From bugzilla at redhat.com Mon Dec 3 15:38:08 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Dec 2007 10:38:08 -0500 Subject: [RHSA-2007:1049-01] Important: kernel security and bug fix update Message-ID: <200712031538.lB3Fc8ro013087@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2007:1049-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1049.html Issue date: 2007-12-03 Updated on: 2007-12-03 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-2172 CVE-2007-3848 CVE-2006-4538 CVE-2007-3739 CVE-2007-4308 - --------------------------------------------------------------------- 1. Summary: Updated kernel packages that fix several security issues and a bug in the Red Hat Enterprise Linux 3 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling. (CVE-2007-3848, Important) A flaw was found in the IPv4 forwarding base. This allowed a local user to cause a denial of service. (CVE-2007-2172, Important) A flaw was found where a corrupted executable file could cause cross-region memory mappings on Itanium systems. This allowed a local user to cause a denial of service. (CVE-2006-4538, Moderate) A flaw was found in the stack expansion when using the hugetlb kernel on PowerPC systems. This allowed a local user to cause a denial of service. (CVE-2007-3739, Moderate) A flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver that should be restricted to privileged users. (CVE-2007-4308, Moderate) As well, these updated packages fix the following bug: * a bug in the TCP header prediction code may have caused "TCP: Treason uncloaked!" messages to be logged. In certain situations this may have lead to TCP connections hanging or aborting. Red Hat Enterprise Linux 3 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 249237 - IPV4 'Treason uncloaked' message - hints at a more general kernel/net bug 250429 - CVE-2007-2172 fib_semantics.c out of bounds access vulnerability 250972 - CVE-2007-3848 Privilege escalation via PR_SET_PDEATHSIG 252309 - CVE-2007-4308 Missing ioctl() permission checks in aacraid driver 289151 - CVE-2006-4538 Local DoS with corrupted ELF 294941 - CVE-2007-3739 LTC36188-Don't allow the stack to grow into hugetlb reserved regions 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-53.EL.src.rpm f6b14b96032c8e6ef0b6bf0ceb50f658 kernel-2.4.21-53.EL.src.rpm i386: 5ed3ebaa27fe3523e6287afe9da778df kernel-2.4.21-53.EL.athlon.rpm aaaa37a37c4d9d50f85c3d33ea75c2d5 kernel-2.4.21-53.EL.i686.rpm c750ed31d9402c48bb0831443947b1b3 kernel-BOOT-2.4.21-53.EL.i386.rpm 958895eee3ffc86db1744b59b18b2ed4 kernel-debuginfo-2.4.21-53.EL.athlon.rpm 6da92dd3c05cdef87a3afe85cf76ffcf kernel-debuginfo-2.4.21-53.EL.i386.rpm c7cc1996634c81fe969dfd6f1c228bd2 kernel-debuginfo-2.4.21-53.EL.i686.rpm 2ca9bf21f2bbbf0bcbcb2501ca972f4e kernel-doc-2.4.21-53.EL.i386.rpm c3e41830403b446d494e0fcb0668ffb6 kernel-hugemem-2.4.21-53.EL.i686.rpm 125a006ee18d4a5afc652547252f77b4 kernel-hugemem-unsupported-2.4.21-53.EL.i686.rpm b6966cff1cca0a9b4c53f7ac8bc7c8ec kernel-smp-2.4.21-53.EL.athlon.rpm 874b032f5f12e35a66842966dfe615fc kernel-smp-2.4.21-53.EL.i686.rpm e1f6b9b5f82534206d68de57173cebc7 kernel-smp-unsupported-2.4.21-53.EL.athlon.rpm 7ee65541e62b6e76a0f0c8c8ffacfe7b kernel-smp-unsupported-2.4.21-53.EL.i686.rpm 25eb44031ca51e13c3518cbfa5d14868 kernel-source-2.4.21-53.EL.i386.rpm 38292e5677afeca19eff46011643b687 kernel-unsupported-2.4.21-53.EL.athlon.rpm 8e81ce663a85ccdb323ae10be861965e kernel-unsupported-2.4.21-53.EL.i686.rpm ia64: 58ce57bce8a0f72f8239b4412ec5f0d0 kernel-2.4.21-53.EL.ia64.rpm 3da16c323c512d3c6aca21db7e50a35c kernel-debuginfo-2.4.21-53.EL.ia64.rpm 85811f0f247d9bb01e1b823de7fb429b kernel-doc-2.4.21-53.EL.ia64.rpm dcc30f9dd34cf5c7666d71b2fae6d975 kernel-source-2.4.21-53.EL.ia64.rpm 66e70d213977984f6a3f189a74ad0963 kernel-unsupported-2.4.21-53.EL.ia64.rpm ppc: 82bba5f9f376ee007a6354df6af87778 kernel-2.4.21-53.EL.ppc64iseries.rpm dcb788cdc164cb2c51e462734d8ffeca kernel-2.4.21-53.EL.ppc64pseries.rpm 4afa2676f02b6121e450f1dc2df4e263 kernel-debuginfo-2.4.21-53.EL.ppc64.rpm b68f959c2976aa66f3ff3e32e8ba4faa kernel-debuginfo-2.4.21-53.EL.ppc64iseries.rpm 0d7766cf63a102296ca82ea788546a15 kernel-debuginfo-2.4.21-53.EL.ppc64pseries.rpm 1447344d9ebee027257d495c074b244e kernel-doc-2.4.21-53.EL.ppc64.rpm fb387166670d7fd1f1ca034d6bbfc371 kernel-source-2.4.21-53.EL.ppc64.rpm a2e26fe734de4d356d68dbdd08c64548 kernel-unsupported-2.4.21-53.EL.ppc64iseries.rpm 53fa6a0d16093346fac2db9f490cbc87 kernel-unsupported-2.4.21-53.EL.ppc64pseries.rpm s390: 7651727c8b05c762c4efae0a224f92c3 kernel-2.4.21-53.EL.s390.rpm d513754b73947f7b8601668d3c88c5d3 kernel-debuginfo-2.4.21-53.EL.s390.rpm 93fc7baca88bb36556780aaf66416f90 kernel-doc-2.4.21-53.EL.s390.rpm 21a066b295363b8e22d671603e1ab5dd kernel-source-2.4.21-53.EL.s390.rpm 8d1da2180806c3654af48587948a5994 kernel-unsupported-2.4.21-53.EL.s390.rpm s390x: 795d3ac785caab9befd45edb9f98f787 kernel-2.4.21-53.EL.s390x.rpm 04e28c359ab663a936d48ace4d83cd39 kernel-debuginfo-2.4.21-53.EL.s390x.rpm bbe1dcab582e792a3200ff69557cf7bf kernel-doc-2.4.21-53.EL.s390x.rpm cc0f24530dd8b0adf53378f702107e71 kernel-source-2.4.21-53.EL.s390x.rpm e710ac2b4a5263884f7f63ace4c402a8 kernel-unsupported-2.4.21-53.EL.s390x.rpm x86_64: 22267331e595689b6b7c6ddbc92b3e66 kernel-2.4.21-53.EL.ia32e.rpm 66cdd20c8c8059e92593b2acdbb1357d kernel-2.4.21-53.EL.x86_64.rpm 6899921e5b7d613eb378d62adb0fdfb6 kernel-debuginfo-2.4.21-53.EL.ia32e.rpm cfc8f90e4c202958d99c4a76df0055ce kernel-debuginfo-2.4.21-53.EL.x86_64.rpm 4e281964dadc7aa8afcf7364102cf8d6 kernel-doc-2.4.21-53.EL.x86_64.rpm 65ef6c81fad4acbff6a4626888e49c6c kernel-smp-2.4.21-53.EL.x86_64.rpm 0f8c0fd98410071fafa0b892c22a075b kernel-smp-unsupported-2.4.21-53.EL.x86_64.rpm bf9539cde0b3e4a42c95e2302c2568aa kernel-source-2.4.21-53.EL.x86_64.rpm 595d8cee6a98e3813fb29a3eaa3a51f4 kernel-unsupported-2.4.21-53.EL.ia32e.rpm bc60307faf9dd46e819e0e67cb9bbf2d kernel-unsupported-2.4.21-53.EL.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-53.EL.src.rpm f6b14b96032c8e6ef0b6bf0ceb50f658 kernel-2.4.21-53.EL.src.rpm i386: 5ed3ebaa27fe3523e6287afe9da778df kernel-2.4.21-53.EL.athlon.rpm aaaa37a37c4d9d50f85c3d33ea75c2d5 kernel-2.4.21-53.EL.i686.rpm c750ed31d9402c48bb0831443947b1b3 kernel-BOOT-2.4.21-53.EL.i386.rpm 958895eee3ffc86db1744b59b18b2ed4 kernel-debuginfo-2.4.21-53.EL.athlon.rpm 6da92dd3c05cdef87a3afe85cf76ffcf kernel-debuginfo-2.4.21-53.EL.i386.rpm c7cc1996634c81fe969dfd6f1c228bd2 kernel-debuginfo-2.4.21-53.EL.i686.rpm 2ca9bf21f2bbbf0bcbcb2501ca972f4e kernel-doc-2.4.21-53.EL.i386.rpm c3e41830403b446d494e0fcb0668ffb6 kernel-hugemem-2.4.21-53.EL.i686.rpm 125a006ee18d4a5afc652547252f77b4 kernel-hugemem-unsupported-2.4.21-53.EL.i686.rpm b6966cff1cca0a9b4c53f7ac8bc7c8ec kernel-smp-2.4.21-53.EL.athlon.rpm 874b032f5f12e35a66842966dfe615fc kernel-smp-2.4.21-53.EL.i686.rpm e1f6b9b5f82534206d68de57173cebc7 kernel-smp-unsupported-2.4.21-53.EL.athlon.rpm 7ee65541e62b6e76a0f0c8c8ffacfe7b kernel-smp-unsupported-2.4.21-53.EL.i686.rpm 25eb44031ca51e13c3518cbfa5d14868 kernel-source-2.4.21-53.EL.i386.rpm 38292e5677afeca19eff46011643b687 kernel-unsupported-2.4.21-53.EL.athlon.rpm 8e81ce663a85ccdb323ae10be861965e kernel-unsupported-2.4.21-53.EL.i686.rpm x86_64: 22267331e595689b6b7c6ddbc92b3e66 kernel-2.4.21-53.EL.ia32e.rpm 66cdd20c8c8059e92593b2acdbb1357d kernel-2.4.21-53.EL.x86_64.rpm 6899921e5b7d613eb378d62adb0fdfb6 kernel-debuginfo-2.4.21-53.EL.ia32e.rpm cfc8f90e4c202958d99c4a76df0055ce kernel-debuginfo-2.4.21-53.EL.x86_64.rpm 4e281964dadc7aa8afcf7364102cf8d6 kernel-doc-2.4.21-53.EL.x86_64.rpm 65ef6c81fad4acbff6a4626888e49c6c kernel-smp-2.4.21-53.EL.x86_64.rpm 0f8c0fd98410071fafa0b892c22a075b kernel-smp-unsupported-2.4.21-53.EL.x86_64.rpm bf9539cde0b3e4a42c95e2302c2568aa kernel-source-2.4.21-53.EL.x86_64.rpm 595d8cee6a98e3813fb29a3eaa3a51f4 kernel-unsupported-2.4.21-53.EL.ia32e.rpm bc60307faf9dd46e819e0e67cb9bbf2d kernel-unsupported-2.4.21-53.EL.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-53.EL.src.rpm f6b14b96032c8e6ef0b6bf0ceb50f658 kernel-2.4.21-53.EL.src.rpm i386: 5ed3ebaa27fe3523e6287afe9da778df kernel-2.4.21-53.EL.athlon.rpm aaaa37a37c4d9d50f85c3d33ea75c2d5 kernel-2.4.21-53.EL.i686.rpm c750ed31d9402c48bb0831443947b1b3 kernel-BOOT-2.4.21-53.EL.i386.rpm 958895eee3ffc86db1744b59b18b2ed4 kernel-debuginfo-2.4.21-53.EL.athlon.rpm 6da92dd3c05cdef87a3afe85cf76ffcf kernel-debuginfo-2.4.21-53.EL.i386.rpm c7cc1996634c81fe969dfd6f1c228bd2 kernel-debuginfo-2.4.21-53.EL.i686.rpm 2ca9bf21f2bbbf0bcbcb2501ca972f4e kernel-doc-2.4.21-53.EL.i386.rpm c3e41830403b446d494e0fcb0668ffb6 kernel-hugemem-2.4.21-53.EL.i686.rpm 125a006ee18d4a5afc652547252f77b4 kernel-hugemem-unsupported-2.4.21-53.EL.i686.rpm b6966cff1cca0a9b4c53f7ac8bc7c8ec kernel-smp-2.4.21-53.EL.athlon.rpm 874b032f5f12e35a66842966dfe615fc kernel-smp-2.4.21-53.EL.i686.rpm e1f6b9b5f82534206d68de57173cebc7 kernel-smp-unsupported-2.4.21-53.EL.athlon.rpm 7ee65541e62b6e76a0f0c8c8ffacfe7b kernel-smp-unsupported-2.4.21-53.EL.i686.rpm 25eb44031ca51e13c3518cbfa5d14868 kernel-source-2.4.21-53.EL.i386.rpm 38292e5677afeca19eff46011643b687 kernel-unsupported-2.4.21-53.EL.athlon.rpm 8e81ce663a85ccdb323ae10be861965e kernel-unsupported-2.4.21-53.EL.i686.rpm ia64: 58ce57bce8a0f72f8239b4412ec5f0d0 kernel-2.4.21-53.EL.ia64.rpm 3da16c323c512d3c6aca21db7e50a35c kernel-debuginfo-2.4.21-53.EL.ia64.rpm 85811f0f247d9bb01e1b823de7fb429b kernel-doc-2.4.21-53.EL.ia64.rpm dcc30f9dd34cf5c7666d71b2fae6d975 kernel-source-2.4.21-53.EL.ia64.rpm 66e70d213977984f6a3f189a74ad0963 kernel-unsupported-2.4.21-53.EL.ia64.rpm x86_64: 22267331e595689b6b7c6ddbc92b3e66 kernel-2.4.21-53.EL.ia32e.rpm 66cdd20c8c8059e92593b2acdbb1357d kernel-2.4.21-53.EL.x86_64.rpm 6899921e5b7d613eb378d62adb0fdfb6 kernel-debuginfo-2.4.21-53.EL.ia32e.rpm cfc8f90e4c202958d99c4a76df0055ce kernel-debuginfo-2.4.21-53.EL.x86_64.rpm 4e281964dadc7aa8afcf7364102cf8d6 kernel-doc-2.4.21-53.EL.x86_64.rpm 65ef6c81fad4acbff6a4626888e49c6c kernel-smp-2.4.21-53.EL.x86_64.rpm 0f8c0fd98410071fafa0b892c22a075b kernel-smp-unsupported-2.4.21-53.EL.x86_64.rpm bf9539cde0b3e4a42c95e2302c2568aa kernel-source-2.4.21-53.EL.x86_64.rpm 595d8cee6a98e3813fb29a3eaa3a51f4 kernel-unsupported-2.4.21-53.EL.ia32e.rpm bc60307faf9dd46e819e0e67cb9bbf2d kernel-unsupported-2.4.21-53.EL.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-53.EL.src.rpm f6b14b96032c8e6ef0b6bf0ceb50f658 kernel-2.4.21-53.EL.src.rpm i386: 5ed3ebaa27fe3523e6287afe9da778df kernel-2.4.21-53.EL.athlon.rpm aaaa37a37c4d9d50f85c3d33ea75c2d5 kernel-2.4.21-53.EL.i686.rpm c750ed31d9402c48bb0831443947b1b3 kernel-BOOT-2.4.21-53.EL.i386.rpm 958895eee3ffc86db1744b59b18b2ed4 kernel-debuginfo-2.4.21-53.EL.athlon.rpm 6da92dd3c05cdef87a3afe85cf76ffcf kernel-debuginfo-2.4.21-53.EL.i386.rpm c7cc1996634c81fe969dfd6f1c228bd2 kernel-debuginfo-2.4.21-53.EL.i686.rpm 2ca9bf21f2bbbf0bcbcb2501ca972f4e kernel-doc-2.4.21-53.EL.i386.rpm c3e41830403b446d494e0fcb0668ffb6 kernel-hugemem-2.4.21-53.EL.i686.rpm 125a006ee18d4a5afc652547252f77b4 kernel-hugemem-unsupported-2.4.21-53.EL.i686.rpm b6966cff1cca0a9b4c53f7ac8bc7c8ec kernel-smp-2.4.21-53.EL.athlon.rpm 874b032f5f12e35a66842966dfe615fc kernel-smp-2.4.21-53.EL.i686.rpm e1f6b9b5f82534206d68de57173cebc7 kernel-smp-unsupported-2.4.21-53.EL.athlon.rpm 7ee65541e62b6e76a0f0c8c8ffacfe7b kernel-smp-unsupported-2.4.21-53.EL.i686.rpm 25eb44031ca51e13c3518cbfa5d14868 kernel-source-2.4.21-53.EL.i386.rpm 38292e5677afeca19eff46011643b687 kernel-unsupported-2.4.21-53.EL.athlon.rpm 8e81ce663a85ccdb323ae10be861965e kernel-unsupported-2.4.21-53.EL.i686.rpm ia64: 58ce57bce8a0f72f8239b4412ec5f0d0 kernel-2.4.21-53.EL.ia64.rpm 3da16c323c512d3c6aca21db7e50a35c kernel-debuginfo-2.4.21-53.EL.ia64.rpm 85811f0f247d9bb01e1b823de7fb429b kernel-doc-2.4.21-53.EL.ia64.rpm dcc30f9dd34cf5c7666d71b2fae6d975 kernel-source-2.4.21-53.EL.ia64.rpm 66e70d213977984f6a3f189a74ad0963 kernel-unsupported-2.4.21-53.EL.ia64.rpm x86_64: 22267331e595689b6b7c6ddbc92b3e66 kernel-2.4.21-53.EL.ia32e.rpm 66cdd20c8c8059e92593b2acdbb1357d kernel-2.4.21-53.EL.x86_64.rpm 6899921e5b7d613eb378d62adb0fdfb6 kernel-debuginfo-2.4.21-53.EL.ia32e.rpm cfc8f90e4c202958d99c4a76df0055ce kernel-debuginfo-2.4.21-53.EL.x86_64.rpm 4e281964dadc7aa8afcf7364102cf8d6 kernel-doc-2.4.21-53.EL.x86_64.rpm 65ef6c81fad4acbff6a4626888e49c6c kernel-smp-2.4.21-53.EL.x86_64.rpm 0f8c0fd98410071fafa0b892c22a075b kernel-smp-unsupported-2.4.21-53.EL.x86_64.rpm bf9539cde0b3e4a42c95e2302c2568aa kernel-source-2.4.21-53.EL.x86_64.rpm 595d8cee6a98e3813fb29a3eaa3a51f4 kernel-unsupported-2.4.21-53.EL.ia32e.rpm bc60307faf9dd46e819e0e67cb9bbf2d kernel-unsupported-2.4.21-53.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name= http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4538 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3739 http://cve.mitre.org/cgi-bin/cvename.cgi?name= http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4308 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHVCLdXlSAg2UNWIIRArWGAJ9cq2/UtXFTLJENT+XXaMy7GQJXcACghuqK bMaRlCFgjP/F0CTi828wOhw= =53Xo -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 3 15:48:41 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 3 Dec 2007 10:48:41 -0500 Subject: [RHSA-2007:1095-01] Moderate: htdig security update Message-ID: <200712031548.lB3FmfLP014899@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: htdig security update Advisory ID: RHSA-2007:1095-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1095.html Issue date: 2007-12-03 Updated on: 2007-12-03 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-6110 - --------------------------------------------------------------------- 1. Summary: Updated htdig packages that resolve a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: The ht://Dig system is a complete World Wide Web indexing and searching system for a small domain or intranet. A cross-site scripting flaw was discovered in a htdig search page. An attacker could construct a carefully crafted URL, which once visited by an unsuspecting user, could cause a user's Web browser to execute malicious script in the context of the visited htdig search Web page. (CVE-2007-6110) Users of htdig are advised to upgrade to these updated packages, which contain backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 399561 - CVE-2007-6110 htdig htsearch XSS vulnerability 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/htdig-3.2.0b6-4.el4_6.src.rpm da98d8dfeea252f3970e81a7e120ac5c htdig-3.2.0b6-4.el4_6.src.rpm i386: 72213d098b97f44c998fb6e23fb9e457 htdig-3.2.0b6-4.el4_6.i386.rpm 21f08bd8417523a71393ab0ebf59c732 htdig-debuginfo-3.2.0b6-4.el4_6.i386.rpm 474e7f333c8d034c8694707695141645 htdig-web-3.2.0b6-4.el4_6.i386.rpm ia64: b04ec2235312dc8b3558c75d2afa92dc htdig-3.2.0b6-4.el4_6.ia64.rpm e1a11c942291ab8b0e5b0715214767e6 htdig-debuginfo-3.2.0b6-4.el4_6.ia64.rpm 17ce8f1c662a0afc393146f46aee53d9 htdig-web-3.2.0b6-4.el4_6.ia64.rpm ppc: 869cb51f3cdb285524d670c709e2a09f htdig-3.2.0b6-4.el4_6.ppc.rpm 34ea57699ea0d740a7eb3fa83e71aa7d htdig-debuginfo-3.2.0b6-4.el4_6.ppc.rpm 455c3345b5fb1f485e7330e7e20463a3 htdig-web-3.2.0b6-4.el4_6.ppc.rpm s390: 1985d5c661d5cd431fd0a8a7fcf31989 htdig-3.2.0b6-4.el4_6.s390.rpm 19bd3238c6675402edcf2eac2faa861f htdig-debuginfo-3.2.0b6-4.el4_6.s390.rpm 7bdc5aa5361bd1bc423ffff3477024f8 htdig-web-3.2.0b6-4.el4_6.s390.rpm s390x: 5e2b7d6dbe5e48e76c7e9435b24a10c4 htdig-3.2.0b6-4.el4_6.s390x.rpm 01d8a507bc811d306c1bd0f63ff416e6 htdig-debuginfo-3.2.0b6-4.el4_6.s390x.rpm 0e783d736547810277c5bb9854fd69ac htdig-web-3.2.0b6-4.el4_6.s390x.rpm x86_64: 8ac0056031b94ab4a7e70fff903ae276 htdig-3.2.0b6-4.el4_6.x86_64.rpm 8e6606d37e29b5f664a8a34427bc9a31 htdig-debuginfo-3.2.0b6-4.el4_6.x86_64.rpm 01fd44996ad52b0c4f007bf8d5e98220 htdig-web-3.2.0b6-4.el4_6.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/htdig-3.2.0b6-4.el4_6.src.rpm da98d8dfeea252f3970e81a7e120ac5c htdig-3.2.0b6-4.el4_6.src.rpm i386: 72213d098b97f44c998fb6e23fb9e457 htdig-3.2.0b6-4.el4_6.i386.rpm 21f08bd8417523a71393ab0ebf59c732 htdig-debuginfo-3.2.0b6-4.el4_6.i386.rpm 474e7f333c8d034c8694707695141645 htdig-web-3.2.0b6-4.el4_6.i386.rpm x86_64: 8ac0056031b94ab4a7e70fff903ae276 htdig-3.2.0b6-4.el4_6.x86_64.rpm 8e6606d37e29b5f664a8a34427bc9a31 htdig-debuginfo-3.2.0b6-4.el4_6.x86_64.rpm 01fd44996ad52b0c4f007bf8d5e98220 htdig-web-3.2.0b6-4.el4_6.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/htdig-3.2.0b6-4.el4_6.src.rpm da98d8dfeea252f3970e81a7e120ac5c htdig-3.2.0b6-4.el4_6.src.rpm i386: 72213d098b97f44c998fb6e23fb9e457 htdig-3.2.0b6-4.el4_6.i386.rpm 21f08bd8417523a71393ab0ebf59c732 htdig-debuginfo-3.2.0b6-4.el4_6.i386.rpm 474e7f333c8d034c8694707695141645 htdig-web-3.2.0b6-4.el4_6.i386.rpm ia64: b04ec2235312dc8b3558c75d2afa92dc htdig-3.2.0b6-4.el4_6.ia64.rpm e1a11c942291ab8b0e5b0715214767e6 htdig-debuginfo-3.2.0b6-4.el4_6.ia64.rpm 17ce8f1c662a0afc393146f46aee53d9 htdig-web-3.2.0b6-4.el4_6.ia64.rpm x86_64: 8ac0056031b94ab4a7e70fff903ae276 htdig-3.2.0b6-4.el4_6.x86_64.rpm 8e6606d37e29b5f664a8a34427bc9a31 htdig-debuginfo-3.2.0b6-4.el4_6.x86_64.rpm 01fd44996ad52b0c4f007bf8d5e98220 htdig-web-3.2.0b6-4.el4_6.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/htdig-3.2.0b6-4.el4_6.src.rpm da98d8dfeea252f3970e81a7e120ac5c htdig-3.2.0b6-4.el4_6.src.rpm i386: 72213d098b97f44c998fb6e23fb9e457 htdig-3.2.0b6-4.el4_6.i386.rpm 21f08bd8417523a71393ab0ebf59c732 htdig-debuginfo-3.2.0b6-4.el4_6.i386.rpm 474e7f333c8d034c8694707695141645 htdig-web-3.2.0b6-4.el4_6.i386.rpm ia64: b04ec2235312dc8b3558c75d2afa92dc htdig-3.2.0b6-4.el4_6.ia64.rpm e1a11c942291ab8b0e5b0715214767e6 htdig-debuginfo-3.2.0b6-4.el4_6.ia64.rpm 17ce8f1c662a0afc393146f46aee53d9 htdig-web-3.2.0b6-4.el4_6.ia64.rpm x86_64: 8ac0056031b94ab4a7e70fff903ae276 htdig-3.2.0b6-4.el4_6.x86_64.rpm 8e6606d37e29b5f664a8a34427bc9a31 htdig-debuginfo-3.2.0b6-4.el4_6.x86_64.rpm 01fd44996ad52b0c4f007bf8d5e98220 htdig-web-3.2.0b6-4.el4_6.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/htdig-3.2.0b6-9.0.1.el5_1.src.rpm 6fb7a2b9503cb113ee8e487ab2b8807f htdig-3.2.0b6-9.0.1.el5_1.src.rpm i386: ac3f6f528f6cfb5f64201d3e49d8bbb4 htdig-3.2.0b6-9.0.1.el5_1.i386.rpm b47148da0ff0d487c130cb87d3560acf htdig-debuginfo-3.2.0b6-9.0.1.el5_1.i386.rpm x86_64: 8eddaa8a12f404ce14ea4588ee4e4b3b htdig-3.2.0b6-9.0.1.el5_1.x86_64.rpm b3c8d3baf149903e0e8038bfb1c54f48 htdig-debuginfo-3.2.0b6-9.0.1.el5_1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/htdig-3.2.0b6-9.0.1.el5_1.src.rpm 6fb7a2b9503cb113ee8e487ab2b8807f htdig-3.2.0b6-9.0.1.el5_1.src.rpm i386: b47148da0ff0d487c130cb87d3560acf htdig-debuginfo-3.2.0b6-9.0.1.el5_1.i386.rpm aefa60c107dfcc2d0c8d0b33c630ca20 htdig-web-3.2.0b6-9.0.1.el5_1.i386.rpm x86_64: b3c8d3baf149903e0e8038bfb1c54f48 htdig-debuginfo-3.2.0b6-9.0.1.el5_1.x86_64.rpm 96781f707fa53abab3c5d21a42dac088 htdig-web-3.2.0b6-9.0.1.el5_1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/htdig-3.2.0b6-9.0.1.el5_1.src.rpm 6fb7a2b9503cb113ee8e487ab2b8807f htdig-3.2.0b6-9.0.1.el5_1.src.rpm i386: ac3f6f528f6cfb5f64201d3e49d8bbb4 htdig-3.2.0b6-9.0.1.el5_1.i386.rpm b47148da0ff0d487c130cb87d3560acf htdig-debuginfo-3.2.0b6-9.0.1.el5_1.i386.rpm aefa60c107dfcc2d0c8d0b33c630ca20 htdig-web-3.2.0b6-9.0.1.el5_1.i386.rpm ia64: f57e46687f0d15873845de89150adf91 htdig-3.2.0b6-9.0.1.el5_1.ia64.rpm b676295a0285e014d42f4c6b59efb447 htdig-debuginfo-3.2.0b6-9.0.1.el5_1.ia64.rpm a9b7aca74782dbe539fb10f8e693f878 htdig-web-3.2.0b6-9.0.1.el5_1.ia64.rpm ppc: 4f680df4472a686244522cdba9db032e htdig-3.2.0b6-9.0.1.el5_1.ppc.rpm dec195e497ece003c8415010c0691e60 htdig-debuginfo-3.2.0b6-9.0.1.el5_1.ppc.rpm 1b7d0c503366d10bf6ab5a8f36a7fbab htdig-web-3.2.0b6-9.0.1.el5_1.ppc.rpm s390x: 4a2b460e0e83827631644c92d6b2f9cc htdig-3.2.0b6-9.0.1.el5_1.s390x.rpm f6ea7f4f0c1a545fbeb3541626adb3e0 htdig-debuginfo-3.2.0b6-9.0.1.el5_1.s390x.rpm 0295ecf635676b1970e9df3cd1991b0a htdig-web-3.2.0b6-9.0.1.el5_1.s390x.rpm x86_64: 8eddaa8a12f404ce14ea4588ee4e4b3b htdig-3.2.0b6-9.0.1.el5_1.x86_64.rpm b3c8d3baf149903e0e8038bfb1c54f48 htdig-debuginfo-3.2.0b6-9.0.1.el5_1.x86_64.rpm 96781f707fa53abab3c5d21a42dac088 htdig-web-3.2.0b6-9.0.1.el5_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6110 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHVCVWXlSAg2UNWIIRAmz1AJwNEXI2eSRiueGcZ/HNSdt3d19GbgCfWHcH rFV5X0Nz1LWI7+/2j/GTpLI= =SeDT -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 5 14:36:28 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 5 Dec 2007 09:36:28 -0500 Subject: [RHSA-2007:1048-01] Moderate: openoffice.org, hsqldb security update Message-ID: <200712051436.lB5EaSn6001209@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: openoffice.org, hsqldb security update Advisory ID: RHSA-2007:1048-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1048.html Issue date: 2007-12-05 Updated on: 2007-12-05 Product: Red Hat Enterprise Linux CVE Names: CVE-2003-0845 CVE-2007-4575 - --------------------------------------------------------------------- 1. Summary: Updated openoffice.org and hsqldb packages that fix security flaws are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Problem description: OpenOffice.org is an office productivity suite. HSQLDB is a Java relational database engine used by OpenOffice.org Base. It was discovered that HSQLDB could allow the execution of arbitrary public static Java methods. A carefully crafted odb file opened in OpenOffice.org Base could execute arbitrary commands with the permissions of the user running OpenOffice.org. (CVE-2007-4575) It was discovered that HSQLDB did not have a password set on the 'sa' user. If HSQLDB has been configured as a service, a remote attacker who could connect to the HSQLDB port (tcp 9001) could execute arbitrary SQL commands. (CVE-2003-0845) Note that in Red Hat Enterprise Linux 5, HSQLDB is not enabled as a service by default, and needs manual configuration in order to work as a service. Users of OpenOffice.org or HSQLDB should update to these errata packages which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 299801 - CVE-2007-4575 OpenOffice.org-base allows Denial-of-Service and command injection 409891 - CVE-2003-0845 JBoss HSQLDB component remote command injection 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/hsqldb-1.8.0.4-3jpp.6.src.rpm 81ee1dc43ff5c1bb457f002ca9985efd hsqldb-1.8.0.4-3jpp.6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openoffice.org-2.0.4-5.4.25.src.rpm 83bfa789f9fa11159a8f8a8ab2adc7e8 openoffice.org-2.0.4-5.4.25.src.rpm i386: 11b726b5c1d0bd906306b13d9b9de57f hsqldb-1.8.0.4-3jpp.6.i386.rpm 5a6d27339928de3c6c2d26b2116f1cce hsqldb-debuginfo-1.8.0.4-3jpp.6.i386.rpm 5bcdae1c27c70b644a5101895b4dd119 hsqldb-demo-1.8.0.4-3jpp.6.i386.rpm 5c2718d73ea0f1d7177d116ecc599021 hsqldb-javadoc-1.8.0.4-3jpp.6.i386.rpm 9d2bcbb0476e2a4bc5125cd84a2fb534 hsqldb-manual-1.8.0.4-3jpp.6.i386.rpm 5451f3d927a43887c1ab298b608b2ec9 openoffice.org-base-2.0.4-5.4.25.i386.rpm 53f38bb52bf822e7f846bb1c2926332c openoffice.org-calc-2.0.4-5.4.25.i386.rpm 833bbb493b5f27a6efb3f0ad0eddb25f openoffice.org-core-2.0.4-5.4.25.i386.rpm b5f62479c9d1610e25eaf528f47d8821 openoffice.org-debuginfo-2.0.4-5.4.25.i386.rpm 1a828386ce770024e6adb1bf0b57eb38 openoffice.org-draw-2.0.4-5.4.25.i386.rpm 000c917b75463789db71a961d45be2b7 openoffice.org-emailmerge-2.0.4-5.4.25.i386.rpm ce25a1bfe5ab3ca130eaba0c7d9a09a5 openoffice.org-graphicfilter-2.0.4-5.4.25.i386.rpm 3ba7e2efaeb5ebbf59a53a327f39b7dd openoffice.org-impress-2.0.4-5.4.25.i386.rpm 1b16521aaccb43fde4d4b6da5a83a68b openoffice.org-javafilter-2.0.4-5.4.25.i386.rpm 0f76d969b4e3e8ddc7aa61d7f1f90638 openoffice.org-langpack-af_ZA-2.0.4-5.4.25.i386.rpm 0e91e3fe107651a9e30dc7290c8e8794 openoffice.org-langpack-ar-2.0.4-5.4.25.i386.rpm e39b4bce9451db83852e577a6cc1aba2 openoffice.org-langpack-as_IN-2.0.4-5.4.25.i386.rpm 058c7491fb77c9e9dcb8e60b76694016 openoffice.org-langpack-bg_BG-2.0.4-5.4.25.i386.rpm 59a31ba42636246bf2b44637107d63bd openoffice.org-langpack-bn-2.0.4-5.4.25.i386.rpm 730385094657d4577c8f7091297be30a openoffice.org-langpack-ca_ES-2.0.4-5.4.25.i386.rpm 794726adc03547f57927f3bf024d83e9 openoffice.org-langpack-cs_CZ-2.0.4-5.4.25.i386.rpm 43fffd3c6ff5a0695ae51f9a651d4d89 openoffice.org-langpack-cy_GB-2.0.4-5.4.25.i386.rpm 705e4cdff02e3770c45d4939edf56a53 openoffice.org-langpack-da_DK-2.0.4-5.4.25.i386.rpm b966102c1ea53de7b1e73443b4579460 openoffice.org-langpack-de-2.0.4-5.4.25.i386.rpm 5352ca0b717518b20055b3be43a0e530 openoffice.org-langpack-el_GR-2.0.4-5.4.25.i386.rpm 86fd25ff3f732948eb75152d26670aae openoffice.org-langpack-es-2.0.4-5.4.25.i386.rpm 8ba35e0b053a35a0ca0a34f4145a0e3e openoffice.org-langpack-et_EE-2.0.4-5.4.25.i386.rpm 9220357c3d70c1e2696efdab84acad8c openoffice.org-langpack-eu_ES-2.0.4-5.4.25.i386.rpm a76f2cfdf444df1616b854ae0485a0c1 openoffice.org-langpack-fi_FI-2.0.4-5.4.25.i386.rpm 27625df10c5df5211f8f49e1f717f5c2 openoffice.org-langpack-fr-2.0.4-5.4.25.i386.rpm 3e6f4056b52189b984dc116d2525d3a0 openoffice.org-langpack-ga_IE-2.0.4-5.4.25.i386.rpm 50c4bbf494717b94272200b2469e3ac6 openoffice.org-langpack-gl_ES-2.0.4-5.4.25.i386.rpm 40fe0889f0ab4b8731b1509727e5aaac openoffice.org-langpack-gu_IN-2.0.4-5.4.25.i386.rpm 89a77f54f993979e912a725248e6dc80 openoffice.org-langpack-he_IL-2.0.4-5.4.25.i386.rpm cb210b2ba9ef1803c5effb5b77d20e03 openoffice.org-langpack-hi_IN-2.0.4-5.4.25.i386.rpm a04acc495e2ce15664a65f0ee25a3f1a openoffice.org-langpack-hr_HR-2.0.4-5.4.25.i386.rpm 69359a93deedda961d1b57cd8cc7ce02 openoffice.org-langpack-hu_HU-2.0.4-5.4.25.i386.rpm baaf517663450e6be2f3c4b1c9f268d3 openoffice.org-langpack-it-2.0.4-5.4.25.i386.rpm d34e69b8affdc07e3492034828ac0586 openoffice.org-langpack-ja_JP-2.0.4-5.4.25.i386.rpm b014ae58991cf4acf06ca269fb6a7dbc openoffice.org-langpack-kn_IN-2.0.4-5.4.25.i386.rpm 670ee7c5d6384601feecfb9671f05709 openoffice.org-langpack-ko_KR-2.0.4-5.4.25.i386.rpm 0b19cb7cb05df6b532f6bc7680212f41 openoffice.org-langpack-lt_LT-2.0.4-5.4.25.i386.rpm 9b4ae06054b70b317b497764a72e7f5e openoffice.org-langpack-ml_IN-2.0.4-5.4.25.i386.rpm 1f340ed8045c84749cb76ed710fa272e openoffice.org-langpack-mr_IN-2.0.4-5.4.25.i386.rpm 0b36478f2363607002171c52e21f879d openoffice.org-langpack-ms_MY-2.0.4-5.4.25.i386.rpm 20af3f723b68056581c832bb5c1c987d openoffice.org-langpack-nb_NO-2.0.4-5.4.25.i386.rpm d1dc8662e1774bad8c23703bed4f890c openoffice.org-langpack-nl-2.0.4-5.4.25.i386.rpm 97354ba11f55becde90a7cd33a2d1ad5 openoffice.org-langpack-nn_NO-2.0.4-5.4.25.i386.rpm bea9716aa7d8bf33ba9bad01a3daa896 openoffice.org-langpack-nr_ZA-2.0.4-5.4.25.i386.rpm 34ae027c37ec1b47780f8e8046baedbf openoffice.org-langpack-nso_ZA-2.0.4-5.4.25.i386.rpm 39fce5bee85db7b7372b4b0056621188 openoffice.org-langpack-or_IN-2.0.4-5.4.25.i386.rpm 63b4b8632b7537668f4a60877f2c7d4b openoffice.org-langpack-pa_IN-2.0.4-5.4.25.i386.rpm a76aaa8e87d2b7ac27ad05448c6f5da8 openoffice.org-langpack-pl_PL-2.0.4-5.4.25.i386.rpm 5678ff389b17b3fe50331890c727e231 openoffice.org-langpack-pt_BR-2.0.4-5.4.25.i386.rpm efca5df20fb77d1b2df096ea35b21831 openoffice.org-langpack-pt_PT-2.0.4-5.4.25.i386.rpm 17889dbbe5ad4a7e91072e042c31ed87 openoffice.org-langpack-ru-2.0.4-5.4.25.i386.rpm fbae69ce9428e4ea7672a92fde8806bc openoffice.org-langpack-sk_SK-2.0.4-5.4.25.i386.rpm 8dd90d9bd73f753349078d33904a3c73 openoffice.org-langpack-sl_SI-2.0.4-5.4.25.i386.rpm 51863ca85f329c5bd51c39e2d27d6eab openoffice.org-langpack-sr_CS-2.0.4-5.4.25.i386.rpm 3ba3cf27a870a9a6b286ba74740d852f openoffice.org-langpack-ss_ZA-2.0.4-5.4.25.i386.rpm ca88185b8c5efe009be060cb9cbda453 openoffice.org-langpack-st_ZA-2.0.4-5.4.25.i386.rpm 42b99679f1fb544ff6505a843713ddf3 openoffice.org-langpack-sv-2.0.4-5.4.25.i386.rpm ad3cf26601edbb8bfc8ad6372f89e6f0 openoffice.org-langpack-ta_IN-2.0.4-5.4.25.i386.rpm 7ac7d501f185dc73aed7b80671394f05 openoffice.org-langpack-te_IN-2.0.4-5.4.25.i386.rpm 1d31d5e2bbcc2f6262a5ab5764b639e0 openoffice.org-langpack-th_TH-2.0.4-5.4.25.i386.rpm 6f3afbdaf5912a51d3c506c7350c4657 openoffice.org-langpack-tn_ZA-2.0.4-5.4.25.i386.rpm 72ceb6a82979befb0cdd0fa9667ab719 openoffice.org-langpack-tr_TR-2.0.4-5.4.25.i386.rpm 9dc097b2843dbab37f516cfea4b2bcde openoffice.org-langpack-ts_ZA-2.0.4-5.4.25.i386.rpm f020736645dbcf63228d67f8548c25f7 openoffice.org-langpack-ur-2.0.4-5.4.25.i386.rpm 36b759cd4e20563ac121a134c855d7e9 openoffice.org-langpack-ve_ZA-2.0.4-5.4.25.i386.rpm a1d66c84d4cd6b93fd9f48a20b3a6e76 openoffice.org-langpack-xh_ZA-2.0.4-5.4.25.i386.rpm 26aee64711df54c49af139e259b6d824 openoffice.org-langpack-zh_CN-2.0.4-5.4.25.i386.rpm 919f099bd2fc1555b022904e7dc9dff0 openoffice.org-langpack-zh_TW-2.0.4-5.4.25.i386.rpm 476131feef795972a2980f89391f3ff9 openoffice.org-langpack-zu_ZA-2.0.4-5.4.25.i386.rpm e3de81fce3da1dc20f54a5e4267fccba openoffice.org-math-2.0.4-5.4.25.i386.rpm ef239c9f2fbe1c72534acab11b32024f openoffice.org-pyuno-2.0.4-5.4.25.i386.rpm f0672bab7b28a4069f49d3753c13f8d3 openoffice.org-testtools-2.0.4-5.4.25.i386.rpm aef0a4f3a6f1e3c234b9948c11efcacb openoffice.org-writer-2.0.4-5.4.25.i386.rpm 79408f03298ecdb39b6ef4d5317902f1 openoffice.org-xsltfilter-2.0.4-5.4.25.i386.rpm x86_64: 9c54d7a9650462205d56fbba25fbc7ac hsqldb-1.8.0.4-3jpp.6.x86_64.rpm fad92192c54ae3c8b6ba118449cfebf0 hsqldb-debuginfo-1.8.0.4-3jpp.6.x86_64.rpm a9e60d1057a01644939fb5b0d725bd61 hsqldb-demo-1.8.0.4-3jpp.6.x86_64.rpm 7fad1a11b5ca9e04caf69aeaa08778ed hsqldb-javadoc-1.8.0.4-3jpp.6.x86_64.rpm b327c3c0e7b320ca98effd5b2646193c