From bugzilla at redhat.com Thu Jan 5 16:06:55 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Jan 2006 11:06:55 -0500 Subject: [RHSA-2006:0159-01] Moderate: httpd security update Message-ID: <200601051606.k05G6tVY005117@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: httpd security update Advisory ID: RHSA-2006:0159-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0159.html Issue date: 2006-01-05 Updated on: 2006-01-05 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-2970 CVE-2005-3352 CVE-2005-3357 - --------------------------------------------------------------------- 1. Summary: Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The Apache HTTP Server is a popular and freely-available Web server. A memory leak in the worker MPM could allow remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2970 to this issue. This vulnerability only affects users who are using the non-default worker MPM. A flaw in mod_imap when using the Referer directive with image maps was discovered. With certain site configurations, a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers. (CVE-2005-3352) A NULL pointer dereference flaw in mod_ssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This crash would only be a denial of service if using the non-default worker MPM. (CVE-2005-3357) Users of httpd should update to these erratum packages which contain backported patches to correct these issues along with some additional bugs. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 170383 - mod_ssl per-directory renegotiation with request body 171756 - CVE-2005-2970 httpd worker MPM memory consumption DoS 175602 - CVE-2005-3352 cross-site scripting flaw in mod_imap 175720 - CVE-2005-3357 mod_ssl crash 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/httpd-2.0.46-56.ent.src.rpm 5fb40d08b35daf0b9dca84bae2d807ad httpd-2.0.46-56.ent.src.rpm i386: 58472c7851877c10d75fc11acc987690 httpd-2.0.46-56.ent.i386.rpm 7c5a357dc808d626e84f0b811d875087 httpd-devel-2.0.46-56.ent.i386.rpm fd69217826949e34854440914919115d mod_ssl-2.0.46-56.ent.i386.rpm ia64: 9ba4fcecc7a987e0095cab3f3097573e httpd-2.0.46-56.ent.ia64.rpm eaaa9f395d525f97d864fa8fb7abf0b3 httpd-devel-2.0.46-56.ent.ia64.rpm 5c1958e1b3abe828ccc70ef6aed3bb64 mod_ssl-2.0.46-56.ent.ia64.rpm ppc: 463c75e6ea66006c222c769c133bc4a0 httpd-2.0.46-56.ent.ppc.rpm fbfa43b0915f7593b0b53b060ccaa5f8 httpd-devel-2.0.46-56.ent.ppc.rpm a9c64df8a73025eca98e931dd074b69a mod_ssl-2.0.46-56.ent.ppc.rpm s390: fe25eb28019d8d9a3a75b87eb60dbfe9 httpd-2.0.46-56.ent.s390.rpm 21a7aab2c525ea1f61528823f440c1ab httpd-devel-2.0.46-56.ent.s390.rpm 4bec0fb1ba74b43121cba95fcbc54430 mod_ssl-2.0.46-56.ent.s390.rpm s390x: 1f0093a5d44fa75ad8d5dff12f6a8f81 httpd-2.0.46-56.ent.s390x.rpm e005b654914be004d22d456c3f7cd9f1 httpd-devel-2.0.46-56.ent.s390x.rpm ed206f46043e55028a3a1ec63f516042 mod_ssl-2.0.46-56.ent.s390x.rpm x86_64: 19e480d4aaf0e54cd1e8beb741081e1c httpd-2.0.46-56.ent.x86_64.rpm 204c07d7e05a9d4b3292a5072d9c6f2a httpd-devel-2.0.46-56.ent.x86_64.rpm 770cc4db896225d99e1df93a589a02b4 mod_ssl-2.0.46-56.ent.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/httpd-2.0.46-56.ent.src.rpm 5fb40d08b35daf0b9dca84bae2d807ad httpd-2.0.46-56.ent.src.rpm i386: 58472c7851877c10d75fc11acc987690 httpd-2.0.46-56.ent.i386.rpm 7c5a357dc808d626e84f0b811d875087 httpd-devel-2.0.46-56.ent.i386.rpm fd69217826949e34854440914919115d mod_ssl-2.0.46-56.ent.i386.rpm x86_64: 19e480d4aaf0e54cd1e8beb741081e1c httpd-2.0.46-56.ent.x86_64.rpm 204c07d7e05a9d4b3292a5072d9c6f2a httpd-devel-2.0.46-56.ent.x86_64.rpm 770cc4db896225d99e1df93a589a02b4 mod_ssl-2.0.46-56.ent.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/httpd-2.0.46-56.ent.src.rpm 5fb40d08b35daf0b9dca84bae2d807ad httpd-2.0.46-56.ent.src.rpm i386: 58472c7851877c10d75fc11acc987690 httpd-2.0.46-56.ent.i386.rpm 7c5a357dc808d626e84f0b811d875087 httpd-devel-2.0.46-56.ent.i386.rpm fd69217826949e34854440914919115d mod_ssl-2.0.46-56.ent.i386.rpm ia64: 9ba4fcecc7a987e0095cab3f3097573e httpd-2.0.46-56.ent.ia64.rpm eaaa9f395d525f97d864fa8fb7abf0b3 httpd-devel-2.0.46-56.ent.ia64.rpm 5c1958e1b3abe828ccc70ef6aed3bb64 mod_ssl-2.0.46-56.ent.ia64.rpm x86_64: 19e480d4aaf0e54cd1e8beb741081e1c httpd-2.0.46-56.ent.x86_64.rpm 204c07d7e05a9d4b3292a5072d9c6f2a httpd-devel-2.0.46-56.ent.x86_64.rpm 770cc4db896225d99e1df93a589a02b4 mod_ssl-2.0.46-56.ent.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/httpd-2.0.46-56.ent.src.rpm 5fb40d08b35daf0b9dca84bae2d807ad httpd-2.0.46-56.ent.src.rpm i386: 58472c7851877c10d75fc11acc987690 httpd-2.0.46-56.ent.i386.rpm 7c5a357dc808d626e84f0b811d875087 httpd-devel-2.0.46-56.ent.i386.rpm fd69217826949e34854440914919115d mod_ssl-2.0.46-56.ent.i386.rpm ia64: 9ba4fcecc7a987e0095cab3f3097573e httpd-2.0.46-56.ent.ia64.rpm eaaa9f395d525f97d864fa8fb7abf0b3 httpd-devel-2.0.46-56.ent.ia64.rpm 5c1958e1b3abe828ccc70ef6aed3bb64 mod_ssl-2.0.46-56.ent.ia64.rpm x86_64: 19e480d4aaf0e54cd1e8beb741081e1c httpd-2.0.46-56.ent.x86_64.rpm 204c07d7e05a9d4b3292a5072d9c6f2a httpd-devel-2.0.46-56.ent.x86_64.rpm 770cc4db896225d99e1df93a589a02b4 mod_ssl-2.0.46-56.ent.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-22.ent.src.rpm 1758c0d1f6326b2f8d77885a351872a1 httpd-2.0.52-22.ent.src.rpm i386: 64b2b544496645ed16ce4e7415b358b0 httpd-2.0.52-22.ent.i386.rpm 7191377bec8fdd54c327830b05f74e7e httpd-devel-2.0.52-22.ent.i386.rpm 5b69c82ad64cee1b4c46e9f814e88286 httpd-manual-2.0.52-22.ent.i386.rpm 4cde89fc87b21feff51d54098fe4ed83 httpd-suexec-2.0.52-22.ent.i386.rpm 97f4a87d758c4b84def3abf53e6293cc mod_ssl-2.0.52-22.ent.i386.rpm ia64: c7522babbf9b3a24f8c3bfaff8e2e10f httpd-2.0.52-22.ent.ia64.rpm 10a317c00ae0e59b4f3071870f6d939a httpd-devel-2.0.52-22.ent.ia64.rpm adaf0ba8b49ee0ceb3469e1b5f67c339 httpd-manual-2.0.52-22.ent.ia64.rpm 38dec291e729a7e69bdc9ba25cfca5be httpd-suexec-2.0.52-22.ent.ia64.rpm fa92eddcfe59311085ed2c0c7675380b mod_ssl-2.0.52-22.ent.ia64.rpm ppc: 1fef1c2e4c3e8796c8d29f1a8b4288f2 httpd-2.0.52-22.ent.ppc.rpm 756f217a147ae442b5b60612c42a6e80 httpd-devel-2.0.52-22.ent.ppc.rpm d8f0dd7e832cad4efa48333ed1d649af httpd-manual-2.0.52-22.ent.ppc.rpm 3a466a4bceadf2fcc1994206481062a6 httpd-suexec-2.0.52-22.ent.ppc.rpm a293bf05ecae2c4b192d5ec3dfcbb98d mod_ssl-2.0.52-22.ent.ppc.rpm s390: c9aee197a528745c6c8590f7605b1643 httpd-2.0.52-22.ent.s390.rpm 9f8f303a60b8b52a5a1c4be911df9212 httpd-devel-2.0.52-22.ent.s390.rpm f3107dc3d74f773f21854fc94e2eca2d httpd-manual-2.0.52-22.ent.s390.rpm 4f3d8737a2656298e7b2b867b0f35d2a httpd-suexec-2.0.52-22.ent.s390.rpm e78eb4e3946b778fcd3a8fd650c1cc02 mod_ssl-2.0.52-22.ent.s390.rpm s390x: c175a4c5c89597afd57932e6e08f5755 httpd-2.0.52-22.ent.s390x.rpm f894f7f71f4ab719d09812bb794f37df httpd-devel-2.0.52-22.ent.s390x.rpm da94d5e68605db9f5c4c801e853e60ad httpd-manual-2.0.52-22.ent.s390x.rpm 350bbc702110c42e1cf95787168d63b1 httpd-suexec-2.0.52-22.ent.s390x.rpm 321b95391c4d73b76fb632db96fec976 mod_ssl-2.0.52-22.ent.s390x.rpm x86_64: e0c7651c64d7ba3c4c1e6e5b0296295c httpd-2.0.52-22.ent.x86_64.rpm 95f9a419ba8d943c5a99fc750fc82176 httpd-devel-2.0.52-22.ent.x86_64.rpm f72c3a86cae6f4a2716e27d1e315797c httpd-manual-2.0.52-22.ent.x86_64.rpm dbbd0863f64a60bba95c0bd2164e4d17 httpd-suexec-2.0.52-22.ent.x86_64.rpm 8ee3ac6dff631ffc1d2b645582b35cfb mod_ssl-2.0.52-22.ent.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-22.ent.src.rpm 1758c0d1f6326b2f8d77885a351872a1 httpd-2.0.52-22.ent.src.rpm i386: 64b2b544496645ed16ce4e7415b358b0 httpd-2.0.52-22.ent.i386.rpm 7191377bec8fdd54c327830b05f74e7e httpd-devel-2.0.52-22.ent.i386.rpm 5b69c82ad64cee1b4c46e9f814e88286 httpd-manual-2.0.52-22.ent.i386.rpm 4cde89fc87b21feff51d54098fe4ed83 httpd-suexec-2.0.52-22.ent.i386.rpm 97f4a87d758c4b84def3abf53e6293cc mod_ssl-2.0.52-22.ent.i386.rpm x86_64: e0c7651c64d7ba3c4c1e6e5b0296295c httpd-2.0.52-22.ent.x86_64.rpm 95f9a419ba8d943c5a99fc750fc82176 httpd-devel-2.0.52-22.ent.x86_64.rpm f72c3a86cae6f4a2716e27d1e315797c httpd-manual-2.0.52-22.ent.x86_64.rpm dbbd0863f64a60bba95c0bd2164e4d17 httpd-suexec-2.0.52-22.ent.x86_64.rpm 8ee3ac6dff631ffc1d2b645582b35cfb mod_ssl-2.0.52-22.ent.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-22.ent.src.rpm 1758c0d1f6326b2f8d77885a351872a1 httpd-2.0.52-22.ent.src.rpm i386: 64b2b544496645ed16ce4e7415b358b0 httpd-2.0.52-22.ent.i386.rpm 7191377bec8fdd54c327830b05f74e7e httpd-devel-2.0.52-22.ent.i386.rpm 5b69c82ad64cee1b4c46e9f814e88286 httpd-manual-2.0.52-22.ent.i386.rpm 4cde89fc87b21feff51d54098fe4ed83 httpd-suexec-2.0.52-22.ent.i386.rpm 97f4a87d758c4b84def3abf53e6293cc mod_ssl-2.0.52-22.ent.i386.rpm ia64: c7522babbf9b3a24f8c3bfaff8e2e10f httpd-2.0.52-22.ent.ia64.rpm 10a317c00ae0e59b4f3071870f6d939a httpd-devel-2.0.52-22.ent.ia64.rpm adaf0ba8b49ee0ceb3469e1b5f67c339 httpd-manual-2.0.52-22.ent.ia64.rpm 38dec291e729a7e69bdc9ba25cfca5be httpd-suexec-2.0.52-22.ent.ia64.rpm fa92eddcfe59311085ed2c0c7675380b mod_ssl-2.0.52-22.ent.ia64.rpm x86_64: e0c7651c64d7ba3c4c1e6e5b0296295c httpd-2.0.52-22.ent.x86_64.rpm 95f9a419ba8d943c5a99fc750fc82176 httpd-devel-2.0.52-22.ent.x86_64.rpm f72c3a86cae6f4a2716e27d1e315797c httpd-manual-2.0.52-22.ent.x86_64.rpm dbbd0863f64a60bba95c0bd2164e4d17 httpd-suexec-2.0.52-22.ent.x86_64.rpm 8ee3ac6dff631ffc1d2b645582b35cfb mod_ssl-2.0.52-22.ent.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-22.ent.src.rpm 1758c0d1f6326b2f8d77885a351872a1 httpd-2.0.52-22.ent.src.rpm i386: 64b2b544496645ed16ce4e7415b358b0 httpd-2.0.52-22.ent.i386.rpm 7191377bec8fdd54c327830b05f74e7e httpd-devel-2.0.52-22.ent.i386.rpm 5b69c82ad64cee1b4c46e9f814e88286 httpd-manual-2.0.52-22.ent.i386.rpm 4cde89fc87b21feff51d54098fe4ed83 httpd-suexec-2.0.52-22.ent.i386.rpm 97f4a87d758c4b84def3abf53e6293cc mod_ssl-2.0.52-22.ent.i386.rpm ia64: c7522babbf9b3a24f8c3bfaff8e2e10f httpd-2.0.52-22.ent.ia64.rpm 10a317c00ae0e59b4f3071870f6d939a httpd-devel-2.0.52-22.ent.ia64.rpm adaf0ba8b49ee0ceb3469e1b5f67c339 httpd-manual-2.0.52-22.ent.ia64.rpm 38dec291e729a7e69bdc9ba25cfca5be httpd-suexec-2.0.52-22.ent.ia64.rpm fa92eddcfe59311085ed2c0c7675380b mod_ssl-2.0.52-22.ent.ia64.rpm x86_64: e0c7651c64d7ba3c4c1e6e5b0296295c httpd-2.0.52-22.ent.x86_64.rpm 95f9a419ba8d943c5a99fc750fc82176 httpd-devel-2.0.52-22.ent.x86_64.rpm f72c3a86cae6f4a2716e27d1e315797c httpd-manual-2.0.52-22.ent.x86_64.rpm dbbd0863f64a60bba95c0bd2164e4d17 httpd-suexec-2.0.52-22.ent.x86_64.rpm 8ee3ac6dff631ffc1d2b645582b35cfb mod_ssl-2.0.52-22.ent.