From bugzilla at redhat.com Thu Jun 1 17:48:54 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Jun 2006 13:48:54 -0400 Subject: [RHSA-2006:0525-01] Moderate: quagga security update Message-ID: <200606011748.k51Hmt2e002359@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: quagga security update Advisory ID: RHSA-2006:0525-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0525.html Issue date: 2006-06-01 Updated on: 2006-06-01 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-2223 CVE-2006-2224 CVE-2006-2276 - --------------------------------------------------------------------- 1. Summary: Updated quagga packages that fix several security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Quagga manages the TCP/IP based routing protocol. It takes a multi-server and multi-thread approach to resolve the current complexity of the Internet. An information disclosure flaw was found in the way Quagga interprets RIP REQUEST packets. RIPd in Quagga will respond to RIP REQUEST packets for RIP versions that have been disabled or that have authentication enabled, allowing a remote attacker to acquire information about the local network. (CVE-2006-2223) A route injection flaw was found in the way Quagga interprets RIPv1 RESPONSE packets when RIPv2 authentication is enabled. It is possible for a remote attacker to inject arbitrary route information into the RIPd routing tables. This issue does not affect Quagga configurations where only RIPv2 is specified. (CVE-2006-2224) A denial of service flaw was found in Quagga's telnet interface. If an attacker is able to connect to the Quagga telnet interface, it is possible to cause Quagga to consume vast quantities of CPU resources by issuing a malformed 'sh' command. (CVE-2006-2276) Users of Quagga should upgrade to these updated packages, which contain backported patches that correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 191080 - CVE-2006-2223 Quagga RIPd information disclosure 191084 - CVE-2006-2224 Quagga RIPd route injection 191376 - CVE-2006-2276 quagga locks with command sh ip bgp 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/quagga-0.96.2-11.3E.src.rpm fcd880dd2f1f922e8dc02160a947ec1d quagga-0.96.2-11.3E.src.rpm i386: 9161564a5722cb4bfe0ae7beb2b86057 quagga-0.96.2-11.3E.i386.rpm 34df55b9aab74f0dfa8dbb95318af308 quagga-debuginfo-0.96.2-11.3E.i386.rpm ia64: c44d0a382713b4c0af22df5c1caa6d26 quagga-0.96.2-11.3E.ia64.rpm f8660048798bdc57c577b081fb1e39bb quagga-debuginfo-0.96.2-11.3E.ia64.rpm ppc: 22137d5727fe3fc6ec094c792735a6ac quagga-0.96.2-11.3E.ppc.rpm 21a0593e16f0cb55f9ebcfdc431cd594 quagga-debuginfo-0.96.2-11.3E.ppc.rpm s390: 6b9f107b9c8e403cc70084e644047d60 quagga-0.96.2-11.3E.s390.rpm 45316c7dc06db75489f8cf534fb76d25 quagga-debuginfo-0.96.2-11.3E.s390.rpm s390x: 23524c23823e5b2c5c936be3f924a2ba quagga-0.96.2-11.3E.s390x.rpm 4c22b6cd495766672968f874ad87a527 quagga-debuginfo-0.96.2-11.3E.s390x.rpm x86_64: 8e752b034be7388f9487ccd502767699 quagga-0.96.2-11.3E.x86_64.rpm 5ce61ba937c19527617c9f2db2f817de quagga-debuginfo-0.96.2-11.3E.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/quagga-0.96.2-11.3E.src.rpm fcd880dd2f1f922e8dc02160a947ec1d quagga-0.96.2-11.3E.src.rpm i386: 9161564a5722cb4bfe0ae7beb2b86057 quagga-0.96.2-11.3E.i386.rpm 34df55b9aab74f0dfa8dbb95318af308 quagga-debuginfo-0.96.2-11.3E.i386.rpm ia64: c44d0a382713b4c0af22df5c1caa6d26 quagga-0.96.2-11.3E.ia64.rpm f8660048798bdc57c577b081fb1e39bb quagga-debuginfo-0.96.2-11.3E.ia64.rpm x86_64: 8e752b034be7388f9487ccd502767699 quagga-0.96.2-11.3E.x86_64.rpm 5ce61ba937c19527617c9f2db2f817de quagga-debuginfo-0.96.2-11.3E.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/quagga-0.98.3-2.4E.src.rpm 8e1e520295b2e60ec3a3a1456f4ac32c quagga-0.98.3-2.4E.src.rpm i386: 424c22075e47eaad5a39d1ffae6d12f0 quagga-0.98.3-2.4E.i386.rpm ceb72b1d6d397937e95b265fe07506c2 quagga-contrib-0.98.3-2.4E.i386.rpm 4ea4f2364e99c7383304339d9369132b quagga-debuginfo-0.98.3-2.4E.i386.rpm 2f723641cd3667ab3f71b3b037f3f1ee quagga-devel-0.98.3-2.4E.i386.rpm ia64: 772fcd0889d99758eef81559e2921c18 quagga-0.98.3-2.4E.ia64.rpm 240dbef8215983cace23e4ce75b17565 quagga-contrib-0.98.3-2.4E.ia64.rpm b3342116d7fb8ab17cd60ef3bf13ef1c quagga-debuginfo-0.98.3-2.4E.ia64.rpm 2ed5fa5bda76e0c12e8fb37a78eb1c24 quagga-devel-0.98.3-2.4E.ia64.rpm ppc: c5e07e8add5263b5d6fd48ca8f626f86 quagga-0.98.3-2.4E.ppc.rpm 23b66824e77246d0d66288c960d59e23 quagga-contrib-0.98.3-2.4E.ppc.rpm 18db7cc3db560be1606cff7285df7443 quagga-debuginfo-0.98.3-2.4E.ppc.rpm 08d3640a55e8c4324a3920f69520eaaa quagga-devel-0.98.3-2.4E.ppc.rpm s390: 046f86b73376db4020dbfb1e86035e68 quagga-0.98.3-2.4E.s390.rpm 9b98a6ede299736704f3d936f0b1d504 quagga-contrib-0.98.3-2.4E.s390.rpm 3ff1c0c9c283f58a8958859d4efadf2a quagga-debuginfo-0.98.3-2.4E.s390.rpm 0219dc67fd0a6ce68f872d8e3e4a4414 quagga-devel-0.98.3-2.4E.s390.rpm s390x: 9bf4e48db2b520bc6b961439d83a7a93 quagga-0.98.3-2.4E.s390x.rpm 9c063760f39f25aad41268d84053fe71 quagga-contrib-0.98.3-2.4E.s390x.rpm 33f8fb06581e74361664c1e7a5afdcbf quagga-debuginfo-0.98.3-2.4E.s390x.rpm a91489306834d2101f437082aa6204ad quagga-devel-0.98.3-2.4E.s390x.rpm x86_64: 3445db9b16c81b7949c292093447696e quagga-0.98.3-2.4E.x86_64.rpm b2e0ea7266db9aff12029cb12cfc5a59 quagga-contrib-0.98.3-2.4E.x86_64.rpm 38e49074ab20c380330ceaee2e243a94 quagga-debuginfo-0.98.3-2.4E.x86_64.rpm 2ea23e24a534bae762383d659b2ea250 quagga-devel-0.98.3-2.4E.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/quagga-0.98.3-2.4E.src.rpm 8e1e520295b2e60ec3a3a1456f4ac32c quagga-0.98.3-2.4E.src.rpm i386: 424c22075e47eaad5a39d1ffae6d12f0 quagga-0.98.3-2.4E.i386.rpm ceb72b1d6d397937e95b265fe07506c2 quagga-contrib-0.98.3-2.4E.i386.rpm 4ea4f2364e99c7383304339d9369132b quagga-debuginfo-0.98.3-2.4E.i386.rpm 2f723641cd3667ab3f71b3b037f3f1ee quagga-devel-0.98.3-2.4E.i386.rpm x86_64: 3445db9b16c81b7949c292093447696e quagga-0.98.3-2.4E.x86_64.rpm b2e0ea7266db9aff12029cb12cfc5a59 quagga-contrib-0.98.3-2.4E.x86_64.rpm 38e49074ab20c380330ceaee2e243a94 quagga-debuginfo-0.98.3-2.4E.x86_64.rpm 2ea23e24a534bae762383d659b2ea250 quagga-devel-0.98.3-2.4E.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/quagga-0.98.3-2.4E.src.rpm 8e1e520295b2e60ec3a3a1456f4ac32c quagga-0.98.3-2.4E.src.rpm i386: 424c22075e47eaad5a39d1ffae6d12f0 quagga-0.98.3-2.4E.i386.rpm ceb72b1d6d397937e95b265fe07506c2 quagga-contrib-0.98.3-2.4E.i386.rpm 4ea4f2364e99c7383304339d9369132b quagga-debuginfo-0.98.3-2.4E.i386.rpm 2f723641cd3667ab3f71b3b037f3f1ee quagga-devel-0.98.3-2.4E.i386.rpm ia64: 772fcd0889d99758eef81559e2921c18 quagga-0.98.3-2.4E.ia64.rpm 240dbef8215983cace23e4ce75b17565 quagga-contrib-0.98.3-2.4E.ia64.rpm b3342116d7fb8ab17cd60ef3bf13ef1c quagga-debuginfo-0.98.3-2.4E.ia64.rpm 2ed5fa5bda76e0c12e8fb37a78eb1c24 quagga-devel-0.98.3-2.4E.ia64.rpm x86_64: 3445db9b16c81b7949c292093447696e quagga-0.98.3-2.4E.x86_64.rpm b2e0ea7266db9aff12029cb12cfc5a59 quagga-contrib-0.98.3-2.4E.x86_64.rpm 38e49074ab20c380330ceaee2e243a94 quagga-debuginfo-0.98.3-2.4E.x86_64.rpm 2ea23e24a534bae762383d659b2ea250 quagga-devel-0.98.3-2.4E.