlrpc-4.3.9-3.9.ppc.rpm s390: 6c26a422564613c8594fa0e7411c6805 php-4.3.9-3.9.s390.rpm 7e77ba77044e0e61aa7163086ef7868a php-devel-4.3.9-3.9.s390.rpm 5facdb7246b38e6d4ff6f98100aeade4 php-domxml-4.3.9-3.9.s390.rpm a4e5e0a0fa51439242914c23c69e1d21 php-gd-4.3.9-3.9.s390.rpm 271f1b11e28ec5db32107eb507d19114 php-imap-4.3.9-3.9.s390.rpm 7e8cdf3fa15616356e3a42023ed23316 php-ldap-4.3.9-3.9.s390.rpm 03359db5632cef53985230794f086ce1 php-mbstring-4.3.9-3.9.s390.rpm 5f32c8c3ba6f802bd7d28c2ae962d21b php-mysql-4.3.9-3.9.s390.rpm 2d174148612c679e9fe3e2f98df1ebe7 php-ncurses-4.3.9-3.9.s390.rpm f5116f15e905f8def2ed9a624d360653 php-odbc-4.3.9-3.9.s390.rpm daf5cd69c63cc742a208282a28d526e0 php-pear-4.3.9-3.9.s390.rpm f3ac3d57b259e887ed590a8414052e7a php-pgsql-4.3.9-3.9.s390.rpm 666903bf6b1beedbd70f883caf143c58 php-snmp-4.3.9-3.9.s390.rpm e8e180dacc0d658830d49d2da6419064 php-xmlrpc-4.3.9-3.9.s390.rpm s390x: 8cd00f6b90019e7f29f01d6831485250 php-4.3.9-3.9.s390x.rpm ab838be9e5b90d5577b65937943e43c7 php-devel-4.3.9-3.9.s390x.rpm 75dde8adeb07fd1567cee1140e45ae15 php-domxml-4.3.9-3.9.s390x.rpm ce08a6ccecb56572e9d71f2ec0de396e php-gd-4.3.9-3.9.s390x.rpm 903d2201f39da2474bcba6257552681c php-imap-4.3.9-3.9.s390x.rpm fe13abbc3b945a287c17ab65f805765a php-ldap-4.3.9-3.9.s390x.rpm 8d197539a796d266189f986f343b76e0 php-mbstring-4.3.9-3.9.s390x.rpm 561417a7e995cec1d2a93da8a9d385d2 php-mysql-4.3.9-3.9.s390x.rpm 039ccd184163ac72eef384ee9a097aa0 php-ncurses-4.3.9-3.9.s390x.rpm 07a86f95ee41f31945e3af392cae3af4 php-odbc-4.3.9-3.9.s390x.rpm 968f65375285a0d3673d08a9d4a883d6 php-pear-4.3.9-3.9.s390x.rpm 05c4f42f1b464bfae4e79c9e1c8a6e37 php-pgsql-4.3.9-3.9.s390x.rpm 995be28f2c93c3dbe67119e2791bbfd0 php-snmp-4.3.9-3.9.s390x.rpm 7729607b5682629acf4e8d4d727bcba7 php-xmlrpc-4.3.9-3.9.s390x.rpm x86_64: 90ee43072ba7a774e58abb90e0a24d30 php-4.3.9-3.9.x86_64.rpm 2b41833c26f7565b5bcda0d103a33ae3 php-devel-4.3.9-3.9.x86_64.rpm 31e98b8c2e7f30ec8de06b7d9306d9b3 php-domxml-4.3.9-3.9.x86_64.rpm 8aab7ae77993e0149530933138814858 php-gd-4.3.9-3.9.x86_64.rpm fe18be11ce81f6b29f284ec70ab10bef php-imap-4.3.9-3.9.x86_64.rpm 687498617112998740fad6217c2c380b php-ldap-4.3.9-3.9.x86_64.rpm 559f653ca43e45b9ffa8f22ea0302b96 php-mbstring-4.3.9-3.9.x86_64.rpm 0db17be2a498a79be41d4ac195b090a4 php-mysql-4.3.9-3.9.x86_64.rpm 928912c4585003aa93b185c84578ab54 php-ncurses-4.3.9-3.9.x86_64.rpm e38dd82d8ec5457c0273f81eb7744878 php-odbc-4.3.9-3.9.x86_64.rpm 5402c1d977225f0ca154326d08781a3c php-pear-4.3.9-3.9.x86_64.rpm b23f844669f5bedfaeca5b36f715bdea php-pgsql-4.3.9-3.9.x86_64.rpm 3faae8587aa351f95cf814077650d76c php-snmp-4.3.9-3.9.x86_64.rpm cb1b67f5ba3412b48f447ed610d2612b php-xmlrpc-4.3.9-3.9.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/php-4.3.9-3.9.src.rpm 7493ae509d6129a32c5ce3bd998fd68a php-4.3.9-3.9.src.rpm i386: 3a0734832da6be3b2f1e910ceee773f4 php-4.3.9-3.9.i386.rpm a256cc6a4dd5ee99ffd683da89beb1ac php-devel-4.3.9-3.9.i386.rpm 335d54777f27ef02576cc0a7adf5af56 php-domxml-4.3.9-3.9.i386.rpm ea53e838519685d493612d0bbf2a67dc php-gd-4.3.9-3.9.i386.rpm bb141447a9e98510ffc25abdf4e9006e php-imap-4.3.9-3.9.i386.rpm 195e680107e9a1d40abf07fbc80ed865 php-ldap-4.3.9-3.9.i386.rpm a0c41be5a1bda27540f43a8107fb6939 php-mbstring-4.3.9-3.9.i386.rpm 3da385c562d5c3beb8520699d84b198b php-mysql-4.3.9-3.9.i386.rpm 8ff6dd7a0951d83c43a5fe17e88ec088 php-ncurses-4.3.9-3.9.i386.rpm 1c111fb9b5175448b6952a94197631c6 php-odbc-4.3.9-3.9.i386.rpm d1c4e5b4030588a941508940d75d41ed php-pear-4.3.9-3.9.i386.rpm a5996fcc6334eedb9dc2f77301c7e026 php-pgsql-4.3.9-3.9.i386.rpm b1e993a096b30326e5ccf76661f29d08 php-snmp-4.3.9-3.9.i386.rpm c43ee16df0d60804d762a5dbdb5a67eb php-xmlrpc-4.3.9-3.9.i386.rpm x86_64: 90ee43072ba7a774e58abb90e0a24d30 php-4.3.9-3.9.x86_64.rpm 2b41833c26f7565b5bcda0d103a33ae3 php-devel-4.3.9-3.9.x86_64.rpm 31e98b8c2e7f30ec8de06b7d9306d9b3 php-domxml-4.3.9-3.9.x86_64.rpm 8aab7ae77993e0149530933138814858 php-gd-4.3.9-3.9.x86_64.rpm fe18be11ce81f6b29f284ec70ab10bef php-imap-4.3.9-3.9.x86_64.rpm 687498617112998740fad6217c2c380b php-ldap-4.3.9-3.9.x86_64.rpm 559f653ca43e45b9ffa8f22ea0302b96 php-mbstring-4.3.9-3.9.x86_64.rpm 0db17be2a498a79be41d4ac195b090a4 php-mysql-4.3.9-3.9.x86_64.rpm 928912c4585003aa93b185c84578ab54 php-ncurses-4.3.9-3.9.x86_64.rpm e38dd82d8ec5457c0273f81eb7744878 php-odbc-4.3.9-3.9.x86_64.rpm 5402c1d977225f0ca154326d08781a3c php-pear-4.3.9-3.9.x86_64.rpm b23f844669f5bedfaeca5b36f715bdea php-pgsql-4.3.9-3.9.x86_64.rpm 3faae8587aa351f95cf814077650d76c php-snmp-4.3.9-3.9.x86_64.rpm cb1b67f5ba3412b48f447ed610d2612b php-xmlrpc-4.3.9-3.9.