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2970 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDvUQUXlSAg2UNWIIRAplfAKCmM3iZcFxAbp2XAX/fT5PMzAkVWgCfU/9Z A9/rGrsb1I+EMGl17TUFFYo= =nbln -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jan 6 02:57:45 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Jan 2006 21:57:45 -0500 Subject: [RHSA-2006:0164-01] Critical: mod_auth_pgsql security update Message-ID: <200601060257.k062vjsc020537@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: mod_auth_pgsql security update Advisory ID: RHSA-2006:0164-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0164.html Issue date: 2006-01-05 Updated on: 2006-01-05 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3656 - --------------------------------------------------------------------- 1. Summary: Updated mod_auth_pgsql packages that fix format string security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The mod_auth_pgsql package is an httpd module that allows user authentication against information stored in a PostgreSQL database. Several format string flaws were found in the way mod_auth_pgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if mod_auth_pgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3656 to this issue. Please note that this issue only affects servers which have mod_auth_pgsql installed and configured to perform user authentication against a PostgreSQL database. All users of mod_auth_pgsql should upgrade to these updated packages, which contain a backported patch to resolve this issue. This issue does not affect the mod_auth_pgsql package supplied with Red Hat Enterprise Linux 2.1. Red Hat would like to thank iDefense for reporting this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 177042 - CVE-2005-3656 mod_auth_pgsql format string issue 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mod_auth_pgsql-2.0.1-4.ent.1.src.rpm 78d123ce4dd88d2b473f3def9d1f78d8 mod_auth_pgsql-2.0.1-4.ent.1.src.rpm i386: 416d662759b7e9a6cac6db24813cadf9 mod_auth_pgsql-2.0.1-4.ent.1.i386.rpm ia64: 4a72fdbf3b94d7d1891e66d8465a5798 mod_auth_pgsql-2.0.1-4.ent.1.ia64.rpm ppc: 7b319bd7a03d74b6337b259f96950e8c mod_auth_pgsql-2.0.1-4.ent.1.ppc.rpm s390: c989ef09e9c107cd05e9ca4e75bbc789 mod_auth_pgsql-2.0.1-4.ent.1.s390.rpm s390x: 476139795bf63306aaf2d478fb471982 mod_auth_pgsql-2.0.1-4.ent.1.s390x.rpm x86_64: cb2bd4600e4fab1ffc7e2b1fbb2a6dfb mod_auth_pgsql-2.0.1-4.ent.1.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mod_auth_pgsql-2.0.1-4.ent.1.src.rpm 78d123ce4dd88d2b473f3def9d1f78d8 mod_auth_pgsql-2.0.1-4.ent.1.src.rpm i386: 416d662759b7e9a6cac6db24813cadf9 mod_auth_pgsql-2.0.1-4.ent.1.i386.rpm x86_64: cb2bd4600e4fab1ffc7e2b1fbb2a6dfb mod_auth_pgsql-2.0.1-4.ent.1.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mod_auth_pgsql-2.0.1-4.ent.1.src.rpm 78d123ce4dd88d2b473f3def9d1f78d8 mod_auth_pgsql-2.0.1-4.ent.1.src.rpm i386: 416d662759b7e9a6cac6db24813cadf9 mod_auth_pgsql-2.0.1-4.ent.1.i386.rpm ia64: 4a72fdbf3b94d7d1891e66d8465a5798 mod_auth_pgsql-2.0.1-4.ent.1.ia64.rpm x86_64: cb2bd4600e4fab1ffc7e2b1fbb2a6dfb mod_auth_pgsql-2.0.1-4.ent.1.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mod_auth_pgsql-2.0.1-4.ent.1.src.rpm 78d123ce4dd88d2b473f3def9d1f78d8 mod_auth_pgsql-2.0.1-4.ent.1.src.rpm i386: 416d662759b7e9a6cac6db24813cadf9 mod_auth_pgsql-2.0.1-4.ent.1.i386.rpm ia64: 4a72fdbf3b94d7d1891e66d8465a5798 mod_auth_pgsql-2.0.1-4.ent.1.ia64.rpm x86_64: cb2bd4600e4fab1ffc7e2b1fbb2a6dfb mod_auth_pgsql-2.0.1-4.ent.1.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mod_auth_pgsql-2.0.1-7.1.src.rpm 2a46d8268d1d434ed8ec089bf83e62bd mod_auth_pgsql-2.0.1-7.1.src.rpm i386: 19b586cf092086566de31c883b116f8f mod_auth_pgsql-2.0.1-7.1.i386.rpm ia64: 90ca4b0d4160b78edda12d3d300bc2bb mod_auth_pgsql-2.0.1-7.1.ia64.rpm ppc: 514eea209095325a9d0c4acb6c1a181f mod_auth_pgsql-2.0.1-7.1.ppc.rpm s390: 9c32645c2f524537233212c532e6d0a7 mod_auth_pgsql-2.0.1-7.1.s390.rpm s390x: 7eef05e02885fad7fb86485fe2b46630 mod_auth_pgsql-2.0.1-7.1.s390x.rpm x86_64: 542f993464e75b8e6370c453e1dc8c7d mod_auth_pgsql-2.0.1-7.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mod_auth_pgsql-2.0.1-7.1.src.rpm 2a46d8268d1d434ed8ec089bf83e62bd mod_auth_pgsql-2.0.1-7.1.src.rpm i386: 19b586cf092086566de31c883b116f8f mod_auth_pgsql-2.0.1-7.1.i386.rpm x86_64: 542f993464e75b8e6370c453e1dc8c7d mod_auth_pgsql-2.0.1-7.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mod_auth_pgsql-2.0.1-7.1.src.rpm 2a46d8268d1d434ed8ec089bf83e62bd mod_auth_pgsql-2.0.1-7.1.src.rpm i386: 19b586cf092086566de31c883b116f8f mod_auth_pgsql-2.0.1-7.1.i386.rpm ia64: 90ca4b0d4160b78edda12d3d300bc2bb mod_auth_pgsql-2.0.1-7.1.ia64.rpm x86_64: 542f993464e75b8e6370c453e1dc8c7d mod_auth_pgsql-2.0.1-7.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mod_auth_pgsql-2.0.1-7.1.src.rpm 2a46d8268d1d434ed8ec089bf83e62bd mod_auth_pgsql-2.0.1-7.1.src.rpm i386: 19b586cf092086566de31c883b116f8f mod_auth_pgsql-2.0.1-7.1.i386.rpm ia64: 90ca4b0d4160b78edda12d3d300bc2bb mod_auth_pgsql-2.0.1-7.1.ia64.rpm x86_64: 542f993464e75b8e6370c453e1dc8c7d mod_auth_pgsql-2.0.1-7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3656 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDvdwVXlSAg2UNWIIRAhi1AKCDbfZ4Sge+g3AcDxLaSCc6oj8m9gCgvCq1 /5n8Iy7SrZj/2Dx4qT9QzCE= =HYOS -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 10 19:37:20 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Jan 2006 14:37:20 -0500 Subject: [RHSA-2006:0179-01] Critical: auth_ldap security update Message-ID: <200601101937.k0AJbKDs026299@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: auth_ldap security update Advisory ID: RHSA-2006:0179-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0179.html Issue date: 2006-01-10 Updated on: 2006-01-10 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-0150 - --------------------------------------------------------------------- 1. Summary: An updated auth_ldap packages that fixes a format string security issue is now available for Red Hat Enterprise Linux 2.1. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: The auth_ldap package is an httpd module that allows user authentication against information stored in an LDAP database. A format string flaw was found in the way auth_ldap logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if auth_ldap is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0150 to this issue. Note that this issue only affects servers that have auth_ldap installed and configured to perform user authentication against an LDAP database. All users of auth_ldap should upgrade to this updated package, which contains a backported patch to resolve this issue. This issue does not affect the Red Hat Enterprise Linux 3 or 4 distributions as they do not include the auth_ldap package. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 177421 - CVE-2006-0150 auth_ldap format string issue 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/auth_ldap-1.4.8-3.1.src.rpm b386cc76da4f4dbbcafc5e0200567b76 auth_ldap-1.4.8-3.1.src.rpm i386: 569bce40fcb6cc7cefa9179d949fb192 auth_ldap-1.4.8-3.1.i386.rpm ia64: 56aea79641ddb17dc98d26b6f20dd439 auth_ldap-1.4.8-3.1.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/auth_ldap-1.4.8-3.1.src.rpm b386cc76da4f4dbbcafc5e0200567b76 auth_ldap-1.4.8-3.1.src.rpm ia64: 56aea79641ddb17dc98d26b6f20dd439 auth_ldap-1.4.8-3.1.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/auth_ldap-1.4.8-3.1.src.rpm b386cc76da4f4dbbcafc5e0200567b76 auth_ldap-1.4.8-3.1.src.rpm i386: 569bce40fcb6cc7cefa9179d949fb192 auth_ldap-1.4.8-3.1.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/auth_ldap-1.4.8-3.1.src.rpm b386cc76da4f4dbbcafc5e0200567b76 auth_ldap-1.4.8-3.1.src.rpm i386: 569bce40fcb6cc7cefa9179d949fb192 auth_ldap-1.4.8-3.1.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0150 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDxAzeXlSAg2UNWIIRAoyXAKCkSJ1N1C6y+XAe2/kZgwjHyFslfgCglmaD L1Zz1InsdNQSVQkxm2NPCQQ= =XZRD -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 11 19:14:44 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Jan 2006 14:14:44 -0500 Subject: [RHSA-2006:0156-01] Moderate: ethereal security update Message-ID: <200601111914.k0BJEi5X023729@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: ethereal security update Advisory ID: RHSA-2006:0156-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0156.html Issue date: 2006-01-11 Updated on: 2006-01-11 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3313 CVE-2005-3651 CVE-2005-4585 - --------------------------------------------------------------------- 1. Summary: Updated Ethereal packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Ethereal is a program for monitoring network traffic. Two denial of service bugs were found in Ethereal's IRC and GTP protocol dissectors. Ethereal could crash or stop responding if it reads a malformed IRC or GTP packet off the network. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2005-3313 and CVE-2005-4585 to these issues. A buffer overflow bug was found in Ethereal's OSPF protocol dissector. Ethereal could crash or execute arbitrary code if it reads a malformed OSPF packet off the network. (CVE-2005-3651) Users of ethereal should upgrade to these updated packages containing version 0.10.14, which is not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 172297 - CVE-2005-3313 Ethereal IRC dissector DoS 176828 - CVE-2005-4585 ethereal GTP dissector could go into an infinite loop 176940 - CVE-2005-3651 ethereal OSPF Protocol Dissector Buffer Overflow Vulnerability 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ethereal-0.10.14-1.AS21.1.src.rpm 4021f3e28f9fe6dbe9666229ccbd1cbb ethereal-0.10.14-1.AS21.1.src.rpm i386: 7794170456fbeab2dbfd8ec88d39205d ethereal-0.10.14-1.AS21.1.i386.rpm 67ecf4dd9da92b6848b995aad0642728 ethereal-gnome-0.10.14-1.AS21.1.i386.rpm ia64: c287f5503da87ad57e1db89a0014d689 ethereal-0.10.14-1.AS21.1.ia64.rpm e1d2432782ecb2eb35210a5f2be0ec8c ethereal-gnome-0.10.14-1.AS21.1.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ethereal-0.10.14-1.AS21.1.src.rpm 4021f3e28f9fe6dbe9666229ccbd1cbb ethereal-0.10.14-1.AS21.1.src.rpm ia64: c287f5503da87ad57e1db89a0014d689 ethereal-0.10.14-1.AS21.1.ia64.rpm e1d2432782ecb2eb35210a5f2be0ec8c ethereal-gnome-0.10.14-1.AS21.1.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ethereal-0.10.14-1.AS21.1.src.rpm 4021f3e28f9fe6dbe9666229ccbd1cbb ethereal-0.10.14-1.AS21.1.src.rpm i386: 7794170456fbeab2dbfd8ec88d39205d ethereal-0.10.14-1.AS21.1.i386.rpm 67ecf4dd9da92b6848b995aad0642728 ethereal-gnome-0.10.14-1.AS21.1.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ethereal-0.10.14-1.AS21.1.src.rpm 4021f3e28f9fe6dbe9666229ccbd1cbb ethereal-0.10.14-1.AS21.1.src.rpm i386: 7794170456fbeab2dbfd8ec88d39205d ethereal-0.10.14-1.AS21.1.i386.rpm 67ecf4dd9da92b6848b995aad0642728 ethereal-gnome-0.10.14-1.AS21.1.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ethereal-0.10.14-1.EL3.1.src.rpm 39e4d6b51b0a2bcaa224e4132d3790a8 ethereal-0.10.14-1.EL3.1.src.rpm i386: 40679300e3d1be6a199c7b70e4e068b2 ethereal-0.10.14-1.EL3.1.i386.rpm afe6d4dc24eb15cf1279a623244da304 ethereal-gnome-0.10.14-1.EL3.1.i386.rpm ia64: 63977373e9d98d13cb75dac4962fefc9 ethereal-0.10.14-1.EL3.1.ia64.rpm efe71a4e580b7b703dc87471c5c6e355 ethereal-gnome-0.10.14-1.EL3.1.ia64.rpm ppc: dfeec0c159be47543abe32390eb2d09a ethereal-0.10.14-1.EL3.1.ppc.rpm 121bbd3be544c134aba49667a9f6ead2 ethereal-gnome-0.10.14-1.EL3.1.ppc.rpm s390: e7c6d045fbea3bbe9c65797a1ae3fc00 ethereal-0.10.14-1.EL3.1.s390.rpm 0be9ecb11c20c16c8708cfc09f3410e8 ethereal-gnome-0.10.14-1.EL3.1.s390.rpm s390x: f02be249bbed814e6091f555dcbe635c ethereal-0.10.14-1.EL3.1.s390x.rpm 9cedecf133ba1fa8ecd83f4b7b8edbb7 ethereal-gnome-0.10.14-1.EL3.1.s390x.rpm x86_64: fe7a27a61ff85763fa77bcf2b8a78ee7 ethereal-0.10.14-1.EL3.1.x86_64.rpm 40cb9d4dbd038e5fbddfa9219223be00 ethereal-gnome-0.10.14-1.EL3.1.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ethereal-0.10.14-1.EL3.1.src.rpm 39e4d6b51b0a2bcaa224e4132d3790a8 ethereal-0.10.14-1.EL3.1.src.rpm i386: 40679300e3d1be6a199c7b70e4e068b2 ethereal-0.10.14-1.EL3.1.i386.rpm afe6d4dc24eb15cf1279a623244da304 ethereal-gnome-0.10.14-1.EL3.1.i386.rpm x86_64: fe7a27a61ff85763fa77bcf2b8a78ee7 ethereal-0.10.14-1.EL3.1.x86_64.rpm 40cb9d4dbd038e5fbddfa9219223be00 ethereal-gnome-0.10.14-1.EL3.1.