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/quagga-0.98.3-2.4E.src.rpm 8e1e520295b2e60ec3a3a1456f4ac32c quagga-0.98.3-2.4E.src.rpm i386: 424c22075e47eaad5a39d1ffae6d12f0 quagga-0.98.3-2.4E.i386.rpm ceb72b1d6d397937e95b265fe07506c2 quagga-contrib-0.98.3-2.4E.i386.rpm 4ea4f2364e99c7383304339d9369132b quagga-debuginfo-0.98.3-2.4E.i386.rpm 2f723641cd3667ab3f71b3b037f3f1ee quagga-devel-0.98.3-2.4E.i386.rpm ia64: 772fcd0889d99758eef81559e2921c18 quagga-0.98.3-2.4E.ia64.rpm 240dbef8215983cace23e4ce75b17565 quagga-contrib-0.98.3-2.4E.ia64.rpm b3342116d7fb8ab17cd60ef3bf13ef1c quagga-debuginfo-0.98.3-2.4E.ia64.rpm 2ed5fa5bda76e0c12e8fb37a78eb1c24 quagga-devel-0.98.3-2.4E.ia64.rpm x86_64: 3445db9b16c81b7949c292093447696e quagga-0.98.3-2.4E.x86_64.rpm b2e0ea7266db9aff12029cb12cfc5a59 quagga-contrib-0.98.3-2.4E.x86_64.rpm 38e49074ab20c380330ceaee2e243a94 quagga-debuginfo-0.98.3-2.4E.x86_64.rpm 2ea23e24a534bae762383d659b2ea250 quagga-devel-0.98.3-2.4E.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2223 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2276 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFEfyiDXlSAg2UNWIIRAs9FAJ4ro3BoO92esgAuP6CC685zPDWhDgCgvV4y 03ZXwXlOXyONu/QjFUO1Iqg= =qf8e -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jun 1 17:49:19 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Jun 2006 13:49:19 -0400 Subject: [RHSA-2006:0533-01] Moderate: zebra security update Message-ID: <200606011749.k51HnJMu002436@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: zebra security update Advisory ID: RHSA-2006:0533-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0533.html Issue date: 2006-06-01 Updated on: 2006-06-01 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-2223 CVE-2006-2224 CVE-2006-2276 - --------------------------------------------------------------------- 1. Summary: Updated zebra packages that fix several security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 3. Problem description: GNU Zebra is a free software that manages TCP/IP based routing protocol. An information disclosure flaw was found in the way GNU Zebra interprets RIP REQUEST packets. RIPd in GNU Zebra will respond to RIP REQUEST packets for RIP versions that have been disabled or that have authentication enabled, allowing a remote attacker to acquire information about the local network. (CVE-2006-2223) A route injection flaw was found in the way GNU Zebra interprets RIPv1 RESPONSE packets when RIPv2 authentication is enabled. It is possible for a remote attacker to inject arbitrary route information into the RIPd routing tables. This issue does not affect GNU Zebra configurations where only RIPv2 is specified. (CVE-2006-2224) A denial of service flaw was found in GNU Zebra's telnet interface. If an attacker is able to connect to the GNU Zebra telnet interface, it is possible to cause GNU Zebra to consume vast quantities of CPU resources by issuing a malformed 'sh' command. (CVE-2006-2276) Users of GNU Zebra should upgrade to these updated packages, which contain backported patches that correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 192757 - CVE-2006-2224 zebra RIPd route injection 192758 - CVE-2006-2276 zebra locks with command sh ip bgp 192759 - CVE-2006-2223 zebra RIPd information disclosure 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/zebra-0.91a-11.21AS.src.rpm b6e01074d122bd8b5c4058fb38b7fec9 zebra-0.91a-11.21AS.src.rpm i386: 4d2926158a338aa627b941e3e03e9fbc zebra-0.91a-11.21AS.i386.rpm ia64: abb964bf1fe301e0faea7e05c4bd048f zebra-0.91a-11.21AS.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/zebra-0.91a-11.21AS.src.rpm b6e01074d122bd8b5c4058fb38b7fec9 zebra-0.91a-11.21AS.src.rpm ia64: abb964bf1fe301e0faea7e05c4bd048f zebra-0.91a-11.21AS.ia64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2223 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2276 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFEfyidXlSAg2UNWIIRAhSMAKC7/sdsUK1KQU/M4aceZInC5kdvIACgqyWI eJw1nBiR1HlXBnyDWBCcbYM= =QOT2 -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Jun 1 17:49:36 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Jun 2006 13:49:36 -0400 Subject: [RHSA-2006:0541-02] Moderate: dia security update Message-ID: <200606011749.k51Hnaxp002469@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: dia security update Advisory ID: RHSA-2006:0541-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0541.html Issue date: 2006-06-01 Updated on: 2006-06-01 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-2453 CVE-2006-2480 - --------------------------------------------------------------------- 1. Summary: Updated Dia packages that fix several buffer overflow bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The Dia drawing program is designed to draw various types of diagrams. Several format string flaws were found in the way dia displays certain messages. If an attacker is able to trick a Dia user into opening a carefully crafted file, it may be possible to execute arbitrary code as the user running Dia. (CVE-2006-2453, CVE-2006-2480) Users of Dia should update to these erratum packages, which contain backported patches and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 192698 - CVE-2006-2480 Dia format string issue (CVE-2006-2453) 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/dia-0.94-5.7.1.src.rpm d55df9a68f2c56a994dd8f71aee11380 dia-0.94-5.7.1.src.rpm i386: bc2e13813b8131cd8ea6dcdab910ed15 dia-0.94-5.7.1.i386.rpm f0cfd596249745cce1dc26854fa2d785 dia-debuginfo-0.94-5.7.1.i386.rpm ia64: 46e39c3112958e964d3aee06c5ec0562 dia-0.94-5.7.1.ia64.rpm 32a07c762ff0f4e2b35176c9b851d33c dia-debuginfo-0.94-5.7.1.ia64.rpm ppc: c468d0fda6ef02ef7ed3706701b5ef80 dia-0.94-5.7.1.ppc.rpm 6e913ed7eb05ff1764178822ab0ea249 dia-debuginfo-0.94-5.7.1.ppc.rpm s390: fb8026ab24b596855a59552f78efcc44 dia-0.94-5.7.1.s390.rpm 4159c13dca73903490b98499c5c60eb2 dia-debuginfo-0.94-5.7.1.s390.rpm s390x: aa3cd319dac56c3b8f423cda410eef53 dia-0.94-5.7.1.s390x.rpm 579389e8483e1b94e381c2801e17d752 dia-debuginfo-0.94-5.7.1.s390x.rpm x86_64: 8f0f6342f2c3fcb6cbd07ff8a0887ac8 dia-0.94-5.7.1.x86_64.rpm 851110084403997d62847d332f07b110 dia-debuginfo-0.94-5.7.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/dia-0.94-5.7.1.src.rpm d55df9a68f2c56a994dd8f71aee11380 dia-0.94-5.7.1.src.rpm i386: bc2e13813b8131cd8ea6dcdab910ed15 dia-0.94-5.7.1.i386.rpm f0cfd596249745cce1dc26854fa2d785 dia-debuginfo-0.94-5.7.1.i386.rpm x86_64: 8f0f6342f2c3fcb6cbd07ff8a0887ac8 dia-0.94-5.7.1.x86_64.rpm 851110084403997d62847d332f07b110 dia-debuginfo-0.94-5.7.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/dia-0.94-5.7.1.src.rpm d55df9a68f2c56a994dd8f71aee11380 dia-0.94-5.7.1.src.rpm i386: bc2e13813b8131cd8ea6dcdab910ed15 dia-0.94-5.7.1.i386.rpm f0cfd596249745cce1dc26854fa2d785 dia-debuginfo-0.94-5.7.1.i386.rpm ia64: 46e39c3112958e964d3aee06c5ec0562 dia-0.94-5.7.1.ia64.rpm 32a07c762ff0f4e2b35176c9b851d33c dia-debuginfo-0.94-5.7.1.ia64.rpm x86_64: 8f0f6342f2c3fcb6cbd07ff8a0887ac8 dia-0.94-5.7.1.x86_64.rpm 851110084403997d62847d332f07b110 dia-debuginfo-0.94-5.7.