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/php-4.3.9-3.9.src.rpm 7493ae509d6129a32c5ce3bd998fd68a php-4.3.9-3.9.src.rpm i386: 3a0734832da6be3b2f1e910ceee773f4 php-4.3.9-3.9.i386.rpm a256cc6a4dd5ee99ffd683da89beb1ac php-devel-4.3.9-3.9.i386.rpm 335d54777f27ef02576cc0a7adf5af56 php-domxml-4.3.9-3.9.i386.rpm ea53e838519685d493612d0bbf2a67dc php-gd-4.3.9-3.9.i386.rpm bb141447a9e98510ffc25abdf4e9006e php-imap-4.3.9-3.9.i386.rpm 195e680107e9a1d40abf07fbc80ed865 php-ldap-4.3.9-3.9.i386.rpm a0c41be5a1bda27540f43a8107fb6939 php-mbstring-4.3.9-3.9.i386.rpm 3da385c562d5c3beb8520699d84b198b php-mysql-4.3.9-3.9.i386.rpm 8ff6dd7a0951d83c43a5fe17e88ec088 php-ncurses-4.3.9-3.9.i386.rpm 1c111fb9b5175448b6952a94197631c6 php-odbc-4.3.9-3.9.i386.rpm d1c4e5b4030588a941508940d75d41ed php-pear-4.3.9-3.9.i386.rpm a5996fcc6334eedb9dc2f77301c7e026 php-pgsql-4.3.9-3.9.i386.rpm b1e993a096b30326e5ccf76661f29d08 php-snmp-4.3.9-3.9.i386.rpm c43ee16df0d60804d762a5dbdb5a67eb php-xmlrpc-4.3.9-3.9.i386.rpm ia64: 38c446f563ccade410b70440b8b67677 php-4.3.9-3.9.ia64.rpm 6aabf55df846c96c72b236f2632dc966 php-devel-4.3.9-3.9.ia64.rpm c23e8d86007cad9a7823c1dc0e3d155e php-domxml-4.3.9-3.9.ia64.rpm 19c46d57b82b105a0c2666508206d375 php-gd-4.3.9-3.9.ia64.rpm ad908e367fcee4cc061043157df6b126 php-imap-4.3.9-3.9.ia64.rpm a266652f6bbc80d40d16a1356226e325 php-ldap-4.3.9-3.9.ia64.rpm 195d5c8df90f8f368aa25beb0746f9ee php-mbstring-4.3.9-3.9.ia64.rpm 05dddd1f73ad1dd682eed2143d9dfb35 php-mysql-4.3.9-3.9.ia64.rpm e000540478ca795e05ca1cc4e2087194 php-ncurses-4.3.9-3.9.ia64.rpm 8fd55a417536a3068467d6450b02f70e php-odbc-4.3.9-3.9.ia64.rpm eb33f45a81e1fbf0470cf52fb11dcd87 php-pear-4.3.9-3.9.ia64.rpm 7b7cd7373a87c1eff02e89b3acbe754c php-pgsql-4.3.9-3.9.ia64.rpm da5bea293e9d6254998719f12a6c1e7f php-snmp-4.3.9-3.9.ia64.rpm 7440c3dbf7b7850e43efb2f094e87970 php-xmlrpc-4.3.9-3.9.ia64.rpm x86_64: 90ee43072ba7a774e58abb90e0a24d30 php-4.3.9-3.9.x86_64.rpm 2b41833c26f7565b5bcda0d103a33ae3 php-devel-4.3.9-3.9.x86_64.rpm 31e98b8c2e7f30ec8de06b7d9306d9b3 php-domxml-4.3.9-3.9.x86_64.rpm 8aab7ae77993e0149530933138814858 php-gd-4.3.9-3.9.x86_64.rpm fe18be11ce81f6b29f284ec70ab10bef php-imap-4.3.9-3.9.x86_64.rpm 687498617112998740fad6217c2c380b php-ldap-4.3.9-3.9.x86_64.rpm 559f653ca43e45b9ffa8f22ea0302b96 php-mbstring-4.3.9-3.9.x86_64.rpm 0db17be2a498a79be41d4ac195b090a4 php-mysql-4.3.9-3.9.x86_64.rpm 928912c4585003aa93b185c84578ab54 php-ncurses-4.3.9-3.9.x86_64.rpm e38dd82d8ec5457c0273f81eb7744878 php-odbc-4.3.9-3.9.x86_64.rpm 5402c1d977225f0ca154326d08781a3c php-pear-4.3.9-3.9.x86_64.rpm b23f844669f5bedfaeca5b36f715bdea php-pgsql-4.3.9-3.9.x86_64.rpm 3faae8587aa351f95cf814077650d76c php-snmp-4.3.9-3.9.x86_64.rpm cb1b67f5ba3412b48f447ed610d2612b php-xmlrpc-4.3.9-3.9.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/php-4.3.9-3.9.src.rpm 7493ae509d6129a32c5ce3bd998fd68a php-4.3.9-3.9.src.rpm i386: 3a0734832da6be3b2f1e910ceee773f4 php-4.3.9-3.9.i386.rpm a256cc6a4dd5ee99ffd683da89beb1ac php-devel-4.3.9-3.9.i386.rpm 335d54777f27ef02576cc0a7adf5af56 php-domxml-4.3.9-3.9.i386.rpm ea53e838519685d493612d0bbf2a67dc php-gd-4.3.9-3.9.i386.rpm bb141447a9e98510ffc25abdf4e9006e php-imap-4.3.9-3.9.i386.rpm 195e680107e9a1d40abf07fbc80ed865 php-ldap-4.3.9-3.9.i386.rpm a0c41be5a1bda27540f43a8107fb6939 php-mbstring-4.3.9-3.9.i386.rpm 3da385c562d5c3beb8520699d84b198b php-mysql-4.3.9-3.9.i386.rpm 8ff6dd7a0951d83c43a5fe17e88ec088 php-ncurses-4.3.9-3.9.i386.rpm 1c111fb9b5175448b6952a94197631c6 php-odbc-4.3.9-3.9.i386.rpm d1c4e5b4030588a941508940d75d41ed php-pear-4.3.9-3.9.i386.rpm a5996fcc6334eedb9dc2f77301c7e026 php-pgsql-4.3.9-3.9.i386.rpm b1e993a096b30326e5ccf76661f29d08 php-snmp-4.3.9-3.9.i386.rpm c43ee16df0d60804d762a5dbdb5a67eb php-xmlrpc-4.3.9-3.9.i386.rpm ia64: 38c446f563ccade410b70440b8b67677 php-4.3.9-3.9.ia64.rpm 6aabf55df846c96c72b236f2632dc966 php-devel-4.3.9-3.9.ia64.rpm c23e8d86007cad9a7823c1dc0e3d155e php-domxml-4.3.9-3.9.ia64.rpm 19c46d57b82b105a0c2666508206d375 php-gd-4.3.9-3.9.ia64.rpm ad908e367fcee4cc061043157df6b126 php-imap-4.3.9-3.9.ia64.rpm a266652f6bbc80d40d16a1356226e325 php-ldap-4.3.9-3.9.ia64.rpm 195d5c8df90f8f368aa25beb0746f9ee php-mbstring-4.3.9-3.9.ia64.rpm 05dddd1f73ad1dd682eed2143d9dfb35 php-mysql-4.3.9-3.9.ia64.rpm e000540478ca795e05ca1cc4e2087194 php-ncurses-4.3.9-3.9.ia64.rpm 8fd55a417536a3068467d6450b02f70e php-odbc-4.3.9-3.9.ia64.rpm eb33f45a81e1fbf0470cf52fb11dcd87 php-pear-4.3.9-3.9.ia64.rpm 7b7cd7373a87c1eff02e89b3acbe754c php-pgsql-4.3.9-3.9.ia64.rpm da5bea293e9d6254998719f12a6c1e7f php-snmp-4.3.9-3.9.ia64.rpm 7440c3dbf7b7850e43efb2f094e87970 php-xmlrpc-4.3.9-3.9.ia64.rpm x86_64: 90ee43072ba7a774e58abb90e0a24d30 php-4.3.9-3.9.x86_64.rpm 2b41833c26f7565b5bcda0d103a33ae3 php-devel-4.3.9-3.9.x86_64.rpm 31e98b8c2e7f30ec8de06b7d9306d9b3 php-domxml-4.3.9-3.9.x86_64.rpm 8aab7ae77993e0149530933138814858 php-gd-4.3.9-3.9.x86_64.rpm fe18be11ce81f6b29f284ec70ab10bef php-imap-4.3.9-3.9.x86_64.rpm 687498617112998740fad6217c2c380b php-ldap-4.3.9-3.9.x86_64.rpm 559f653ca43e45b9ffa8f22ea0302b96 php-mbstring-4.3.9-3.9.x86_64.rpm 0db17be2a498a79be41d4ac195b090a4 php-mysql-4.3.9-3.9.x86_64.rpm 928912c4585003aa93b185c84578ab54 php-ncurses-4.3.9-3.9.x86_64.rpm