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ethereal-0.10.14-1.EL3.1.src.rpm 39e4d6b51b0a2bcaa224e4132d3790a8 ethereal-0.10.14-1.EL3.1.src.rpm i386: 40679300e3d1be6a199c7b70e4e068b2 ethereal-0.10.14-1.EL3.1.i386.rpm afe6d4dc24eb15cf1279a623244da304 ethereal-gnome-0.10.14-1.EL3.1.i386.rpm ia64: 63977373e9d98d13cb75dac4962fefc9 ethereal-0.10.14-1.EL3.1.ia64.rpm efe71a4e580b7b703dc87471c5c6e355 ethereal-gnome-0.10.14-1.EL3.1.ia64.rpm x86_64: fe7a27a61ff85763fa77bcf2b8a78ee7 ethereal-0.10.14-1.EL3.1.x86_64.rpm 40cb9d4dbd038e5fbddfa9219223be00 ethereal-gnome-0.10.14-1.EL3.1.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ethereal-0.10.14-1.EL3.1.src.rpm 39e4d6b51b0a2bcaa224e4132d3790a8 ethereal-0.10.14-1.EL3.1.src.rpm i386: 40679300e3d1be6a199c7b70e4e068b2 ethereal-0.10.14-1.EL3.1.i386.rpm afe6d4dc24eb15cf1279a623244da304 ethereal-gnome-0.10.14-1.EL3.1.i386.rpm ia64: 63977373e9d98d13cb75dac4962fefc9 ethereal-0.10.14-1.EL3.1.ia64.rpm efe71a4e580b7b703dc87471c5c6e355 ethereal-gnome-0.10.14-1.EL3.1.ia64.rpm x86_64: fe7a27a61ff85763fa77bcf2b8a78ee7 ethereal-0.10.14-1.EL3.1.x86_64.rpm 40cb9d4dbd038e5fbddfa9219223be00 ethereal-gnome-0.10.14-1.EL3.1.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ethereal-0.10.14-1.EL4.1.src.rpm 1075cce665b64dbb95e5a87d00938ccd ethereal-0.10.14-1.EL4.1.src.rpm i386: 567ce7cddd7aed79d4b3aa1fe2b69481 ethereal-0.10.14-1.EL4.1.i386.rpm e7a328d7484f259443c52b1a54f4c8f9 ethereal-gnome-0.10.14-1.EL4.1.i386.rpm ia64: ad148b47b59706177363e2da9103dadf ethereal-0.10.14-1.EL4.1.ia64.rpm 88106e89034e8730f64f3575d85027d7 ethereal-gnome-0.10.14-1.EL4.1.ia64.rpm ppc: df062bc49b4f9987eafdbd0899d55a7b ethereal-0.10.14-1.EL4.1.ppc.rpm 68af5ece8e2ff6416bf9c48bc019bc29 ethereal-gnome-0.10.14-1.EL4.1.ppc.rpm s390: 096e854dd82d5abbb4f9de970be4648e ethereal-0.10.14-1.EL4.1.s390.rpm 1f29e3ad814097f8af88f765b98c3651 ethereal-gnome-0.10.14-1.EL4.1.s390.rpm s390x: 63106df08a49dd61b5002975a543ce00 ethereal-0.10.14-1.EL4.1.s390x.rpm 2eb2657f1166321538e637bd1048d5dd ethereal-gnome-0.10.14-1.EL4.1.s390x.rpm x86_64: cd3167838dbc34ea59d2392dcd3198d9 ethereal-0.10.14-1.EL4.1.x86_64.rpm 897c0ab507aaac0e1284f1c5018f66e7 ethereal-gnome-0.10.14-1.EL4.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ethereal-0.10.14-1.EL4.1.src.rpm 1075cce665b64dbb95e5a87d00938ccd ethereal-0.10.14-1.EL4.1.src.rpm i386: 567ce7cddd7aed79d4b3aa1fe2b69481 ethereal-0.10.14-1.EL4.1.i386.rpm e7a328d7484f259443c52b1a54f4c8f9 ethereal-gnome-0.10.14-1.EL4.1.i386.rpm x86_64: cd3167838dbc34ea59d2392dcd3198d9 ethereal-0.10.14-1.EL4.1.x86_64.rpm 897c0ab507aaac0e1284f1c5018f66e7 ethereal-gnome-0.10.14-1.EL4.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ethereal-0.10.14-1.EL4.1.src.rpm 1075cce665b64dbb95e5a87d00938ccd ethereal-0.10.14-1.EL4.1.src.rpm i386: 567ce7cddd7aed79d4b3aa1fe2b69481 ethereal-0.10.14-1.EL4.1.i386.rpm e7a328d7484f259443c52b1a54f4c8f9 ethereal-gnome-0.10.14-1.EL4.1.i386.rpm ia64: ad148b47b59706177363e2da9103dadf ethereal-0.10.14-1.EL4.1.ia64.rpm 88106e89034e8730f64f3575d85027d7 ethereal-gnome-0.10.14-1.EL4.1.ia64.rpm x86_64: cd3167838dbc34ea59d2392dcd3198d9 ethereal-0.10.14-1.EL4.1.x86_64.rpm 897c0ab507aaac0e1284f1c5018f66e7 ethereal-gnome-0.10.14-1.EL4.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ethereal-0.10.14-1.EL4.1.src.rpm 1075cce665b64dbb95e5a87d00938ccd ethereal-0.10.14-1.EL4.1.src.rpm i386: 567ce7cddd7aed79d4b3aa1fe2b69481 ethereal-0.10.14-1.EL4.1.i386.rpm e7a328d7484f259443c52b1a54f4c8f9 ethereal-gnome-0.10.14-1.EL4.1.i386.rpm ia64: ad148b47b59706177363e2da9103dadf ethereal-0.10.14-1.EL4.1.ia64.rpm 88106e89034e8730f64f3575d85027d7 ethereal-gnome-0.10.14-1.EL4.1.ia64.rpm x86_64: cd3167838dbc34ea59d2392dcd3198d9 ethereal-0.10.14-1.EL4.1.x86_64.rpm 897c0ab507aaac0e1284f1c5018f66e7 ethereal-gnome-0.10.14-1.EL4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3313 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4585 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDxVkMXlSAg2UNWIIRAnyqAJ0ahslMmBZ1oTW6e79VdhTC4Sn3KACgndCJ 36ciTAxHnV7JgTohK9yDbws= =3bno -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 11 19:16:49 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Jan 2006 14:16:49 -0500 Subject: [RHSA-2006:0163-01] Important: cups security update Message-ID: <200601111916.k0BJGn6a024227@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: cups security update Advisory ID: RHSA-2006:0163-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0163.html Issue date: 2006-01-11 Updated on: 2006-01-11 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 - --------------------------------------------------------------------- 1. Summary: Updated CUPS packages that fix multiple security issues are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Chris Evans discovered several flaws in the way CUPS processes PDF files. An attacker could construct a carefully crafted PDF file that could cause CUPS to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues. All users of CUPS should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 176868 - CVE-2005-3624 Additional xpdf issues (CVE-2005-3625 CVE-2005-3626 CVE-2005-3627) 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cups-1.1.17-13.3.36.src.rpm 77a6af87406f1c25a19bb19ab884e56e cups-1.1.17-13.3.36.src.rpm i386: 2b64f3957c49e92c11beb19906fdf5a1 cups-1.1.17-13.3.36.i386.rpm 01d9c69b5ce6a392332ad184acc20791 cups-devel-1.1.17-13.3.36.i386.rpm 45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm ia64: 46f51337b8713e3c67f9422533efe2a4 cups-1.1.17-13.3.36.ia64.rpm e5595b2fd0bddc5a4953b2f9f68bdc9b cups-devel-1.1.17-13.3.36.ia64.rpm 45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm babae5177429d1a234c9136e1d29ae6a cups-libs-1.1.17-13.3.36.ia64.rpm ppc: 5a4e94ee0635aeecde6fd5821756ee79 cups-1.1.17-13.3.36.ppc.rpm 226daa41eee9ffd08eeef0bf491a52ff cups-devel-1.1.17-13.3.36.ppc.rpm 40c64baf0608675b09ea29f6d902ba2b cups-libs-1.1.17-13.3.36.ppc.rpm cd8b0bf11b8c124bfa2c0fc8b9cf0e9a cups-libs-1.1.17-13.3.36.ppc64.rpm s390: e77aa4796c41a2c86bef1d72418966d4 cups-1.1.17-13.3.36.s390.rpm 7c0dbe644ee80a0633ee4948c8a50731 cups-devel-1.1.17-13.3.36.s390.rpm e79f1d7c9f227abe7e169b9f36413649 cups-libs-1.1.17-13.3.36.s390.rpm s390x: 45b8e2ce603684e47652b25c01b378b3 cups-1.1.17-13.3.36.s390x.rpm 0400366b7aba8e68492400615327d44e cups-devel-1.1.17-13.3.36.s390x.rpm e79f1d7c9f227abe7e169b9f36413649 cups-libs-1.1.17-13.3.36.s390.rpm 5186688847172a22a80299d2a3348743 cups-libs-1.1.17-13.3.36.s390x.rpm x86_64: d5599a27b7d2deba1af671ce308ee119 cups-1.1.17-13.3.36.x86_64.rpm 9116dcfa569c09758e2255c59fa419be cups-devel-1.1.17-13.3.36.x86_64.rpm 45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm 98320408c3e8e2aae469c541316942c4 cups-libs-1.1.17-13.3.36.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cups-1.1.17-13.3.36.src.rpm 77a6af87406f1c25a19bb19ab884e56e cups-1.1.17-13.3.36.src.rpm i386: 2b64f3957c49e92c11beb19906fdf5a1 cups-1.1.17-13.3.36.i386.rpm 01d9c69b5ce6a392332ad184acc20791 cups-devel-1.1.17-13.3.36.i386.rpm 45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm x86_64: d5599a27b7d2deba1af671ce308ee119 cups-1.1.17-13.3.36.x86_64.rpm 9116dcfa569c09758e2255c59fa419be cups-devel-1.1.17-13.3.36.x86_64.rpm 45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm 98320408c3e8e2aae469c541316942c4 cups-libs-1.1.17-13.3.36.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cups-1.1.17-13.3.36.src.rpm 77a6af87406f1c25a19bb19ab884e56e cups-1.1.17-13.3.36.src.rpm i386: 2b64f3957c49e92c11beb19906fdf5a1 cups-1.1.17-13.3.36.i386.rpm 01d9c69b5ce6a392332ad184acc20791 cups-devel-1.1.17-13.3.36.i386.rpm 45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm ia64: 46f51337b8713e3c67f9422533efe2a4 cups-1.1.17-13.3.36.ia64.rpm e5595b2fd0bddc5a4953b2f9f68bdc9b cups-devel-1.1.17-13.3.36.ia64.rpm 45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm babae5177429d1a234c9136e1d29ae6a cups-libs-1.1.17-13.3.36.ia64.rpm x86_64: d5599a27b7d2deba1af671ce308ee119 cups-1.1.17-13.3.36.x86_64.rpm 9116dcfa569c09758e2255c59fa419be cups-devel-1.1.17-13.3.36.x86_64.rpm 45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm 98320408c3e8e2aae469c541316942c4 cups-libs-1.1.17-13.3.36.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cups-1.1.17-13.3.36.src.rpm 77a6af87406f1c25a19bb19ab884e56e cups-1.1.17-13.3.36.src.rpm i386: 2b64f3957c49e92c11beb19906fdf5a1 cups-1.1.17-13.3.36.i386.rpm 01d9c69b5ce6a392332ad184acc20791 cups-devel-1.1.17-13.3.36.i386.rpm 45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm ia64: 46f51337b8713e3c67f9422533efe2a4 cups-1.1.17-13.3.36.ia64.rpm e5595b2fd0bddc5a4953b2f9f68bdc9b cups-devel-1.1.17-13.3.36.ia64.rpm 45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm babae5177429d1a234c9136e1d29ae6a cups-libs-1.1.17-13.3.36.ia64.rpm x86_64: d5599a27b7d2deba1af671ce308ee119 cups-1.1.17-13.3.36.x86_64.rpm 9116dcfa569c09758e2255c59fa419be cups-devel-1.1.17-13.3.36.x86_64.rpm 45b4b5c635bfcb6ec70be609cada5898 cups-libs-1.1.17-13.3.36.i386.rpm 98320408c3e8e2aae469c541316942c4 cups-libs-1.1.17-13.3.36.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cups-1.1.22-0.rc1.9.10.src.rpm 1388d6e99274b9b54a70762c3ce5d0a2 cups-1.1.22-0.rc1.9.10.src.rpm i386: 9357002c1f230b0287438881aebaf95b cups-1.1.22-0.rc1.9.10.i386.rpm c50b93a06da3fe35b6832b798ae8d3d3 cups-devel-1.1.22-0.rc1.9.10.i386.rpm 9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm ia64: 55302be9ad0a0e28e824cb16ffe09c45 cups-1.1.22-0.rc1.9.10.ia64.rpm a4ef44c63ef32e9bb20c4f1a1f6e2144 cups-devel-1.1.22-0.rc1.9.10.ia64.rpm 9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm b68a252468fe7cb579801034dfd5daf6 cups-libs-1.1.22-0.rc1.9.10.ia64.rpm ppc: 365cdc0fee7940dc64a11dd80b031732 cups-1.1.22-0.rc1.9.10.ppc.rpm 78af3544a09b2a0add718085564fd769 cups-devel-1.1.22-0.rc1.9.10.ppc.rpm b7e4289ea25721a2da48e8c200583a7b cups-libs-1.1.22-0.rc1.9.10.ppc.rpm cb3943932ad20c8921d34bc4df25a13f cups-libs-1.1.22-0.rc1.9.10.ppc64.rpm s390: fece6e3a8d35ea9fcc250e2aecca7751 cups-1.1.22-0.rc1.9.10.s390.rpm e44f3f4a8e3711140370b4f642a09f51 cups-devel-1.1.22-0.rc1.9.10.s390.rpm 7a6f1339ecdd39cc4f0ed922eecd5bf2 cups-libs-1.1.22-0.rc1.9.10.s390.rpm s390x: 82048dc33e6d779ef535d6ae04c609ff cups-1.1.22-0.rc1.9.10.s390x.rpm 584b5c05dcbcd8ea846c9ade4a74deb9 cups-devel-1.1.22-0.rc1.9.10.s390x.rpm 7a6f1339ecdd39cc4f0ed922eecd5bf2 cups-libs-1.1.22-0.rc1.9.10.s390.rpm ca920b2447143d360df069310a57c29d cups-libs-1.1.22-0.rc1.9.10.s390x.rpm x86_64: ed1ef0ff9ed4ae55f42bd7ae42a45e8a cups-1.1.22-0.rc1.9.10.x86_64.rpm 78080b478924a5c39544a4072dfa066c cups-devel-1.1.22-0.rc1.9.10.x86_64.rpm 9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm 2358b07d600ba1f0827e2d24ca41b632 cups-libs-1.1.22-0.rc1.9.10.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cups-1.1.22-0.rc1.9.10.src.rpm 1388d6e99274b9b54a70762c3ce5d0a2 cups-1.1.22-0.rc1.9.10.src.rpm i386: 9357002c1f230b0287438881aebaf95b cups-1.1.22-0.rc1.9.10.i386.rpm c50b93a06da3fe35b6832b798ae8d3d3 cups-devel-1.1.22-0.rc1.9.10.i386.rpm 9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm x86_64: ed1ef0ff9ed4ae55f42bd7ae42a45e8a cups-1.1.22-0.rc1.9.10.x86_64.rpm 78080b478924a5c39544a4072dfa066c cups-devel-1.1.22-0.rc1.9.10.x86_64.rpm 9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm 2358b07d600ba1f0827e2d24ca41b632 cups-libs-1.1.22-0.rc1.9.10.