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/dia-0.94-5.7.1.src.rpm d55df9a68f2c56a994dd8f71aee11380 dia-0.94-5.7.1.src.rpm i386: bc2e13813b8131cd8ea6dcdab910ed15 dia-0.94-5.7.1.i386.rpm f0cfd596249745cce1dc26854fa2d785 dia-debuginfo-0.94-5.7.1.i386.rpm ia64: 46e39c3112958e964d3aee06c5ec0562 dia-0.94-5.7.1.ia64.rpm 32a07c762ff0f4e2b35176c9b851d33c dia-debuginfo-0.94-5.7.1.ia64.rpm x86_64: 8f0f6342f2c3fcb6cbd07ff8a0887ac8 dia-0.94-5.7.1.x86_64.rpm 851110084403997d62847d332f07b110 dia-debuginfo-0.94-5.7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2453 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2480 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFEfyiuXlSAg2UNWIIRAvRkAKCHjUvZlkc6GIbppLWNqUKUDavUPACfZ/aC yK1kgE68WqMXifFTwnf71jQ= =Znec -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Jun 6 18:19:06 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 6 Jun 2006 14:19:06 -0400 Subject: [RHSA-2006:0543-01] Moderate: spamassassin security update Message-ID: <200606061819.k56IJ63N019855@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: spamassassin security update Advisory ID: RHSA-2006:0543-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0543.html Issue date: 2006-06-06 Updated on: 2006-06-06 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-2447 - --------------------------------------------------------------------- 1. Summary: Updated spamassassin packages that fix an arbitrary code execution flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: SpamAssassin provides a way to reduce unsolicited commercial email (SPAM) from incoming email. A flaw was found with the way the Spamassassin spamd daemon processes the virtual pop username passed to it. If a site is running spamd with both the - --vpopmail and --paranoid flags, it is possible for a remote user with the ability to connect to the spamd daemon to execute arbitrary commands as the user running the spamd daemon. (CVE-2006-2447) Note: None of the IMAP or POP servers shipped with Red Hat Enterprise Linux 4 support vpopmail delivery. Running spamd with the --vpopmail and - --paranoid flags is uncommon and not the default startup option as shipped with Red Hat Enterprise Linux 4. Spamassassin, as shipped in Red Hat Enterprise Linux 4, performs RBL lookups against visi.com to help determine if an email is spam. However, this DNS RBL has recently disappeared, resulting in mail filtering delays and timeouts. Users of SpamAssassin should upgrade to these updated packages containing version 3.0.6 and backported patches, which are not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 178580 - /etc/sysconfig/spamassasin loses file context and timestamp 191033 - spamassassin looks up broken NS domain (visi.com) 193865 - CVE-2006-2447 spamassassin arbitrary command execution 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/spamassassin-3.0.6-1.el4.src.rpm 1cf6fab6ed57f94851a8c87ada04f523 spamassassin-3.0.6-1.el4.src.rpm i386: 0978c0b3e20da3fac966c71d13667bea spamassassin-3.0.6-1.el4.i386.rpm 25bd4187c6a66e2ca677105811029237 spamassassin-debuginfo-3.0.6-1.el4.i386.rpm ia64: 8e16f3dea0718f28a779ab7265a5bee1 spamassassin-3.0.6-1.el4.ia64.rpm 3e1d2e066d9703cd6beaa5a9bad55c4a spamassassin-debuginfo-3.0.6-1.el4.ia64.rpm ppc: 1777390bb8c1371d85b5f18ebbf3f50a spamassassin-3.0.6-1.el4.ppc.rpm d32f0f8e36f8bb5794a77ac0e7fd4d9f spamassassin-debuginfo-3.0.6-1.el4.ppc.rpm s390: 19525de01fac4f0d7bb66ea5f5abd955 spamassassin-3.0.6-1.el4.s390.rpm d582574e19e8302d4b2aba17e8efd558 spamassassin-debuginfo-3.0.6-1.el4.s390.rpm s390x: 6c35a656281f5d4d5fe856987dfe686b spamassassin-3.0.6-1.el4.s390x.rpm 31a8592215353516a365f8b80ed487f4 spamassassin-debuginfo-3.0.6-1.el4.s390x.rpm x86_64: 0e723a4ff9037961094be458f0da16e3 spamassassin-3.0.6-1.el4.x86_64.rpm 4c4640624ad78ea722d1407bf0a7ba82 spamassassin-debuginfo-3.0.6-1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/spamassassin-3.0.6-1.el4.src.rpm 1cf6fab6ed57f94851a8c87ada04f523 spamassassin-3.0.6-1.el4.src.rpm i386: 0978c0b3e20da3fac966c71d13667bea spamassassin-3.0.6-1.el4.i386.rpm 25bd4187c6a66e2ca677105811029237 spamassassin-debuginfo-3.0.6-1.el4.i386.rpm x86_64: 0e723a4ff9037961094be458f0da16e3 spamassassin-3.0.6-1.el4.x86_64.rpm 4c4640624ad78ea722d1407bf0a7ba82 spamassassin-debuginfo-3.0.6-1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/spamassassin-3.0.6-1.el4.src.rpm 1cf6fab6ed57f94851a8c87ada04f523 spamassassin-3.0.6-1.el4.src.rpm i386: 0978c0b3e20da3fac966c71d13667bea spamassassin-3.0.6-1.el4.i386.rpm 25bd4187c6a66e2ca677105811029237 spamassassin-debuginfo-3.0.6-1.el4.i386.rpm ia64: 8e16f3dea0718f28a779ab7265a5bee1 spamassassin-3.0.6-1.el4.ia64.rpm 3e1d2e066d9703cd6beaa5a9bad55c4a spamassassin-debuginfo-3.0.6-1.el4.ia64.rpm x86_64: 0e723a4ff9037961094be458f0da16e3 spamassassin-3.0.6-1.el4.x86_64.rpm 4c4640624ad78ea722d1407bf0a7ba82 spamassassin-debuginfo-3.0.6-1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/spamassassin-3.0.6-1.el4.src.rpm 1cf6fab6ed57f94851a8c87ada04f523 spamassassin-3.0.6-1.el4.src.rpm i386: 0978c0b3e20da3fac966c71d13667bea spamassassin-3.0.6-1.el4.i386.rpm 25bd4187c6a66e2ca677105811029237 spamassassin-debuginfo-3.0.6-1.el4.i386.rpm ia64: 8e16f3dea0718f28a779ab7265a5bee1 spamassassin-3.0.6-1.el4.ia64.rpm 3e1d2e066d9703cd6beaa5a9bad55c4a spamassassin-debuginfo-3.0.6-1.el4.ia64.rpm x86_64: 0e723a4ff9037961094be458f0da16e3 spamassassin-3.0.6-1.el4.x86_64.rpm 4c4640624ad78ea722d1407bf0a7ba82 spamassassin-debuginfo-3.0.6-1.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2447 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFEhccQXlSAg2UNWIIRAooYAJ9b/KA6Ej3YgBMs8fzV0macvTdwggCePepz x1clJ7rWy1OSEdy+d7B8lYY= =PT/V -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jun 9 15:21:58 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 9 Jun 2006 11:21:58 -0400 Subject: [RHSA-2006:0486-01] Moderate: mailman security update Message-ID: <200606091521.k59FLwI7017622@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: mailman security update Advisory ID: RHSA-2006:0486-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0486.html Issue date: 2006-06-09 Updated on: 2006-06-09 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-0052 - --------------------------------------------------------------------- 1. Summary: An updated mailman package that fixes a denial of service flaw is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Mailman is software to help manage email discussion lists. A flaw was found in the way Mailman handles MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. (CVE-2006-0052) Users of Mailman should upgrade to this updated package, which contains backported patches to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 187420 - CVE-2006-0052 Mailman DoS 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mailman-2.1.5.1-25.rhel3.5.src.rpm 864b23ce9d7bb6ec67e1925e727b00a1 mailman-2.1.5.1-25.rhel3.5.src.rpm i386: 1f8675edb008914d72c17ac208778ce8 mailman-2.1.5.1-25.rhel3.5.i386.rpm 5591118fdeb23c8f7ab773ecc89b2d64 mailman-debuginfo-2.1.5.1-25.rhel3.5.i386.rpm ia64: dea1f57a4cab00421c7e733abce56d0a mailman-2.1.5.1-25.rhel3.5.ia64.rpm d626620c55ce2d6be83ede96d2b52b2a mailman-debuginfo-2.1.5.1-25.rhel3.5.ia64.rpm ppc: 28603ff74e71bf42a65a642219ac2c12 mailman-2.1.5.1-25.rhel3.5.ppc.rpm 2092db336ea3383b409ae08b72805c3c mailman-debuginfo-2.1.5.1-25.rhel3.5.ppc.rpm s390: 8b71da905859dda6df957227d7813f73 mailman-2.1.5.1-25.rhel3.5.s390.rpm 750eb1cb63a4bb4e10fc43b0c13df8e4 mailman-debuginfo-2.1.5.1-25.rhel3.5.s390.rpm s390x: 0d6b38a5ba6d707bf7be2c97e5d5f697 mailman-2.1.5.1-25.rhel3.5.s390x.rpm dd4ba23b250a06c22b92cf944de05021 mailman-debuginfo-2.1.5.1-25.rhel3.5.s390x.rpm x86_64: cb3afd6302189d2141198f6569405ab2 mailman-2.1.5.1-25.rhel3.5.x86_64.rpm b599a1cc3684547547eafca41c4f0aed mailman-debuginfo-2.1.5.1-25.rhel3.5.