hsqldb-manual-1.8.0.4-3jpp.6.x86_64.rpm 2cb041161968935071dd270b973b2faf openoffice.org-base-2.0.4-5.4.25.x86_64.rpm 9f034a101b0f74084543aab3c217d9ef openoffice.org-calc-2.0.4-5.4.25.x86_64.rpm e2f685a9fbeecc78637f725a95d09628 openoffice.org-core-2.0.4-5.4.25.x86_64.rpm bc217d7e42948fb706d4cc7ddb92650f openoffice.org-debuginfo-2.0.4-5.4.25.x86_64.rpm 2306f2cf7fe2a9b616d4a45a8fb28d7c openoffice.org-draw-2.0.4-5.4.25.x86_64.rpm 841e3f35a331005c7e4dd0bdf1a8d2c2 openoffice.org-emailmerge-2.0.4-5.4.25.x86_64.rpm 11aa157170b642f6f637fac18264ece7 openoffice.org-graphicfilter-2.0.4-5.4.25.x86_64.rpm e44aba22925fc9525085fc0a3b9e26e7 openoffice.org-impress-2.0.4-5.4.25.x86_64.rpm cbae1b4ed2a7eaf652c492e218c6e817 openoffice.org-javafilter-2.0.4-5.4.25.x86_64.rpm 8700253aa991797f8c57c6d0d0061737 openoffice.org-langpack-af_ZA-2.0.4-5.4.25.x86_64.rpm 19635af6ca1cebfdc61d8863891313fe openoffice.org-langpack-ar-2.0.4-5.4.25.x86_64.rpm 476e9c96221af02610aeec60d65bacf8 openoffice.org-langpack-as_IN-2.0.4-5.4.25.x86_64.rpm 0fafcdb3f403b02f3d5fc6c85e86e807 openoffice.org-langpack-bg_BG-2.0.4-5.4.25.x86_64.rpm 73066b5e5925353c40958c23f521daf5 openoffice.org-langpack-bn-2.0.4-5.4.25.x86_64.rpm 9bc1527412f1d5beafac2fce569b8bd9 openoffice.org-langpack-ca_ES-2.0.4-5.4.25.x86_64.rpm e6eccf64d92ab3883e59102762d2451d openoffice.org-langpack-cs_CZ-2.0.4-5.4.25.x86_64.rpm b7b006ee70589bcb5e576a7f9ab3c35a openoffice.org-langpack-cy_GB-2.0.4-5.4.25.x86_64.rpm 033a622e0362692895b42445ab648ef9 openoffice.org-langpack-da_DK-2.0.4-5.4.25.x86_64.rpm 2f1e908bcd03714b48b4eab9c7817d6b openoffice.org-langpack-de-2.0.4-5.4.25.x86_64.rpm 75d43764f858209e53eb47c46aafe125 openoffice.org-langpack-el_GR-2.0.4-5.4.25.x86_64.rpm f68d5cbccdad8502ce5cb02eab3c0bc1 openoffice.org-langpack-es-2.0.4-5.4.25.x86_64.rpm beaee11fee07a306d56e0f1be9abb7ab openoffice.org-langpack-et_EE-2.0.4-5.4.25.x86_64.rpm 2fe2489386cb196cad4db20aca190dfd openoffice.org-langpack-eu_ES-2.0.4-5.4.25.x86_64.rpm 81aac28ffa25abcd01d724d9fc7b5069 openoffice.org-langpack-fi_FI-2.0.4-5.4.25.x86_64.rpm d30aba5ec21ce7c4fde84754599ea5ef openoffice.org-langpack-fr-2.0.4-5.4.25.x86_64.rpm 1262f5abae73b47f60d246aa83ab4fbc openoffice.org-langpack-ga_IE-2.0.4-5.4.25.x86_64.rpm 25f72973339c4e2d7d5018352000881f openoffice.org-langpack-gl_ES-2.0.4-5.4.25.x86_64.rpm 1f525b44f31dbdb716d5155930b45439 openoffice.org-langpack-gu_IN-2.0.4-5.4.25.x86_64.rpm dd03c75deeb21cc2417f83039b4b8b50 openoffice.org-langpack-he_IL-2.0.4-5.4.25.x86_64.rpm 7fbf65ad50fc71afc8b652e1a18ac9f3 openoffice.org-langpack-hi_IN-2.0.4-5.4.25.x86_64.rpm 3c19ead61c8055e5772fc90e17a583d2 openoffice.org-langpack-hr_HR-2.0.4-5.4.25.x86_64.rpm 6a5c4789e8dd0032c9d492d59e5bbc11 openoffice.org-langpack-hu_HU-2.0.4-5.4.25.x86_64.rpm 12721dc9cfe54881bd32b7e9ad02f79c openoffice.org-langpack-it-2.0.4-5.4.25.x86_64.rpm 862eb55dedad989c8eaa6d302437d90e openoffice.org-langpack-ja_JP-2.0.4-5.4.25.x86_64.rpm af5f35be42de0d1d5e734cb630c2aa32 openoffice.org-langpack-kn_IN-2.0.4-5.4.25.x86_64.rpm d4fe8971277ee9cdca0b4bebfea7f9ee openoffice.org-langpack-ko_KR-2.0.4-5.4.25.x86_64.rpm b9c888fe7c532446fe63b897a621f368 openoffice.org-langpack-lt_LT-2.0.4-5.4.25.x86_64.rpm 06bb78aa9904f5fae3292f0870edcf7c openoffice.org-langpack-ml_IN-2.0.4-5.4.25.x86_64.rpm 22bcdf60c2a493c13d1b87a9cbdd70d5 openoffice.org-langpack-mr_IN-2.0.4-5.4.25.x86_64.rpm 34aa44bc21120a080fea07c69a0240d8 openoffice.org-langpack-ms_MY-2.0.4-5.4.25.x86_64.rpm fe928d3af21e079271bf9bcbc236c70d openoffice.org-langpack-nb_NO-2.0.4-5.4.25.x86_64.rpm 35858270fbf9dfa682b6c54812de990d openoffice.org-langpack-nl-2.0.4-5.4.25.x86_64.rpm f9c7c3d708852301af0292f5cdc60421 openoffice.org-langpack-nn_NO-2.0.4-5.4.25.x86_64.rpm 3d0a254b86131369ef9bf46ba93ceeba openoffice.org-langpack-nr_ZA-2.0.4-5.4.25.x86_64.rpm d4fe3380f4b9ced0261f8e9ab54d3185 openoffice.org-langpack-nso_ZA-2.0.4-5.4.25.x86_64.rpm 99ba8ab2f653ee08f533a01c63a6ba02 openoffice.org-langpack-or_IN-2.0.4-5.4.25.x86_64.rpm 02cf0b57ab9125e7a938fd0664057e99 openoffice.org-langpack-pa_IN-2.0.4-5.4.25.x86_64.rpm 4dd65d6f9e248349b8275b102ae5cd82 openoffice.org-langpack-pl_PL-2.0.4-5.4.25.x86_64.rpm 8104c9e45586832c8f73114ec5055008 openoffice.org-langpack-pt_BR-2.0.4-5.4.25.x86_64.rpm 17ea822f30d51c6e00124c42b0cf9406 openoffice.org-langpack-pt_PT-2.0.4-5.4.25.x86_64.rpm 9c99e6135ecb2ac385b3ca928764168b openoffice.org-langpack-ru-2.0.4-5.4.25.x86_64.rpm 55b077d209eaa0047d90006ee6bd5e4d openoffice.org-langpack-sk_SK-2.0.4-5.4.25.x86_64.rpm c63553aa679d8bf1e3a2e1857caba5c4 openoffice.org-langpack-sl_SI-2.0.4-5.4.25.x86_64.rpm e2ae21545e6f485bd590b8518ba60961 openoffice.org-langpack-sr_CS-2.0.4-5.4.25.x86_64.rpm 640a683eaa345c682c4fd9cfec6357f2 openoffice.org-langpack-ss_ZA-2.0.4-5.4.25.x86_64.rpm 54b54b54994841fab8fb8d51164255eb openoffice.org-langpack-st_ZA-2.0.4-5.4.25.x86_64.rpm ef90edbaa39f07fd53c02bbced4ea994 openoffice.org-langpack-sv-2.0.4-5.4.25.x86_64.rpm 720f611ef548b4495e716f1bf7662c88 openoffice.org-langpack-ta_IN-2.0.4-5.4.25.x86_64.rpm 217c3e142960c74b33632a83577991d0 openoffice.org-langpack-te_IN-2.0.4-5.4.25.x86_64.rpm 6f037e4f0a1415ddc7cbd1b047054cd1 openoffice.org-langpack-th_TH-2.0.4-5.4.25.x86_64.rpm 3d1bea28b0088cc0fc9357a097f0490d openoffice.org-langpack-tn_ZA-2.0.4-5.4.25.x86_64.rpm a7b1aafc105b50c232e1ed5f8384cafa openoffice.org-langpack-tr_TR-2.0.4-5.4.25.x86_64.rpm e4c0edf8011d6060e4e9ae8b87a678b3 openoffice.org-langpack-ts_ZA-2.0.4-5.4.25.x86_64.rpm 10319f9b433b3cca5b7b56b5b7057cf5 openoffice.org-langpack-ur-2.0.4-5.4.25.x86_64.rpm 5d2265735748ce11f75a157f0d514b97 openoffice.org-langpack-ve_ZA-2.0.4-5.4.25.x86_64.rpm 521acaf8bfdd2b197f1c77b57a3da3f2 openoffice.org-langpack-xh_ZA-2.0.4-5.4.25.x86_64.rpm e5105e20ecd747263ffce68705cc5701 openoffice.org-langpack-zh_CN-2.0.4-5.4.25.x86_64.rpm f934a32909504f4f1b95aec210fca368 openoffice.org-langpack-zh_TW-2.0.4-5.4.25.x86_64.rpm 15417c387d4d53e339ff32d00a41014e openoffice.org-langpack-zu_ZA-2.0.4-5.4.25.x86_64.rpm 30378af1cd026763e76dd5b3df2705ac openoffice.org-math-2.0.4-5.4.25.x86_64.rpm 2f682247a0524e3866b1a839265cca1d openoffice.org-pyuno-2.0.4-5.4.25.x86_64.rpm e7abde0c76e923e408c117fcbc835c15 openoffice.org-testtools-2.0.4-5.4.25.x86_64.rpm 5474fda3968a76c048cde9c7ac0124ed openoffice.org-writer-2.0.4-5.4.25.x86_64.rpm fdeedea08837d3f943cb8c3ddb53a99c openoffice.org-xsltfilter-2.0.4-5.4.25.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/hsqldb-1.8.0.4-3jpp.6.src.rpm 81ee1dc43ff5c1bb457f002ca9985efd hsqldb-1.8.0.4-3jpp.6.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openoffice.org-2.0.4-5.4.25.src.rpm 83bfa789f9fa11159a8f8a8ab2adc7e8 openoffice.org-2.0.4-5.4.25.src.rpm i386: 11b726b5c1d0bd906306b13d9b9de57f hsqldb-1.8.0.4-3jpp.6.i386.rpm 5a6d27339928de3c6c2d26b2116f1cce hsqldb-debuginfo-1.8.0.4-3jpp.6.i386.rpm 5bcdae1c27c70b644a5101895b4dd119 hsqldb-demo-1.8.0.4-3jpp.6.i386.rpm 5c2718d73ea0f1d7177d116ecc599021 hsqldb-javadoc-1.8.0.4-3jpp.6.i386.rpm 9d2bcbb0476e2a4bc5125cd84a2fb534 hsqldb-manual-1.8.0.4-3jpp.6.i386.rpm 5451f3d927a43887c1ab298b608b2ec9 openoffice.org-base-2.0.4-5.4.25.i386.rpm 53f38bb52bf822e7f846bb1c2926332c openoffice.org-calc-2.0.4-5.4.25.i386.rpm 833bbb493b5f27a6efb3f0ad0eddb25f openoffice.org-core-2.0.4-5.4.25.i386.rpm b5f62479c9d1610e25eaf528f47d8821 openoffice.org-debuginfo-2.0.4-5.4.25.i386.rpm 1a828386ce770024e6adb1bf0b57eb38 openoffice.org-draw-2.0.4-5.4.25.i386.rpm 000c917b75463789db71a961d45be2b7 openoffice.org-emailmerge-2.0.4-5.4.25.i386.rpm ce25a1bfe5ab3ca130eaba0c7d9a09a5 openoffice.org-graphicfilter-2.0.4-5.4.25.i386.rpm 3ba7e2efaeb5ebbf59a53a327f39b7dd openoffice.org-impress-2.0.4-5.4.25.i386.rpm 1b16521aaccb43fde4d4b6da5a83a68b openoffice.org-javafilter-2.0.4-5.4.25.i386.rpm 0f76d969b4e3e8ddc7aa61d7f1f90638 openoffice.org-langpack-af_ZA-2.0.4-5.4.25.i386.rpm 0e91e3fe107651a9e30dc7290c8e8794 openoffice.org-langpack-ar-2.0.4-5.4.25.i386.rpm e39b4bce9451db83852e577a6cc1aba2 openoffice.org-langpack-as_IN-2.0.4-5.4.25.i386.rpm 058c7491fb77c9e9dcb8e60b76694016 openoffice.org-langpack-bg_BG-2.0.4-5.4.25.i386.rpm 59a31ba42636246bf2b44637107d63bd openoffice.org-langpack-bn-2.0.4-5.4.25.i386.rpm 730385094657d4577c8f7091297be30a openoffice.org-langpack-ca_ES-2.0.4-5.4.25.i386.rpm 794726adc03547f57927f3bf024d83e9 openoffice.org-langpack-cs_CZ-2.0.4-5.4.25.i386.rpm 43fffd3c6ff5a0695ae51f9a651d4d89 openoffice.org-langpack-cy_GB-2.0.4-5.4.25.i386.rpm 705e4cdff02e3770c45d4939edf56a53 openoffice.org-langpack-da_DK-2.0.4-5.4.25.i386.rpm b966102c1ea53de7b1e73443b4579460 openoffice.org-langpack-de-2.0.4-5.4.25.i386.rpm 5352ca0b717518b20055b3be43a0e530 openoffice.org-langpack-el_GR-2.0.4-5.4.25.i386.rpm 86fd25ff3f732948eb75152d26670aae openoffice.org-langpack-es-2.0.4-5.4.25.i386.rpm 8ba35e0b053a35a0ca0a34f4145a0e3e openoffice.org-langpack-et_EE-2.0.4-5.4.25.i386.rpm 9220357c3d70c1e2696efdab84acad8c openoffice.org-langpack-eu_ES-2.0.4-5.4.25.i386.rpm a76f2cfdf444df1616b854ae0485a0c1 openoffice.org-langpack-fi_FI-2.0.4-5.4.25.i386.rpm 27625df10c5df5211f8f49e1f717f5c2 openoffice.org-langpack-fr-2.0.4-5.4.25.i386.rpm 3e6f4056b52189b984dc116d2525d3a0 openoffice.org-langpack-ga_IE-2.0.4-5.4.25.i386.rpm 50c4bbf494717b94272200b2469e3ac6 openoffice.org-langpack-gl_ES-2.0.4-5.4.25.i386.rpm 40fe0889f0ab4b8731b1509727e5aaac openoffice.org-langpack-gu_IN-2.0.4-5.4.25.i386.rpm 89a77f54f993979e912a725248e6dc80 openoffice.org-langpack-he_IL-2.0.4-5.4.25.i386.rpm cb210b2ba9ef1803c5effb5b77d20e03 openoffice.org-langpack-hi_IN-2.0.4-5.4.25.i386.rpm a04acc495e2ce15664a65f0ee25a3f1a openoffice.org-langpack-hr_HR-2.0.4-5.4.25.i386.rpm 69359a93deedda961d1b57cd8cc7ce02 openoffice.org-langpack-hu_HU-2.0.4-5.4.25.i386.rpm baaf517663450e6be2f3c4b1c9f268d3 openoffice.org-langpack-it-2.0.4-5.4.25.i386.rpm d34e69b8affdc07e3492034828ac0586 openoffice.org-langpack-ja_JP-2.0.4-5.4.25.i386.rpm b014ae58991cf4acf06ca269fb6a7dbc openoffice.org-langpack-kn_IN-2.0.4-5.4.25.i386.rpm 670ee7c5d6384601feecfb9671f05709 openoffice.org-langpack-ko_KR-2.0.4-5.4.25.i386.rpm 0b19cb7cb05df6b532f6bc7680212f41 openoffice.org-langpack-lt_LT-2.0.4-5.4.25.i386.rpm 9b4ae06054b70b317b497764a72e7f5e openoffice.org-langpack-ml_IN-2.0.4-5.4.25.i386.rpm 1f340ed8045c84749cb76ed710fa272e openoffice.org-langpack-mr_IN-2.0.4-5.4.25.i386.rpm 0b36478f2363607002171c52e21f879d openoffice.org-langpack-ms_MY-2.0.4-5.4.25.i386.rpm 20af3f723b68056581c832bb5c1c987d openoffice.org-langpack-nb_NO-2.0.4-5.4.25.i386.rpm d1dc8662e1774bad8c23703bed4f890c openoffice.org-langpack-nl-2.0.4-5.4.25.i386.rpm 97354ba11f55becde90a7cd33a2d1ad5 openoffice.org-langpack-nn_NO-2.0.4-5.4.25.i386.rpm bea9716aa7d8bf33ba9bad01a3daa896 openoffice.org-langpack-nr_ZA-2.0.4-5.4.25.i386.rpm 34ae027c37ec1b47780f8e8046baedbf openoffice.org-langpack-nso_ZA-2.0.4-5.4.25.i386.rpm 39fce5bee85db7b7372b4b0056621188 openoffice.org-langpack-or_IN-2.0.4-5.4.25.i386.rpm 63b4b8632b7537668f4a60877f2c7d4b openoffice.org-langpack-pa_IN-2.0.4-5.4.25.i386.rpm a76aaa8e87d2b7ac27ad05448c6f5da8 openoffice.org-langpack-pl_PL-2.0.4-5.4.25.i386.rpm 5678ff389b17b3fe50331890c727e231 openoffice.org-langpack-pt_BR-2.0.4-5.4.25.i386.rpm efca5df20fb77d1b2df096ea35b21831 openoffice.org-langpack-pt_PT-2.0.4-5.4.25.i386.rpm 17889dbbe5ad4a7e91072e042c31ed87 openoffice.org-langpack-ru-2.0.4-5.4.25.i386.rpm fbae69ce9428e4ea7672a92fde8806bc openoffice.org-langpack-sk_SK-2.0.4-5.4.25.i386.rpm 8dd90d9bd73f753349078d33904a3c73 openoffice.org-langpack-sl_SI-2.0.4-5.4.25.i386.rpm 51863ca85f329c5bd51c39e2d27d6eab openoffice.org-langpack-sr_CS-2.0.4-5.4.25.i386.rpm 3ba3cf27a870a9a6b286ba74740d852f openoffice.org-langpack-ss_ZA-2.0.4-5.4.25.i386.rpm ca88185b8c5efe009be060cb9cbda453 openoffice.org-langpack-st_ZA-2.0.4-5.4.25.i386.rpm 42b99679f1fb544ff6505a843713ddf3 openoffice.org-langpack-sv-2.0.4-5.4.25.i386.rpm ad3cf26601edbb8bfc8ad6372f89e6f0 openoffice.org-langpack-ta_IN-2.0.4-5.4.25.i386.rpm 7ac7d501f185dc73aed7b80671394f05 openoffice.org-langpack-te_IN-2.0.4-5.4.25.i386.rpm 1d31d5e2bbcc2f6262a5ab5764b639e0 openoffice.org-langpack-th_TH-2.0.4-5.4.25.i386.rpm 6f3afbdaf5912a51d3c506c7350c4657 openoffice.org-langpack-tn_ZA-2.0.4-5.4.25.i386.rpm 72ceb6a82979befb0cdd0fa9667ab719 openoffice.org-langpack-tr_TR-2.0.4-5.4.25.i386.rpm 9dc097b2843dbab37f516cfea4b2bcde openoffice.org-langpack-ts_ZA-2.0.4-5.4.25.i386.rpm f020736645dbcf63228d67f8548c25f7 openoffice.org-langpack-ur-2.0.4-5.4.25.i386.rpm 36b759cd4e20563ac121a134c855d7e9 openoffice.org-langpack-ve_ZA-2.0.4-5.4.25.i386.rpm a1d66c84d4cd6b93fd9f48a20b3a6e76 openoffice.org-langpack-xh_ZA-2.0.4-5.4.25.i386.rpm 26aee64711df54c49af139e259b6d824 openoffice.org-langpack-zh_CN-2.0.4-5.4.25.i386.rpm 919f099bd2fc1555b022904e7dc9dff0 openoffice.org-langpack-zh_TW-2.0.4-5.4.25.i386.rpm 476131feef795972a2980f89391f3ff9 openoffice.org-langpack-zu_ZA-2.0.4-5.4.25.i386.rpm e3de81fce3da1dc20f54a5e4267fccba openoffice.org-math-2.0.4-5.4.25.i386.rpm ef239c9f2fbe1c72534acab11b32024f openoffice.org-pyuno-2.0.4-5.4.25.i386.rpm f0672bab7b28a4069f49d3753c13f8d3 openoffice.org-testtools-2.0.4-5.4.25.i386.rpm aef0a4f3a6f1e3c234b9948c11efcacb openoffice.org-writer-2.0.4-5.4.25.i386.rpm 79408f03298ecdb39b6ef4d5317902f1 openoffice.org-xsltfilter-2.0.4-5.4.25.i386.rpm x86_64: 9c54d7a9650462205d56fbba25fbc7ac hsqldb-1.8.0.4-3jpp.6.x86_64.rpm fad92192c54ae3c8b6ba118449cfebf0 hsqldb-debuginfo-1.8.0.4-3jpp.6.x86_64.rpm a9e60d1057a01644939fb5b0d725bd61 hsqldb-demo-1.8.0.4-3jpp.6.x86_64.rpm 7fad1a11b5ca9e04caf69aeaa08778ed hsqldb-javadoc-1.8.0.4-3jpp.6.x86_64.rpm b327c3c0e7b320ca98effd5b2646193c hsqldb-manual-1.8.0.4-3jpp.6.x86_64.rpm 2cb041161968935071dd270b973b2faf openoffice.org-base-2.0.4-5.4.25.x86_64.rpm 9f034a101b0f74084543aab3c217d9ef openoffice.org-calc-2.0.4-5.4.25.x86_64.rpm e2f685a9fbeecc78637f725a95d09628 openoffice.org-core-2.0.4-5.4.25.x86_64.rpm bc217d7e42948fb706d4cc7ddb92650f openoffice.org-debuginfo-2.0.4-5.4.25.x86_64.rpm 2306f2cf7fe2a9b616d4a45a8fb28d7c openoffice.org-draw-2.0.4-5.4.25.x86_64.rpm 841e3f35a331005c7e4dd0bdf1a8d2c2 openoffice.org-emailmerge-2.0.4-5.4.25.x86_64.rpm 11aa157170b642f6f637fac18264ece7 openoffice.org-graphicfilter-2.0.4-5.4.25.x86_64.rpm e44aba22925fc9525085fc0a3b9e26e7 openoffice.org-impress-2.0.4-5.4.25.x86_64.rpm cbae1b4ed2a7eaf652c492e218c6e817 openoffice.org-javafilter-2.0.4-5.4.25.x86_64.rpm 8700253aa991797f8c57c6d0d0061737 openoffice.org-langpack-af_ZA-2.0.4-5.4.25.x86_64.rpm 19635af6ca1cebfdc61d8863891313fe openoffice.org-langpack-ar-2.0.4-5.4.25.x86_64.rpm 476e9c96221af02610aeec60d65bacf8 openoffice.org-langpack-as_IN-2.0.4-5.4.25.x86_64.rpm 0fafcdb3f403b02f3d5fc6c85e86e807 openoffice.org-langpack-bg_BG-2.0.4-5.4.25.x86_64.rpm 73066b5e5925353c40958c23f521daf5 openoffice.org-langpack-bn-2.0.4-5.4.25.x86_64.rpm 9bc1527412f1d5beafac2fce569b8bd9 openoffice.org-langpack-ca_ES-2.0.4-5.4.25.x86_64.rpm e6eccf64d92ab3883e59102762d2451d openoffice.org-langpack-cs_CZ-2.0.4-5.4.25.x86_64.rpm b7b006ee70589bcb5e576a7f9ab3c35a openoffice.org-langpack-cy_GB-2.0.4-5.4.25.x86_64.rpm 033a622e0362692895b42445ab648ef9 openoffice.org-langpack-da_DK-2.0.4-5.4.25.x86_64.rpm 2f1e908bcd03714b48b4eab9c7817d6b openoffice.org-langpack-de-2.0.4-5.4.25.x86_64.rpm 75d43764f858209e53eb47c46aafe125 openoffice.org-langpack-el_GR-2.0.4-5.4.25.x86_64.rpm f68d5cbccdad8502ce5cb02eab3c0bc1 openoffice.org-langpack-es-2.0.4-5.4.25.x86_64.rpm beaee11fee07a306d56e0f1be9abb7ab openoffice.org-langpack-et_EE-2.0.4-5.4.25.x86_64.rpm 2fe2489386cb196cad4db20aca190dfd openoffice.org-langpack-eu_ES-2.0.4-5.4.25.x86_64.rpm 81aac28ffa25abcd01d724d9fc7b5069 openoffice.org-langpack-fi_FI-2.0.4-5.4.25.x86_64.rpm d30aba5ec21ce7c4fde84754599ea5ef openoffice.org-langpack-fr-2.0.4-5.4.25.x86_64.rpm 1262f5abae73b47f60d246aa83ab4fbc openoffice.org-langpack-ga_IE-2.0.4-5.4.25.x86_64.rpm 25f72973339c4e2d7d5018352000881f openoffice.org-langpack-gl_ES-2.0.4-5.4.25.x86_64.rpm 1f525b44f31dbdb716d5155930b45439 openoffice.org-langpack-gu_IN-2.0.4-5.4.25.x86_64.rpm dd03c75deeb21cc2417f83039b4b8b50 openoffice.org-langpack-he_IL-2.0.4-5.4.25.x86_64.rpm 7fbf65ad50fc71afc8b652e1a18ac9f3 openoffice.org-langpack-hi_IN-2.0.4-5.4.25.x86_64.rpm 3c19ead61c8055e5772fc90e17a583d2 openoffice.org-langpack-hr_HR-2.0.4-5.4.25.x86_64.rpm 6a5c4789e8dd0032c9d492d59e5bbc11 openoffice.org-langpack-hu_HU-2.0.4-5.4.25.x86_64.rpm 12721dc9cfe54881bd32b7e9ad02f79c openoffice.org-langpack-it-2.0.4-5.4.25.x86_64.rpm 862eb55dedad989c8eaa6d302437d90e openoffice.org-langpack-ja_JP-2.0.4-5.4.25.x86_64.rpm af5f35be42de0d1d5e734cb630c2aa32 openoffice.org-langpack-kn_IN-2.0.4-5.4.25.x86_64.rpm d4fe8971277ee9cdca0b4bebfea7f9ee openoffice.org-langpack-ko_KR-2.0.4-5.4.25.x86_64.rpm b9c888fe7c532446fe63b897a621f368 openoffice.org-langpack-lt_LT-2.0.4-5.4.25.x86_64.rpm 06bb78aa9904f5fae3292f0870edcf7c openoffice.org-langpack-ml_IN-2.0.4-5.4.25.x86_64.rpm 22bcdf60c2a493c13d1b87a9cbdd70d5 openoffice.org-langpack-mr_IN-2.0.4-5.4.25.x86_64.rpm 34aa44bc21120a080fea07c69a0240d8 openoffice.org-langpack-ms_MY-2.0.4-5.4.25.x86_64.rpm fe928d3af21e079271bf9bcbc236c70d openoffice.org-langpack-nb_NO-2.0.4-5.4.25.x86_64.rpm 35858270fbf9dfa682b6c54812de990d openoffice.org-langpack-nl-2.0.4-5.4.25.x86_64.rpm f9c7c3d708852301af0292f5cdc60421 openoffice.org-langpack-nn_NO-2.0.4-5.4.25.x86_64.rpm 3d0a254b86131369ef9bf46ba93ceeba openoffice.org-langpack-nr_ZA-2.0.4-5.4.25.x86_64.rpm d4fe3380f4b9ced0261f8e9ab54d3185 openoffice.org-langpack-nso_ZA-2.0.4-5.4.25.x86_64.rpm 99ba8ab2f653ee08f533a01c63a6ba02 openoffice.org-langpack-or_IN-2.0.4-5.4.25.x86_64.rpm 02cf0b57ab9125e7a938fd0664057e99 openoffice.org-langpack-pa_IN-2.0.4-5.4.25.x86_64.rpm 4dd65d6f9e248349b8275b102ae5cd82 openoffice.org-langpack-pl_PL-2.0.4-5.4.25.x86_64.rpm 8104c9e45586832c8f73114ec5055008 openoffice.org-langpack-pt_BR-2.0.4-5.4.25.x86_64.rpm 17ea822f30d51c6e00124c42b0cf9406 openoffice.org-langpack-pt_PT-2.0.4-5.4.25.x86_64.rpm 9c99e6135ecb2ac385b3ca928764168b openoffice.org-langpack-ru-2.0.4-5.4.25.x86_64.rpm 55b077d209eaa0047d90006ee6bd5e4d openoffice.org-langpack-sk_SK-2.0.4-5.4.25.x86_64.rpm c63553aa679d8bf1e3a2e1857caba5c4 openoffice.org-langpack-sl_SI-2.0.4-5.4.25.x86_64.rpm e2ae21545e6f485bd590b8518ba60961 openoffice.org-langpack-sr_CS-2.0.4-5.4.25.x86_64.rpm 640a683eaa345c682c4fd9cfec6357f2 openoffice.org-langpack-ss_ZA-2.0.4-5.4.25.x86_64.rpm 54b54b54994841fab8fb8d51164255eb openoffice.org-langpack-st_ZA-2.0.4-5.4.25.x86_64.rpm ef90edbaa39f07fd53c02bbced4ea994 openoffice.org-langpack-sv-2.0.4-5.4.25.x86_64.rpm 720f611ef548b4495e716f1bf7662c88 openoffice.org-langpack-ta_IN-2.0.4-5.4.25.x86_64.rpm 217c3e142960c74b33632a83577991d0 openoffice.org-langpack-te_IN-2.0.4-5.4.25.x86_64.rpm 6f037e4f0a1415ddc7cbd1b047054cd1 openoffice.org-langpack-th_TH-2.0.4-5.4.25.x86_64.rpm 3d1bea28b0088cc0fc9357a097f0490d openoffice.org-langpack-tn_ZA-2.0.4-5.4.25.x86_64.rpm a7b1aafc105b50c232e1ed5f8384cafa openoffice.org-langpack-tr_TR-2.0.4-5.4.25.x86_64.rpm e4c0edf8011d6060e4e9ae8b87a678b3 openoffice.org-langpack-ts_ZA-2.0.4-5.4.25.x86_64.rpm 10319f9b433b3cca5b7b56b5b7057cf5 openoffice.org-langpack-ur-2.0.4-5.4.25.x86_64.rpm 5d2265735748ce11f75a157f0d514b97 openoffice.org-langpack-ve_ZA-2.0.4-5.4.25.x86_64.rpm 521acaf8bfdd2b197f1c77b57a3da3f2 openoffice.org-langpack-xh_ZA-2.0.4-5.4.25.x86_64.rpm e5105e20ecd747263ffce68705cc5701 openoffice.org-langpack-zh_CN-2.0.4-5.4.25.x86_64.rpm f934a32909504f4f1b95aec210fca368 openoffice.org-langpack-zh_TW-2.0.4-5.4.25.x86_64.rpm 15417c387d4d53e339ff32d00a41014e openoffice.org-langpack-zu_ZA-2.0.4-5.4.25.x86_64.rpm 30378af1cd026763e76dd5b3df2705ac openoffice.org-math-2.0.4-5.4.25.x86_64.rpm 2f682247a0524e3866b1a839265cca1d openoffice.org-pyuno-2.0.4-5.4.25.x86_64.rpm e7abde0c76e923e408c117fcbc835c15 openoffice.org-testtools-2.0.4-5.4.25.x86_64.rpm 5474fda3968a76c048cde9c7ac0124ed openoffice.org-writer-2.0.4-5.4.25.x86_64.rpm fdeedea08837d3f943cb8c3ddb53a99c openoffice.org-xsltfilter-2.0.4-5.4.25.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4575 http://www.openoffice.org/security/cves/CVE-2007-4575.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHVrdNXlSAg2UNWIIRAtk4AKCddn/mNrZ2ce1l3h+U6c49FWk51wCgiX5W dxuvF+B2Gkrt1yL2cZD7CbE= =KfFC -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 5 14:46:20 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 5 Dec 2007 09:46:20 -0500 Subject: [RHSA-2007:1090-01] Moderate: openoffice.org2 security update Message-ID: <200712051446.lB5EkKSZ002865@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: openoffice.org2 security update Advisory ID: RHSA-2007:1090-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1090.html Issue date: 2007-12-05 Updated on: 2007-12-05 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-4575 - --------------------------------------------------------------------- 1. Summary: Updated openoffice.org2 packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ppc, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, x86_64 Red Hat Enterprise Linux WS version 4 - i386, x86_64 3. Problem description: OpenOffice.org is an office productivity suite. HSQLDB is the default database engine shipped with OpenOffice.org 2. It was discovered that HSQLDB could allow the execution of arbitrary public static Java methods. A carefully crafted odb file opened in OpenOffice.org Base could execute arbitrary commands with the permissions of the user running OpenOffice.org. (CVE-2007-4575) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 299801 - CVE-2007-4575 OpenOffice.org-base allows Denial-of-Service and command injection 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.3.0.src.rpm 728af6d41af113f6401351b833271754 openoffice.org2-2.0.4-5.7.0.3.0.src.rpm i386: d8d1ce7f9266d17c6986018332ae30a3 openoffice.org2-base-2.0.4-5.7.0.3.0.i386.rpm e3ae7d22e6ea1e2011462a9841a65abb openoffice.org2-calc-2.0.4-5.7.0.3.0.i386.rpm 1e7aadeb52fda6950c13e75f2cbf23d8 openoffice.org2-core-2.0.4-5.7.0.3.0.i386.rpm 00e08a8851f4c0b079a281a491f20f6d openoffice.org2-debuginfo-2.0.4-5.7.0.3.0.i386.rpm 71c23318fd0eab3e2be5698ec4da8130 openoffice.org2-draw-2.0.4-5.7.0.3.0.i386.rpm ccffadb48b36d774ee85d1155aee1b8b openoffice.org2-emailmerge-2.0.4-5.7.0.3.0.i386.rpm f51e49b252e9e4e055489afda67ec4fb openoffice.org2-graphicfilter-2.0.4-5.7.0.3.0.i386.rpm f7721a2d0e6b25b5bc789b6872773443 openoffice.org2-impress-2.0.4-5.7.0.3.0.i386.rpm ec8cc03af6c5942472d66f597a7497b5 openoffice.org2-javafilter-2.0.4-5.7.0.3.0.i386.rpm 749c051437fc04d22f933547219c1c21 openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.3.0.i386.rpm 2df2b2f66e21298ed9b5a7a136195af4 openoffice.org2-langpack-ar-2.0.4-5.7.0.3.0.i386.rpm 0f96e8deb5857ea72b0a1c604172285b openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.3.0.i386.rpm 1a89d2971af7e905c7830d4c0a88b6c4 openoffice.org2-langpack-bn-2.0.4-5.7.0.3.0.i386.rpm 0bfa17d32bdc9d631eab404ea2981040 openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.3.0.i386.rpm 6009d13487a2c69fcb232351712e8fd6 openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.3.0.i386.rpm 212aef354933a49638e3fa2ff30c7126 openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.3.0.i386.rpm c5aa742c75f1aab0092f6ce9167b3550 openoffice.org2-langpack-da_DK-2.0.4-5.7.0.3.0.i386.rpm 9075ff733b8ee2aff2c1b28bc668e63a openoffice.org2-langpack-de-2.0.4-5.7.0.3.0.i386.rpm 789f3ab731025925f42fb992dab59c16 openoffice.org2-langpack-el_GR-2.0.4-5.7.0.3.0.i386.rpm d6caa3505f8b45a8350953e8b870ee3e openoffice.org2-langpack-es-2.0.4-5.7.0.3.0.i386.rpm 7e2060816da1714f597c15c3c8169929 openoffice.org2-langpack-et_EE-2.0.4-5.7.0.3.0.i386.rpm 2e0efab75a3e13a32b31bfe338ec627e openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.3.0.i386.rpm f542c1699aea52e019778e45b8a7572a openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.3.0.i386.rpm 1f7128d12fbc6e5a6b02f8dc24dae6f1 openoffice.org2-langpack-fr-2.0.4-5.7.0.3.0.i386.rpm c9c9ad460f8059f467df422c780a481d openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.3.0.i386.rpm 850f0aa5b23d80a0778e882623ff6927 openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.3.0.i386.rpm 243fd56bfa49c90c39475a0e645fba15 openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.3.0.i386.rpm e28d59183ad1a8abc955bb27a26e0003 openoffice.org2-langpack-he_IL-2.0.4-5.7.0.3.0.i386.rpm d2df13d1f99394d7675dc217f2a806b5 openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.3.0.i386.rpm 049bbacac30cc53728c54bb84eb57d20 openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.3.0.i386.rpm b60f5e7a127ccdc033e223e5bc23180d openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.3.0.i386.rpm 2c63e610717793df25623661b8091000 openoffice.org2-langpack-it-2.0.4-5.7.0.3.0.i386.rpm c377707a3b37bcbd1319c9daeea79f6f openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.3.0.i386.rpm 92b0bf0d3cb562233483f4fafe5e5750 openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.3.0.i386.rpm a8394c8995083d25e2b832b8eece96cb openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.3.0.i386.rpm 0479d52c798a10b653e066c3d3c9d43f openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.3.0.i386.rpm c9a2a61a238c8f24f0982f2e61337ec9 openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.3.0.i386.rpm e806a7d220cbb80cd377eb3027d26140 openoffice.org2-langpack-nl-2.0.4-5.7.0.3.0.i386.rpm ed9a752215e77bdb728a27b515b1a564 openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.3.0.i386.rpm 6aa55f60f77f927e649db04b9b6098e3 openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.3.0.i386.rpm 2b5373b78634276e8cec75c6cc7936b0 openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.3.0.i386.rpm a3ba04d3301575bb155da725bab3ff1a openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.3.0.i386.rpm 46767536774b559cf8f3bc8ab4d8fdb0 openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.3.0.i386.rpm 7425db28bd57d5918533ebc450659253 openoffice.org2-langpack-ru-2.0.4-5.7.0.3.0.i386.rpm debf41af958f226da047789f76a8f606 openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.3.0.i386.rpm 2e62035c241e323b518a0c7fa80592ec openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.3.0.i386.rpm 7df628298b73a0151564fc07724720a8 openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.3.0.i386.rpm c6ca18894a7f5f0523f5212dc3368b2c openoffice.org2-langpack-sv-2.0.4-5.7.0.3.0.i386.rpm 4dbc48773d69df31ef410325cc62574b openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.3.0.i386.rpm cdc4a2e142802c039aac65671cbce0e3 openoffice.org2-langpack-th_TH-2.0.4-5.7.0.3.0.i386.rpm 4bf2535e75df9572beca95f2b198e109 openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.3.0.i386.rpm 37f941cc9eae3192e238d804317e1acc openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.3.0.i386.rpm 5a3dbc59e6543d789aa83d02a476153c openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.3.0.i386.rpm 4cc0536a7a73e7e002fbce19d73c327d openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.3.0.i386.rpm 8eea316d038a14c5d549407b371bb273 openoffice.org2-math-2.0.4-5.7.0.3.0.i386.rpm 95a3e3b35b235b7a5135032a13dca721 openoffice.org2-pyuno-2.0.4-5.7.0.3.0.i386.rpm 5bfd22c379873608351a32c5e92e2adc openoffice.org2-testtools-2.0.4-5.7.0.3.0.i386.rpm b223cdcf97ad219ebe64f823afd1cd3e openoffice.org2-writer-2.0.4-5.7.0.3.0.i386.rpm d26db5f3217a212db7573fdd5c5501ce openoffice.org2-xsltfilter-2.0.4-5.7.0.3.0.i386.rpm ppc: 6739deada4f3098870245b863c08bffc openoffice.org2-base-2.0.4-5.7.0.3.0.ppc.rpm 90e8c6880cb2059b294c24c06d83a41f openoffice.org2-calc-2.0.4-5.7.0.3.0.ppc.rpm 90d6896182b05341efd3bc6be93d1746 openoffice.org2-core-2.0.4-5.7.0.3.0.ppc.rpm 59c1fc4bdbc5d9fa1f42a91067300719 openoffice.org2-debuginfo-2.0.4-5.7.0.3.0.ppc.rpm 38f575822f7e139310d4f685a982cd0d openoffice.org2-draw-2.0.4-5.7.0.3.0.ppc.rpm 67079021eb0e078f9a09cbe43fab15b2 openoffice.org2-emailmerge-2.0.4-5.7.0.3.0.ppc.rpm 2454088a1bb6e8d086c0f6cc1e2e034a openoffice.org2-graphicfilter-2.0.4-5.7.0.3.0.ppc.rpm 3eff6cab8ce7f52a02121b3046abb1d7 openoffice.org2-impress-2.0.4-5.7.0.3.0.ppc.rpm 3f025387c459ab68a2286f66fd4056b2 openoffice.org2-javafilter-2.0.4-5.7.0.3.0.ppc.rpm 9e71ee3544067f5ce4f813c58ef989ff openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.3.0.ppc.rpm 0a1b77cf511adbc2d6030b7600229271 openoffice.org2-langpack-ar-2.0.4-5.7.0.3.0.ppc.rpm 012303e547893b36686c111a090d1bc7 openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.3.0.ppc.rpm bbcb662cc15a0b8db5d97b91ed17dd99 openoffice.org2-langpack-bn-2.0.4-5.7.0.3.0.ppc.rpm 2b239dcfff76ff2453abb45d587a750f openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.3.0.ppc.rpm 27339cb259189e8c096aeeea9f28ae7e openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.3.0.ppc.rpm b297af18acb098c50db94277a15eb4fc openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.3.0.ppc.rpm abac82ab07d24361736156252a31be89 openoffice.org2-langpack-da_DK-2.0.4-5.7.0.3.0.ppc.rpm 10b6eacdc859d797878e302b054aa613 openoffice.org2-langpack-de-2.0.4-5.7.0.3.0.ppc.rpm 54fe190d6ab919398ea3c2f0bc9d3f53 openoffice.org2-langpack-el_GR-2.0.4-5.7.0.3.0.ppc.rpm c439259c4504194b891af222ee0b7f32 openoffice.org2-langpack-es-2.0.4-5.7.0.3.0.ppc.rpm cd16b3581464a442dfb42eda6325fdf7 openoffice.org2-langpack-et_EE-2.0.4-5.7.0.3.0.ppc.rpm da58b39bbe2df9864becce78d292f55b openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.3.0.ppc.rpm d6757f1f2faa03604e50b8c971126c33 openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.3.0.ppc.rpm 