From bugzilla at redhat.com  Wed Feb  1 18:15:09 2006
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 1 Feb 2006 13:15:09 -0500
Subject: [RHSA-2006:0190-01] Important: kernel security update
Message-ID: <200602011815.k11IFA8N016193@porkchop.devel.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2006:0190-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0190.html
Issue date:        2006-02-01
Updated on:        2006-02-01
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2002-2185 CVE-2004-1058 CVE-2004-1073 CVE-2005-0400 CVE-2005-0815 CVE-2005-2458 CVE-2005-2708 CVE-2005-2709 CVE-2005-2973 CVE-2005-3180 CVE-2005-3274 CVE-2005-3275 CVE-2005-3806
- ---------------------------------------------------------------------

1. Summary:

Updated kernel packages that fix a number of security issues as well as
other bugs are now available for Red Hat Enterprise Linux 2.1 (64 bit
architectures).

This security advisory has been rated as having important security impact
by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - ia64
Red Hat Linux Advanced Workstation 2.1 - ia64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the security issues described
below:

- - a flaw in network IGMP processing that a allowed a remote user on the
local network to cause a denial of service (disabling of multicast reports)
if the system is running multicast applications (CVE-2002-2185, moderate) 

- - a race condition that allowed local users to read the environment
variables of another process (CVE-2004-1058, low)

- - a flaw in the open_exec function of execve that allowed a local user to
read setuid ELF binaries that should otherwise be protected by standard
permissions. (CVE-2004-1073, moderate). Red Hat originally reported this
flaw as being fixed by RHSA-2004:504, but a patch for this issue was
missing from that update.

- - a potential leak of kernel data from ext2 file system handling
(CVE-2005-0400, low) 

- - flaws in ISO-9660 file system handling that allowed the mounting of
an invalid image on a CD-ROM to cause a denial of service (crash)
or potentially execute arbitrary code (CVE-2005-0815, moderate) 

- - a flaw in gzip/zlib handling internal to the kernel that may allow a
local user to cause a denial of service (crash) (CVE-2005-2458, low) 

- - a flaw in exec() handling on some 64-bit architectures that allowed a
local user to cause a denial of service (crash) (CVE-2005-2708, important) 

- - a flaw in procfs handling during unloading of modules that allowed a
local user to cause a denial of service or potentially gain privileges
(CVE-2005-2709, moderate) 

- - a flaw in IPv6 network UDP port hash table lookups that allowed a local
user to cause a denial of service (hang) (CVE-2005-2973, important) 

- - a network buffer info leak using the orinoco driver that allowed a remote
user to possibly view uninitialized data (CVE-2005-3180, important) 

- - a race condition affecting SMP systems that allowed a local user to cause
a denial of service (crash) (CVE-2005-3274, important)

- - a flaw in IPv4 network TCP and UDP netfilter handling that allowed a
local user to cause a denial of service (crash) (CVE-2005-3275, important) 

- - a flaw in the IPv6 flowlabel code that allowed a local user to cause a
denial of service (crash) (CVE-2005-3806, important) 

The following bugs were also addressed:

- - Handle set_brk() errors in binfmt_elf

- - Correct scsi error return

All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels
to the packages associated with their machine architectures and
configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

133117 - CVE-2004-1058 /proc/<PID>/cmdline information disclosure
144172 - binfmt_aout DoS
152402 - CVE-2005-0400 ext2 mkdir() directory entry random kernel memory leak (ipf)
152408 - CVE-2005-0815 isofs range checking flaws (ipf)
152554 - CVE-2004-1073 looks unfixed in RHEL2.1-ia64
165681 - CVE-2005-2458 gzip/zlib flaws (ipf)
168313 - CVE-2005-2708 user code panics kernel in exec.c
168927 - CVE-2005-2709 More sysctl flaws (ipf)
170279 - CVE-2005-3180 orinoco driver information leakage (ipf)
170775 - CVE-2005-2973 ipv6 infinite loop - ipf
171385 - CVE-2005-3274 ip_vs_conn_flush race
171388 - CVE-2005-3275 NAT DoS (ipf)
174083 - CVE-2005-3806 ipv6 DOS (ipf)
174810 - CVE-2002-2185 IGMP DoS (ipf)


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kernel-2.4.18-e.61.src.rpm
18fcaf89b8220a46e56a68fc3a2075b3  kernel-2.4.18-e.61.src.rpm

ia64:
ee967c6080a5b77039b6fa61a8464e0d  kernel-2.4.18-e.61.ia64.rpm
30656fcfaaf8ad481384a7e96a62f438  kernel-doc-2.4.18-e.61.ia64.rpm
27e92933a580dfe66e24bf28f420af80  kernel-smp-2.4.18-e.61.ia64.rpm
62e72c6adf63c8a551da0a2907e754bd  kernel-source-2.4.18-e.61.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kernel-2.4.18-e.61.src.rpm
18fcaf89b8220a46e56a68fc3a2075b3  kernel-2.4.18-e.61.src.rpm

ia64:
ee967c6080a5b77039b6fa61a8464e0d  kernel-2.4.18-e.61.ia64.rpm
30656fcfaaf8ad481384a7e96a62f438  kernel-doc-2.4.18-e.61.ia64.rpm
27e92933a580dfe66e24bf28f420af80  kernel-smp-2.4.18-e.61.ia64.rpm
62e72c6adf63c8a551da0a2907e754bd  kernel-source-2.4.18-e.61.ia64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3806

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFD4PqLXlSAg2UNWIIRAtjWAKCTAaermvg8gKdZC+YUWLSHS6h1lwCghjPC
5QWyb4TVqB5WZpWAbyjISRw=
=f3eu
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Feb  1 18:16:04 2006
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 1 Feb 2006 13:16:04 -0500
Subject: [RHSA-2006:0191-01] Important: kernel security update
Message-ID: <200602011816.k11IG5k1016592@porkchop.devel.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update
Advisory ID:       RHSA-2006:0191-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0191.html
Issue date:        2006-02-01
Updated on:        2006-02-01
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2002-2185 CVE-2004-1058 CVE-2004-1073 CVE-2005-0124 CVE-2005-0400 CVE-2005-0815 CVE-2005-2458 CVE-2005-2709 CVE-2005-2973 CVE-2005-3180 CVE-2005-3275 CVE-2005-3806
- ---------------------------------------------------------------------

1. Summary:

Updated kernel packages that fix a number of security issues as well as
other bugs are now available for Red Hat Enterprise Linux 2.1 (32 bit
architectures)

This security advisory has been rated as having important security impact
by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

The Linux kernel handles the basic functions of the operating system. 

These new kernel packages contain fixes for the security issues described
below:

- - a flaw in network IGMP processing that a allowed a remote user on the
local network to cause a denial of service (disabling of multicast reports)
if the system is running multicast applications (CVE-2002-2185, moderate) 

- - a race condition that allowed local users to read the environment
variables of another process (CVE-2004-1058, low)

- - a flaw in the open_exec function of execve that allowed a local user to
read setuid ELF binaries that should otherwise be protected by standard
permissions. (CVE-2004-1073, moderate).  Red Hat originally reported this
flaw as being fixed by RHSA-2004:504, but a patch for this issue was
missing from that update.

- - a flaw in the coda module that allowed a local user to cause a denial of
service (crash) or possibly gain privileges (CVE-2005-0124, moderate)

- - a potential leak of kernel data from ext2 file system handling
(CVE-2005-0400, low) 

- - flaws in ISO-9660 file system handling that allowed the mounting of
an invalid image on a CD-ROM to cause a denial of service (crash)
or potentially execute arbitrary code (CVE-2005-0815, moderate) 

- - a flaw in gzip/zlib handling internal to the kernel that may allow a
local user to cause a denial of service (crash) (CVE-2005-2458, low) 

- - a flaw in procfs handling during unloading of modules that allowed a
local user to cause a denial of service or potentially gain privileges
(CVE-2005-2709, moderate) 

- - a flaw in IPv6 network UDP port hash table lookups that allowed a local
user to cause a denial of service (hang) (CVE-2005-2973, important) 

- - a network buffer info leak using the orinoco driver that allowed a remote
user to possibly view uninitialized data (CVE-2005-3180, important) 

- - a flaw in IPv4 network TCP and UDP netfilter handling that allowed a
local user to cause a denial of service (crash) (CVE-2005-3275, important) 

- - a flaw in the IPv6 flowlabel code that allowed a local user to cause a
denial of service (crash) (CVE-2005-3806, important) 

The following bugs were also addressed: 

- - Handle set_brk() errors in binfmt_elf/aout

- - Correct error handling in shmem_ioctl

- - Correct scsi error return

- - Fix netdump time keeping bug

- - Fix netdump link-down freeze

- - Fix FAT fs deadlock

All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels
to the packages associated with their machine architectures and
configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

133115 - CVE-2004-1058 /proc/<PID>/cmdline information disclosure
137214 - netconsole freezes during printk() when output link not up
144155 - binfmt_aout DoS
146081 - CVE-2005-0124 Coverity: coda fs flaw
152401 - CVE-2005-0400 ext2 mkdir() directory entry random kernel memory leak
152407 - CVE-2005-0815 isofs range checking flaws
152553 - CVE-2004-1073 looks unfixed in RHEL2.1
165682 - CVE-2005-2458 gzip/zlib flaws
168926 - CVE-2005-2709 More sysctl flaws
170280 - CVE-2005-3180 orinoco driver information leakage
170777 - CVE-2005-2973 ipv6 infinite loop
171387 - CVE-2005-3275 NAT DoS
174085 - CVE-2005-3806 ipv6 DOS
174811 - CVE-2002-2185 IGMP DoS


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kernel-2.4.9-e.68.src.rpm
31a7a8bf00a649471f351e4c8527793d  kernel-2.4.9-e.68.src.rpm

i386:
65d2bb250a3647ca0042aeb1963a30b8  kernel-2.4.9-e.68.athlon.rpm
5df6d6315fab4e0bccc72f3e3b848e80  kernel-2.4.9-e.68.i686.rpm
b5161ec68ef49c692a791815f8addce1  kernel-BOOT-2.4.9-e.68.i386.rpm
6862bc8e59b6d764525a095492849e75  kernel-debug-2.4.9-e.68.i686.rpm
fd8225c7d253bc954042421e8190b79b  kernel-doc-2.4.9-e.68.i386.rpm
a0d9c5c91191994d754c00e9422b052a  kernel-enterprise-2.4.9-e.68.i686.rpm
9b34d912bded4d839a717acec5437776  kernel-headers-2.4.9-e.68.i386.rpm
e26872f9afdf55393554a7753717d58a  kernel-smp-2.4.9-e.68.athlon.rpm
dce34945223d1b037aab1dbc2bc19a1f  kernel-smp-2.4.9-e.68.i686.rpm
9fbcbe7084d697a330f502c4749be39a  kernel-source-2.4.9-e.68.i386.rpm
5e067e3c643f50e4155f2b31e340c5ca  kernel-summit-2.4.9-e.68.i686.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kernel-2.4.9-e.68.src.rpm
31a7a8bf00a649471f351e4c8527793d  kernel-2.4.9-e.68.src.rpm

i386:
65d2bb250a3647ca0042aeb1963a30b8  kernel-2.4.9-e.68.athlon.rpm
5df6d6315fab4e0bccc72f3e3b848e80  kernel-2.4.9-e.68.i686.rpm
b5161ec68ef49c692a791815f8addce1  kernel-BOOT-2.4.9-e.68.i386.rpm
6862bc8e59b6d764525a095492849e75  kernel-debug-2.4.9-e.68.i686.rpm
fd8225c7d253bc954042421e8190b79b  kernel-doc-2.4.9-e.68.i386.rpm
9b34d912bded4d839a717acec5437776  kernel-headers-2.4.9-e.68.i386.rpm
e26872f9afdf55393554a7753717d58a  kernel-smp-2.4.9-e.68.athlon.rpm
dce34945223d1b037aab1dbc2bc19a1f  kernel-smp-2.4.9-e.68.i686.rpm
9fbcbe7084d697a330f502c4749be39a  kernel-source-2.4.9-e.68.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kernel-2.4.9-e.68.src.rpm
31a7a8bf00a649471f351e4c8527793d  kernel-2.4.9-e.68.src.rpm

i386:
65d2bb250a3647ca0042aeb1963a30b8  kernel-2.4.9-e.68.athlon.rpm
5df6d6315fab4e0bccc72f3e3b848e80  kernel-2.4.9-e.68.i686.rpm
b5161ec68ef49c692a791815f8addce1  kernel-BOOT-2.4.9-e.68.i386.rpm
6862bc8e59b6d764525a095492849e75  kernel-debug-2.4.9-e.68.i686.rpm
fd8225c7d253bc954042421e8190b79b  kernel-doc-2.4.9-e.68.i386.rpm
a0d9c5c91191994d754c00e9422b052a  kernel-enterprise-2.4.9-e.68.i686.rpm
9b34d912bded4d839a717acec5437776  kernel-headers-2.4.9-e.68.i386.rpm
e26872f9afdf55393554a7753717d58a  kernel-smp-2.4.9-e.68.athlon.rpm
dce34945223d1b037aab1dbc2bc19a1f  kernel-smp-2.4.9-e.68.i686.rpm
9fbcbe7084d697a330f502c4749be39a  kernel-source-2.4.9-e.68.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3806

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFD4Pq+XlSAg2UNWIIRArJ9AKCWmz998QJ/FLw7yrOZuQOdE30QUgCdHBTn
0Qe0xqjfi+ivQ8ar7RpSekk=
=3ehh
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Wed Feb  1 18:16:50 2006
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Wed, 1 Feb 2006 13:16:50 -0500
Subject: [RHSA-2006:0194-01] Moderate: gd security update
Message-ID: <200602011816.k11IGpY1016850@porkchop.devel.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: gd security update
Advisory ID:       RHSA-2006:0194-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0194.html
Issue date:        2006-02-01
Updated on:        2006-02-01
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2004-0941
- ---------------------------------------------------------------------

1. Summary:

Updated gd packages that fix several buffer overflow flaws are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The gd package contains a graphics library used for the dynamic creation of
images such as PNG and JPEG.

Several buffer overflow flaws were found in the way gd allocates memory. 
An attacker could create a carefully crafted image that could execute
arbitrary code if opened by a victim using a program linked against the gd
library.  The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CVE-2004-0941 to these issues.