e38dd82d8ec5457c0273f81eb7744878 php-odbc-4.3.9-3.9.x86_64.rpm 5402c1d977225f0ca154326d08781a3c php-pear-4.3.9-3.9.x86_64.rpm b23f844669f5bedfaeca5b36f715bdea php-pgsql-4.3.9-3.9.x86_64.rpm 3faae8587aa351f95cf814077650d76c php-snmp-4.3.9-3.9.x86_64.rpm cb1b67f5ba3412b48f447ed610d2612b php-xmlrpc-4.3.9-3.9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3353 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDc6MlXlSAg2UNWIIRAkeBAJ0e7Hf9SlqYHPSHD+Da4iQEJ1fVggCeJRA/ vL+EPs+i+ZeUBo7oDxxRN0c= =gQiN -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Nov 10 19:45:03 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Nov 2005 14:45:03 -0500 Subject: [RHSA-2005:838-01] Moderate: php security update Message-ID: <200511101945.jAAJjBCR010217@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2005:838-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-838.html Issue date: 2005-11-10 Updated on: 2005-11-10 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3388 CVE-2005-3389 CVE-2005-3390 - --------------------------------------------------------------------- 1. Summary: Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1 This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A flaw was found in the way PHP registers global variables during a file upload request. A remote attacker could submit a carefully crafted multipart/form-data POST request that would overwrite the $GLOBALS array, altering expected script behavior, and possibly leading to the execution of arbitrary PHP commands. Note that this vulnerability only affects installations which have register_globals enabled in the PHP configuration file, which is not a default or recommended option. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3390 to this issue. A flaw was found in the PHP parse_str() function. If a PHP script passes only one argument to the parse_str() function, and the script can be forced to abort execution during operation (for example due to the memory_limit setting), the register_globals may be enabled even if it is disabled in the PHP configuration file. This vulnerability only affects installations that have PHP scripts using the parse_str function in this way. (CVE-2005-3389) A Cross-Site Scripting flaw was found in the phpinfo() function. If a victim can be tricked into following a malicious URL to a site with a page displaying the phpinfo() output, it may be possible to inject javascript or HTML content into the displayed page or steal data such as cookies. This vulnerability only affects installations which allow users to view the output of the phpinfo() function. As the phpinfo() function outputs a large amount of information about the current state of PHP, it should only be used during debugging or if protected by authentication. (CVE-2005-3388) Additionally, a bug introduced in the updates to fix CVE-2004-1019 has been corrected. Users of PHP should upgrade to these updated packages, which contain backported patches that resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 150778 - issue in fix for CAN-2004-1019 172207 - CVE-2005-3390 PHP register globals arbitrary code execution 172209 - CVE-2005-3389 PHP parse_str can enable register_globals 172212 - CVE-2005-3388 PHP phpinfo() XSS attack 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/php-4.1.2-2.3.src.rpm 5886716b98a26c634a47ccdae93b2376 php-4.1.2-2.3.src.rpm i386: 1307e0df5575fe3fe0f504fa856a5213 php-4.1.2-2.3.i386.rpm d13142fa106a04e49b2ad3e072a553bb php-devel-4.1.2-2.3.i386.rpm 02289114da87f3ab414635cabfa9aa4e php-imap-4.1.2-2.3.i386.rpm b6cc703eecf0a75bd51ada87c24086e9 php-ldap-4.1.2-2.3.i386.rpm cdb35266ca56df967ff79faa39043fe3 php-manual-4.1.2-2.3.i386.rpm 18684ae7a20e829f7c3f6858028df123 php-mysql-4.1.2-2.3.i386.rpm 10c39ba29c0e04bf23fa05f4fb068334 php-odbc-4.1.2-2.3.i386.rpm e531eea461e475eef5f282d345335a9c php-pgsql-4.1.2-2.3.i386.rpm ia64: d0d09ee077240bf6cc9b183dba8a262a php-4.1.2-2.3.ia64.rpm 9e8911159b49c09d1c8c4ac0a76b0c5f php-devel-4.1.2-2.3.ia64.rpm 72a8934072f5998304da4da594839ec2 php-imap-4.1.2-2.3.ia64.rpm 29c9dfebe06c8990d7f25bd121233bb6 php-ldap-4.1.2-2.3.ia64.rpm e8c417f675129a4ae2253c1b7425a998 php-manual-4.1.2-2.3.ia64.rpm 5942a9f44723e1ba0a6514f9a29a409a php-mysql-4.1.2-2.3.ia64.rpm 5bddd0395d572dd424fa5809c4cd1be3 php-odbc-4.1.2-2.3.ia64.rpm ddf9f178c22cd9b785ef6393c3067bcd php-pgsql-4.1.2-2.3.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/php-4.1.2-2.3.src.rpm 5886716b98a26c634a47ccdae93b2376 php-4.1.2-2.3.src.rpm ia64: d0d09ee077240bf6cc9b183dba8a262a php-4.1.2-2.3.ia64.rpm 9e8911159b49c09d1c8c4ac0a76b0c5f php-devel-4.1.2-2.3.ia64.rpm 72a8934072f5998304da4da594839ec2 php-imap-4.1.2-2.3.ia64.rpm 29c9dfebe06c8990d7f25bd121233bb6 php-ldap-4.1.2-2.3.ia64.rpm e8c417f675129a4ae2253c1b7425a998 php-manual-4.1.2-2.3.ia64.rpm 5942a9f44723e1ba0a6514f9a29a409a php-mysql-4.1.2-2.3.ia64.rpm 5bddd0395d572dd424fa5809c4cd1be3 php-odbc-4.1.2-2.3.ia64.rpm ddf9f178c22cd9b785ef6393c3067bcd php-pgsql-4.1.2-2.3.