6b33ffba5c930c2def66eae943c46363 openoffice.org2-langpack-fr-2.0.4-5.7.0.3.0.ppc.rpm 366e9373561a4c5dc43537369e68e881 openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.3.0.ppc.rpm 655460c5bf2dcbf4bc2913781563a6e0 openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.3.0.ppc.rpm ba767afc847d76b262c6ec1d6991e777 openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.3.0.ppc.rpm 25465ded8f099fb6f8c7fc7e063112e0 openoffice.org2-langpack-he_IL-2.0.4-5.7.0.3.0.ppc.rpm d1c5cd3153383013e3df42b6141831e6 openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.3.0.ppc.rpm d58c7e285ed969ce60146ca037e8930c openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.3.0.ppc.rpm 6c3a4a1110c2b81c27ea2357cf980f78 openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.3.0.ppc.rpm 23410f71770945bb9521189d3ff6c5b2 openoffice.org2-langpack-it-2.0.4-5.7.0.3.0.ppc.rpm de178cc3a35c4bc09af07cb879a4663b openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.3.0.ppc.rpm 3405e859eb0366bedb2143fcc00097c1 openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.3.0.ppc.rpm 0e987d155a528b1765045a8fd1381a58 openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.3.0.ppc.rpm b594dc2649ae44a48574a4dc79c15fd8 openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.3.0.ppc.rpm 6a5b3c4e315ca9c4f2285942c50e1332 openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.3.0.ppc.rpm 6ddb6aceb0fed17240d52bc9e7ed85b5 openoffice.org2-langpack-nl-2.0.4-5.7.0.3.0.ppc.rpm d5baa8be35d6a5736647e39623c1ca5a openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.3.0.ppc.rpm b1a41effe0483992f9a762a8dcadaba8 openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.3.0.ppc.rpm 221c281eca55e025a349b60f1cf3eac0 openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.3.0.ppc.rpm 0a544abcf4c0b83b4de5360a65899702 openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.3.0.ppc.rpm 063b1ae77ae7ea849fea12faee56e3d5 openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.3.0.ppc.rpm 5d7de4d030e613951b5c7b28ce60e551 openoffice.org2-langpack-ru-2.0.4-5.7.0.3.0.ppc.rpm fc4610c81ab59c541b2c7739ba6b04cf openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.3.0.ppc.rpm 0ffb837086b58649a607db8e99e2c8ab openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.3.0.ppc.rpm b3dc181ab0299b8257a733dc3d00d65d openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.3.0.ppc.rpm 2a8f49bf82d00bfc3e4b753758c2054f openoffice.org2-langpack-sv-2.0.4-5.7.0.3.0.ppc.rpm 911475573dee35f4ee5456dc48e301e5 openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.3.0.ppc.rpm 085699d6bfa8913bcf432bd39ae1ef71 openoffice.org2-langpack-th_TH-2.0.4-5.7.0.3.0.ppc.rpm afa200d8fa0148b3f22f5d43de063682 openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.3.0.ppc.rpm 3451b016d51f89ac2160681fab32a9cc openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.3.0.ppc.rpm abf77abf2cad7d7734e80b4ad8c3d37e openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.3.0.ppc.rpm 7f9cacaced157c51beff87c23eab89ab openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.3.0.ppc.rpm 5e63f32621d40542cc37c0d1c68d893a openoffice.org2-math-2.0.4-5.7.0.3.0.ppc.rpm 72bbd308e999de9393cc1819d8f016f5 openoffice.org2-pyuno-2.0.4-5.7.0.3.0.ppc.rpm a26beaf0f380d3b26b4b3f6eed4304dd openoffice.org2-testtools-2.0.4-5.7.0.3.0.ppc.rpm 18e9f1483daa7b5e5b5db7c1e79df50f openoffice.org2-writer-2.0.4-5.7.0.3.0.ppc.rpm 076ab801c08e3a138df56efa45ed5077 openoffice.org2-xsltfilter-2.0.4-5.7.0.3.0.ppc.rpm x86_64: d8d1ce7f9266d17c6986018332ae30a3 openoffice.org2-base-2.0.4-5.7.0.3.0.i386.rpm e3ae7d22e6ea1e2011462a9841a65abb openoffice.org2-calc-2.0.4-5.7.0.3.0.i386.rpm 1e7aadeb52fda6950c13e75f2cbf23d8 openoffice.org2-core-2.0.4-5.7.0.3.0.i386.rpm 00e08a8851f4c0b079a281a491f20f6d openoffice.org2-debuginfo-2.0.4-5.7.0.3.0.i386.rpm 71c23318fd0eab3e2be5698ec4da8130 openoffice.org2-draw-2.0.4-5.7.0.3.0.i386.rpm ccffadb48b36d774ee85d1155aee1b8b openoffice.org2-emailmerge-2.0.4-5.7.0.3.0.i386.rpm f51e49b252e9e4e055489afda67ec4fb openoffice.org2-graphicfilter-2.0.4-5.7.0.3.0.i386.rpm f7721a2d0e6b25b5bc789b6872773443 openoffice.org2-impress-2.0.4-5.7.0.3.0.i386.rpm ec8cc03af6c5942472d66f597a7497b5 openoffice.org2-javafilter-2.0.4-5.7.0.3.0.i386.rpm 749c051437fc04d22f933547219c1c21 openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.3.0.i386.rpm 2df2b2f66e21298ed9b5a7a136195af4 openoffice.org2-langpack-ar-2.0.4-5.7.0.3.0.i386.rpm 0f96e8deb5857ea72b0a1c604172285b openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.3.0.i386.rpm 1a89d2971af7e905c7830d4c0a88b6c4 openoffice.org2-langpack-bn-2.0.4-5.7.0.3.0.i386.rpm 0bfa17d32bdc9d631eab404ea2981040 openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.3.0.i386.rpm 6009d13487a2c69fcb232351712e8fd6 openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.3.0.i386.rpm 212aef354933a49638e3fa2ff30c7126 openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.3.0.i386.rpm c5aa742c75f1aab0092f6ce9167b3550 openoffice.org2-langpack-da_DK-2.0.4-5.7.0.3.0.i386.rpm 9075ff733b8ee2aff2c1b28bc668e63a openoffice.org2-langpack-de-2.0.4-5.7.0.3.0.i386.rpm 789f3ab731025925f42fb992dab59c16 openoffice.org2-langpack-el_GR-2.0.4-5.7.0.3.0.i386.rpm d6caa3505f8b45a8350953e8b870ee3e openoffice.org2-langpack-es-2.0.4-5.7.0.3.0.i386.rpm 7e2060816da1714f597c15c3c8169929 openoffice.org2-langpack-et_EE-2.0.4-5.7.0.3.0.i386.rpm 2e0efab75a3e13a32b31bfe338ec627e openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.3.0.i386.rpm f542c1699aea52e019778e45b8a7572a openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.3.0.i386.rpm 1f7128d12fbc6e5a6b02f8dc24dae6f1 openoffice.org2-langpack-fr-2.0.4-5.7.0.3.0.i386.rpm c9c9ad460f8059f467df422c780a481d openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.3.0.i386.rpm 850f0aa5b23d80a0778e882623ff6927 openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.3.0.i386.rpm 243fd56bfa49c90c39475a0e645fba15 openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.3.0.i386.rpm e28d59183ad1a8abc955bb27a26e0003 openoffice.org2-langpack-he_IL-2.0.4-5.7.0.3.0.i386.rpm d2df13d1f99394d7675dc217f2a806b5 openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.3.0.i386.rpm 049bbacac30cc53728c54bb84eb57d20 openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.3.0.i386.rpm b60f5e7a127ccdc033e223e5bc23180d openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.3.0.i386.rpm 2c63e610717793df25623661b8091000 openoffice.org2-langpack-it-2.0.4-5.7.0.3.0.i386.rpm c377707a3b37bcbd1319c9daeea79f6f openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.3.0.i386.rpm 92b0bf0d3cb562233483f4fafe5e5750 openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.3.0.i386.rpm a8394c8995083d25e2b832b8eece96cb openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.3.0.i386.rpm 0479d52c798a10b653e066c3d3c9d43f openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.3.0.i386.rpm c9a2a61a238c8f24f0982f2e61337ec9 openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.3.0.i386.rpm e806a7d220cbb80cd377eb3027d26140 openoffice.org2-langpack-nl-2.0.4-5.7.0.3.0.i386.rpm ed9a752215e77bdb728a27b515b1a564 openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.3.0.i386.rpm 6aa55f60f77f927e649db04b9b6098e3 openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.3.0.i386.rpm 2b5373b78634276e8cec75c6cc7936b0 openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.3.0.i386.rpm a3ba04d3301575bb155da725bab3ff1a openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.3.0.i386.rpm 46767536774b559cf8f3bc8ab4d8fdb0 openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.3.0.i386.rpm 7425db28bd57d5918533ebc450659253 openoffice.org2-langpack-ru-2.0.4-5.7.0.3.0.i386.rpm debf41af958f226da047789f76a8f606 openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.3.0.i386.rpm 2e62035c241e323b518a0c7fa80592ec openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.3.0.i386.rpm 7df628298b73a0151564fc07724720a8 openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.3.0.i386.rpm c6ca18894a7f5f0523f5212dc3368b2c openoffice.org2-langpack-sv-2.0.4-5.7.0.3.0.i386.rpm 4dbc48773d69df31ef410325cc62574b openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.3.0.i386.rpm cdc4a2e142802c039aac65671cbce0e3 openoffice.org2-langpack-th_TH-2.0.4-5.7.0.3.0.i386.rpm 4bf2535e75df9572beca95f2b198e109 openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.3.0.i386.rpm 37f941cc9eae3192e238d804317e1acc openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.3.0.i386.rpm 5a3dbc59e6543d789aa83d02a476153c openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.3.0.i386.rpm 4cc0536a7a73e7e002fbce19d73c327d openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.3.0.i386.rpm 8eea316d038a14c5d549407b371bb273 openoffice.org2-math-2.0.4-5.7.0.3.0.i386.rpm 95a3e3b35b235b7a5135032a13dca721 openoffice.org2-pyuno-2.0.4-5.7.0.3.0.i386.rpm 5bfd22c379873608351a32c5e92e2adc openoffice.org2-testtools-2.0.4-5.7.0.3.0.i386.rpm b223cdcf97ad219ebe64f823afd1cd3e openoffice.org2-writer-2.0.4-5.7.0.3.0.i386.rpm d26db5f3217a212db7573fdd5c5501ce openoffice.org2-xsltfilter-2.0.4-5.7.0.3.0.i386.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.3.0.src.rpm 728af6d41af113f6401351b833271754 openoffice.org2-2.0.4-5.7.0.3.0.src.rpm i386: d8d1ce7f9266d17c6986018332ae30a3 openoffice.org2-base-2.0.4-5.7.0.3.0.i386.rpm e3ae7d22e6ea1e2011462a9841a65abb openoffice.org2-calc-2.0.4-5.7.0.3.0.i386.rpm 1e7aadeb52fda6950c13e75f2cbf23d8 openoffice.org2-core-2.0.4-5.7.0.3.0.i386.rpm 00e08a8851f4c0b079a281a491f20f6d openoffice.org2-debuginfo-2.0.4-5.7.0.3.0.i386.rpm 71c23318fd0eab3e2be5698ec4da8130 openoffice.org2-draw-2.0.4-5.7.0.3.0.i386.rpm ccffadb48b36d774ee85d1155aee1b8b openoffice.org2-emailmerge-2.0.4-5.7.0.3.0.i386.rpm f51e49b252e9e4e055489afda67ec4fb openoffice.org2-graphicfilter-2.0.4-5.7.0.3.0.i386.rpm f7721a2d0e6b25b5bc789b6872773443 openoffice.org2-impress-2.0.4-5.7.0.3.0.i386.rpm ec8cc03af6c5942472d66f597a7497b5 openoffice.org2-javafilter-2.0.4-5.7.0.3.0.i386.rpm 749c051437fc04d22f933547219c1c21 openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.3.0.i386.rpm 2df2b2f66e21298ed9b5a7a136195af4 openoffice.org2-langpack-ar-2.0.4-5.7.0.3.0.i386.rpm 0f96e8deb5857ea72b0a1c604172285b openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.3.0.i386.rpm 1a89d2971af7e905c7830d4c0a88b6c4 openoffice.org2-langpack-bn-2.0.4-5.7.0.3.0.i386.rpm 0bfa17d32bdc9d631eab404ea2981040 openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.3.0.i386.rpm 6009d13487a2c69fcb232351712e8fd6 openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.3.0.i386.rpm 212aef354933a49638e3fa2ff30c7126 openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.3.0.i386.rpm c5aa742c75f1aab0092f6ce9167b3550 openoffice.org2-langpack-da_DK-2.0.4-5.7.0.3.0.i386.rpm 9075ff733b8ee2aff2c1b28bc668e63a openoffice.org2-langpack-de-2.0.4-5.7.0.3.0.i386.rpm 789f3ab731025925f42fb992dab59c16 openoffice.org2-langpack-el_GR-2.0.4-5.7.0.3.0.i386.rpm d6caa3505f8b45a8350953e8b870ee3e openoffice.org2-langpack-es-2.0.4-5.7.0.3.0.i386.rpm 7e2060816da1714f597c15c3c8169929 openoffice.org2-langpack-et_EE-2.0.4-5.7.0.3.0.i386.rpm 2e0efab75a3e13a32b31bfe338ec627e openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.3.0.i386.rpm f542c1699aea52e019778e45b8a7572a openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.3.0.i386.rpm 1f7128d12fbc6e5a6b02f8dc24dae6f1 openoffice.org2-langpack-fr-2.0.4-5.7.0.3.0.i386.rpm c9c9ad460f8059f467df422c780a481d openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.3.0.i386.rpm 850f0aa5b23d80a0778e882623ff6927 openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.3.0.i386.rpm 243fd56bfa49c90c39475a0e645fba15 openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.3.0.i386.rpm e28d59183ad1a8abc955bb27a26e0003 openoffice.org2-langpack-he_IL-2.0.4-5.7.0.3.0.i386.rpm d2df13d1f99394d7675dc217f2a806b5 openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.3.0.i386.rpm 049bbacac30cc53728c54bb84eb57d20 openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.3.0.i386.rpm b60f5e7a127ccdc033e223e5bc23180d openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.3.0.i386.rpm 2c63e610717793df25623661b8091000 openoffice.org2-langpack-it-2.0.4-5.7.0.3.0.i386.rpm c377707a3b37bcbd1319c9daeea79f6f openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.3.0.i386.rpm 92b0bf0d3cb562233483f4fafe5e5750 openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.3.0.i386.rpm a8394c8995083d25e2b832b8eece96cb openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.3.0.i386.rpm 0479d52c798a10b653e066c3d3c9d43f openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.3.0.i386.rpm c9a2a61a238c8f24f0982f2e61337ec9 openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.3.0.i386.rpm e806a7d220cbb80cd377eb3027d26140 openoffice.org2-langpack-nl-2.0.4-5.7.0.3.0.i386.rpm ed9a752215e77bdb728a27b515b1a564 openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.3.0.i386.rpm 6aa55f60f77f927e649db04b9b6098e3 openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.3.0.i386.rpm 2b5373b78634276e8cec75c6cc7936b0 openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.3.0.i386.rpm a3ba04d3301575bb155da725bab3ff1a openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.3.0.i386.rpm 46767536774b559cf8f3bc8ab4d8fdb0 openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.3.0.i386.rpm 7425db28bd57d5918533ebc450659253 openoffice.org2-langpack-ru-2.0.4-5.7.0.3.0.i386.rpm debf41af958f226da047789f76a8f606 openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.3.0.i386.rpm 2e62035c241e323b518a0c7fa80592ec openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.3.0.i386.rpm 7df628298b73a0151564fc07724720a8 openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.3.0.i386.rpm c6ca18894a7f5f0523f5212dc3368b2c openoffice.org2-langpack-sv-2.0.4-5.7.0.3.0.i386.rpm 4dbc48773d69df31ef410325cc62574b openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.3.0.i386.rpm cdc4a2e142802c039aac65671cbce0e3 openoffice.org2-langpack-th_TH-2.0.4-5.7.0.3.0.i386.rpm 4bf2535e75df9572beca95f2b198e109 openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.3.0.i386.rpm 37f941cc9eae3192e238d804317e1acc openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.3.0.i386.rpm 5a3dbc59e6543d789aa83d02a476153c openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.3.0.i386.rpm 4cc0536a7a73e7e002fbce19d73c327d openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.3.0.i386.rpm 8eea316d038a14c5d549407b371bb273 openoffice.org2-math-2.0.4-5.7.0.3.0.i386.rpm 95a3e3b35b235b7a5135032a13dca721 openoffice.org2-pyuno-2.0.4-5.7.0.3.0.i386.rpm 5bfd22c379873608351a32c5e92e2adc openoffice.org2-testtools-2.0.4-5.7.0.3.0.i386.rpm b223cdcf97ad219ebe64f823afd1cd3e openoffice.org2-writer-2.0.4-5.7.0.3.0.i386.rpm d26db5f3217a212db7573fdd5c5501ce openoffice.org2-xsltfilter-2.0.4-5.7.0.3.0.i386.rpm x86_64: d8d1ce7f9266d17c6986018332ae30a3 openoffice.org2-base-2.0.4-5.7.0.3.0.i386.rpm e3ae7d22e6ea1e2011462a9841a65abb openoffice.org2-calc-2.0.4-5.7.0.3.0.i386.rpm 1e7aadeb52fda6950c13e75f2cbf23d8 openoffice.org2-core-2.0.4-5.7.0.3.0.i386.rpm 00e08a8851f4c0b079a281a491f20f6d openoffice.org2-debuginfo-2.0.4-5.7.0.3.0.i386.rpm 71c23318fd0eab3e2be5698ec4da8130 openoffice.org2-draw-2.0.4-5.7.0.3.0.i386.rpm ccffadb48b36d774ee85d1155aee1b8b openoffice.org2-emailmerge-2.0.4-5.7.0.3.0.i386.rpm f51e49b252e9e4e055489afda67ec4fb openoffice.org2-graphicfilter-2.0.4-5.7.0.3.0.i386.rpm f7721a2d0e6b25b5bc789b6872773443 openoffice.org2-impress-2.0.4-5.7.0.3.0.i386.rpm ec8cc03af6c5942472d66f597a7497b5 openoffice.org2-javafilter-2.0.4-5.7.0.3.0.i386.rpm 749c051437fc04d22f933547219c1c21 openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.3.0.i386.rpm 2df2b2f66e21298ed9b5a7a136195af4 openoffice.org2-langpack-ar-2.0.4-5.7.0.3.0.i386.rpm 0f96e8deb5857ea72b0a1c604172285b openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.3.0.i386.rpm 1a89d2971af7e905c7830d4c0a88b6c4 openoffice.org2-langpack-bn-2.0.4-5.7.0.3.0.i386.rpm 0bfa17d32bdc9d631eab404ea2981040 openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.3.0.i386.rpm 6009d13487a2c69fcb232351712e8fd6 openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.3.0.i386.rpm 212aef354933a49638e3fa2ff30c7126 openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.3.0.i386.rpm c5aa742c75f1aab0092f6ce9167b3550 openoffice.org2-langpack-da_DK-2.0.4-5.7.0.3.0.i386.rpm 9075ff733b8ee2aff2c1b28bc668e63a openoffice.org2-langpack-de-2.0.4-5.7.0.3.0.i386.rpm 789f3ab731025925f42fb992dab59c16 openoffice.org2-langpack-el_GR-2.0.4-5.7.0.3.0.i386.rpm d6caa3505f8b45a8350953e8b870ee3e openoffice.org2-langpack-es-2.0.4-5.7.0.3.0.i386.rpm 7e2060816da1714f597c15c3c8169929 openoffice.org2-langpack-et_EE-2.0.4-5.7.0.3.0.i386.rpm 2e0efab75a3e13a32b31bfe338ec627e openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.3.0.i386.rpm f542c1699aea52e019778e45b8a7572a openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.3.0.i386.rpm 1f7128d12fbc6e5a6b02f8dc24dae6f1 openoffice.org2-langpack-fr-2.0.4-5.7.0.3.0.i386.rpm c9c9ad460f8059f467df422c780a481d openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.3.0.i386.rpm 850f0aa5b23d80a0778e882623ff6927 openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.3.0.i386.rpm 243fd56bfa49c90c39475a0e645fba15 openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.3.0.i386.rpm e28d59183ad1a8abc955bb27a26e0003 openoffice.org2-langpack-he_IL-2.0.4-5.7.0.3.0.i386.rpm d2df13d1f99394d7675dc217f2a806b5 openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.3.0.i386.rpm 049bbacac30cc53728c54bb84eb57d20 openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.3.0.i386.rpm b60f5e7a127ccdc033e223e5bc23180d openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.3.0.i386.rpm 2c63e610717793df25623661b8091000 openoffice.org2-langpack-it-2.0.4-5.7.0.3.0.i386.rpm c377707a3b37bcbd1319c9daeea79f6f openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.3.0.i386.rpm 92b0bf0d3cb562233483f4fafe5e5750 openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.3.0.i386.rpm a8394c8995083d25e2b832b8eece96cb openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.3.0.i386.rpm 0479d52c798a10b653e066c3d3c9d43f openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.3.0.i386.rpm c9a2a61a238c8f24f0982f2e61337ec9 openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.3.0.i386.rpm e806a7d220cbb80cd377eb3027d26140 openoffice.org2-langpack-nl-2.0.4-5.7.0.3.0.i386.rpm ed9a752215e77bdb728a27b515b1a564 openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.3.0.i386.rpm 6aa55f60f77f927e649db04b9b6098e3 openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.3.0.i386.rpm 2b5373b78634276e8cec75c6cc7936b0 openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.3.0.i386.rpm a3ba04d3301575bb155da725bab3ff1a openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.3.0.i386.rpm 46767536774b559cf8f3bc8ab4d8fdb0 openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.3.0.i386.rpm 7425db28bd57d5918533ebc450659253 openoffice.org2-langpack-ru-2.0.4-5.7.0.3.0.i386.rpm debf41af958f226da047789f76a8f606 openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.3.0.i386.rpm 2e62035c241e323b518a0c7fa80592ec openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.3.0.i386.rpm 7df628298b73a0151564fc07724720a8 openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.3.0.i386.rpm c6ca18894a7f5f0523f5212dc3368b2c openoffice.org2-langpack-sv-2.0.4-5.7.0.3.0.i386.rpm 4dbc48773d69df31ef410325cc62574b openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.3.0.i386.rpm cdc4a2e142802c039aac65671cbce0e3 openoffice.org2-langpack-th_TH-2.0.4-5.7.0.3.0.i386.rpm 4bf2535e75df9572beca95f2b198e109 openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.3.0.i386.rpm 37f941cc9eae3192e238d804317e1acc openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.3.0.i386.rpm 5a3dbc59e6543d789aa83d02a476153c openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.3.0.i386.rpm 4cc0536a7a73e7e002fbce19d73c327d openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.3.0.i386.rpm 8eea316d038a14c5d549407b371bb273 openoffice.org2-math-2.0.4-5.7.0.3.0.i386.rpm 95a3e3b35b235b7a5135032a13dca721 openoffice.org2-pyuno-2.0.4-5.7.0.3.0.i386.rpm 5bfd22c379873608351a32c5e92e2adc openoffice.org2-testtools-2.0.4-5.7.0.3.0.i386.rpm b223cdcf97ad219ebe64f823afd1cd3e openoffice.org2-writer-2.0.4-5.7.0.3.0.i386.rpm d26db5f3217a212db7573fdd5c5501ce openoffice.org2-xsltfilter-2.0.4-5.7.0.3.0.i386.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.3.0.src.rpm 728af6d41af113f6401351b833271754 openoffice.org2-2.0.4-5.7.0.3.0.src.rpm i386: d8d1ce7f9266d17c6986018332ae30a3 openoffice.org2-base-2.0.4-5.7.0.3.0.i386.rpm e3ae7d22e6ea1e2011462a9841a65abb openoffice.org2-calc-2.0.4-5.7.0.3.0.i386.rpm 1e7aadeb52fda6950c13e75f2cbf23d8 openoffice.org2-core-2.0.4-5.7.0.3.0.i386.rpm 00e08a8851f4c0b079a281a491f20f6d openoffice.org2-debuginfo-2.0.4-5.7.0.3.0.i386.rpm 71c23318fd0eab3e2be5698ec4da8130 openoffice.org2-draw-2.0.4-5.7.0.3.0.i386.rpm ccffadb48b36d774ee85d1155aee1b8b openoffice.org2-emailmerge-2.0.4-5.7.0.3.0.i386.rpm f51e49b252e9e4e055489afda67ec4fb openoffice.org2-graphicfilter-2.0.4-5.7.0.3.0.i386.rpm f7721a2d0e6b25b5bc789b6872773443 openoffice.org2-impress-2.0.4-5.7.0.3.0.i386.rpm ec8cc03af6c5942472d66f597a7497b5 openoffice.org2-javafilter-2.0.4-5.7.0.3.0.i386.rpm 749c051437fc04d22f933547219c1c21 openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.3.0.i386.rpm 2df2b2f66e21298ed9b5a7a136195af4 openoffice.org2-langpack-ar-2.0.4-5.7.0.3.0.i386.rpm 0f96e8deb5857ea72b0a1c604172285b openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.3.0.i386.rpm 1a89d2971af7e905c7830d4c0a88b6c4 openoffice.org2-langpack-bn-2.0.4-5.7.0.3.0.i386.rpm 0bfa17d32bdc9d631eab404ea2981040 openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.3.0.i386.rpm 6009d13487a2c69fcb232351712e8fd6 openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.3.0.i386.rpm 212aef354933a49638e3fa2ff30c7126 openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.3.0.i386.rpm c5aa742c75f1aab0092f6ce9167b3550 openoffice.org2-langpack-da_DK-2.0.4-5.7.0.3.0.i386.rpm 9075ff733b8ee2aff2c1b28bc668e63a openoffice.org2-langpack-de-2.0.4-5.7.0.3.0.i386.rpm 789f3ab731025925f42fb992dab59c16 openoffice.org2-langpack-el_GR-2.0.4-5.7.0.3.0.i386.rpm d6caa3505f8b45a8350953e8b870ee3e openoffice.org2-langpack-es-2.0.4-5.7.0.3.0.i386.rpm 7e2060816da1714f597c15c3c8169929 openoffice.org2-langpack-et_EE-2.0.4-5.7.0.3.0.i386.rpm 2e0efab75a3e13a32b31bfe338ec627e openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.3.0.i386.rpm f542c1699aea52e019778e45b8a7572a openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.3.0.i386.rpm 1f7128d12fbc6e5a6b02f8dc24dae6f1 openoffice.org2-langpack-fr-2.0.4-5.7.0.3.0.i386.rpm c9c9ad460f8059f467df422c780a481d openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.3.0.i386.rpm 850f0aa5b23d80a0778e882623ff6927 openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.3.0.i386.rpm 243fd56bfa49c90c39475a0e645fba15 openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.3.0.i386.rpm e28d59183ad1a8abc955bb27a26e0003 openoffice.org2-langpack-he_IL-2.0.4-5.7.0.3.0.i386.rpm d2df13d1f99394d7675dc217f2a806b5 openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.3.0.i386.rpm 049bbacac30cc53728c54bb84eb57d20 openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.3.0.i386.rpm b60f5e7a127ccdc033e223e5bc23180d openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.3.0.i386.rpm 2c63e610717793df25623661b8091000 openoffice.org2-langpack-it-2.0.4-5.7.0.3.0.i386.rpm c377707a3b37bcbd1319c9daeea79f6f openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.3.0.i386.rpm 92b0bf0d3cb562233483f4fafe5e5750 openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.3.0.i386.rpm a8394c8995083d25e2b832b8eece96cb openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.3.0.i386.rpm 0479d52c798a10b653e066c3d3c9d43f openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.3.0.i386.rpm c9a2a61a238c8f24f0982f2e61337ec9 openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.3.0.i386.rpm e806a7d220cbb80cd377eb3027d26140 openoffice.org2-langpack-nl-2.0.4-5.7.0.3.0.i386.rpm ed9a752215e77bdb728a27b515b1a564 openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.3.0.i386.rpm 6aa55f60f77f927e649db04b9b6098e3 openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.3.0.i386.rpm 2b5373b78634276e8cec75c6cc7936b0 openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.3.0.i386.rpm a3ba04d3301575bb155da725bab3ff1a openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.3.0.i386.rpm 46767536774b559cf8f3bc8ab4d8fdb0 openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.3.0.i386.rpm 7425db28bd57d5918533ebc450659253 openoffice.org2-langpack-ru-2.0.4-5.7.0.3.0.i386.rpm debf41af958f226da047789f76a8f606 openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.3.0.i386.rpm 2e62035c241e323b518a0c7fa80592ec openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.3.0.i386.rpm 7df628298b73a0151564fc07724720a8 openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.3.0.i386.rpm c6ca18894a7f5f0523f5212dc3368b2c openoffice.org2-langpack-sv-2.0.4-5.7.0.3.0.i386.rpm 4dbc48773d69df31ef410325cc62574b openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.3.0.i386.rpm cdc4a2e142802c039aac65671cbce0e3 openoffice.org2-langpack-th_TH-2.0.4-5.7.0.3.0.i386.rpm 4bf2535e75df9572beca95f2b198e109 openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.3.0.i386.rpm 37f941cc9eae3192e238d804317e1acc openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.3.0.i386.rpm 5a3dbc59e6543d789aa83d02a476153c openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.3.0.i386.rpm 4cc0536a7a73e7e002fbce19d73c327d openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.3.0.i386.rpm 8eea316d038a14c5d549407b371bb273 openoffice.org2-math-2.0.4-5.7.0.3.0.i386.rpm 95a3e3b35b235b7a5135032a13dca721 openoffice.org2-pyuno-2.0.4-5.7.0.3.0.i386.rpm 5bfd22c379873608351a32c5e92e2adc openoffice.org2-testtools-2.0.4-5.7.0.3.0.i386.rpm b223cdcf97ad219ebe64f823afd1cd3e openoffice.org2-writer-2.0.4-5.7.0.3.0.i386.rpm d26db5f3217a212db7573fdd5c5501ce openoffice.org2-xsltfilter-2.0.4-5.7.0.3.0.i386.rpm x86_64: d8d1ce7f9266d17c6986018332ae30a3 openoffice.org2-base-2.0.4-5.7.0.3.0.i386.rpm e3ae7d22e6ea1e2011462a9841a65abb openoffice.org2-calc-2.0.4-5.7.0.3.0.i386.rpm 1e7aadeb52fda6950c13e75f2cbf23d8 openoffice.org2-core-2.0.4-5.7.0.3.0.i386.rpm 00e08a8851f4c0b079a281a491f20f6d openoffice.org2-debuginfo-2.0.4-5.7.0.3.0.i386.rpm 71c23318fd0eab3e2be5698ec4da8130 openoffice.org2-draw-2.0.4-5.7.0.3.0.i386.rpm ccffadb48b36d774ee85d1155aee1b8b openoffice.org2-emailmerge-2.0.4-5.7.0.3.0.i386.rpm f51e49b252e9e4e055489afda67ec4fb openoffice.org2-graphicfilter-2.0.4-5.7.0.3.0.i386.rpm f7721a2d0e6b25b5bc789b6872773443 openoffice.org2-impress-2.0.4-5.7.0.3.0.i386.rpm ec8cc03af6c5942472d66f597a7497b5 openoffice.org2-javafilter-2.0.4-5.7.0.3.0.i386.rpm 749c051437fc04d22f933547219c1c21 openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.3.0.i386.rpm 2df2b2f66e21298ed9b5a7a136195af4 openoffice.org2-langpack-ar-2.0.4-5.7.0.3.0.i386.rpm 0f96e8deb5857ea72b0a1c604172285b openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.3.0.i386.rpm 1a89d2971af7e905c7830d4c0a88b6c4 openoffice.org2-langpack-bn-2.0.4-5.7.0.3.0.i386.rpm 0bfa17d32bdc9d631eab404ea2981040 openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.3.0.i386.rpm 6009d13487a2c69fcb232351712e8fd6 openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.3.0.i386.rpm 212aef354933a49638e3fa2ff30c7126 openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.3.0.i386.rpm c5aa742c75f1aab0092f6ce9167b3550 openoffice.org2-langpack-da_DK-2.0.4-5.7.0.3.0.i386.rpm 9075ff733b8ee2aff2c1b28bc668e63a openoffice.org2-langpack-de-2.0.4-5.7.0.3.0.i386.rpm 789f3ab731025925f42fb992dab59c16 openoffice.org2-langpack-el_GR-2.0.4-5.7.0.3.0.i386.rpm d6caa3505f8b45a8350953e8b870ee3e openoffice.org2-langpack-es-2.0.4-5.7.0.3.0.i386.rpm 7e2060816da1714f597c15c3c8169929 openoffice.org2-langpack-et_EE-2.0.4-5.7.0.3.0.i386.rpm 2e0efab75a3e13a32b31bfe338ec627e openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.3.0.i386.rpm f542c1699aea52e019778e45b8a7572a openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.3.0.i386.rpm 1f7128d12fbc6e5a6b02f8dc24dae6f1 openoffice.org2-langpack-fr-2.0.4-5.7.0.3.0.i386.rpm c9c9ad460f8059f467df422c780a481d openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.3.0.i386.rpm 850f0aa5b23d80a0778e882623ff6927 openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.3.0.i386.rpm 243fd56bfa49c90c39475a0e645fba15 openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.3.0.i386.rpm e28d59183ad1a8abc955bb27a26e0003 openoffice.org2-langpack-he_IL-2.0.4-5.7.0.3.0.i386.rpm d2df13d1f99394d7675dc217f2a806b5 openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.3.0.i386.rpm 049bbacac30cc53728c54bb84eb57d20 openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.3.0.i386.rpm b60f5e7a127ccdc033e223e5bc23180d openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.3.0.i386.rpm 2c63e610717793df25623661b8091000 openoffice.org2-langpack-it-2.0.4-5.7.0.3.0.i386.rpm c377707a3b37bcbd1319c9daeea79f6f openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.3.0.i386.rpm 92b0bf0d3cb562233483f4fafe5e5750 openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.3.0.i386.rpm a8394c8995083d25e2b832b8eece96cb openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.3.0.i386.rpm 0479d52c798a10b653e066c3d3c9d43f openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.3.0.i386.rpm c9a2a61a238c8f24f0982f2e61337ec9 openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.3.0.i386.rpm e806a7d220cbb80cd377eb3027d26140 openoffice.org2-langpack-nl-2.0.4-5.7.0.3.0.i386.rpm ed9a752215e77bdb728a27b515b1a564 openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.3.0.i386.rpm 6aa55f60f77f927e649db04b9b6098e3 openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.3.0.i386.rpm 2b5373b78634276e8cec75c6cc7936b0 openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.3.0.i386.rpm a3ba04d3301575bb155da725bab3ff1a openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.3.0.i386.rpm 46767536774b559cf8f3bc8ab4d8fdb0 openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.3.0.i386.rpm 7425db28bd57d5918533ebc450659253 openoffice.org2-langpack-ru-2.0.4-5.7.0.3.0.i386.rpm debf41af958f226da047789f76a8f606 openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.3.0.i386.rpm 2e62035c241e323b518a0c7fa80592ec openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.3.0.i386.rpm 7df628298b73a0151564fc07724720a8 openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.3.0.i386.rpm c6ca18894a7f5f0523f5212dc3368b2c openoffice.org2-langpack-sv-2.0.4-5.7.0.3.0.i386.rpm 4dbc48773d69df31ef410325cc62574b openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.3.0.i386.rpm cdc4a2e142802c039aac65671cbce0e3 openoffice.org2-langpack-th_TH-2.0.4-5.7.0.3.0.i386.rpm 4bf2535e75df9572beca95f2b198e109 openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.3.0.i386.rpm 37f941cc9eae3192e238d804317e1acc openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.3.0.i386.rpm 5a3dbc59e6543d789aa83d02a476153c openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.3.0.i386.rpm 4cc0536a7a73e7e002fbce19d73c327d openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.3.0.i386.rpm 8eea316d038a14c5d549407b371bb273 openoffice.org2-math-2.0.4-5.7.0.3.0.i386.rpm 95a3e3b35b235b7a5135032a13dca721 openoffice.org2-pyuno-2.0.4-5.7.0.3.0.i386.rpm 5bfd22c379873608351a32c5e92e2adc openoffice.org2-testtools-2.0.4-5.7.0.3.0.i386.rpm b223cdcf97ad219ebe64f823afd1cd3e openoffice.org2-writer-2.0.4-5.7.0.3.0.i386.rpm d26db5f3217a212db7573fdd5c5501ce openoffice.org2-xsltfilter-2.0.4-5.7.0.3.0.i386.