Users of gd should upgrade to these updated packages, which contain a
backported patch and is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

175413 - CVE-2004-0941 additional overflows in gd


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gd-2.0.28-4.4E.1.src.rpm
0e1bd5cb5215e65a7120b82132ac6b9e  gd-2.0.28-4.4E.1.src.rpm

i386:
884d6670cd82e39db34c684616dea78c  gd-2.0.28-4.4E.1.i386.rpm
999a383add1284e00cc25185fae78008  gd-devel-2.0.28-4.4E.1.i386.rpm
df53c01e62afb6e14d5b8299b68836b0  gd-progs-2.0.28-4.4E.1.i386.rpm

ia64:
884d6670cd82e39db34c684616dea78c  gd-2.0.28-4.4E.1.i386.rpm
e27753d66dc328e1fca00c9817bac747  gd-2.0.28-4.4E.1.ia64.rpm
cf9a90ececb359b4e178a08e58fbec12  gd-devel-2.0.28-4.4E.1.ia64.rpm
9784499cf742864a0c185ac5653d03ab  gd-progs-2.0.28-4.4E.1.ia64.rpm

ppc:
f2aaf2eeb438dc9cdbd2e17d84ab5503  gd-2.0.28-4.4E.1.ppc.rpm
f9d4a0395e2c95f45eaab554ff81412f  gd-2.0.28-4.4E.1.ppc64.rpm
38d97c9832e49fcce8e518647f979212  gd-devel-2.0.28-4.4E.1.ppc.rpm
239b6c7acd59d9b3e01dc4ea2e1bf6d7  gd-progs-2.0.28-4.4E.1.ppc.rpm

s390:
54c5d0d9c01fea69d85d70d9cd7a5662  gd-2.0.28-4.4E.1.s390.rpm
54c3a6d08d050e7607518b76a72737d1  gd-devel-2.0.28-4.4E.1.s390.rpm
ba8a6612e144109d0961f1fe4d301388  gd-progs-2.0.28-4.4E.1.s390.rpm

s390x:
54c5d0d9c01fea69d85d70d9cd7a5662  gd-2.0.28-4.4E.1.s390.rpm
1468dfa689881d58ac8bfe6e0166b359  gd-2.0.28-4.4E.1.s390x.rpm
474c64458e40bea0166796eb711d5045  gd-devel-2.0.28-4.4E.1.s390x.rpm
ee74f993e7381a5f90aaacaff217c262  gd-progs-2.0.28-4.4E.1.s390x.rpm

x86_64:
884d6670cd82e39db34c684616dea78c  gd-2.0.28-4.4E.1.i386.rpm
9f8f96be348ac13b987a872a80ecae58  gd-2.0.28-4.4E.1.x86_64.rpm
3435f155aec324ef3cecca6f4d588e28  gd-devel-2.0.28-4.4E.1.x86_64.rpm
e961c9c4bbe083244017ee6559fcf743  gd-progs-2.0.28-4.4E.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gd-2.0.28-4.4E.1.src.rpm
0e1bd5cb5215e65a7120b82132ac6b9e  gd-2.0.28-4.4E.1.src.rpm

i386:
884d6670cd82e39db34c684616dea78c  gd-2.0.28-4.4E.1.i386.rpm
999a383add1284e00cc25185fae78008  gd-devel-2.0.28-4.4E.1.i386.rpm
df53c01e62afb6e14d5b8299b68836b0  gd-progs-2.0.28-4.4E.1.i386.rpm

x86_64:
884d6670cd82e39db34c684616dea78c  gd-2.0.28-4.4E.1.i386.rpm
9f8f96be348ac13b987a872a80ecae58  gd-2.0.28-4.4E.1.x86_64.rpm
3435f155aec324ef3cecca6f4d588e28  gd-devel-2.0.28-4.4E.1.x86_64.rpm
e961c9c4bbe083244017ee6559fcf743  gd-progs-2.0.28-4.4E.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gd-2.0.28-4.4E.1.src.rpm
0e1bd5cb5215e65a7120b82132ac6b9e  gd-2.0.28-4.4E.1.src.rpm

i386:
884d6670cd82e39db34c684616dea78c  gd-2.0.28-4.4E.1.i386.rpm
999a383add1284e00cc25185fae78008  gd-devel-2.0.28-4.4E.1.i386.rpm
df53c01e62afb6e14d5b8299b68836b0  gd-progs-2.0.28-4.4E.1.i386.rpm

ia64:
884d6670cd82e39db34c684616dea78c  gd-2.0.28-4.4E.1.i386.rpm
e27753d66dc328e1fca00c9817bac747  gd-2.0.28-4.4E.1.ia64.rpm
cf9a90ececb359b4e178a08e58fbec12  gd-devel-2.0.28-4.4E.1.ia64.rpm
9784499cf742864a0c185ac5653d03ab  gd-progs-2.0.28-4.4E.1.ia64.rpm

x86_64:
884d6670cd82e39db34c684616dea78c  gd-2.0.28-4.4E.1.i386.rpm
9f8f96be348ac13b987a872a80ecae58  gd-2.0.28-4.4E.1.x86_64.rpm
3435f155aec324ef3cecca6f4d588e28  gd-devel-2.0.28-4.4E.1.x86_64.rpm
e961c9c4bbe083244017ee6559fcf743  gd-progs-2.0.28-4.4E.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gd-2.0.28-4.4E.1.src.rpm
0e1bd5cb5215e65a7120b82132ac6b9e  gd-2.0.28-4.4E.1.src.rpm

i386:
884d6670cd82e39db34c684616dea78c  gd-2.0.28-4.4E.1.i386.rpm
999a383add1284e00cc25185fae78008  gd-devel-2.0.28-4.4E.1.i386.rpm
df53c01e62afb6e14d5b8299b68836b0  gd-progs-2.0.28-4.4E.1.i386.rpm

ia64:
884d6670cd82e39db34c684616dea78c  gd-2.0.28-4.4E.1.i386.rpm
e27753d66dc328e1fca00c9817bac747  gd-2.0.28-4.4E.1.ia64.rpm
cf9a90ececb359b4e178a08e58fbec12  gd-devel-2.0.28-4.4E.1.ia64.rpm
9784499cf742864a0c185ac5653d03ab  gd-progs-2.0.28-4.4E.1.ia64.rpm

x86_64:
884d6670cd82e39db34c684616dea78c  gd-2.0.28-4.4E.1.i386.rpm
9f8f96be348ac13b987a872a80ecae58  gd-2.0.28-4.4E.1.x86_64.rpm
3435f155aec324ef3cecca6f4d588e28  gd-devel-2.0.28-4.4E.1.x86_64.rpm
e961c9c4bbe083244017ee6559fcf743  gd-progs-2.0.28-4.4E.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0941

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFD4Pr4XlSAg2UNWIIRAoHgAJ9g/77+8bgowdyTMonutNBH5/0ASwCcD0y4
dqLb6dSNqU6Yx5OkfhXNlwk=
=s6dl
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu Feb  2 15:57:42 2006
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 2 Feb 2006 10:57:42 -0500
Subject: [RHSA-2006:0199-01] Critical: mozilla security update
Message-ID: <200602021557.k12FvgRE004755@porkchop.devel.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Critical: mozilla security update
Advisory ID:       RHSA-2006:0199-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0199.html
Issue date:        2006-02-02
Updated on:        2006-02-02
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2005-4134 CVE-2006-0292 CVE-2006-0296
- ---------------------------------------------------------------------

1. Summary:

Updated mozilla packages that fix several security bugs are now available.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.

Igor Bukanov discovered a bug in the way Mozilla's Javascript interpreter
dereferences objects. If a user visits a malicious web page, Mozilla could
crash or execute arbitrary code as the user running Mozilla. The Common
Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to
this issue.

moz_bug_r_a4 discovered a bug in Mozilla's XULDocument.persist() function.
A malicious web page could inject arbitrary RDF data into a user's
localstore.rdf file, which can cause Mozilla to execute arbitrary
javascript when a user runs Mozilla.  (CVE-2006-0296)

A denial of service bug was found in the way Mozilla saves history
information. If a user visits a web page with a very long title, it is
possible Mozilla will crash or take a very long time the next time it is
run.  (CVE-2005-4134)

Note that the Red Hat Enterprise Linux 3 packages also fix a bug when
using XSLT to transform documents. Passing DOM Nodes as parameters to
functions expecting an xsl:param could cause Mozilla to throw an exception.

Users of Mozilla are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

179163 - CVE-2005-4134 Very long topic history.dat DoS
179166 - CVE-2006-0292 javascript unrooted access
179169 - CVE-2006-0296 XULDocument.persist() RDF data injection


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mozilla-1.7.12-1.1.2.3.src.rpm
e7d52e1e60f9dd4c137a74aa2897df3a  mozilla-1.7.12-1.1.2.3.src.rpm

i386:
bbb46a40bf0b414884ee9ce82c8789c6  mozilla-1.7.12-1.1.2.3.i386.rpm
c1529e9660ffd7d9f9d7a26e55653419  mozilla-chat-1.7.12-1.1.2.3.i386.rpm
d94138bf53ae6eef4af4f2cbbc0d6d6d  mozilla-devel-1.7.12-1.1.2.3.i386.rpm
0bc7e20b1d84ea22374e4f230b4c7b59  mozilla-dom-inspector-1.7.12-1.1.2.3.i386.rpm
c554a5424e47670c572add84d65fec00  mozilla-js-debugger-1.7.12-1.1.2.3.i386.rpm
b4059391e4cf4286e54d3f188b7c95ff  mozilla-mail-1.7.12-1.1.2.3.i386.rpm
c9e30bb93c65dd247e9f94d30ef9bf9f  mozilla-nspr-1.7.12-1.1.2.3.i386.rpm
94f495167cbe4205282dd9380c5c7f14  mozilla-nspr-devel-1.7.12-1.1.2.3.i386.rpm
a14fe0e2870b9f831e825fa89b9dc31a  mozilla-nss-1.7.12-1.1.2.3.i386.rpm
f4767e26c279035dad16d922fd269f63  mozilla-nss-devel-1.7.12-1.1.2.3.i386.rpm

ia64:
05331aada7aef098e3ee53583be054c7  mozilla-1.7.12-1.1.2.3.ia64.rpm
d05da61a9d51674573b413b9eb0544fa  mozilla-chat-1.7.12-1.1.2.3.ia64.rpm
c3f9fc0b1768e1f39824b559cdc0e982  mozilla-devel-1.7.12-1.1.2.3.ia64.rpm
bae71c9a536dc56c279955f11de9fa32  mozilla-dom-inspector-1.7.12-1.1.2.3.ia64.rpm
163862486f0f4d1cfa13aac132a61d52  mozilla-js-debugger-1.7.12-1.1.2.3.ia64.rpm
89639b65f128f736cd43db528a93f1e6  mozilla-mail-1.7.12-1.1.2.3.ia64.rpm
3e4f84bb3b6befb6a57e84b4a27c4a99  mozilla-nspr-1.7.12-1.1.2.3.ia64.rpm
5ed8dca0caa2c09691a740d720247a5c  mozilla-nspr-devel-1.7.12-1.1.2.3.ia64.rpm
5b49bb9bede479ad6f82d4ab0ea3bea8  mozilla-nss-1.7.12-1.1.2.3.ia64.rpm
6f1da9b5f589ac372d2a5821ba696752  mozilla-nss-devel-1.7.12-1.1.2.3.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mozilla-1.7.12-1.1.2.3.src.rpm
e7d52e1e60f9dd4c137a74aa2897df3a  mozilla-1.7.12-1.1.2.3.src.rpm

ia64:
05331aada7aef098e3ee53583be054c7  mozilla-1.7.12-1.1.2.3.ia64.rpm
d05da61a9d51674573b413b9eb0544fa  mozilla-chat-1.7.12-1.1.2.3.ia64.rpm
c3f9fc0b1768e1f39824b559cdc0e982  mozilla-devel-1.7.12-1.1.2.3.ia64.rpm
bae71c9a536dc56c279955f11de9fa32  mozilla-dom-inspector-1.7.12-1.1.2.3.ia64.rpm
163862486f0f4d1cfa13aac132a61d52  mozilla-js-debugger-1.7.12-1.1.2.3.ia64.rpm
89639b65f128f736cd43db528a93f1e6  mozilla-mail-1.7.12-1.1.2.3.ia64.rpm
3e4f84bb3b6befb6a57e84b4a27c4a99  mozilla-nspr-1.7.12-1.1.2.3.ia64.rpm
5ed8dca0caa2c09691a740d720247a5c  mozilla-nspr-devel-1.7.12-1.1.2.3.ia64.rpm
5b49bb9bede479ad6f82d4ab0ea3bea8  mozilla-nss-1.7.12-1.1.2.3.ia64.rpm
6f1da9b5f589ac372d2a5821ba696752  mozilla-nss-devel-1.7.12-1.1.2.3.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mozilla-1.7.12-1.1.2.3.src.rpm
e7d52e1e60f9dd4c137a74aa2897df3a  mozilla-1.7.12-1.1.2.3.src.rpm

i386:
bbb46a40bf0b414884ee9ce82c8789c6  mozilla-1.7.12-1.1.2.3.i386.rpm
c1529e9660ffd7d9f9d7a26e55653419  mozilla-chat-1.7.12-1.1.2.3.i386.rpm
d94138bf53ae6eef4af4f2cbbc0d6d6d  mozilla-devel-1.7.12-1.1.2.3.i386.rpm
0bc7e20b1d84ea22374e4f230b4c7b59  mozilla-dom-inspector-1.7.12-1.1.2.3.i386.rpm
c554a5424e47670c572add84d65fec00  mozilla-js-debugger-1.7.12-1.1.2.3.i386.rpm
b4059391e4cf4286e54d3f188b7c95ff  mozilla-mail-1.7.12-1.1.2.3.i386.rpm
c9e30bb93c65dd247e9f94d30ef9bf9f  mozilla-nspr-1.7.12-1.1.2.3.i386.rpm
94f495167cbe4205282dd9380c5c7f14  mozilla-nspr-devel-1.7.12-1.1.2.3.i386.rpm
a14fe0e2870b9f831e825fa89b9dc31a  mozilla-nss-1.7.12-1.1.2.3.i386.rpm
f4767e26c279035dad16d922fd269f63  mozilla-nss-devel-1.7.12-1.1.2.3.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mozilla-1.7.12-1.1.2.3.src.rpm
e7d52e1e60f9dd4c137a74aa2897df3a  mozilla-1.7.12-1.1.2.3.src.rpm

i386:
bbb46a40bf0b414884ee9ce82c8789c6  mozilla-1.7.12-1.1.2.3.i386.rpm
c1529e9660ffd7d9f9d7a26e55653419  mozilla-chat-1.7.12-1.1.2.3.i386.rpm
d94138bf53ae6eef4af4f2cbbc0d6d6d  mozilla-devel-1.7.12-1.1.2.3.i386.rpm
0bc7e20b1d84ea22374e4f230b4c7b59  mozilla-dom-inspector-1.7.12-1.1.2.3.i386.rpm
c554a5424e47670c572add84d65fec00  mozilla-js-debugger-1.7.12-1.1.2.3.i386.rpm
b4059391e4cf4286e54d3f188b7c95ff  mozilla-mail-1.7.12-1.1.2.3.i386.rpm
c9e30bb93c65dd247e9f94d30ef9bf9f  mozilla-nspr-1.7.12-1.1.2.3.i386.rpm
94f495167cbe4205282dd9380c5c7f14  mozilla-nspr-devel-1.7.12-1.1.2.3.i386.rpm
a14fe0e2870b9f831e825fa89b9dc31a  mozilla-nss-1.7.12-1.1.2.3.i386.rpm
f4767e26c279035dad16d922fd269f63  mozilla-nss-devel-1.7.12-1.1.2.3.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mozilla-1.7.12-1.1.3.4.src.rpm
8d42f63144e878e750c96eb8fcb59935  mozilla-1.7.12-1.1.3.4.src.rpm

i386:
abd902b7d0072f496457f469f35952e1  mozilla-1.7.12-1.1.3.4.i386.rpm
eb95b297d445a0af5908cc4a3ebe39ba  mozilla-chat-1.7.12-1.1.3.4.i386.rpm
a937919904bd233e1153c0635bb31e3d  mozilla-devel-1.7.12-1.1.3.4.i386.rpm
901542dd3235ce8406ef99ada5745178  mozilla-dom-inspector-1.7.12-1.1.3.4.i386.rpm
72d61c7abc1f30d38b3e45308f427b43  mozilla-js-debugger-1.7.12-1.1.3.4.i386.rpm
134620852ae01cc16070438f3bfa5d39  mozilla-mail-1.7.12-1.1.3.4.i386.rpm
8cafe224d7a2d17a0cea60939de1dabc  mozilla-nspr-1.7.12-1.1.3.4.i386.rpm
3115644ae5e4e969104ee7079882de62  mozilla-nspr-devel-1.7.12-1.1.3.4.i386.rpm
99be6870a8550e5592d03e85bc250cfd  mozilla-nss-1.7.12-1.1.3.4.i386.rpm
accbf488de496c2f9966a6429f2e21cb  mozilla-nss-devel-1.7.12-1.1.3.4.i386.rpm

ia64:
a547c77b55edca9b3ebc3ef1b4a65539  mozilla-1.7.12-1.1.3.4.ia64.rpm
292c3a2feb90b2f4447c7cdec04a5183  mozilla-chat-1.7.12-1.1.3.4.ia64.rpm
cb8a95c75822d2eeb04d4114923e4ab5  mozilla-devel-1.7.12-1.1.3.4.ia64.rpm
71a87333976e021a4b52b1177bb82eb3  mozilla-dom-inspector-1.7.12-1.1.3.4.ia64.rpm
1715aeb0cdb514678847a4ecedbaabf8  mozilla-js-debugger-1.7.12-1.1.3.4.ia64.rpm
fc82242b910e30ed24ea3b1fc086e573  mozilla-mail-1.7.12-1.1.3.4.ia64.rpm
8cafe224d7a2d17a0cea60939de1dabc  mozilla-nspr-1.7.12-1.1.3.4.i386.rpm
d2d8f557425aaae305f052a8ac4fce75  mozilla-nspr-1.7.12-1.1.3.4.ia64.rpm
5d14078dafe9ed7d8b8889f214378bd3  mozilla-nspr-devel-1.7.12-1.1.3.4.ia64.rpm
99be6870a8550e5592d03e85bc250cfd  mozilla-nss-1.7.12-1.1.3.4.i386.rpm
5fcbaffd69b1787817ed84522c68aced  mozilla-nss-1.7.12-1.1.3.4.ia64.rpm
25ba0e7cc7ddb8605cfb2efc21b99b5b  mozilla-nss-devel-1.7.12-1.1.3.4.ia64.rpm