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cups-1.1.22-0.rc1.9.10.src.rpm 1388d6e99274b9b54a70762c3ce5d0a2 cups-1.1.22-0.rc1.9.10.src.rpm i386: 9357002c1f230b0287438881aebaf95b cups-1.1.22-0.rc1.9.10.i386.rpm c50b93a06da3fe35b6832b798ae8d3d3 cups-devel-1.1.22-0.rc1.9.10.i386.rpm 9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm ia64: 55302be9ad0a0e28e824cb16ffe09c45 cups-1.1.22-0.rc1.9.10.ia64.rpm a4ef44c63ef32e9bb20c4f1a1f6e2144 cups-devel-1.1.22-0.rc1.9.10.ia64.rpm 9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm b68a252468fe7cb579801034dfd5daf6 cups-libs-1.1.22-0.rc1.9.10.ia64.rpm x86_64: ed1ef0ff9ed4ae55f42bd7ae42a45e8a cups-1.1.22-0.rc1.9.10.x86_64.rpm 78080b478924a5c39544a4072dfa066c cups-devel-1.1.22-0.rc1.9.10.x86_64.rpm 9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm 2358b07d600ba1f0827e2d24ca41b632 cups-libs-1.1.22-0.rc1.9.10.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cups-1.1.22-0.rc1.9.10.src.rpm 1388d6e99274b9b54a70762c3ce5d0a2 cups-1.1.22-0.rc1.9.10.src.rpm i386: 9357002c1f230b0287438881aebaf95b cups-1.1.22-0.rc1.9.10.i386.rpm c50b93a06da3fe35b6832b798ae8d3d3 cups-devel-1.1.22-0.rc1.9.10.i386.rpm 9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm ia64: 55302be9ad0a0e28e824cb16ffe09c45 cups-1.1.22-0.rc1.9.10.ia64.rpm a4ef44c63ef32e9bb20c4f1a1f6e2144 cups-devel-1.1.22-0.rc1.9.10.ia64.rpm 9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm b68a252468fe7cb579801034dfd5daf6 cups-libs-1.1.22-0.rc1.9.10.ia64.rpm x86_64: ed1ef0ff9ed4ae55f42bd7ae42a45e8a cups-1.1.22-0.rc1.9.10.x86_64.rpm 78080b478924a5c39544a4072dfa066c cups-devel-1.1.22-0.rc1.9.10.x86_64.rpm 9678ef5ae8fcf286440f9bf2df05cfe0 cups-libs-1.1.22-0.rc1.9.10.i386.rpm 2358b07d600ba1f0827e2d24ca41b632 cups-libs-1.1.22-0.rc1.9.10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDxVl8XlSAg2UNWIIRAqn6AJ9mzY82lwnJFbcyasSfn7jnfVQIfACgh/CL 2eQCmPCOJSgLjrE3GIIfsHM= =otbM -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 11 19:17:40 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Jan 2006 14:17:40 -0500 Subject: [RHSA-2006:0177-01] Important: gpdf security update Message-ID: <200601111917.k0BJHfr1024402@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: gpdf security update Advisory ID: RHSA-2006:0177-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0177.html Issue date: 2006-01-11 Updated on: 2006-01-11 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 - --------------------------------------------------------------------- 1. Summary: An updated gpdf package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: gpdf is a GNOME based viewer for Portable Document Format (PDF) files. Chris Evans discovered several flaws in the way gpdf processes PDF files. An attacker could construct a carefully crafted PDF file that could cause gpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues. Users of gpdf should upgrade to this updated package, which contains a backported patch to resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 176865 - [RHEL4] CVE-2005-3624 Additional xpdf issues (CVE-2005-3625 CVE-2005-3626 CVE-2005-3627) 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gpdf-2.8.2-7.4.src.rpm d4e3f5d7f7d0f2c44a090318bcec3879 gpdf-2.8.2-7.4.src.rpm i386: 1a64ae076a42994da47ec6a8eb88b2fe gpdf-2.8.2-7.4.i386.rpm ia64: 511bf1f06967c657101aaf1dc23e275c gpdf-2.8.2-7.4.ia64.rpm ppc: ab9ee41d5702747b9fa73aa0bafbd99a gpdf-2.8.2-7.4.ppc.rpm s390: deaab6eb19520a0bfad487a985b04dbf gpdf-2.8.2-7.4.s390.rpm s390x: 7ef372149da122cad87cea1a87f165fe gpdf-2.8.2-7.4.s390x.rpm x86_64: 4faf65a28e2f782807bf17e933b946af gpdf-2.8.2-7.4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gpdf-2.8.2-7.4.src.rpm d4e3f5d7f7d0f2c44a090318bcec3879 gpdf-2.8.2-7.4.src.rpm i386: 1a64ae076a42994da47ec6a8eb88b2fe gpdf-2.8.2-7.4.i386.rpm x86_64: 4faf65a28e2f782807bf17e933b946af gpdf-2.8.2-7.4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gpdf-2.8.2-7.4.src.rpm d4e3f5d7f7d0f2c44a090318bcec3879 gpdf-2.8.2-7.4.src.rpm i386: 1a64ae076a42994da47ec6a8eb88b2fe gpdf-2.8.2-7.4.i386.rpm ia64: 511bf1f06967c657101aaf1dc23e275c gpdf-2.8.2-7.4.ia64.rpm x86_64: 4faf65a28e2f782807bf17e933b946af gpdf-2.8.2-7.4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gpdf-2.8.2-7.4.src.rpm d4e3f5d7f7d0f2c44a090318bcec3879 gpdf-2.8.2-7.4.src.rpm i386: 1a64ae076a42994da47ec6a8eb88b2fe gpdf-2.8.2-7.4.i386.rpm ia64: 511bf1f06967c657101aaf1dc23e275c gpdf-2.8.2-7.4.ia64.rpm x86_64: 4faf65a28e2f782807bf17e933b946af gpdf-2.8.2-7.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDxVmxXlSAg2UNWIIRApBkAJ9acdASGPloyOUIcLGAiGpDpC/rNQCfanMp Y1dRH3IbEFi0LU7xsUZqBNg= =SKBB -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jan 11 19:50:00 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Jan 2006 14:50:00 -0500 Subject: [RHSA-2006:0157-01] Low: struts security update for Red Hat Application Server Message-ID: <200601111950.k0BJo0Zl002449@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: struts security update for Red Hat Application Server Advisory ID: RHSA-2006:0157-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0157.html Issue date: 2006-01-11 Updated on: 2006-01-11 Product: Red Hat Application Server CVE Names: CVE-2005-3745 - --------------------------------------------------------------------- 1. Summary: Updated Red Hat Application Server components are now available including a security update for Struts. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Application Server 3AS - noarch Red Hat Application Server 3ES - noarch Red Hat Application Server 3WS - noarch 3. Problem description: Red Hat Application Server packages provide a J2EE Application Server and Web container as well as the underlying Java stack. A cross-site scripting flaw was found in the way Struts displays error pages. It may be possible for an attacker to construct a specially crafted URL which could fool a victim into believing they are viewing a trusted site. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3745 to this issue. Please note that this issue does not affect Struts running on Tomcat or JOnAS, which is our supported usage of Struts. All users of Red Hat Application Server should upgrade to these updated packages, which contain Struts version 1.2.8 which is not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 173929 - CVE-2005-3745 struts cross site scripting flaw 6. RPMs required: Red Hat Application Server 3AS: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/RHAPS/SRPMS/jakarta-commons-validator-1.1.4-1jpp_2rh.src.rpm 46933f732577bc526befdeea7bac8104 jakarta-commons-validator-1.1.4-1jpp_2rh.src.rpm ftp://updates.redhat.com/enterprise/3AS/en/RHAPS/SRPMS/struts-1.2.8-1jpp_2rh.src.rpm 155997f9d1c9e4bc5aa5925fc4c32c09 struts-1.2.8-1jpp_2rh.src.rpm noarch: ftp://updates.redhat.com/enterprise/3AS/en/RHAPS/SRPMS/jakarta-commons-validator-1.1.4-1jpp_2rh.noarch.rpm f98c1b067974f6be016c01b0ab6295a0 jakarta-commons-validator-1.1.4-1jpp_2rh.noarch.rpm ftp://updates.redhat.com/enterprise/3AS/en/RHAPS/SRPMS/jakarta-commons-validator-javadoc-1.1.4-1jpp_2rh.noarch.rpm 32401dec1ab787c56760145a033a4d7c jakarta-commons-validator-javadoc-1.1.4-1jpp_2rh.noarch.rpm ftp://updates.redhat.com/enterprise/3AS/en/RHAPS/SRPMS/struts-1.2.8-1jpp_2rh.noarch.rpm 19ff36e45ff2aee9fab9e6aa06a8f46b struts-1.2.8-1jpp_2rh.noarch.rpm ftp://updates.redhat.com/enterprise/3AS/en/RHAPS/SRPMS/struts-javadoc-1.2.8-1jpp_2rh.noarch.rpm 80b709089a6c65cc926df4d64695777e struts-javadoc-1.2.8-1jpp_2rh.noarch.rpm ftp://updates.redhat.com/enterprise/3AS/en/RHAPS/SRPMS/struts-manual-1.2.8-1jpp_2rh.noarch.rpm 96e87e5eed99be4173961e8a805004c2 struts-manual-1.2.8-1jpp_2rh.noarch.rpm ftp://updates.redhat.com/enterprise/3AS/en/RHAPS/SRPMS/struts-webapps-tomcat5-1.2.8-1jpp_2rh.noarch.rpm 9f50fcbd73cc59fdb65383bd9f3c28ef struts-webapps-tomcat5-1.2.8-1jpp_2rh.noarch.rpm Red Hat Application Server 3ES: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/RHAPS/SRPMS/jakarta-commons-validator-1.1.4-1jpp_2rh.src.rpm 46933f732577bc526befdeea7bac8104 jakarta-commons-validator-1.1.4-1jpp_2rh.src.rpm ftp://updates.redhat.com/enterprise/3ES/en/RHAPS/SRPMS/struts-1.2.8-1jpp_2rh.src.rpm 155997f9d1c9e4bc5aa5925fc4c32c09 struts-1.2.8-1jpp_2rh.src.rpm noarch: ftp://updates.redhat.com/enterprise/3ES/en/RHAPS/SRPMS/jakarta-commons-validator-1.1.4-1jpp_2rh.noarch.rpm f98c1b067974f6be016c01b0ab6295a0 jakarta-commons-validator-1.1.4-1jpp_2rh.noarch.rpm ftp://updates.redhat.com/enterprise/3ES/en/RHAPS/SRPMS/jakarta-commons-validator-javadoc-1.1.4-1jpp_2rh.noarch.rpm 32401dec1ab787c56760145a033a4d7c jakarta-commons-validator-javadoc-1.1.4-1jpp_2rh.noarch.rpm ftp://updates.redhat.com/enterprise/3ES/en/RHAPS/SRPMS/struts-1.2.8-1jpp_2rh.noarch.rpm 19ff36e45ff2aee9fab9e6aa06a8f46b struts-1.2.8-1jpp_2rh.noarch.rpm ftp://updates.redhat.com/enterprise/3ES/en/RHAPS/SRPMS/struts-javadoc-1.2.8-1jpp_2rh.noarch.rpm 80b709089a6c65cc926df4d64695777e struts-javadoc-1.2.8-1jpp_2rh.noarch.rpm ftp://updates.redhat.com/enterprise/3ES/en/RHAPS/SRPMS/struts-manual-1.2.8-1jpp_2rh.noarch.rpm 96e87e5eed99be4173961e8a805004c2 struts-manual-1.2.8-1jpp_2rh.noarch.rpm ftp://updates.redhat.com/enterprise/3ES/en/RHAPS/SRPMS/struts-webapps-tomcat5-1.2.8-1jpp_2rh.noarch.rpm 9f50fcbd73cc59fdb65383bd9f3c28ef struts-webapps-tomcat5-1.2.8-1jpp_2rh.noarch.rpm Red Hat Application Server 3WS: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/RHAPS/SRPMS/jakarta-commons-validator-1.1.4-1jpp_2rh.src.rpm 46933f732577bc526befdeea7bac8104 jakarta-commons-validator-1.1.4-1jpp_2rh.src.rpm ftp://updates.redhat.com/enterprise/3WS/en/RHAPS/SRPMS/struts-1.2.8-1jpp_2rh.src.rpm 155997f9d1c9e4bc5aa5925fc4c32c09 struts-1.2.8-1jpp_2rh.src.rpm noarch: ftp://updates.redhat.com/enterprise/3WS/en/RHAPS/SRPMS/jakarta-commons-validator-1.1.4-1jpp_2rh.noarch.rpm f98c1b067974f6be016c01b0ab6295a0 jakarta-commons-validator-1.1.4-1jpp_2rh.noarch.rpm ftp://updates.redhat.com/enterprise/3WS/en/RHAPS/SRPMS/jakarta-commons-validator-javadoc-1.1.4-1jpp_2rh.noarch.rpm 32401dec1ab787c56760145a033a4d7c jakarta-commons-validator-javadoc-1.1.4-1jpp_2rh.noarch.rpm ftp://updates.redhat.com/enterprise/3WS/en/RHAPS/SRPMS/struts-1.2.8-1jpp_2rh.noarch.rpm 19ff36e45ff2aee9fab9e6aa06a8f46b struts-1.2.8-1jpp_2rh.noarch.rpm ftp://updates.redhat.com/enterprise/3WS/en/RHAPS/SRPMS/struts-javadoc-1.2.8-1jpp_2rh.noarch.rpm 80b709089a6c65cc926df4d64695777e struts-javadoc-1.2.8-1jpp_2rh.noarch.rpm ftp://updates.redhat.com/enterprise/3WS/en/RHAPS/SRPMS/struts-manual-1.2.8-1jpp_2rh.noarch.rpm 96e87e5eed99be4173961e8a805004c2 struts-manual-1.2.8-1jpp_2rh.noarch.rpm ftp://updates.redhat.com/enterprise/3WS/en/RHAPS/SRPMS/struts-webapps-tomcat5-1.2.8-1jpp_2rh.noarch.rpm 9f50fcbd73cc59fdb65383bd9f3c28ef struts-webapps-tomcat5-1.2.8-1jpp_2rh.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3745 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDxWFdXlSAg2UNWIIRAoKuAKCnSafpfGQuWg8PaqsArmKTIS2DCgCfSwLb C+q+SLuAWHEUt3AOqprrDq8= =IQaE -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 17 08:53:31 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Jan 2006 03:53:31 -0500 Subject: [RHSA-2006:0158-01] Moderate: apache security update Message-ID: <200601170853.k0H8rVJN032710@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: apache security update Advisory ID: RHSA-2006:0158-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0158.html Issue date: 2006-01-17 Updated on: 2006-01-17 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3352 - --------------------------------------------------------------------- 1. Summary: Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: The Apache HTTP Server is a popular and freely-available Web server. A flaw in mod_imap when using the Referer directive with image maps was discovered. With certain site configurations, a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3352 to this issue. Users of apache should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 175714 - CVE-2005-3352 cross-site scripting flaw in mod_imap 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/apache-1.3.27-10.ent.src.rpm b553d916da2eebe7d790f8675e202e36 apache-1.3.27-10.ent.src.rpm i386: 3f093f3aec1ddeefb69276829fd52530 apache-1.3.27-10.ent.i386.rpm 6965c57abb94dad2ad439b78361aca89 apache-devel-1.3.27-10.ent.i386.rpm 68a09b64153ea9510cb498fd33a2fa8f apache-manual-1.3.27-10.ent.i386.rpm ia64: 16e66a9a4bf882b54fe32ab80659bc9f apache-1.3.27-10.ent.ia64.rpm 7c619644a238b62029af87f929d6b43d apache-devel-1.3.27-10.ent.ia64.rpm 08d3b98de29abe2af59f94312dc96a74 apache-manual-1.3.27-10.ent.