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openoffice.org2-2.0.4-5.7.0.3.0.src.rpm 728af6d41af113f6401351b833271754 openoffice.org2-2.0.4-5.7.0.3.0.src.rpm i386: d8d1ce7f9266d17c6986018332ae30a3 openoffice.org2-base-2.0.4-5.7.0.3.0.i386.rpm e3ae7d22e6ea1e2011462a9841a65abb openoffice.org2-calc-2.0.4-5.7.0.3.0.i386.rpm 1e7aadeb52fda6950c13e75f2cbf23d8 openoffice.org2-core-2.0.4-5.7.0.3.0.i386.rpm 00e08a8851f4c0b079a281a491f20f6d openoffice.org2-debuginfo-2.0.4-5.7.0.3.0.i386.rpm 71c23318fd0eab3e2be5698ec4da8130 openoffice.org2-draw-2.0.4-5.7.0.3.0.i386.rpm ccffadb48b36d774ee85d1155aee1b8b openoffice.org2-emailmerge-2.0.4-5.7.0.3.0.i386.rpm f51e49b252e9e4e055489afda67ec4fb openoffice.org2-graphicfilter-2.0.4-5.7.0.3.0.i386.rpm f7721a2d0e6b25b5bc789b6872773443 openoffice.org2-impress-2.0.4-5.7.0.3.0.i386.rpm ec8cc03af6c5942472d66f597a7497b5 openoffice.org2-javafilter-2.0.4-5.7.0.3.0.i386.rpm 749c051437fc04d22f933547219c1c21 openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.3.0.i386.rpm 2df2b2f66e21298ed9b5a7a136195af4 openoffice.org2-langpack-ar-2.0.4-5.7.0.3.0.i386.rpm 0f96e8deb5857ea72b0a1c604172285b openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.3.0.i386.rpm 1a89d2971af7e905c7830d4c0a88b6c4 openoffice.org2-langpack-bn-2.0.4-5.7.0.3.0.i386.rpm 0bfa17d32bdc9d631eab404ea2981040 openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.3.0.i386.rpm 6009d13487a2c69fcb232351712e8fd6 openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.3.0.i386.rpm 212aef354933a49638e3fa2ff30c7126 openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.3.0.i386.rpm c5aa742c75f1aab0092f6ce9167b3550 openoffice.org2-langpack-da_DK-2.0.4-5.7.0.3.0.i386.rpm 9075ff733b8ee2aff2c1b28bc668e63a openoffice.org2-langpack-de-2.0.4-5.7.0.3.0.i386.rpm 789f3ab731025925f42fb992dab59c16 openoffice.org2-langpack-el_GR-2.0.4-5.7.0.3.0.i386.rpm d6caa3505f8b45a8350953e8b870ee3e openoffice.org2-langpack-es-2.0.4-5.7.0.3.0.i386.rpm 7e2060816da1714f597c15c3c8169929 openoffice.org2-langpack-et_EE-2.0.4-5.7.0.3.0.i386.rpm 2e0efab75a3e13a32b31bfe338ec627e openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.3.0.i386.rpm f542c1699aea52e019778e45b8a7572a openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.3.0.i386.rpm 1f7128d12fbc6e5a6b02f8dc24dae6f1 openoffice.org2-langpack-fr-2.0.4-5.7.0.3.0.i386.rpm c9c9ad460f8059f467df422c780a481d openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.3.0.i386.rpm 850f0aa5b23d80a0778e882623ff6927 openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.3.0.i386.rpm 243fd56bfa49c90c39475a0e645fba15 openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.3.0.i386.rpm e28d59183ad1a8abc955bb27a26e0003 openoffice.org2-langpack-he_IL-2.0.4-5.7.0.3.0.i386.rpm d2df13d1f99394d7675dc217f2a806b5 openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.3.0.i386.rpm 049bbacac30cc53728c54bb84eb57d20 openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.3.0.i386.rpm b60f5e7a127ccdc033e223e5bc23180d openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.3.0.i386.rpm 2c63e610717793df25623661b8091000 openoffice.org2-langpack-it-2.0.4-5.7.0.3.0.i386.rpm c377707a3b37bcbd1319c9daeea79f6f openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.3.0.i386.rpm 92b0bf0d3cb562233483f4fafe5e5750 openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.3.0.i386.rpm a8394c8995083d25e2b832b8eece96cb openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.3.0.i386.rpm 0479d52c798a10b653e066c3d3c9d43f openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.3.0.i386.rpm c9a2a61a238c8f24f0982f2e61337ec9 openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.3.0.i386.rpm e806a7d220cbb80cd377eb3027d26140 openoffice.org2-langpack-nl-2.0.4-5.7.0.3.0.i386.rpm ed9a752215e77bdb728a27b515b1a564 openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.3.0.i386.rpm 6aa55f60f77f927e649db04b9b6098e3 openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.3.0.i386.rpm 2b5373b78634276e8cec75c6cc7936b0 openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.3.0.i386.rpm a3ba04d3301575bb155da725bab3ff1a openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.3.0.i386.rpm 46767536774b559cf8f3bc8ab4d8fdb0 openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.3.0.i386.rpm 7425db28bd57d5918533ebc450659253 openoffice.org2-langpack-ru-2.0.4-5.7.0.3.0.i386.rpm debf41af958f226da047789f76a8f606 openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.3.0.i386.rpm 2e62035c241e323b518a0c7fa80592ec openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.3.0.i386.rpm 7df628298b73a0151564fc07724720a8 openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.3.0.i386.rpm c6ca18894a7f5f0523f5212dc3368b2c openoffice.org2-langpack-sv-2.0.4-5.7.0.3.0.i386.rpm 4dbc48773d69df31ef410325cc62574b openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.3.0.i386.rpm cdc4a2e142802c039aac65671cbce0e3 openoffice.org2-langpack-th_TH-2.0.4-5.7.0.3.0.i386.rpm 4bf2535e75df9572beca95f2b198e109 openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.3.0.i386.rpm 37f941cc9eae3192e238d804317e1acc openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.3.0.i386.rpm 5a3dbc59e6543d789aa83d02a476153c openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.3.0.i386.rpm 4cc0536a7a73e7e002fbce19d73c327d openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.3.0.i386.rpm 8eea316d038a14c5d549407b371bb273 openoffice.org2-math-2.0.4-5.7.0.3.0.i386.rpm 95a3e3b35b235b7a5135032a13dca721 openoffice.org2-pyuno-2.0.4-5.7.0.3.0.i386.rpm 5bfd22c379873608351a32c5e92e2adc openoffice.org2-testtools-2.0.4-5.7.0.3.0.i386.rpm b223cdcf97ad219ebe64f823afd1cd3e openoffice.org2-writer-2.0.4-5.7.0.3.0.i386.rpm d26db5f3217a212db7573fdd5c5501ce openoffice.org2-xsltfilter-2.0.4-5.7.0.3.0.i386.rpm x86_64: d8d1ce7f9266d17c6986018332ae30a3 openoffice.org2-base-2.0.4-5.7.0.3.0.i386.rpm e3ae7d22e6ea1e2011462a9841a65abb openoffice.org2-calc-2.0.4-5.7.0.3.0.i386.rpm 1e7aadeb52fda6950c13e75f2cbf23d8 openoffice.org2-core-2.0.4-5.7.0.3.0.i386.rpm 00e08a8851f4c0b079a281a491f20f6d openoffice.org2-debuginfo-2.0.4-5.7.0.3.0.i386.rpm 71c23318fd0eab3e2be5698ec4da8130 openoffice.org2-draw-2.0.4-5.7.0.3.0.i386.rpm ccffadb48b36d774ee85d1155aee1b8b openoffice.org2-emailmerge-2.0.4-5.7.0.3.0.i386.rpm f51e49b252e9e4e055489afda67ec4fb openoffice.org2-graphicfilter-2.0.4-5.7.0.3.0.i386.rpm f7721a2d0e6b25b5bc789b6872773443 openoffice.org2-impress-2.0.4-5.7.0.3.0.i386.rpm ec8cc03af6c5942472d66f597a7497b5 openoffice.org2-javafilter-2.0.4-5.7.0.3.0.i386.rpm 749c051437fc04d22f933547219c1c21 openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.3.0.i386.rpm 2df2b2f66e21298ed9b5a7a136195af4 openoffice.org2-langpack-ar-2.0.4-5.7.0.3.0.i386.rpm 0f96e8deb5857ea72b0a1c604172285b openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.3.0.i386.rpm 1a89d2971af7e905c7830d4c0a88b6c4 openoffice.org2-langpack-bn-2.0.4-5.7.0.3.0.i386.rpm 0bfa17d32bdc9d631eab404ea2981040 openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.3.0.i386.rpm 6009d13487a2c69fcb232351712e8fd6 openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.3.0.i386.rpm 212aef354933a49638e3fa2ff30c7126 openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.3.0.i386.rpm c5aa742c75f1aab0092f6ce9167b3550 openoffice.org2-langpack-da_DK-2.0.4-5.7.0.3.0.i386.rpm 9075ff733b8ee2aff2c1b28bc668e63a openoffice.org2-langpack-de-2.0.4-5.7.0.3.0.i386.rpm 789f3ab731025925f42fb992dab59c16 openoffice.org2-langpack-el_GR-2.0.4-5.7.0.3.0.i386.rpm d6caa3505f8b45a8350953e8b870ee3e openoffice.org2-langpack-es-2.0.4-5.7.0.3.0.i386.rpm 7e2060816da1714f597c15c3c8169929 openoffice.org2-langpack-et_EE-2.0.4-5.7.0.3.0.i386.rpm 2e0efab75a3e13a32b31bfe338ec627e openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.3.0.i386.rpm f542c1699aea52e019778e45b8a7572a openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.3.0.i386.rpm 1f7128d12fbc6e5a6b02f8dc24dae6f1 openoffice.org2-langpack-fr-2.0.4-5.7.0.3.0.i386.rpm c9c9ad460f8059f467df422c780a481d openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.3.0.i386.rpm 850f0aa5b23d80a0778e882623ff6927 openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.3.0.i386.rpm 243fd56bfa49c90c39475a0e645fba15 openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.3.0.i386.rpm e28d59183ad1a8abc955bb27a26e0003 openoffice.org2-langpack-he_IL-2.0.4-5.7.0.3.0.i386.rpm d2df13d1f99394d7675dc217f2a806b5 openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.3.0.i386.rpm 049bbacac30cc53728c54bb84eb57d20 openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.3.0.i386.rpm b60f5e7a127ccdc033e223e5bc23180d openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.3.0.i386.rpm 2c63e610717793df25623661b8091000 openoffice.org2-langpack-it-2.0.4-5.7.0.3.0.i386.rpm c377707a3b37bcbd1319c9daeea79f6f openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.3.0.i386.rpm 92b0bf0d3cb562233483f4fafe5e5750 openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.3.0.i386.rpm a8394c8995083d25e2b832b8eece96cb openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.3.0.i386.rpm 0479d52c798a10b653e066c3d3c9d43f openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.3.0.i386.rpm c9a2a61a238c8f24f0982f2e61337ec9 openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.3.0.i386.rpm e806a7d220cbb80cd377eb3027d26140 openoffice.org2-langpack-nl-2.0.4-5.7.0.3.0.i386.rpm ed9a752215e77bdb728a27b515b1a564 openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.3.0.i386.rpm 6aa55f60f77f927e649db04b9b6098e3 openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.3.0.i386.rpm 2b5373b78634276e8cec75c6cc7936b0 openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.3.0.i386.rpm a3ba04d3301575bb155da725bab3ff1a openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.3.0.i386.rpm 46767536774b559cf8f3bc8ab4d8fdb0 openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.3.0.i386.rpm 7425db28bd57d5918533ebc450659253 openoffice.org2-langpack-ru-2.0.4-5.7.0.3.0.i386.rpm debf41af958f226da047789f76a8f606 openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.3.0.i386.rpm 2e62035c241e323b518a0c7fa80592ec openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.3.0.i386.rpm 7df628298b73a0151564fc07724720a8 openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.3.0.i386.rpm c6ca18894a7f5f0523f5212dc3368b2c openoffice.org2-langpack-sv-2.0.4-5.7.0.3.0.i386.rpm 4dbc48773d69df31ef410325cc62574b openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.3.0.i386.rpm cdc4a2e142802c039aac65671cbce0e3 openoffice.org2-langpack-th_TH-2.0.4-5.7.0.3.0.i386.rpm 4bf2535e75df9572beca95f2b198e109 openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.3.0.i386.rpm 37f941cc9eae3192e238d804317e1acc openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.3.0.i386.rpm 5a3dbc59e6543d789aa83d02a476153c openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.3.0.i386.rpm 4cc0536a7a73e7e002fbce19d73c327d openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.3.0.i386.rpm 8eea316d038a14c5d549407b371bb273 openoffice.org2-math-2.0.4-5.7.0.3.0.i386.rpm 95a3e3b35b235b7a5135032a13dca721 openoffice.org2-pyuno-2.0.4-5.7.0.3.0.i386.rpm 5bfd22c379873608351a32c5e92e2adc openoffice.org2-testtools-2.0.4-5.7.0.3.0.i386.rpm b223cdcf97ad219ebe64f823afd1cd3e openoffice.org2-writer-2.0.4-5.7.0.3.0.i386.rpm d26db5f3217a212db7573fdd5c5501ce openoffice.org2-xsltfilter-2.0.4-5.7.0.3.0.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4575 http://www.openoffice.org/security/cves/CVE-2007-4575.html http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHVrmaXlSAg2UNWIIRAiHZAKCMK1r3b35JcG6Q5AlIeQFNOVZqbgCgnTZh ojNAJ56vek1VFTeJ9NTU3pU= =DXue -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 10 18:29:48 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Dec 2007 13:29:48 -0500 Subject: [RHSA-2007:1077-01] Moderate: python security update Message-ID: <200712101829.lBAITmBO005593@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: python security update Advisory ID: RHSA-2007:1077-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1077.html Issue date: 2007-12-10 Updated on: 2007-12-10 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-7228 CVE-2007-2052 - --------------------------------------------------------------------- 1. Summary: Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python's pcre module handled certain regular expressions. If a Python application used the pcre module to compile and execute untrusted regular expressions, it may be possible to cause the application to crash, or allow arbitrary code execution with the privileges of the Python interpreter. (CVE-2006-7228) A flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated, which could possibly cause disclosure of data stored in the memory of a Python application using this function. (CVE-2007-2052) Users of Python are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 235093 - CVE-2007-2052 Off-by-one in python's locale.strxfrm() 383371 - CVE-2006-7228 pcre integer overflow 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/python-1.5.2-43.72.2.src.rpm d187bd2b804cb0aa532b1d7ea1abe927 python-1.5.2-43.72.2.src.rpm i386: 2eedfdef76a114b2249a0d8aead905c8 python-1.5.2-43.72.2.i386.rpm d7bf8b0ceacec84d025fd4ea65f58c77 python-devel-1.5.2-43.72.2.i386.rpm b9218c661a5efac21f011b48553e26f1 python-docs-1.5.2-43.72.2.i386.rpm 865e1d43ac445880137638a8574f8e6f python-tools-1.5.2-43.72.2.i386.rpm 057a0423a93e1bc9d4c01917628aa3af tkinter-1.5.2-43.72.2.i386.rpm ia64: b81ce154379e65cd37e8cb559eb2ae1d python-1.5.2-43.72.2.ia64.rpm 9f4af6774469976ecc55bcd106aab7eb python-devel-1.5.2-43.72.2.ia64.rpm 7c5b50475dfc7d6874cd79ecca36c706 python-docs-1.5.2-43.72.2.ia64.rpm 484c39c1e535e79d5d36bbe75ff0f9d9 python-tools-1.5.2-43.72.2.ia64.rpm 7f95d845167e93fd722e53ca35e28776 tkinter-1.5.2-43.72.2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/python-1.5.2-43.72.2.src.rpm d187bd2b804cb0aa532b1d7ea1abe927 python-1.5.2-43.72.2.src.rpm ia64: b81ce154379e65cd37e8cb559eb2ae1d python-1.5.2-43.72.2.ia64.rpm 9f4af6774469976ecc55bcd106aab7eb python-devel-1.5.2-43.72.2.ia64.rpm 7c5b50475dfc7d6874cd79ecca36c706 python-docs-1.5.2-43.72.2.ia64.rpm 484c39c1e535e79d5d36bbe75ff0f9d9 python-tools-1.5.2-43.72.2.ia64.rpm 7f95d845167e93fd722e53ca35e28776 tkinter-1.5.2-43.72.2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/python-1.5.2-43.72.2.src.rpm d187bd2b804cb0aa532b1d7ea1abe927 python-1.5.2-43.72.2.src.rpm i386: 2eedfdef76a114b2249a0d8aead905c8 python-1.5.2-43.72.2.i386.rpm d7bf8b0ceacec84d025fd4ea65f58c77 python-devel-1.5.2-43.72.2.i386.rpm b9218c661a5efac21f011b48553e26f1 python-docs-1.5.2-43.72.2.i386.rpm 865e1d43ac445880137638a8574f8e6f python-tools-1.5.2-43.72.2.i386.rpm 057a0423a93e1bc9d4c01917628aa3af tkinter-1.5.2-43.72.2.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/python-1.5.2-43.72.2.src.rpm d187bd2b804cb0aa532b1d7ea1abe927 python-1.5.2-43.72.2.src.rpm i386: 2eedfdef76a114b2249a0d8aead905c8 python-1.5.2-43.72.2.i386.rpm d7bf8b0ceacec84d025fd4ea65f58c77 python-devel-1.5.2-43.72.2.i386.rpm b9218c661a5efac21f011b48553e26f1 python-docs-1.5.2-43.72.2.i386.rpm 865e1d43ac445880137638a8574f8e6f python-tools-1.5.2-43.72.2.i386.rpm 057a0423a93e1bc9d4c01917628aa3af tkinter-1.5.2-43.72.2.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHXYWPXlSAg2UNWIIRAgsaAJ9/CC6eQs/dMuHeQ/gKt86l7+eRqwCfbSTv DypFwizG77kZca+GTI45fgU= =LOOL -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 10 18:30:03 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Dec 2007 13:30:03 -0500 Subject: [RHSA-2007:1114-01] Critical: samba security and bug fix update Message-ID: <200712101830.lBAIU3Vn005969@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: samba security and bug fix update Advisory ID: RHSA-2007:1114-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1114.html Issue date: 2007-12-10 Updated on: 2007-12-10 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-6015 - --------------------------------------------------------------------- 1. Summary: Updated samba packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: Samba is a suite of programs used by machines to share files, printers, and other information. A stack buffer overflow flaw was found in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash, or execute arbitrary code with the permissions of the Samba server. (CVE-2007-6015) Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. This update also fixes a regression caused by the fix for CVE-2007-4572, which prevented some clients from being able to properly access shares. Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 389021 - Critical Regression caused by CVE-2007-4572 396401 - CVE-2007-6015 samba: send_mailslot() buffer overflow 407071 - Critical Regression caused by CVE-2007-4572 407081 - Critical Regression caused by CVE-2007-4572 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/samba-2.2.12-1.21as.8.2.src.rpm 736a5ff3fc6cb67ad2c00f6d29fbc63d samba-2.2.12-1.21as.8.2.src.rpm i386: 068ec4ae53febbcaa2504a799bb7ff40 samba-2.2.12-1.21as.8.2.i386.rpm 4ae0e8f558906f9e810d164ecf5a0003 samba-client-2.2.12-1.21as.8.2.i386.rpm 4b7337b654d4d2b9997dbbd2a100d1f0 samba-common-2.2.12-1.21as.8.2.i386.rpm cd7d82b601f4da8074f2b25a0be4d225 samba-swat-2.2.12-1.21as.8.2.i386.rpm ia64: 702410acf536a93b21e694c3d991bd63 samba-2.2.12-1.21as.8.2.ia64.rpm 10577425c420f1dd0e279278a826c83e samba-client-2.2.12-1.21as.8.2.ia64.rpm 48d9cc2240d1b30a9487754cb7e0fae0 samba-common-2.2.12-1.21as.8.2.ia64.rpm a0b7f79e4b7774d2f5059e42a90bfc98 samba-swat-2.2.12-1.21as.8.2.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/samba-2.2.12-1.21as.8.2.src.rpm 736a5ff3fc6cb67ad2c00f6d29fbc63d samba-2.2.12-1.21as.8.2.src.rpm ia64: 702410acf536a93b21e694c3d991bd63 samba-2.2.12-1.21as.8.2.ia64.rpm 10577425c420f1dd0e279278a826c83e samba-client-2.2.12-1.21as.8.2.ia64.rpm 48d9cc2240d1b30a9487754cb7e0fae0 samba-common-2.2.12-1.21as.8.2.ia64.rpm a0b7f79e4b7774d2f5059e42a90bfc98 samba-swat-2.2.12-1.21as.8.2.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/samba-2.2.12-1.21as.8.2.src.rpm 736a5ff3fc6cb67ad2c00f6d29fbc63d samba-2.2.12-1.21as.8.2.src.rpm i386: 068ec4ae53febbcaa2504a799bb7ff40 samba-2.2.12-1.21as.8.2.i386.rpm 4ae0e8f558906f9e810d164ecf5a0003 samba-client-2.2.12-1.21as.8.2.i386.rpm 4b7337b654d4d2b9997dbbd2a100d1f0 samba-common-2.2.12-1.21as.8.2.i386.rpm cd7d82b601f4da8074f2b25a0be4d225 samba-swat-2.2.12-1.21as.8.2.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/samba-2.2.12-1.21as.8.2.src.rpm 736a5ff3fc6cb67ad2c00f6d29fbc63d samba-2.2.12-1.21as.8.2.src.rpm i386: 068ec4ae53febbcaa2504a799bb7ff40 samba-2.2.12-1.21as.8.2.i386.rpm 4ae0e8f558906f9e810d164ecf5a0003 samba-client-2.2.12-1.21as.8.2.i386.rpm 4b7337b654d4d2b9997dbbd2a100d1f0 samba-common-2.2.12-1.21as.8.2.i386.rpm cd7d82b601f4da8074f2b25a0be4d225 samba-swat-2.2.12-1.21as.8.2.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/samba-3.0.9-1.3E.14.3.src.rpm 079e19bbed89cdc3e78830dc2c3f7992 samba-3.0.9-1.3E.14.3.src.rpm i386: 1f2f5652a9bde00c73d0e0a8b4a60ef7 samba-3.0.9-1.3E.14.3.i386.rpm 625de7105790e9d4636addbc6fffbbbe samba-client-3.0.9-1.3E.14.3.i386.rpm 74e9aef3e855a21c1ab4b93ca91185fa samba-common-3.0.9-1.3E.14.3.i386.rpm 067cfb58d3f69bd053cd1d1829eb6692 samba-debuginfo-3.0.9-1.3E.14.3.i386.rpm 5d9c16038d9d9217269f3a00b960737a samba-swat-3.0.9-1.3E.14.3.i386.rpm ia64: 1f2f5652a9bde00c73d0e0a8b4a60ef7 samba-3.0.9-1.3E.14.3.i386.rpm b4cc1724d76bd5164305922e98f540ae samba-3.0.9-1.3E.14.3.ia64.rpm 61fc8f255cc970db7a2e34f1bc6e9d09 samba-client-3.0.9-1.3E.14.3.ia64.rpm 74e9aef3e855a21c1ab4b93ca91185fa samba-common-3.0.9-1.3E.14.3.i386.rpm 2902a7a69ea39af0bb240ef8ca17db75 samba-common-3.0.9-1.3E.14.3.ia64.rpm 067cfb58d3f69bd053cd1d1829eb6692 samba-debuginfo-3.0.9-1.3E.14.3.i386.rpm 244b7ab278329109b312c9ba1abeadf2 samba-debuginfo-3.0.9-1.3E.14.3.ia64.rpm 38df293b371476cd9e32b33699828a2b samba-swat-3.0.9-1.3E.14.3.ia64.rpm ppc: 5adc413f485db7bbdc235724a057b731 samba-3.0.9-1.3E.14.3.ppc.rpm 43eb2120d969a8409b352ec06b27f4d5 samba-3.0.9-1.3E.14.3.ppc64.rpm 378dd386070253e9b64c97cfa8414825 samba-client-3.0.9-1.3E.14.3.ppc.rpm 9ea24506656ccf7fc070cc2c265c1b50 samba-common-3.0.9-1.3E.14.3.ppc.rpm 5b3e0d2217bb2f3e15e8673c3f6fc580 samba-common-3.0.9-1.3E.14.3.ppc64.rpm c795611f6fbdde44b3d426c1badb9a6a samba-debuginfo-3.0.9-1.3E.14.3.ppc.rpm 59b6fae58ec54ce27ee047caeda13556 samba-debuginfo-3.0.9-1.3E.14.3.ppc64.rpm d7f37013a8b02ca681c171335f8e9e95 samba-swat-3.0.9-1.3E.14.3.ppc.rpm s390: 2d5d685cf9580039a80b23e3c2e0ea8c samba-3.0.9-1.3E.14.3.s390.rpm 4fe23911e0bbc73a2f7d06c2c3a130dd samba-client-3.0.9-1.3E.14.3.s390.rpm dfb064ce5d5d46ee558d26a99885df4a samba-common-3.0.9-1.3E.14.3.s390.rpm c6f13cb2d78f64d44d9968dab049d055 samba-debuginfo-3.0.9-1.3E.14.3.s390.rpm 3d380d723b495ceaec108701c55bf5b7 samba-swat-3.0.9-1.3E.14.3.s390.rpm s390x: 2d5d685cf9580039a80b23e3c2e0ea8c samba-3.0.9-1.3E.14.3.s390.rpm 080acc97a88c42822707bce05a494f14 samba-3.0.9-1.3E.14.3.s390x.rpm c34203214355603b584eef6499c4949c samba-client-3.0.9-1.3E.14.3.s390x.rpm dfb064ce5d5d46ee558d26a99885df4a samba-common-3.0.9-1.3E.14.3.s390.rpm 8dd3831a0feec34accbc3b338a8554b6 samba-common-3.0.9-1.3E.14.3.s390x.rpm c6f13cb2d78f64d44d9968dab049d055 samba-debuginfo-3.0.9-1.3E.14.3.s390.rpm 51300e43557bc52c53e5521c6dc3d4de samba-debuginfo-3.0.9-1.3E.14.3.s390x.rpm 4a4c05869304bd6e94abb0cc2a83d84d samba-swat-3.0.9-1.3E.14.3.s390x.rpm x86_64: 1f2f5652a9bde00c73d0e0a8b4a60ef7 samba-3.0.9-1.3E.14.3.i386.rpm 7ca762e50cd8cb8125574e27f6cb079f samba-3.0.9-1.3E.14.3.x86_64.rpm e267203475bf3585b595d1bdd1c03df8 samba-client-3.0.9-1.3E.14.3.x86_64.rpm 74e9aef3e855a21c1ab4b93ca91185fa samba-common-3.0.9-1.3E.14.3.i386.rpm 200f7b35fb0e3b88c4465d88428193ba samba-common-3.0.9-1.3E.14.3.x86_64.rpm 067cfb58d3f69bd053cd1d1829eb6692 samba-debuginfo-3.0.9-1.3E.14.3.i386.rpm f54dd8405bdfa346a6ee8bc0dc09322d samba-debuginfo-3.0.9-1.3E.14.3.x86_64.rpm e9f4f7fd7f9c8eb1503798e274d1bfea samba-swat-3.0.9-1.3E.14.3.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/samba-3.0.9-1.3E.14.3.src.rpm 079e19bbed89cdc3e78830dc2c3f7992 samba-3.0.9-1.3E.14.3.src.rpm i386: 1f2f5652a9bde00c73d0e0a8b4a60ef7 samba-3.0.9-1.3E.14.3.i386.rpm 625de7105790e9d4636addbc6fffbbbe samba-client-3.0.9-1.3E.14.3.i386.rpm 74e9aef3e855a21c1ab4b93ca91185fa samba-common-3.0.9-1.3E.14.3.i386.rpm 067cfb58d3f69bd053cd1d1829eb6692 samba-debuginfo-3.0.9-1.3E.14.3.i386.rpm 5d9c16038d9d9217269f3a00b960737a samba-swat-3.0.9-1.3E.14.3.i386.rpm x86_64: 1f2f5652a9bde00c73d0e0a8b4a60ef7 samba-3.0.9-1.3E.14.3.i386.rpm 7ca762e50cd8cb8125574e27f6cb079f samba-3.0.9-1.3E.14.3.x86_64.rpm e267203475bf3585b595d1bdd1c03df8 samba-client-3.0.9-1.3E.14.3.x86_64.rpm 74e9aef3e855a21c1ab4b93ca91185fa samba-common-3.0.9-1.3E.14.3.i386.rpm 200f7b35fb0e3b88c4465d88428193ba samba-common-3.0.9-1.3E.14.3.x86_64.rpm 067cfb58d3f69bd053cd1d1829eb6692 samba-debuginfo-3.0.9-1.3E.14.3.i386.rpm f54dd8405bdfa346a6ee8bc0dc09322d samba-debuginfo-3.0.9-1.3E.14.3.x86_64.rpm e9f4f7fd7f9c8eb1503798e274d1bfea samba-swat-3.0.9-1.3E.14.3.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/samba-3.0.9-1.3E.14.3.src.rpm 079e19bbed89cdc3e78830dc2c3f7992 samba-3.0.9-1.3E.14.3.src.rpm i386: 1f2f5652a9bde00c73d0e0a8b4a60ef7 samba-3.0.9-1.3E.14.3.i386.rpm 625de7105790e9d4636addbc6fffbbbe samba-client-3.0.9-1.3E.14.3.i386.rpm 74e9aef3e855a21c1ab4b93ca91185fa samba-common-3.0.9-1.3E.14.3.i386.rpm 067cfb58d3f69bd053cd1d1829eb6692 samba-debuginfo-3.0.9-1.3E.14.3.i386.rpm 5d9c16038d9d9217269f3a00b960737a samba-swat-3.0.9-1.3E.14.3.i386.rpm ia64: 1f2f5652a9bde00c73d0e0a8b4a60ef7 samba-3.0.9-1.3E.14.3.i386.rpm b4cc1724d76bd5164305922e98f540ae samba-3.0.9-1.3E.14.3.ia64.rpm 61fc8f255cc970db7a2e34f1bc6e9d09 samba-client-3.0.9-1.3E.14.3.ia64.rpm 74e9aef3e855a21c1ab4b93ca91185fa samba-common-3.0.9-1.3E.14.3.i386.rpm 2902a7a69ea39af0bb240ef8ca17db75 samba-common-3.0.9-1.3E.14.3.ia64.rpm 067cfb58d3f69bd053cd1d1829eb6692 samba-debuginfo-3.0.9-1.3E.14.3.i386.rpm 244b7ab278329109b312c9ba1abeadf2 samba-debuginfo-3.0.9-1.3E.14.3.ia64.rpm 38df293b371476cd9e32b33699828a2b samba-swat-3.0.9-1.3E.14.3.ia64.rpm x86_64: 1f2f5652a9bde00c73d0e0a8b4a60ef7 samba-3.0.9-1.3E.14.3.i386.rpm 7ca762e50cd8cb8125574e27f6cb079f samba-3.0.9-1.3E.14.3.x86_64.rpm e267203475bf3585b595d1bdd1c03df8 samba-client-3.0.9-1.3E.14.3.x86_64.rpm 74e9aef3e855a21c1ab4b93ca91185fa samba-common-3.0.9-1.3E.14.3.i386.rpm 200f7b35fb0e3b88c4465d88428193ba samba-common-3.0.9-1.3E.14.3.x86_64.rpm 067cfb58d3f69bd053cd1d1829eb6692 samba-debuginfo-3.0.9-1.3E.14.3.i386.rpm f54dd8405bdfa346a6ee8bc0dc09322d samba-debuginfo-3.0.9-1.3E.14.3.x86_64.rpm e9f4f7fd7f9c8eb1503798e274d1bfea samba-swat-3.0.9-1.3E.14.3.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/samba-3.0.9-1.3E.14.3.src.rpm 079e19bbed89cdc3e78830dc2c3f7992 samba-3.0.9-1.3E.14.3.src.rpm i386: 1f2f5652a9bde00c73d0e0a8b4a60ef7 samba-3.0.9-1.3E.14.3.i386.rpm 625de7105790e9d4636addbc6fffbbbe samba-client-3.0.9-1.3E.14.3.i386.rpm 74e9aef3e855a21c1ab4b93ca91185fa samba-common-3.0.9-1.3E.14.3.i386.rpm 067cfb58d3f69bd053cd1d1829eb6692 samba-debuginfo-3.0.9-1.3E.14.3.i386.rpm 5d9c16038d9d9217269f3a00b960737a samba-swat-3.0.9-1.3E.14.3.i386.rpm ia64: 1f2f5652a9bde00c73d0e0a8b4a60ef7 samba-3.0.9-1.3E.14.3.i386.rpm b4cc1724d76bd5164305922e98f540ae samba-3.0.9-1.3E.14.3.ia64.rpm 61fc8f255cc970db7a2e34f1bc6e9d09 samba-client-3.0.9-1.3E.14.3.ia64.rpm 74e9aef3e855a21c1ab4b93ca91185fa samba-common-3.0.9-1.3E.14.3.i386.rpm 2902a7a69ea39af0bb240ef8ca17db75 samba-common-3.0.9-1.3E.14.3.ia64.rpm 067cfb58d3f69bd053cd1d1829eb6692 samba-debuginfo-3.0.9-1.3E.14.3.i386.rpm 244b7ab278329109b312c9ba1abeadf2 samba-debuginfo-3.0.9-1.3E.14.3.ia64.rpm 38df293b371476cd9e32b33699828a2b samba-swat-3.0.9-1.3E.14.3.ia64.rpm x86_64: 1f2f5652a9bde00c73d0e0a8b4a60ef7 samba-3.0.9-1.3E.14.3.i386.rpm 7ca762e50cd8cb8125574e27f6cb079f samba-3.0.9-1.3E.14.3.x86_64.rpm e267203475bf3585b595d1bdd1c03df8 samba-client-3.0.9-1.3E.14.3.x86_64.rpm 74e9aef3e855a21c1ab4b93ca91185fa samba-common-3.0.9-1.3E.14.3.i386.rpm 200f7b35fb0e3b88c4465d88428193ba samba-common-3.0.9-1.3E.14.3.x86_64.rpm 067cfb58d3f69bd053cd1d1829eb6692 samba-debuginfo-3.0.9-1.3E.14.3.i386.rpm f54dd8405bdfa346a6ee8bc0dc09322d samba-debuginfo-3.0.9-1.3E.14.3.x86_64.rpm e9f4f7fd7f9c8eb1503798e274d1bfea samba-swat-3.0.9-1.3E.14.3.