ppc:
ee731e4f23111c88398500b8d644bb36  mozilla-1.7.12-1.1.3.4.ppc.rpm
d2700e6cb4d14406ab09af29e72df2e8  mozilla-chat-1.7.12-1.1.3.4.ppc.rpm
200c1c57e74789270ed73e1336e7bce2  mozilla-devel-1.7.12-1.1.3.4.ppc.rpm
33ef9a21d1b319d308f47891dfc148e0  mozilla-dom-inspector-1.7.12-1.1.3.4.ppc.rpm
31367bffe032123029277e88e97efc26  mozilla-js-debugger-1.7.12-1.1.3.4.ppc.rpm
49b16e0a763a34aa9dc53ab06ab83bd5  mozilla-mail-1.7.12-1.1.3.4.ppc.rpm
7ca4fde1a9e067518950b1d19ee6a644  mozilla-nspr-1.7.12-1.1.3.4.ppc.rpm
5b16d6ea01521945967bd1e48eead44b  mozilla-nspr-devel-1.7.12-1.1.3.4.ppc.rpm
e3d683c385fb1bd0c636c15d22b2a73f  mozilla-nss-1.7.12-1.1.3.4.ppc.rpm
0f9a69e2265961161ddaacc3a0fdcd72  mozilla-nss-devel-1.7.12-1.1.3.4.ppc.rpm

s390:
35a9618d3f21538a00bc2c506e4776c7  mozilla-1.7.12-1.1.3.4.s390.rpm
4cd35f010832b4bbb1d6f1dbf8e2ca79  mozilla-chat-1.7.12-1.1.3.4.s390.rpm
bd201d0993708bc3a94f71a41542b8cd  mozilla-devel-1.7.12-1.1.3.4.s390.rpm
fcf0b90180cb5b2f4a70b1742ad9c7dd  mozilla-dom-inspector-1.7.12-1.1.3.4.s390.rpm
99b7716c4dab71b86b9aeddfd46157ad  mozilla-js-debugger-1.7.12-1.1.3.4.s390.rpm
b231b43502764a893a2641cc2282a9f1  mozilla-mail-1.7.12-1.1.3.4.s390.rpm
8e1bc391fc054b07727e713e56377c67  mozilla-nspr-1.7.12-1.1.3.4.s390.rpm
8990488688effcd7f1c94e43af8e274a  mozilla-nspr-devel-1.7.12-1.1.3.4.s390.rpm
5bca62fb966ee96ebe4297b5bb3ae196  mozilla-nss-1.7.12-1.1.3.4.s390.rpm
9e5a4517080c601cf9a09c2dbcd7e26f  mozilla-nss-devel-1.7.12-1.1.3.4.s390.rpm

s390x:
cf167e1d4520649fd37836d878878ab3  mozilla-1.7.12-1.1.3.4.s390x.rpm
1e0023772e2fda71587f2ddeb17cb363  mozilla-chat-1.7.12-1.1.3.4.s390x.rpm
748ad969fa42de826e24253c884da647  mozilla-devel-1.7.12-1.1.3.4.s390x.rpm
652f8e64cd7f53ad3361d8c9728b7d8d  mozilla-dom-inspector-1.7.12-1.1.3.4.s390x.rpm
114f3c1f534cf17ce0e99074a29bade3  mozilla-js-debugger-1.7.12-1.1.3.4.s390x.rpm
707355233ea06e7d8258c047dd387950  mozilla-mail-1.7.12-1.1.3.4.s390x.rpm
8e1bc391fc054b07727e713e56377c67  mozilla-nspr-1.7.12-1.1.3.4.s390.rpm
aec6486b73b69ad931f352c8f1a6b5e1  mozilla-nspr-1.7.12-1.1.3.4.s390x.rpm
3a6f1f56164986c51febc561cd890376  mozilla-nspr-devel-1.7.12-1.1.3.4.s390x.rpm
5bca62fb966ee96ebe4297b5bb3ae196  mozilla-nss-1.7.12-1.1.3.4.s390.rpm
2bb980269e9502be8da06d3f7be32f31  mozilla-nss-1.7.12-1.1.3.4.s390x.rpm
9afd9aebf4e3799fee4abfd8364c123e  mozilla-nss-devel-1.7.12-1.1.3.4.s390x.rpm

x86_64:
abd902b7d0072f496457f469f35952e1  mozilla-1.7.12-1.1.3.4.i386.rpm
583b140c3ea8d25e48e9b146b394fce2  mozilla-1.7.12-1.1.3.4.x86_64.rpm
b5caf4a2f43b0fe3f16c8a2f157fd8af  mozilla-chat-1.7.12-1.1.3.4.x86_64.rpm
6054f212f2e911d463ae544910a8bd0f  mozilla-devel-1.7.12-1.1.3.4.x86_64.rpm
099d2b32f1e7f1dcff50853fe6ce6342  mozilla-dom-inspector-1.7.12-1.1.3.4.x86_64.rpm
cb92596ef38436521a715bb2df04c182  mozilla-js-debugger-1.7.12-1.1.3.4.x86_64.rpm
ce794f69503da3cfcce9d65e310d2604  mozilla-mail-1.7.12-1.1.3.4.x86_64.rpm
8cafe224d7a2d17a0cea60939de1dabc  mozilla-nspr-1.7.12-1.1.3.4.i386.rpm
b68cd5c32adf75d057d3223337cb6c91  mozilla-nspr-1.7.12-1.1.3.4.x86_64.rpm
db3c0db178465e74afdcf36cf3845e1c  mozilla-nspr-devel-1.7.12-1.1.3.4.x86_64.rpm
99be6870a8550e5592d03e85bc250cfd  mozilla-nss-1.7.12-1.1.3.4.i386.rpm
ec280e161e2e1cf4d8149d64d8505570  mozilla-nss-1.7.12-1.1.3.4.x86_64.rpm
c8320eaf5c1695527b7e69b5674ffc0f  mozilla-nss-devel-1.7.12-1.1.3.4.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mozilla-1.7.12-1.1.3.4.src.rpm
8d42f63144e878e750c96eb8fcb59935  mozilla-1.7.12-1.1.3.4.src.rpm

i386:
abd902b7d0072f496457f469f35952e1  mozilla-1.7.12-1.1.3.4.i386.rpm
eb95b297d445a0af5908cc4a3ebe39ba  mozilla-chat-1.7.12-1.1.3.4.i386.rpm
a937919904bd233e1153c0635bb31e3d  mozilla-devel-1.7.12-1.1.3.4.i386.rpm
901542dd3235ce8406ef99ada5745178  mozilla-dom-inspector-1.7.12-1.1.3.4.i386.rpm
72d61c7abc1f30d38b3e45308f427b43  mozilla-js-debugger-1.7.12-1.1.3.4.i386.rpm
134620852ae01cc16070438f3bfa5d39  mozilla-mail-1.7.12-1.1.3.4.i386.rpm
8cafe224d7a2d17a0cea60939de1dabc  mozilla-nspr-1.7.12-1.1.3.4.i386.rpm
3115644ae5e4e969104ee7079882de62  mozilla-nspr-devel-1.7.12-1.1.3.4.i386.rpm
99be6870a8550e5592d03e85bc250cfd  mozilla-nss-1.7.12-1.1.3.4.i386.rpm
accbf488de496c2f9966a6429f2e21cb  mozilla-nss-devel-1.7.12-1.1.3.4.i386.rpm

x86_64:
abd902b7d0072f496457f469f35952e1  mozilla-1.7.12-1.1.3.4.i386.rpm
583b140c3ea8d25e48e9b146b394fce2  mozilla-1.7.12-1.1.3.4.x86_64.rpm
b5caf4a2f43b0fe3f16c8a2f157fd8af  mozilla-chat-1.7.12-1.1.3.4.x86_64.rpm
6054f212f2e911d463ae544910a8bd0f  mozilla-devel-1.7.12-1.1.3.4.x86_64.rpm
099d2b32f1e7f1dcff50853fe6ce6342  mozilla-dom-inspector-1.7.12-1.1.3.4.x86_64.rpm
cb92596ef38436521a715bb2df04c182  mozilla-js-debugger-1.7.12-1.1.3.4.x86_64.rpm
ce794f69503da3cfcce9d65e310d2604  mozilla-mail-1.7.12-1.1.3.4.x86_64.rpm
8cafe224d7a2d17a0cea60939de1dabc  mozilla-nspr-1.7.12-1.1.3.4.i386.rpm
b68cd5c32adf75d057d3223337cb6c91  mozilla-nspr-1.7.12-1.1.3.4.x86_64.rpm
db3c0db178465e74afdcf36cf3845e1c  mozilla-nspr-devel-1.7.12-1.1.3.4.x86_64.rpm
99be6870a8550e5592d03e85bc250cfd  mozilla-nss-1.7.12-1.1.3.4.i386.rpm
ec280e161e2e1cf4d8149d64d8505570  mozilla-nss-1.7.12-1.1.3.4.x86_64.rpm
c8320eaf5c1695527b7e69b5674ffc0f  mozilla-nss-devel-1.7.12-1.1.3.4.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mozilla-1.7.12-1.1.3.4.src.rpm
8d42f63144e878e750c96eb8fcb59935  mozilla-1.7.12-1.1.3.4.src.rpm

i386:
abd902b7d0072f496457f469f35952e1  mozilla-1.7.12-1.1.3.4.i386.rpm
eb95b297d445a0af5908cc4a3ebe39ba  mozilla-chat-1.7.12-1.1.3.4.i386.rpm
a937919904bd233e1153c0635bb31e3d  mozilla-devel-1.7.12-1.1.3.4.i386.rpm
901542dd3235ce8406ef99ada5745178  mozilla-dom-inspector-1.7.12-1.1.3.4.i386.rpm
72d61c7abc1f30d38b3e45308f427b43  mozilla-js-debugger-1.7.12-1.1.3.4.i386.rpm
134620852ae01cc16070438f3bfa5d39  mozilla-mail-1.7.12-1.1.3.4.i386.rpm
8cafe224d7a2d17a0cea60939de1dabc  mozilla-nspr-1.7.12-1.1.3.4.i386.rpm
3115644ae5e4e969104ee7079882de62  mozilla-nspr-devel-1.7.12-1.1.3.4.i386.rpm
99be6870a8550e5592d03e85bc250cfd  mozilla-nss-1.7.12-1.1.3.4.i386.rpm
accbf488de496c2f9966a6429f2e21cb  mozilla-nss-devel-1.7.12-1.1.3.4.i386.rpm

ia64:
a547c77b55edca9b3ebc3ef1b4a65539  mozilla-1.7.12-1.1.3.4.ia64.rpm
292c3a2feb90b2f4447c7cdec04a5183  mozilla-chat-1.7.12-1.1.3.4.ia64.rpm
cb8a95c75822d2eeb04d4114923e4ab5  mozilla-devel-1.7.12-1.1.3.4.ia64.rpm
71a87333976e021a4b52b1177bb82eb3  mozilla-dom-inspector-1.7.12-1.1.3.4.ia64.rpm
1715aeb0cdb514678847a4ecedbaabf8  mozilla-js-debugger-1.7.12-1.1.3.4.ia64.rpm
fc82242b910e30ed24ea3b1fc086e573  mozilla-mail-1.7.12-1.1.3.4.ia64.rpm
8cafe224d7a2d17a0cea60939de1dabc  mozilla-nspr-1.7.12-1.1.3.4.i386.rpm
d2d8f557425aaae305f052a8ac4fce75  mozilla-nspr-1.7.12-1.1.3.4.ia64.rpm
5d14078dafe9ed7d8b8889f214378bd3  mozilla-nspr-devel-1.7.12-1.1.3.4.ia64.rpm
99be6870a8550e5592d03e85bc250cfd  mozilla-nss-1.7.12-1.1.3.4.i386.rpm
5fcbaffd69b1787817ed84522c68aced  mozilla-nss-1.7.12-1.1.3.4.ia64.rpm
25ba0e7cc7ddb8605cfb2efc21b99b5b  mozilla-nss-devel-1.7.12-1.1.3.4.ia64.rpm

x86_64:
abd902b7d0072f496457f469f35952e1  mozilla-1.7.12-1.1.3.4.i386.rpm
583b140c3ea8d25e48e9b146b394fce2  mozilla-1.7.12-1.1.3.4.x86_64.rpm
b5caf4a2f43b0fe3f16c8a2f157fd8af  mozilla-chat-1.7.12-1.1.3.4.x86_64.rpm
6054f212f2e911d463ae544910a8bd0f  mozilla-devel-1.7.12-1.1.3.4.x86_64.rpm
099d2b32f1e7f1dcff50853fe6ce6342  mozilla-dom-inspector-1.7.12-1.1.3.4.x86_64.rpm
cb92596ef38436521a715bb2df04c182  mozilla-js-debugger-1.7.12-1.1.3.4.x86_64.rpm
ce794f69503da3cfcce9d65e310d2604  mozilla-mail-1.7.12-1.1.3.4.x86_64.rpm
8cafe224d7a2d17a0cea60939de1dabc  mozilla-nspr-1.7.12-1.1.3.4.i386.rpm
b68cd5c32adf75d057d3223337cb6c91  mozilla-nspr-1.7.12-1.1.3.4.x86_64.rpm
db3c0db178465e74afdcf36cf3845e1c  mozilla-nspr-devel-1.7.12-1.1.3.4.x86_64.rpm
99be6870a8550e5592d03e85bc250cfd  mozilla-nss-1.7.12-1.1.3.4.i386.rpm
ec280e161e2e1cf4d8149d64d8505570  mozilla-nss-1.7.12-1.1.3.4.x86_64.rpm
c8320eaf5c1695527b7e69b5674ffc0f  mozilla-nss-devel-1.7.12-1.1.3.4.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mozilla-1.7.12-1.1.3.4.src.rpm
8d42f63144e878e750c96eb8fcb59935  mozilla-1.7.12-1.1.3.4.src.rpm

i386:
abd902b7d0072f496457f469f35952e1  mozilla-1.7.12-1.1.3.4.i386.rpm
eb95b297d445a0af5908cc4a3ebe39ba  mozilla-chat-1.7.12-1.1.3.4.i386.rpm
a937919904bd233e1153c0635bb31e3d  mozilla-devel-1.7.12-1.1.3.4.i386.rpm
901542dd3235ce8406ef99ada5745178  mozilla-dom-inspector-1.7.12-1.1.3.4.i386.rpm
72d61c7abc1f30d38b3e45308f427b43  mozilla-js-debugger-1.7.12-1.1.3.4.i386.rpm
134620852ae01cc16070438f3bfa5d39  mozilla-mail-1.7.12-1.1.3.4.i386.rpm
8cafe224d7a2d17a0cea60939de1dabc  mozilla-nspr-1.7.12-1.1.3.4.i386.rpm
3115644ae5e4e969104ee7079882de62  mozilla-nspr-devel-1.7.12-1.1.3.4.i386.rpm
99be6870a8550e5592d03e85bc250cfd  mozilla-nss-1.7.12-1.1.3.4.i386.rpm
accbf488de496c2f9966a6429f2e21cb  mozilla-nss-devel-1.7.12-1.1.3.4.i386.rpm

ia64:
a547c77b55edca9b3ebc3ef1b4a65539  mozilla-1.7.12-1.1.3.4.ia64.rpm
292c3a2feb90b2f4447c7cdec04a5183  mozilla-chat-1.7.12-1.1.3.4.ia64.rpm
cb8a95c75822d2eeb04d4114923e4ab5  mozilla-devel-1.7.12-1.1.3.4.ia64.rpm
71a87333976e021a4b52b1177bb82eb3  mozilla-dom-inspector-1.7.12-1.1.3.4.ia64.rpm
1715aeb0cdb514678847a4ecedbaabf8  mozilla-js-debugger-1.7.12-1.1.3.4.ia64.rpm
fc82242b910e30ed24ea3b1fc086e573  mozilla-mail-1.7.12-1.1.3.4.ia64.rpm
8cafe224d7a2d17a0cea60939de1dabc  mozilla-nspr-1.7.12-1.1.3.4.i386.rpm
d2d8f557425aaae305f052a8ac4fce75  mozilla-nspr-1.7.12-1.1.3.4.ia64.rpm
5d14078dafe9ed7d8b8889f214378bd3  mozilla-nspr-devel-1.7.12-1.1.3.4.ia64.rpm
99be6870a8550e5592d03e85bc250cfd  mozilla-nss-1.7.12-1.1.3.4.i386.rpm
5fcbaffd69b1787817ed84522c68aced  mozilla-nss-1.7.12-1.1.3.4.ia64.rpm
25ba0e7cc7ddb8605cfb2efc21b99b5b  mozilla-nss-devel-1.7.12-1.1.3.4.ia64.rpm