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/php-4.1.2-2.3.src.rpm 5886716b98a26c634a47ccdae93b2376 php-4.1.2-2.3.src.rpm i386: 1307e0df5575fe3fe0f504fa856a5213 php-4.1.2-2.3.i386.rpm d13142fa106a04e49b2ad3e072a553bb php-devel-4.1.2-2.3.i386.rpm 02289114da87f3ab414635cabfa9aa4e php-imap-4.1.2-2.3.i386.rpm b6cc703eecf0a75bd51ada87c24086e9 php-ldap-4.1.2-2.3.i386.rpm cdb35266ca56df967ff79faa39043fe3 php-manual-4.1.2-2.3.i386.rpm 18684ae7a20e829f7c3f6858028df123 php-mysql-4.1.2-2.3.i386.rpm 10c39ba29c0e04bf23fa05f4fb068334 php-odbc-4.1.2-2.3.i386.rpm e531eea461e475eef5f282d345335a9c php-pgsql-4.1.2-2.3.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/php-4.1.2-2.3.src.rpm 5886716b98a26c634a47ccdae93b2376 php-4.1.2-2.3.src.rpm i386: 1307e0df5575fe3fe0f504fa856a5213 php-4.1.2-2.3.i386.rpm d13142fa106a04e49b2ad3e072a553bb php-devel-4.1.2-2.3.i386.rpm 02289114da87f3ab414635cabfa9aa4e php-imap-4.1.2-2.3.i386.rpm b6cc703eecf0a75bd51ada87c24086e9 php-ldap-4.1.2-2.3.i386.rpm cdb35266ca56df967ff79faa39043fe3 php-manual-4.1.2-2.3.i386.rpm 18684ae7a20e829f7c3f6858028df123 php-mysql-4.1.2-2.3.i386.rpm 10c39ba29c0e04bf23fa05f4fb068334 php-odbc-4.1.2-2.3.i386.rpm e531eea461e475eef5f282d345335a9c php-pgsql-4.1.2-2.3.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDc6M9XlSAg2UNWIIRAhtrAJ0cKr95+MubL52h2oXszMdoUl/rtACeIls+ NzKnM4rECpdUxt7dHIHTo70= =eZ4s -----END PGP SIGNATURE----- From bugzilla at redhat.com Sat Nov 12 01:12:43 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 11 Nov 2005 20:12:43 -0500 Subject: [RHSA-2005:839-01] Critical: lynx security update Message-ID: <200511120112.jAC1ChJ9003998@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: lynx security update Advisory ID: RHSA-2005:839-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-839.html Issue date: 2005-11-11 Updated on: 2005-11-11 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-2929 - --------------------------------------------------------------------- 1. Summary: An updated lynx package that corrects a security flaw is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Lynx is a text-based Web browser. An arbitrary command execute bug was found in the lynx "lynxcgi:" URI handler. An attacker could create a web page redirecting to a malicious URL which could execute arbitrary code as the user running lynx. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2929 to this issue. Users should update to this erratum package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 172972 - CVE-2005-2929 lynx arbitrary command execution 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/lynx-2.8.4-18.1.2.src.rpm bc22bfa2af84c0ce3ac1b938d2105c12 lynx-2.8.4-18.1.2.src.rpm i386: 92ab1fc6ad32aff2b309bdf8c6bebb30 lynx-2.8.4-18.1.2.i386.rpm ia64: 8b59050227539bd10f525689aee035cf lynx-2.8.4-18.1.2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/lynx-2.8.4-18.1.2.src.rpm bc22bfa2af84c0ce3ac1b938d2105c12 lynx-2.8.4-18.1.2.src.rpm ia64: 8b59050227539bd10f525689aee035cf lynx-2.8.4-18.1.2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/lynx-2.8.4-18.1.2.src.rpm bc22bfa2af84c0ce3ac1b938d2105c12 lynx-2.8.4-18.1.2.src.rpm i386: 92ab1fc6ad32aff2b309bdf8c6bebb30 lynx-2.8.4-18.1.2.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/lynx-2.8.4-18.1.2.src.rpm bc22bfa2af84c0ce3ac1b938d2105c12 lynx-2.8.4-18.1.2.src.rpm i386: 92ab1fc6ad32aff2b309bdf8c6bebb30 lynx-2.8.4-18.1.2.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/lynx-2.8.5-11.2.src.rpm 577bcf60f5b5ccf503e8deee017f549f lynx-2.8.5-11.2.src.rpm i386: 5a834d80cc25f1727582f3b9f563a414 lynx-2.8.5-11.2.i386.rpm ia64: ef28b7c2b18882a7b560be97f6ae8560 lynx-2.8.5-11.2.ia64.rpm ppc: ca4425a684a26c2a4d8bd050a3d13dba lynx-2.8.5-11.2.ppc.rpm s390: 936342af3c5c168bdd6cd08342d36f1d lynx-2.8.5-11.2.s390.rpm s390x: ec2fa46133feddb0d9c901a854643455 lynx-2.8.5-11.2.s390x.rpm x86_64: 0b6242c2fcd0500fda167415def46d0a lynx-2.8.5-11.2.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/lynx-2.8.5-11.2.src.rpm 577bcf60f5b5ccf503e8deee017f549f lynx-2.8.5-11.2.src.rpm i386: 5a834d80cc25f1727582f3b9f563a414 lynx-2.8.5-11.2.i386.rpm x86_64: 0b6242c2fcd0500fda167415def46d0a lynx-2.8.5-11.2.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/lynx-2.8.5-11.2.src.rpm 577bcf60f5b5ccf503e8deee017f549f lynx-2.8.5-11.2.src.rpm i386: 5a834d80cc25f1727582f3b9f563a414 lynx-2.8.5-11.2.i386.rpm ia64: ef28b7c2b18882a7b560be97f6ae8560 lynx-2.8.5-11.2.ia64.rpm x86_64: 0b6242c2fcd0500fda167415def46d0a lynx-2.8.5-11.2.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/lynx-2.8.5-11.2.src.rpm 577bcf60f5b5ccf503e8deee017f549f lynx-2.8.5-11.2.src.rpm i386: 5a834d80cc25f1727582f3b9f563a414 lynx-2.8.5-11.2.i386.rpm ia64: ef28b7c2b18882a7b560be97f6ae8560 lynx-2.8.5-11.2.ia64.rpm x86_64: 0b6242c2fcd0500fda167415def46d0a lynx-2.8.5-11.2.