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/apache-1.3.27-10.ent.src.rpm b553d916da2eebe7d790f8675e202e36 apache-1.3.27-10.ent.src.rpm ia64: 16e66a9a4bf882b54fe32ab80659bc9f apache-1.3.27-10.ent.ia64.rpm 7c619644a238b62029af87f929d6b43d apache-devel-1.3.27-10.ent.ia64.rpm 08d3b98de29abe2af59f94312dc96a74 apache-manual-1.3.27-10.ent.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/apache-1.3.27-10.ent.src.rpm b553d916da2eebe7d790f8675e202e36 apache-1.3.27-10.ent.src.rpm i386: 3f093f3aec1ddeefb69276829fd52530 apache-1.3.27-10.ent.i386.rpm 6965c57abb94dad2ad439b78361aca89 apache-devel-1.3.27-10.ent.i386.rpm 68a09b64153ea9510cb498fd33a2fa8f apache-manual-1.3.27-10.ent.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/apache-1.3.27-10.ent.src.rpm b553d916da2eebe7d790f8675e202e36 apache-1.3.27-10.ent.src.rpm i386: 3f093f3aec1ddeefb69276829fd52530 apache-1.3.27-10.ent.i386.rpm 6965c57abb94dad2ad439b78361aca89 apache-devel-1.3.27-10.ent.i386.rpm 68a09b64153ea9510cb498fd33a2fa8f apache-manual-1.3.27-10.ent.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDzLB6XlSAg2UNWIIRAueYAJ0eJf/LmpZp1iHQJ7m1K0HdeGFBZQCeM55Z zJM+GWyXkcC9o0GHA/vqrKg= =UUmb -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jan 17 08:55:23 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Jan 2006 03:55:23 -0500 Subject: [RHSA-2006:0101-01] Important: kernel security update Message-ID: <200601170855.k0H8tOmM000801@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2006:0101-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0101.html Issue date: 2006-01-17 Updated on: 2006-01-17 Product: Red Hat Enterprise Linux Obsoletes: RHSA-2005:808 CVE Names: CVE-2002-2185 CVE-2004-1190 CVE-2005-2458 CVE-2005-2709 CVE-2005-2800 CVE-2005-3044 CVE-2005-3106 CVE-2005-3109 CVE-2005-3276 CVE-2005-3356 CVE-2005-3358 CVE-2005-3784 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4605 - --------------------------------------------------------------------- 1. Summary: Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64 3. Problem description: The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: - - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - - a flaw which allowed a local user to write to firmware on read-only opened /dev/cdrom devices (CVE-2004-1190, moderate) - - a flaw in gzip/zlib handling internal to the kernel that may allow a local user to cause a denial of service (crash) (CVE-2005-2458, low) - - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - - a flaw in the SCSI procfs interface that allowed a local user to cause a denial of service (crash) (CVE-2005-2800, moderate) - - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed a local user to cause a denial of service (crash) (CVE-2005-3044, important) - - a race condition when threads share memory mapping that allowed local users to cause a denial of service (deadlock) (CVE-2005-3106, important) - - a flaw when trying to mount a non-hfsplus filesystem using hfsplus that allowed local users to cause a denial of service (crash) (CVE-2005-3109, moderate) - - a minor info leak with the get_thread_area() syscall that allowed a local user to view uninitialized kernel stack data (CVE-2005-3276, low) - - a flaw in mq_open system call that allowed a local user to cause a denial of service (crash) (CVE-2005-3356, important) - - a flaw in set_mempolicy that allowed a local user on some 64-bit architectures to cause a denial of service (crash) (CVE-2005-3358, important) - - a flaw in the auto-reap of child processes that allowed a local user to cause a denial of service (crash) (CVE-2005-3784, important) - - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) - - a flaw in network ICMP processing that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3848, important) - - a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857, moderate) - - a flaw in network IPv6 xfrm handling that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3858, important) - - a flaw in procfs handling that allowed a local user to read kernel memory (CVE-2005-4605, important) All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 158861 - CVE-2004-1190 Continued raw access issues 165679 - CVE-2005-2458 gzip/zlib flaws 167696 - CVE-2005-2800 SCSI proc DoS 168659 - CVE-2005-3044 lost fput and sockfd_put could lead to DoS 168777 - CVE-2005-3276 sys_get_thread_area minor info leak 168924 - CVE-2005-2709 More sysctl flaws 169130 - CVE-2005-3356 double decrement of mqueue_mnt->mnt_count in sys_mq_open 170262 - CVE-2005-3106 exec_mmap race DoS 171002 - CVE-2005-3109 HFS oops 174078 - [RHEL4] CVE-2005-3784 auto-reap DoS 174081 - CVE-2005-3806 ipv6 DOS 174337 - [RHEL4] CVE-2005-3857 lease printk DoS 174343 - CVE-2005-3858 ip6_input_finish DoS 174345 - CVE-2005-3848 dst_entry leak DoS 174807 - CVE-2002-2185 IGMP DoS 175683 - CVE-2005-3358 panic caused by bad args to set_mempolicy 176812 - CVE-2005-4605 Kernel memory disclosure 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-22.0.2.EL.src.rpm b50fbbd12e29a3ca1bfa7b4310fdc18d kernel-2.6.9-22.0.2.EL.src.rpm i386: a9054fd42cd3105a673f2066caf4de15 kernel-2.6.9-22.0.2.EL.i686.rpm e3a7fef199a480936043131ca10945e1 kernel-devel-2.6.9-22.0.2.EL.i686.rpm 0e26e14f1de7f0e8d39ac918af2a8494 kernel-hugemem-2.6.9-22.0.2.EL.i686.rpm dcb79758906cc2ba683d5b1beadf6db1 kernel-hugemem-devel-2.6.9-22.0.2.EL.i686.rpm e66a773b0425948807df2369519c8416 kernel-smp-2.6.9-22.0.2.EL.i686.rpm 52aef02b73f55f9a28308713e3cad221 kernel-smp-devel-2.6.9-22.0.2.EL.i686.rpm ia64: 2567e86652683fc131d6298a9466d9f4 kernel-2.6.9-22.0.2.EL.ia64.rpm 15bfd72b79b20e2d90fd47fbf68deda0 kernel-devel-2.6.9-22.0.2.EL.ia64.rpm noarch: bb0a0d5917b0d63d9c683a7f33e519a9 kernel-doc-2.6.9-22.0.2.EL.noarch.rpm ppc: 68686b0f7065d72e01090af2c3c12413 kernel-2.6.9-22.0.2.EL.ppc64.rpm 1220c56733452c55c87ae7a7fc6da952 kernel-2.6.9-22.0.2.EL.ppc64iseries.rpm 6d50c9ead773ce1b5a033ef794107dd0 kernel-devel-2.6.9-22.0.2.EL.ppc64.rpm edd38da55bca79d91268ccb39dc001e3 kernel-devel-2.6.9-22.0.2.EL.ppc64iseries.rpm s390: fd2526e4e7fdac29d15a836554d18002 kernel-2.6.9-22.0.2.EL.s390.rpm 55e50f39b2cae60dae41c19187513f85 kernel-devel-2.6.9-22.0.2.EL.s390.rpm s390x: 94ffb16f720bd5e58c7ed16af7b8ad6c kernel-2.6.9-22.0.2.EL.s390x.rpm f05df19613aab4d3a3efbc04c83632c2 kernel-devel-2.6.9-22.0.2.EL.s390x.rpm x86_64: aa26a1be88624b4dd72b21878d051f2c kernel-2.6.9-22.0.2.EL.x86_64.rpm 2bdb46d99ab6ec0a7e2cb40c27caf557 kernel-devel-2.6.9-22.0.2.EL.x86_64.rpm e9cdbe981b52ec9f3cf52e6e48c4f99c kernel-smp-2.6.9-22.0.2.EL.x86_64.rpm 1397c66c010c457c5d9203f5af6eb410 kernel-smp-devel-2.6.9-22.0.2.EL.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-22.0.2.EL.src.rpm b50fbbd12e29a3ca1bfa7b4310fdc18d kernel-2.6.9-22.0.2.EL.src.rpm i386: a9054fd42cd3105a673f2066caf4de15 kernel-2.6.9-22.0.2.EL.i686.rpm e3a7fef199a480936043131ca10945e1 kernel-devel-2.6.9-22.0.2.EL.i686.rpm 0e26e14f1de7f0e8d39ac918af2a8494 kernel-hugemem-2.6.9-22.0.2.EL.i686.rpm dcb79758906cc2ba683d5b1beadf6db1 kernel-hugemem-devel-2.6.9-22.0.2.EL.i686.rpm e66a773b0425948807df2369519c8416 kernel-smp-2.6.9-22.0.2.EL.i686.rpm 52aef02b73f55f9a28308713e3cad221 kernel-smp-devel-2.6.9-22.0.2.EL.i686.rpm noarch: bb0a0d5917b0d63d9c683a7f33e519a9 kernel-doc-2.6.9-22.0.2.EL.noarch.rpm x86_64: aa26a1be88624b4dd72b21878d051f2c kernel-2.6.9-22.0.2.EL.x86_64.rpm 2bdb46d99ab6ec0a7e2cb40c27caf557 kernel-devel-2.6.9-22.0.2.EL.x86_64.rpm e9cdbe981b52ec9f3cf52e6e48c4f99c kernel-smp-2.6.9-22.0.2.EL.x86_64.rpm 1397c66c010c457c5d9203f5af6eb410 kernel-smp-devel-2.6.9-22.0.2.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-22.0.2.EL.src.rpm b50fbbd12e29a3ca1bfa7b4310fdc18d kernel-2.6.9-22.0.2.EL.src.rpm i386: a9054fd42cd3105a673f2066caf4de15 kernel-2.6.9-22.0.2.EL.i686.rpm e3a7fef199a480936043131ca10945e1 kernel-devel-2.6.9-22.0.2.EL.i686.rpm 0e26e14f1de7f0e8d39ac918af2a8494 kernel-hugemem-2.6.9-22.0.2.EL.i686.rpm dcb79758906cc2ba683d5b1beadf6db1 kernel-hugemem-devel-2.6.9-22.0.2.EL.i686.rpm e66a773b0425948807df2369519c8416 kernel-smp-2.6.9-22.0.2.EL.i686.rpm 52aef02b73f55f9a28308713e3cad221 kernel-smp-devel-2.6.9-22.0.2.EL.i686.rpm ia64: 2567e86652683fc131d6298a9466d9f4 kernel-2.6.9-22.0.2.EL.ia64.rpm 15bfd72b79b20e2d90fd47fbf68deda0 kernel-devel-2.6.9-22.0.2.EL.ia64.rpm noarch: bb0a0d5917b0d63d9c683a7f33e519a9 kernel-doc-2.6.9-22.0.2.EL.noarch.rpm x86_64: aa26a1be88624b4dd72b21878d051f2c kernel-2.6.9-22.0.2.EL.x86_64.rpm 2bdb46d99ab6ec0a7e2cb40c27caf557 kernel-devel-2.6.9-22.0.2.EL.x86_64.rpm e9cdbe981b52ec9f3cf52e6e48c4f99c kernel-smp-2.6.9-22.0.2.EL.x86_64.rpm 1397c66c010c457c5d9203f5af6eb410 kernel-smp-devel-2.6.9-22.0.2.EL.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-22.0.2.EL.src.rpm b50fbbd12e29a3ca1bfa7b4310fdc18d kernel-2.6.9-22.0.2.EL.src.rpm i386: a9054fd42cd3105a673f2066caf4de15 kernel-2.6.9-22.0.2.EL.i686.rpm e3a7fef199a480936043131ca10945e1 kernel-devel-2.6.9-22.0.2.EL.i686.rpm 0e26e14f1de7f0e8d39ac918af2a8494 kernel-hugemem-2.6.9-22.0.2.EL.i686.rpm dcb79758906cc2ba683d5b1beadf6db1 kernel-hugemem-devel-2.6.9-22.0.2.EL.i686.rpm e66a773b0425948807df2369519c8416 kernel-smp-2.6.9-22.0.2.EL.i686.rpm 52aef02b73f55f9a28308713e3cad221 kernel-smp-devel-2.6.9-22.0.2.EL.i686.rpm ia64: 2567e86652683fc131d6298a9466d9f4 kernel-2.6.9-22.0.2.EL.ia64.rpm 15bfd72b79b20e2d90fd47fbf68deda0 kernel-devel-2.6.9-22.0.2.EL.ia64.rpm noarch: bb0a0d5917b0d63d9c683a7f33e519a9 kernel-doc-2.6.9-22.0.2.EL.noarch.rpm x86_64: aa26a1be88624b4dd72b21878d051f2c kernel-2.6.9-22.0.2.EL.x86_64.rpm 2bdb46d99ab6ec0a7e2cb40c27caf557 kernel-devel-2.6.9-22.0.2.EL.x86_64.rpm e9cdbe981b52ec9f3cf52e6e48c4f99c kernel-smp-2.6.9-22.0.2.EL.x86_64.rpm 1397c66c010c457c5d9203f5af6eb410 kernel-smp-devel-2.6.9-22.0.2.