x86_64:
abd902b7d0072f496457f469f35952e1  mozilla-1.7.12-1.1.3.4.i386.rpm
583b140c3ea8d25e48e9b146b394fce2  mozilla-1.7.12-1.1.3.4.x86_64.rpm
b5caf4a2f43b0fe3f16c8a2f157fd8af  mozilla-chat-1.7.12-1.1.3.4.x86_64.rpm
6054f212f2e911d463ae544910a8bd0f  mozilla-devel-1.7.12-1.1.3.4.x86_64.rpm
099d2b32f1e7f1dcff50853fe6ce6342  mozilla-dom-inspector-1.7.12-1.1.3.4.x86_64.rpm
cb92596ef38436521a715bb2df04c182  mozilla-js-debugger-1.7.12-1.1.3.4.x86_64.rpm
ce794f69503da3cfcce9d65e310d2604  mozilla-mail-1.7.12-1.1.3.4.x86_64.rpm
8cafe224d7a2d17a0cea60939de1dabc  mozilla-nspr-1.7.12-1.1.3.4.i386.rpm
b68cd5c32adf75d057d3223337cb6c91  mozilla-nspr-1.7.12-1.1.3.4.x86_64.rpm
db3c0db178465e74afdcf36cf3845e1c  mozilla-nspr-devel-1.7.12-1.1.3.4.x86_64.rpm
99be6870a8550e5592d03e85bc250cfd  mozilla-nss-1.7.12-1.1.3.4.i386.rpm
ec280e161e2e1cf4d8149d64d8505570  mozilla-nss-1.7.12-1.1.3.4.x86_64.rpm
c8320eaf5c1695527b7e69b5674ffc0f  mozilla-nss-devel-1.7.12-1.1.3.4.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mozilla-1.7.12-1.4.2.src.rpm
f146483027fa2848c552517765223fbd  mozilla-1.7.12-1.4.2.src.rpm

i386:
17c62de548546985b0fcc8b9525714ab  mozilla-1.7.12-1.4.2.i386.rpm
402b39fe4116b4309aca2f3c21d10903  mozilla-chat-1.7.12-1.4.2.i386.rpm
97b0fea32ffd3749af26501582a9e9c6  mozilla-devel-1.7.12-1.4.2.i386.rpm
e4897ff8679564fe239f6d771c7eb3ea  mozilla-dom-inspector-1.7.12-1.4.2.i386.rpm
3d06751d42352bbd970ed1daaae908ce  mozilla-js-debugger-1.7.12-1.4.2.i386.rpm
dfea1815675fc3e931b91e7261025d62  mozilla-mail-1.7.12-1.4.2.i386.rpm
7214d84208cccf32f1285f1ee1f82360  mozilla-nspr-1.7.12-1.4.2.i386.rpm
eff346184dea3e62ca50d8b27c7bd20b  mozilla-nspr-devel-1.7.12-1.4.2.i386.rpm
1dc1217df9d19ca3c5bd350f83c148ae  mozilla-nss-1.7.12-1.4.2.i386.rpm
98a96cc325815923baba9572172efd9a  mozilla-nss-devel-1.7.12-1.4.2.i386.rpm

ia64:
77ea9105db3ee9ce00c4704f5515043c  mozilla-1.7.12-1.4.2.ia64.rpm
ec0f5a731ab625bd7688846be046840e  mozilla-chat-1.7.12-1.4.2.ia64.rpm
cbff143bc9f83d068cb1c3c310c78ac8  mozilla-devel-1.7.12-1.4.2.ia64.rpm
aee80f715d2c1472d98265ee360b38cf  mozilla-dom-inspector-1.7.12-1.4.2.ia64.rpm
40bc9c3eac5e2a4796def28cc27d0003  mozilla-js-debugger-1.7.12-1.4.2.ia64.rpm
9ef3ce13cff39c90956b79a00c01def8  mozilla-mail-1.7.12-1.4.2.ia64.rpm
7214d84208cccf32f1285f1ee1f82360  mozilla-nspr-1.7.12-1.4.2.i386.rpm
eb28633f30563bb1a1bda2a858f0d7ba  mozilla-nspr-1.7.12-1.4.2.ia64.rpm
a661f215ceb153a0a50526e1d2527471  mozilla-nspr-devel-1.7.12-1.4.2.ia64.rpm
1dc1217df9d19ca3c5bd350f83c148ae  mozilla-nss-1.7.12-1.4.2.i386.rpm
de2ae9b1e9ce5bf644bc46c2f300ed71  mozilla-nss-1.7.12-1.4.2.ia64.rpm
0964fca7369b88d07c3a22a2701e87c3  mozilla-nss-devel-1.7.12-1.4.2.ia64.rpm

ppc:
aeaac347b2c5a74857dceee8efb66e28  mozilla-1.7.12-1.4.2.ppc.rpm
e697449ad2947f187fd5654f86e52877  mozilla-chat-1.7.12-1.4.2.ppc.rpm
b9c6bcc4854ecac9e376749ad96d9ce6  mozilla-devel-1.7.12-1.4.2.ppc.rpm
75950cdd37b524e29a123c2ecaf450b7  mozilla-dom-inspector-1.7.12-1.4.2.ppc.rpm
88f103ddf8c2248b414a53e08005a61d  mozilla-js-debugger-1.7.12-1.4.2.ppc.rpm
b0052d5e538499f2cc48f26be18bdbf8  mozilla-mail-1.7.12-1.4.2.ppc.rpm
1dfec6bbba7a39242b44a2dc45f9444d  mozilla-nspr-1.7.12-1.4.2.ppc.rpm
3fa779f98b6bb6f7950f3c1c7726a448  mozilla-nspr-devel-1.7.12-1.4.2.ppc.rpm
7ed15b8676cccc08dbc891e260cc3eee  mozilla-nss-1.7.12-1.4.2.ppc.rpm
c46d152be79b8d1b5705badc4d0e51d0  mozilla-nss-devel-1.7.12-1.4.2.ppc.rpm

s390:
90e02733132117158b61786181f0684a  mozilla-1.7.12-1.4.2.s390.rpm
360fb102dd3beffa15ec836cb7b970d3  mozilla-chat-1.7.12-1.4.2.s390.rpm
c8ec4a9b90ca4a1eb30c3a2bf982d037  mozilla-devel-1.7.12-1.4.2.s390.rpm
233ddd6aa0eb379a30f91436f18f5f15  mozilla-dom-inspector-1.7.12-1.4.2.s390.rpm
800f6f7925de7ec06de6e9bc558d6c78  mozilla-js-debugger-1.7.12-1.4.2.s390.rpm
893de8a16d834167d272058cd1f66e52  mozilla-mail-1.7.12-1.4.2.s390.rpm
75702572c5b1906bb680fb2b1a6c10ba  mozilla-nspr-1.7.12-1.4.2.s390.rpm
911fb48df0da8f0ba8867c343cc9d9a4  mozilla-nspr-devel-1.7.12-1.4.2.s390.rpm
9484f756533a576814746efcfd916f3e  mozilla-nss-1.7.12-1.4.2.s390.rpm
470bd800d9f6dd6591e334fe5f565524  mozilla-nss-devel-1.7.12-1.4.2.s390.rpm

s390x:
fef35db8004162c801b38cea1ed27038  mozilla-1.7.12-1.4.2.s390x.rpm
6d48c19bcc6f45eda4405010c2b94303  mozilla-chat-1.7.12-1.4.2.s390x.rpm
cc1e7009f79e082621db517fb72eccef  mozilla-devel-1.7.12-1.4.2.s390x.rpm
ccf5ca340888e70d7e47c810a450e97a  mozilla-dom-inspector-1.7.12-1.4.2.s390x.rpm
d6d4af0295f654574c4b3daa9511d5b2  mozilla-js-debugger-1.7.12-1.4.2.s390x.rpm
88eba3a2966a5691d6d45179000c1951  mozilla-mail-1.7.12-1.4.2.s390x.rpm
75702572c5b1906bb680fb2b1a6c10ba  mozilla-nspr-1.7.12-1.4.2.s390.rpm
2e1f9c6344041d6e72c5da1bff75e095  mozilla-nspr-1.7.12-1.4.2.s390x.rpm
0b9b6e71525d8164682c9e4f61c4805f  mozilla-nspr-devel-1.7.12-1.4.2.s390x.rpm
9484f756533a576814746efcfd916f3e  mozilla-nss-1.7.12-1.4.2.s390.rpm
fab8b071e3ad6f8c3426ffd2ca4eadab  mozilla-nss-1.7.12-1.4.2.s390x.rpm
c93a3791f884d6471dc2b53d8d8f27fa  mozilla-nss-devel-1.7.12-1.4.2.s390x.rpm

x86_64:
baf54cd6b3ef1f54a7cb90f93413f2f2  mozilla-1.7.12-1.4.2.x86_64.rpm
857a79a98a9cd0a85af4cf8a03459c03  mozilla-chat-1.7.12-1.4.2.x86_64.rpm
d0f4d2d0039483feddebd91e6c597bb5  mozilla-devel-1.7.12-1.4.2.x86_64.rpm
8daa668c464466d281d9663a3e677ac2  mozilla-dom-inspector-1.7.12-1.4.2.x86_64.rpm
a385b74ea077fd0d8c9c898c49737bdf  mozilla-js-debugger-1.7.12-1.4.2.x86_64.rpm
1744bf91fd8ad8dc5bf3b14a2c94e96e  mozilla-mail-1.7.12-1.4.2.x86_64.rpm
7214d84208cccf32f1285f1ee1f82360  mozilla-nspr-1.7.12-1.4.2.i386.rpm
d3ae4beb6a46a506431663e8f12b642f  mozilla-nspr-1.7.12-1.4.2.x86_64.rpm
937aaacbc6e7160ca407289e50fb3fdd  mozilla-nspr-devel-1.7.12-1.4.2.x86_64.rpm
1dc1217df9d19ca3c5bd350f83c148ae  mozilla-nss-1.7.12-1.4.2.i386.rpm
11947b2ec2c60afdf34b706a82bae51b  mozilla-nss-1.7.12-1.4.2.x86_64.rpm
040bdca0f634a2ad7c392bd8d122beec  mozilla-nss-devel-1.7.12-1.4.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mozilla-1.7.12-1.4.2.src.rpm
f146483027fa2848c552517765223fbd  mozilla-1.7.12-1.4.2.src.rpm

i386:
17c62de548546985b0fcc8b9525714ab  mozilla-1.7.12-1.4.2.i386.rpm
402b39fe4116b4309aca2f3c21d10903  mozilla-chat-1.7.12-1.4.2.i386.rpm
97b0fea32ffd3749af26501582a9e9c6  mozilla-devel-1.7.12-1.4.2.i386.rpm
e4897ff8679564fe239f6d771c7eb3ea  mozilla-dom-inspector-1.7.12-1.4.2.i386.rpm
3d06751d42352bbd970ed1daaae908ce  mozilla-js-debugger-1.7.12-1.4.2.i386.rpm
dfea1815675fc3e931b91e7261025d62  mozilla-mail-1.7.12-1.4.2.i386.rpm
7214d84208cccf32f1285f1ee1f82360  mozilla-nspr-1.7.12-1.4.2.i386.rpm
eff346184dea3e62ca50d8b27c7bd20b  mozilla-nspr-devel-1.7.12-1.4.2.i386.rpm
1dc1217df9d19ca3c5bd350f83c148ae  mozilla-nss-1.7.12-1.4.2.i386.rpm
98a96cc325815923baba9572172efd9a  mozilla-nss-devel-1.7.12-1.4.2.i386.rpm

x86_64:
baf54cd6b3ef1f54a7cb90f93413f2f2  mozilla-1.7.12-1.4.2.x86_64.rpm
857a79a98a9cd0a85af4cf8a03459c03  mozilla-chat-1.7.12-1.4.2.x86_64.rpm
d0f4d2d0039483feddebd91e6c597bb5  mozilla-devel-1.7.12-1.4.2.x86_64.rpm
8daa668c464466d281d9663a3e677ac2  mozilla-dom-inspector-1.7.12-1.4.2.x86_64.rpm
a385b74ea077fd0d8c9c898c49737bdf  mozilla-js-debugger-1.7.12-1.4.2.x86_64.rpm
1744bf91fd8ad8dc5bf3b14a2c94e96e  mozilla-mail-1.7.12-1.4.2.x86_64.rpm
7214d84208cccf32f1285f1ee1f82360  mozilla-nspr-1.7.12-1.4.2.i386.rpm
d3ae4beb6a46a506431663e8f12b642f  mozilla-nspr-1.7.12-1.4.2.x86_64.rpm
937aaacbc6e7160ca407289e50fb3fdd  mozilla-nspr-devel-1.7.12-1.4.2.x86_64.rpm
1dc1217df9d19ca3c5bd350f83c148ae  mozilla-nss-1.7.12-1.4.2.i386.rpm
11947b2ec2c60afdf34b706a82bae51b  mozilla-nss-1.7.12-1.4.2.x86_64.rpm
040bdca0f634a2ad7c392bd8d122beec  mozilla-nss-devel-1.7.12-1.4.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mozilla-1.7.12-1.4.2.src.rpm
f146483027fa2848c552517765223fbd  mozilla-1.7.12-1.4.2.src.rpm

i386:
17c62de548546985b0fcc8b9525714ab  mozilla-1.7.12-1.4.2.i386.rpm
402b39fe4116b4309aca2f3c21d10903  mozilla-chat-1.7.12-1.4.2.i386.rpm
97b0fea32ffd3749af26501582a9e9c6  mozilla-devel-1.7.12-1.4.2.i386.rpm
e4897ff8679564fe239f6d771c7eb3ea  mozilla-dom-inspector-1.7.12-1.4.2.i386.rpm
3d06751d42352bbd970ed1daaae908ce  mozilla-js-debugger-1.7.12-1.4.2.i386.rpm
dfea1815675fc3e931b91e7261025d62  mozilla-mail-1.7.12-1.4.2.i386.rpm
7214d84208cccf32f1285f1ee1f82360  mozilla-nspr-1.7.12-1.4.2.i386.rpm
eff346184dea3e62ca50d8b27c7bd20b  mozilla-nspr-devel-1.7.12-1.4.2.i386.rpm
1dc1217df9d19ca3c5bd350f83c148ae  mozilla-nss-1.7.12-1.4.2.i386.rpm
98a96cc325815923baba9572172efd9a  mozilla-nss-devel-1.7.12-1.4.2.i386.rpm

ia64:
77ea9105db3ee9ce00c4704f5515043c  mozilla-1.7.12-1.4.2.ia64.rpm
ec0f5a731ab625bd7688846be046840e  mozilla-chat-1.7.12-1.4.2.ia64.rpm
cbff143bc9f83d068cb1c3c310c78ac8  mozilla-devel-1.7.12-1.4.2.ia64.rpm
aee80f715d2c1472d98265ee360b38cf  mozilla-dom-inspector-1.7.12-1.4.2.ia64.rpm
40bc9c3eac5e2a4796def28cc27d0003  mozilla-js-debugger-1.7.12-1.4.2.ia64.rpm
9ef3ce13cff39c90956b79a00c01def8  mozilla-mail-1.7.12-1.4.2.ia64.rpm
7214d84208cccf32f1285f1ee1f82360  mozilla-nspr-1.7.12-1.4.2.i386.rpm
eb28633f30563bb1a1bda2a858f0d7ba  mozilla-nspr-1.7.12-1.4.2.ia64.rpm
a661f215ceb153a0a50526e1d2527471  mozilla-nspr-devel-1.7.12-1.4.2.ia64.rpm
1dc1217df9d19ca3c5bd350f83c148ae  mozilla-nss-1.7.12-1.4.2.i386.rpm
de2ae9b1e9ce5bf644bc46c2f300ed71  mozilla-nss-1.7.12-1.4.2.ia64.rpm
0964fca7369b88d07c3a22a2701e87c3  mozilla-nss-devel-1.7.12-1.4.2.ia64.rpm