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/lynx-2.8.5-18.2.src.rpm b313e1461e8cf908c456c729fa3c06d9 lynx-2.8.5-18.2.src.rpm i386: 5582f24c41bba43315714ad2c587270d lynx-2.8.5-18.2.i386.rpm ia64: 402ab10ac0c79e7e82ef101cd8ffd6a4 lynx-2.8.5-18.2.ia64.rpm ppc: 6566764ce7d22dcdfcb8adff4dd12c04 lynx-2.8.5-18.2.ppc.rpm s390: 9fa86f3a2f0858e62a6a4868afe82aec lynx-2.8.5-18.2.s390.rpm s390x: cc810119aa66d52aff3470069cfc941d lynx-2.8.5-18.2.s390x.rpm x86_64: c2502b5ba9fe8d060755826407b9d7d7 lynx-2.8.5-18.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/lynx-2.8.5-18.2.src.rpm b313e1461e8cf908c456c729fa3c06d9 lynx-2.8.5-18.2.src.rpm i386: 5582f24c41bba43315714ad2c587270d lynx-2.8.5-18.2.i386.rpm x86_64: c2502b5ba9fe8d060755826407b9d7d7 lynx-2.8.5-18.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/lynx-2.8.5-18.2.src.rpm b313e1461e8cf908c456c729fa3c06d9 lynx-2.8.5-18.2.src.rpm i386: 5582f24c41bba43315714ad2c587270d lynx-2.8.5-18.2.i386.rpm ia64: 402ab10ac0c79e7e82ef101cd8ffd6a4 lynx-2.8.5-18.2.ia64.rpm x86_64: c2502b5ba9fe8d060755826407b9d7d7 lynx-2.8.5-18.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/lynx-2.8.5-18.2.src.rpm b313e1461e8cf908c456c729fa3c06d9 lynx-2.8.5-18.2.src.rpm i386: 5582f24c41bba43315714ad2c587270d lynx-2.8.5-18.2.i386.rpm ia64: 402ab10ac0c79e7e82ef101cd8ffd6a4 lynx-2.8.5-18.2.ia64.rpm x86_64: c2502b5ba9fe8d060755826407b9d7d7 lynx-2.8.5-18.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2929 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDdUGGXlSAg2UNWIIRAgg+AJ94gink4CJsfNz18AUqFu3mHvyyAACgs3SO alR/Zo/JjtJKs6nvrLl9JUA= =Mb8M -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 15 14:46:16 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Nov 2005 09:46:16 -0500 Subject: [RHSA-2005:810-01] Important: gdk-pixbuf security update Message-ID: <200511151446.jAFEkGra004377@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: gdk-pixbuf security update Advisory ID: RHSA-2005:810-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-810.html Issue date: 2005-11-15 Updated on: 2005-11-15 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3186 CVE-2005-2976 CVE-2005-2975 - --------------------------------------------------------------------- 1. Summary: Updated gdk-pixbuf packages that fix several security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. A bug was found in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue. Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code or crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2976 to this issue. Ludwig Nussel also discovered an infinite-loop denial of service bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue. Users of gdk-pixbuf are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 171071 - CVE-2005-3186 XPM buffer overflow 171900 - CVE-2005-2975 Multiple XPM processing issues (CVE-2005-2976) 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.3.src.rpm 5bea8970a777c2e2197c343d64669f1a gdk-pixbuf-0.22.0-12.el2.3.src.rpm i386: 28ad503e6c7cf397277bf9d60b2b64b8 gdk-pixbuf-0.22.0-12.el2.3.i386.rpm 7d4d3f1c4492eb2aaded956ad8028e2e gdk-pixbuf-devel-0.22.0-12.el2.3.i386.rpm 54833c2b7785977352d13fa3fe534c24 gdk-pixbuf-gnome-0.22.0-12.el2.3.i386.rpm ia64: cc7b986a3d8513a9d6b851b7d6650158 gdk-pixbuf-0.22.0-12.el2.3.ia64.rpm 3fe74f7116a28990f296154a45dfcdd7 gdk-pixbuf-devel-0.22.0-12.el2.3.ia64.rpm 401c82d6c91904940173f42618b696ee gdk-pixbuf-gnome-0.22.0-12.el2.3.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.3.src.rpm 5bea8970a777c2e2197c343d64669f1a gdk-pixbuf-0.22.0-12.el2.3.src.rpm ia64: cc7b986a3d8513a9d6b851b7d6650158 gdk-pixbuf-0.22.0-12.el2.3.ia64.rpm 3fe74f7116a28990f296154a45dfcdd7 gdk-pixbuf-devel-0.22.0-12.el2.3.ia64.rpm 401c82d6c91904940173f42618b696ee gdk-pixbuf-gnome-0.22.0-12.el2.3.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.3.src.rpm 5bea8970a777c2e2197c343d64669f1a gdk-pixbuf-0.22.0-12.el2.3.src.rpm i386: 28ad503e6c7cf397277bf9d60b2b64b8 gdk-pixbuf-0.22.0-12.el2.3.i386.rpm 7d4d3f1c4492eb2aaded956ad8028e2e gdk-pixbuf-devel-0.22.0-12.el2.3.i386.rpm 54833c2b7785977352d13fa3fe534c24 gdk-pixbuf-gnome-0.22.0-12.el2.3.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.3.src.rpm 5bea8970a777c2e2197c343d64669f1a gdk-pixbuf-0.22.0-12.el2.3.src.rpm i386: 28ad503e6c7cf397277bf9d60b2b64b8 gdk-pixbuf-0.22.0-12.el2.3.i386.rpm 7d4d3f1c4492eb2aaded956ad8028e2e gdk-pixbuf-devel-0.22.0-12.el2.3.i386.rpm 54833c2b7785977352d13fa3fe534c24 gdk-pixbuf-gnome-0.22.0-12.el2.3.