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1190 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3109 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3356 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3358 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3857 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4605 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDzLDtXlSAg2UNWIIRAsr6AJ9sA/JCRnGWQt/GWuOMXb+vgkUZhACggde5 ySCTmyGqid+L88n3jiy1k3s= =4vhW -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 19 16:18:17 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Jan 2006 11:18:17 -0500 Subject: [RHSA-2006:0140-01] Important: kernel security update Message-ID: <200601191618.k0JGIHg5032512@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2006:0140-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0140.html Issue date: 2006-01-19 Updated on: 2006-01-19 Product: Red Hat Enterprise Linux Obsoletes: RHSA-2005:663 CVE Names: CVE-2002-2185 CVE-2004-1057 CVE-2005-2708 CVE-2005-2709 CVE-2005-2973 CVE-2005-3044 CVE-2005-3180 CVE-2005-3275 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 - --------------------------------------------------------------------- 1. Summary: Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: - - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - - a flaw in remap_page_range() with O_DIRECT writes that allowed a local user to cause a denial of service (crash) (CVE-2004-1057, important) - - a flaw in exec() handling on some 64-bit architectures that allowed a local user to cause a denial of service (crash) (CVE-2005-2708, important) - - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - - a flaw in IPv6 network UDP port hash table lookups that allowed a local user to cause a denial of service (hang) (CVE-2005-2973, important) - - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed a local user to cause a denial of service (crash) (CVE-2005-3044, important) - - a network buffer info leak using the orinoco driver that allowed a remote user to possibly view uninitialized data (CVE-2005-3180, important) - - a flaw in IPv4 network TCP and UDP netfilter handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3275, important) - - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) - - a flaw in network ICMP processing that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3848, important) - - a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857, moderate) - - a flaw in network IPv6 xfrm handling that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3858, important) All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum. 4. Solution: Before applying this update, make sure that all previously released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 137820 - CVE-2004-1057 VM_IO refcount issue 161925 - CVE-2005-2708 user code panics kernel in exec.c 168661 - CVE-2005-3044 lost fput could lead to DoS 168925 - CVE-2005-2709 More sysctl flaws 170278 - CVE-2005-3180 orinoco driver information leakage 170774 - CVE-2005-2973 ipv6 infinite loop 171386 - CVE-2005-3275 NAT DoS 174082 - CVE-2005-3806 ipv6 DOS 174338 - CVE-2005-3857 lease printk DoS 174344 - CVE-2005-3858 ip6_input_finish DoS 174347 - CVE-2005-3848 dst_entry leak DoS 174808 - CVE-2002-2185 IGMP DoS 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-37.0.1.EL.src.rpm 8ac573fd7da76bdbb692608fd112c17e kernel-2.4.21-37.0.1.EL.src.rpm i386: c132a984fc36125635ed8c9dfea0aafe kernel-2.4.21-37.0.1.EL.athlon.rpm c4eacef42415a77f0ef049e20eab7a54 kernel-2.4.21-37.0.1.EL.i686.rpm 29574e30ddd8e7f412446916670cb2d9 kernel-BOOT-2.4.21-37.0.1.EL.i386.rpm dc499687869783cb0f29dace2a166564 kernel-doc-2.4.21-37.0.1.EL.i386.rpm d87be7a68ad11961c17b35dc1874baa8 kernel-hugemem-2.4.21-37.0.1.EL.i686.rpm 9a73c7159290bbf5a4c697930947e55e kernel-hugemem-unsupported-2.4.21-37.0.1.EL.i686.rpm 29c4165c6982cbe8cdcca4e544898fd3 kernel-smp-2.4.21-37.0.1.EL.athlon.rpm 8242f8c46face8171232ee3628a18f8a kernel-smp-2.4.21-37.0.1.EL.i686.rpm c51f8fa5df41bb2d894d1d93c1ea16fd kernel-smp-unsupported-2.4.21-37.0.1.EL.athlon.rpm 61e11b896ca9dc9daeb7a728a24bc92e kernel-smp-unsupported-2.4.21-37.0.1.EL.i686.rpm 14b67fc434b7b611bc48a3ea085fd090 kernel-source-2.4.21-37.0.1.EL.i386.rpm 1dfc561d293146a44a9b96e58a283260 kernel-unsupported-2.4.21-37.0.1.EL.athlon.rpm fe7b99cc532c6f87251b7acb1c874755 kernel-unsupported-2.4.21-37.0.1.EL.i686.rpm ia64: 08e68cea214530406cac348d2f9263f7 kernel-2.4.21-37.0.1.EL.ia64.rpm 8e64a87ef70d5f7dec65dbd4c6ff82c4 kernel-doc-2.4.21-37.0.1.EL.ia64.rpm 5d93447ebf637cb3ce59ed6a860f3913 kernel-source-2.4.21-37.0.1.EL.ia64.rpm df5ef4f8aed639e36b1c306aa1818eb2 kernel-unsupported-2.4.21-37.0.1.EL.ia64.rpm ppc: a0cf3be5ad486a13a925b0e06730e8cd kernel-2.4.21-37.0.1.EL.ppc64iseries.rpm 0e64cd084da06531c4e9b1d1b3ced207 kernel-2.4.21-37.0.1.EL.ppc64pseries.rpm d21d3acee3e6cbcde9c62454336f5f5f kernel-doc-2.4.21-37.0.1.EL.ppc64.rpm 8044137f4adbe9d0c93919af49839e01 kernel-source-2.4.21-37.0.1.EL.ppc64.rpm 1d19870581d879f9d0d4c9978091c6c3 kernel-unsupported-2.4.21-37.0.1.EL.ppc64iseries.rpm a0250e2b0f9ac93a7c568e7389f53457 kernel-unsupported-2.4.21-37.0.1.EL.ppc64pseries.rpm s390: ca591a86b393f36885041d4a3cd82a53 kernel-2.4.21-37.0.1.EL.s390.rpm 3788cd512b7fa6b577e500a2ee4d1fef kernel-doc-2.4.21-37.0.1.EL.s390.rpm 44beedbe1d9e82aed2f73d6f814ec653 kernel-source-2.4.21-37.0.1.EL.s390.rpm 7ced947293d4682682b067b61c387e7c kernel-unsupported-2.4.21-37.0.1.EL.s390.rpm s390x: bacb4aab55a2166d2c9ea53a3512a646 kernel-2.4.21-37.0.1.EL.s390x.rpm 9cadb9c025c5d1c43c4b52bd7c3cdd62 kernel-doc-2.4.21-37.0.1.EL.s390x.rpm dea19dae65c362aa5f811f32ee00763e kernel-source-2.4.21-37.0.1.EL.s390x.rpm f16374ee1d14e8002225d84ae462dba1 kernel-unsupported-2.4.21-37.0.1.EL.s390x.rpm x86_64: fa476998934d46e5549f181fe29691ac kernel-2.4.21-37.0.1.EL.ia32e.rpm 3dc1501cfad7aa37634b963bb53a0255 kernel-2.4.21-37.0.1.EL.x86_64.rpm 9bb8abb6c8623855eb1b25628e6f9677 kernel-doc-2.4.21-37.0.1.EL.x86_64.rpm 2267c033d5b57b9790b087af67c3a456 kernel-smp-2.4.21-37.0.1.EL.x86_64.rpm 4a8422d6fdff27b0af58150a243eabc5 kernel-smp-unsupported-2.4.21-37.0.1.EL.x86_64.rpm 3dc2e200ea133fcfd329d828eaffb469 kernel-source-2.4.21-37.0.1.EL.x86_64.rpm 471e991baa9a16dc911f7d0e9f88f739 kernel-unsupported-2.4.21-37.0.1.EL.ia32e.rpm 6da82d4b8685ce8f1868c2699467e502 kernel-unsupported-2.4.21-37.0.1.EL.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-37.0.1.EL.src.rpm 8ac573fd7da76bdbb692608fd112c17e kernel-2.4.21-37.0.1.EL.src.rpm i386: c132a984fc36125635ed8c9dfea0aafe kernel-2.4.21-37.0.1.EL.athlon.rpm c4eacef42415a77f0ef049e20eab7a54 kernel-2.4.21-37.0.1.EL.i686.rpm 29574e30ddd8e7f412446916670cb2d9 kernel-BOOT-2.4.21-37.0.1.EL.i386.rpm dc499687869783cb0f29dace2a166564 kernel-doc-2.4.21-37.0.1.EL.i386.rpm d87be7a68ad11961c17b35dc1874baa8 kernel-hugemem-2.4.21-37.0.1.EL.i686.rpm 9a73c7159290bbf5a4c697930947e55e kernel-hugemem-unsupported-2.4.21-37.0.1.EL.i686.rpm 29c4165c6982cbe8cdcca4e544898fd3 kernel-smp-2.4.21-37.0.1.EL.athlon.rpm 8242f8c46face8171232ee3628a18f8a kernel-smp-2.4.21-37.0.1.EL.i686.rpm c51f8fa5df41bb2d894d1d93c1ea16fd kernel-smp-unsupported-2.4.21-37.0.1.EL.athlon.rpm 61e11b896ca9dc9daeb7a728a24bc92e kernel-smp-unsupported-2.4.21-37.0.1.EL.i686.rpm 14b67fc434b7b611bc48a3ea085fd090 kernel-source-2.4.21-37.0.1.EL.i386.rpm 1dfc561d293146a44a9b96e58a283260 kernel-unsupported-2.4.21-37.0.1.EL.athlon.rpm fe7b99cc532c6f87251b7acb1c874755 kernel-unsupported-2.4.21-37.0.1.EL.i686.rpm x86_64: fa476998934d46e5549f181fe29691ac kernel-2.4.21-37.0.1.EL.ia32e.rpm 3dc1501cfad7aa37634b963bb53a0255 kernel-2.4.21-37.0.1.EL.x86_64.rpm 9bb8abb6c8623855eb1b25628e6f9677 kernel-doc-2.4.21-37.0.1.EL.x86_64.rpm 2267c033d5b57b9790b087af67c3a456 kernel-smp-2.4.21-37.0.1.EL.x86_64.rpm 4a8422d6fdff27b0af58150a243eabc5 kernel-smp-unsupported-2.4.21-37.0.1.EL.x86_64.rpm 3dc2e200ea133fcfd329d828eaffb469 kernel-source-2.4.21-37.0.1.EL.x86_64.rpm 471e991baa9a16dc911f7d0e9f88f739 kernel-unsupported-2.4.21-37.0.1.EL.ia32e.rpm 6da82d4b8685ce8f1868c2699467e502 kernel-unsupported-2.4.21-37.0.1.EL.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-37.0.1.EL.src.rpm 8ac573fd7da76bdbb692608fd112c17e kernel-2.4.21-37.0.1.EL.src.rpm i386: c132a984fc36125635ed8c9dfea0aafe kernel-2.4.21-37.0.1.EL.athlon.rpm c4eacef42415a77f0ef049e20eab7a54 kernel-2.4.21-37.0.1.EL.i686.rpm 29574e30ddd8e7f412446916670cb2d9 kernel-BOOT-2.4.21-37.0.1.EL.i386.rpm dc499687869783cb0f29dace2a166564 kernel-doc-2.4.21-37.0.1.EL.i386.rpm d87be7a68ad11961c17b35dc1874baa8 kernel-hugemem-2.4.21-37.0.1.EL.i686.rpm 9a73c7159290bbf5a4c697930947e55e kernel-hugemem-unsupported-2.4.21-37.0.1.EL.i686.rpm 29c4165c6982cbe8cdcca4e544898fd3 kernel-smp-2.4.21-37.0.1.EL.athlon.rpm 8242f8c46face8171232ee3628a18f8a kernel-smp-2.4.21-37.0.1.EL.i686.rpm c51f8fa5df41bb2d894d1d93c1ea16fd kernel-smp-unsupported-2.4.21-37.0.1.EL.athlon.rpm 61e11b896ca9dc9daeb7a728a24bc92e kernel-smp-unsupported-2.4.21-37.0.1.EL.i686.rpm 14b67fc434b7b611bc48a3ea085fd090 kernel-source-2.4.21-37.0.1.EL.i386.rpm 1dfc561d293146a44a9b96e58a283260 kernel-unsupported-2.4.21-37.0.1.EL.athlon.rpm fe7b99cc532c6f87251b7acb1c874755 kernel-unsupported-2.4.21-37.0.1.EL.i686.rpm ia64: 08e68cea214530406cac348d2f9263f7 kernel-2.4.21-37.0.1.EL.ia64.rpm 8e64a87ef70d5f7dec65dbd4c6ff82c4 kernel-doc-2.4.21-37.0.1.EL.ia64.rpm 5d93447ebf637cb3ce59ed6a860f3913 kernel-source-2.4.21-37.0.1.EL.ia64.rpm df5ef4f8aed639e36b1c306aa1818eb2 kernel-unsupported-2.4.21-37.0.1.EL.ia64.rpm x86_64: fa476998934d46e5549f181fe29691ac kernel-2.4.21-37.0.1.EL.ia32e.rpm 3dc1501cfad7aa37634b963bb53a0255 kernel-2.4.21-37.0.1.EL.x86_64.rpm 9bb8abb6c8623855eb1b25628e6f9677 kernel-doc-2.4.21-37.0.1.EL.x86_64.rpm 2267c033d5b57b9790b087af67c3a456 kernel-smp-2.4.21-37.0.1.EL.x86_64.rpm 4a8422d6fdff27b0af58150a243eabc5 kernel-smp-unsupported-2.4.21-37.0.1.EL.x86_64.rpm 3dc2e200ea133fcfd329d828eaffb469 kernel-source-2.4.21-37.0.1.EL.x86_64.rpm 471e991baa9a16dc911f7d0e9f88f739 kernel-unsupported-2.4.21-37.0.1.EL.ia32e.rpm 6da82d4b8685ce8f1868c2699467e502 kernel-unsupported-2.4.21-37.0.1.EL.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-37.0.1.EL.src.rpm 8ac573fd7da76bdbb692608fd112c17e kernel-2.4.21-37.0.1.EL.src.rpm i386: c132a984fc36125635ed8c9dfea0aafe kernel-2.4.21-37.0.1.EL.athlon.rpm c4eacef42415a77f0ef049e20eab7a54 kernel-2.4.21-37.0.1.EL.i686.rpm 29574e30ddd8e7f412446916670cb2d9 kernel-BOOT-2.4.21-37.0.1.EL.i386.rpm dc499687869783cb0f29dace2a166564 kernel-doc-2.4.21-37.0.1.EL.i386.rpm d87be7a68ad11961c17b35dc1874baa8 kernel-hugemem-2.4.21-37.0.1.EL.i686.rpm 9a73c7159290bbf5a4c697930947e55e kernel-hugemem-unsupported-2.4.21-37.0.1.EL.i686.rpm 29c4165c6982cbe8cdcca4e544898fd3 kernel-smp-2.4.21-37.0.1.EL.athlon.rpm 8242f8c46face8171232ee3628a18f8a kernel-smp-2.4.21-37.0.1.EL.i686.rpm c51f8fa5df41bb2d894d1d93c1ea16fd kernel-smp-unsupported-2.4.21-37.0.1.EL.athlon.rpm 61e11b896ca9dc9daeb7a728a24bc92e kernel-smp-unsupported-2.4.21-37.0.1.EL.i686.rpm 14b67fc434b7b611bc48a3ea085fd090 kernel-source-2.4.21-37.0.1.EL.i386.rpm 1dfc561d293146a44a9b96e58a283260 kernel-unsupported-2.4.21-37.0.1.EL.athlon.rpm fe7b99cc532c6f87251b7acb1c874755 kernel-unsupported-2.4.21-37.0.1.EL.i686.rpm ia64: 08e68cea214530406cac348d2f9263f7 kernel-2.4.21-37.0.1.EL.ia64.rpm 8e64a87ef70d5f7dec65dbd4c6ff82c4 kernel-doc-2.4.21-37.0.1.EL.ia64.rpm 5d93447ebf637cb3ce59ed6a860f3913 kernel-source-2.4.21-37.0.1.EL.ia64.rpm df5ef4f8aed639e36b1c306aa1818eb2 kernel-unsupported-2.4.21-37.0.1.EL.ia64.rpm x86_64: fa476998934d46e5549f181fe29691ac kernel-2.4.21-37.0.1.EL.ia32e.rpm 3dc1501cfad7aa37634b963bb53a0255 kernel-2.4.21-37.0.1.EL.x86_64.rpm 9bb8abb6c8623855eb1b25628e6f9677 kernel-doc-2.4.21-37.0.1.EL.x86_64.rpm 2267c033d5b57b9790b087af67c3a456 kernel-smp-2.4.21-37.0.1.EL.x86_64.rpm 4a8422d6fdff27b0af58150a243eabc5 kernel-smp-unsupported-2.4.21-37.0.1.EL.x86_64.rpm 3dc2e200ea133fcfd329d828eaffb469 kernel-source-2.4.21-37.0.1.EL.x86_64.rpm 471e991baa9a16dc911f7d0e9f88f739 kernel-unsupported-2.4.21-37.0.1.EL.ia32e.rpm 6da82d4b8685ce8f1868c2699467e502 kernel-unsupported-2.4.21-37.0.1.