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/samba-3.0.25b-1.el4_6.4.src.rpm f727f27e09f9aafa2e36ec92291edb1c samba-3.0.25b-1.el4_6.4.src.rpm i386: 45d563301c64b6821e4e68c4fb1bfcfd samba-3.0.25b-1.el4_6.4.i386.rpm 5d573f67d6b43a93660b3349c7d1ebf0 samba-client-3.0.25b-1.el4_6.4.i386.rpm dd5a9ef4165e38e5534f537452c0b5a7 samba-common-3.0.25b-1.el4_6.4.i386.rpm a5da1cb31526cfaba513dd29a6c0b920 samba-debuginfo-3.0.25b-1.el4_6.4.i386.rpm 349aba5bcaf5521a8b113280598b6691 samba-swat-3.0.25b-1.el4_6.4.i386.rpm ia64: d686f19b733375711202e6b94da842bd samba-3.0.25b-1.el4_6.4.ia64.rpm 7cb06afbd8ff842c2a96185bd83c3338 samba-client-3.0.25b-1.el4_6.4.ia64.rpm dd5a9ef4165e38e5534f537452c0b5a7 samba-common-3.0.25b-1.el4_6.4.i386.rpm ba0303f24d5f4ee1f65f5f3c77165024 samba-common-3.0.25b-1.el4_6.4.ia64.rpm a5da1cb31526cfaba513dd29a6c0b920 samba-debuginfo-3.0.25b-1.el4_6.4.i386.rpm 2d816b786cf8a04a962fa873a0d6c6f8 samba-debuginfo-3.0.25b-1.el4_6.4.ia64.rpm 6f3b801015aeded843675a509fc6490a samba-swat-3.0.25b-1.el4_6.4.ia64.rpm ppc: dd7d91e5fa631f043dd72520f51e6a24 samba-3.0.25b-1.el4_6.4.ppc.rpm 625bee72792d5d870c454280e645408a samba-client-3.0.25b-1.el4_6.4.ppc.rpm 0e3514d22edbacb0462beec35089feff samba-common-3.0.25b-1.el4_6.4.ppc.rpm 26453ea33785893f749e9fcdb394e30b samba-common-3.0.25b-1.el4_6.4.ppc64.rpm c506d224457385588e55bce7cfffc84f samba-debuginfo-3.0.25b-1.el4_6.4.ppc.rpm 456d47037ccb99b9a4b24fd5017ae1ce samba-debuginfo-3.0.25b-1.el4_6.4.ppc64.rpm 62813f161a3f801b64ecff4a73fda465 samba-swat-3.0.25b-1.el4_6.4.ppc.rpm s390: 2c186c23419951be0128f0521e69cf42 samba-3.0.25b-1.el4_6.4.s390.rpm 5d799b8c88f0019f1e3352c32c646aa6 samba-client-3.0.25b-1.el4_6.4.s390.rpm b13e524a76bf418f9b59536cd438152f samba-common-3.0.25b-1.el4_6.4.s390.rpm d5a0ae2337277a4d61f17c39d06d9836 samba-debuginfo-3.0.25b-1.el4_6.4.s390.rpm 6fc99afc6652a85293e1ac225a2b75f4 samba-swat-3.0.25b-1.el4_6.4.s390.rpm s390x: 203c85f318dc3d8a014860938cd4b432 samba-3.0.25b-1.el4_6.4.s390x.rpm 7281d1247719298e892228a78d63fa29 samba-client-3.0.25b-1.el4_6.4.s390x.rpm b13e524a76bf418f9b59536cd438152f samba-common-3.0.25b-1.el4_6.4.s390.rpm 4be88724c11abd49317f0284ea13e829 samba-common-3.0.25b-1.el4_6.4.s390x.rpm d5a0ae2337277a4d61f17c39d06d9836 samba-debuginfo-3.0.25b-1.el4_6.4.s390.rpm 2299c0b776d115f980528437f5e54317 samba-debuginfo-3.0.25b-1.el4_6.4.s390x.rpm e5f6098753dc040b1951bee7ef9f42e2 samba-swat-3.0.25b-1.el4_6.4.s390x.rpm x86_64: 667435c8afe4a85fe4ceba1137bb0c13 samba-3.0.25b-1.el4_6.4.x86_64.rpm 0b939c067faf16c0f17679ceb06800a9 samba-client-3.0.25b-1.el4_6.4.x86_64.rpm dd5a9ef4165e38e5534f537452c0b5a7 samba-common-3.0.25b-1.el4_6.4.i386.rpm 0eedccae0a9d8ca56056e7069739e42c samba-common-3.0.25b-1.el4_6.4.x86_64.rpm a5da1cb31526cfaba513dd29a6c0b920 samba-debuginfo-3.0.25b-1.el4_6.4.i386.rpm 892de6cd406d4b31316fe8e584336015 samba-debuginfo-3.0.25b-1.el4_6.4.x86_64.rpm e5b5e6aaa29332615cc50e08c80bbae7 samba-swat-3.0.25b-1.el4_6.4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/samba-3.0.25b-1.el4_6.4.src.rpm f727f27e09f9aafa2e36ec92291edb1c samba-3.0.25b-1.el4_6.4.src.rpm i386: 45d563301c64b6821e4e68c4fb1bfcfd samba-3.0.25b-1.el4_6.4.i386.rpm 5d573f67d6b43a93660b3349c7d1ebf0 samba-client-3.0.25b-1.el4_6.4.i386.rpm dd5a9ef4165e38e5534f537452c0b5a7 samba-common-3.0.25b-1.el4_6.4.i386.rpm a5da1cb31526cfaba513dd29a6c0b920 samba-debuginfo-3.0.25b-1.el4_6.4.i386.rpm 349aba5bcaf5521a8b113280598b6691 samba-swat-3.0.25b-1.el4_6.4.i386.rpm x86_64: 667435c8afe4a85fe4ceba1137bb0c13 samba-3.0.25b-1.el4_6.4.x86_64.rpm 0b939c067faf16c0f17679ceb06800a9 samba-client-3.0.25b-1.el4_6.4.x86_64.rpm dd5a9ef4165e38e5534f537452c0b5a7 samba-common-3.0.25b-1.el4_6.4.i386.rpm 0eedccae0a9d8ca56056e7069739e42c samba-common-3.0.25b-1.el4_6.4.x86_64.rpm a5da1cb31526cfaba513dd29a6c0b920 samba-debuginfo-3.0.25b-1.el4_6.4.i386.rpm 892de6cd406d4b31316fe8e584336015 samba-debuginfo-3.0.25b-1.el4_6.4.x86_64.rpm e5b5e6aaa29332615cc50e08c80bbae7 samba-swat-3.0.25b-1.el4_6.4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/samba-3.0.25b-1.el4_6.4.src.rpm f727f27e09f9aafa2e36ec92291edb1c samba-3.0.25b-1.el4_6.4.src.rpm i386: 45d563301c64b6821e4e68c4fb1bfcfd samba-3.0.25b-1.el4_6.4.i386.rpm 5d573f67d6b43a93660b3349c7d1ebf0 samba-client-3.0.25b-1.el4_6.4.i386.rpm dd5a9ef4165e38e5534f537452c0b5a7 samba-common-3.0.25b-1.el4_6.4.i386.rpm a5da1cb31526cfaba513dd29a6c0b920 samba-debuginfo-3.0.25b-1.el4_6.4.i386.rpm 349aba5bcaf5521a8b113280598b6691 samba-swat-3.0.25b-1.el4_6.4.i386.rpm ia64: d686f19b733375711202e6b94da842bd samba-3.0.25b-1.el4_6.4.ia64.rpm 7cb06afbd8ff842c2a96185bd83c3338 samba-client-3.0.25b-1.el4_6.4.ia64.rpm dd5a9ef4165e38e5534f537452c0b5a7 samba-common-3.0.25b-1.el4_6.4.i386.rpm ba0303f24d5f4ee1f65f5f3c77165024 samba-common-3.0.25b-1.el4_6.4.ia64.rpm a5da1cb31526cfaba513dd29a6c0b920 samba-debuginfo-3.0.25b-1.el4_6.4.i386.rpm 2d816b786cf8a04a962fa873a0d6c6f8 samba-debuginfo-3.0.25b-1.el4_6.4.ia64.rpm 6f3b801015aeded843675a509fc6490a samba-swat-3.0.25b-1.el4_6.4.ia64.rpm x86_64: 667435c8afe4a85fe4ceba1137bb0c13 samba-3.0.25b-1.el4_6.4.x86_64.rpm 0b939c067faf16c0f17679ceb06800a9 samba-client-3.0.25b-1.el4_6.4.x86_64.rpm dd5a9ef4165e38e5534f537452c0b5a7 samba-common-3.0.25b-1.el4_6.4.i386.rpm 0eedccae0a9d8ca56056e7069739e42c samba-common-3.0.25b-1.el4_6.4.x86_64.rpm a5da1cb31526cfaba513dd29a6c0b920 samba-debuginfo-3.0.25b-1.el4_6.4.i386.rpm 892de6cd406d4b31316fe8e584336015 samba-debuginfo-3.0.25b-1.el4_6.4.x86_64.rpm e5b5e6aaa29332615cc50e08c80bbae7 samba-swat-3.0.25b-1.el4_6.4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/samba-3.0.25b-1.el4_6.4.src.rpm f727f27e09f9aafa2e36ec92291edb1c samba-3.0.25b-1.el4_6.4.src.rpm i386: 45d563301c64b6821e4e68c4fb1bfcfd samba-3.0.25b-1.el4_6.4.i386.rpm 5d573f67d6b43a93660b3349c7d1ebf0 samba-client-3.0.25b-1.el4_6.4.i386.rpm dd5a9ef4165e38e5534f537452c0b5a7 samba-common-3.0.25b-1.el4_6.4.i386.rpm a5da1cb31526cfaba513dd29a6c0b920 samba-debuginfo-3.0.25b-1.el4_6.4.i386.rpm 349aba5bcaf5521a8b113280598b6691 samba-swat-3.0.25b-1.el4_6.4.i386.rpm ia64: d686f19b733375711202e6b94da842bd samba-3.0.25b-1.el4_6.4.ia64.rpm 7cb06afbd8ff842c2a96185bd83c3338 samba-client-3.0.25b-1.el4_6.4.ia64.rpm dd5a9ef4165e38e5534f537452c0b5a7 samba-common-3.0.25b-1.el4_6.4.i386.rpm ba0303f24d5f4ee1f65f5f3c77165024 samba-common-3.0.25b-1.el4_6.4.ia64.rpm a5da1cb31526cfaba513dd29a6c0b920 samba-debuginfo-3.0.25b-1.el4_6.4.i386.rpm 2d816b786cf8a04a962fa873a0d6c6f8 samba-debuginfo-3.0.25b-1.el4_6.4.ia64.rpm 6f3b801015aeded843675a509fc6490a samba-swat-3.0.25b-1.el4_6.4.ia64.rpm x86_64: 667435c8afe4a85fe4ceba1137bb0c13 samba-3.0.25b-1.el4_6.4.x86_64.rpm 0b939c067faf16c0f17679ceb06800a9 samba-client-3.0.25b-1.el4_6.4.x86_64.rpm dd5a9ef4165e38e5534f537452c0b5a7 samba-common-3.0.25b-1.el4_6.4.i386.rpm 0eedccae0a9d8ca56056e7069739e42c samba-common-3.0.25b-1.el4_6.4.x86_64.rpm a5da1cb31526cfaba513dd29a6c0b920 samba-debuginfo-3.0.25b-1.el4_6.4.i386.rpm 892de6cd406d4b31316fe8e584336015 samba-debuginfo-3.0.25b-1.el4_6.4.x86_64.rpm e5b5e6aaa29332615cc50e08c80bbae7 samba-swat-3.0.25b-1.el4_6.4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.25b-1.el5_1.4.src.rpm 773c9f6cda514a69dedf5bdcc57626fd samba-3.0.25b-1.el5_1.4.src.rpm i386: 549bca3755b02b23d78449f35cc533bd samba-3.0.25b-1.el5_1.4.i386.rpm f77d9ae9221b25e76472d5494b8a8301 samba-client-3.0.25b-1.el5_1.4.i386.rpm f06678933e51e2f887662513ac98a2e2 samba-common-3.0.25b-1.el5_1.4.i386.rpm e396d3530986f8b62e968bc83f2ce29f samba-debuginfo-3.0.25b-1.el5_1.4.i386.rpm 409dbcdd4c7826c7f474f5b51e9ef220 samba-swat-3.0.25b-1.el5_1.4.i386.rpm x86_64: 5f3bad02b9a4326cc2ddc3fba2771f2c samba-3.0.25b-1.el5_1.4.x86_64.rpm f7f249de280d2e8a21765630ac0dfdb0 samba-client-3.0.25b-1.el5_1.4.x86_64.rpm f06678933e51e2f887662513ac98a2e2 samba-common-3.0.25b-1.el5_1.4.i386.rpm b2b38fb84acf3d52a176b2295c544185 samba-common-3.0.25b-1.el5_1.4.x86_64.rpm e396d3530986f8b62e968bc83f2ce29f samba-debuginfo-3.0.25b-1.el5_1.4.i386.rpm f716a45b73d56a81877720280b9a8563 samba-debuginfo-3.0.25b-1.el5_1.4.x86_64.rpm 1b84de831d56f18acf378f602a233c2f samba-swat-3.0.25b-1.el5_1.4.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba-3.0.25b-1.el5_1.4.src.rpm 773c9f6cda514a69dedf5bdcc57626fd samba-3.0.25b-1.el5_1.4.src.rpm i386: 549bca3755b02b23d78449f35cc533bd samba-3.0.25b-1.el5_1.4.i386.rpm f77d9ae9221b25e76472d5494b8a8301 samba-client-3.0.25b-1.el5_1.4.i386.rpm f06678933e51e2f887662513ac98a2e2 samba-common-3.0.25b-1.el5_1.4.i386.rpm e396d3530986f8b62e968bc83f2ce29f samba-debuginfo-3.0.25b-1.el5_1.4.i386.rpm 409dbcdd4c7826c7f474f5b51e9ef220 samba-swat-3.0.25b-1.el5_1.4.i386.rpm ia64: a865605d46646455332f6a4a160914aa samba-3.0.25b-1.el5_1.4.ia64.rpm e341b566cceb045157f23d94f83f5065 samba-client-3.0.25b-1.el5_1.4.ia64.rpm 32cf91c43eb3ebed4ba87ad9aa7744df samba-common-3.0.25b-1.el5_1.4.ia64.rpm 5f69bc215657b6060d04851182c3a2be samba-debuginfo-3.0.25b-1.el5_1.4.ia64.rpm 36a0a256a6b038298654d4aeb862687e samba-swat-3.0.25b-1.el5_1.4.ia64.rpm ppc: e2019a546a2473be4171c85a6f1d2150 samba-3.0.25b-1.el5_1.4.ppc.rpm f8b1e5d36ff22865fed79d3c48c0a306 samba-client-3.0.25b-1.el5_1.4.ppc.rpm 512c3bbf3dc14ca290f787c551f23cc5 samba-common-3.0.25b-1.el5_1.4.ppc.rpm 7a82351c979720a4d0711737d15a6365 samba-common-3.0.25b-1.el5_1.4.ppc64.rpm e0c3eae4f189c2ad839b3998f641069b samba-debuginfo-3.0.25b-1.el5_1.4.ppc.rpm 22613801a94a5b894da709366e1792eb samba-debuginfo-3.0.25b-1.el5_1.4.ppc64.rpm a41c7f611e59c34cc7122e301252e812 samba-swat-3.0.25b-1.el5_1.4.ppc.rpm s390x: 09f95d6266982f062acfd252c70057de samba-3.0.25b-1.el5_1.4.s390x.rpm 83d3a5003ff77baed55113c6e1761ab6 samba-client-3.0.25b-1.el5_1.4.s390x.rpm 4bf9ca969701be82f78115ebd3df66a9 samba-common-3.0.25b-1.el5_1.4.s390.rpm 00000ba81de3ad5a7eef4790da494172 samba-common-3.0.25b-1.el5_1.4.s390x.rpm 9d4505ff32e316d31f46b34201eb21c9 samba-debuginfo-3.0.25b-1.el5_1.4.s390.rpm a96596f1b4f5b37916f046f4e4b59e14 samba-debuginfo-3.0.25b-1.el5_1.4.s390x.rpm 37e48d95df8ec952b8b9922d17182472 samba-swat-3.0.25b-1.el5_1.4.s390x.rpm x86_64: 5f3bad02b9a4326cc2ddc3fba2771f2c samba-3.0.25b-1.el5_1.4.x86_64.rpm f7f249de280d2e8a21765630ac0dfdb0 samba-client-3.0.25b-1.el5_1.4.x86_64.rpm f06678933e51e2f887662513ac98a2e2 samba-common-3.0.25b-1.el5_1.4.i386.rpm b2b38fb84acf3d52a176b2295c544185 samba-common-3.0.25b-1.el5_1.4.x86_64.rpm e396d3530986f8b62e968bc83f2ce29f samba-debuginfo-3.0.25b-1.el5_1.4.i386.rpm f716a45b73d56a81877720280b9a8563 samba-debuginfo-3.0.25b-1.el5_1.4.x86_64.rpm 1b84de831d56f18acf378f602a233c2f samba-swat-3.0.25b-1.el5_1.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHXYWiXlSAg2UNWIIRAsQQAKCfBsoQ5SLbXyx6mAk0lbio6q/mGQCeNRuh qptfdNeqsOAHKbBfWPufL58= =vOrw -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 10 18:30:17 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Dec 2007 13:30:17 -0500 Subject: [RHSA-2007:1117-01] Critical: samba security update Message-ID: <200712101830.lBAIUOeK006096@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: samba security update Advisory ID: RHSA-2007:1117-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1117.html Issue date: 2007-12-10 Updated on: 2007-12-10 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-6015 - --------------------------------------------------------------------- 1. Summary: Updated samba packages that fix a security issue are now available for Red Hat Enterprise Linux 4.5 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4.5.z - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4.5.z - i386, ia64, x86_64 3. Problem description: Samba is a suite of programs used by machines to share files, printers, and other information. A stack buffer overflow flaw was found in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash, or execute arbitrary code with the permissions of the Samba server. (CVE-2007-6015) Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 396401 - CVE-2007-6015 samba: send_mailslot() buffer overflow 6. RPMs required: Red Hat Enterprise Linux AS version 4.5.z: SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/4AS-4.5.z/en/os/SRPMS/samba-3.0.10-2.el4_5.2.src.rpm bd444386c67ac7144c57d1bf8e0df4db samba-3.0.10-2.el4_5.2.src.rpm i386: 68bd0ed7ea0a3eda6ba31054bd05df15 samba-3.0.10-2.el4_5.2.i386.rpm ab4f817962e1423511fd73bcf9d0291d samba-client-3.0.10-2.el4_5.2.i386.rpm 176b8d500ac0e0b32ec91815d5d48387 samba-common-3.0.10-2.el4_5.2.i386.rpm ce7814f3a1ba6acf678021834fb7cc3d samba-debuginfo-3.0.10-2.el4_5.2.i386.rpm 21ade3a16594b54b5e22f1571fc7bd1e samba-swat-3.0.10-2.el4_5.2.i386.rpm ia64: 95cf0f3a3b84329cbbdd627e4016139c samba-3.0.10-2.el4_5.2.ia64.rpm 498bdd8d0f4b8ef55062bb8ccb5bce67 samba-client-3.0.10-2.el4_5.2.ia64.rpm 176b8d500ac0e0b32ec91815d5d48387 samba-common-3.0.10-2.el4_5.2.i386.rpm 9e86c189a5a05e8d6d4ffd0d5d680039 samba-common-3.0.10-2.el4_5.2.ia64.rpm ce7814f3a1ba6acf678021834fb7cc3d samba-debuginfo-3.0.10-2.el4_5.2.i386.rpm b95f0ae908d1a0f7e68dac8b26e253a6 samba-debuginfo-3.0.10-2.el4_5.2.ia64.rpm 300a2404564f207f005cc44cc0605bbf samba-swat-3.0.10-2.el4_5.2.ia64.rpm ppc: 7427942413c4a5429dbf5178187f5d40 samba-3.0.10-2.el4_5.2.ppc.rpm 913df2994bf1738000eb39035ccd88f7 samba-client-3.0.10-2.el4_5.2.ppc.rpm 8b9d23e2e7930cb76350f0bcef823fa1 samba-common-3.0.10-2.el4_5.2.ppc.rpm afe0aafde8f9101f5f5be33a209d00b3 samba-common-3.0.10-2.el4_5.2.ppc64.rpm cc42be07f948c45985930fcc2e43bb6e samba-debuginfo-3.0.10-2.el4_5.2.ppc.rpm b3cbafb998f0102f1ca6cfb30dbdc6e7 samba-debuginfo-3.0.10-2.el4_5.2.ppc64.rpm dfdd54785f0811c48aa5d2d72c1c50d2 samba-swat-3.0.10-2.el4_5.2.ppc.rpm s390: 75d3cf814daf7c92e7fec4ef5ba9e41a samba-3.0.10-2.el4_5.2.s390.rpm cb0f98695b6d5f8dc79b7d2b58cf0fbe samba-client-3.0.10-2.el4_5.2.s390.rpm 591d86cb399119291ded94edbfc4ecc2 samba-common-3.0.10-2.el4_5.2.s390.rpm 0ec7186626901945f82409ea425c40d5 samba-debuginfo-3.0.10-2.el4_5.2.s390.rpm 3fd1c77586c071209ff102b5d4b27d78 samba-swat-3.0.10-2.el4_5.2.s390.rpm s390x: c5294a17056d22515d9f07be5cacd9d5 samba-3.0.10-2.el4_5.2.s390x.rpm 74c59956ebf28a5b03bd002e8e4a7a63 samba-client-3.0.10-2.el4_5.2.s390x.rpm 591d86cb399119291ded94edbfc4ecc2 samba-common-3.0.10-2.el4_5.2.s390.rpm 13fe64f043730e952d7fe657dfaf94f1 samba-common-3.0.10-2.el4_5.2.s390x.rpm 0ec7186626901945f82409ea425c40d5 samba-debuginfo-3.0.10-2.el4_5.2.s390.rpm 14ebe4be341686377690b47969beb7e1 samba-debuginfo-3.0.10-2.el4_5.2.s390x.rpm bb08947066e3e91bba9ae40de81b5945 samba-swat-3.0.10-2.el4_5.2.s390x.rpm x86_64: e30f7eeb3b1f81bd8f4455c91b54a82a samba-3.0.10-2.el4_5.2.x86_64.rpm c7deff56c3bf23848565e3bd001f0f5d samba-client-3.0.10-2.el4_5.2.x86_64.rpm 176b8d500ac0e0b32ec91815d5d48387 samba-common-3.0.10-2.el4_5.2.i386.rpm e2d28bd3b89b7206204071672fd732e4 samba-common-3.0.10-2.el4_5.2.x86_64.rpm ce7814f3a1ba6acf678021834fb7cc3d samba-debuginfo-3.0.10-2.el4_5.2.i386.rpm 77eb0ea631192bd50bff5cec29f4c53a samba-debuginfo-3.0.10-2.el4_5.2.x86_64.rpm df5f78c25b3e3ff0274ca059bf2a97da samba-swat-3.0.10-2.el4_5.2.x86_64.rpm Red Hat Enterprise Linux ES version 4.5.z: SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/4ES-4.5.z/en/os/SRPMS/samba-3.0.10-2.el4_5.2.src.rpm bd444386c67ac7144c57d1bf8e0df4db samba-3.0.10-2.el4_5.2.src.rpm i386: 68bd0ed7ea0a3eda6ba31054bd05df15 samba-3.0.10-2.el4_5.2.i386.rpm ab4f817962e1423511fd73bcf9d0291d samba-client-3.0.10-2.el4_5.2.i386.rpm 176b8d500ac0e0b32ec91815d5d48387 samba-common-3.0.10-2.el4_5.2.i386.rpm ce7814f3a1ba6acf678021834fb7cc3d samba-debuginfo-3.0.10-2.el4_5.2.i386.rpm 21ade3a16594b54b5e22f1571fc7bd1e samba-swat-3.0.10-2.el4_5.2.i386.rpm ia64: 95cf0f3a3b84329cbbdd627e4016139c samba-3.0.10-2.el4_5.2.ia64.rpm 498bdd8d0f4b8ef55062bb8ccb5bce67 samba-client-3.0.10-2.el4_5.2.ia64.rpm 176b8d500ac0e0b32ec91815d5d48387 samba-common-3.0.10-2.el4_5.2.i386.rpm 9e86c189a5a05e8d6d4ffd0d5d680039 samba-common-3.0.10-2.el4_5.2.ia64.rpm ce7814f3a1ba6acf678021834fb7cc3d samba-debuginfo-3.0.10-2.el4_5.2.i386.rpm b95f0ae908d1a0f7e68dac8b26e253a6 samba-debuginfo-3.0.10-2.el4_5.2.ia64.rpm 300a2404564f207f005cc44cc0605bbf samba-swat-3.0.10-2.el4_5.2.ia64.rpm x86_64: e30f7eeb3b1f81bd8f4455c91b54a82a samba-3.0.10-2.el4_5.2.x86_64.rpm c7deff56c3bf23848565e3bd001f0f5d samba-client-3.0.10-2.el4_5.2.x86_64.rpm 176b8d500ac0e0b32ec91815d5d48387 samba-common-3.0.10-2.el4_5.2.i386.rpm e2d28bd3b89b7206204071672fd732e4 samba-common-3.0.10-2.el4_5.2.x86_64.rpm ce7814f3a1ba6acf678021834fb7cc3d samba-debuginfo-3.0.10-2.el4_5.2.i386.rpm 77eb0ea631192bd50bff5cec29f4c53a samba-debuginfo-3.0.10-2.el4_5.2.x86_64.rpm df5f78c25b3e3ff0274ca059bf2a97da samba-swat-3.0.10-2.el4_5.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHXYWvXlSAg2UNWIIRAi41AKC7DCxTI52D9+k7GwwfhcVA1ojT9gCfYAy9 RRIy+IkmVtNUb6Z90j/N9xY= =TLBL -----END PGP SIGNATURE----- From bugzilla at redhat.com Mon Dec 10 18:41:40 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 10 Dec 2007 13:41:40 -0500 Subject: [RHSA-2007:1076-02] Moderate: python security update Message-ID: <200712101841.lBAIfeKe007622@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: python security update Advisory ID: RHSA-2007:1076-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1076.html Issue date: 2007-12-10 Updated on: 2007-12-10 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-7228 CVE-2007-2052 CVE-2007-4965 - --------------------------------------------------------------------- 1. Summary: Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python's pcre module handled certain regular expressions. If a Python application used the pcre module to compile and execute untrusted regular expressions, it may be possible to cause the application to crash, or allow arbitrary code execution with the privileges of the Python interpreter. (CVE-2006-7228) A flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated. This may possibly cause disclosure of data stored in the memory of a Python application using this function. (CVE-2007-2052) Multiple integer overflow flaws were discovered in Python's imageop module. If an application written in Python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter. (CVE-2007-4965) Users of Python are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 235093 - CVE-2007-2052 Off-by-one in python's locale.strxfrm() 295971 - CVE-2007-4965 python imageop module heap corruption 383371 - CVE-2006-7228 pcre integer overflow 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/python-2.2.3-6.8.src.rpm 996aa04ec60280fd6af37adebacfa0f5 python-2.2.3-6.8.src.rpm i386: e54e6885cbe606075f26af2c3f70d402 python-2.2.3-6.8.i386.rpm b3fcd441fc45f2dd78f47647325eaa39 python-debuginfo-2.2.3-6.8.i386.rpm 755ffa70ca9d97e985c144daf9c076d6 python-devel-2.2.3-6.8.i386.rpm 8e73b3fa560629952ddd741ebe4f86f6 python-tools-2.2.3-6.8.i386.rpm c7b86c459eeb0de5ae03aeaef1f5d898 tkinter-2.2.3-6.8.i386.rpm ia64: fea400080dfe4dcb989e77eb61912c3d python-2.2.3-6.8.ia64.rpm adbda6d659f5569a824a202e045d9164 python-debuginfo-2.2.3-6.8.ia64.rpm 2f7dfe7a1b42f5abd572d2ecef1758fb python-devel-2.2.3-6.8.ia64.rpm 75f92525d61e0c7eb974f6ae15c012b2 python-tools-2.2.3-6.8.ia64.rpm ce7ced433239dafca199cb1c8086fb2b tkinter-2.2.3-6.8.ia64.rpm ppc: 11df80cf8ca605dbe77d1bbf1179601a python-2.2.3-6.8.ppc.rpm 4824e2e6d19a0b26314a73bcdc0e7f8a python-debuginfo-2.2.3-6.8.ppc.rpm ae2af9d454516446a90e6b82c70db1c3 python-devel-2.2.3-6.8.ppc.rpm f58dfcfa8121edd07b7eca0be789d32d python-tools-2.2.3-6.8.ppc.rpm 869754869fcfb4634393813fded1b46b tkinter-2.2.3-6.8.ppc.rpm s390: f9087c843dfb5b973f8c4221128f91e5 python-2.2.3-6.8.s390.rpm 4b27b5d5dddfd3f6f21e0b435dc2dda8 python-debuginfo-2.2.3-6.8.s390.rpm 296ea69277f7e213c8968900101c86c0 python-devel-2.2.3-6.8.s390.rpm 5f790e7555751b22b08850f3f04f151a python-tools-2.2.3-6.8.s390.rpm 1c4fe0cf7269c7e184fb20264f77bdec tkinter-2.2.3-6.8.s390.rpm s390x: 8eccaf759cc5e1c56df14de0b22201a4 python-2.2.3-6.8.s390x.rpm 7a07e7381044d6378dcf19e46422dfef python-debuginfo-2.2.3-6.8.s390x.rpm 379454bca90618dfb11b2e7fcdc0acbc python-devel-2.2.3-6.8.s390x.rpm 19154f414e6ba52cb94c9b95f03d26c3 python-tools-2.2.3-6.8.s390x.rpm 341ca1d3ed3fa1ed3c367e21912eaa7f tkinter-2.2.3-6.8.s390x.rpm x86_64: 55bcc487d054a1c453d26e134fbdbe98 python-2.2.3-6.8.x86_64.rpm 52016765ff7a805776fc6407d316f4ee python-debuginfo-2.2.3-6.8.x86_64.rpm 5352718cb553daadd934078c2d7959b9 python-devel-2.2.3-6.8.x86_64.rpm 671e885b323772d7ce70ec4297ca0d65 python-tools-2.2.3-6.8.x86_64.rpm 25870306ef723b2ffb66b64b05fa4ebf tkinter-2.2.3-6.8.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/python-2.2.3-6.8.src.rpm 996aa04ec60280fd6af37adebacfa0f5 python-2.2.3-6.8.src.rpm i386: e54e6885cbe606075f26af2c3f70d402 python-2.2.3-6.8.i386.rpm b3fcd441fc45f2dd78f47647325eaa39 python-debuginfo-2.2.3-6.8.i386.rpm 755ffa70ca9d97e985c144daf9c076d6 python-devel-2.2.3-6.8.i386.rpm 8e73b3fa560629952ddd741ebe4f86f6 python-tools-2.2.3-6.8.i386.rpm c7b86c459eeb0de5ae03aeaef1f5d898 tkinter-2.2.3-6.8.i386.rpm x86_64: 55bcc487d054a1c453d26e134fbdbe98 python-2.2.3-6.8.x86_64.rpm 52016765ff7a805776fc6407d316f4ee python-debuginfo-2.2.3-6.8.x86_64.rpm 5352718cb553daadd934078c2d7959b9 python-devel-2.2.3-6.8.x86_64.rpm 671e885b323772d7ce70ec4297ca0d65 python-tools-2.2.3-6.8.x86_64.rpm 25870306ef723b2ffb66b64b05fa4ebf tkinter-2.2.3-6.8.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/python-2.2.3-6.8.src.rpm 996aa04ec60280fd6af37adebacfa0f5 python-2.2.3-6.8.src.rpm i386: e54e6885cbe606075f26af2c3f70d402 python-2.2.3-6.8.i386.rpm b3fcd441fc45f2dd78f47647325eaa39 python-debuginfo-2.2.3-6.8.i386.rpm 755ffa70ca9d97e985c144daf9c076d6 python-devel-2.2.3-6.8.i386.rpm 8e73b3fa560629952ddd741ebe4f86f6 python-tools-2.2.3-6.8.i386.rpm c7b86c459eeb0de5ae03aeaef1f5d898 tkinter-2.2.3-6.8.i386.rpm ia64: fea400080dfe4dcb989e77eb61912c3d python-2.2.3-6.8.ia64.rpm adbda6d659f5569a824a202e045d9164 python-debuginfo-2.2.3-6.8.ia64.rpm 2f7dfe7a1b42f5abd572d2ecef1758fb python-devel-2.2.3-6.8.ia64.rpm 75f92525d61e0c7eb974f6ae15c012b2 python-tools-2.2.3-6.8.ia64.rpm ce7ced433239dafca199cb1c8086fb2b tkinter-2.2.3-6.8.ia64.rpm x86_64: 55bcc487d054a1c453d26e134fbdbe98 python-2.2.3-6.8.x86_64.rpm 52016765ff7a805776fc6407d316f4ee python-debuginfo-2.2.3-6.8.x86_64.rpm 5352718cb553daadd934078c2d7959b9 python-devel-2.2.3-6.8.x86_64.rpm 671e885b323772d7ce70ec4297ca0d65 python-tools-2.2.3-6.8.x86_64.rpm 25870306ef723b2ffb66b64b05fa4ebf tkinter-2.2.3-6.8.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/python-2.2.3-6.8.src.rpm 996aa04ec60280fd6af37adebacfa0f5 python-2.2.3-6.8.src.rpm i386: e54e6885cbe606075f26af2c3f70d402 python-2.2.3-6.8.i386.rpm b3fcd441fc45f2dd78f47647325eaa39 python-debuginfo-2.2.3-6.8.i386.rpm 755ffa70ca9d97e985c144daf9c076d6 python-devel-2.2.3-6.8.i386.rpm 8e73b3fa560629952ddd741ebe4f86f6 python-tools-2.2.3-6.8.i386.rpm c7b86c459eeb0de5ae03aeaef1f5d898 tkinter-2.2.3-6.8.i386.rpm ia64: fea400080dfe4dcb989e77eb61912c3d python-2.2.3-6.8.ia64.rpm adbda6d659f5569a824a202e045d9164 python-debuginfo-2.2.3-6.8.ia64.rpm 2f7dfe7a1b42f5abd572d2ecef1758fb python-devel-2.2.3-6.8.ia64.rpm 75f92525d61e0c7eb974f6ae15c012b2 python-tools-2.2.3-6.8.ia64.rpm ce7ced433239dafca199cb1c8086fb2b tkinter-2.2.3-6.8.ia64.rpm x86_64: 55bcc487d054a1c453d26e134fbdbe98 python-2.2.3-6.8.x86_64.rpm 52016765ff7a805776fc6407d316f4ee python-debuginfo-2.2.3-6.8.x86_64.rpm 5352718cb553daadd934078c2d7959b9 python-devel-2.2.3-6.8.x86_64.rpm 671e885b323772d7ce70ec4297ca0d65 python-tools-2.2.3-6.8.x86_64.rpm 25870306ef723b2ffb66b64b05fa4ebf tkinter-2.2.3-6.8.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/python-2.3.4-14.4.el4_6.1.src.rpm b5a059c81b5d547ca03f6b480f6da7b2 python-2.3.4-14.4.el4_6.1.src.rpm i386: a350fce856cc2e32f3715a976a8bb4f1 python-2.3.4-14.4.el4_6.1.i386.rpm 6ed9d0cd507437bf53f9350ccda5ce93 python-debuginfo-2.3.4-14.4.el4_6.1.i386.rpm 84f27f2696680c400b6402a58f593f43 python-devel-2.3.4-14.4.el4_6.1.i386.rpm f89bff076e01997d9ad418856b846176 python-docs-2.3.4-14.4.el4_6.1.i386.rpm e36fc8c377ceefb13d1c8694009a997a python-tools-2.3.4-14.4.el4_6.1.i386.rpm 16e80553e3ea207b22af3b30995407c5 tkinter-2.3.4-14.4.el4_6.1.i386.rpm ia64: 6819b088b0752e0ea8e2b6a0c44f64d8 python-2.3.4-14.4.el4_6.1.ia64.rpm 744b398ac7040505cb76ad158a052bff python-debuginfo-2.3.4-14.4.el4_6.1.ia64.rpm 628316b4e9f31b70798785eff27525be python-devel-2.3.4-14.4.el4_6.1.ia64.rpm 711032333ca8631fa5aee90d1e6d0ac6 python-docs-2.3.4-14.4.el4_6.1.ia64.rpm 10ffc09aaf6c89827844f5c32aa83d03 python-tools-2.3.4-14.4.el4_6.1.ia64.rpm 7efa529c120b3a38751106a3bd15af2f tkinter-2.3.4-14.4.el4_6.1.ia64.rpm ppc: 593c28751a1ddb199ec56dd8a67c6d45 python-2.3.4-14.4.el4_6.1.ppc.rpm 5bbc63fcf979f8ddd3d06a5aad9f4f79 python-debuginfo-2.3.4-14.4.el4_6.1.ppc.rpm 4c646d67d282520f5bb377d6c3d4801d python-devel-2.3.4-14.4.el4_6.1.ppc.rpm 0c18cb1cb01223b46f0e0bc08aa86b40 python-docs-2.3.4-14.4.el4_6.1.ppc.rpm e8f1672cc27019e7db08ea112eeb46ad python-tools-2.3.4-14.4.el4_6.1.ppc.rpm 36059b6d4066a6149da3f8d9c715c96a tkinter-2.3.4-14.4.el4_6.1.ppc.rpm s390: eb93ab0f30a05b5c46288169dd0d04f7 python-2.3.4-14.4.el4_6.1.s390.rpm 9fb2de1eec4b35e72f9acd9f65d8a49c python-debuginfo-2.3.4-14.4.el4_6.1.s390.rpm 38351acb1fc2bceb7fd056fa65e354f9 python-devel-2.3.4-14.4.el4_6.1.s390.rpm 948c9daaf3b5ca09da1bdb425dca1d71 python-docs-2.3.4-14.4.el4_6.1.s390.rpm bab0608a6f0751ac131542fd3d142826 python-tools-2.3.4-14.4.el4_6.1.s390.rpm 5b904481caaa8c844faf4e18fc1c993a tkinter-2.3.4-14.4.el4_6.1.s390.rpm s390x: 0937e5663519c7b791c2b9214678511e python-2.3.4-14.4.el4_6.1.s390x.rpm a65b25878af18ce78e9accc2d86c2cfe python-debuginfo-2.3.4-14.4.el4_6.1.s390x.rpm e924dfe80a400570e421389318775fb0 python-devel-2.3.4-14.4.el4_6.1.s390x.rpm b08263f90ba993fcfc8538087ddfcfeb python-docs-2.3.4-14.4.el4_6.1.s390x.rpm 9d483612eb96849df97b86a55535003c python-tools-2.3.4-14.4.el4_6.1.s390x.rpm 66b9d797f7f8b19a360fa5236534803f tkinter-2.3.4-14.4.el4_6.1.s390x.rpm x86_64: 48338b3eead27780f1373d367ed3f7b2 python-2.3.4-14.4.el4_6.1.x86_64.rpm 101bce2891289ad517d435c8ef3c6d11 python-debuginfo-2.3.4-14.4.el4_6.1.x86_64.rpm 73c104c33fdfaf32fd2ba18640ede9aa python-devel-2.3.4-14.4.el4_6.1.x86_64.rpm c2454aad532a8d9297792319be498f21 python-docs-2.3.4-14.4.el4_6.1.x86_64.rpm 56337583820811673b617946665943aa python-tools-2.3.4-14.4.el4_6.1.x86_64.rpm 46adfd1574e4f196e3134faafd50f4e3 tkinter-2.3.4-14.4.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/python-2.3.4-14.4.el4_6.1.src.rpm b5a059c81b5d547ca03f6b480f6da7b2 python-2.3.4-14.4.el4_6.1.src.rpm i386: a350fce856cc2e32f3715a976a8bb4f1 python-2.3.4-14.4.el4_6.1.i386.rpm 6ed9d0cd507437bf53f9350ccda5ce93 python-debuginfo-2.3.4-14.4.el4_6.1.i386.rpm 84f27f2696680c400b6402a58f593f43 python-devel-2.3.4-14.4.el4_6.1.i386.rpm f89bff076e01997d9ad418856b846176 python-docs-2.3.4-14.4.el4_6.1.i386.rpm e36fc8c377ceefb13d1c8694009a997a python-tools-2.3.4-14.4.el4_6.1.i386.rpm 16e80553e3ea207b22af3b30995407c5 tkinter-2.3.4-14.4.el4_6.1.i386.rpm x86_64: 48338b3eead27780f1373d367ed3f7b2 python-2.3.4-14.4.el4_6.1.x86_64.rpm 101bce2891289ad517d435c8ef3c6d11 python-debuginfo-2.3.4-14.4.el4_6.1.x86_64.rpm 73c104c33fdfaf32fd2ba18640ede9aa python-devel-2.3.4-14.4.el4_6.1.x86_64.rpm c2454aad532a8d9297792319be498f21 python-docs-2.3.4-14.4.el4_6.1.x86_64.rpm 56337583820811673b617946665943aa python-tools-2.3.4-14.4.el4_6.1.x86_64.rpm 46adfd1574e4f196e3134faafd50f4e3 tkinter-2.3.4-14.4.el4_6.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/python-2.3.4-14.4.el4_6.1.src.rpm b5a059c81b5d547ca03f6b480f6da7b2 python-2.3.4-14.4.el4_6.1.src.rpm i386: a350fce856cc2e32f3715a976a8bb4f1 python-2.3.4-14.4.el4_6.1.i386.rpm 6ed9d0cd507437bf53f9350ccda5ce93 python-debuginfo-2.3.4-14.4.el4_6.1.i386.rpm 84f27f2696680c400b6402a58f593f43 python-devel-2.3.4-14.4.el4_6.1.i386.rpm f89bff076e01997d9ad418856b846176 python-docs-2.3.4-14.4.el4_6.1.i386.rpm e36fc8c377ceefb13d1c8694009a997a python-tools-2.3.4-14.4.el4_6.1.i386.rpm 16e80553e3ea207b22af3b30995407c5 tkinter-2.3.4-14.4.el4_6.1.i386.rpm ia64: 6819b088b0752e0ea8e2b6a0c44f64d8 python-2.3.4-14.4.el4_6.1.ia64.rpm 744b398ac7040505cb76ad158a052bff python-debuginfo-2.3.4-14.4.el4_6.1.ia64.rpm 628316b4e9f31b70798785eff27525be python-devel-2.3.4-14.4.el4_6.1.ia64.rpm 711032333ca8631fa5aee90d1e6d0ac6 python-docs-2.3.4-14.4.el4_6.1.ia64.rpm 10ffc09aaf6c89827844f5c32aa83d03 python-tools-2.3.4-14.4.el4_6.1.ia64.rpm 7efa529c120b3a38751106a3bd15af2f tkinter-2.3.4-14.4.el4_6.1.ia64.rpm x86_64: 48338b3eead27780f1373d367ed3f7b2 python-2.3.4-14.4.el4_6.1.x86_64.rpm 101bce2891289ad517d435c8ef3c6d11 python-debuginfo-2.3.4-14.4.el4_6.1.x86_64.rpm 73c104c33fdfaf32fd2ba18640ede9aa python-devel-2.3.4-14.4.el4_6.1.x86_64.rpm c2454aad532a8d9297792319be498f21 python-docs-2.3.4-14.4.el4_6.1.x86_64.rpm 56337583820811673b617946665943aa python-tools-2.3.4-14.4.el4_6.1.x86_64.rpm 46adfd1574e4f196e3134faafd50f4e3 tkinter-2.3.4-14.4.el4_6.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/python-2.3.4-14.4.el4_6.1.src.rpm b5a059c81b5d547ca03f6b480f6da7b2 python-2.3.4-14.4.el4_6.1.src.rpm i386: a350fce856cc2e32f3715a976a8bb4f1 python-2.3.4-14.4.el4_6.1.i386.rpm 6ed9d0cd507437bf53f9350ccda5ce93 python-debuginfo-2.3.4-14.4.el4_6.1.i386.rpm 84f27f2696680c400b6402a58f593f43 python-devel-2.3.4-14.4.el4_6.1.i386.rpm f89bff076e01997d9ad418856b846176 python-docs-2.3.4-14.4.el4_6.1.i386.rpm e36fc8c377ceefb13d1c8694009a997a python-tools-2.3.4-14.4.el4_6.1.i386.rpm 16e80553e3ea207b22af3b30995407c5 tkinter-2.3.4-14.4.el4_6.1.i386.rpm ia64: 6819b088b0752e0ea8e2b6a0c44f64d8 python-2.3.4-14.4.el4_6.1.ia64.rpm 744b398ac7040505cb76ad158a052bff python-debuginfo-2.3.4-14.4.el4_6.1.ia64.rpm 628316b4e9f31b70798785eff27525be python-devel-2.3.4-14.4.el4_6.1.ia64.rpm 711032333ca8631fa5aee90d1e6d0ac6 python-docs-2.3.4-14.4.el4_6.1.ia64.rpm 10ffc09aaf6c89827844f5c32aa83d03 python-tools-2.3.4-14.4.el4_6.1.ia64.rpm 7efa529c120b3a38751106a3bd15af2f tkinter-2.3.4-14.4.el4_6.1.ia64.rpm x86_64: 48338b3eead27780f1373d367ed3f7b2 python-2.3.4-14.4.el4_6.1.x86_64.rpm 101bce2891289ad517d435c8ef3c6d11 python-debuginfo-2.3.4-14.4.el4_6.1.x86_64.rpm 73c104c33fdfaf32fd2ba18640ede9aa python-devel-2.3.4-14.4.el4_6.1.x86_64.rpm c2454aad532a8d9297792319be498f21 python-docs-2.3.4-14.4.el4_6.1.x86_64.rpm 56337583820811673b617946665943aa python-tools-2.3.4-14.4.el4_6.1.x86_64.rpm 46adfd1574e4f196e3134faafd50f4e3 tkinter-2.3.4-14.4.el4_6.