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gdk-pixbuf-0.22.0-13.el3.3.src.rpm ebe0b3e9475a081fb1e440859b18aa41 gdk-pixbuf-0.22.0-13.el3.3.src.rpm i386: a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.i386.rpm b9a4428f150b1a2b254c28ec1ef3ad68 gdk-pixbuf-devel-0.22.0-13.el3.3.i386.rpm 233cf43c7684265346a2870106827dbb gdk-pixbuf-gnome-0.22.0-13.el3.3.i386.rpm ia64: a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.i386.rpm 833a671af2cd66a28ce7e2bf12eee13e gdk-pixbuf-0.22.0-13.el3.3.ia64.rpm 315df07a3664142ad20253967e745b88 gdk-pixbuf-devel-0.22.0-13.el3.3.ia64.rpm 470d6728d82db236cdd4ca49fe39e290 gdk-pixbuf-gnome-0.22.0-13.el3.3.ia64.rpm ppc: a18a4ce7200859ec784b24715c91b7b0 gdk-pixbuf-0.22.0-13.el3.3.ppc.rpm aeeeb699b739c135e0e5c8413a171ead gdk-pixbuf-0.22.0-13.el3.3.ppc64.rpm c6b914ee5245697f917438fe5cb72247 gdk-pixbuf-devel-0.22.0-13.el3.3.ppc.rpm 418d51ffeb3c3b60ab3683a6b23d6b26 gdk-pixbuf-gnome-0.22.0-13.el3.3.ppc.rpm s390: 1ee53f56d6e7a53e1b765dd67d6f21fb gdk-pixbuf-0.22.0-13.el3.3.s390.rpm e5913217d5e52b6bcdfcccbd6f15bdbe gdk-pixbuf-devel-0.22.0-13.el3.3.s390.rpm 143294a23f39a1cb9a2b2330135328a7 gdk-pixbuf-gnome-0.22.0-13.el3.3.s390.rpm s390x: 1ee53f56d6e7a53e1b765dd67d6f21fb gdk-pixbuf-0.22.0-13.el3.3.s390.rpm 52a67a4ed71b6258dfd3d0cf6bc76489 gdk-pixbuf-0.22.0-13.el3.3.s390x.rpm 337524639387626d21755bea87811ef9 gdk-pixbuf-devel-0.22.0-13.el3.3.s390x.rpm d0bc2d8fe6ea6839e3688de896cf10fa gdk-pixbuf-gnome-0.22.0-13.el3.3.s390x.rpm x86_64: a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.i386.rpm 6d71d761fb4c57b6929e45328b737430 gdk-pixbuf-0.22.0-13.el3.3.x86_64.rpm fe71ef624d7d72e1088ecf99a0d8964e gdk-pixbuf-devel-0.22.0-13.el3.3.x86_64.rpm 99361ad12142f6649862b34492d44161 gdk-pixbuf-gnome-0.22.0-13.el3.3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gdk-pixbuf-0.22.0-13.el3.3.src.rpm ebe0b3e9475a081fb1e440859b18aa41 gdk-pixbuf-0.22.0-13.el3.3.src.rpm i386: a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.i386.rpm b9a4428f150b1a2b254c28ec1ef3ad68 gdk-pixbuf-devel-0.22.0-13.el3.3.i386.rpm 233cf43c7684265346a2870106827dbb gdk-pixbuf-gnome-0.22.0-13.el3.3.i386.rpm x86_64: a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.i386.rpm 6d71d761fb4c57b6929e45328b737430 gdk-pixbuf-0.22.0-13.el3.3.x86_64.rpm fe71ef624d7d72e1088ecf99a0d8964e gdk-pixbuf-devel-0.22.0-13.el3.3.x86_64.rpm 99361ad12142f6649862b34492d44161 gdk-pixbuf-gnome-0.22.0-13.el3.3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gdk-pixbuf-0.22.0-13.el3.3.src.rpm ebe0b3e9475a081fb1e440859b18aa41 gdk-pixbuf-0.22.0-13.el3.3.src.rpm i386: a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.i386.rpm b9a4428f150b1a2b254c28ec1ef3ad68 gdk-pixbuf-devel-0.22.0-13.el3.3.i386.rpm 233cf43c7684265346a2870106827dbb gdk-pixbuf-gnome-0.22.0-13.el3.3.i386.rpm ia64: a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.i386.rpm 833a671af2cd66a28ce7e2bf12eee13e gdk-pixbuf-0.22.0-13.el3.3.ia64.rpm 315df07a3664142ad20253967e745b88 gdk-pixbuf-devel-0.22.0-13.el3.3.ia64.rpm 470d6728d82db236cdd4ca49fe39e290 gdk-pixbuf-gnome-0.22.0-13.el3.3.ia64.rpm x86_64: a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.i386.rpm 6d71d761fb4c57b6929e45328b737430 gdk-pixbuf-0.22.0-13.el3.3.x86_64.rpm fe71ef624d7d72e1088ecf99a0d8964e gdk-pixbuf-devel-0.22.0-13.el3.3.x86_64.rpm 99361ad12142f6649862b34492d44161 gdk-pixbuf-gnome-0.22.0-13.el3.3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gdk-pixbuf-0.22.0-13.el3.3.src.rpm ebe0b3e9475a081fb1e440859b18aa41 gdk-pixbuf-0.22.0-13.el3.3.src.rpm i386: a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.i386.rpm b9a4428f150b1a2b254c28ec1ef3ad68 gdk-pixbuf-devel-0.22.0-13.el3.3.i386.rpm 233cf43c7684265346a2870106827dbb gdk-pixbuf-gnome-0.22.0-13.el3.3.i386.rpm ia64: a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.i386.rpm 833a671af2cd66a28ce7e2bf12eee13e gdk-pixbuf-0.22.0-13.el3.3.ia64.rpm 315df07a3664142ad20253967e745b88 gdk-pixbuf-devel-0.22.0-13.el3.3.ia64.rpm 470d6728d82db236cdd4ca49fe39e290 gdk-pixbuf-gnome-0.22.0-13.el3.3.ia64.rpm x86_64: a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.i386.rpm 6d71d761fb4c57b6929e45328b737430 gdk-pixbuf-0.22.0-13.el3.3.x86_64.rpm fe71ef624d7d72e1088ecf99a0d8964e gdk-pixbuf-devel-0.22.0-13.el3.3.x86_64.rpm 99361ad12142f6649862b34492d44161 gdk-pixbuf-gnome-0.22.0-13.el3.3.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gdk-pixbuf-0.22.0-17.el4.3.src.rpm 8f98649a87e4b1cac5c2bec357f3e2d1 gdk-pixbuf-0.22.0-17.el4.3.src.rpm i386: 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-0.22.0-17.el4.3.i386.rpm f530d05031db8603b003d27dd8bc315f gdk-pixbuf-devel-0.22.0-17.el4.3.i386.rpm ia64: 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-0.22.0-17.el4.3.i386.rpm 95a393d1c23b080098567a541a3fd4a6 gdk-pixbuf-0.22.0-17.el4.3.ia64.rpm 9ac8a15c9557de6011ac7e173c2e1dc6 gdk-pixbuf-devel-0.22.0-17.el4.3.ia64.rpm ppc: 19f1900fcbeceee3ffba51a8fd1019eb gdk-pixbuf-0.22.0-17.el4.3.ppc.rpm fd101356cae3f3703a86467223e3b4ff gdk-pixbuf-0.22.0-17.el4.3.ppc64.rpm ae4d063b07659d79778e38c39e8ce25d gdk-pixbuf-devel-0.22.0-17.el4.3.ppc.rpm s390: b71b326b9bd4b83313f3de589631e409 gdk-pixbuf-0.22.0-17.el4.3.s390.rpm 0453a6c73cb58b51a94bf6d6c55a634f gdk-pixbuf-devel-0.22.0-17.el4.3.s390.rpm s390x: b71b326b9bd4b83313f3de589631e409 gdk-pixbuf-0.22.0-17.el4.3.s390.rpm 0d7fb9c7ee09cea545a601e22b84ccd3 gdk-pixbuf-0.22.0-17.el4.3.s390x.rpm 7b7559e898bf3b9b95378b1f93dabbcd gdk-pixbuf-devel-0.22.0-17.el4.3.s390x.rpm x86_64: 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-0.22.0-17.el4.3.i386.rpm 021d4b0918b36f768be0915bf25d3506 gdk-pixbuf-0.22.0-17.el4.3.x86_64.rpm 2bc4b69e7df26ca388139ac22b1488a1 gdk-pixbuf-devel-0.22.0-17.el4.