x86_64:
baf54cd6b3ef1f54a7cb90f93413f2f2  mozilla-1.7.12-1.4.2.x86_64.rpm
857a79a98a9cd0a85af4cf8a03459c03  mozilla-chat-1.7.12-1.4.2.x86_64.rpm
d0f4d2d0039483feddebd91e6c597bb5  mozilla-devel-1.7.12-1.4.2.x86_64.rpm
8daa668c464466d281d9663a3e677ac2  mozilla-dom-inspector-1.7.12-1.4.2.x86_64.rpm
a385b74ea077fd0d8c9c898c49737bdf  mozilla-js-debugger-1.7.12-1.4.2.x86_64.rpm
1744bf91fd8ad8dc5bf3b14a2c94e96e  mozilla-mail-1.7.12-1.4.2.x86_64.rpm
7214d84208cccf32f1285f1ee1f82360  mozilla-nspr-1.7.12-1.4.2.i386.rpm
d3ae4beb6a46a506431663e8f12b642f  mozilla-nspr-1.7.12-1.4.2.x86_64.rpm
937aaacbc6e7160ca407289e50fb3fdd  mozilla-nspr-devel-1.7.12-1.4.2.x86_64.rpm
1dc1217df9d19ca3c5bd350f83c148ae  mozilla-nss-1.7.12-1.4.2.i386.rpm
11947b2ec2c60afdf34b706a82bae51b  mozilla-nss-1.7.12-1.4.2.x86_64.rpm
040bdca0f634a2ad7c392bd8d122beec  mozilla-nss-devel-1.7.12-1.4.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mozilla-1.7.12-1.4.2.src.rpm
f146483027fa2848c552517765223fbd  mozilla-1.7.12-1.4.2.src.rpm

i386:
17c62de548546985b0fcc8b9525714ab  mozilla-1.7.12-1.4.2.i386.rpm
402b39fe4116b4309aca2f3c21d10903  mozilla-chat-1.7.12-1.4.2.i386.rpm
97b0fea32ffd3749af26501582a9e9c6  mozilla-devel-1.7.12-1.4.2.i386.rpm
e4897ff8679564fe239f6d771c7eb3ea  mozilla-dom-inspector-1.7.12-1.4.2.i386.rpm
3d06751d42352bbd970ed1daaae908ce  mozilla-js-debugger-1.7.12-1.4.2.i386.rpm
dfea1815675fc3e931b91e7261025d62  mozilla-mail-1.7.12-1.4.2.i386.rpm
7214d84208cccf32f1285f1ee1f82360  mozilla-nspr-1.7.12-1.4.2.i386.rpm
eff346184dea3e62ca50d8b27c7bd20b  mozilla-nspr-devel-1.7.12-1.4.2.i386.rpm
1dc1217df9d19ca3c5bd350f83c148ae  mozilla-nss-1.7.12-1.4.2.i386.rpm
98a96cc325815923baba9572172efd9a  mozilla-nss-devel-1.7.12-1.4.2.i386.rpm

ia64:
77ea9105db3ee9ce00c4704f5515043c  mozilla-1.7.12-1.4.2.ia64.rpm
ec0f5a731ab625bd7688846be046840e  mozilla-chat-1.7.12-1.4.2.ia64.rpm
cbff143bc9f83d068cb1c3c310c78ac8  mozilla-devel-1.7.12-1.4.2.ia64.rpm
aee80f715d2c1472d98265ee360b38cf  mozilla-dom-inspector-1.7.12-1.4.2.ia64.rpm
40bc9c3eac5e2a4796def28cc27d0003  mozilla-js-debugger-1.7.12-1.4.2.ia64.rpm
9ef3ce13cff39c90956b79a00c01def8  mozilla-mail-1.7.12-1.4.2.ia64.rpm
7214d84208cccf32f1285f1ee1f82360  mozilla-nspr-1.7.12-1.4.2.i386.rpm
eb28633f30563bb1a1bda2a858f0d7ba  mozilla-nspr-1.7.12-1.4.2.ia64.rpm
a661f215ceb153a0a50526e1d2527471  mozilla-nspr-devel-1.7.12-1.4.2.ia64.rpm
1dc1217df9d19ca3c5bd350f83c148ae  mozilla-nss-1.7.12-1.4.2.i386.rpm
de2ae9b1e9ce5bf644bc46c2f300ed71  mozilla-nss-1.7.12-1.4.2.ia64.rpm
0964fca7369b88d07c3a22a2701e87c3  mozilla-nss-devel-1.7.12-1.4.2.ia64.rpm

x86_64:
baf54cd6b3ef1f54a7cb90f93413f2f2  mozilla-1.7.12-1.4.2.x86_64.rpm
857a79a98a9cd0a85af4cf8a03459c03  mozilla-chat-1.7.12-1.4.2.x86_64.rpm
d0f4d2d0039483feddebd91e6c597bb5  mozilla-devel-1.7.12-1.4.2.x86_64.rpm
8daa668c464466d281d9663a3e677ac2  mozilla-dom-inspector-1.7.12-1.4.2.x86_64.rpm
a385b74ea077fd0d8c9c898c49737bdf  mozilla-js-debugger-1.7.12-1.4.2.x86_64.rpm
1744bf91fd8ad8dc5bf3b14a2c94e96e  mozilla-mail-1.7.12-1.4.2.x86_64.rpm
7214d84208cccf32f1285f1ee1f82360  mozilla-nspr-1.7.12-1.4.2.i386.rpm
d3ae4beb6a46a506431663e8f12b642f  mozilla-nspr-1.7.12-1.4.2.x86_64.rpm
937aaacbc6e7160ca407289e50fb3fdd  mozilla-nspr-devel-1.7.12-1.4.2.x86_64.rpm
1dc1217df9d19ca3c5bd350f83c148ae  mozilla-nss-1.7.12-1.4.2.i386.rpm
11947b2ec2c60afdf34b706a82bae51b  mozilla-nss-1.7.12-1.4.2.x86_64.rpm
040bdca0f634a2ad7c392bd8d122beec  mozilla-nss-devel-1.7.12-1.4.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFD4ivaXlSAg2UNWIIRAgU3AKCc4k0L31Jjgnjjb+PWn2z4s0/IqwCeLTQ8
qyaAgggX7YlI3G9fFWDoSQ8=
=tGGn
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Thu Feb  2 15:58:22 2006
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Thu, 2 Feb 2006 10:58:22 -0500
Subject: [RHSA-2006:0200-01] Critical: firefox security update
Message-ID: <200602021558.k12FwMSZ004939@porkchop.devel.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Critical: firefox security update
Advisory ID:       RHSA-2006:0200-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0200.html
Issue date:        2006-02-02
Updated on:        2006-02-02
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2005-4134 CVE-2006-0292 CVE-2006-0296
- ---------------------------------------------------------------------

1. Summary:

An updated firefox package that fixes several security bugs is now available.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mozilla Firefox is an open source Web browser. 

Igor Bukanov discovered a bug in the way Firefox's Javascript interpreter
derefernces objects.  If a user visits a malicious web page, Firefox could
crash or execute arbitrary code as the user running Firefox. The Common
Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to
this issue.

moz_bug_r_a4 discovered a bug in Firefox's XULDocument.persist() function.
A malicious web page could inject arbitrary RDF data into a user's
localstore.rdf file, which can cause Firefox to execute arbitrary
javascript when a user runs Firefox.  (CVE-2006-0296)

A denial of service bug was found in the way Firefox saves history
information. If a user visits a web page with a very long title, it is
possible Firefox will crash or take a very long time the next time it is
run. (CVE-2005-4134)

This update also fixes a bug when using XSLT to transform documents.
Passing DOM Nodes as parameters to functions expecting an xsl:param could
cause Firefox to throw an exception. 

Users of Firefox are advised to upgrade to this updated package, which
contains backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

179171 - CVE-2005-4134 Very long topic history.dat DoS
179173 - CVE-2006-0292 javascript unrooted access
179175 - CVE-2006-0296 XULDocument.persist() RDF data injection


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.0.7-1.4.3.src.rpm
148dd8bbaba85e70c6a05966e227b9fd  firefox-1.0.7-1.4.3.src.rpm

i386:
cdb90ac4fe4ea60046932066dbc5f7f8  firefox-1.0.7-1.4.3.i386.rpm

ia64:
d544e64b8393fbffabd9bace92e4e481  firefox-1.0.7-1.4.3.ia64.rpm

ppc:
0f131aaad99f69b3a887e934a049b6bb  firefox-1.0.7-1.4.3.ppc.rpm

s390:
e62769654343ed7e9630f77c637cb20a  firefox-1.0.7-1.4.3.s390.rpm

s390x:
6a50c3d666f51e3bcf6c633e66b4606f  firefox-1.0.7-1.4.3.s390x.rpm

x86_64:
4da2ae90595cd5371f85ab03582e27c9  firefox-1.0.7-1.4.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.0.7-1.4.3.src.rpm
148dd8bbaba85e70c6a05966e227b9fd  firefox-1.0.7-1.4.3.src.rpm

i386:
cdb90ac4fe4ea60046932066dbc5f7f8  firefox-1.0.7-1.4.3.i386.rpm

x86_64:
4da2ae90595cd5371f85ab03582e27c9  firefox-1.0.7-1.4.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-1.0.7-1.4.3.src.rpm
148dd8bbaba85e70c6a05966e227b9fd  firefox-1.0.7-1.4.3.src.rpm

i386:
cdb90ac4fe4ea60046932066dbc5f7f8  firefox-1.0.7-1.4.3.i386.rpm

ia64:
d544e64b8393fbffabd9bace92e4e481  firefox-1.0.7-1.4.3.ia64.rpm

x86_64:
4da2ae90595cd5371f85ab03582e27c9  firefox-1.0.7-1.4.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-1.0.7-1.4.3.src.rpm
148dd8bbaba85e70c6a05966e227b9fd  firefox-1.0.7-1.4.3.src.rpm

i386:
cdb90ac4fe4ea60046932066dbc5f7f8  firefox-1.0.7-1.4.3.i386.rpm

ia64:
d544e64b8393fbffabd9bace92e4e481  firefox-1.0.7-1.4.3.ia64.rpm

x86_64:
4da2ae90595cd5371f85ab03582e27c9  firefox-1.0.7-1.4.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFD4iwKXlSAg2UNWIIRAhSqAJ9TZdoI12NsJAJzlfvE029McNCwrQCgt/Gs
+p96WSyTlEArLUfdQ4lYpjQ=
=qdYA
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Fri Feb 10 21:46:57 2006
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Fri, 10 Feb 2006 16:46:57 -0500
Subject: [RHSA-2006:0207-01] Important: gnutls security update
Message-ID: <200602102146.k1ALkvNx010481@porkchop.devel.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: gnutls security update
Advisory ID:       RHSA-2006:0207-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0207.html
Issue date:        2006-02-10
Updated on:        2006-02-10
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-0645
- ---------------------------------------------------------------------

1. Summary:

Updated gnutls packages that fix a security issue are now available for Red
Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The GNU TLS Library provides support for cryptographic algorithms and
protocols such as TLS. GNU TLS includes Libtasn1, a library developed for
ASN.1 structures management that includes DER encoding and decoding.

Several flaws were found in the way libtasn1 decodes DER.  An attacker
could create a carefully crafted invalid X.509 certificate in such a way
that could trigger this flaw if parsed by an application that uses GNU TLS.
This could lead to a denial of service (application crash).  It is not
certain if this issue could be escalated to allow arbitrary code execution. 
The Common Vulnerabilities and Exposures project assigned the name
CVE-2006-0645 to this issue.

In Red Hat Enterprise Linux 4, the GNU TLS library is only used by the
Evolution client when connecting to an Exchange server or when publishing
calendar information to a WebDAV server.

Users are advised to upgrade to these updated packages, which contain a
backported patch from the GNU TLS maintainers to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

180903 - CVE-2006-0645 GnuTLS x509 DER DoS


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gnutls-1.0.20-3.2.2.src.rpm
e3d0e0b8feeb7ddd63d58add0af060fe  gnutls-1.0.20-3.2.2.src.rpm

i386:
570aa2e7bcf5dc43955fd0325e9b4a18  gnutls-1.0.20-3.2.2.i386.rpm
bbd51e80f02d982d739a7e2b68a11bfb  gnutls-devel-1.0.20-3.2.2.i386.rpm

ia64:
570aa2e7bcf5dc43955fd0325e9b4a18  gnutls-1.0.20-3.2.2.i386.rpm
2448a7e4fd671cced661887bcd4173aa  gnutls-1.0.20-3.2.2.ia64.rpm
c8bfadde8d6b1697e99fcf6e900f3053  gnutls-devel-1.0.20-3.2.2.ia64.rpm

ppc:
f48a6f32beed6eca2951a09049d4c829  gnutls-1.0.20-3.2.2.ppc.rpm
573c67f099524b55dc3e804881c6e16f  gnutls-1.0.20-3.2.2.ppc64.rpm
4dc01d3e6597d5a0cb40fd882f3eb6ec  gnutls-devel-1.0.20-3.2.2.ppc.rpm

s390:
2373e3a694eb53384a94a5502cf3dc37  gnutls-1.0.20-3.2.2.s390.rpm
1ae014903f30f6c23ad89a52a050db92  gnutls-devel-1.0.20-3.2.2.s390.rpm

s390x:
2373e3a694eb53384a94a5502cf3dc37  gnutls-1.0.20-3.2.2.s390.rpm
c6966e61cc3896354493d875d3c950b9  gnutls-1.0.20-3.2.2.s390x.rpm
521d0c697d9f1f35f2564475a20ca809  gnutls-devel-1.0.20-3.2.2.s390x.rpm

x86_64:
570aa2e7bcf5dc43955fd0325e9b4a18  gnutls-1.0.20-3.2.2.i386.rpm
1aa362a034c36522e39b124fdc7230db  gnutls-1.0.20-3.2.2.x86_64.rpm
f5a8555652f54655f8eb42149f3b1a1d  gnutls-devel-1.0.20-3.2.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gnutls-1.0.20-3.2.2.src.rpm
e3d0e0b8feeb7ddd63d58add0af060fe  gnutls-1.0.20-3.2.2.src.rpm

i386:
570aa2e7bcf5dc43955fd0325e9b4a18  gnutls-1.0.20-3.2.2.i386.rpm
bbd51e80f02d982d739a7e2b68a11bfb  gnutls-devel-1.0.20-3.2.2.i386.rpm

x86_64:
570aa2e7bcf5dc43955fd0325e9b4a18  gnutls-1.0.20-3.2.2.i386.rpm
1aa362a034c36522e39b124fdc7230db  gnutls-1.0.20-3.2.2.x86_64.rpm
f5a8555652f54655f8eb42149f3b1a1d  gnutls-devel-1.0.20-3.2.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gnutls-1.0.20-3.2.2.src.rpm
e3d0e0b8feeb7ddd63d58add0af060fe  gnutls-1.0.20-3.2.2.src.rpm

i386:
570aa2e7bcf5dc43955fd0325e9b4a18  gnutls-1.0.20-3.2.2.i386.rpm
bbd51e80f02d982d739a7e2b68a11bfb  gnutls-devel-1.0.20-3.2.2.i386.rpm

ia64:
570aa2e7bcf5dc43955fd0325e9b4a18  gnutls-1.0.20-3.2.2.i386.rpm
2448a7e4fd671cced661887bcd4173aa  gnutls-1.0.20-3.2.2.ia64.rpm
c8bfadde8d6b1697e99fcf6e900f3053  gnutls-devel-1.0.20-3.2.2.ia64.rpm

x86_64:
570aa2e7bcf5dc43955fd0325e9b4a18  gnutls-1.0.20-3.2.2.i386.rpm
1aa362a034c36522e39b124fdc7230db  gnutls-1.0.20-3.2.2.x86_64.rpm
f5a8555652f54655f8eb42149f3b1a1d  gnutls-devel-1.0.20-3.2.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gnutls-1.0.20-3.2.2.src.rpm
e3d0e0b8feeb7ddd63d58add0af060fe  gnutls-1.0.20-3.2.2.src.rpm

i386:
570aa2e7bcf5dc43955fd0325e9b4a18  gnutls-1.0.20-3.2.2.i386.rpm
bbd51e80f02d982d739a7e2b68a11bfb  gnutls-devel-1.0.20-3.2.2.i386.rpm

ia64:
570aa2e7bcf5dc43955fd0325e9b4a18  gnutls-1.0.20-3.2.2.i386.rpm
2448a7e4fd671cced661887bcd4173aa  gnutls-1.0.20-3.2.2.ia64.rpm
c8bfadde8d6b1697e99fcf6e900f3053  gnutls-devel-1.0.20-3.2.2.ia64.rpm

x86_64:
570aa2e7bcf5dc43955fd0325e9b4a18  gnutls-1.0.20-3.2.2.i386.rpm
1aa362a034c36522e39b124fdc7230db  gnutls-1.0.20-3.2.2.x86_64.rpm
f5a8555652f54655f8eb42149f3b1a1d  gnutls-devel-1.0.20-3.2.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0645

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFD7QmmXlSAg2UNWIIRAim3AJ9ogz9qPJOjz8mMj6CzM7yWMdjf+QCfZq64
xWp8np9Nwxk6s/ZbQO7KD8M=
=QT3D
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon Feb 13 15:41:54 2006
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 13 Feb 2006 10:41:54 -0500
Subject: [RHSA-2006:0201-01] Important: xpdf security update
Message-ID: <200602131541.k1DFfsQ3010798@porkchop.devel.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: xpdf security update
Advisory ID:       RHSA-2006:0201-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0201.html
Issue date:        2006-02-13
Updated on:        2006-02-13
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-0301
- ---------------------------------------------------------------------

1. Summary:

An updated xpdf package that fixes a buffer overflow security issue is now
available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The xpdf package is an X Window System-based viewer for Portable Document
Format (PDF) files.