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHXYhgXlSAg2UNWIIRAlIYAJoDNV3dy9acP1R7Kmivb2iYNRp95ACcDHZF MwnAkiD/zjMDqaP7n0jIz1w= =Teqi -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 12 12:34:25 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 12 Dec 2007 07:34:25 -0500 Subject: [RHSA-2007:1086-01] Moderate: java-1.4.2-bea security update Message-ID: <200712121234.lBCCYPFb007895@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: java-1.4.2-bea security update Advisory ID: RHSA-2007:1086-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1086.html Issue date: 2007-12-12 Updated on: 2007-12-12 Product: Red Hat Enterprise Linux Extras Keywords: Security CVE Names: CVE-2007-4381 CVE-2007-2788 CVE-2007-2789 CVE-2007-3004 CVE-2007-3005 CVE-2007-3698 - --------------------------------------------------------------------- 1. Summary: Updated java-1.4.2-bea packages that correct several security issues and add enhancements are now available for Red Hat Enterprise Linux 4 Extras. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64 3. Problem description: The BEA WebLogic JRockit 1.4.2_15 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.4.2_15 and are certified for the Java 2 Platform, Standard Edition, v1.4.2. A buffer overflow in the Java Runtime Environment image handling code was found. If an attacker is able to cause a server application to process a specially crafted image file, it may be possible to execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-2788, CVE-2007-2789, CVE-2007-3004) A denial of service flaw was discovered in the Java Applet Viewer. An untrusted Java applet could cause the Java Virtual Machine to become unresponsive. Please note that the BEA WebLogic JRockit 1.4.2_15 does not ship with a browser plug-in and therefore this issue could only be triggered by a user running the "appletviewer" application. (CVE-2007-3005) A denial of service flaw was found in the way the JSSE component processed SSL/TLS handshake requests. A remote attacker able to connect to a JSSE enabled service could send a specially crafted handshake which would cause the Java Runtime Environment to stop responding to future requests. (CVE-2007-3698) A flaw was found in the way the Java Runtime Environment processes font data. An applet viewed via the "appletviewer" application could elevate its privileges, allowing the applet to perform actions with the same permissions as the user running the "appletviewer" application. It may also be possible to crash a server application which processes untrusted font information from a third party. (CVE-2007-4381) All users of java-1.4.2-bea should upgrade to these updated packages, which contain the BEA WebLogic JRockit 1.4.2_15 release that resolves these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 242595 - CVE-2007-3004 Integer overflow in IBM JDK's ICC profile parser 249539 - CVE-2007-3698 Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition 250725 - CVE-2007-2788 Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit 250729 - CVE-2007-2789 BMP image parser vulnerability 250733 - CVE-2007-3005 Unspecified vulnerability in Sun JRE 253488 - CVE-2007-4381 Vulnerability in the font parsing code 6. RPMs required: Red Hat Enterprise Linux AS version 4 Extras: i386: d8cbe20d5a32d32391592ba4704b020f java-1.4.2-bea-1.4.2.15-1jpp.2.el4.i686.rpm 464dc0cbbf0c6d8ddc2a5edcc65741d4 java-1.4.2-bea-devel-1.4.2.15-1jpp.2.el4.i686.rpm 25596b8fe33e153758c88dc21e510130 java-1.4.2-bea-jdbc-1.4.2.15-1jpp.2.el4.i686.rpm ia64: f9ce3d2854c5fa08d187c9c65f21592e java-1.4.2-bea-1.4.2.15-1jpp.2.el4.ia64.rpm 9a3612a0755f2e602b9aefba7bb26494 java-1.4.2-bea-devel-1.4.2.15-1jpp.2.el4.ia64.rpm 0604fd1a920520ed1ec52c2ddcccda33 java-1.4.2-bea-jdbc-1.4.2.15-1jpp.2.el4.ia64.rpm x86_64: d8cbe20d5a32d32391592ba4704b020f java-1.4.2-bea-1.4.2.15-1jpp.2.el4.i686.rpm 464dc0cbbf0c6d8ddc2a5edcc65741d4 java-1.4.2-bea-devel-1.4.2.15-1jpp.2.el4.i686.rpm Red Hat Desktop version 4 Extras: i386: d8cbe20d5a32d32391592ba4704b020f java-1.4.2-bea-1.4.2.15-1jpp.2.el4.i686.rpm 464dc0cbbf0c6d8ddc2a5edcc65741d4 java-1.4.2-bea-devel-1.4.2.15-1jpp.2.el4.i686.rpm 25596b8fe33e153758c88dc21e510130 java-1.4.2-bea-jdbc-1.4.2.15-1jpp.2.el4.i686.rpm x86_64: d8cbe20d5a32d32391592ba4704b020f java-1.4.2-bea-1.4.2.15-1jpp.2.el4.i686.rpm 464dc0cbbf0c6d8ddc2a5edcc65741d4 java-1.4.2-bea-devel-1.4.2.15-1jpp.2.el4.i686.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: d8cbe20d5a32d32391592ba4704b020f java-1.4.2-bea-1.4.2.15-1jpp.2.el4.i686.rpm 464dc0cbbf0c6d8ddc2a5edcc65741d4 java-1.4.2-bea-devel-1.4.2.15-1jpp.2.el4.i686.rpm 25596b8fe33e153758c88dc21e510130 java-1.4.2-bea-jdbc-1.4.2.15-1jpp.2.el4.i686.rpm ia64: f9ce3d2854c5fa08d187c9c65f21592e java-1.4.2-bea-1.4.2.15-1jpp.2.el4.ia64.rpm 9a3612a0755f2e602b9aefba7bb26494 java-1.4.2-bea-devel-1.4.2.15-1jpp.2.el4.ia64.rpm 0604fd1a920520ed1ec52c2ddcccda33 java-1.4.2-bea-jdbc-1.4.2.15-1jpp.2.el4.ia64.rpm x86_64: d8cbe20d5a32d32391592ba4704b020f java-1.4.2-bea-1.4.2.15-1jpp.2.el4.i686.rpm 464dc0cbbf0c6d8ddc2a5edcc65741d4 java-1.4.2-bea-devel-1.4.2.15-1jpp.2.el4.i686.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: d8cbe20d5a32d32391592ba4704b020f java-1.4.2-bea-1.4.2.15-1jpp.2.el4.i686.rpm 464dc0cbbf0c6d8ddc2a5edcc65741d4 java-1.4.2-bea-devel-1.4.2.15-1jpp.2.el4.i686.rpm 25596b8fe33e153758c88dc21e510130 java-1.4.2-bea-jdbc-1.4.2.15-1jpp.2.el4.i686.rpm ia64: f9ce3d2854c5fa08d187c9c65f21592e java-1.4.2-bea-1.4.2.15-1jpp.2.el4.ia64.rpm 9a3612a0755f2e602b9aefba7bb26494 java-1.4.2-bea-devel-1.4.2.15-1jpp.2.el4.ia64.rpm 0604fd1a920520ed1ec52c2ddcccda33 java-1.4.2-bea-jdbc-1.4.2.15-1jpp.2.el4.ia64.rpm x86_64: d8cbe20d5a32d32391592ba4704b020f java-1.4.2-bea-1.4.2.15-1jpp.2.el4.i686.rpm 464dc0cbbf0c6d8ddc2a5edcc65741d4 java-1.4.2-bea-devel-1.4.2.15-1jpp.2.el4.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4381 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3004 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3005 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3698 http://dev2dev.bea.com/pub/advisory/249 http://dev2dev.bea.com/pub/advisory/248 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHX9VPXlSAg2UNWIIRAgoGAJ4zJMc0CwvMYisELf+WqwO3VrbkDgCeK/iO S8rn/LkoGJP/xFN2EGPHWNU= =xGPP -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 12 12:34:47 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 12 Dec 2007 07:34:47 -0500 Subject: [RHSA-2007:1128-01] Important: autofs security update Message-ID: <200712121234.lBCCYl3G007907@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: autofs security update Advisory ID: RHSA-2007:1128-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1128.html Issue date: 2007-12-12 Updated on: 2007-12-12 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-5964 - --------------------------------------------------------------------- 1. Summary: Updated autofs packages are now available to fix a security flaw for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: The autofs utility controls the operation of the automount daemon, which automatically mounts and unmounts file systems after a period of inactivity. There was a security issue with the default installed configuration of autofs version 5 whereby the entry for the "hosts" map did not specify the "nosuid" mount option. A local user with control of a remote nfs server could create a setuid root executable within an exported filesystem on the remote nfs server that, if mounted using the default hosts map, would allow the user to gain root privileges. (CVE-2007-5964) Due to the fact that autofs always mounted hosts map entries suid by default, autofs has now been altered to always use the "nosuid" option when mounting from the default hosts map. The "suid" option must be explicitly given in the master map entry to revert to the old behavior. This change affects only the hosts map which corresponds to the /net entry in the default configuration. Users are advised to upgrade to these updated autofs packages, which resolve this issue. Red Hat would like to thank Josh Lange for reporting this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 410031 - CVE-2007-5964 autofs defaults don't restrict suid in /net 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/autofs-5.0.1-0.rc2.55.el5.1.src.rpm 2a25ed0ef9c01abe09f19f8a89452fcd autofs-5.0.1-0.rc2.55.el5.1.src.rpm i386: 29d9a96e22d453a52c3cb6b2663bd984 autofs-5.0.1-0.rc2.55.el5.1.i386.rpm 92dcccbc5132698374cea61159366f23 autofs-debuginfo-5.0.1-0.rc2.55.el5.1.i386.rpm x86_64: 234de8994b5e122cff78e9655e19d510 autofs-5.0.1-0.rc2.55.el5.1.x86_64.rpm 570bd949d8da5b104fdb4a8de2eccbaf autofs-debuginfo-5.0.1-0.rc2.55.el5.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/autofs-5.0.1-0.rc2.55.el5.1.src.rpm 2a25ed0ef9c01abe09f19f8a89452fcd autofs-5.0.1-0.rc2.55.el5.1.src.rpm i386: 29d9a96e22d453a52c3cb6b2663bd984 autofs-5.0.1-0.rc2.55.el5.1.i386.rpm 92dcccbc5132698374cea61159366f23 autofs-debuginfo-5.0.1-0.rc2.55.el5.1.i386.rpm ia64: 8abb97c8cd6ad16e67780c6d4251ded3 autofs-5.0.1-0.rc2.55.el5.1.ia64.rpm 86fda06872725a92ea8f3ffb552c7307 autofs-debuginfo-5.0.1-0.rc2.55.el5.1.ia64.rpm ppc: 780aa280f5927f34506acd60353bf0fc autofs-5.0.1-0.rc2.55.el5.1.ppc.rpm 36925b686e89552da9cf3ca66fceba20 autofs-debuginfo-5.0.1-0.rc2.55.el5.1.ppc.rpm s390x: 37a973950e8683cbaf4b47caa2458ffb autofs-5.0.1-0.rc2.55.el5.1.s390x.rpm 4a8545d5d0f8c8bf1ae2a955ca5def5b autofs-debuginfo-5.0.1-0.rc2.55.el5.1.s390x.rpm x86_64: 234de8994b5e122cff78e9655e19d510 autofs-5.0.1-0.rc2.55.el5.1.x86_64.rpm 570bd949d8da5b104fdb4a8de2eccbaf autofs-debuginfo-5.0.1-0.rc2.55.el5.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5964 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHX9ViXlSAg2UNWIIRAryBAJwKZ095PKSLeRZJs9VB0+cy/S0blACglQFL 2sS0ZTH8ObpbDt8LH83Vpnc= =Ywcf -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 12 12:41:50 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 12 Dec 2007 07:41:50 -0500 Subject: [RHSA-2007:1129-01] Important: autofs5 security update Message-ID: <200712121241.lBCCfoOk009196@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: autofs5 security update Advisory ID: RHSA-2007:1129-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1129.html Issue date: 2007-12-12 Updated on: 2007-12-12 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-5964 - --------------------------------------------------------------------- 1. Summary: Updated Red Hat Enterprise Linux 4 Technology Preview autofs5 packages are now available to fix a security flaw. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The autofs utility controls the operation of the automount daemon, which automatically mounts and unmounts file systems after a period of inactivity. The autofs version 5 package was made available as a technology preview in Red Hat Enterprise Linux version 4.6. There was a security issue with the default installed configuration of autofs version 5 whereby the entry for the "hosts" map did not specify the "nosuid" mount option. A local user with control of a remote nfs server could create a setuid root executable within an exported filesystem on the remote nfs server that, if mounted using the default hosts map, would allow the user to gain root privileges. (CVE-2007-5964) Due to the fact that autofs version 5 always mounted hosts map entries suid by default, autofs has now been altered to always use the "nosuid" option when mounting from the default hosts map. The "suid" option must be explicitly given in the master map entry to revert to the old behavior. This change affects only the hosts map which corresponds to the /net entry in the default configuration. Users are advised to upgrade to these updated autofs5 packages, which resolve this issue. Red Hat would like to thank Josh Lange for reporting this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 410031 - CVE-2007-5964 autofs defaults don't restrict suid in /net 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/autofs5-5.0.1-0.rc2.55.el4_6.1.src.rpm 05d5179245e60b719cbb294d175b748a autofs5-5.0.1-0.rc2.55.el4_6.1.src.rpm i386: 843984a6c993a423d230b60a53bdac84 autofs5-5.0.1-0.rc2.55.el4_6.1.i386.rpm 26cb6bd2589982a94b432ecf0864ab3a autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.1.i386.rpm ia64: e8651311ccacbb795889d6c6fb5ea937 autofs5-5.0.1-0.rc2.55.el4_6.1.ia64.rpm 5b182c69e3ecfc639d9cdbdb67e5ba90 autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.1.ia64.rpm ppc: 17078df28123aef61102d27fdc23f36e autofs5-5.0.1-0.rc2.55.el4_6.1.ppc.rpm e567075f64c8c5c88b32d2a392f900fc autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.1.ppc.rpm s390: 7dfd1842cd49a84cec0c647d1806020e autofs5-5.0.1-0.rc2.55.el4_6.1.s390.rpm e78775fdc40cb0e21f7df1a7ff3b6e42 autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.1.s390.rpm s390x: f9df3328f755b3d40d724e83a5fa4bc4 autofs5-5.0.1-0.rc2.55.el4_6.1.s390x.rpm d5b8283c0b0dc496ae8cbaf3500774e7 autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.1.s390x.rpm x86_64: 1ba8f965d1eab75e4245600c2ac8d188 autofs5-5.0.1-0.rc2.55.el4_6.1.x86_64.rpm 0521149a1e5eb334bcc68305596b16d0 autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/autofs5-5.0.1-0.rc2.55.el4_6.1.src.rpm 05d5179245e60b719cbb294d175b748a autofs5-5.0.1-0.rc2.55.el4_6.1.src.rpm i386: 843984a6c993a423d230b60a53bdac84 autofs5-5.0.1-0.rc2.55.el4_6.1.i386.rpm 26cb6bd2589982a94b432ecf0864ab3a autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.1.i386.rpm x86_64: 1ba8f965d1eab75e4245600c2ac8d188 autofs5-5.0.1-0.rc2.55.el4_6.1.x86_64.rpm 0521149a1e5eb334bcc68305596b16d0 autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/autofs5-5.0.1-0.rc2.55.el4_6.1.src.rpm 05d5179245e60b719cbb294d175b748a autofs5-5.0.1-0.rc2.55.el4_6.1.src.rpm i386: 843984a6c993a423d230b60a53bdac84 autofs5-5.0.1-0.rc2.55.el4_6.1.i386.rpm 26cb6bd2589982a94b432ecf0864ab3a autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.1.i386.rpm ia64: e8651311ccacbb795889d6c6fb5ea937 autofs5-5.0.1-0.rc2.55.el4_6.1.ia64.rpm 5b182c69e3ecfc639d9cdbdb67e5ba90 autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.1.ia64.rpm x86_64: 1ba8f965d1eab75e4245600c2ac8d188 autofs5-5.0.1-0.rc2.55.el4_6.1.x86_64.rpm 0521149a1e5eb334bcc68305596b16d0 autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/autofs5-5.0.1-0.rc2.55.el4_6.1.src.rpm 05d5179245e60b719cbb294d175b748a autofs5-5.0.1-0.rc2.55.el4_6.1.src.rpm i386: 843984a6c993a423d230b60a53bdac84 autofs5-5.0.1-0.rc2.55.el4_6.1.i386.rpm 26cb6bd2589982a94b432ecf0864ab3a autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.1.i386.rpm ia64: e8651311ccacbb795889d6c6fb5ea937 autofs5-5.0.1-0.rc2.55.el4_6.1.ia64.rpm 5b182c69e3ecfc639d9cdbdb67e5ba90 autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.1.ia64.rpm x86_64: 1ba8f965d1eab75e4245600c2ac8d188 autofs5-5.0.1-0.rc2.55.el4_6.1.x86_64.rpm 0521149a1e5eb334bcc68305596b16d0 autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5964 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHX9cLXlSAg2UNWIIRAkoQAJ4+9umDxwigy4faU2m+8oKYve4kMwCeLPPY 9/EaBSmSyLMuYBt6umAfan4= =/ani -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 18 16:40:24 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Dec 2007 11:40:24 -0500 Subject: [RHSA-2007:1130-01] Moderate: squid security update Message-ID: <200712181640.lBIGeOpv017979@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: squid security update Advisory ID: RHSA-2007:1130-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1130.html Issue date: 2007-12-18 Updated on: 2007-12-18 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-6239 - --------------------------------------------------------------------- 1. Summary: Updated squid packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. A flaw was found in the way squid stored HTTP headers for cached objects in system memory. An attacker could cause squid to use additional memory, and trigger high CPU usage when processing requests for certain cached objects, possibly leading to a denial of service. (CVE-2007-6239) Users of squid are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 410181 - CVE-2007-6239 squid: DoS in cache updates 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 : SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/squid-2.4.STABLE7-1.21as.11.src.rpm ece653d214fe3de7552e4c4f105ae3a7 squid-2.4.STABLE7-1.21as.11.src.rpm i386: b9d27df2ff2d7dcbe20abcc424c9aba6 squid-2.4.STABLE7-1.21as.11.i386.rpm ia64: fe6279f75619d921cfb543f91a5ef93f squid-2.4.STABLE7-1.21as.11.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/squid-2.4.STABLE7-1.21as.11.src.rpm ece653d214fe3de7552e4c4f105ae3a7 squid-2.4.STABLE7-1.21as.11.src.rpm ia64: fe6279f75619d921cfb543f91a5ef93f squid-2.4.STABLE7-1.21as.11.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/squid-2.4.STABLE7-1.21as.11.src.rpm ece653d214fe3de7552e4c4f105ae3a7 squid-2.4.STABLE7-1.21as.11.src.rpm i386: b9d27df2ff2d7dcbe20abcc424c9aba6 squid-2.4.STABLE7-1.21as.11.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squid-2.5.STABLE3-8.3E.src.rpm 33e54e551779fb32990b54b406143027 squid-2.5.STABLE3-8.3E.src.rpm i386: ab247e2aba77e505d88cff074849f045 squid-2.5.STABLE3-8.3E.i386.rpm 2bba9f1a118984bf1ed8814439a4ba22 squid-debuginfo-2.5.STABLE3-8.3E.i386.rpm ia64: 6688d8d1bd5221c4eb31b55da930bb54 squid-2.5.STABLE3-8.3E.ia64.rpm 84af8ffa403a6e94daec6ce4b72ddff0 squid-debuginfo-2.5.STABLE3-8.3E.ia64.rpm ppc: fe42f1e938614448fedf5fe82768789f squid-2.5.STABLE3-8.3E.ppc.rpm 0196585dbc4e874371335e0510a376e6 squid-debuginfo-2.5.STABLE3-8.3E.ppc.rpm s390: 1b5d86c9df50e17f98e1c4bf436cc66b squid-2.5.STABLE3-8.3E.s390.rpm c6280fc05b9b2547b89c6895ef2fa070 squid-debuginfo-2.5.STABLE3-8.3E.s390.rpm s390x: 74bfad18cae240d909f022fa43de5d8e squid-2.5.STABLE3-8.3E.s390x.rpm 670d9e23a2c1775d9bc7c899ab629c59 squid-debuginfo-2.5.STABLE3-8.3E.s390x.rpm x86_64: 0aafeeea7acb8f7c74bee676b9de8b57 squid-2.5.STABLE3-8.3E.x86_64.rpm a032eadab80f394d7ded60ae61129dc9 squid-debuginfo-2.5.STABLE3-8.3E.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squid-2.5.STABLE3-8.3E.src.rpm 33e54e551779fb32990b54b406143027 squid-2.5.STABLE3-8.3E.src.rpm i386: ab247e2aba77e505d88cff074849f045 squid-2.5.STABLE3-8.3E.i386.rpm 2bba9f1a118984bf1ed8814439a4ba22 squid-debuginfo-2.5.STABLE3-8.3E.i386.rpm x86_64: 0aafeeea7acb8f7c74bee676b9de8b57 squid-2.5.STABLE3-8.3E.x86_64.rpm a032eadab80f394d7ded60ae61129dc9 squid-debuginfo-2.5.STABLE3-8.3E.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squid-2.5.STABLE3-8.3E.src.rpm 33e54e551779fb32990b54b406143027 squid-2.5.STABLE3-8.3E.src.rpm i386: ab247e2aba77e505d88cff074849f045 squid-2.5.STABLE3-8.3E.i386.rpm 2bba9f1a118984bf1ed8814439a4ba22 squid-debuginfo-2.5.STABLE3-8.3E.i386.rpm ia64: 6688d8d1bd5221c4eb31b55da930bb54 squid-2.5.STABLE3-8.3E.ia64.rpm 84af8ffa403a6e94daec6ce4b72ddff0 squid-debuginfo-2.5.STABLE3-8.3E.ia64.rpm x86_64: 0aafeeea7acb8f7c74bee676b9de8b57 squid-2.5.STABLE3-8.3E.x86_64.rpm a032eadab80f394d7ded60ae61129dc9 squid-debuginfo-2.5.STABLE3-8.3E.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squid-2.5.STABLE3-8.3E.src.rpm 33e54e551779fb32990b54b406143027 squid-2.5.STABLE3-8.3E.src.rpm i386: ab247e2aba77e505d88cff074849f045 squid-2.5.STABLE3-8.3E.i386.rpm 2bba9f1a118984bf1ed8814439a4ba22 squid-debuginfo-2.5.STABLE3-8.3E.i386.rpm ia64: 6688d8d1bd5221c4eb31b55da930bb54 squid-2.5.STABLE3-8.3E.ia64.rpm 84af8ffa403a6e94daec6ce4b72ddff0 squid-debuginfo-2.5.STABLE3-8.3E.ia64.rpm x86_64: 0aafeeea7acb8f7c74bee676b9de8b57 squid-2.5.STABLE3-8.3E.x86_64.rpm a032eadab80f394d7ded60ae61129dc9 squid-debuginfo-2.5.STABLE3-8.3E.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/squid-2.5.STABLE14-1.4E.el4_6.1.src.rpm c252e79be2fcba9f696565ed87b12aae squid-2.5.STABLE14-1.4E.el4_6.1.src.rpm i386: d951a7bd76166490d1a922b4772c4740 squid-2.5.STABLE14-1.4E.el4_6.1.i386.rpm a5ee5827a0906ff45f7e10fc8ba51b7a squid-debuginfo-2.5.STABLE14-1.4E.el4_6.1.i386.rpm ia64: 9536874e2e40bc9669b767c7cbc5c97e squid-2.5.STABLE14-1.4E.el4_6.1.ia64.rpm 17fecd8aaa42b0c492dd35399d9640b8 squid-debuginfo-2.5.STABLE14-1.4E.el4_6.1.ia64.rpm ppc: 29979a4f2fe43d50e7cc3ab32948b956 squid-2.5.STABLE14-1.4E.el4_6.1.ppc.rpm 9216796c2778aaf5c18e8799d1568453 squid-debuginfo-2.5.STABLE14-1.4E.el4_6.1.ppc.rpm s390: 124ea7fcf76fd2ed056d57a68af45f57 squid-2.5.STABLE14-1.4E.el4_6.1.s390.rpm e4ba12277b17cd630af314d6877a6dfe squid-debuginfo-2.5.STABLE14-1.4E.el4_6.1.s390.rpm s390x: 53c5859f6826ee234bd3f2fc7268c79a squid-2.5.STABLE14-1.4E.el4_6.1.s390x.rpm 15bd808af4138103f0055fe9cceae769 squid-debuginfo-2.5.STABLE14-1.4E.el4_6.1.s390x.rpm x86_64: 463f654fc16dff0e65728f111f9e685f squid-2.5.STABLE14-1.4E.el4_6.1.x86_64.rpm 17e7ad34be5eb825cfbecce3a41c877b squid-debuginfo-2.5.STABLE14-1.4E.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/squid-2.5.STABLE14-1.4E.el4_6.1.src.rpm c252e79be2fcba9f696565ed87b12aae squid-2.5.STABLE14-1.4E.el4_6.1.src.rpm i386: d951a7bd76166490d1a922b4772c4740 squid-2.5.STABLE14-1.4E.el4_6.1.i386.rpm a5ee5827a0906ff45f7e10fc8ba51b7a squid-debuginfo-2.5.STABLE14-1.4E.el4_6.1.i386.rpm x86_64: 463f654fc16dff0e65728f111f9e685f squid-2.5.STABLE14-1.4E.el4_6.1.x86_64.rpm 17e7ad34be5eb825cfbecce3a41c877b squid-debuginfo-2.5.STABLE14-1.4E.el4_6.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/squid-2.5.STABLE14-1.4E.el4_6.1.src.rpm c252e79be2fcba9f696565ed87b12aae squid-2.5.STABLE14-1.4E.el4_6.1.src.rpm i386: d951a7bd76166490d1a922b4772c4740 squid-2.5.STABLE14-1.4E.el4_6.1.i386.rpm a5ee5827a0906ff45f7e10fc8ba51b7a squid-debuginfo-2.5.STABLE14-1.4E.el4_6.1.i386.rpm ia64: 9536874e2e40bc9669b767c7cbc5c97e squid-2.5.STABLE14-1.4E.el4_6.1.ia64.rpm 17fecd8aaa42b0c492dd35399d9640b8 squid-debuginfo-2.5.STABLE14-1.4E.el4_6.1.ia64.rpm x86_64: 463f654fc16dff0e65728f111f9e685f squid-2.5.STABLE14-1.4E.el4_6.1.x86_64.rpm 17e7ad34be5eb825cfbecce3a41c877b squid-debuginfo-2.5.STABLE14-1.4E.el4_6.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/squid-2.5.STABLE14-1.4E.el4_6.1.src.rpm c252e79be2fcba9f696565ed87b12aae squid-2.5.STABLE14-1.4E.el4_6.1.src.rpm i386: d951a7bd76166490d1a922b4772c4740 squid-2.5.STABLE14-1.4E.el4_6.1.i386.rpm a5ee5827a0906ff45f7e10fc8ba51b7a squid-debuginfo-2.5.STABLE14-1.4E.el4_6.1.i386.rpm ia64: 9536874e2e40bc9669b767c7cbc5c97e squid-2.5.STABLE14-1.4E.el4_6.1.ia64.rpm 17fecd8aaa42b0c492dd35399d9640b8 squid-debuginfo-2.5.STABLE14-1.4E.el4_6.1.ia64.rpm x86_64: 463f654fc16dff0e65728f111f9e685f squid-2.5.STABLE14-1.4E.el4_6.1.x86_64.rpm 17e7ad34be5eb825cfbecce3a41c877b squid-debuginfo-2.5.STABLE14-1.4E.el4_6.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/squid-2.6.STABLE6-5.el5_1.2.src.rpm 30db384fc837a2b7cfe3be12c80bfed0 squid-2.6.STABLE6-5.el5_1.2.src.rpm i386: 172091586b423ff41d70b9a2d9fead00 squid-2.6.STABLE6-5.el5_1.2.i386.rpm 482ac42a07e452a26a5805e9f5c1532d squid-debuginfo-2.6.STABLE6-5.el5_1.2.i386.rpm x86_64: 76876b1c2f21b013ab81b2203cc274c2 squid-2.6.STABLE6-5.el5_1.2.x86_64.rpm 37a3b6a430820be138def86fdcba002e squid-debuginfo-2.6.STABLE6-5.el5_1.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/squid-2.6.STABLE6-5.el5_1.2.src.rpm 30db384fc837a2b7cfe3be12c80bfed0 squid-2.6.STABLE6-5.el5_1.2.src.rpm i386: 172091586b423ff41d70b9a2d9fead00 squid-2.6.STABLE6-5.el5_1.2.i386.rpm 482ac42a07e452a26a5805e9f5c1532d squid-debuginfo-2.6.STABLE6-5.el5_1.2.i386.rpm ia64: 4eaa32cfae9667e7b96a6a756bff1559 squid-2.6.STABLE6-5.el5_1.2.ia64.rpm 932751869d724a6c9e6723c45ab3f2e9 squid-debuginfo-2.6.STABLE6-5.el5_1.2.ia64.rpm ppc: 404a22e1fd3ff9282e83c166d4c43307 squid-2.6.STABLE6-5.el5_1.2.ppc.rpm 8b3bdb5fd4c27327e6489ff6da4cf2ae squid-debuginfo-2.6.STABLE6-5.el5_1.2.ppc.rpm s390x: 3e74a922b55cbdff9486079828d73582 squid-2.6.STABLE6-5.el5_1.2.s390x.rpm 85e86189294f374cd0655ef0d0bfcd1e squid-debuginfo-2.6.STABLE6-5.el5_1.2.s390x.rpm x86_64: 76876b1c2f21b013ab81b2203cc274c2 squid-2.6.STABLE6-5.el5_1.2.x86_64.rpm 37a3b6a430820be138def86fdcba002e squid-debuginfo-2.6.STABLE6-5.el5_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6239 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHZ/fOXlSAg2UNWIIRAoVBAJ9jGsCBuf1dy2SRY+TGPAwwcE9qNQCfRmPj 6HrsUl6YsP1Wy96VxYRiAfA= =0hBW -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 18 16:41:20 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Dec 2007 11:41:20 -0500 Subject: [RHSA-2007:1155-01] Important: mysql security update Message-ID: <200712181641.lBIGfKld018044@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: mysql security update Advisory ID: RHSA-2007:1155-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1155.html Issue date: 2007-12-18 Updated on: 2007-12-18 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-5969 CVE-2007-5925 - --------------------------------------------------------------------- 1. Summary: Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld), and many different client programs and libraries. A flaw was found in a way MySQL handled symbolic links when database tables were created with explicit "DATA" and "INDEX DIRECTORY" options. An authenticated user could create a table that would overwrite tables in other databases, causing destruction of data or allowing the user to elevate privileges. (CVE-2007-5969) A flaw was found in a way MySQL's InnoDB engine handled spatial indexes. An authenticated user could create a table with spatial indexes, which are not supported by the InnoDB engine, that would cause the mysql daemon to crash when used. This issue only causes a temporary denial of service, as the mysql daemon will be automatically restarted after the crash. (CVE-2007-5925) All mysql users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 377451 - CVE-2007-5925 mysql DoS in the InnoDB Engine 397071 - CVE-2007-5969 mysql: possible system table information overwrite using symlinks 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mysql-4.1.20-3.RHEL4.1.el4_6.1.src.rpm 1854535e652c2293f7c74d2d7a81b2bf mysql-4.1.20-3.RHEL4.1.el4_6.1.src.rpm i386: 531fbbccb4ec6db747d64b9457741e6e mysql-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 7f3ffede94c61972847e43795a8a7319 mysql-bench-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 370f6dd7adee75092debb54b07352538 mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 2b1bd8db5655be3a64d454b0bbb14465 mysql-devel-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm b7ea46af22ef0ef8090c13d86c9e30b7 mysql-server-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm ia64: 531fbbccb4ec6db747d64b9457741e6e mysql-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 27dfcb1cf5ef0286bf05d71f0cfc147d mysql-4.1.20-3.RHEL4.1.el4_6.1.ia64.rpm 533ffa791ddbd3da1d9226b7b417ec5c mysql-bench-4.1.20-3.RHEL4.1.el4_6.1.ia64.rpm 370f6dd7adee75092debb54b07352538 mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 8d02af73dbd2952382b614030ef17a12 mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.ia64.rpm d13ec7721c0d38a23bafa2b21e0cedcd mysql-devel-4.1.20-3.RHEL4.1.el4_6.1.ia64.rpm 963b668c8c77e2055a563b32a8f4ca80 mysql-server-4.1.20-3.RHEL4.1.el4_6.1.ia64.rpm ppc: bdbf7956d4992b3ea8d29a9fdce21b8f mysql-4.1.20-3.RHEL4.1.el4_6.1.ppc.rpm 9c9c631bde64bfdbb053e135f78ccca4 mysql-4.1.20-3.RHEL4.1.el4_6.1.ppc64.rpm c113c36a612342bed0edd1c6ceb4e593 mysql-bench-4.1.20-3.RHEL4.1.el4_6.1.ppc.rpm f76fa77fac4a2b7cc66fd4c60e86d7f0 mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.ppc.rpm 1ba6e35143550d27c06a15dbd37142ce mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.ppc64.rpm a10ef5cfd2753f58c603a646341b1bea mysql-devel-4.1.20-3.RHEL4.1.el4_6.1.ppc.rpm c0c2a9547931f8400357b23eddd24947 mysql-server-4.1.20-3.RHEL4.1.el4_6.1.ppc.rpm s390: 09a3d3d6b69e90a6b62ff4da87a846e5 mysql-4.1.20-3.RHEL4.1.el4_6.1.s390.rpm ad8385135ccb4aeb02892d7c06acb406 mysql-bench-4.1.20-3.RHEL4.1.el4_6.1.s390.rpm 939d122ba75e80cbbc8fce8d70613373 mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.s390.rpm 77fc7f7db4c9a03205782c2ea232c5c8 mysql-devel-4.1.20-3.RHEL4.1.el4_6.1.s390.rpm 760d3f7e8539ec7608ae5fd4cf1fa157 mysql-server-4.1.20-3.RHEL4.1.el4_6.1.s390.rpm s390x: 09a3d3d6b69e90a6b62ff4da87a846e5 mysql-4.1.20-3.RHEL4.1.el4_6.1.s390.rpm 443a9b2259455d82b262ccd04ddd3535 mysql-4.1.20-3.RHEL4.1.el4_6.1.s390x.rpm 7ca3b643358dde0288d1a00db4efb1df mysql-bench-4.1.20-3.RHEL4.1.el4_6.1.s390x.rpm 939d122ba75e80cbbc8fce8d70613373 mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.s390.rpm 3a053e0f9602b60c0590304aa687140b mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.s390x.rpm 664bfe9b424bf2669e138f070531716e mysql-devel-4.1.20-3.RHEL4.1.el4_6.1.s390x.rpm 46acae1f2d6083957e45f3f1c1943faa mysql-server-4.1.20-3.RHEL4.1.el4_6.1.s390x.rpm x86_64: 531fbbccb4ec6db747d64b9457741e6e mysql-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm d5dcfe0b48fa140264a125a1b1c26f3a mysql-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm 3e3b031841c62189290af3480373fba0 