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mailman-2.1.5.1-25.rhel3.5.src.rpm 864b23ce9d7bb6ec67e1925e727b00a1 mailman-2.1.5.1-25.rhel3.5.src.rpm i386: 1f8675edb008914d72c17ac208778ce8 mailman-2.1.5.1-25.rhel3.5.i386.rpm 5591118fdeb23c8f7ab773ecc89b2d64 mailman-debuginfo-2.1.5.1-25.rhel3.5.i386.rpm x86_64: cb3afd6302189d2141198f6569405ab2 mailman-2.1.5.1-25.rhel3.5.x86_64.rpm b599a1cc3684547547eafca41c4f0aed mailman-debuginfo-2.1.5.1-25.rhel3.5.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mailman-2.1.5.1-25.rhel3.5.src.rpm 864b23ce9d7bb6ec67e1925e727b00a1 mailman-2.1.5.1-25.rhel3.5.src.rpm i386: 1f8675edb008914d72c17ac208778ce8 mailman-2.1.5.1-25.rhel3.5.i386.rpm 5591118fdeb23c8f7ab773ecc89b2d64 mailman-debuginfo-2.1.5.1-25.rhel3.5.i386.rpm ia64: dea1f57a4cab00421c7e733abce56d0a mailman-2.1.5.1-25.rhel3.5.ia64.rpm d626620c55ce2d6be83ede96d2b52b2a mailman-debuginfo-2.1.5.1-25.rhel3.5.ia64.rpm x86_64: cb3afd6302189d2141198f6569405ab2 mailman-2.1.5.1-25.rhel3.5.x86_64.rpm b599a1cc3684547547eafca41c4f0aed mailman-debuginfo-2.1.5.1-25.rhel3.5.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mailman-2.1.5.1-25.rhel3.5.src.rpm 864b23ce9d7bb6ec67e1925e727b00a1 mailman-2.1.5.1-25.rhel3.5.src.rpm i386: 1f8675edb008914d72c17ac208778ce8 mailman-2.1.5.1-25.rhel3.5.i386.rpm 5591118fdeb23c8f7ab773ecc89b2d64 mailman-debuginfo-2.1.5.1-25.rhel3.5.i386.rpm ia64: dea1f57a4cab00421c7e733abce56d0a mailman-2.1.5.1-25.rhel3.5.ia64.rpm d626620c55ce2d6be83ede96d2b52b2a mailman-debuginfo-2.1.5.1-25.rhel3.5.ia64.rpm x86_64: cb3afd6302189d2141198f6569405ab2 mailman-2.1.5.1-25.rhel3.5.x86_64.rpm b599a1cc3684547547eafca41c4f0aed mailman-debuginfo-2.1.5.1-25.rhel3.5.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.3.src.rpm 710bda1e3e2d327750b2e173e4f26ade mailman-2.1.5.1-34.rhel4.3.src.rpm i386: d9ef371fe0bbfd5088458a66252fc85a mailman-2.1.5.1-34.rhel4.3.i386.rpm d845b291a05886a7e2747d69cd92c787 mailman-debuginfo-2.1.5.1-34.rhel4.3.i386.rpm ia64: e6f69b07fa7bcda1bd243c0ee9fc625f mailman-2.1.5.1-34.rhel4.3.ia64.rpm 1fa4545391bdebbb8a2756f475534341 mailman-debuginfo-2.1.5.1-34.rhel4.3.ia64.rpm ppc: aac7cd4291f95b603ca1318844b8aa67 mailman-2.1.5.1-34.rhel4.3.ppc.rpm 83cdd5e4b505ce46fd720dcfb6a629b4 mailman-debuginfo-2.1.5.1-34.rhel4.3.ppc.rpm s390: fb24bfc7f51ce6078c0f2918485aa88f mailman-2.1.5.1-34.rhel4.3.s390.rpm 00ad62057a06e026111c877ad93c8b7f mailman-debuginfo-2.1.5.1-34.rhel4.3.s390.rpm s390x: d193fd7597c5f871f819865674c13c15 mailman-2.1.5.1-34.rhel4.3.s390x.rpm f8dcab2a9ffd04fc13f4441035111406 mailman-debuginfo-2.1.5.1-34.rhel4.3.s390x.rpm x86_64: bff48be8cc1ca2adc29e50d80c274973 mailman-2.1.5.1-34.rhel4.3.x86_64.rpm d0a2ba73d5d845a9799d0d86634dc866 mailman-debuginfo-2.1.5.1-34.rhel4.3.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.3.src.rpm 710bda1e3e2d327750b2e173e4f26ade mailman-2.1.5.1-34.rhel4.3.src.rpm i386: d9ef371fe0bbfd5088458a66252fc85a mailman-2.1.5.1-34.rhel4.3.i386.rpm d845b291a05886a7e2747d69cd92c787 mailman-debuginfo-2.1.5.1-34.rhel4.3.i386.rpm x86_64: bff48be8cc1ca2adc29e50d80c274973 mailman-2.1.5.1-34.rhel4.3.x86_64.rpm d0a2ba73d5d845a9799d0d86634dc866 mailman-debuginfo-2.1.5.1-34.rhel4.3.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.3.src.rpm 710bda1e3e2d327750b2e173e4f26ade mailman-2.1.5.1-34.rhel4.3.src.rpm i386: d9ef371fe0bbfd5088458a66252fc85a mailman-2.1.5.1-34.rhel4.3.i386.rpm d845b291a05886a7e2747d69cd92c787 mailman-debuginfo-2.1.5.1-34.rhel4.3.i386.rpm ia64: e6f69b07fa7bcda1bd243c0ee9fc625f mailman-2.1.5.1-34.rhel4.3.ia64.rpm 1fa4545391bdebbb8a2756f475534341 mailman-debuginfo-2.1.5.1-34.rhel4.3.ia64.rpm x86_64: bff48be8cc1ca2adc29e50d80c274973 mailman-2.1.5.1-34.rhel4.3.x86_64.rpm d0a2ba73d5d845a9799d0d86634dc866 mailman-debuginfo-2.1.5.1-34.rhel4.3.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.3.src.rpm 710bda1e3e2d327750b2e173e4f26ade mailman-2.1.5.1-34.rhel4.3.src.rpm i386: d9ef371fe0bbfd5088458a66252fc85a mailman-2.1.5.1-34.rhel4.3.i386.rpm d845b291a05886a7e2747d69cd92c787 mailman-debuginfo-2.1.5.1-34.rhel4.3.i386.rpm ia64: e6f69b07fa7bcda1bd243c0ee9fc625f mailman-2.1.5.1-34.rhel4.3.ia64.rpm 1fa4545391bdebbb8a2756f475534341 mailman-debuginfo-2.1.5.1-34.rhel4.3.ia64.rpm x86_64: bff48be8cc1ca2adc29e50d80c274973 mailman-2.1.5.1-34.rhel4.3.x86_64.rpm d0a2ba73d5d845a9799d0d86634dc866 mailman-debuginfo-2.1.5.1-34.rhel4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0052 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFEiZILXlSAg2UNWIIRAkDMAJwNBvGPXWyu0c7w0niSO1ujNxFjOQCgxXJM diQaWeTVHFuspykIb7HqKJw= =503R -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Jun 9 15:22:19 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 9 Jun 2006 11:22:19 -0400 Subject: [RHSA-2006:0544-01] Important: mysql security update Message-ID: <200606091522.k59FMJCZ017635@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: mysql security update Advisory ID: RHSA-2006:0544-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0544.html Issue date: 2006-06-09 Updated on: 2006-06-09 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-2753 - --------------------------------------------------------------------- 1. Summary: Updated mysql packages that fix multiple security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way the MySQL mysql_real_escape() function escaped strings when operating in a multibyte character encoding. An attacker could provide an application a carefully crafted string containing invalidly-encoded characters which may be improperly escaped, leading to the injection of malicious SQL commands. (CVE-2006-2753) An information disclosure flaw was found in the way the MySQL server processed malformed usernames. An attacker could view a small portion of server memory by supplying an anonymous login username which was not null terminated. (CVE-2006-1516) An information disclosure flaw was found in the way the MySQL server executed the COM_TABLE_DUMP command. An authenticated malicious user could send a specially crafted packet to the MySQL server which returned random unallocated memory. (CVE-2006-1517) A log file obfuscation flaw was found in the way the mysql_real_query() function creates log file entries. An attacker with the the ability to call the mysql_real_query() function against a mysql server can obfuscate the entry the server will write to the log file. However, an attacker needed to have complete control over a server in order to attempt this attack. (CVE-2006-0903) This update also fixes numerous non-security-related flaws, such as intermittent authentication failures. All users of mysql are advised to upgrade to these updated packages containing MySQL version 4.1.20, which is not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 183260 - CVE-2006-0903 Mysql log file obfuscation 183277 - Client error in mysql on updates when high concurrency 190743 - CVE-2006-1517 Mysql information leak 190863 - CVE-2006-1516 mysql anonymous login information leak 193827 - CVE-2006-2753 MySQL improper multibyte string escaping 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mysql-4.1.20-1.RHEL4.1.src.rpm a2f3a2d4debf79880185121dbbe44046 mysql-4.1.20-1.RHEL4.1.src.rpm i386: 08a2cb1c1b6d0a017d1dd8b0e146d753 mysql-4.1.20-1.RHEL4.1.i386.rpm 4c64c56cf7cd7e51b8af1ddc0d7f9927 mysql-bench-4.1.20-1.RHEL4.1.i386.rpm 96ba397daa68548bb295892e42b09e33 mysql-debuginfo-4.1.20-1.RHEL4.1.i386.rpm c8b580d2a1a92a11a2f493dba2b96159 mysql-devel-4.1.20-1.RHEL4.1.i386.rpm 8aa0d5a1d3600ff7896d82d69935aed3 mysql-server-4.1.20-1.RHEL4.1.i386.rpm ia64: 08a2cb1c1b6d0a017d1dd8b0e146d753 mysql-4.1.20-1.RHEL4.1.i386.rpm 31f495c09ada1272043c2f20d51da60f mysql-4.1.20-1.RHEL4.1.ia64.rpm dd14f3e7d79bcb43249ac4ac8e1f0e94 mysql-bench-4.1.20-1.RHEL4.1.ia64.rpm 96ba397daa68548bb295892e42b09e33 mysql-debuginfo-4.1.20-1.RHEL4.1.i386.rpm e620639f885eaf3be8c6c1d40c1940de mysql-debuginfo-4.1.20-1.RHEL4.1.ia64.rpm 645a30fe7523fabb1dad211122c91696 mysql-devel-4.1.20-1.RHEL4.1.ia64.rpm 862dc1e3420a5701a6cfba70637b9fb0 mysql-server-4.1.20-1.RHEL4.1.ia64.rpm ppc: 73930f1ecacdf0104a5fa0eb26991af5 mysql-4.1.20-1.RHEL4.1.ppc.rpm fb6cd06215f42871c55040072bef98de mysql-4.1.20-1.RHEL4.1.ppc64.rpm 324850079285509d584b626966f89843 mysql-bench-4.1.20-1.RHEL4.1.ppc.rpm 0f80ce0a2b0891a0aab431d9c5588d42 mysql-debuginfo-4.1.20-1.RHEL4.1.ppc.rpm d26e8999933c2bc912a6527b787cc299 mysql-debuginfo-4.1.20-1.RHEL4.1.ppc64.rpm 217f143cc4e238fab9be84224e224635 mysql-devel-4.1.20-1.RHEL4.1.ppc.rpm 9030e10ce11abc622e8199a3b4556a98 mysql-server-4.1.20-1.RHEL4.1.ppc.rpm s390: ffcae0f612254941d5ad5456f0ac01ad mysql-4.1.20-1.RHEL4.1.s390.rpm 4e73c481e7694d273855f11008297075 mysql-bench-4.1.20-1.RHEL4.1.s390.rpm cd366cc29ed9e1a0ccbee71ff87e5885 mysql-debuginfo-4.1.20-1.RHEL4.1.s390.rpm 0c8cf2d8bbb3a612448715678ffdcd8d mysql-devel-4.1.20-1.RHEL4.1.s390.rpm dac602ffe37660b8e3c01ecfeb910337 mysql-server-4.1.20-1.RHEL4.1.s390.rpm s390x: ffcae0f612254941d5ad5456f0ac01ad mysql-4.1.20-1.RHEL4.1.s390.rpm 63bae1479ea4798b2d0baa5478819402 mysql-4.1.20-1.RHEL4.1.s390x.rpm 739d66b027e6ba5a7826e7b039bc7060 mysql-bench-4.1.20-1.RHEL4.1.s390x.rpm cd366cc29ed9e1a0ccbee71ff87e5885 mysql-debuginfo-4.1.20-1.RHEL4.1.s390.rpm cba045f8922ce1337e6bebca5de72d9c mysql-debuginfo-4.1.20-1.RHEL4.1.s390x.rpm 3463483049e38a6fbd4ee34f427ac869 mysql-devel-4.1.20-1.RHEL4.1.s390x.rpm 20870248905a1c3af1bf6b17688b5843 mysql-server-4.1.20-1.RHEL4.1.s390x.rpm x86_64: 08a2cb1c1b6d0a017d1dd8b0e146d753 mysql-4.1.20-1.RHEL4.1.i386.rpm 3c3d997209f94f16c296ec9022f0ae56 mysql-4.1.20-1.RHEL4.1.x86_64.rpm 9247f09ee8067fb2e233948399c2ee19 mysql-bench-4.1.20-1.RHEL4.1.x86_64.rpm 96ba397daa68548bb295892e42b09e33 mysql-debuginfo-4.1.20-1.RHEL4.1.i386.rpm 9b83df74fbedf9922bfea831c7442e00 mysql-debuginfo-4.1.20-1.RHEL4.1.x86_64.rpm 6dd062482cf41bf37c426dbb7d5d19f7 mysql-devel-4.1.20-1.RHEL4.1.x86_64.rpm 3dc3e127614cc1d015ec43d34e5f66dd mysql-server-4.1.20-1.RHEL4.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mysql-4.1.20-1.RHEL4.1.src.rpm a2f3a2d4debf79880185121dbbe44046 mysql-4.1.20-1.RHEL4.1.src.rpm i386: 08a2cb1c1b6d0a017d1dd8b0e146d753 mysql-4.1.20-1.RHEL4.1.i386.rpm 4c64c56cf7cd7e51b8af1ddc0d7f9927 mysql-bench-4.1.20-1.RHEL4.1.i386.rpm 96ba397daa68548bb295892e42b09e33 mysql-debuginfo-4.1.20-1.RHEL4.1.i386.rpm c8b580d2a1a92a11a2f493dba2b96159 mysql-devel-4.1.20-1.RHEL4.1.i386.rpm 8aa0d5a1d3600ff7896d82d69935aed3 mysql-server-4.1.20-1.RHEL4.1.i386.rpm x86_64: 08a2cb1c1b6d0a017d1dd8b0e146d753 mysql-4.1.20-1.RHEL4.1.i386.rpm 3c3d997209f94f16c296ec9022f0ae56 mysql-4.1.20-1.RHEL4.1.x86_64.rpm 9247f09ee8067fb2e233948399c2ee19 mysql-bench-4.1.20-1.RHEL4.1.x86_64.rpm 96ba397daa68548bb295892e42b09e33 mysql-debuginfo-4.1.20-1.RHEL4.1.i386.rpm 9b83df74fbedf9922bfea831c7442e00 mysql-debuginfo-4.1.20-1.RHEL4.1.x86_64.rpm 6dd062482cf41bf37c426dbb7d5d19f7 mysql-devel-4.1.20-1.RHEL4.1.x86_64.rpm 3dc3e127614cc1d015ec43d34e5f66dd mysql-server-4.1.20-1.RHEL4.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mysql-4.1.20-1.RHEL4.1.src.rpm a2f3a2d4debf79880185121dbbe44046 mysql-4.1.20-1.RHEL4.1.src.rpm i386: 08a2cb1c1b6d0a017d1dd8b0e146d753 mysql-4.1.20-1.RHEL4.1.i386.rpm 4c64c56cf7cd7e51b8af1ddc0d7f9927 mysql-bench-4.1.20-1.RHEL4.1.i386.rpm 96ba397daa68548bb295892e42b09e33 mysql-debuginfo-4.1.20-1.RHEL4.1.i386.rpm c8b580d2a1a92a11a2f493dba2b96159 mysql-devel-4.1.20-1.RHEL4.1.i386.rpm 8aa0d5a1d3600ff7896d82d69935aed3 mysql-server-4.1.20-1.RHEL4.1.i386.rpm ia64: 08a2cb1c1b6d0a017d1dd8b0e146d753 mysql-4.1.20-1.RHEL4.1.i386.rpm 31f495c09ada1272043c2f20d51da60f mysql-4.1.20-1.RHEL4.1.ia64.rpm dd14f3e7d79bcb43249ac4ac8e1f0e94 mysql-bench-4.1.20-1.RHEL4.1.ia64.rpm 96ba397daa68548bb295892e42b09e33 mysql-debuginfo-4.1.20-1.RHEL4.1.i386.rpm e620639f885eaf3be8c6c1d40c1940de mysql-debuginfo-4.1.20-1.RHEL4.1.ia64.rpm 645a30fe7523fabb1dad211122c91696 mysql-devel-4.1.20-1.RHEL4.1.ia64.rpm 862dc1e3420a5701a6cfba70637b9fb0 mysql-server-4.1.20-1.RHEL4.1.ia64.rpm x86_64: 08a2cb1c1b6d0a017d1dd8b0e146d753 mysql-4.1.20-1.RHEL4.1.i386.rpm 3c3d997209f94f16c296ec9022f0ae56 mysql-4.1.20-1.RHEL4.1.x86_64.rpm 9247f09ee8067fb2e233948399c2ee19 mysql-bench-4.1.20-1.RHEL4.1.x86_64.rpm 96ba397daa68548bb295892e42b09e33 mysql-debuginfo-4.1.20-1.RHEL4.1.i386.rpm 9b83df74fbedf9922bfea831c7442e00 mysql-debuginfo-4.1.20-1.RHEL4.1.x86_64.rpm 6dd062482cf41bf37c426dbb7d5d19f7 mysql-devel-4.1.20-1.RHEL4.1.x86_64.rpm 3dc3e127614cc1d015ec43d34e5f66dd mysql-server-4.1.20-1.RHEL4.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mysql-4.1.20-1.RHEL4.1.src.rpm a2f3a2d4debf79880185121dbbe44046 mysql-4.1.20-1.RHEL4.1.src.rpm i386: 08a2cb1c1b6d0a017d1dd8b0e146d753 mysql-4.1.20-1.RHEL4.1.i386.rpm 4c64c56cf7cd7e51b8af1ddc0d7f9927 mysql-bench-4.1.20-1.RHEL4.1.i386.rpm 96ba397daa68548bb295892e42b09e33 mysql-debuginfo-4.1.20-1.RHEL4.1.i386.rpm c8b580d2a1a92a11a2f493dba2b96159 mysql-devel-4.1.20-1.RHEL4.1.i386.rpm 8aa0d5a1d3600ff7896d82d69935aed3 mysql-server-4.1.20-1.RHEL4.1.i386.rpm ia64: 08a2cb1c1b6d0a017d1dd8b0e146d753 mysql-4.1.20-1.RHEL4.1.i386.rpm 31f495c09ada1272043c2f20d51da60f mysql-4.1.20-1.RHEL4.1.ia64.rpm dd14f3e7d79bcb43249ac4ac8e1f0e94 mysql-bench-4.1.20-1.RHEL4.1.ia64.rpm 96ba397daa68548bb295892e42b09e33 mysql-debuginfo-4.1.20-1.RHEL4.1.i386.rpm e620639f885eaf3be8c6c1d40c1940de mysql-debuginfo-4.1.20-1.RHEL4.1.ia64.rpm 645a30fe7523fabb1dad211122c91696 mysql-devel-4.1.20-1.RHEL4.1.ia64.rpm 862dc1e3420a5701a6cfba70637b9fb0 mysql-server-4.1.20-1.RHEL4.1.ia64.rpm x86_64: 08a2cb1c1b6d0a017d1dd8b0e146d753 mysql-4.1.20-1.RHEL4.1.i386.rpm 3c3d997209f94f16c296ec9022f0ae56 mysql-4.1.20-1.RHEL4.1.x86_64.rpm 9247f09ee8067fb2e233948399c2ee19 mysql-bench-4.1.20-1.RHEL4.1.x86_64.rpm 96ba397daa68548bb295892e42b09e33 mysql-debuginfo-4.1.20-1.RHEL4.1.i386.rpm 9b83df74fbedf9922bfea831c7442e00 mysql-debuginfo-4.1.20-1.RHEL4.1.x86_64.rpm 6dd062482cf41bf37c426dbb7d5d19f7 mysql-devel-4.1.20-1.RHEL4.1.x86_64.rpm 3dc3e127614cc1d015ec43d34e5f66dd mysql-server-4.1.20-1.RHEL4.