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gdk-pixbuf-0.22.0-17.el4.3.src.rpm 8f98649a87e4b1cac5c2bec357f3e2d1 gdk-pixbuf-0.22.0-17.el4.3.src.rpm i386: 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-0.22.0-17.el4.3.i386.rpm f530d05031db8603b003d27dd8bc315f gdk-pixbuf-devel-0.22.0-17.el4.3.i386.rpm x86_64: 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-0.22.0-17.el4.3.i386.rpm 021d4b0918b36f768be0915bf25d3506 gdk-pixbuf-0.22.0-17.el4.3.x86_64.rpm 2bc4b69e7df26ca388139ac22b1488a1 gdk-pixbuf-devel-0.22.0-17.el4.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gdk-pixbuf-0.22.0-17.el4.3.src.rpm 8f98649a87e4b1cac5c2bec357f3e2d1 gdk-pixbuf-0.22.0-17.el4.3.src.rpm i386: 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-0.22.0-17.el4.3.i386.rpm f530d05031db8603b003d27dd8bc315f gdk-pixbuf-devel-0.22.0-17.el4.3.i386.rpm ia64: 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-0.22.0-17.el4.3.i386.rpm 95a393d1c23b080098567a541a3fd4a6 gdk-pixbuf-0.22.0-17.el4.3.ia64.rpm 9ac8a15c9557de6011ac7e173c2e1dc6 gdk-pixbuf-devel-0.22.0-17.el4.3.ia64.rpm x86_64: 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-0.22.0-17.el4.3.i386.rpm 021d4b0918b36f768be0915bf25d3506 gdk-pixbuf-0.22.0-17.el4.3.x86_64.rpm 2bc4b69e7df26ca388139ac22b1488a1 gdk-pixbuf-devel-0.22.0-17.el4.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gdk-pixbuf-0.22.0-17.el4.3.src.rpm 8f98649a87e4b1cac5c2bec357f3e2d1 gdk-pixbuf-0.22.0-17.el4.3.src.rpm i386: 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-0.22.0-17.el4.3.i386.rpm f530d05031db8603b003d27dd8bc315f gdk-pixbuf-devel-0.22.0-17.el4.3.i386.rpm ia64: 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-0.22.0-17.el4.3.i386.rpm 95a393d1c23b080098567a541a3fd4a6 gdk-pixbuf-0.22.0-17.el4.3.ia64.rpm 9ac8a15c9557de6011ac7e173c2e1dc6 gdk-pixbuf-devel-0.22.0-17.el4.3.ia64.rpm x86_64: 493e45512178d1341b15cb5d6d45cc0b gdk-pixbuf-0.22.0-17.el4.3.i386.rpm 021d4b0918b36f768be0915bf25d3506 gdk-pixbuf-0.22.0-17.el4.3.x86_64.rpm 2bc4b69e7df26ca388139ac22b1488a1 gdk-pixbuf-devel-0.22.0-17.el4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2975 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDefSpXlSAg2UNWIIRAnA9AJ0SkoDcPX32vvaxAmpaV3tQT5GnfACcCGyW UYrlawWi+RI18ziAWcHqlRk= =bxFw -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Nov 15 14:46:35 2005 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 15 Nov 2005 09:46:35 -0500 Subject: [RHSA-2005:811-01] Important: gtk2 security update Message-ID: <200511151446.jAFEkZds004397@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: gtk2 security update Advisory ID: RHSA-2005:811-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-811.html Issue date: 2005-11-15 Updated on: 2005-11-15 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3186 CVE-2005-2975 - --------------------------------------------------------------------- 1. Summary: Updated gtk2 packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way gtk2 processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gtk2 to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue. Ludwig Nussel discovered an infinite-loop denial of service bug in the way gtk2 processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gtk2 to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue. Users of gtk2 are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 171073 - CVE-2005-3186 XPM buffer overflow 171904 - CVE-2005-2975 gtk2 XPM DoS 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gtk2-2.2.4-19.src.rpm 2beebc30bf5b45b0c2dc6d1261b67561 gtk2-2.2.4-19.src.rpm i386: 7c4100ec2705bdd6ce1c2e494e6d7295 gtk2-2.2.4-19.i386.rpm c7fd878b56e54635eb842eb2ff72840a gtk2-devel-2.2.4-19.i386.rpm ia64: 7c4100ec2705bdd6ce1c2e494e6d7295 gtk2-2.2.4-19.i386.rpm e6e0623450c1ad48ecf4f8b145bcc3b7 gtk2-2.2.4-19.ia64.rpm 38510603379a0018f524f1d4f1fab979 gtk2-devel-2.2.4-19.ia64.rpm ppc: 1ffb585f9a10954d9447c8fbcb580065 gtk2-2.2.4-19.ppc.rpm 4d4b6cc89f7721e088d31403cb250b2c gtk2-2.2.4-19.ppc64.rpm e89f8a6c2f59762d256a7f98db702345 gtk2-devel-2.2.4-19.ppc.rpm s390: 0610f7c6ea96609ec70f042fe54f76d7 gtk2-2.2.4-19.s390.rpm c3ea0a99a0e5dbe7727442cab31aa735 gtk2-devel-2.2.4-19.s390.rpm s390x: 0610f7c6ea96609ec70f042fe54f76d7 gtk2-2.2.4-19.s390.rpm 4ef78cf2393365df26bce2e0690fe9ca gtk2-2.2.4-19.s390x.rpm 5f30d8dc16ee803ad9b49465b592f738 gtk2-devel-2.2.4-19.s390x.rpm x86_64: 7c4100ec2705bdd6ce1c2e494e6d7295 gtk2-2.2.4-19.i386.rpm f60a3e69986ad825cba4aad1254863ce gtk2-2.2.4-19.x86_64.rpm 5600f666987f01f84450c5afd5b4b755 gtk2-devel-2.2.4-19.