A heap based buffer overflow bug was discovered in Xpdf. An attacker could
construct a carefully crafted PDF file that could cause Xpdf to crash or
possibly execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project assigned the name CVE-2006-0301 to this issue.

Users of Xpdf should upgrade to this updated package, which contains a
backported patch to resolve these issues.

Red Hat would like to thank Dirk Mueller for reporting this issue and
providing a patch.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

179046 - CVE-2006-0301 PDF splash handling heap overflow


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/xpdf-3.00-11.12.src.rpm
ecbd1704215b5886b323f3ed284eab56  xpdf-3.00-11.12.src.rpm

i386:
df7bc17f97f222aa73ac258341a45acd  xpdf-3.00-11.12.i386.rpm

ia64:
6ee29be68882992838fba3bcc29a9307  xpdf-3.00-11.12.ia64.rpm

ppc:
d2293530e86e08eccd70fbae4593b8ef  xpdf-3.00-11.12.ppc.rpm

s390:
e7fb6a40049da54253a9291701433539  xpdf-3.00-11.12.s390.rpm

s390x:
8b410ea2468533f79c897d80c7fd279d  xpdf-3.00-11.12.s390x.rpm

x86_64:
f8464b02fa282be752281225f0d23cc4  xpdf-3.00-11.12.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/xpdf-3.00-11.12.src.rpm
ecbd1704215b5886b323f3ed284eab56  xpdf-3.00-11.12.src.rpm

i386:
df7bc17f97f222aa73ac258341a45acd  xpdf-3.00-11.12.i386.rpm

x86_64:
f8464b02fa282be752281225f0d23cc4  xpdf-3.00-11.12.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/xpdf-3.00-11.12.src.rpm
ecbd1704215b5886b323f3ed284eab56  xpdf-3.00-11.12.src.rpm

i386:
df7bc17f97f222aa73ac258341a45acd  xpdf-3.00-11.12.i386.rpm

ia64:
6ee29be68882992838fba3bcc29a9307  xpdf-3.00-11.12.ia64.rpm

x86_64:
f8464b02fa282be752281225f0d23cc4  xpdf-3.00-11.12.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/xpdf-3.00-11.12.src.rpm
ecbd1704215b5886b323f3ed284eab56  xpdf-3.00-11.12.src.rpm

i386:
df7bc17f97f222aa73ac258341a45acd  xpdf-3.00-11.12.i386.rpm

ia64:
6ee29be68882992838fba3bcc29a9307  xpdf-3.00-11.12.ia64.rpm

x86_64:
f8464b02fa282be752281225f0d23cc4  xpdf-3.00-11.12.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFD8KiwXlSAg2UNWIIRArR+AKCaxI1dndwVceosWjLC+/fUG+uh1ACfeJN+
9wbwqD7aaR1Fg4nhg22XjLc=
=DgrC
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon Feb 13 15:42:50 2006
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 13 Feb 2006 10:42:50 -0500
Subject: [RHSA-2006:0205-01] Moderate: libpng security update
Message-ID: <200602131542.k1DFgohH012662@porkchop.devel.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: libpng security update
Advisory ID:       RHSA-2006:0205-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0205.html
Issue date:        2006-02-13
Updated on:        2006-02-13
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-0481
- ---------------------------------------------------------------------

1. Summary:

Updated libpng packages that fix a security issue are now available for Red
Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.

A heap based buffer overflow bug was found in the way libpng strips alpha
channels from a PNG image. An attacker could create a carefully crafted PNG
image file in such a way that it could cause an application linked with
libpng to crash or execute arbitrary code when the file is opened by a
victim. The Common Vulnerabilities and Exposures project has assigned the
name CVE-2006-0481 to this issue.

Please note that the vunerable libpng function is only used by TeTeX and
XEmacs on Red Hat Enterprise Linux 4.

All users of libpng are advised to update to these updated packages which
contain a backported patch that is not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

179455 - CVE-2006-0481 libpng heap based buffer overflow


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libpng-1.2.7-1.el4.2.src.rpm
3be4c7907d2075acfcb1b98e4cbb5372  libpng-1.2.7-1.el4.2.src.rpm

i386:
61f4bad424d1df53fed448bef881f640  libpng-1.2.7-1.el4.2.i386.rpm
5243972c9cfff70de5928919a0edc605  libpng-devel-1.2.7-1.el4.2.i386.rpm

ia64:
61f4bad424d1df53fed448bef881f640  libpng-1.2.7-1.el4.2.i386.rpm
359febeb55ed043c5267085507bd2a49  libpng-1.2.7-1.el4.2.ia64.rpm
a6c282c1672b014f95b8000fc90d9f88  libpng-devel-1.2.7-1.el4.2.ia64.rpm

ppc:
aba415ffe4d33117e6fab817530abdfe  libpng-1.2.7-1.el4.2.ppc.rpm
ae99d2ab1f8e5c729e236d76966ea5e9  libpng-1.2.7-1.el4.2.ppc64.rpm
afbee8e15d188ca505731b17f7285ac8  libpng-devel-1.2.7-1.el4.2.ppc.rpm

s390:
dae631134524c705ba50b49134692f20  libpng-1.2.7-1.el4.2.s390.rpm
06ea4d0701eca6a99e7e2d88f2529f6c  libpng-devel-1.2.7-1.el4.2.s390.rpm

s390x:
dae631134524c705ba50b49134692f20  libpng-1.2.7-1.el4.2.s390.rpm
6442febc585676b63e4f47abad45a524  libpng-1.2.7-1.el4.2.s390x.rpm
4cb0b4c9abce9db24a569fdd7e6e5e2f  libpng-devel-1.2.7-1.el4.2.s390x.rpm

x86_64:
61f4bad424d1df53fed448bef881f640  libpng-1.2.7-1.el4.2.i386.rpm
d950f5c564d4424dd1706c8b0333a084  libpng-1.2.7-1.el4.2.x86_64.rpm
f5d9e78727edfbf9b8dc376291160c02  libpng-devel-1.2.7-1.el4.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libpng-1.2.7-1.el4.2.src.rpm
3be4c7907d2075acfcb1b98e4cbb5372  libpng-1.2.7-1.el4.2.src.rpm

i386:
61f4bad424d1df53fed448bef881f640  libpng-1.2.7-1.el4.2.i386.rpm
5243972c9cfff70de5928919a0edc605  libpng-devel-1.2.7-1.el4.2.i386.rpm

x86_64:
61f4bad424d1df53fed448bef881f640  libpng-1.2.7-1.el4.2.i386.rpm
d950f5c564d4424dd1706c8b0333a084  libpng-1.2.7-1.el4.2.x86_64.rpm
f5d9e78727edfbf9b8dc376291160c02  libpng-devel-1.2.7-1.el4.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libpng-1.2.7-1.el4.2.src.rpm
3be4c7907d2075acfcb1b98e4cbb5372  libpng-1.2.7-1.el4.2.src.rpm

i386:
61f4bad424d1df53fed448bef881f640  libpng-1.2.7-1.el4.2.i386.rpm
5243972c9cfff70de5928919a0edc605  libpng-devel-1.2.7-1.el4.2.i386.rpm

ia64:
61f4bad424d1df53fed448bef881f640  libpng-1.2.7-1.el4.2.i386.rpm
359febeb55ed043c5267085507bd2a49  libpng-1.2.7-1.el4.2.ia64.rpm
a6c282c1672b014f95b8000fc90d9f88  libpng-devel-1.2.7-1.el4.2.ia64.rpm

x86_64:
61f4bad424d1df53fed448bef881f640  libpng-1.2.7-1.el4.2.i386.rpm
d950f5c564d4424dd1706c8b0333a084  libpng-1.2.7-1.el4.2.x86_64.rpm
f5d9e78727edfbf9b8dc376291160c02  libpng-devel-1.2.7-1.el4.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libpng-1.2.7-1.el4.2.src.rpm
3be4c7907d2075acfcb1b98e4cbb5372  libpng-1.2.7-1.el4.2.src.rpm

i386:
61f4bad424d1df53fed448bef881f640  libpng-1.2.7-1.el4.2.i386.rpm
5243972c9cfff70de5928919a0edc605  libpng-devel-1.2.7-1.el4.2.i386.rpm

ia64:
61f4bad424d1df53fed448bef881f640  libpng-1.2.7-1.el4.2.i386.rpm
359febeb55ed043c5267085507bd2a49  libpng-1.2.7-1.el4.2.ia64.rpm
a6c282c1672b014f95b8000fc90d9f88  libpng-devel-1.2.7-1.el4.2.ia64.rpm

x86_64:
61f4bad424d1df53fed448bef881f640  libpng-1.2.7-1.el4.2.i386.rpm
d950f5c564d4424dd1706c8b0333a084  libpng-1.2.7-1.el4.2.x86_64.rpm
f5d9e78727edfbf9b8dc376291160c02  libpng-devel-1.2.7-1.el4.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0481

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFD8KjNXlSAg2UNWIIRAv+KAJ9wXDxbLguGBMSB5EsKIuyhwHXNBwCeLTms
GC1CJG49mcAyTExR5q78uVk=
=f1fy
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Mon Feb 13 15:43:08 2006
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Mon, 13 Feb 2006 10:43:08 -0500
Subject: [RHSA-2006:0206-01] Important: kdegraphics security update
Message-ID: <200602131543.k1DFh8Qo013529@porkchop.devel.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: kdegraphics security update
Advisory ID:       RHSA-2006:0206-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0206.html
Issue date:        2006-02-13
Updated on:        2006-02-13
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-0301
- ---------------------------------------------------------------------

1. Summary:

Updated kdegraphics packages that resolve a security issue in kpdf are now
available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The kdegraphics packages contain applications for the K Desktop Environment
including kpdf, a pdf file viewer.

A heap based buffer overflow bug was discovered in kpdf. An attacker could
construct a carefully crafted PDF file that could cause kpdf to crash or
possibly execute arbitrary code when opened. The Common Vulnerabilities and
Exposures project assigned the name CVE-2006-0301 to this issue.

Users of kpdf should upgrade to these updated packages, which contain a
backported patch to resolve this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

179055 - CVE-2006-0301 PDF splash handling heap overflow


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdegraphics-3.3.1-3.7.src.rpm
90ac8bd5592b058f6eb37df331008226  kdegraphics-3.3.1-3.7.src.rpm

i386:
aeec5e4c97d1ccabf1e52036bb37ca79  kdegraphics-3.3.1-3.7.i386.rpm
f48caa317d180ee1b40667c62df4acb6  kdegraphics-devel-3.3.1-3.7.i386.rpm

ia64:
3d3b3279d047bfff9cd14271072bd443  kdegraphics-3.3.1-3.7.ia64.rpm
432dea1108d258f6af3964180ab4d179  kdegraphics-devel-3.3.1-3.7.ia64.rpm

ppc:
7ee2305e63d0e6fe38bdec4a0a5f9326  kdegraphics-3.3.1-3.7.ppc.rpm
092a795864d53d21144289a92fc33b01  kdegraphics-devel-3.3.1-3.7.ppc.rpm

s390:
ef808523b180cccfdbcec51f9a020ee8  kdegraphics-3.3.1-3.7.s390.rpm
278dd2949ff7f09eb3b5018fa97cc75f  kdegraphics-devel-3.3.1-3.7.s390.rpm

s390x:
71f7124916aeb01b793f54f2d85312b6  kdegraphics-3.3.1-3.7.s390x.rpm
9863edc3e66f3bd825cdd34df93e1b00  kdegraphics-devel-3.3.1-3.7.s390x.rpm

x86_64:
37cf516a06d3f42159ce54c62b901794  kdegraphics-3.3.1-3.7.x86_64.rpm
9b65bf232f163136cf5db28fd82fc661  kdegraphics-devel-3.3.1-3.7.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdegraphics-3.3.1-3.7.src.rpm
90ac8bd5592b058f6eb37df331008226  kdegraphics-3.3.1-3.7.src.rpm

i386:
aeec5e4c97d1ccabf1e52036bb37ca79  kdegraphics-3.3.1-3.7.i386.rpm
f48caa317d180ee1b40667c62df4acb6  kdegraphics-devel-3.3.1-3.7.i386.rpm

x86_64:
37cf516a06d3f42159ce54c62b901794  kdegraphics-3.3.1-3.7.x86_64.rpm
9b65bf232f163136cf5db28fd82fc661  kdegraphics-devel-3.3.1-3.7.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdegraphics-3.3.1-3.7.src.rpm
90ac8bd5592b058f6eb37df331008226  kdegraphics-3.3.1-3.7.src.rpm

i386:
aeec5e4c97d1ccabf1e52036bb37ca79  kdegraphics-3.3.1-3.7.i386.rpm
f48caa317d180ee1b40667c62df4acb6  kdegraphics-devel-3.3.1-3.7.i386.rpm

ia64:
3d3b3279d047bfff9cd14271072bd443  kdegraphics-3.3.1-3.7.ia64.rpm
432dea1108d258f6af3964180ab4d179  kdegraphics-devel-3.3.1-3.7.ia64.rpm

x86_64:
37cf516a06d3f42159ce54c62b901794  kdegraphics-3.3.1-3.7.x86_64.rpm
9b65bf232f163136cf5db28fd82fc661  kdegraphics-devel-3.3.1-3.7.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdegraphics-3.3.1-3.7.src.rpm
90ac8bd5592b058f6eb37df331008226  kdegraphics-3.3.1-3.7.src.rpm

i386:
aeec5e4c97d1ccabf1e52036bb37ca79  kdegraphics-3.3.1-3.7.i386.rpm
f48caa317d180ee1b40667c62df4acb6  kdegraphics-devel-3.3.1-3.7.i386.rpm

ia64:
3d3b3279d047bfff9cd14271072bd443  kdegraphics-3.3.1-3.7.ia64.rpm
432dea1108d258f6af3964180ab4d179  kdegraphics-devel-3.3.1-3.7.ia64.rpm

x86_64:
37cf516a06d3f42159ce54c62b901794  kdegraphics-3.3.1-3.7.x86_64.rpm
9b65bf232f163136cf5db28fd82fc661  kdegraphics-devel-3.3.1-3.7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFD8KkKXlSAg2UNWIIRAndnAKCfRnaunFn10q46l/ZioC0jWG4fXQCggVZW
vbJyfMqn0xHOWzYiN86xP+I=
=Tc9H
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue Feb 14 16:37:51 2006
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 14 Feb 2006 11:37:51 -0500
Subject: [RHSA-2006:0178-01] Moderate: ImageMagick security update
Message-ID: <200602141637.k1EGbp2L024869@porkchop.devel.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: ImageMagick security update
Advisory ID:       RHSA-2006:0178-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0178.html
Issue date:        2006-02-14
Updated on:        2006-02-14
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2005-4601 CVE-2006-0082
- ---------------------------------------------------------------------

1. Summary:

Updated ImageMagick packages that fix two security issues are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

ImageMagick(TM) is an image display and manipulation tool for the X Window
System that can read and write multiple image formats.