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0903 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753 http://lists.mysql.com/announce/364 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFEiZIkXlSAg2UNWIIRAub7AJ9VTr8g04Mr7jMmGyFYzBD85hPp1gCfSxGv S69DIVl90FSFSdN2ogVTqnc= =Td5w -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 14 19:15:00 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Jun 2006 15:15:00 -0400 Subject: [RHSA-2006:0515-01] Important: sendmail security update Message-ID: <200606141915.k5EJF0pJ013020@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: sendmail security update Advisory ID: RHSA-2006:0515-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0515.html Issue date: 2006-06-14 Updated on: 2006-06-14 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-1173 - --------------------------------------------------------------------- 1. Summary: Updated sendmail packages are now available to fix a denial of service security issue. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Sendmail is a Mail Transport Agent (MTA) used to send mail between machines. A flaw in the handling of multi-part MIME messages was discovered in Sendmail. A remote attacker could create a carefully crafted message that could crash the sendmail process during delivery (CVE-2006-1173). By default on Red Hat Enterprise Linux, Sendmail is configured to only accept connections from the local host. Therefore, only users who have configured Sendmail to listen to remote hosts would be remotely vulnerable to this issue. Users of Sendmail are advised to upgrade to these erratum packages, which contain a backported patch from the Sendmail team to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/sendmail-8.12.11-4.21AS.10.src.rpm eb433f9156e195c172d856a78e3561f4 sendmail-8.12.11-4.21AS.10.src.rpm i386: 651d0b9ebaeb462339fa26bbda78b5dd sendmail-8.12.11-4.21AS.10.i386.rpm 54ef317154cc461a1f41ce6b5fabdf62 sendmail-cf-8.12.11-4.21AS.10.i386.rpm c3246afcc3a6d89f83aeb688d07d83af sendmail-devel-8.12.11-4.21AS.10.i386.rpm 7d76ca987f5d5309c0e01adb459d46d3 sendmail-doc-8.12.11-4.21AS.10.i386.rpm ia64: 95a0e87d324875906f1006d0da31c9d2 sendmail-8.12.11-4.21AS.10.ia64.rpm 60cb3641eafc04b17e5789870b6e8d94 sendmail-cf-8.12.11-4.21AS.10.ia64.rpm e1363f56f8fd522f49369918a43575b7 sendmail-devel-8.12.11-4.21AS.10.ia64.rpm 5c260e42bb8445a45a3f67ce85f5ee9f sendmail-doc-8.12.11-4.21AS.10.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/sendmail-8.12.11-4.21AS.10.src.rpm eb433f9156e195c172d856a78e3561f4 sendmail-8.12.11-4.21AS.10.src.rpm ia64: 95a0e87d324875906f1006d0da31c9d2 sendmail-8.12.11-4.21AS.10.ia64.rpm 60cb3641eafc04b17e5789870b6e8d94 sendmail-cf-8.12.11-4.21AS.10.ia64.rpm e1363f56f8fd522f49369918a43575b7 sendmail-devel-8.12.11-4.21AS.10.ia64.rpm 5c260e42bb8445a45a3f67ce85f5ee9f sendmail-doc-8.12.11-4.21AS.10.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/sendmail-8.12.11-4.21AS.10.src.rpm eb433f9156e195c172d856a78e3561f4 sendmail-8.12.11-4.21AS.10.src.rpm i386: 651d0b9ebaeb462339fa26bbda78b5dd sendmail-8.12.11-4.21AS.10.i386.rpm 54ef317154cc461a1f41ce6b5fabdf62 sendmail-cf-8.12.11-4.21AS.10.i386.rpm c3246afcc3a6d89f83aeb688d07d83af sendmail-devel-8.12.11-4.21AS.10.i386.rpm 7d76ca987f5d5309c0e01adb459d46d3 sendmail-doc-8.12.11-4.21AS.10.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/sendmail-8.12.11-4.21AS.10.src.rpm eb433f9156e195c172d856a78e3561f4 sendmail-8.12.11-4.21AS.10.src.rpm i386: 651d0b9ebaeb462339fa26bbda78b5dd sendmail-8.12.11-4.21AS.10.i386.rpm 54ef317154cc461a1f41ce6b5fabdf62 sendmail-cf-8.12.11-4.21AS.10.i386.rpm c3246afcc3a6d89f83aeb688d07d83af sendmail-devel-8.12.11-4.21AS.10.i386.rpm 7d76ca987f5d5309c0e01adb459d46d3 sendmail-doc-8.12.11-4.21AS.10.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.6.src.rpm 56e56bc18449573537f9a840bcd80edd sendmail-8.12.11-4.RHEL3.6.src.rpm i386: 3ff8e78f4d0d82037e6980b86bb5fc45 sendmail-8.12.11-4.RHEL3.6.i386.rpm 4e4088675e76dee6f234f84070c798db sendmail-cf-8.12.11-4.RHEL3.6.i386.rpm 97a9ef4d4723be8fc0c46f939b513dbe sendmail-debuginfo-8.12.11-4.RHEL3.6.i386.rpm ec57128bd02ff7c63f9c97dacfbcbcc5 sendmail-devel-8.12.11-4.RHEL3.6.i386.rpm c14599455866418ae9cf9b9c7685dc37 sendmail-doc-8.12.11-4.RHEL3.5.i386.rpm ia64: 3e5888671c01b60810b8f0c4c14d2b62 sendmail-8.12.11-4.RHEL3.6.ia64.rpm 02a4adbc238b3e6de9829cca545819c8 sendmail-cf-8.12.11-4.RHEL3.6.ia64.rpm 70335ca898f7b4a529d5647d4632b98b sendmail-debuginfo-8.12.11-4.RHEL3.6.ia64.rpm e53590cf99870456690bdf85dba472b0 sendmail-devel-8.12.11-4.RHEL3.6.ia64.rpm e0dbb14d868b603490688b75f7fbe4bf sendmail-doc-8.12.11-4.RHEL3.5.ia64.rpm ppc: c2aac053243efd7d78ec0326199f9c7d sendmail-8.12.11-4.RHEL3.6.ppc.rpm d705a256166bf283698c6f3ec9ae0383 sendmail-cf-8.12.11-4.RHEL3.6.ppc.rpm 66cb74fa2096ca93866058ddf32bde5b sendmail-debuginfo-8.12.11-4.RHEL3.6.ppc.rpm 97a56ed8bd1307c678da81e1326a7acc sendmail-devel-8.12.11-4.RHEL3.6.ppc.rpm f06f06ccf99ff851d9c8c9edf2902245 sendmail-doc-8.12.11-4.RHEL3.5.ppc.rpm s390: e361c16c7c0a691cb3b319b64c040b3e sendmail-8.12.11-4.RHEL3.6.s390.rpm 6386f37dd02b5c891fc82a1c95763811 sendmail-cf-8.12.11-4.RHEL3.6.s390.rpm aee9d1b626eed04b2eb8bba5a046a29b sendmail-debuginfo-8.12.11-4.RHEL3.6.s390.rpm 59447fee5b24f73c45376bad72465168 sendmail-devel-8.12.11-4.RHEL3.6.s390.rpm 545ae9ee6cc96a201d462a05acaeb2f0 sendmail-doc-8.12.11-4.RHEL3.5.s390.rpm s390x: 52cef3a786bd372e2f461848ab8f2109 sendmail-8.12.11-4.RHEL3.6.s390x.rpm 72df70d8685a6ad7b3bc5ed49d40e0e8 sendmail-cf-8.12.11-4.RHEL3.6.s390x.rpm 70f579e2ce832d953c3938c78ccd1d1c sendmail-debuginfo-8.12.11-4.RHEL3.6.s390x.rpm cb8ab05cb3233776d0784e5a765c3dea sendmail-devel-8.12.11-4.RHEL3.6.s390x.rpm bf444260db68819d2f59adf19a7ee15c sendmail-doc-8.12.11-4.RHEL3.5.s390x.rpm x86_64: dbdb84ce40186d065f36287126c0e607 sendmail-8.12.11-4.RHEL3.6.x86_64.rpm feb1a9ac19c57bf7f5ce1ed4006d8a7f sendmail-cf-8.12.11-4.RHEL3.6.x86_64.rpm b51e9b366f5b8c2a0ca61080f7125160 sendmail-debuginfo-8.12.11-4.RHEL3.6.x86_64.rpm 91c85dac16a21b326107864137ce1851 sendmail-devel-8.12.11-4.RHEL3.6.x86_64.rpm 8bc89f9c07182c1e9edb25730eb40c4a sendmail-doc-8.12.11-4.RHEL3.5.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.6.src.rpm 56e56bc18449573537f9a840bcd80edd sendmail-8.12.11-4.RHEL3.6.src.rpm i386: 3ff8e78f4d0d82037e6980b86bb5fc45 sendmail-8.12.11-4.RHEL3.6.i386.rpm 4e4088675e76dee6f234f84070c798db sendmail-cf-8.12.11-4.RHEL3.6.i386.rpm 97a9ef4d4723be8fc0c46f939b513dbe sendmail-debuginfo-8.12.11-4.RHEL3.6.i386.rpm ec57128bd02ff7c63f9c97dacfbcbcc5 sendmail-devel-8.12.11-4.RHEL3.6.i386.rpm c14599455866418ae9cf9b9c7685dc37 sendmail-doc-8.12.11-4.RHEL3.5.i386.rpm x86_64: dbdb84ce40186d065f36287126c0e607 sendmail-8.12.11-4.RHEL3.6.x86_64.rpm feb1a9ac19c57bf7f5ce1ed4006d8a7f sendmail-cf-8.12.11-4.RHEL3.6.x86_64.rpm b51e9b366f5b8c2a0ca61080f7125160 sendmail-debuginfo-8.12.11-4.RHEL3.6.x86_64.rpm 91c85dac16a21b326107864137ce1851 sendmail-devel-8.12.11-4.RHEL3.6.x86_64.rpm 8bc89f9c07182c1e9edb25730eb40c4a sendmail-doc-8.12.11-4.RHEL3.5.