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gtk2-2.2.4-19.src.rpm 2beebc30bf5b45b0c2dc6d1261b67561 gtk2-2.2.4-19.src.rpm i386: 7c4100ec2705bdd6ce1c2e494e6d7295 gtk2-2.2.4-19.i386.rpm c7fd878b56e54635eb842eb2ff72840a gtk2-devel-2.2.4-19.i386.rpm x86_64: 7c4100ec2705bdd6ce1c2e494e6d7295 gtk2-2.2.4-19.i386.rpm f60a3e69986ad825cba4aad1254863ce gtk2-2.2.4-19.x86_64.rpm 5600f666987f01f84450c5afd5b4b755 gtk2-devel-2.2.4-19.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gtk2-2.2.4-19.src.rpm 2beebc30bf5b45b0c2dc6d1261b67561 gtk2-2.2.4-19.src.rpm i386: 7c4100ec2705bdd6ce1c2e494e6d7295 gtk2-2.2.4-19.i386.rpm c7fd878b56e54635eb842eb2ff72840a gtk2-devel-2.2.4-19.i386.rpm ia64: 7c4100ec2705bdd6ce1c2e494e6d7295 gtk2-2.2.4-19.i386.rpm e6e0623450c1ad48ecf4f8b145bcc3b7 gtk2-2.2.4-19.ia64.rpm 38510603379a0018f524f1d4f1fab979 gtk2-devel-2.2.4-19.ia64.rpm x86_64: 7c4100ec2705bdd6ce1c2e494e6d7295 gtk2-2.2.4-19.i386.rpm f60a3e69986ad825cba4aad1254863ce gtk2-2.2.4-19.x86_64.rpm 5600f666987f01f84450c5afd5b4b755 gtk2-devel-2.2.4-19.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gtk2-2.2.4-19.src.rpm 2beebc30bf5b45b0c2dc6d1261b67561 gtk2-2.2.4-19.src.rpm i386: 7c4100ec2705bdd6ce1c2e494e6d7295 gtk2-2.2.4-19.i386.rpm c7fd878b56e54635eb842eb2ff72840a gtk2-devel-2.2.4-19.i386.rpm ia64: 7c4100ec2705bdd6ce1c2e494e6d7295 gtk2-2.2.4-19.i386.rpm e6e0623450c1ad48ecf4f8b145bcc3b7 gtk2-2.2.4-19.ia64.rpm 38510603379a0018f524f1d4f1fab979 gtk2-devel-2.2.4-19.ia64.rpm x86_64: 7c4100ec2705bdd6ce1c2e494e6d7295 gtk2-2.2.4-19.i386.rpm f60a3e69986ad825cba4aad1254863ce gtk2-2.2.4-19.x86_64.rpm 5600f666987f01f84450c5afd5b4b755 gtk2-devel-2.2.4-19.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gtk2-2.4.13-18.src.rpm 319e84b7ef7333e0fa701a82321f27d6 gtk2-2.4.13-18.src.rpm i386: 38fc94c08b8709088f1faa742c598d1e gtk2-2.4.13-18.i386.rpm 66f404a4f92b1d8edf4b7fe52efa7a95 gtk2-devel-2.4.13-18.i386.rpm ia64: 38fc94c08b8709088f1faa742c598d1e gtk2-2.4.13-18.i386.rpm e28a842bdc3df5ad91a871e5bf37830b gtk2-2.4.13-18.ia64.rpm 6253d039252a0e032535eaf0bc980c45 gtk2-devel-2.4.13-18.ia64.rpm ppc: b8c74bd45ff3029778dbb4dacf81cb77 gtk2-2.4.13-18.ppc.rpm 267defc507f889c498f9f79bfd062175 gtk2-2.4.13-18.ppc64.rpm f0c599f36e0ac42b4f6c10c95b248833 gtk2-devel-2.4.13-18.ppc.rpm s390: 7c83feddd2b894f7dc5dd0694c6ffb46 gtk2-2.4.13-18.s390.rpm 91f83cb635117c6600f025782f1ab59d gtk2-devel-2.4.13-18.s390.rpm s390x: 7c83feddd2b894f7dc5dd0694c6ffb46 gtk2-2.4.13-18.s390.rpm 23bf1c1628f0be7fb9efac948ad135be gtk2-2.4.13-18.s390x.rpm c4d4fb513d4ff47cae9dd4935bc3b3f0 gtk2-devel-2.4.13-18.s390x.rpm x86_64: 38fc94c08b8709088f1faa742c598d1e gtk2-2.4.13-18.i386.rpm 0e1c475684a72b6230eef4d1355bbeca gtk2-2.4.13-18.x86_64.rpm 62fb0870357cd572bbdf2988005f388b gtk2-devel-2.4.13-18.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gtk2-2.4.13-18.src.rpm 319e84b7ef7333e0fa701a82321f27d6 gtk2-2.4.13-18.src.rpm i386: 38fc94c08b8709088f1faa742c598d1e gtk2-2.4.13-18.i386.rpm 66f404a4f92b1d8edf4b7fe52efa7a95 gtk2-devel-2.4.13-18.i386.rpm x86_64: 38fc94c08b8709088f1faa742c598d1e gtk2-2.4.13-18.i386.rpm 0e1c475684a72b6230eef4d1355bbeca gtk2-2.4.13-18.x86_64.rpm 62fb0870357cd572bbdf2988005f388b gtk2-devel-2.4.13-18.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gtk2-2.4.13-18.src.rpm 319e84b7ef7333e0fa701a82321f27d6 gtk2-2.4.13-18.src.rpm i386: 38fc94c08b8709088f1faa742c598d1e gtk2-2.4.13-18.i386.rpm 66f404a4f92b1d8edf4b7fe52efa7a95 gtk2-devel-2.4.13-18.i386.rpm ia64: 38fc94c08b8709088f1faa742c598d1e gtk2-2.4.13-18.i386.rpm e28a842bdc3df5ad91a871e5bf37830b gtk2-2.4.13-18.ia64.rpm 6253d039252a0e032535eaf0bc980c45 gtk2-devel-2.4.13-18.ia64.rpm x86_64: 38fc94c08b8709088f1faa742c598d1e gtk2-2.4.13-18.i386.rpm 0e1c475684a72b6230eef4d1355bbeca gtk2-2.4.13-18.x86_64.rpm 62fb0870357cd572bbdf2988005f388b gtk2-devel-2.4.13-18.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gtk2-2.4.13-18.src.rpm 319e84b7ef7333e0fa701a82321f27d6 gtk2-2.4.13-18.src.rpm i386: 38fc94c08b8709088f1faa742c598d1e gtk2-2.4.13-18.i386.rpm 66f404a4f92b1d8edf4b7fe52efa7a95 gtk2-devel-2.4.13-18.i386.rpm ia64: 38fc94c08b8709088f1faa742c598d1e gtk2-2.4.13-18.i386.rpm e28a842bdc3df5ad91a871e5bf37830b gtk2-2.4.13-18.ia64.rpm 6253d039252a0e032535eaf0bc980c45 gtk2-devel-2.4.13-18.ia64.rpm x86_64: 38fc94c08b8709088f1faa742c598d1e gtk2-2.4.13-18.i386.rpm 0e1c475684a72b6230eef4d1355bbeca gtk2-2.4.13-18.x86_64.rpm 62fb0870357cd572bbdf2988005f388b gtk2-devel-2.4.13-18.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2975 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDefTDXlSAg2UNWIIRAlYxAJwIIcBk9FfWOLP7+7v46Zct58INrQCfZE4B kTFxVq5XySXMrwJglCWQTRY= =gvN+ -----END PGP SIGNATURE-----