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1057 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2708 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2709 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2973 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3857 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3858 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDz7vBXlSAg2UNWIIRAr2zAJ9CBtvW3d8n7U5/Sc1f4s4twEHfTACcDN+w q9igH2/tHH+WYLqhm5aamTw= =A3fb -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 19 17:56:02 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Jan 2006 12:56:02 -0500 Subject: [RHSA-2006:0160-01] Moderate: tetex security update Message-ID: <200601191756.k0JHu4t7031520@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: tetex security update Advisory ID: RHSA-2006:0160-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0160.html Issue date: 2006-01-19 Updated on: 2006-01-19 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628 - --------------------------------------------------------------------- 1. Summary: Updated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. Several flaws were discovered in the teTeX PDF parsing library. An attacker could construct a carefully crafted PDF file that could cause teTeX to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627 and CVE-2005-3628 to these issues. Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 175109 - CVE-2005-3193 xpdf issues (CVE-2005-3191 CVE-2005-3192 CVE-2005-3628) 177127 - [RHEL4] CVE-2005-3624 Additional xpdf issues (CVE-2005-3625 CVE-2005-3626 CVE-2005-3627) 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/tetex-1.0.7-38.5E.10.src.rpm bda20599634a1b7eb6659af2d4b79355 tetex-1.0.7-38.5E.10.src.rpm i386: 49ad782111536a8865d84e32bd152c75 tetex-1.0.7-38.5E.10.i386.rpm 09aee441b65b61911936975d7a00cba5 tetex-afm-1.0.7-38.5E.10.i386.rpm 2ab912ed02b21837a5d87e3032acfe9e tetex-doc-1.0.7-38.5E.10.i386.rpm 633ee7d169e067441afc3ff0e28d037c tetex-dvilj-1.0.7-38.5E.10.i386.rpm 79917d5cbf16c268ef9bf314f258574c tetex-dvips-1.0.7-38.5E.10.i386.rpm 138bf3a916b828dc9c5b229fd52a518f tetex-fonts-1.0.7-38.5E.10.i386.rpm 20eec31604be2f4532499502c0085936 tetex-latex-1.0.7-38.5E.10.i386.rpm ed4abd2f1ec726f5de093b89073fa252 tetex-xdvi-1.0.7-38.5E.10.i386.rpm ia64: 7c5f308b07c6ae053ddbfbb74f0affe8 tetex-1.0.7-38.5E.10.ia64.rpm 0ca8d0ec93018aa49a664d1956de168d tetex-afm-1.0.7-38.5E.10.ia64.rpm 08fac4824ccbc09202bcd5bdb8fcbb0d tetex-doc-1.0.7-38.5E.10.ia64.rpm 8b9d4ebe92c739476fe0796258c92fa0 tetex-dvilj-1.0.7-38.5E.10.ia64.rpm 26a05ef2f7b5d1dfcebde8a4aff00ccc tetex-dvips-1.0.7-38.5E.10.ia64.rpm 267e6d3624520709317aa8ea971386e1 tetex-fonts-1.0.7-38.5E.10.ia64.rpm 17d240a7925c365a0ef4bbd92f7a0c91 tetex-latex-1.0.7-38.5E.10.ia64.rpm 29e146f10fbd41d4212cee14c6e480c4 tetex-xdvi-1.0.7-38.5E.10.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/tetex-1.0.7-38.5E.10.src.rpm bda20599634a1b7eb6659af2d4b79355 tetex-1.0.7-38.5E.10.src.rpm ia64: 7c5f308b07c6ae053ddbfbb74f0affe8 tetex-1.0.7-38.5E.10.ia64.rpm 0ca8d0ec93018aa49a664d1956de168d tetex-afm-1.0.7-38.5E.10.ia64.rpm 08fac4824ccbc09202bcd5bdb8fcbb0d tetex-doc-1.0.7-38.5E.10.ia64.rpm 8b9d4ebe92c739476fe0796258c92fa0 tetex-dvilj-1.0.7-38.5E.10.ia64.rpm 26a05ef2f7b5d1dfcebde8a4aff00ccc tetex-dvips-1.0.7-38.5E.10.ia64.rpm 267e6d3624520709317aa8ea971386e1 tetex-fonts-1.0.7-38.5E.10.ia64.rpm 17d240a7925c365a0ef4bbd92f7a0c91 tetex-latex-1.0.7-38.5E.10.ia64.rpm 29e146f10fbd41d4212cee14c6e480c4 tetex-xdvi-1.0.7-38.5E.10.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/tetex-1.0.7-38.5E.10.src.rpm bda20599634a1b7eb6659af2d4b79355 tetex-1.0.7-38.5E.10.src.rpm i386: 49ad782111536a8865d84e32bd152c75 tetex-1.0.7-38.5E.10.i386.rpm 09aee441b65b61911936975d7a00cba5 tetex-afm-1.0.7-38.5E.10.i386.rpm 2ab912ed02b21837a5d87e3032acfe9e tetex-doc-1.0.7-38.5E.10.i386.rpm 633ee7d169e067441afc3ff0e28d037c tetex-dvilj-1.0.7-38.5E.10.i386.rpm 79917d5cbf16c268ef9bf314f258574c tetex-dvips-1.0.7-38.5E.10.i386.rpm 138bf3a916b828dc9c5b229fd52a518f tetex-fonts-1.0.7-38.5E.10.i386.rpm 20eec31604be2f4532499502c0085936 tetex-latex-1.0.7-38.5E.10.i386.rpm ed4abd2f1ec726f5de093b89073fa252 tetex-xdvi-1.0.7-38.5E.10.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/tetex-1.0.7-38.5E.10.src.rpm bda20599634a1b7eb6659af2d4b79355 tetex-1.0.7-38.5E.10.src.rpm i386: 49ad782111536a8865d84e32bd152c75 tetex-1.0.7-38.5E.10.i386.rpm 09aee441b65b61911936975d7a00cba5 tetex-afm-1.0.7-38.5E.10.i386.rpm 2ab912ed02b21837a5d87e3032acfe9e tetex-doc-1.0.7-38.5E.10.i386.rpm 633ee7d169e067441afc3ff0e28d037c tetex-dvilj-1.0.7-38.5E.10.i386.rpm 79917d5cbf16c268ef9bf314f258574c tetex-dvips-1.0.7-38.5E.10.i386.rpm 138bf3a916b828dc9c5b229fd52a518f tetex-fonts-1.0.7-38.5E.10.i386.rpm 20eec31604be2f4532499502c0085936 tetex-latex-1.0.7-38.5E.10.i386.rpm ed4abd2f1ec726f5de093b89073fa252 tetex-xdvi-1.0.7-38.5E.10.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/tetex-1.0.7-67.9.src.rpm 0268f08d11ad7331354568f01c5e041b tetex-1.0.7-67.9.src.rpm i386: cd018d33596ba68b8171815e418e4c97 tetex-1.0.7-67.9.i386.rpm 355887b853d836bf574dd0c49d961ca4 tetex-afm-1.0.7-67.9.i386.rpm e24f7bbf95008590ff0477f5f0c5dc9e tetex-dvips-1.0.7-67.9.i386.rpm cfe2d539b18cb4f687f95e1a20b957ca tetex-fonts-1.0.7-67.9.i386.rpm 332a334898a9cbc8949b82a8df735362 tetex-latex-1.0.7-67.9.i386.rpm a66d5a50677b2b6959d8f37c9bf2dcaa tetex-xdvi-1.0.7-67.9.i386.rpm ia64: 8106c18a23d72fe8d69db5ec5edd6477 tetex-1.0.7-67.9.ia64.rpm e89ea9fc7462bef95710cdb9ac920428 tetex-afm-1.0.7-67.9.ia64.rpm 2cae8707475dd1a124962d7c1bd20222 tetex-dvips-1.0.7-67.9.ia64.rpm c80531149db62bb58e066e45b250aa42 tetex-fonts-1.0.7-67.9.ia64.rpm 2732c1eadb3b429d0ee2a57a7509301c tetex-latex-1.0.7-67.9.ia64.rpm 22ae0f737ba3bf9242232533298276db tetex-xdvi-1.0.7-67.9.ia64.rpm ppc: 9a8df8e0f6fe22893861807a883d6587 tetex-1.0.7-67.9.ppc.rpm 2a35cd6a5f02c0d0f95b5116392cc6ec tetex-afm-1.0.7-67.9.ppc.rpm 2fd849b578bf79a8b2534eab0a43ee30 tetex-dvips-1.0.7-67.9.ppc.rpm 6205fc3eb72b4d1da5bfe5ac5f56972e tetex-fonts-1.0.7-67.9.ppc.rpm a6f71bf1389ec582e3d30c684cfc25d7 tetex-latex-1.0.7-67.9.ppc.rpm 5ecd866f6a531bc1bc60edd43a82b43b tetex-xdvi-1.0.7-67.9.ppc.rpm s390: c8d78050dc52318c6b5ccd8f444d4f90 tetex-1.0.7-67.9.s390.rpm cb31a11677099f49f3a037f3da8f33dc tetex-afm-1.0.7-67.9.s390.rpm b5ca8390bed3cbfe7cb5adc910bc5b7c tetex-dvips-1.0.7-67.9.s390.rpm 945e7ca4dc9dcc7bf0eed16c1a02d0d6 tetex-fonts-1.0.7-67.9.s390.rpm 485fc1246cefb9a9ba6bc4858f5605cb tetex-latex-1.0.7-67.9.s390.rpm 10c842b3423053ffc5264a721bf742d5 tetex-xdvi-1.0.7-67.9.s390.rpm s390x: ea2d7cd2e7506828cb3de50f9b7d7f5d tetex-1.0.7-67.9.s390x.rpm 80755804b8559dfccb346c52e414476e tetex-afm-1.0.7-67.9.s390x.rpm 055017741612116f5363f3ce414af9ab tetex-dvips-1.0.7-67.9.s390x.rpm 9a4fdf8dff88a73ee8e9865a80f07cd7 tetex-fonts-1.0.7-67.9.s390x.rpm d9455bedff75da5b12bc146c78840d96 tetex-latex-1.0.7-67.9.s390x.rpm b27f3eb65c68312804020680f88dd8e3 tetex-xdvi-1.0.7-67.9.s390x.rpm x86_64: 38df50c7c489523a0df80a038d58ea89 tetex-1.0.7-67.9.x86_64.rpm 3ca12e8812c7a7040a85fc6200976681 tetex-afm-1.0.7-67.9.x86_64.rpm f80cccf1398cba3a6f294653f94e9f61 tetex-dvips-1.0.7-67.9.x86_64.rpm 60309df57c823357d06d1966109fce2d tetex-fonts-1.0.7-67.9.x86_64.rpm 72208e3607d54f2d05d94985c2859cf2 tetex-latex-1.0.7-67.9.x86_64.rpm 0300207904ba07c93b0042d08ba392c3 tetex-xdvi-1.0.7-67.9.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/tetex-1.0.7-67.9.src.rpm 0268f08d11ad7331354568f01c5e041b tetex-1.0.7-67.9.src.rpm i386: cd018d33596ba68b8171815e418e4c97 tetex-1.0.7-67.9.i386.rpm 355887b853d836bf574dd0c49d961ca4 tetex-afm-1.0.7-67.9.i386.rpm e24f7bbf95008590ff0477f5f0c5dc9e tetex-dvips-1.0.7-67.9.i386.rpm cfe2d539b18cb4f687f95e1a20b957ca tetex-fonts-1.0.7-67.9.i386.rpm 332a334898a9cbc8949b82a8df735362 tetex-latex-1.0.7-67.9.i386.rpm a66d5a50677b2b6959d8f37c9bf2dcaa tetex-xdvi-1.0.7-67.9.i386.rpm x86_64: 38df50c7c489523a0df80a038d58ea89 tetex-1.0.7-67.9.x86_64.rpm 3ca12e8812c7a7040a85fc6200976681 tetex-afm-1.0.7-67.9.x86_64.rpm f80cccf1398cba3a6f294653f94e9f61 tetex-dvips-1.0.7-67.9.x86_64.rpm 60309df57c823357d06d1966109fce2d tetex-fonts-1.0.7-67.9.x86_64.rpm 72208e3607d54f2d05d94985c2859cf2 tetex-latex-1.0.7-67.9.x86_64.rpm 0300207904ba07c93b0042d08ba392c3 tetex-xdvi-1.0.7-67.9.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/tetex-1.0.7-67.9.src.rpm 0268f08d11ad7331354568f01c5e041b tetex-1.0.7-67.9.src.rpm i386: cd018d33596ba68b8171815e418e4c97 tetex-1.0.7-67.9.i386.rpm 355887b853d836bf574dd0c49d961ca4 tetex-afm-1.0.7-67.9.i386.rpm e24f7bbf95008590ff0477f5f0c5dc9e tetex-dvips-1.0.7-67.9.i386.rpm cfe2d539b18cb4f687f95e1a20b957ca tetex-fonts-1.0.7-67.9.i386.rpm 332a334898a9cbc8949b82a8df735362 tetex-latex-1.0.7-67.9.i386.rpm a66d5a50677b2b6959d8f37c9bf2dcaa tetex-xdvi-1.0.7-67.9.i386.rpm ia64: 8106c18a23d72fe8d69db5ec5edd6477 tetex-1.0.7-67.9.ia64.rpm e89ea9fc7462bef95710cdb9ac920428 tetex-afm-1.0.7-67.9.ia64.rpm 2cae8707475dd1a124962d7c1bd20222 tetex-dvips-1.0.7-67.9.ia64.rpm c80531149db62bb58e066e45b250aa42 tetex-fonts-1.0.7-67.9.ia64.rpm 2732c1eadb3b429d0ee2a57a7509301c tetex-latex-1.0.7-67.9.ia64.rpm 22ae0f737ba3bf9242232533298276db tetex-xdvi-1.0.7-67.9.ia64.rpm x86_64: 38df50c7c489523a0df80a038d58ea89 tetex-1.0.7-67.9.x86_64.rpm 3ca12e8812c7a7040a85fc6200976681 tetex-afm-1.0.7-67.9.x86_64.rpm f80cccf1398cba3a6f294653f94e9f61 tetex-dvips-1.0.7-67.9.x86_64.rpm 60309df57c823357d06d1966109fce2d tetex-fonts-1.0.7-67.9.x86_64.rpm 72208e3607d54f2d05d94985c2859cf2 tetex-latex-1.0.7-67.9.x86_64.rpm 0300207904ba07c93b0042d08ba392c3 tetex-xdvi-1.0.7-67.9.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/tetex-1.0.7-67.9.src.rpm 0268f08d11ad7331354568f01c5e041b tetex-1.0.7-67.9.src.rpm i386: cd018d33596ba68b8171815e418e4c97 tetex-1.0.7-67.9.i386.rpm 355887b853d836bf574dd0c49d961ca4 tetex-afm-1.0.7-67.9.i386.rpm e24f7bbf95008590ff0477f5f0c5dc9e tetex-dvips-1.0.7-67.9.i386.rpm cfe2d539b18cb4f687f95e1a20b957ca tetex-fonts-1.0.7-67.9.i386.rpm 332a334898a9cbc8949b82a8df735362 tetex-latex-1.0.7-67.9.i386.rpm a66d5a50677b2b6959d8f37c9bf2dcaa tetex-xdvi-1.0.7-67.9.i386.rpm ia64: 8106c18a23d72fe8d69db5ec5edd6477 tetex-1.0.7-67.9.ia64.rpm e89ea9fc7462bef95710cdb9ac920428 tetex-afm-1.0.7-67.9.ia64.rpm 2cae8707475dd1a124962d7c1bd20222 tetex-dvips-1.0.7-67.9.ia64.rpm c80531149db62bb58e066e45b250aa42 tetex-fonts-1.0.7-67.9.ia64.rpm 2732c1eadb3b429d0ee2a57a7509301c tetex-latex-1.0.7-67.9.ia64.rpm 22ae0f737ba3bf9242232533298276db tetex-xdvi-1.0.7-67.9.ia64.rpm x86_64: 38df50c7c489523a0df80a038d58ea89 tetex-1.0.7-67.9.x86_64.rpm 3ca12e8812c7a7040a85fc6200976681 tetex-afm-1.0.7-67.9.x86_64.rpm f80cccf1398cba3a6f294653f94e9f61 tetex-dvips-1.0.7-67.9.x86_64.rpm 60309df57c823357d06d1966109fce2d tetex-fonts-1.0.7-67.9.x86_64.rpm 72208e3607d54f2d05d94985c2859cf2 tetex-latex-1.0.7-67.9.x86_64.rpm 0300207904ba07c93b0042d08ba392c3 tetex-xdvi-1.0.7-67.9.