A shell command injection flaw was found in ImageMagick's "display"
command. It is possible to execute arbitrary commands by tricking a user
into running "display" on a file with a specially crafted name. The Common
Vulnerabilities and Exposures project (cve.mitre.org) assigned the name
CVE-2005-4601 to this issue.

A format string flaw was discovered in the way ImageMagick handles
filenames. It may be possible to execute arbitrary commands by tricking a
user into running a carefully crafted ImageMagick command. (CVE-2006-0082)

Users of ImageMagick should upgrade to these updated packages, which
contain backported patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

176837 - CVE-2005-4601 ImageMagick display command shell command injection
176925 - CVE-2006-0082 ImageMagick format string vulnerability.


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ImageMagick-5.3.8-14.src.rpm
42bbcea652834593b3b310eb507aafc3  ImageMagick-5.3.8-14.src.rpm

i386:
02ddcb3f4ad034e9b73775736aa0e1e5  ImageMagick-5.3.8-14.i386.rpm
9ff2cfbc9138bd690f6cc429854410ff  ImageMagick-c++-5.3.8-14.i386.rpm
4ef1eec645c151bdd5152dd146c8ddc8  ImageMagick-c++-devel-5.3.8-14.i386.rpm
36f335302afb16e04855300c7f3be3ab  ImageMagick-devel-5.3.8-14.i386.rpm
5bba822c10f59ac762c6e8379d8fdfe6  ImageMagick-perl-5.3.8-14.i386.rpm

ia64:
3753e29706f68b6acc52193ac10313db  ImageMagick-5.3.8-14.ia64.rpm
629ea2a18833c23d4aea32103c7403d0  ImageMagick-c++-5.3.8-14.ia64.rpm
829a6264533cdcd2aba7e178d3c2d178  ImageMagick-c++-devel-5.3.8-14.ia64.rpm
f096b2286e66b34308cb1e9c7e18ee21  ImageMagick-devel-5.3.8-14.ia64.rpm
3b3519336c7b2a962224ac88d9156bfc  ImageMagick-perl-5.3.8-14.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ImageMagick-5.3.8-14.src.rpm
42bbcea652834593b3b310eb507aafc3  ImageMagick-5.3.8-14.src.rpm

ia64:
3753e29706f68b6acc52193ac10313db  ImageMagick-5.3.8-14.ia64.rpm
629ea2a18833c23d4aea32103c7403d0  ImageMagick-c++-5.3.8-14.ia64.rpm
829a6264533cdcd2aba7e178d3c2d178  ImageMagick-c++-devel-5.3.8-14.ia64.rpm
f096b2286e66b34308cb1e9c7e18ee21  ImageMagick-devel-5.3.8-14.ia64.rpm
3b3519336c7b2a962224ac88d9156bfc  ImageMagick-perl-5.3.8-14.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ImageMagick-5.3.8-14.src.rpm
42bbcea652834593b3b310eb507aafc3  ImageMagick-5.3.8-14.src.rpm

i386:
02ddcb3f4ad034e9b73775736aa0e1e5  ImageMagick-5.3.8-14.i386.rpm
9ff2cfbc9138bd690f6cc429854410ff  ImageMagick-c++-5.3.8-14.i386.rpm
4ef1eec645c151bdd5152dd146c8ddc8  ImageMagick-c++-devel-5.3.8-14.i386.rpm
36f335302afb16e04855300c7f3be3ab  ImageMagick-devel-5.3.8-14.i386.rpm
5bba822c10f59ac762c6e8379d8fdfe6  ImageMagick-perl-5.3.8-14.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ImageMagick-5.3.8-14.src.rpm
42bbcea652834593b3b310eb507aafc3  ImageMagick-5.3.8-14.src.rpm

i386:
02ddcb3f4ad034e9b73775736aa0e1e5  ImageMagick-5.3.8-14.i386.rpm
9ff2cfbc9138bd690f6cc429854410ff  ImageMagick-c++-5.3.8-14.i386.rpm
4ef1eec645c151bdd5152dd146c8ddc8  ImageMagick-c++-devel-5.3.8-14.i386.rpm
36f335302afb16e04855300c7f3be3ab  ImageMagick-devel-5.3.8-14.i386.rpm
5bba822c10f59ac762c6e8379d8fdfe6  ImageMagick-perl-5.3.8-14.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ImageMagick-5.5.6-18.src.rpm
912eac513bb360bdc71bc2721389f59e  ImageMagick-5.5.6-18.src.rpm

i386:
ff0dd10877b3d8b30d7285973808e545  ImageMagick-5.5.6-18.i386.rpm
bdd4335990f1c36d1c009bb8cc39bb57  ImageMagick-c++-5.5.6-18.i386.rpm
797a6d26a14f757b548ca2c70511c468  ImageMagick-c++-devel-5.5.6-18.i386.rpm
02d788c894a578bdb5c2c02715c0c285  ImageMagick-devel-5.5.6-18.i386.rpm
c2b6d87dbf2a9af764942f8bd3fdc759  ImageMagick-perl-5.5.6-18.i386.rpm

ia64:
ff0dd10877b3d8b30d7285973808e545  ImageMagick-5.5.6-18.i386.rpm
836aa74bd8257394f97ea4c47725922d  ImageMagick-5.5.6-18.ia64.rpm
bdd4335990f1c36d1c009bb8cc39bb57  ImageMagick-c++-5.5.6-18.i386.rpm
4390be2fa1a09732385ec27b1395ee47  ImageMagick-c++-5.5.6-18.ia64.rpm
f0ddc57cec34c456c5a6c7ba3dd6ea88  ImageMagick-c++-devel-5.5.6-18.ia64.rpm
9ba0a896fd63af3c89ba2560dc8b197c  ImageMagick-devel-5.5.6-18.ia64.rpm
5332d039f3544f8d6b40bfd590b4c071  ImageMagick-perl-5.5.6-18.ia64.rpm

ppc:
d25c37135f92898fdf63e9eec4a2107a  ImageMagick-5.5.6-18.ppc.rpm
ccfd8f75e57f73802923e832bb3fb258  ImageMagick-5.5.6-18.ppc64.rpm
09b71675db36824ece86f3caa04aca75  ImageMagick-c++-5.5.6-18.ppc.rpm
103cb8b6587c605a423ba6dc683c8cf7  ImageMagick-c++-5.5.6-18.ppc64.rpm
e46b3984a1483e71160cf23f4140dad4  ImageMagick-c++-devel-5.5.6-18.ppc.rpm
d436653364f2e74ee9713fc70fc89fce  ImageMagick-devel-5.5.6-18.ppc.rpm
7b090f29ca8ffb89a6fd6253072363c3  ImageMagick-perl-5.5.6-18.ppc.rpm

s390:
b80b7a3588cf53fbebd71c53242d12a7  ImageMagick-5.5.6-18.s390.rpm
6b04d7d232e47596552eae758e16dd76  ImageMagick-c++-5.5.6-18.s390.rpm
bce318989f4dee6495f3049e099455d2  ImageMagick-c++-devel-5.5.6-18.s390.rpm
d85d9754792a863dc34b00df00d961e9  ImageMagick-devel-5.5.6-18.s390.rpm
3f2c1352f91825f205dbc63bc9d70c6b  ImageMagick-perl-5.5.6-18.s390.rpm

s390x:
b80b7a3588cf53fbebd71c53242d12a7  ImageMagick-5.5.6-18.s390.rpm
33c8126009e25d12686d0c56da3f7ead  ImageMagick-5.5.6-18.s390x.rpm
6b04d7d232e47596552eae758e16dd76  ImageMagick-c++-5.5.6-18.s390.rpm
860ebd377224d7e57788fe7b70bfdda5  ImageMagick-c++-5.5.6-18.s390x.rpm
f953119b971a4d9be11a1460e5156650  ImageMagick-c++-devel-5.5.6-18.s390x.rpm
e883a1defc6c335a57c0ce047b9ed201  ImageMagick-devel-5.5.6-18.s390x.rpm
a9e62f8aba3a2886378088a9b1fdf849  ImageMagick-perl-5.5.6-18.s390x.rpm

x86_64:
ff0dd10877b3d8b30d7285973808e545  ImageMagick-5.5.6-18.i386.rpm
5cf37692eaaed39642fd2ac14027895f  ImageMagick-5.5.6-18.x86_64.rpm
bdd4335990f1c36d1c009bb8cc39bb57  ImageMagick-c++-5.5.6-18.i386.rpm
376395958ba49614b254d3f4dc8870a3  ImageMagick-c++-5.5.6-18.x86_64.rpm
e046834322f8dbe5d4de3a907fd18c0f  ImageMagick-c++-devel-5.5.6-18.x86_64.rpm
39a8c5ae4b7d5f261d3982f45d375605  ImageMagick-devel-5.5.6-18.x86_64.rpm
05eb8f5a7e8d79d1ff52ba0fbbd32fb9  ImageMagick-perl-5.5.6-18.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ImageMagick-5.5.6-18.src.rpm
912eac513bb360bdc71bc2721389f59e  ImageMagick-5.5.6-18.src.rpm

i386:
ff0dd10877b3d8b30d7285973808e545  ImageMagick-5.5.6-18.i386.rpm
bdd4335990f1c36d1c009bb8cc39bb57  ImageMagick-c++-5.5.6-18.i386.rpm
797a6d26a14f757b548ca2c70511c468  ImageMagick-c++-devel-5.5.6-18.i386.rpm
02d788c894a578bdb5c2c02715c0c285  ImageMagick-devel-5.5.6-18.i386.rpm
c2b6d87dbf2a9af764942f8bd3fdc759  ImageMagick-perl-5.5.6-18.i386.rpm

x86_64:
ff0dd10877b3d8b30d7285973808e545  ImageMagick-5.5.6-18.i386.rpm
5cf37692eaaed39642fd2ac14027895f  ImageMagick-5.5.6-18.x86_64.rpm
bdd4335990f1c36d1c009bb8cc39bb57  ImageMagick-c++-5.5.6-18.i386.rpm
376395958ba49614b254d3f4dc8870a3  ImageMagick-c++-5.5.6-18.x86_64.rpm
e046834322f8dbe5d4de3a907fd18c0f  ImageMagick-c++-devel-5.5.6-18.x86_64.rpm
39a8c5ae4b7d5f261d3982f45d375605  ImageMagick-devel-5.5.6-18.x86_64.rpm
05eb8f5a7e8d79d1ff52ba0fbbd32fb9  ImageMagick-perl-5.5.6-18.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ImageMagick-5.5.6-18.src.rpm
912eac513bb360bdc71bc2721389f59e  ImageMagick-5.5.6-18.src.rpm

i386:
ff0dd10877b3d8b30d7285973808e545  ImageMagick-5.5.6-18.i386.rpm
bdd4335990f1c36d1c009bb8cc39bb57  ImageMagick-c++-5.5.6-18.i386.rpm
797a6d26a14f757b548ca2c70511c468  ImageMagick-c++-devel-5.5.6-18.i386.rpm
02d788c894a578bdb5c2c02715c0c285  ImageMagick-devel-5.5.6-18.i386.rpm
c2b6d87dbf2a9af764942f8bd3fdc759  ImageMagick-perl-5.5.6-18.i386.rpm

ia64:
ff0dd10877b3d8b30d7285973808e545  ImageMagick-5.5.6-18.i386.rpm
836aa74bd8257394f97ea4c47725922d  ImageMagick-5.5.6-18.ia64.rpm
bdd4335990f1c36d1c009bb8cc39bb57  ImageMagick-c++-5.5.6-18.i386.rpm
4390be2fa1a09732385ec27b1395ee47  ImageMagick-c++-5.5.6-18.ia64.rpm
f0ddc57cec34c456c5a6c7ba3dd6ea88  ImageMagick-c++-devel-5.5.6-18.ia64.rpm
9ba0a896fd63af3c89ba2560dc8b197c  ImageMagick-devel-5.5.6-18.ia64.rpm
5332d039f3544f8d6b40bfd590b4c071  ImageMagick-perl-5.5.6-18.ia64.rpm

x86_64:
ff0dd10877b3d8b30d7285973808e545  ImageMagick-5.5.6-18.i386.rpm
5cf37692eaaed39642fd2ac14027895f  ImageMagick-5.5.6-18.x86_64.rpm
bdd4335990f1c36d1c009bb8cc39bb57  ImageMagick-c++-5.5.6-18.i386.rpm
376395958ba49614b254d3f4dc8870a3  ImageMagick-c++-5.5.6-18.x86_64.rpm
e046834322f8dbe5d4de3a907fd18c0f  ImageMagick-c++-devel-5.5.6-18.x86_64.rpm
39a8c5ae4b7d5f261d3982f45d375605  ImageMagick-devel-5.5.6-18.x86_64.rpm
05eb8f5a7e8d79d1ff52ba0fbbd32fb9  ImageMagick-perl-5.5.6-18.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ImageMagick-5.5.6-18.src.rpm
912eac513bb360bdc71bc2721389f59e  ImageMagick-5.5.6-18.src.rpm

i386:
ff0dd10877b3d8b30d7285973808e545  ImageMagick-5.5.6-18.i386.rpm
bdd4335990f1c36d1c009bb8cc39bb57  ImageMagick-c++-5.5.6-18.i386.rpm
797a6d26a14f757b548ca2c70511c468  ImageMagick-c++-devel-5.5.6-18.i386.rpm
02d788c894a578bdb5c2c02715c0c285  ImageMagick-devel-5.5.6-18.i386.rpm
c2b6d87dbf2a9af764942f8bd3fdc759  ImageMagick-perl-5.5.6-18.i386.rpm

ia64:
ff0dd10877b3d8b30d7285973808e545  ImageMagick-5.5.6-18.i386.rpm
836aa74bd8257394f97ea4c47725922d  ImageMagick-5.5.6-18.ia64.rpm
bdd4335990f1c36d1c009bb8cc39bb57  ImageMagick-c++-5.5.6-18.i386.rpm
4390be2fa1a09732385ec27b1395ee47  ImageMagick-c++-5.5.6-18.ia64.rpm
f0ddc57cec34c456c5a6c7ba3dd6ea88  ImageMagick-c++-devel-5.5.6-18.ia64.rpm
9ba0a896fd63af3c89ba2560dc8b197c  ImageMagick-devel-5.5.6-18.ia64.rpm
5332d039f3544f8d6b40bfd590b4c071  ImageMagick-perl-5.5.6-18.ia64.rpm

x86_64:
ff0dd10877b3d8b30d7285973808e545  ImageMagick-5.5.6-18.i386.rpm
5cf37692eaaed39642fd2ac14027895f  ImageMagick-5.5.6-18.x86_64.rpm
bdd4335990f1c36d1c009bb8cc39bb57  ImageMagick-c++-5.5.6-18.i386.rpm
376395958ba49614b254d3f4dc8870a3  ImageMagick-c++-5.5.6-18.x86_64.rpm
e046834322f8dbe5d4de3a907fd18c0f  ImageMagick-c++-devel-5.5.6-18.x86_64.rpm
39a8c5ae4b7d5f261d3982f45d375605  ImageMagick-devel-5.5.6-18.x86_64.rpm
05eb8f5a7e8d79d1ff52ba0fbbd32fb9  ImageMagick-perl-5.5.6-18.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ImageMagick-6.0.7.1-14.src.rpm
943009b437200ac884a17bc0ba1ed6d5  ImageMagick-6.0.7.1-14.src.rpm

i386:
2bc5f48610909531555790d4aa0f0761  ImageMagick-6.0.7.1-14.i386.rpm
6530b8195c456b770476178365a22aee  ImageMagick-c++-6.0.7.1-14.i386.rpm
a4a1d6bc54840e4115db2bb3593b7b4d  ImageMagick-c++-devel-6.0.7.1-14.i386.rpm
303e6a26c3f268114235bb5e8c236dd7  ImageMagick-devel-6.0.7.1-14.i386.rpm
d035be77c8ac2aec410ba0b2fa5df288  ImageMagick-perl-6.0.7.1-14.i386.rpm