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.6.src.rpm 56e56bc18449573537f9a840bcd80edd sendmail-8.12.11-4.RHEL3.6.src.rpm i386: 3ff8e78f4d0d82037e6980b86bb5fc45 sendmail-8.12.11-4.RHEL3.6.i386.rpm 4e4088675e76dee6f234f84070c798db sendmail-cf-8.12.11-4.RHEL3.6.i386.rpm 97a9ef4d4723be8fc0c46f939b513dbe sendmail-debuginfo-8.12.11-4.RHEL3.6.i386.rpm ec57128bd02ff7c63f9c97dacfbcbcc5 sendmail-devel-8.12.11-4.RHEL3.6.i386.rpm c14599455866418ae9cf9b9c7685dc37 sendmail-doc-8.12.11-4.RHEL3.5.i386.rpm ia64: 3e5888671c01b60810b8f0c4c14d2b62 sendmail-8.12.11-4.RHEL3.6.ia64.rpm 02a4adbc238b3e6de9829cca545819c8 sendmail-cf-8.12.11-4.RHEL3.6.ia64.rpm 70335ca898f7b4a529d5647d4632b98b sendmail-debuginfo-8.12.11-4.RHEL3.6.ia64.rpm e53590cf99870456690bdf85dba472b0 sendmail-devel-8.12.11-4.RHEL3.6.ia64.rpm e0dbb14d868b603490688b75f7fbe4bf sendmail-doc-8.12.11-4.RHEL3.5.ia64.rpm x86_64: dbdb84ce40186d065f36287126c0e607 sendmail-8.12.11-4.RHEL3.6.x86_64.rpm feb1a9ac19c57bf7f5ce1ed4006d8a7f sendmail-cf-8.12.11-4.RHEL3.6.x86_64.rpm b51e9b366f5b8c2a0ca61080f7125160 sendmail-debuginfo-8.12.11-4.RHEL3.6.x86_64.rpm 91c85dac16a21b326107864137ce1851 sendmail-devel-8.12.11-4.RHEL3.6.x86_64.rpm 8bc89f9c07182c1e9edb25730eb40c4a sendmail-doc-8.12.11-4.RHEL3.5.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.6.src.rpm 56e56bc18449573537f9a840bcd80edd sendmail-8.12.11-4.RHEL3.6.src.rpm i386: 3ff8e78f4d0d82037e6980b86bb5fc45 sendmail-8.12.11-4.RHEL3.6.i386.rpm 4e4088675e76dee6f234f84070c798db sendmail-cf-8.12.11-4.RHEL3.6.i386.rpm 97a9ef4d4723be8fc0c46f939b513dbe sendmail-debuginfo-8.12.11-4.RHEL3.6.i386.rpm ec57128bd02ff7c63f9c97dacfbcbcc5 sendmail-devel-8.12.11-4.RHEL3.6.i386.rpm c14599455866418ae9cf9b9c7685dc37 sendmail-doc-8.12.11-4.RHEL3.5.i386.rpm ia64: 3e5888671c01b60810b8f0c4c14d2b62 sendmail-8.12.11-4.RHEL3.6.ia64.rpm 02a4adbc238b3e6de9829cca545819c8 sendmail-cf-8.12.11-4.RHEL3.6.ia64.rpm 70335ca898f7b4a529d5647d4632b98b sendmail-debuginfo-8.12.11-4.RHEL3.6.ia64.rpm e53590cf99870456690bdf85dba472b0 sendmail-devel-8.12.11-4.RHEL3.6.ia64.rpm e0dbb14d868b603490688b75f7fbe4bf sendmail-doc-8.12.11-4.RHEL3.5.ia64.rpm x86_64: dbdb84ce40186d065f36287126c0e607 sendmail-8.12.11-4.RHEL3.6.x86_64.rpm feb1a9ac19c57bf7f5ce1ed4006d8a7f sendmail-cf-8.12.11-4.RHEL3.6.x86_64.rpm b51e9b366f5b8c2a0ca61080f7125160 sendmail-debuginfo-8.12.11-4.RHEL3.6.x86_64.rpm 91c85dac16a21b326107864137ce1851 sendmail-devel-8.12.11-4.RHEL3.6.x86_64.rpm 8bc89f9c07182c1e9edb25730eb40c4a sendmail-doc-8.12.11-4.RHEL3.5.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.5.src.rpm 13be3b8f1e32ada145cb3f13b32c109d sendmail-8.13.1-3.RHEL4.5.src.rpm i386: bb833733e1c2eff71451f1204aef9bd3 sendmail-8.13.1-3.RHEL4.5.i386.rpm 18470cac0766b616e4714a3aff61f6e9 sendmail-cf-8.13.1-3.RHEL4.5.i386.rpm f4d0c15734805cfd31ce08024d5543f9 sendmail-debuginfo-8.13.1-3.RHEL4.5.i386.rpm 47d3c594dafd3d436ea4c907cc824994 sendmail-devel-8.13.1-3.RHEL4.5.i386.rpm e065e052e47cacbb8ef3208ee863b944 sendmail-doc-8.13.1-3.RHEL4.5.i386.rpm ia64: fd784194c19791ecc3431af797597d67 sendmail-8.13.1-3.RHEL4.5.ia64.rpm 16598c3ec2d43b6b2ec43cda6cc04f93 sendmail-cf-8.13.1-3.RHEL4.5.ia64.rpm 46d073b9a4a02fbcaabedb97dc85bfd8 sendmail-debuginfo-8.13.1-3.RHEL4.5.ia64.rpm 3e6b9ab4ebad907b19df0d825f2f84a5 sendmail-devel-8.13.1-3.RHEL4.5.ia64.rpm c164fd25fc349eaea5a9c7500c1e7cf3 sendmail-doc-8.13.1-3.RHEL4.5.ia64.rpm ppc: 673df65e9394fe9b8cc53f0b1180000c sendmail-8.13.1-3.RHEL4.5.ppc.rpm 685b38e668cbb993f188f260d9bcf84c sendmail-cf-8.13.1-3.RHEL4.5.ppc.rpm b54f98829aaf45ea8d5cdb9236312b3a sendmail-debuginfo-8.13.1-3.RHEL4.5.ppc.rpm 0ec20b02e462527ad4f1269f93fd37af sendmail-devel-8.13.1-3.RHEL4.5.ppc.rpm 61f29bfd52713bc8fc2ab81c42887fcd sendmail-doc-8.13.1-3.RHEL4.5.ppc.rpm s390: a1e5fd8aaac47105919653d657d7547b sendmail-8.13.1-3.RHEL4.5.s390.rpm 5c1d08378a3f89bc48646bc5c1c66a53 sendmail-cf-8.13.1-3.RHEL4.5.s390.rpm d0a260b6eeef02c4f5441b0096933765 sendmail-debuginfo-8.13.1-3.RHEL4.5.s390.rpm 37a4a2558db9ee621b16519b556376ba sendmail-devel-8.13.1-3.RHEL4.5.s390.rpm a15a17a091ff88a044203ea01cff1aee sendmail-doc-8.13.1-3.RHEL4.5.s390.rpm s390x: 27ce1d323b5bbfbb727443c6eea2f1ff sendmail-8.13.1-3.RHEL4.5.s390x.rpm dceeb91fb892d036faaf5e085f3168b8 sendmail-cf-8.13.1-3.RHEL4.5.s390x.rpm efdd192f50bc7995062b3594e3485867 sendmail-debuginfo-8.13.1-3.RHEL4.5.s390x.rpm 93af2958fbafadc6eb22172e11a09005 sendmail-devel-8.13.1-3.RHEL4.5.s390x.rpm 483a35c70e26aecb57a8f9b2f7263b2e sendmail-doc-8.13.1-3.RHEL4.5.s390x.rpm x86_64: 1fad7c5a8d65637beef88a615f4b7af2 sendmail-8.13.1-3.RHEL4.5.x86_64.rpm 0eb433d9aa23b37a507fd573e3481ad1 sendmail-cf-8.13.1-3.RHEL4.5.x86_64.rpm 022f308a92113cf261c6144f712a3153 sendmail-debuginfo-8.13.1-3.RHEL4.5.x86_64.rpm b68234b4f9ab562773b72f171e3bb9f4 sendmail-devel-8.13.1-3.RHEL4.5.x86_64.rpm d338610c6eac08b048045052d55ba44b sendmail-doc-8.13.1-3.RHEL4.5.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.5.src.rpm 13be3b8f1e32ada145cb3f13b32c109d sendmail-8.13.1-3.RHEL4.5.src.rpm i386: bb833733e1c2eff71451f1204aef9bd3 sendmail-8.13.1-3.RHEL4.5.i386.rpm 18470cac0766b616e4714a3aff61f6e9 sendmail-cf-8.13.1-3.RHEL4.5.i386.rpm f4d0c15734805cfd31ce08024d5543f9 sendmail-debuginfo-8.13.1-3.RHEL4.5.i386.rpm 47d3c594dafd3d436ea4c907cc824994 sendmail-devel-8.13.1-3.RHEL4.5.i386.rpm e065e052e47cacbb8ef3208ee863b944 sendmail-doc-8.13.1-3.RHEL4.5.i386.rpm x86_64: 1fad7c5a8d65637beef88a615f4b7af2 sendmail-8.13.1-3.RHEL4.5.x86_64.rpm 0eb433d9aa23b37a507fd573e3481ad1 sendmail-cf-8.13.1-3.RHEL4.5.x86_64.rpm 022f308a92113cf261c6144f712a3153 sendmail-debuginfo-8.13.1-3.RHEL4.5.x86_64.rpm b68234b4f9ab562773b72f171e3bb9f4 sendmail-devel-8.13.1-3.RHEL4.5.x86_64.rpm d338610c6eac08b048045052d55ba44b sendmail-doc-8.13.1-3.RHEL4.5.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.5.src.rpm 13be3b8f1e32ada145cb3f13b32c109d sendmail-8.13.1-3.RHEL4.5.src.rpm i386: bb833733e1c2eff71451f1204aef9bd3 sendmail-8.13.1-3.RHEL4.5.i386.rpm 18470cac0766b616e4714a3aff61f6e9 sendmail-cf-8.13.1-3.RHEL4.5.i386.rpm f4d0c15734805cfd31ce08024d5543f9 sendmail-debuginfo-8.13.1-3.RHEL4.5.i386.rpm 47d3c594dafd3d436ea4c907cc824994 sendmail-devel-8.13.1-3.RHEL4.5.i386.rpm e065e052e47cacbb8ef3208ee863b944 sendmail-doc-8.13.1-3.RHEL4.5.i386.rpm ia64: fd784194c19791ecc3431af797597d67 sendmail-8.13.1-3.RHEL4.5.ia64.rpm 16598c3ec2d43b6b2ec43cda6cc04f93 sendmail-cf-8.13.1-3.RHEL4.5.ia64.rpm 46d073b9a4a02fbcaabedb97dc85bfd8 sendmail-debuginfo-8.13.1-3.RHEL4.5.ia64.rpm 3e6b9ab4ebad907b19df0d825f2f84a5 sendmail-devel-8.13.1-3.RHEL4.5.ia64.rpm c164fd25fc349eaea5a9c7500c1e7cf3 sendmail-doc-8.13.1-3.RHEL4.5.ia64.rpm x86_64: 1fad7c5a8d65637beef88a615f4b7af2 sendmail-8.13.1-3.RHEL4.5.x86_64.rpm 0eb433d9aa23b37a507fd573e3481ad1 sendmail-cf-8.13.1-3.RHEL4.5.x86_64.rpm 022f308a92113cf261c6144f712a3153 sendmail-debuginfo-8.13.1-3.RHEL4.5.x86_64.rpm b68234b4f9ab562773b72f171e3bb9f4 sendmail-devel-8.13.1-3.RHEL4.5.x86_64.rpm d338610c6eac08b048045052d55ba44b sendmail-doc-8.13.1-3.RHEL4.5.