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/tetex-2.0.2-22.EL4.7.src.rpm ae21b3aa7adc43658288cba0d5578f20 tetex-2.0.2-22.EL4.7.src.rpm i386: 94e7ba8fa76583eaa1865784396574a2 tetex-2.0.2-22.EL4.7.i386.rpm 0deb406e3c8da537a03f1c8e782f8e8e tetex-afm-2.0.2-22.EL4.7.i386.rpm 3af95fe67a305c4e16d86a75eb1169ea tetex-doc-2.0.2-22.EL4.7.i386.rpm 89ac40395af3e88a990b6c50eb90ee10 tetex-dvips-2.0.2-22.EL4.7.i386.rpm 0925f9cf8f6a3210aa6c36c13467c75e tetex-fonts-2.0.2-22.EL4.7.i386.rpm 7b2595c6a4800fdb1f5f1cf70d72d0ff tetex-latex-2.0.2-22.EL4.7.i386.rpm 537ca25fef48f720dffa5e3c36cad0c0 tetex-xdvi-2.0.2-22.EL4.7.i386.rpm ia64: a49955da66569d4a592202e3952d1821 tetex-2.0.2-22.EL4.7.ia64.rpm 38d74b236db5ce8a2e1d66f153d39c75 tetex-afm-2.0.2-22.EL4.7.ia64.rpm 5b732db0a9e5e662576409cb6f43e4c1 tetex-doc-2.0.2-22.EL4.7.ia64.rpm a4817364ec824fbe9b5dee99a2493199 tetex-dvips-2.0.2-22.EL4.7.ia64.rpm 6ebd4dea9c2ea23b23993212fb797b47 tetex-fonts-2.0.2-22.EL4.7.ia64.rpm ddf78cdea116b8683b8cea3fc5dfb0d7 tetex-latex-2.0.2-22.EL4.7.ia64.rpm 52027a6f5692fde0ced8a95bf44052ec tetex-xdvi-2.0.2-22.EL4.7.ia64.rpm ppc: 982a149c16827afe8de46e41201495ea tetex-2.0.2-22.EL4.7.ppc.rpm 614e284e6d0adbbebcf36c6ba25a58e6 tetex-afm-2.0.2-22.EL4.7.ppc.rpm f15e0c1cf47f81c0e91f9c97b838f6a6 tetex-doc-2.0.2-22.EL4.7.ppc.rpm 3c7d289dcc1f86ca42e01d96c55cbf7d tetex-dvips-2.0.2-22.EL4.7.ppc.rpm 117878fac691d1220c569b5dfe26979e tetex-fonts-2.0.2-22.EL4.7.ppc.rpm 23bc4b0eb0a8e20fea5eec84300a92b7 tetex-latex-2.0.2-22.EL4.7.ppc.rpm f3360a150ef438d23eef81cfcc55c93b tetex-xdvi-2.0.2-22.EL4.7.ppc.rpm s390: f2ff8dbe01920ddedc162794c4d399fd tetex-2.0.2-22.EL4.7.s390.rpm bbb0d3a0eaf65b0348f45bb3e11bf7a6 tetex-afm-2.0.2-22.EL4.7.s390.rpm c8b7702f8be5d228e71e1b92f8b0bdef tetex-doc-2.0.2-22.EL4.7.s390.rpm 42e5ed41f40febc931e788159b84deaf tetex-dvips-2.0.2-22.EL4.7.s390.rpm 7c5a50ca2b3ebc712effc7260647f08d tetex-fonts-2.0.2-22.EL4.7.s390.rpm 6fb5929f62f9001210dc2e8a2370a1c9 tetex-latex-2.0.2-22.EL4.7.s390.rpm f1ec26e7b6d7a7a058966d794f28f4c3 tetex-xdvi-2.0.2-22.EL4.7.s390.rpm s390x: 44a72477c181a850f9774637b15ccfc4 tetex-2.0.2-22.EL4.7.s390x.rpm 7e7b6ff87468e661115745b426d894d6 tetex-afm-2.0.2-22.EL4.7.s390x.rpm ba933e8a346b186198b36fd8bf3825a0 tetex-doc-2.0.2-22.EL4.7.s390x.rpm 52196ea55bd1922f1d2807d1e8f3cf0c tetex-dvips-2.0.2-22.EL4.7.s390x.rpm 77ab77d0c81abd7e36df57ba50d8bce7 tetex-fonts-2.0.2-22.EL4.7.s390x.rpm 326ea9c59546b03ec0635f7561afcf74 tetex-latex-2.0.2-22.EL4.7.s390x.rpm 82da45db386f25c0d5c30f4645cda51e tetex-xdvi-2.0.2-22.EL4.7.s390x.rpm x86_64: 4b98bfd00faf3612bba0e8166af00bde tetex-2.0.2-22.EL4.7.x86_64.rpm 04ed2a0f8630b2a81c4c5e3852bd1780 tetex-afm-2.0.2-22.EL4.7.x86_64.rpm 7e5f82fe31992dec39c07dd9ca2178e6 tetex-doc-2.0.2-22.EL4.7.x86_64.rpm 11f081fec299c4372296b28347e7cb1f tetex-dvips-2.0.2-22.EL4.7.x86_64.rpm 086fe1bbbb4afe1c26cf3d64d669679c tetex-fonts-2.0.2-22.EL4.7.x86_64.rpm ba352432a6da1ec3c2ac0c0dab231530 tetex-latex-2.0.2-22.EL4.7.x86_64.rpm babe8ba23615d6feaf5526f7201bcbd4 tetex-xdvi-2.0.2-22.EL4.7.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/tetex-2.0.2-22.EL4.7.src.rpm ae21b3aa7adc43658288cba0d5578f20 tetex-2.0.2-22.EL4.7.src.rpm i386: 94e7ba8fa76583eaa1865784396574a2 tetex-2.0.2-22.EL4.7.i386.rpm 0deb406e3c8da537a03f1c8e782f8e8e tetex-afm-2.0.2-22.EL4.7.i386.rpm 3af95fe67a305c4e16d86a75eb1169ea tetex-doc-2.0.2-22.EL4.7.i386.rpm 89ac40395af3e88a990b6c50eb90ee10 tetex-dvips-2.0.2-22.EL4.7.i386.rpm 0925f9cf8f6a3210aa6c36c13467c75e tetex-fonts-2.0.2-22.EL4.7.i386.rpm 7b2595c6a4800fdb1f5f1cf70d72d0ff tetex-latex-2.0.2-22.EL4.7.i386.rpm 537ca25fef48f720dffa5e3c36cad0c0 tetex-xdvi-2.0.2-22.EL4.7.i386.rpm x86_64: 4b98bfd00faf3612bba0e8166af00bde tetex-2.0.2-22.EL4.7.x86_64.rpm 04ed2a0f8630b2a81c4c5e3852bd1780 tetex-afm-2.0.2-22.EL4.7.x86_64.rpm 7e5f82fe31992dec39c07dd9ca2178e6 tetex-doc-2.0.2-22.EL4.7.x86_64.rpm 11f081fec299c4372296b28347e7cb1f tetex-dvips-2.0.2-22.EL4.7.x86_64.rpm 086fe1bbbb4afe1c26cf3d64d669679c tetex-fonts-2.0.2-22.EL4.7.x86_64.rpm ba352432a6da1ec3c2ac0c0dab231530 tetex-latex-2.0.2-22.EL4.7.x86_64.rpm babe8ba23615d6feaf5526f7201bcbd4 tetex-xdvi-2.0.2-22.EL4.7.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/tetex-2.0.2-22.EL4.7.src.rpm ae21b3aa7adc43658288cba0d5578f20 tetex-2.0.2-22.EL4.7.src.rpm i386: 94e7ba8fa76583eaa1865784396574a2 tetex-2.0.2-22.EL4.7.i386.rpm 0deb406e3c8da537a03f1c8e782f8e8e tetex-afm-2.0.2-22.EL4.7.i386.rpm 3af95fe67a305c4e16d86a75eb1169ea tetex-doc-2.0.2-22.EL4.7.i386.rpm 89ac40395af3e88a990b6c50eb90ee10 tetex-dvips-2.0.2-22.EL4.7.i386.rpm 0925f9cf8f6a3210aa6c36c13467c75e tetex-fonts-2.0.2-22.EL4.7.i386.rpm 7b2595c6a4800fdb1f5f1cf70d72d0ff tetex-latex-2.0.2-22.EL4.7.i386.rpm 537ca25fef48f720dffa5e3c36cad0c0 tetex-xdvi-2.0.2-22.EL4.7.i386.rpm ia64: a49955da66569d4a592202e3952d1821 tetex-2.0.2-22.EL4.7.ia64.rpm 38d74b236db5ce8a2e1d66f153d39c75 tetex-afm-2.0.2-22.EL4.7.ia64.rpm 5b732db0a9e5e662576409cb6f43e4c1 tetex-doc-2.0.2-22.EL4.7.ia64.rpm a4817364ec824fbe9b5dee99a2493199 tetex-dvips-2.0.2-22.EL4.7.ia64.rpm 6ebd4dea9c2ea23b23993212fb797b47 tetex-fonts-2.0.2-22.EL4.7.ia64.rpm ddf78cdea116b8683b8cea3fc5dfb0d7 tetex-latex-2.0.2-22.EL4.7.ia64.rpm 52027a6f5692fde0ced8a95bf44052ec tetex-xdvi-2.0.2-22.EL4.7.ia64.rpm x86_64: 4b98bfd00faf3612bba0e8166af00bde tetex-2.0.2-22.EL4.7.x86_64.rpm 04ed2a0f8630b2a81c4c5e3852bd1780 tetex-afm-2.0.2-22.EL4.7.x86_64.rpm 7e5f82fe31992dec39c07dd9ca2178e6 tetex-doc-2.0.2-22.EL4.7.x86_64.rpm 11f081fec299c4372296b28347e7cb1f tetex-dvips-2.0.2-22.EL4.7.x86_64.rpm 086fe1bbbb4afe1c26cf3d64d669679c tetex-fonts-2.0.2-22.EL4.7.x86_64.rpm ba352432a6da1ec3c2ac0c0dab231530 tetex-latex-2.0.2-22.EL4.7.x86_64.rpm babe8ba23615d6feaf5526f7201bcbd4 tetex-xdvi-2.0.2-22.EL4.7.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/tetex-2.0.2-22.EL4.7.src.rpm ae21b3aa7adc43658288cba0d5578f20 tetex-2.0.2-22.EL4.7.src.rpm i386: 94e7ba8fa76583eaa1865784396574a2 tetex-2.0.2-22.EL4.7.i386.rpm 0deb406e3c8da537a03f1c8e782f8e8e tetex-afm-2.0.2-22.EL4.7.i386.rpm 3af95fe67a305c4e16d86a75eb1169ea tetex-doc-2.0.2-22.EL4.7.i386.rpm 89ac40395af3e88a990b6c50eb90ee10 tetex-dvips-2.0.2-22.EL4.7.i386.rpm 0925f9cf8f6a3210aa6c36c13467c75e tetex-fonts-2.0.2-22.EL4.7.i386.rpm 7b2595c6a4800fdb1f5f1cf70d72d0ff tetex-latex-2.0.2-22.EL4.7.i386.rpm 537ca25fef48f720dffa5e3c36cad0c0 tetex-xdvi-2.0.2-22.EL4.7.i386.rpm ia64: a49955da66569d4a592202e3952d1821 tetex-2.0.2-22.EL4.7.ia64.rpm 38d74b236db5ce8a2e1d66f153d39c75 tetex-afm-2.0.2-22.EL4.7.ia64.rpm 5b732db0a9e5e662576409cb6f43e4c1 tetex-doc-2.0.2-22.EL4.7.ia64.rpm a4817364ec824fbe9b5dee99a2493199 tetex-dvips-2.0.2-22.EL4.7.ia64.rpm 6ebd4dea9c2ea23b23993212fb797b47 tetex-fonts-2.0.2-22.EL4.7.ia64.rpm ddf78cdea116b8683b8cea3fc5dfb0d7 tetex-latex-2.0.2-22.EL4.7.ia64.rpm 52027a6f5692fde0ced8a95bf44052ec tetex-xdvi-2.0.2-22.EL4.7.ia64.rpm x86_64: 4b98bfd00faf3612bba0e8166af00bde tetex-2.0.2-22.EL4.7.x86_64.rpm 04ed2a0f8630b2a81c4c5e3852bd1780 tetex-afm-2.0.2-22.EL4.7.x86_64.rpm 7e5f82fe31992dec39c07dd9ca2178e6 tetex-doc-2.0.2-22.EL4.7.x86_64.rpm 11f081fec299c4372296b28347e7cb1f tetex-dvips-2.0.2-22.EL4.7.x86_64.rpm 086fe1bbbb4afe1c26cf3d64d669679c tetex-fonts-2.0.2-22.EL4.7.x86_64.rpm ba352432a6da1ec3c2ac0c0dab231530 tetex-latex-2.0.2-22.EL4.7.x86_64.rpm babe8ba23615d6feaf5526f7201bcbd4 tetex-xdvi-2.0.2-22.EL4.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDz9KSXlSAg2UNWIIRAn0pAKCViGvklNYA4MsrpStL2RAO5yKqZgCdHvbD MVitjOeuuciAU8tEyOE+QjA= =O+7z -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jan 19 17:57:38 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Jan 2006 12:57:38 -0500 Subject: [RHSA-2006:0184-01] Critical: kdelibs security update Message-ID: <200601191757.k0JHvcOM032364@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: kdelibs security update Advisory ID: RHSA-2006:0184-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0184.html Issue date: 2006-01-19 Updated on: 2006-01-19 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-0019 - --------------------------------------------------------------------- 1. Summary: Updated kdelibs packages are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: kdelibs contains libraries for the K Desktop Environment (KDE). A heap overflow flaw was discovered affecting kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE. An attacker could create a malicious web site containing carefully crafted JavaScript code that would trigger this flaw and possibly lead to arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0019 to this issue. NOTE: this issue does not affect KDE in Red Hat Enterprise Linux 3 or 2.1. Users of KDE should upgrade to these updated packages, which contain a backported patch from the KDE security team correcting this issue as well as two bug fixes. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 165139 - kdegraphics applications crash when Open or Save dialog is opened 177618 - CVE-2006-0019 kjs encodeuri/decodeuri heap overflow vulnerability 178072 - pwMutex destroy failure: Device or resource busy 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdelibs-3.3.1-3.14.src.rpm b30a6200f11cd0383105a37c42fb200d kdelibs-3.3.1-3.14.src.rpm i386: 1c9bd0d694359ee59d678a98332356cc kdelibs-3.3.1-3.14.i386.rpm bb76c93944cea5d9afb18a9aaf469fc4 kdelibs-devel-3.3.1-3.14.i386.rpm ia64: 1c9bd0d694359ee59d678a98332356cc kdelibs-3.3.1-3.14.i386.rpm c9cfd56ae67523dec07343ea62028e00 kdelibs-3.3.1-3.14.ia64.rpm 3d8e4a12a4a7f26351e3a7b8ebcf4dd3 kdelibs-devel-3.3.1-3.14.ia64.rpm ppc: bd7436482dc9fe6f7ae4b478187a7e34 kdelibs-3.3.1-3.14.ppc.rpm ed77a0ffd2760ca93dd8e93b1f3a2550 kdelibs-3.3.1-3.14.ppc64.rpm 5aaab278c805deb54ede0018d258df52 kdelibs-devel-3.3.1-3.14.ppc.rpm s390: e46ee184e33001ebd6dd4dc2cc240f41 kdelibs-3.3.1-3.14.s390.rpm 91c119e7d4ba1f4cc3cedf5ea5980367 kdelibs-devel-3.3.1-3.14.s390.rpm s390x: e46ee184e33001ebd6dd4dc2cc240f41 kdelibs-3.3.1-3.14.s390.rpm f9fc9f3268f400915c32e164d1aec9c6 kdelibs-3.3.1-3.14.s390x.rpm 0a8f0a33838fc6ca18c6990ffce68685 kdelibs-devel-3.3.1-3.14.s390x.rpm x86_64: 1c9bd0d694359ee59d678a98332356cc kdelibs-3.3.1-3.14.i386.rpm 909458f7ec2e30eee6e3526728f401e4 kdelibs-3.3.1-3.14.x86_64.rpm 0342024ddabad43123ab501f9500534e kdelibs-devel-3.3.1-3.14.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdelibs-3.3.1-3.14.src.rpm b30a6200f11cd0383105a37c42fb200d kdelibs-3.3.1-3.14.src.rpm i386: 1c9bd0d694359ee59d678a98332356cc kdelibs-3.3.1-3.14.i386.rpm bb76c93944cea5d9afb18a9aaf469fc4 kdelibs-devel-3.3.1-3.14.i386.rpm x86_64: 1c9bd0d694359ee59d678a98332356cc kdelibs-3.3.1-3.14.i386.rpm 909458f7ec2e30eee6e3526728f401e4 kdelibs-3.3.1-3.14.x86_64.rpm 0342024ddabad43123ab501f9500534e kdelibs-devel-3.3.1-3.14.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdelibs-3.3.1-3.14.src.rpm b30a6200f11cd0383105a37c42fb200d kdelibs-3.3.1-3.14.src.rpm i386: 1c9bd0d694359ee59d678a98332356cc kdelibs-3.3.1-3.14.i386.rpm bb76c93944cea5d9afb18a9aaf469fc4 kdelibs-devel-3.3.1-3.14.i386.rpm ia64: 1c9bd0d694359ee59d678a98332356cc kdelibs-3.3.1-3.14.i386.rpm c9cfd56ae67523dec07343ea62028e00 kdelibs-3.3.1-3.14.ia64.rpm 3d8e4a12a4a7f26351e3a7b8ebcf4dd3 kdelibs-devel-3.3.1-3.14.ia64.rpm x86_64: 1c9bd0d694359ee59d678a98332356cc kdelibs-3.3.1-3.14.i386.rpm 909458f7ec2e30eee6e3526728f401e4 kdelibs-3.3.1-3.14.x86_64.rpm 0342024ddabad43123ab501f9500534e kdelibs-devel-3.3.1-3.14.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdelibs-3.3.1-3.14.src.rpm b30a6200f11cd0383105a37c42fb200d kdelibs-3.3.1-3.14.src.rpm i386: 1c9bd0d694359ee59d678a98332356cc kdelibs-3.3.1-3.14.i386.rpm bb76c93944cea5d9afb18a9aaf469fc4 kdelibs-devel-3.3.1-3.14.i386.rpm ia64: 1c9bd0d694359ee59d678a98332356cc kdelibs-3.3.1-3.14.i386.rpm c9cfd56ae67523dec07343ea62028e00 kdelibs-3.3.1-3.14.ia64.rpm 3d8e4a12a4a7f26351e3a7b8ebcf4dd3 kdelibs-devel-3.3.1-3.14.ia64.rpm x86_64: 1c9bd0d694359ee59d678a98332356cc kdelibs-3.3.1-3.14.i386.rpm 909458f7ec2e30eee6e3526728f401e4 kdelibs-3.3.1-3.14.x86_64.rpm 0342024ddabad43123ab501f9500534e kdelibs-devel-3.3.1-3.14.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.kde.org/info/security/advisory-20060119-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0019 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFDz9MFXlSAg2UNWIIRAiCbAJwK1kLA2gajdu0aPJNb1ime49XbGgCfRG6p 91N6GScf2nSxoN3R8aYtOyU= =TIVN -----END PGP SIGNATURE-----