ia64:
73ecded1c169bc13cd8b408de6aeaa12  ImageMagick-6.0.7.1-14.ia64.rpm
68c0f11baf659152dde65a2ed9cbb63c  ImageMagick-c++-6.0.7.1-14.ia64.rpm
fb9db38ef0cbbe9dc218cf7317c46d73  ImageMagick-c++-devel-6.0.7.1-14.ia64.rpm
d7da6da6d6701d91b289d56ec85a4e88  ImageMagick-devel-6.0.7.1-14.ia64.rpm
51d385a20a8a6fc8c2f012809649fdd1  ImageMagick-perl-6.0.7.1-14.ia64.rpm

ppc:
44af6d59473f5ec24dbc7c2012ce2e33  ImageMagick-6.0.7.1-14.ppc.rpm
147008254b935be653520b5c2d017c3a  ImageMagick-c++-6.0.7.1-14.ppc.rpm
00d60982fa0c76b3455cc0359441d621  ImageMagick-c++-devel-6.0.7.1-14.ppc.rpm
08cb5622a03833ce70b9be82196a4166  ImageMagick-devel-6.0.7.1-14.ppc.rpm
9c386ef8af75cf9304266dd1f8709ec8  ImageMagick-perl-6.0.7.1-14.ppc.rpm

s390:
3d5d3b366e27b28533d1aeb06c6fcf0e  ImageMagick-6.0.7.1-14.s390.rpm
9a9aaa51935442d213bc4de3fde60056  ImageMagick-c++-6.0.7.1-14.s390.rpm
9e2a9064823c70b581bc7fd5ae8560af  ImageMagick-c++-devel-6.0.7.1-14.s390.rpm
992cd1716a2cc6ca4d762779c3f024c6  ImageMagick-devel-6.0.7.1-14.s390.rpm
b25fd0a0d461b6d2584606b87d35731b  ImageMagick-perl-6.0.7.1-14.s390.rpm

s390x:
55e5a69de6004b0695cbf74c7de11e2a  ImageMagick-6.0.7.1-14.s390x.rpm
934f5234af396109c1754c70a3a2ef3b  ImageMagick-c++-6.0.7.1-14.s390x.rpm
b44ed289087478ecf6f443d523abd3d0  ImageMagick-c++-devel-6.0.7.1-14.s390x.rpm
4d9e7b5c2b6cb13f3491e14eaea56445  ImageMagick-devel-6.0.7.1-14.s390x.rpm
c658a53536aa59d1de3462beb81eee87  ImageMagick-perl-6.0.7.1-14.s390x.rpm

x86_64:
b1a29f3adda3e342999afaddc9b1ba79  ImageMagick-6.0.7.1-14.x86_64.rpm
dad10d79313cba668a451ed4b9db2cd6  ImageMagick-c++-6.0.7.1-14.x86_64.rpm
8dffae4e528667fd7e62c1cb9742f325  ImageMagick-c++-devel-6.0.7.1-14.x86_64.rpm
4ba905218af2b39b3481e27073e0d167  ImageMagick-devel-6.0.7.1-14.x86_64.rpm
30f2cd9845c5c47b33eb0dfb9b955089  ImageMagick-perl-6.0.7.1-14.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ImageMagick-6.0.7.1-14.src.rpm
943009b437200ac884a17bc0ba1ed6d5  ImageMagick-6.0.7.1-14.src.rpm

i386:
2bc5f48610909531555790d4aa0f0761  ImageMagick-6.0.7.1-14.i386.rpm
6530b8195c456b770476178365a22aee  ImageMagick-c++-6.0.7.1-14.i386.rpm
a4a1d6bc54840e4115db2bb3593b7b4d  ImageMagick-c++-devel-6.0.7.1-14.i386.rpm
303e6a26c3f268114235bb5e8c236dd7  ImageMagick-devel-6.0.7.1-14.i386.rpm
d035be77c8ac2aec410ba0b2fa5df288  ImageMagick-perl-6.0.7.1-14.i386.rpm

x86_64:
b1a29f3adda3e342999afaddc9b1ba79  ImageMagick-6.0.7.1-14.x86_64.rpm
dad10d79313cba668a451ed4b9db2cd6  ImageMagick-c++-6.0.7.1-14.x86_64.rpm
8dffae4e528667fd7e62c1cb9742f325  ImageMagick-c++-devel-6.0.7.1-14.x86_64.rpm
4ba905218af2b39b3481e27073e0d167  ImageMagick-devel-6.0.7.1-14.x86_64.rpm
30f2cd9845c5c47b33eb0dfb9b955089  ImageMagick-perl-6.0.7.1-14.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ImageMagick-6.0.7.1-14.src.rpm
943009b437200ac884a17bc0ba1ed6d5  ImageMagick-6.0.7.1-14.src.rpm

i386:
2bc5f48610909531555790d4aa0f0761  ImageMagick-6.0.7.1-14.i386.rpm
6530b8195c456b770476178365a22aee  ImageMagick-c++-6.0.7.1-14.i386.rpm
a4a1d6bc54840e4115db2bb3593b7b4d  ImageMagick-c++-devel-6.0.7.1-14.i386.rpm
303e6a26c3f268114235bb5e8c236dd7  ImageMagick-devel-6.0.7.1-14.i386.rpm
d035be77c8ac2aec410ba0b2fa5df288  ImageMagick-perl-6.0.7.1-14.i386.rpm

ia64:
73ecded1c169bc13cd8b408de6aeaa12  ImageMagick-6.0.7.1-14.ia64.rpm
68c0f11baf659152dde65a2ed9cbb63c  ImageMagick-c++-6.0.7.1-14.ia64.rpm
fb9db38ef0cbbe9dc218cf7317c46d73  ImageMagick-c++-devel-6.0.7.1-14.ia64.rpm
d7da6da6d6701d91b289d56ec85a4e88  ImageMagick-devel-6.0.7.1-14.ia64.rpm
51d385a20a8a6fc8c2f012809649fdd1  ImageMagick-perl-6.0.7.1-14.ia64.rpm

x86_64:
b1a29f3adda3e342999afaddc9b1ba79  ImageMagick-6.0.7.1-14.x86_64.rpm
dad10d79313cba668a451ed4b9db2cd6  ImageMagick-c++-6.0.7.1-14.x86_64.rpm
8dffae4e528667fd7e62c1cb9742f325  ImageMagick-c++-devel-6.0.7.1-14.x86_64.rpm
4ba905218af2b39b3481e27073e0d167  ImageMagick-devel-6.0.7.1-14.x86_64.rpm
30f2cd9845c5c47b33eb0dfb9b955089  ImageMagick-perl-6.0.7.1-14.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ImageMagick-6.0.7.1-14.src.rpm
943009b437200ac884a17bc0ba1ed6d5  ImageMagick-6.0.7.1-14.src.rpm

i386:
2bc5f48610909531555790d4aa0f0761  ImageMagick-6.0.7.1-14.i386.rpm
6530b8195c456b770476178365a22aee  ImageMagick-c++-6.0.7.1-14.i386.rpm
a4a1d6bc54840e4115db2bb3593b7b4d  ImageMagick-c++-devel-6.0.7.1-14.i386.rpm
303e6a26c3f268114235bb5e8c236dd7  ImageMagick-devel-6.0.7.1-14.i386.rpm
d035be77c8ac2aec410ba0b2fa5df288  ImageMagick-perl-6.0.7.1-14.i386.rpm

ia64:
73ecded1c169bc13cd8b408de6aeaa12  ImageMagick-6.0.7.1-14.ia64.rpm
68c0f11baf659152dde65a2ed9cbb63c  ImageMagick-c++-6.0.7.1-14.ia64.rpm
fb9db38ef0cbbe9dc218cf7317c46d73  ImageMagick-c++-devel-6.0.7.1-14.ia64.rpm
d7da6da6d6701d91b289d56ec85a4e88  ImageMagick-devel-6.0.7.1-14.ia64.rpm
51d385a20a8a6fc8c2f012809649fdd1  ImageMagick-perl-6.0.7.1-14.ia64.rpm

x86_64:
b1a29f3adda3e342999afaddc9b1ba79  ImageMagick-6.0.7.1-14.x86_64.rpm
dad10d79313cba668a451ed4b9db2cd6  ImageMagick-c++-6.0.7.1-14.x86_64.rpm
8dffae4e528667fd7e62c1cb9742f325  ImageMagick-c++-devel-6.0.7.1-14.x86_64.rpm
4ba905218af2b39b3481e27073e0d167  ImageMagick-devel-6.0.7.1-14.x86_64.rpm
30f2cd9845c5c47b33eb0dfb9b955089  ImageMagick-perl-6.0.7.1-14.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0082

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFD8gdJXlSAg2UNWIIRAs+8AKCed55p/Spx/Xm9zJKMLYssGdm2aACglbIe
XeTF31oCuMHFnj1inA2X5X0=
=G2eh
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue Feb 21 14:41:34 2006
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 21 Feb 2006 09:41:34 -0500
Subject: [RHSA-2006:0195-01] Low: tar security update
Message-ID: <200602211441.k1LEfYgi022251@porkchop.devel.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: tar security update
Advisory ID:       RHSA-2006:0195-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0195.html
Issue date:        2006-02-21
Updated on:        2006-02-21
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2005-1918
- ---------------------------------------------------------------------

1. Summary:

An updated tar package that fixes a path traversal flaw is now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The GNU tar program saves many files together in one archive and can
restore individual files (or all of the files) from that archive. 

In 2002, a path traversal flaw was found in the way GNU tar extracted
archives. A malicious user could create a tar archive that could write to
arbitrary files to which the user running GNU tar has write access
(CVE-2002-0399).  Red Hat included a backported security patch to correct
this issue in Red Hat Enterprise Linux 3, and an erratum for Red Hat
Enterprise Linux 2.1 users was issued.

During internal testing, we discovered that our backported security patch
contained an incorrect optimization and therefore was not sufficient to
completely correct this vulnerability.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) assigned the name CVE-2005-1918 to this
issue.

Users of tar should upgrade to this updated package, which contains a
replacement backported patch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

140589 - CVE-2005-1918 tar archive path traversal issue
140598 - CVE-2005-1918 tar archive path traversal issue


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/tar-1.13.25-5.AS21.1.src.rpm
845a820b30ac72349c6a0b8184a86d2c  tar-1.13.25-5.AS21.1.src.rpm

i386:
54cb06fab08c95c25eea7ade716d71c7  tar-1.13.25-5.AS21.1.i386.rpm

ia64:
cd7c0eb50dffd11cf0cbdd881825a8cc  tar-1.13.25-5.AS21.1.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/tar-1.13.25-5.AS21.1.src.rpm
845a820b30ac72349c6a0b8184a86d2c  tar-1.13.25-5.AS21.1.src.rpm

ia64:
cd7c0eb50dffd11cf0cbdd881825a8cc  tar-1.13.25-5.AS21.1.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/tar-1.13.25-5.AS21.1.src.rpm
845a820b30ac72349c6a0b8184a86d2c  tar-1.13.25-5.AS21.1.src.rpm

i386:
54cb06fab08c95c25eea7ade716d71c7  tar-1.13.25-5.AS21.1.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/tar-1.13.25-5.AS21.1.src.rpm
845a820b30ac72349c6a0b8184a86d2c  tar-1.13.25-5.AS21.1.src.rpm

i386:
54cb06fab08c95c25eea7ade716d71c7  tar-1.13.25-5.AS21.1.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/tar-1.13.25-14.RHEL3.src.rpm
a417c5eee303ba02e82d5e3dd51a90c9  tar-1.13.25-14.RHEL3.src.rpm

i386:
774d7a899b21106977e6f97ac21c60d6  tar-1.13.25-14.RHEL3.i386.rpm

ia64:
9c280f3ef92ac03b0c5f58d0f0bfb1be  tar-1.13.25-14.RHEL3.ia64.rpm

ppc:
8541793f7153051ca270c8f778813ec5  tar-1.13.25-14.RHEL3.ppc.rpm

s390:
96945481f9c6429850ab676fa622f7b5  tar-1.13.25-14.RHEL3.s390.rpm

s390x:
cec08d4de830f20e40ec351a827ec5f6  tar-1.13.25-14.RHEL3.s390x.rpm

x86_64:
dafe232a7b44dd14476a86abea130c69  tar-1.13.25-14.RHEL3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/tar-1.13.25-14.RHEL3.src.rpm
a417c5eee303ba02e82d5e3dd51a90c9  tar-1.13.25-14.RHEL3.src.rpm

i386:
774d7a899b21106977e6f97ac21c60d6  tar-1.13.25-14.RHEL3.i386.rpm

x86_64:
dafe232a7b44dd14476a86abea130c69  tar-1.13.25-14.RHEL3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/tar-1.13.25-14.RHEL3.src.rpm
a417c5eee303ba02e82d5e3dd51a90c9  tar-1.13.25-14.RHEL3.src.rpm

i386:
774d7a899b21106977e6f97ac21c60d6  tar-1.13.25-14.RHEL3.i386.rpm

ia64:
9c280f3ef92ac03b0c5f58d0f0bfb1be  tar-1.13.25-14.RHEL3.ia64.rpm

x86_64:
dafe232a7b44dd14476a86abea130c69  tar-1.13.25-14.RHEL3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/tar-1.13.25-14.RHEL3.src.rpm
a417c5eee303ba02e82d5e3dd51a90c9  tar-1.13.25-14.RHEL3.src.rpm

i386:
774d7a899b21106977e6f97ac21c60d6  tar-1.13.25-14.RHEL3.i386.rpm

ia64:
9c280f3ef92ac03b0c5f58d0f0bfb1be  tar-1.13.25-14.RHEL3.ia64.rpm

x86_64:
dafe232a7b44dd14476a86abea130c69  tar-1.13.25-14.RHEL3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1918

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFD+yaPXlSAg2UNWIIRAkdhAKCHvmP99YP6Ra9XFMXZhKVPXb0FZACeOMGo
t73Xbj5V4C2nH6KVZmTf98Q=
=F7g0
-----END PGP SIGNATURE-----




From bugzilla at redhat.com  Tue Feb 21 14:42:12 2006
From: bugzilla at redhat.com (bugzilla at redhat.com)
Date: Tue, 21 Feb 2006 09:42:12 -0500
Subject: [RHSA-2006:0217-01] Important: metamail security update
Message-ID: <200602211442.k1LEgCAR022516@porkchop.devel.redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: metamail security update
Advisory ID:       RHSA-2006:0217-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0217.html
Issue date:        2006-02-21
Updated on:        2006-02-21
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-0709
- ---------------------------------------------------------------------

1. Summary:

An updated metamail package that fixes a buffer overflow vulnerability for
Red Hat Enterprise Linux 2.1 is now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

Metamail is a system for handling multimedia mail.

A buffer overflow bug was found in the way Metamail processes certain mail
messages. An attacker could create a carefully-crafted message such that
when it is opened by a victim and parsed through Metamail, it runs
arbitrary code as the victim. The Common Vulnerabilities and Exposures
project (cve.mitre.org) assigned the name CVE-2006-0709 to this issue.

Users of Metamail should upgrade to this updated package, which contains a
backported patch that is not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

181665 - CVE-2006-0709 Metamail heap based buffer overflow


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/metamail-2.7-30.src.rpm
0d9e11b28157bcf5f1da1a99513b59fa  metamail-2.7-30.src.rpm

i386:
f0b370477bbae8a72eb5d9211b3b2313  metamail-2.7-30.i386.rpm

ia64:
8ee8c235fed4fd06e629803e4f414ba3  metamail-2.7-30.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/metamail-2.7-30.src.rpm
0d9e11b28157bcf5f1da1a99513b59fa  metamail-2.7-30.src.rpm

ia64:
8ee8c235fed4fd06e629803e4f414ba3  metamail-2.7-30.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/metamail-2.7-30.src.rpm
0d9e11b28157bcf5f1da1a99513b59fa  metamail-2.7-30.src.rpm

i386:
f0b370477bbae8a72eb5d9211b3b2313  metamail-2.7-30.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/metamail-2.7-30.src.rpm
0d9e11b28157bcf5f1da1a99513b59fa  metamail-2.7-30.src.rpm

i386:
f0b370477bbae8a72eb5d9211b3b2313  metamail-2.7-30.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0709

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFD+yayXlSAg2UNWIIRArgqAKCBh7Ern1cPy3GO7uDlndTXnPnGBACfdWd3
VP9B6d3JC2j4+XapeofJUTs=
=h1Tr
-----END PGP SIGNATURE-----