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.5.src.rpm 13be3b8f1e32ada145cb3f13b32c109d sendmail-8.13.1-3.RHEL4.5.src.rpm i386: bb833733e1c2eff71451f1204aef9bd3 sendmail-8.13.1-3.RHEL4.5.i386.rpm 18470cac0766b616e4714a3aff61f6e9 sendmail-cf-8.13.1-3.RHEL4.5.i386.rpm f4d0c15734805cfd31ce08024d5543f9 sendmail-debuginfo-8.13.1-3.RHEL4.5.i386.rpm 47d3c594dafd3d436ea4c907cc824994 sendmail-devel-8.13.1-3.RHEL4.5.i386.rpm e065e052e47cacbb8ef3208ee863b944 sendmail-doc-8.13.1-3.RHEL4.5.i386.rpm ia64: fd784194c19791ecc3431af797597d67 sendmail-8.13.1-3.RHEL4.5.ia64.rpm 16598c3ec2d43b6b2ec43cda6cc04f93 sendmail-cf-8.13.1-3.RHEL4.5.ia64.rpm 46d073b9a4a02fbcaabedb97dc85bfd8 sendmail-debuginfo-8.13.1-3.RHEL4.5.ia64.rpm 3e6b9ab4ebad907b19df0d825f2f84a5 sendmail-devel-8.13.1-3.RHEL4.5.ia64.rpm c164fd25fc349eaea5a9c7500c1e7cf3 sendmail-doc-8.13.1-3.RHEL4.5.ia64.rpm x86_64: 1fad7c5a8d65637beef88a615f4b7af2 sendmail-8.13.1-3.RHEL4.5.x86_64.rpm 0eb433d9aa23b37a507fd573e3481ad1 sendmail-cf-8.13.1-3.RHEL4.5.x86_64.rpm 022f308a92113cf261c6144f712a3153 sendmail-debuginfo-8.13.1-3.RHEL4.5.x86_64.rpm b68234b4f9ab562773b72f171e3bb9f4 sendmail-devel-8.13.1-3.RHEL4.5.x86_64.rpm d338610c6eac08b048045052d55ba44b sendmail-doc-8.13.1-3.RHEL4.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173 http://www.kb.cert.org/vuls/id/146718 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFEkGAfXlSAg2UNWIIRArG9AKC/UgFZNdOwtwS766FMpHkpyMSpIACgmrSi uENqQY8OG3JMfdlmNKyFWA0= =8yQQ -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Jun 14 19:17:12 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Jun 2006 15:17:12 -0400 Subject: [RHSA-2006:0548-01] Important: kdebase security update Message-ID: <200606141917.k5EJHCot013145@porkchop.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kdebase security update Advisory ID: RHSA-2006:0548-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0548.html Issue date: 2006-06-14 Updated on: 2006-06-14 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-2449 - --------------------------------------------------------------------- 1. Summary: Updated kdebase packages that correct a security flaw in kdm are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The kdebase packages provide the core applications for KDE, the K Desktop Environment. These core packages include the KDE Display Manager (KDM). Ludwig Nussel discovered a flaw in KDM. A malicious local KDM user could use a symlink attack to read an arbitrary file that they would not normally have permissions to read. (CVE-2006-2449) Note: this issue does not affect the version of KDM as shipped with Red Hat Enterprise Linux 2.1 or 3. All users of KDM should upgrade to these updated packages which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 194581 - CVE-2006-2449 kdm file disclosure 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdebase-3.3.1-5.12.src.rpm 493652aa8e8c177a5413507b2575f8c0 kdebase-3.3.1-5.12.src.rpm i386: 783d1f963e34f1e33bd25f708b399b99 kdebase-3.3.1-5.12.i386.rpm 8319443be1a529314c9504c01734f98d kdebase-debuginfo-3.3.1-5.12.i386.rpm 904d168f890da4f21508fe358d146b17 kdebase-devel-3.3.1-5.12.i386.rpm ia64: 783d1f963e34f1e33bd25f708b399b99 kdebase-3.3.1-5.12.i386.rpm 417c771330db7cc80278219112daa6cd kdebase-3.3.1-5.12.ia64.rpm 8319443be1a529314c9504c01734f98d kdebase-debuginfo-3.3.1-5.12.i386.rpm f1c24e1c5f5f150a32810d15a27913a7 kdebase-debuginfo-3.3.1-5.12.ia64.rpm 59ad6330dfa63d0eac17e250a976eb3c kdebase-devel-3.3.1-5.12.ia64.rpm ppc: a5a61abe832e7bb9c124ad13b87ca1a9 kdebase-3.3.1-5.12.ppc.rpm 23318ff73eaf52c1f578a01b4d939a02 kdebase-3.3.1-5.12.ppc64.rpm f29dd5ab38f6869c29b16feedb930472 kdebase-debuginfo-3.3.1-5.12.ppc.rpm a6d574e895d3b7ac406721098ac7a955 kdebase-debuginfo-3.3.1-5.12.ppc64.rpm 3ed13abbd6dcdb4e22f2cc7f3c95e508 kdebase-devel-3.3.1-5.12.ppc.rpm s390: 5d985202e89698cadb2fa5543538ec44 kdebase-3.3.1-5.12.s390.rpm d64e34563848842451c21e900a8ed935 kdebase-debuginfo-3.3.1-5.12.s390.rpm cf5021dbd08326f5b7880b98e4fd2d22 kdebase-devel-3.3.1-5.12.s390.rpm s390x: 5d985202e89698cadb2fa5543538ec44 kdebase-3.3.1-5.12.s390.rpm fd7276e1c85fd2d14c1c2fa84a5c2958 kdebase-3.3.1-5.12.s390x.rpm d64e34563848842451c21e900a8ed935 kdebase-debuginfo-3.3.1-5.12.s390.rpm 070f47437154e8e1fa1eae4134ecf144 kdebase-debuginfo-3.3.1-5.12.s390x.rpm bb4347afbfd01e4a24acbf68579eb45c kdebase-devel-3.3.1-5.12.s390x.rpm x86_64: 783d1f963e34f1e33bd25f708b399b99 kdebase-3.3.1-5.12.i386.rpm 12750a61fe65ddd1ecd7ab903bd0bc1a kdebase-3.3.1-5.12.x86_64.rpm 8319443be1a529314c9504c01734f98d kdebase-debuginfo-3.3.1-5.12.i386.rpm a48f6d22deb71555ac2829e626020363 kdebase-debuginfo-3.3.1-5.12.x86_64.rpm e73c2b102519b66cbd03d612c1bdcef3 kdebase-devel-3.3.1-5.12.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdebase-3.3.1-5.12.src.rpm 493652aa8e8c177a5413507b2575f8c0 kdebase-3.3.1-5.12.src.rpm i386: 783d1f963e34f1e33bd25f708b399b99 kdebase-3.3.1-5.12.i386.rpm 8319443be1a529314c9504c01734f98d kdebase-debuginfo-3.3.1-5.12.i386.rpm 904d168f890da4f21508fe358d146b17 kdebase-devel-3.3.1-5.12.i386.rpm x86_64: 783d1f963e34f1e33bd25f708b399b99 kdebase-3.3.1-5.12.i386.rpm 12750a61fe65ddd1ecd7ab903bd0bc1a kdebase-3.3.1-5.12.x86_64.rpm 8319443be1a529314c9504c01734f98d kdebase-debuginfo-3.3.1-5.12.i386.rpm a48f6d22deb71555ac2829e626020363 kdebase-debuginfo-3.3.1-5.12.x86_64.rpm e73c2b102519b66cbd03d612c1bdcef3 kdebase-devel-3.3.1-5.12.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdebase-3.3.1-5.12.src.rpm 493652aa8e8c177a5413507b2575f8c0 kdebase-3.3.1-5.12.src.rpm i386: 783d1f963e34f1e33bd25f708b399b99 kdebase-3.3.1-5.12.i386.rpm 8319443be1a529314c9504c01734f98d kdebase-debuginfo-3.3.1-5.12.i386.rpm 904d168f890da4f21508fe358d146b17 kdebase-devel-3.3.1-5.12.i386.rpm ia64: 783d1f963e34f1e33bd25f708b399b99 kdebase-3.3.1-5.12.i386.rpm 417c771330db7cc80278219112daa6cd kdebase-3.3.1-5.12.ia64.rpm 8319443be1a529314c9504c01734f98d kdebase-debuginfo-3.3.1-5.12.i386.rpm f1c24e1c5f5f150a32810d15a27913a7 kdebase-debuginfo-3.3.1-5.12.ia64.rpm 59ad6330dfa63d0eac17e250a976eb3c kdebase-devel-3.3.1-5.12.ia64.rpm x86_64: 783d1f963e34f1e33bd25f708b399b99 kdebase-3.3.1-5.12.i386.rpm 12750a61fe65ddd1ecd7ab903bd0bc1a kdebase-3.3.1-5.12.x86_64.rpm 8319443be1a529314c9504c01734f98d kdebase-debuginfo-3.3.1-5.12.i386.rpm a48f6d22deb71555ac2829e626020363 kdebase-debuginfo-3.3.1-5.12.x86_64.rpm e73c2b102519b66cbd03d612c1bdcef3 kdebase-devel-3.3.1-5.12.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdebase-3.3.1-5.12.src.rpm 493652aa8e8c177a5413507b2575f8c0 kdebase-3.3.1-5.12.src.rpm i386: 783d1f963e34f1e33bd25f708b399b99 kdebase-3.3.1-5.12.i386.rpm 8319443be1a529314c9504c01734f98d kdebase-debuginfo-3.3.1-5.12.i386.rpm 904d168f890da4f21508fe358d146b17 kdebase-devel-3.3.1-5.12.i386.rpm ia64: 783d1f963e34f1e33bd25f708b399b99 kdebase-3.3.1-5.12.i386.rpm 417c771330db7cc80278219112daa6cd kdebase-3.3.1-5.12.ia64.rpm 8319443be1a529314c9504c01734f98d kdebase-debuginfo-3.3.1-5.12.i386.rpm f1c24e1c5f5f150a32810d15a27913a7 kdebase-debuginfo-3.3.1-5.12.ia64.rpm 59ad6330dfa63d0eac17e250a976eb3c kdebase-devel-3.3.1-5.12.ia64.rpm x86_64: 783d1f963e34f1e33bd25f708b399b99 kdebase-3.3.1-5.12.i386.rpm 12750a61fe65ddd1ecd7ab903bd0bc1a kdebase-3.3.1-5.12.x86_64.rpm 8319443be1a529314c9504c01734f98d kdebase-debuginfo-3.3.1-5.12.i386.rpm a48f6d22deb71555ac2829e626020363 kdebase-debuginfo-3.3.1-5.12.x86_64.rpm e73c2b102519b66cbd03d612c1bdcef3 kdebase-devel-3.3.1-5.12.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449 http://www.kde.org/info/security/advisory-20060615-1.txt http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFEkGCUXlSAg2UNWIIRAgB3AJ92+9kfJbgMcSAfHTAqKsHct0QCdQCcDrfu rZLBNJhSGVgly8gHmq07fTU= =xtBa -----END PGP SIGNATURE-----