mysql-bench-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm 370f6dd7adee75092debb54b07352538 mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 875b214811f6e0fa570419b5ba5f6a4b mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm ccde316f14672eda04fc25eefac3d7fa mysql-devel-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm 498a0c429f46de530e50309d921b63a7 mysql-server-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mysql-4.1.20-3.RHEL4.1.el4_6.1.src.rpm 1854535e652c2293f7c74d2d7a81b2bf mysql-4.1.20-3.RHEL4.1.el4_6.1.src.rpm i386: 531fbbccb4ec6db747d64b9457741e6e mysql-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 7f3ffede94c61972847e43795a8a7319 mysql-bench-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 370f6dd7adee75092debb54b07352538 mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 2b1bd8db5655be3a64d454b0bbb14465 mysql-devel-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm b7ea46af22ef0ef8090c13d86c9e30b7 mysql-server-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm x86_64: 531fbbccb4ec6db747d64b9457741e6e mysql-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm d5dcfe0b48fa140264a125a1b1c26f3a mysql-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm 3e3b031841c62189290af3480373fba0 mysql-bench-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm 370f6dd7adee75092debb54b07352538 mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 875b214811f6e0fa570419b5ba5f6a4b mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm ccde316f14672eda04fc25eefac3d7fa mysql-devel-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm 498a0c429f46de530e50309d921b63a7 mysql-server-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mysql-4.1.20-3.RHEL4.1.el4_6.1.src.rpm 1854535e652c2293f7c74d2d7a81b2bf mysql-4.1.20-3.RHEL4.1.el4_6.1.src.rpm i386: 531fbbccb4ec6db747d64b9457741e6e mysql-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 7f3ffede94c61972847e43795a8a7319 mysql-bench-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 370f6dd7adee75092debb54b07352538 mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 2b1bd8db5655be3a64d454b0bbb14465 mysql-devel-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm b7ea46af22ef0ef8090c13d86c9e30b7 mysql-server-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm ia64: 531fbbccb4ec6db747d64b9457741e6e mysql-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 27dfcb1cf5ef0286bf05d71f0cfc147d mysql-4.1.20-3.RHEL4.1.el4_6.1.ia64.rpm 533ffa791ddbd3da1d9226b7b417ec5c mysql-bench-4.1.20-3.RHEL4.1.el4_6.1.ia64.rpm 370f6dd7adee75092debb54b07352538 mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 8d02af73dbd2952382b614030ef17a12 mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.ia64.rpm d13ec7721c0d38a23bafa2b21e0cedcd mysql-devel-4.1.20-3.RHEL4.1.el4_6.1.ia64.rpm 963b668c8c77e2055a563b32a8f4ca80 mysql-server-4.1.20-3.RHEL4.1.el4_6.1.ia64.rpm x86_64: 531fbbccb4ec6db747d64b9457741e6e mysql-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm d5dcfe0b48fa140264a125a1b1c26f3a mysql-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm 3e3b031841c62189290af3480373fba0 mysql-bench-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm 370f6dd7adee75092debb54b07352538 mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 875b214811f6e0fa570419b5ba5f6a4b mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm ccde316f14672eda04fc25eefac3d7fa mysql-devel-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm 498a0c429f46de530e50309d921b63a7 mysql-server-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mysql-4.1.20-3.RHEL4.1.el4_6.1.src.rpm 1854535e652c2293f7c74d2d7a81b2bf mysql-4.1.20-3.RHEL4.1.el4_6.1.src.rpm i386: 531fbbccb4ec6db747d64b9457741e6e mysql-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 7f3ffede94c61972847e43795a8a7319 mysql-bench-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 370f6dd7adee75092debb54b07352538 mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 2b1bd8db5655be3a64d454b0bbb14465 mysql-devel-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm b7ea46af22ef0ef8090c13d86c9e30b7 mysql-server-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm ia64: 531fbbccb4ec6db747d64b9457741e6e mysql-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 27dfcb1cf5ef0286bf05d71f0cfc147d mysql-4.1.20-3.RHEL4.1.el4_6.1.ia64.rpm 533ffa791ddbd3da1d9226b7b417ec5c mysql-bench-4.1.20-3.RHEL4.1.el4_6.1.ia64.rpm 370f6dd7adee75092debb54b07352538 mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 8d02af73dbd2952382b614030ef17a12 mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.ia64.rpm d13ec7721c0d38a23bafa2b21e0cedcd mysql-devel-4.1.20-3.RHEL4.1.el4_6.1.ia64.rpm 963b668c8c77e2055a563b32a8f4ca80 mysql-server-4.1.20-3.RHEL4.1.el4_6.1.ia64.rpm x86_64: 531fbbccb4ec6db747d64b9457741e6e mysql-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm d5dcfe0b48fa140264a125a1b1c26f3a mysql-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm 3e3b031841c62189290af3480373fba0 mysql-bench-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm 370f6dd7adee75092debb54b07352538 mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.i386.rpm 875b214811f6e0fa570419b5ba5f6a4b mysql-debuginfo-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm ccde316f14672eda04fc25eefac3d7fa mysql-devel-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm 498a0c429f46de530e50309d921b63a7 mysql-server-4.1.20-3.RHEL4.1.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mysql-5.0.22-2.2.el5_1.1.src.rpm 1e9aab3d2dad0c5e18704a1310577655 mysql-5.0.22-2.2.el5_1.1.src.rpm i386: c75889dc568cb7ca5f91672cec4d2c72 mysql-5.0.22-2.2.el5_1.1.i386.rpm 767a563f605343da4399ec3d66eb5e2b mysql-debuginfo-5.0.22-2.2.el5_1.1.i386.rpm x86_64: c75889dc568cb7ca5f91672cec4d2c72 mysql-5.0.22-2.2.el5_1.1.i386.rpm f99bf6ee7efbca43fd93ff705dafc906 mysql-5.0.22-2.2.el5_1.1.x86_64.rpm 767a563f605343da4399ec3d66eb5e2b mysql-debuginfo-5.0.22-2.2.el5_1.1.i386.rpm bcc234f327d4e6c5f16ad8be2f2b4aba mysql-debuginfo-5.0.22-2.2.el5_1.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/mysql-5.0.22-2.2.el5_1.1.src.rpm 1e9aab3d2dad0c5e18704a1310577655 mysql-5.0.22-2.2.el5_1.1.src.rpm i386: c97e5b3c925352660affdb28cfdac1fb mysql-bench-5.0.22-2.2.el5_1.1.i386.rpm 767a563f605343da4399ec3d66eb5e2b mysql-debuginfo-5.0.22-2.2.el5_1.1.i386.rpm e64dbc1b3a3bdb53d7a8e53952a0c6c0 mysql-devel-5.0.22-2.2.el5_1.1.i386.rpm 02235ad2df88bdb6d8d17c0019bac3dd mysql-server-5.0.22-2.2.el5_1.1.i386.rpm 6e59b90929d818b26a441304c1853eaa mysql-test-5.0.22-2.2.el5_1.1.i386.rpm x86_64: 38487f1a2d8deeba984038448eb172ae mysql-bench-5.0.22-2.2.el5_1.1.x86_64.rpm 767a563f605343da4399ec3d66eb5e2b mysql-debuginfo-5.0.22-2.2.el5_1.1.i386.rpm bcc234f327d4e6c5f16ad8be2f2b4aba mysql-debuginfo-5.0.22-2.2.el5_1.1.x86_64.rpm e64dbc1b3a3bdb53d7a8e53952a0c6c0 mysql-devel-5.0.22-2.2.el5_1.1.i386.rpm eb90903e4ae7a2fbe8357fde6ec3c357 mysql-devel-5.0.22-2.2.el5_1.1.x86_64.rpm 1ba9dd9f34b5b1ecb7ccc8167cd459a5 mysql-server-5.0.22-2.2.el5_1.1.x86_64.rpm 995d71b15bdef4b4c6f84fab8b5d869e mysql-test-5.0.22-2.2.el5_1.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/mysql-5.0.22-2.2.el5_1.1.src.rpm 1e9aab3d2dad0c5e18704a1310577655 mysql-5.0.22-2.2.el5_1.1.src.rpm i386: c75889dc568cb7ca5f91672cec4d2c72 mysql-5.0.22-2.2.el5_1.1.i386.rpm c97e5b3c925352660affdb28cfdac1fb mysql-bench-5.0.22-2.2.el5_1.1.i386.rpm 767a563f605343da4399ec3d66eb5e2b mysql-debuginfo-5.0.22-2.2.el5_1.1.i386.rpm e64dbc1b3a3bdb53d7a8e53952a0c6c0 mysql-devel-5.0.22-2.2.el5_1.1.i386.rpm 02235ad2df88bdb6d8d17c0019bac3dd mysql-server-5.0.22-2.2.el5_1.1.i386.rpm 6e59b90929d818b26a441304c1853eaa mysql-test-5.0.22-2.2.el5_1.1.i386.rpm ia64: c75889dc568cb7ca5f91672cec4d2c72 mysql-5.0.22-2.2.el5_1.1.i386.rpm 5d1e675a949114820147f10cba548876 mysql-5.0.22-2.2.el5_1.1.ia64.rpm e0611ab43c83ceb3e142b811c6488871 mysql-bench-5.0.22-2.2.el5_1.1.ia64.rpm 767a563f605343da4399ec3d66eb5e2b mysql-debuginfo-5.0.22-2.2.el5_1.1.i386.rpm f7669d46ae7a770f2974d93d8bce20d1 mysql-debuginfo-5.0.22-2.2.el5_1.1.ia64.rpm 2c1f29afba6f48914a721f8ebc7baec3 mysql-devel-5.0.22-2.2.el5_1.1.ia64.rpm 9d8240d6d4949e94929ff23cbc7601cd mysql-server-5.0.22-2.2.el5_1.1.ia64.rpm 9279d9b01a6fa1c62beb4c1a52f6613b mysql-test-5.0.22-2.2.el5_1.1.ia64.rpm ppc: 6b8463bca11bcc572300a24cb35d6fdc mysql-5.0.22-2.2.el5_1.1.ppc.rpm e48ac3b1dce1bec353ba3f6e2e5fe231 mysql-5.0.22-2.2.el5_1.1.ppc64.rpm 51d3b7ff981374ea4b9340f6fdbc27d7 mysql-bench-5.0.22-2.2.el5_1.1.ppc.rpm 95a855afe95c54d035226489773d7c3d mysql-debuginfo-5.0.22-2.2.el5_1.1.ppc.rpm 2c42589945da0aa836fdd0bd6d30b47e mysql-debuginfo-5.0.22-2.2.el5_1.1.ppc64.rpm e8f7fc31923cfb4d19276fa76afecdec mysql-devel-5.0.22-2.2.el5_1.1.ppc.rpm 3c77a3843eed86046574103b896d3e9e mysql-devel-5.0.22-2.2.el5_1.1.ppc64.rpm 2573b0bc68ef343b80259caa32671207 mysql-server-5.0.22-2.2.el5_1.1.ppc.rpm d40e7b9e1695d2b6ae655ed8e77c76f3 mysql-test-5.0.22-2.2.el5_1.1.ppc.rpm s390x: e91967507a4b2ad8b549f3c793b5db0f mysql-5.0.22-2.2.el5_1.1.s390.rpm a49e1879d5e41ba677aa212398ff6c96 mysql-5.0.22-2.2.el5_1.1.s390x.rpm f52f0eec9ee6fdac6014cbf696d85bef mysql-bench-5.0.22-2.2.el5_1.1.s390x.rpm 5485a4a3cceb3368f4b395e68bceea38 mysql-debuginfo-5.0.22-2.2.el5_1.1.s390.rpm a3e342a9cb73f0c4d129eaeabc15defb mysql-debuginfo-5.0.22-2.2.el5_1.1.s390x.rpm 07ecfba53a429d586c9be5ba683b1143 mysql-devel-5.0.22-2.2.el5_1.1.s390.rpm bdb7d8b4d8d6356e33ec79a081b604a3 mysql-devel-5.0.22-2.2.el5_1.1.s390x.rpm fa5fcdc0ebcbb3c1672863917a2420a9 mysql-server-5.0.22-2.2.el5_1.1.s390x.rpm 33481d82c53cdf4bddf31b4308896d36 mysql-test-5.0.22-2.2.el5_1.1.s390x.rpm x86_64: c75889dc568cb7ca5f91672cec4d2c72 mysql-5.0.22-2.2.el5_1.1.i386.rpm f99bf6ee7efbca43fd93ff705dafc906 mysql-5.0.22-2.2.el5_1.1.x86_64.rpm 38487f1a2d8deeba984038448eb172ae mysql-bench-5.0.22-2.2.el5_1.1.x86_64.rpm 767a563f605343da4399ec3d66eb5e2b mysql-debuginfo-5.0.22-2.2.el5_1.1.i386.rpm bcc234f327d4e6c5f16ad8be2f2b4aba mysql-debuginfo-5.0.22-2.2.el5_1.1.x86_64.rpm e64dbc1b3a3bdb53d7a8e53952a0c6c0 mysql-devel-5.0.22-2.2.el5_1.1.i386.rpm eb90903e4ae7a2fbe8357fde6ec3c357 mysql-devel-5.0.22-2.2.el5_1.1.x86_64.rpm 1ba9dd9f34b5b1ecb7ccc8167cd459a5 mysql-server-5.0.22-2.2.el5_1.1.x86_64.rpm 995d71b15bdef4b4c6f84fab8b5d869e mysql-test-5.0.22-2.2.el5_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHZ/gGXlSAg2UNWIIRAuooAKCporko2Nd3cKQhABYrJJVD54QzsACeNA6Q NWHeSLyUxslva/x0D4Jdhe0= =Tsfw -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Dec 18 23:55:53 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 18 Dec 2007 18:55:53 -0500 Subject: [RHSA-2007:1126-01] Critical: flash-plugin security update Message-ID: <200712182355.lBINtrZt020032@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2007:1126-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1126.html Issue date: 2007-12-18 Updated on: 2007-12-18 Product: Red Hat Enterprise Linux Extras CVE Names: CVE-2007-5275 CVE-2007-4324 CVE-2007-4768 CVE-2007-6242 CVE-2007-6244 CVE-2007-6245 CVE-2007-6246 - --------------------------------------------------------------------- 1. Summary: An updated Adobe Flash Player package that fixes a security issue is now available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 Extras - i386 Red Hat Desktop version 3 Extras - i386 Red Hat Enterprise Linux ES version 3 Extras - i386 Red Hat Enterprise Linux WS version 3 Extras - i386 Red Hat Enterprise Linux AS version 4.5.z Extras - i386 Red Hat Enterprise Linux AS version 4 Extras - i386 Red Hat Desktop version 4 Extras - i386 Red Hat Enterprise Linux ES version 4.5.z Extras - i386 Red Hat Enterprise Linux ES version 4 Extras - i386 Red Hat Enterprise Linux WS version 4 Extras - i386 RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 3. Problem description: The flash-plugin package contains a Firefox-compatible Adobe Flash Player Web browser plug-in. Several input validation flaws were found in the way Flash Player displays certain content. It may be possible to execute arbitrary code on a victim's machine, if the victim opens a malicious Adobe Flash file. (CVE-2007-4768, CVE-2007-6242, CVE-2007-6246) A flaw was found in the way Flash Player handled the asfunction: protocol. Malformed SWF files could perform a cross-site scripting attack. (CVE-2007-6244) A flaw was found in the way Flash Player modified HTTP request headers. Malicious content could allow Flash Player to conduct a HTTP response splitting attack. (CVE-2007-6245) A flaw was found in the way Flash Player processes certain SWF content. A malicious SWF file could allow a remote attacker to conduct a port scanning attack from the client's machine. (CVE-2007-4324) A flaw was found in the way Flash Player establishes TCP sessions. A remote attacker could use Flash Player to conduct a DNS rebinding attack. (CVE-2007-5275) Users of Adobe Flash Player are advised to upgrade to this updated package, which contains version 9.0.115.0 and resolves these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 252292 - CVE-2007-4324 Flash movie can determine whether a TCP port is open 367501 - CVE-2007-5275 Flash plugin DNS rebinding 392911 - CVE-2007-4768: pcre before 7.3 incorrect unicode in char class optimization 412161 - CVE-2007-6242 414501 - CVE-2007-6244 414511 - CVE-2007-6245 414521 - CVE-2007-6246 6. RPMs required: Red Hat Enterprise Linux AS version 3 Extras: i386: 909f18bf7e3ba2bd77c486471ed0a649 flash-plugin-9.0.115.0-1.el3.with.oss.i386.rpm Red Hat Desktop version 3 Extras: i386: 909f18bf7e3ba2bd77c486471ed0a649 flash-plugin-9.0.115.0-1.el3.with.oss.i386.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: 909f18bf7e3ba2bd77c486471ed0a649 flash-plugin-9.0.115.0-1.el3.with.oss.i386.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: 909f18bf7e3ba2bd77c486471ed0a649 flash-plugin-9.0.115.0-1.el3.with.oss.i386.rpm Red Hat Enterprise Linux AS version 4.5.z Extras: i386: f0824c43f26d5b33731a54734d1334f7 flash-plugin-9.0.115.0-1.el4.i386.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: f0824c43f26d5b33731a54734d1334f7 flash-plugin-9.0.115.0-1.el4.i386.rpm Red Hat Desktop version 4 Extras: i386: f0824c43f26d5b33731a54734d1334f7 flash-plugin-9.0.115.0-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4.5.z Extras: i386: f0824c43f26d5b33731a54734d1334f7 flash-plugin-9.0.115.0-1.el4.i386.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: f0824c43f26d5b33731a54734d1334f7 flash-plugin-9.0.115.0-1.el4.i386.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: f0824c43f26d5b33731a54734d1334f7 flash-plugin-9.0.115.0-1.el4.i386.rpm RHEL Desktop Supplementary (v. 5 client): i386: 3263ab995eabfca2783ec2013e9ff901 flash-plugin-9.0.115.0-1.el5.i386.rpm x86_64: 3263ab995eabfca2783ec2013e9ff901 flash-plugin-9.0.115.0-1.el5.i386.rpm RHEL Supplementary (v. 5 server): i386: 3263ab995eabfca2783ec2013e9ff901 flash-plugin-9.0.115.0-1.el5.i386.rpm x86_64: 3263ab995eabfca2783ec2013e9ff901 flash-plugin-9.0.115.0-1.el5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4324 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6244 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6246 http://www.adobe.com/support/security/bulletins/apsb07-20.html http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHaF4IXlSAg2UNWIIRAtBLAJ94u1u5wa4eqkEmo1NxVNTy2bu9sQCgndVD 2okQDGODAJ6IjJWLsnnOgXs= =AgjI -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 19 15:48:43 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 Dec 2007 10:48:43 -0500 Subject: [RHSA-2007:1165-01] Moderate: libexif security update Message-ID: <200712191548.lBJFmhO2018844@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: libexif security update Advisory ID: RHSA-2007:1165-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1165.html Issue date: 2007-12-19 Updated on: 2007-12-19 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-6351 CVE-2007-6352 - --------------------------------------------------------------------- 1. Summary: Updated libexif packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: The libexif packages contain the Exif library. Exif is an image file format specification that enables metadata tags to be added to existing JPEG, TIFF and RIFF files. The Exif library makes it possible to parse an Exif file and read this metadata. An infinite recursion flaw was found in the way libexif parses Exif image tags. If a victim opens a carefully crafted Exif image file, it could cause the application linked against libexif to crash. (CVE-2007-6351) An integer overflow flaw was found in the way libexif parses Exif image tags. If a victim opens a carefully crafted Exif image file, it could cause the application linked against libexif to execute arbitrary code, or crash. (CVE-2007-6352) Users of libexif are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 425551 - CVE-2007-6351 libexif infinite recursion flaw (DoS) 425561 - CVE-2007-6352 libexif integer overflow 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libexif-0.6.13-4.0.2.el5_1.1.src.rpm 405b067a3ff329fd2f73b4edfd767837 libexif-0.6.13-4.0.2.el5_1.1.src.rpm i386: 5f5e2fdebf5c7aeb88c4d25ce887edf3 libexif-0.6.13-4.0.2.el5_1.1.i386.rpm 2ec8f0b6652c4c55b3923d2e319a6ec1 libexif-debuginfo-0.6.13-4.0.2.el5_1.1.i386.rpm x86_64: 5f5e2fdebf5c7aeb88c4d25ce887edf3 libexif-0.6.13-4.0.2.el5_1.1.i386.rpm 91d485dd3c59491db18592d70a25a59a libexif-0.6.13-4.0.2.el5_1.1.x86_64.rpm 2ec8f0b6652c4c55b3923d2e319a6ec1 libexif-debuginfo-0.6.13-4.0.2.el5_1.1.i386.rpm 0a1a7b23c17e3dddb66022e1a039cebd libexif-debuginfo-0.6.13-4.0.2.el5_1.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libexif-0.6.13-4.0.2.el5_1.1.src.rpm 405b067a3ff329fd2f73b4edfd767837 libexif-0.6.13-4.0.2.el5_1.1.src.rpm i386: 2ec8f0b6652c4c55b3923d2e319a6ec1 libexif-debuginfo-0.6.13-4.0.2.el5_1.1.i386.rpm eccd0c4354faa72f1aac98e074c53b4e libexif-devel-0.6.13-4.0.2.el5_1.1.i386.rpm x86_64: 2ec8f0b6652c4c55b3923d2e319a6ec1 libexif-debuginfo-0.6.13-4.0.2.el5_1.1.i386.rpm 0a1a7b23c17e3dddb66022e1a039cebd libexif-debuginfo-0.6.13-4.0.2.el5_1.1.x86_64.rpm eccd0c4354faa72f1aac98e074c53b4e libexif-devel-0.6.13-4.0.2.el5_1.1.i386.rpm a4cd77aa35f9c6e302399e094ca66fef libexif-devel-0.6.13-4.0.2.el5_1.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libexif-0.6.13-4.0.2.el5_1.1.src.rpm 405b067a3ff329fd2f73b4edfd767837 libexif-0.6.13-4.0.2.el5_1.1.src.rpm i386: 5f5e2fdebf5c7aeb88c4d25ce887edf3 libexif-0.6.13-4.0.2.el5_1.1.i386.rpm 2ec8f0b6652c4c55b3923d2e319a6ec1 libexif-debuginfo-0.6.13-4.0.2.el5_1.1.i386.rpm eccd0c4354faa72f1aac98e074c53b4e libexif-devel-0.6.13-4.0.2.el5_1.1.i386.rpm ia64: d82e96851e21bad167757e92e702904f libexif-0.6.13-4.0.2.el5_1.1.ia64.rpm 30b855e223e1dfd41e8eb7e47bf8944b libexif-debuginfo-0.6.13-4.0.2.el5_1.1.ia64.rpm 5e4041135eab0541826dd5332c2114a3 libexif-devel-0.6.13-4.0.2.el5_1.1.ia64.rpm ppc: 1045dc0f0638a436e5fb27d46a7ac953 libexif-0.6.13-4.0.2.el5_1.1.ppc.rpm 78b8320d53f0e730eb9a7403e132605a libexif-0.6.13-4.0.2.el5_1.1.ppc64.rpm 2325b01e76dd387150789182f9966f8b libexif-debuginfo-0.6.13-4.0.2.el5_1.1.ppc.rpm d1d108e272a0db54b3d59731a9c1ce55 libexif-debuginfo-0.6.13-4.0.2.el5_1.1.ppc64.rpm 70db0f13504d616e7cc33f38b4a308ca libexif-devel-0.6.13-4.0.2.el5_1.1.ppc.rpm 5aa61322b25614936b3e0af6dbdd0770 libexif-devel-0.6.13-4.0.2.el5_1.1.ppc64.rpm s390x: a4ce630587f200dac5017132df1b32bd libexif-0.6.13-4.0.2.el5_1.1.s390.rpm e4e24274f53f54eafdab963c6827d26e libexif-0.6.13-4.0.2.el5_1.1.s390x.rpm 63c098ac83e4dde2e57ccefb3220bcd2 libexif-debuginfo-0.6.13-4.0.2.el5_1.1.s390.rpm 93cc0e5e78577be2ce118c329f27ca97 libexif-debuginfo-0.6.13-4.0.2.el5_1.1.s390x.rpm 12a3e54a8e9d55063f504c68b0aee802 libexif-devel-0.6.13-4.0.2.el5_1.1.s390.rpm 2caf7997904ed6242a03c86522bdabfc libexif-devel-0.6.13-4.0.2.el5_1.1.s390x.rpm x86_64: 5f5e2fdebf5c7aeb88c4d25ce887edf3 libexif-0.6.13-4.0.2.el5_1.1.i386.rpm 91d485dd3c59491db18592d70a25a59a libexif-0.6.13-4.0.2.el5_1.1.x86_64.rpm 2ec8f0b6652c4c55b3923d2e319a6ec1 libexif-debuginfo-0.6.13-4.0.2.el5_1.1.i386.rpm 0a1a7b23c17e3dddb66022e1a039cebd libexif-debuginfo-0.6.13-4.0.2.el5_1.1.x86_64.rpm eccd0c4354faa72f1aac98e074c53b4e libexif-devel-0.6.13-4.0.2.el5_1.1.i386.rpm a4cd77aa35f9c6e302399e094ca66fef libexif-devel-0.6.13-4.0.2.el5_1.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6352 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHaT0wXlSAg2UNWIIRAlwFAKCGcatbp/6XAqgTwndZLv1NUBSUuACglOZq BG8iZuBm8c/FWC3ZnUErg8o= =9a9l -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 19 15:49:35 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 Dec 2007 10:49:35 -0500 Subject: [RHSA-2007:1166-01] Moderate: libexif security update Message-ID: <200712191549.lBJFnZeo018969@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: libexif security update Advisory ID: RHSA-2007:1166-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1166.html Issue date: 2007-12-19 Updated on: 2007-12-19 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-6352 - --------------------------------------------------------------------- 1. Summary: Updated libexif packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The libexif packages contain the Exif library. Exif is an image file format specification that enables metadata tags to be added to existing JPEG, TIFF and RIFF files. The Exif library makes it possible to parse an Exif file and read this metadata. An integer overflow flaw was found in the way libexif parses Exif image tags. If a victim opens a carefully crafted Exif image file, it could cause the application linked against libexif to execute arbitrary code, or crash. (CVE-2007-6352) Users of libexif are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 425561 - CVE-2007-6352 libexif integer overflow 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libexif-0.5.12-5.1.0.2.el4_6.1.src.rpm 260e767569adf64cc7bd5359e6ca9059 libexif-0.5.12-5.1.0.2.el4_6.1.src.rpm i386: 3b38729e0932d0993c2aa8447fd104d6 libexif-0.5.12-5.1.0.2.el4_6.1.i386.rpm 0e92cbf49a54e48aa6a290a9d85a0b0a libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.i386.rpm cba10132a49290056136efe9160dc358 libexif-devel-0.5.12-5.1.0.2.el4_6.1.i386.rpm ia64: 3b38729e0932d0993c2aa8447fd104d6 libexif-0.5.12-5.1.0.2.el4_6.1.i386.rpm 00528e858aa4853cb43fe95572223fb5 libexif-0.5.12-5.1.0.2.el4_6.1.ia64.rpm 0e92cbf49a54e48aa6a290a9d85a0b0a libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.i386.rpm 9ae7aa25051814a3f35300cea755754a libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.ia64.rpm c1cb9d74c7756f3d5519d37d0e7e24fb libexif-devel-0.5.12-5.1.0.2.el4_6.1.ia64.rpm ppc: d9c4c1761d584c5ceb693e4d4a25cff2 libexif-0.5.12-5.1.0.2.el4_6.1.ppc.rpm 1488abdeab9cd669eb528d213d2a0fd5 libexif-0.5.12-5.1.0.2.el4_6.1.ppc64.rpm e2ca79a7acb61d309266dd89a609f22c libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.ppc.rpm 7c46e330c4529c3af69b3073dac1b798 libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.ppc64.rpm 8a2582768cec7f1c138ea2be7233e7a1 libexif-devel-0.5.12-5.1.0.2.el4_6.1.ppc.rpm s390: 7aef19a3a514ae5b33a401f9b8004d42 libexif-0.5.12-5.1.0.2.el4_6.1.s390.rpm 5e9024c5b814336172d9f160da29a560 libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.s390.rpm f0539bf3e24ccd7a870d5a62fd763193 libexif-devel-0.5.12-5.1.0.2.el4_6.1.s390.rpm s390x: 7aef19a3a514ae5b33a401f9b8004d42 libexif-0.5.12-5.1.0.2.el4_6.1.s390.rpm d66a5dd70c8aa83901eb19152458dc95 libexif-0.5.12-5.1.0.2.el4_6.1.s390x.rpm 5e9024c5b814336172d9f160da29a560 libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.s390.rpm b1b2906325d8762567c84d559472822b libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.s390x.rpm 55f2289b65e062160f68a3275e7a4ed1 libexif-devel-0.5.12-5.1.0.2.el4_6.1.s390x.rpm x86_64: 3b38729e0932d0993c2aa8447fd104d6 libexif-0.5.12-5.1.0.2.el4_6.1.i386.rpm 4c3588ded0ada47e1ff348b87b7cc46d libexif-0.5.12-5.1.0.2.el4_6.1.x86_64.rpm 0e92cbf49a54e48aa6a290a9d85a0b0a libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.i386.rpm f40057ce7194e5940a8c9d062d83de30 libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.x86_64.rpm f9cf7abb7972b3c39258750c63e1b6d6 libexif-devel-0.5.12-5.1.0.2.el4_6.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libexif-0.5.12-5.1.0.2.el4_6.1.src.rpm 260e767569adf64cc7bd5359e6ca9059 libexif-0.5.12-5.1.0.2.el4_6.1.src.rpm i386: 3b38729e0932d0993c2aa8447fd104d6 libexif-0.5.12-5.1.0.2.el4_6.1.i386.rpm 0e92cbf49a54e48aa6a290a9d85a0b0a libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.i386.rpm cba10132a49290056136efe9160dc358 libexif-devel-0.5.12-5.1.0.2.el4_6.1.i386.rpm x86_64: 3b38729e0932d0993c2aa8447fd104d6 libexif-0.5.12-5.1.0.2.el4_6.1.i386.rpm 4c3588ded0ada47e1ff348b87b7cc46d libexif-0.5.12-5.1.0.2.el4_6.1.x86_64.rpm 0e92cbf49a54e48aa6a290a9d85a0b0a libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.i386.rpm f40057ce7194e5940a8c9d062d83de30 libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.x86_64.rpm f9cf7abb7972b3c39258750c63e1b6d6 libexif-devel-0.5.12-5.1.0.2.el4_6.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libexif-0.5.12-5.1.0.2.el4_6.1.src.rpm 260e767569adf64cc7bd5359e6ca9059 libexif-0.5.12-5.1.0.2.el4_6.1.src.rpm i386: 3b38729e0932d0993c2aa8447fd104d6 libexif-0.5.12-5.1.0.2.el4_6.1.i386.rpm 0e92cbf49a54e48aa6a290a9d85a0b0a libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.i386.rpm cba10132a49290056136efe9160dc358 libexif-devel-0.5.12-5.1.0.2.el4_6.1.i386.rpm ia64: 3b38729e0932d0993c2aa8447fd104d6 libexif-0.5.12-5.1.0.2.el4_6.1.i386.rpm 00528e858aa4853cb43fe95572223fb5 libexif-0.5.12-5.1.0.2.el4_6.1.ia64.rpm 0e92cbf49a54e48aa6a290a9d85a0b0a libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.i386.rpm 9ae7aa25051814a3f35300cea755754a libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.ia64.rpm c1cb9d74c7756f3d5519d37d0e7e24fb libexif-devel-0.5.12-5.1.0.2.el4_6.1.ia64.rpm x86_64: 3b38729e0932d0993c2aa8447fd104d6 libexif-0.5.12-5.1.0.2.el4_6.1.i386.rpm 4c3588ded0ada47e1ff348b87b7cc46d libexif-0.5.12-5.1.0.2.el4_6.1.x86_64.rpm 0e92cbf49a54e48aa6a290a9d85a0b0a libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.i386.rpm f40057ce7194e5940a8c9d062d83de30 libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.x86_64.rpm f9cf7abb7972b3c39258750c63e1b6d6 libexif-devel-0.5.12-5.1.0.2.el4_6.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libexif-0.5.12-5.1.0.2.el4_6.1.src.rpm 260e767569adf64cc7bd5359e6ca9059 libexif-0.5.12-5.1.0.2.el4_6.1.src.rpm i386: 3b38729e0932d0993c2aa8447fd104d6 libexif-0.5.12-5.1.0.2.el4_6.1.i386.rpm 0e92cbf49a54e48aa6a290a9d85a0b0a libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.i386.rpm cba10132a49290056136efe9160dc358 libexif-devel-0.5.12-5.1.0.2.el4_6.1.i386.rpm ia64: 3b38729e0932d0993c2aa8447fd104d6 libexif-0.5.12-5.1.0.2.el4_6.1.i386.rpm 00528e858aa4853cb43fe95572223fb5 libexif-0.5.12-5.1.0.2.el4_6.1.ia64.rpm 0e92cbf49a54e48aa6a290a9d85a0b0a libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.i386.rpm 9ae7aa25051814a3f35300cea755754a libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.ia64.rpm c1cb9d74c7756f3d5519d37d0e7e24fb libexif-devel-0.5.12-5.1.0.2.el4_6.1.ia64.rpm x86_64: 3b38729e0932d0993c2aa8447fd104d6 libexif-0.5.12-5.1.0.2.el4_6.1.i386.rpm 4c3588ded0ada47e1ff348b87b7cc46d libexif-0.5.12-5.1.0.2.el4_6.1.x86_64.rpm 0e92cbf49a54e48aa6a290a9d85a0b0a libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.i386.rpm f40057ce7194e5940a8c9d062d83de30 libexif-debuginfo-0.5.12-5.1.0.2.el4_6.1.x86_64.rpm f9cf7abb7972b3c39258750c63e1b6d6 libexif-devel-0.5.12-5.1.0.2.el4_6.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6352 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHaT1sXlSAg2UNWIIRAkoUAJ9H7DZ17YMiuo3vUW8qPg5YPZwxngCdEf3b rhy/OlU2+Xst4QeGj0iMXsw= =OEhC -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 19 16:14:39 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 Dec 2007 11:14:39 -0500 Subject: [RHSA-2007:1157-01] Important: mysql security update Message-ID: <200712191614.lBJGEdh8023244@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: mysql security update Advisory ID: RHSA-2007:1157-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1157.html Issue date: 2007-12-19 Updated on: 2007-12-19 Product: Red Hat Application Stack CVE Names: CVE-2007-5969 CVE-2007-5925 CVE-2007-6303 - --------------------------------------------------------------------- 1. Summary: Updated mysql packages that fix several security issues are now available for Red Hat Application Stack v1 and v2. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64 Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64 Red Hat Application Stack v2 for Enterprise Linux (v.5) - i386, x86_64 3. Problem description: MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld), and many different client programs and libraries. A flaw was found in a way MySQL handled symbolic links when database tables were created with explicit "DATA" and "INDEX DIRECTORY" options. An authenticated user could create a table that would overwrite tables in other databases, causing destruction of data or allowing the user to elevate privileges. (CVE-2007-5969) A flaw was found in a way MySQL's InnoDB engine handled spatial indexes. An authenticated user could create a table with spatial indexes, which are not supported by the InnoDB engine, that would cause the mysql daemon to crash when used. This issue only causes a temporary denial of service, as the mysql daemon will be automatically restarted after the crash. (CVE-2007-5925) A flaw was found in a way MySQL handled the "DEFINER" view parameter. A user with the "ALTER VIEW" privilege for a view created by another database user, could modify that view to get access to any data accessible to the creator of said view. (CVE-2007-6303) All mysql users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 377451 - CVE-2007-5925 mysql DoS in the InnoDB Engine 397071 - CVE-2007-5969 mysql: possible system table information overwrite using symlinks 420231 - CVE-2007-6303 mysql: DEFINER value of view not altered on ALTER VIEW 6. RPMs required: Red Hat Application Stack v1 for Enterprise Linux AS (v.4): SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/mysql-5.0.44-2.el4s1.1.src.rpm ca84729dbb47b6733cde3b385ca3773d mysql-5.0.44-2.el4s1.1.src.rpm i386: d71440ea3ee98d1d6481457b0cfcd7eb mysql-5.0.44-2.el4s1.1.i386.rpm 2da466fc2754b6b4bb279f7181d7cf37 mysql-bench-5.0.44-2.el4s1.1.i386.rpm 8f6c64281708ba3ad7eaaf6948762fc1 mysql-cluster-5.0.44-2.el4s1.1.i386.rpm a5483597c4385b1372aa821f8d514946 mysql-debuginfo-5.0.44-2.el4s1.1.i386.rpm 72a2d26bf19cc79d0a9c4f94658b00d0 mysql-devel-5.0.44-2.el4s1.1.i386.rpm c77211698fb1ce60be43744acc28a546 mysql-libs-5.0.44-2.el4s1.1.i386.rpm 8e9bb1932f851006a5a4e3f586c8b148 mysql-server-5.0.44-2.el4s1.1.i386.rpm 80ebb4bc395e2338b2175188d636e81f mysql-test-5.0.44-2.el4s1.1.i386.rpm x86_64: d71440ea3ee98d1d6481457b0cfcd7eb mysql-5.0.44-2.el4s1.1.i386.rpm 8b3674d07d0de7131ca61d0e5b82d9d4 mysql-5.0.44-2.el4s1.1.x86_64.rpm e32256754d35b2f741cf023d313db803 mysql-bench-5.0.44-2.el4s1.1.x86_64.rpm 0433ff7e161e6166069b990ed5e5adc0 mysql-cluster-5.0.44-2.el4s1.1.x86_64.rpm a5483597c4385b1372aa821f8d514946 mysql-debuginfo-5.0.44-2.el4s1.1.i386.rpm 4a6bd81a3ca36b47a5c7eb7289d9c69a mysql-debuginfo-5.0.44-2.el4s1.1.x86_64.rpm 706271c5eb07ec0862ffb6cd820f15c0 mysql-devel-5.0.44-2.el4s1.1.x86_64.rpm c77211698fb1ce60be43744acc28a546 mysql-libs-5.0.44-2.el4s1.1.i386.rpm ea65b280ea61b2c8aae57ebad1bd5748 mysql-libs-5.0.44-2.el4s1.1.x86_64.rpm 064abb6df8f7272d1a91ca890fefe1ff mysql-server-5.0.44-2.el4s1.1.x86_64.rpm 81b83016558b08b4558f3b04dd681b19 mysql-test-5.0.44-2.el4s1.1.x86_64.rpm Red Hat Application Stack v1 for Enterprise Linux ES (v.4): SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/mysql-5.0.44-2.el4s1.1.src.rpm ca84729dbb47b6733cde3b385ca3773d mysql-5.0.44-2.el4s1.1.src.rpm i386: d71440ea3ee98d1d6481457b0cfcd7eb mysql-5.0.44-2.el4s1.1.i386.rpm 2da466fc2754b6b4bb279f7181d7cf37 mysql-bench-5.0.44-2.el4s1.1.i386.rpm 8f6c64281708ba3ad7eaaf6948762fc1 mysql-cluster-5.0.44-2.el4s1.1.i386.rpm a5483597c4385b1372aa821f8d514946 mysql-debuginfo-5.0.44-2.el4s1.1.i386.rpm 72a2d26bf19cc79d0a9c4f94658b00d0 mysql-devel-5.0.44-2.el4s1.1.i386.rpm c77211698fb1ce60be43744acc28a546 mysql-libs-5.0.44-2.el4s1.1.i386.rpm 8e9bb1932f851006a5a4e3f586c8b148 mysql-server-5.0.44-2.el4s1.1.i386.rpm 80ebb4bc395e2338b2175188d636e81f mysql-test-5.0.44-2.el4s1.1.i386.rpm x86_64: d71440ea3ee98d1d6481457b0cfcd7eb mysql-5.0.44-2.el4s1.1.i386.rpm 8b3674d07d0de7131ca61d0e5b82d9d4 mysql-5.0.44-2.el4s1.1.x86_64.rpm e32256754d35b2f741cf023d313db803 mysql-bench-5.0.44-2.el4s1.1.x86_64.rpm 0433ff7e161e6166069b990ed5e5adc0 mysql-cluster-5.0.44-2.el4s1.1.x86_64.rpm a5483597c4385b1372aa821f8d514946 mysql-debuginfo-5.0.44-2.el4s1.1.i386.rpm 4a6bd81a3ca36b47a5c7eb7289d9c69a mysql-debuginfo-5.0.44-2.el4s1.1.x86_64.rpm 706271c5eb07ec0862ffb6cd820f15c0 mysql-devel-5.0.44-2.el4s1.1.x86_64.rpm c77211698fb1ce60be43744acc28a546 mysql-libs-5.0.44-2.el4s1.1.i386.rpm ea65b280ea61b2c8aae57ebad1bd5748 mysql-libs-5.0.44-2.el4s1.1.x86_64.rpm 064abb6df8f7272d1a91ca890fefe1ff mysql-server-5.0.44-2.el4s1.1.x86_64.rpm 81b83016558b08b4558f3b04dd681b19 mysql-test-5.0.44-2.el4s1.1.x86_64.rpm Red Hat Application Stack v2 for Enterprise Linux (v.5): SRPMS: ftp://updates.redhat.com/enterprise//en/RHWAS/SRPMS/mysql-5.0.44-3.el5s2.src.rpm 9b9b957fe2d29d198f27f956dedb31fe mysql-5.0.44-3.el5s2.src.rpm i386: cf1887c176b79fe704600f2bdc163474 mysql-5.0.44-3.el5s2.i386.rpm 1753693081423dc9841979b5564b58ff mysql-bench-5.0.44-3.el5s2.i386.rpm 3be4ca88aa307cb4fd3ad786852782ec mysql-cluster-5.0.44-3.el5s2.i386.rpm d9621538bdd467798c1016936fe3bcae mysql-debuginfo-5.0.44-3.el5s2.i386.rpm dcacca0a00f7eb14bdcebd1f943c47e7 mysql-devel-5.0.44-3.el5s2.i386.rpm 809ff153137e95e27fd771c1be590dfc mysql-libs-5.0.44-3.el5s2.i386.rpm a7a65b019b44f9c016739b5818dbf46b mysql-server-5.0.44-3.el5s2.i386.rpm 1a40e64039df2a50d68c22cbbb88edbf mysql-test-5.0.44-3.el5s2.i386.rpm x86_64: cf1887c176b79fe704600f2bdc163474 mysql-5.0.44-3.el5s2.i386.rpm cc9549cea809112110f1ec76cfbee1d8 mysql-5.0.44-3.el5s2.x86_64.rpm c20fc6b7e24a6928e7f080cfba9d98dd mysql-bench-5.0.44-3.el5s2.x86_64.rpm 9ae5003039deb5772fb954ed1440cbcc mysql-cluster-5.0.44-3.el5s2.x86_64.rpm d9621538bdd467798c1016936fe3bcae mysql-debuginfo-5.0.44-3.el5s2.i386.rpm 1e76cbe8a731f04266502d54a5506a47 mysql-debuginfo-5.0.44-3.el5s2.x86_64.rpm dcacca0a00f7eb14bdcebd1f943c47e7 mysql-devel-5.0.44-3.el5s2.i386.rpm 823725665e22e44533177134487d9f0f mysql-devel-5.0.44-3.el5s2.x86_64.rpm 809ff153137e95e27fd771c1be590dfc mysql-libs-5.0.44-3.el5s2.i386.rpm b66ef3e045f403152d0451ae0bee8e39 mysql-libs-5.0.44-3.el5s2.x86_64.rpm cb45dec1b2d708e62955c4017f663036 mysql-server-5.0.44-3.el5s2.x86_64.rpm 902c6e1e350ae925d5de24c5e13f0418 mysql-test-5.0.44-3.el5s2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5969 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6303 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHaUM+XlSAg2UNWIIRAtDSAKCM7s75ag8eIliaC/8YXrBYmHdaWACgjbQx 3pISyq8SjHZpfV45rzfXIAQ= =DACv -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 19 16:57:07 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 Dec 2007 11:57:07 -0500 Subject: [RHSA-2007:1083-01] Moderate: thunderbird security update Message-ID: <200712191657.lBJGv7wN030729@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: thunderbird security update Advisory ID: RHSA-2007:1083-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1083.html Issue date: 2007-12-19 Updated on: 2007-12-19 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-5947 CVE-2007-5959 CVE-2007-5960 - --------------------------------------------------------------------- 1. Summary: Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Problem description: Mozilla Thunderbird is a standalone mail and newsgroup client. A cross-site scripting flaw was found in the way Thunderbird handled the jar: URI scheme. It may be possible for a malicious HTML mail message to leverage this flaw, and conduct a cross-site scripting attack against a user running Thunderbird. (CVE-2007-5947) Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2007-5959) A race condition existed when Thunderbird set the "window.location" property when displaying HTML mail content. This flaw could allow a HTML mail message to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960) All users of thunderbird are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 394211 - CVE-2007-5947 Mozilla jar: protocol XSS 394241 - CVE-2007-5959 Multiple flaws in Firefox 394261 - CVE-2007-5960 Mozilla Cross-site Request Forgery flaw 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.12-7.el4.src.rpm 4d7be8e483560839d3409364a18a8e02 thunderbird-1.5.0.12-7.el4.src.rpm i386: e2caa338f6077d4bab35d93f80ad8bb0 thunderbird-1.5.0.12-7.el4.i386.rpm 1ae9c96c94590bcb7e9696f66df111b0 thunderbird-debuginfo-1.5.0.12-7.el4.i386.rpm ia64: 36a9b04d91727541053c5335ea72eec1 thunderbird-1.5.0.12-7.el4.ia64.rpm 5c54a0682230239d62bc4ed9c653875c thunderbird-debuginfo-1.5.0.12-7.el4.ia64.rpm ppc: 42c2f013857d712c3ec3b941cc2ce4bc thunderbird-1.5.0.12-7.el4.ppc.rpm c169dbac589f5a4cd3168729441bfdab thunderbird-debuginfo-1.5.0.12-7.el4.ppc.rpm s390: 4573e3b986a4c851c489aa6848c9de3d thunderbird-1.5.0.12-7.el4.s390.rpm 0db4521326a8c9c3582ce3c575d70c16 thunderbird-debuginfo-1.5.0.12-7.el4.s390.rpm s390x: 2faffc589ae1ac537fd7da3cc2ffb530 thunderbird-1.5.0.12-7.el4.s390x.rpm dfce2d56babd016ccba6e042fc21c56e thunderbird-debuginfo-1.5.0.12-7.el4.s390x.rpm x86_64: 395bc4da647ad1c1fd89af612bd63b13 thunderbird-1.5.0.12-7.el4.x86_64.rpm e8a7d8d02630d8b0028796792fe8781b thunderbird-debuginfo-1.5.0.12-7.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.12-7.el4.src.rpm 4d7be8e483560839d3409364a18a8e02 thunderbird-1.5.0.12-7.el4.src.rpm i386: e2caa338f6077d4bab35d93f80ad8bb0 thunderbird-1.5.0.12-7.el4.i386.rpm 1ae9c96c94590bcb7e9696f66df111b0 thunderbird-debuginfo-1.5.0.12-7.el4.i386.rpm x86_64: 395bc4da647ad1c1fd89af612bd63b13 thunderbird-1.5.0.12-7.el4.x86_64.rpm e8a7d8d02630d8b0028796792fe8781b thunderbird-debuginfo-1.5.0.12-7.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.12-7.el4.src.rpm 4d7be8e483560839d3409364a18a8e02 thunderbird-1.5.0.12-7.el4.src.rpm i386: e2caa338f6077d4bab35d93f80ad8bb0 thunderbird-1.5.0.12-7.el4.i386.rpm 1ae9c96c94590bcb7e9696f66df111b0 thunderbird-debuginfo-1.5.0.12-7.el4.i386.rpm ia64: 36a9b04d91727541053c5335ea72eec1 thunderbird-1.5.0.12-7.el4.ia64.rpm 5c54a0682230239d62bc4ed9c653875c thunderbird-debuginfo-1.5.0.12-7.el4.ia64.rpm x86_64: 395bc4da647ad1c1fd89af612bd63b13 thunderbird-1.5.0.12-7.el4.x86_64.rpm e8a7d8d02630d8b0028796792fe8781b thunderbird-debuginfo-1.5.0.12-7.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.12-7.el4.src.rpm 4d7be8e483560839d3409364a18a8e02 thunderbird-1.5.0.12-7.el4.src.rpm i386: e2caa338f6077d4bab35d93f80ad8bb0 thunderbird-1.5.0.12-7.el4.i386.rpm 1ae9c96c94590bcb7e9696f66df111b0 thunderbird-debuginfo-1.5.0.12-7.el4.i386.rpm ia64: 36a9b04d91727541053c5335ea72eec1 thunderbird-1.5.0.12-7.el4.ia64.rpm 5c54a0682230239d62bc4ed9c653875c thunderbird-debuginfo-1.5.0.12-7.el4.ia64.rpm x86_64: 395bc4da647ad1c1fd89af612bd63b13 thunderbird-1.5.0.12-7.el4.x86_64.rpm e8a7d8d02630d8b0028796792fe8781b thunderbird-debuginfo-1.5.0.12-7.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-1.5.0.12-7.el5.src.rpm 1d338b7e5786b0681bc04a29a8222053 thunderbird-1.5.0.12-7.el5.src.rpm i386: 315152126ddf479cc763bb8aafc44454 thunderbird-1.5.0.12-7.el5.i386.rpm 1d56153e5debd06b15a594fc27b3bfea thunderbird-debuginfo-1.5.0.12-7.el5.i386.rpm x86_64: ae49af405b680729c770fa1ac4dd603d thunderbird-1.5.0.12-7.el5.x86_64.rpm c74f2cbf03f9feb664c2538d62084a3c thunderbird-debuginfo-1.5.0.12-7.el5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-1.5.0.12-7.el5.src.rpm 1d338b7e5786b0681bc04a29a8222053 thunderbird-1.5.0.12-7.el5.src.rpm i386: 315152126ddf479cc763bb8aafc44454 thunderbird-1.5.0.12-7.el5.i386.rpm 1d56153e5debd06b15a594fc27b3bfea thunderbird-debuginfo-1.5.0.12-7.el5.i386.rpm x86_64: ae49af405b680729c770fa1ac4dd603d thunderbird-1.5.0.12-7.el5.x86_64.rpm c74f2cbf03f9feb664c2538d62084a3c thunderbird-debuginfo-1.5.0.12-7.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5959 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5960 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHaU02XlSAg2UNWIIRAkHSAJ4vkA7LYJhUnW9vcwF42C506AuRAgCgwd2z BsTZBmr9MHXx22+N/5THU3E= =h6hI -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Dec 19 18:36:24 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 19 Dec 2007 13:36:24 -0500 Subject: [RHSA-2007:1104-01] Important: kernel security and bug fix update Message-ID: <200712191836.lBJIaOaY014055@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2007:1104-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1104.html Issue date: 2007-12-19 Updated on: 2007-12-19 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-4997 CVE-2007-5494 - --------------------------------------------------------------------- 1. Summary: Updated kernel packages that fix various security issues and several bugs in the Red Hat Enterprise Linux 4 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64 3. Problem description: The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: A flaw was found in the handling of IEEE 802.11 frames, which affected several wireless LAN modules. In certain situations, a remote attacker could trigger this flaw by sending a malicious packet over a wireless network, causing a denial of service (kernel crash). (CVE-2007-4997, Important) A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) Additionally, the following bugs were fixed: * when running the "ls -la" command on an NFSv4 mount point, incorrect file attributes, and outdated file size and timestamp information were returned. As well, symbolic links may have been displayed as actual files. * a bug which caused the cmirror write path to appear deadlocked after a successful recovery, which may have caused syncing to hang, has been resolved. * a kernel panic which occurred when manually configuring LCS interfaces on the IBM S/390 has been resolved. * when running a 32-bit binary on a 64-bit system, it was possible to mmap page at address 0 without flag MAP_FIXED set. This has been resolved in these updated packages. * the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI interrupt counter in "/proc/interrupts" on systems running an AMD Opteron CPU. This caused systems running NMI Watchdog to restart at regular intervals. * a bug which caused the diskdump utility to run very slowly on devices using Fusion MPT has been resolved. All users are advised to upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 315051 - CVE-2007-5494 open(O_ATOMICLOOKUP) leaks dentry 346341 - CVE-2007-4997 kernel ieee80211 off-by-two integer underflow 371551 - NFS problem#3 of IT 106473 - 32-bit jiffy wrap around - NFS inode 399661 - cmirror write path appears deadlocked after recovery is successful 400801 - LTC39618-kernel panic making lcs interfaces online on LPAR 400811 - [RHEL4] Odd behaviour in mmap 404741 - [RHEL4] NMI Watchdog Not Working in RHEL 4 U6 Opteron Systems 404781 - RHEL4.6 [REGRESSION] diskdump works with mpt fusion too slow. 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kernel-2.6.9-67.0.1.EL.src.rpm 71fae31e5352c4fa4d12582938f123c2 kernel-2.6.9-67.0.1.EL.src.rpm i386: 96af80cf2b6b13ba697d531e011a6ab2 kernel-2.6.9-67.0.1.EL.i686.rpm 12212428cfdfe849651d208562490155 kernel-debuginfo-2.6.9-67.0.1.EL.i686.rpm e005130561e2d1380bb9b79b10d0d422 kernel-devel-2.6.9-67.0.1.EL.i686.rpm 8f842eb0377b68e100dc8ecfe6060a8d kernel-hugemem-2.6.9-67.0.1.EL.i686.rpm 5f2fc9b922a6540e01afc4e18e57a765 kernel-hugemem-devel-2.6.9-67.0.1.EL.i686.rpm 45ef47bce33ee702b1c381a9a9a494e5 kernel-smp-2.6.9-67.0.1.EL.i686.rpm 93d4eb42f17ad51cae8b5463a1959a30 kernel-smp-devel-2.6.9-67.0.1.EL.i686.rpm 931ac692f6b6438cf275c7382af80d4e kernel-xenU-2.6.9-67.0.1.EL.i686.rpm ac066af710b0239ac02167369edcdfe7 kernel-xenU-devel-2.6.9-67.0.1.EL.i686.rpm ia64: bddf17442cd069545b65a001e9f48222 kernel-2.6.9-67.0.1.EL.ia64.rpm 2a976e19539a629858593bfbb4a76549 kernel-debuginfo-2.6.9-67.0.1.EL.ia64.rpm 6b7d32cc452549b2cbb87b44d7030e78 kernel-devel-2.6.9-67.0.1.EL.ia64.rpm 02b8601db5e4b8744d6194b3aa2c2a8b kernel-largesmp-2.6.9-67.0.1.EL.ia64.rpm 04eda6a8381f80643143fbb95288f8a8 kernel-largesmp-devel-2.6.9-67.0.1.EL.ia64.rpm noarch: ca0869512f974a15b88bdbff99d6e082 kernel-doc-2.6.9-67.0.1.EL.noarch.rpm ppc: 3c8b3a2172b6b5c3413c500d9ee59fab kernel-2.6.9-67.0.1.EL.ppc64.rpm a86799da3b862116afbe4e83cab98350 kernel-2.6.9-67.0.1.EL.ppc64iseries.rpm 87481c83294d92b78d7d55b0744e40a6 kernel-debuginfo-2.6.9-67.0.1.EL.ppc64.rpm 210acd0cc9f415932e48b4586eef46ac kernel-debuginfo-2.6.9-67.0.1.EL.ppc64iseries.rpm 8b54d9b8547ce5041eff9f0b8e15ab36 kernel-devel-2.6.9-67.0.1.EL.ppc64.rpm 127846bbd02521d943b0bfe719f50601 kernel-devel-2.6.9-67.0.1.EL.ppc64iseries.rpm 3c2611015a419854022266e26cd0cf28 kernel-largesmp-2.6.9-67.0.1.EL.ppc64.rpm a1c2d8fb4c3df31b3b170d31e9293c57 kernel-largesmp-devel-2.6.9-67.0.1.EL.ppc64.rpm s390: 2a9e942f01c3c9736765a69fc7035594 kernel-2.6.9-67.0.1.EL.s390.rpm 21fa686d2b6ab4061ef734a9b45eed46 kernel-debuginfo-2.6.9-67.0.1.EL.s390.rpm d2a8868e7b0785995605dbd38a884359 kernel-devel-2.6.9-67.0.1.EL.s390.rpm s390x: a55409e46a6b6f8d949fee6743f74e30 kernel-2.6.9-67.0.1.EL.s390x.rpm 9defe3074472da19e7c68e080471ff19 kernel-debuginfo-2.6.9-67.0.1.EL.s390x.rpm 5992ce2a1bcb195a7b23416782406092 kernel-devel-2.6.9-67.0.1.EL.s390x.rpm x86_64: db06d45fdecf81276cf310d96c365c50 kernel-2.6.9-67.0.1.EL.x86_64.rpm d491438e388754f4756011a91f541d56 kernel-debuginfo-2.6.9-67.0.1.EL.x86_64.rpm 9c20fdf6c2b8ca3e7383bcc998d9ded1 kernel-devel-2.6.9-67.0.1.EL.x86_64.rpm be9a35b125804c2f6b2ac2881aad97a7 kernel-largesmp-2.6.9-67.0.1.EL.x86_64.rpm 3eee37ba0eb4e8b742ac0b12048cd04f kernel-largesmp-devel-2.6.9-67.0.1.EL.x86_64.rpm ae76bb975de66c52043944b76f88b935 kernel-smp-2.6.9-67.0.1.EL.x86_64.rpm 246d932e69b533808041a9c179090944 kernel-smp-devel-2.6.9-67.0.1.EL.x86_64.rpm 29991e5a6a46a077eeccb9cb4dc0684e kernel-xenU-2.6.9-67.0.1.EL.x86_64.rpm ae91a97d112bfb7af7e4465fbd9bd871 kernel-xenU-devel-2.6.9-67.0.1.EL.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kernel-2.6.9-67.0.1.EL.src.rpm 71fae31e5352c4fa4d12582938f123c2 kernel-2.6.9-67.0.1.EL.src.rpm i386: 96af80cf2b6b13ba697d531e011a6ab2 kernel-2.6.9-67.0.1.EL.i686.rpm 12212428cfdfe849651d208562490155 kernel-debuginfo-2.6.9-67.0.1.EL.i686.rpm e005130561e2d1380bb9b79b10d0d422 kernel-devel-2.6.9-67.0.1.EL.i686.rpm 8f842eb0377b68e100dc8ecfe6060a8d kernel-hugemem-2.6.9-67.0.1.EL.i686.rpm 5f2fc9b922a6540e01afc4e18e57a765 kernel-hugemem-devel-2.6.9-67.0.1.EL.i686.rpm 45ef47bce33ee702b1c381a9a9a494e5 kernel-smp-2.6.9-67.0.1.EL.i686.rpm 93d4eb42f17ad51cae8b5463a1959a30 kernel-smp-devel-2.6.9-67.0.1.EL.i686.rpm 931ac692f6b6438cf275c7382af80d4e kernel-xenU-2.6.9-67.0.1.EL.i686.rpm ac066af710b0239ac02167369edcdfe7 kernel-xenU-devel-2.6.9-67.0.1.EL.i686.rpm noarch: ca0869512f974a15b88bdbff99d6e082 kernel-doc-2.6.9-67.0.1.EL.noarch.rpm x86_64: db06d45fdecf81276cf310d96c365c50 kernel-2.6.9-67.0.1.EL.x86_64.rpm d491438e388754f4756011a91f541d56 kernel-debuginfo-2.6.9-67.0.1.EL.x86_64.rpm 9c20fdf6c2b8ca3e7383bcc998d9ded1 kernel-devel-2.6.9-67.0.1.EL.x86_64.rpm be9a35b125804c2f6b2ac2881aad97a7 kernel-largesmp-2.6.9-67.0.1.EL.x86_64.rpm 3eee37ba0eb4e8b742ac0b12048cd04f kernel-largesmp-devel-2.6.9-67.0.1.EL.x86_64.rpm ae76bb975de66c52043944b76f88b935 kernel-smp-2.6.9-67.0.1.EL.x86_64.rpm 246d932e69b533808041a9c179090944 kernel-smp-devel-2.6.9-67.0.1.EL.x86_64.rpm 29991e5a6a46a077eeccb9cb4dc0684e kernel-xenU-2.6.9-67.0.1.EL.x86_64.rpm ae91a97d112bfb7af7e4465fbd9bd871 kernel-xenU-devel-2.6.9-67.0.1.EL.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kernel-2.6.9-67.0.1.EL.src.rpm 71fae31e5352c4fa4d12582938f123c2 kernel-2.6.9-67.0.1.EL.src.rpm i386: 96af80cf2b6b13ba697d531e011a6ab2 kernel-2.6.9-67.0.1.EL.i686.rpm 12212428cfdfe849651d208562490155 kernel-debuginfo-2.6.9-67.0.1.EL.i686.rpm e005130561e2d1380bb9b79b10d0d422 kernel-devel-2.6.9-67.0.1.EL.i686.rpm 8f842eb0377b68e100dc8ecfe6060a8d kernel-hugemem-2.6.9-67.0.1.EL.i686.rpm 5f2fc9b922a6540e01afc4e18e57a765 kernel-hugemem-devel-2.6.9-67.0.1.EL.i686.rpm 45ef47bce33ee702b1c381a9a9a494e5 kernel-smp-2.6.9-67.0.1.EL.i686.rpm 93d4eb42f17ad51cae8b5463a1959a30 kernel-smp-devel-2.6.9-67.0.1.EL.i686.rpm 931ac692f6b6438cf275c7382af80d4e kernel-xenU-2.6.9-67.0.1.EL.i686.rpm ac066af710b0239ac02167369edcdfe7 kernel-xenU-devel-2.6.9-67.0.1.EL.i686.rpm ia64: bddf17442cd069545b65a001e9f48222 kernel-2.6.9-67.0.1.EL.ia64.rpm 2a976e19539a629858593bfbb4a76549 kernel-debuginfo-2.6.9-67.0.1.EL.ia64.rpm 6b7d32cc452549b2cbb87b44d7030e78 kernel-devel-2.6.9-67.0.1.EL.ia64.rpm 02b8601db5e4b8744d6194b3aa2c2a8b kernel-largesmp-2.6.9-67.0.1.EL.ia64.rpm 04eda6a8381f80643143fbb95288f8a8 kernel-largesmp-devel-2.6.9-67.0.1.EL.ia64.rpm noarch: ca0869512f974a15b88bdbff99d6e082 kernel-doc-2.6.9-67.0.1.EL.noarch.rpm x86_64: db06d45fdecf81276cf310d96c365c50 kernel-2.6.9-67.0.1.EL.x86_64.rpm d491438e388754f4756011a91f541d56 kernel-debuginfo-2.6.9-67.0.1.EL.x86_64.rpm 9c20fdf6c2b8ca3e7383bcc998d9ded1 kernel-devel-2.6.9-67.0.1.EL.x86_64.rpm be9a35b125804c2f6b2ac2881aad97a7 kernel-largesmp-2.6.9-67.0.1.EL.x86_64.rpm 3eee37ba0eb4e8b742ac0b12048cd04f kernel-largesmp-devel-2.6.9-67.0.1.EL.x86_64.rpm ae76bb975de66c52043944b76f88b935 kernel-smp-2.6.9-67.0.1.EL.x86_64.rpm 246d932e69b533808041a9c179090944 kernel-smp-devel-2.6.9-67.0.1.EL.x86_64.rpm 29991e5a6a46a077eeccb9cb4dc0684e kernel-xenU-2.6.9-67.0.1.EL.x86_64.rpm ae91a97d112bfb7af7e4465fbd9bd871 kernel-xenU-devel-2.6.9-67.0.1.EL.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kernel-2.6.9-67.0.1.EL.src.rpm 71fae31e5352c4fa4d12582938f123c2 kernel-2.6.9-67.0.1.EL.src.rpm i386: 96af80cf2b6b13ba697d531e011a6ab2 kernel-2.6.9-67.0.1.EL.i686.rpm 12212428cfdfe849651d208562490155 kernel-debuginfo-2.6.9-67.0.1.EL.i686.rpm e005130561e2d1380bb9b79b10d0d422 kernel-devel-2.6.9-67.0.1.EL.i686.rpm 8f842eb0377b68e100dc8ecfe6060a8d kernel-hugemem-2.6.9-67.0.1.EL.i686.rpm 5f2fc9b922a6540e01afc4e18e57a765 kernel-hugemem-devel-2.6.9-67.0.1.EL.i686.rpm 45ef47bce33ee702b1c381a9a9a494e5 kernel-smp-2.6.9-67.0.1.EL.i686.rpm 93d4eb42f17ad51cae8b5463a1959a30 kernel-smp-devel-2.6.9-67.0.1.EL.i686.rpm 931ac692f6b6438cf275c7382af80d4e kernel-xenU-2.6.9-67.0.1.EL.i686.rpm ac066af710b0239ac02167369edcdfe7 kernel-xenU-devel-2.6.9-67.0.1.EL.i686.rpm ia64: bddf17442cd069545b65a001e9f48222 kernel-2.6.9-67.0.1.EL.ia64.rpm 2a976e19539a629858593bfbb4a76549 kernel-debuginfo-2.6.9-67.0.1.EL.ia64.rpm 6b7d32cc452549b2cbb87b44d7030e78 kernel-devel-2.6.9-67.0.1.EL.ia64.rpm 02b8601db5e4b8744d6194b3aa2c2a8b kernel-largesmp-2.6.9-67.0.1.EL.ia64.rpm 04eda6a8381f80643143fbb95288f8a8 kernel-largesmp-devel-2.6.9-67.0.1.EL.ia64.rpm noarch: ca0869512f974a15b88bdbff99d6e082 kernel-doc-2.6.9-67.0.1.EL.noarch.rpm x86_64: db06d45fdecf81276cf310d96c365c50 kernel-2.6.9-67.0.1.EL.x86_64.rpm d491438e388754f4756011a91f541d56 kernel-debuginfo-2.6.9-67.0.1.EL.x86_64.rpm 9c20fdf6c2b8ca3e7383bcc998d9ded1 kernel-devel-2.6.9-67.0.1.EL.x86_64.rpm be9a35b125804c2f6b2ac2881aad97a7 kernel-largesmp-2.6.9-67.0.1.EL.x86_64.rpm 3eee37ba0eb4e8b742ac0b12048cd04f kernel-largesmp-devel-2.6.9-67.0.1.EL.x86_64.rpm ae76bb975de66c52043944b76f88b935 kernel-smp-2.6.9-67.0.1.EL.x86_64.rpm 246d932e69b533808041a9c179090944 kernel-smp-devel-2.6.9-67.0.1.EL.x86_64.rpm 29991e5a6a46a077eeccb9cb4dc0684e kernel-xenU-2.6.9-67.0.1.EL.x86_64.rpm ae91a97d112bfb7af7e4465fbd9bd871 kernel-xenU-devel-2.6.9-67.0.1.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4997 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5494 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHaWSXXlSAg2UNWIIRAnPZAJ0ajKzlUFAcrrURwiv8njLB30Gt/wCePQL/ 5Skt8JQ+SiRw9AXoueHc3O8= =9+Uv -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 20 19:34:13 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Dec 2007 14:34:13 -0500 Subject: [RHSA-2007:1176-01] Important: autofs security update Message-ID: <200712201934.lBKJYDZ0005045@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: autofs security update Advisory ID: RHSA-2007:1176-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1176.html Issue date: 2007-12-20 Updated on: 2007-12-20 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-6285 - --------------------------------------------------------------------- 1. Summary: Updated autofs packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: The autofs utility controls the operation of the automount daemon, which automatically mounts file systems when you use them, and unmounts them when you are not using them. This can include network file systems and CD-ROMs. There was a security issue with the default configuration of autofs version 5, whereby the entry for the "-hosts" map did not specify the "nodev" mount option. A local user with control of a remote NFS server could create special device files on the remote file system, that if mounted using the default "-hosts" map, could allow the user to access important system devices. (CVE-2007-6285) This issue is similar to CVE-2007-5964, which fixed a missing "nosuid" mount option in autofs. Both the "nodev" and "nosuid" options should be enabled to prevent a possible compromise of machine integrity. Due to the fact that autofs always mounted "-hosts" map entries "dev" by default, autofs has now been altered to always use the "nodev" option when mounting from the default "-hosts" map. The "dev" option must be explicitly given in the master map entry to revert to the old behavior. This change affects only the "-hosts" map which corresponds to the "/net" entry in the default configuration. All autofs users are advised to upgrade to these updated packages, which resolve this issue. Red Hat would like to thank Tim Baum for reporting this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 426218 - CVE-2007-6285 autofs default doesn't set nodev in /net 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/autofs-5.0.1-0.rc2.55.el5.2.src.rpm 5f5504a6ca34b5f5c1bf957d6dae5887 autofs-5.0.1-0.rc2.55.el5.2.src.rpm i386: 2777273dbfe56fe6949958b003c7a536 autofs-5.0.1-0.rc2.55.el5.2.i386.rpm d316563c861ea92642fe9220fec3268b autofs-debuginfo-5.0.1-0.rc2.55.el5.2.i386.rpm x86_64: 382f81f678643f3ef989007ef9023110 autofs-5.0.1-0.rc2.55.el5.2.x86_64.rpm fb511a6ab5a5acdcae2c460aa5fe95e1 autofs-debuginfo-5.0.1-0.rc2.55.el5.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/autofs-5.0.1-0.rc2.55.el5.2.src.rpm 5f5504a6ca34b5f5c1bf957d6dae5887 autofs-5.0.1-0.rc2.55.el5.2.src.rpm i386: 2777273dbfe56fe6949958b003c7a536 autofs-5.0.1-0.rc2.55.el5.2.i386.rpm d316563c861ea92642fe9220fec3268b autofs-debuginfo-5.0.1-0.rc2.55.el5.2.i386.rpm ia64: 7f11526720a9288b3c95193c97c02788 autofs-5.0.1-0.rc2.55.el5.2.ia64.rpm c2a6a0b39aab22452797b486f71a4cbb autofs-debuginfo-5.0.1-0.rc2.55.el5.2.ia64.rpm ppc: d5caec9515a94c2588d8be40d3a021c3 autofs-5.0.1-0.rc2.55.el5.2.ppc.rpm 4f00e9d1b2f8d4d166bf91a013ebe7da autofs-debuginfo-5.0.1-0.rc2.55.el5.2.ppc.rpm s390x: 2c79053af040b63b7cd835b85778df7f autofs-5.0.1-0.rc2.55.el5.2.s390x.rpm 43a0d008743fdccb6689056166b19bea autofs-debuginfo-5.0.1-0.rc2.55.el5.2.s390x.rpm x86_64: 382f81f678643f3ef989007ef9023110 autofs-5.0.1-0.rc2.55.el5.2.x86_64.rpm fb511a6ab5a5acdcae2c460aa5fe95e1 autofs-debuginfo-5.0.1-0.rc2.55.el5.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6285 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHasNbXlSAg2UNWIIRAiLrAKCbycPrUTe402quflWjy9bfPanKOQCfcJFE WB5eSRw0eCeemj/GLXZbMgA= =M5cd -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Dec 20 19:45:24 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 20 Dec 2007 14:45:24 -0500 Subject: [RHSA-2007:1177-01] Important: autofs5 security update Message-ID: <200712201945.lBKJjORq007071@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: autofs5 security update Advisory ID: RHSA-2007:1177-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1177.html Issue date: 2007-12-20 Updated on: 2007-12-20 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-6285 - --------------------------------------------------------------------- 1. Summary: Updated autofs5 technology preview packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The autofs utility controls the operation of the automount daemon, which automatically mounts file systems when you use them, and unmounts them when you are not using them. This can include network file systems and CD-ROMs. The autofs5 packages were made available as a technology preview in Red Hat Enterprise Linux 4.6. There was a security issue with the default configuration of autofs version 5, whereby the entry for the "-hosts" map did not specify the "nodev" mount option. A local user with control of a remote NFS server could create special device files on the remote file system, that if mounted using the default "-hosts" map, could allow the user to access important system devices. (CVE-2007-6285) This issue is similar to CVE-2007-5964, which fixed a missing "nosuid" mount option in autofs. Both the "nodev" and "nosuid" options should be enabled to prevent a possible compromise of machine integrity. Due to the fact that autofs always mounted "-hosts" map entries "dev" by default, autofs has now been altered to always use the "nodev" option when mounting from the default "-hosts" map. The "dev" option must be explicitly given in the master map entry to revert to the old behavior. This change affects only the "-hosts" map which corresponds to the "/net" entry in the default configuration. All autofs5 users are advised to upgrade to these updated packages, which resolve this issue. Red Hat would like to thank Tim Baum for reporting this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 426218 - CVE-2007-6285 autofs default doesn't set nodev in /net 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/autofs5-5.0.1-0.rc2.55.el4_6.2.src.rpm a1b2f22c851aa6b4adb4f8208dea9ded autofs5-5.0.1-0.rc2.55.el4_6.2.src.rpm i386: cd74da575ac61ae97bbb04823223dec9 autofs5-5.0.1-0.rc2.55.el4_6.2.i386.rpm d71b155d19ba7482c9461a11ae5452e1 autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.2.i386.rpm ia64: 85ab6c8e98a25fd2c3615cbfd232b083 autofs5-5.0.1-0.rc2.55.el4_6.2.ia64.rpm 57eac7b62100c2cee28b8fc1629f2850 autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.2.ia64.rpm ppc: cc9ea2b899a2ff380c625f2a7646bf92 autofs5-5.0.1-0.rc2.55.el4_6.2.ppc.rpm ed8cc434b7054888c57b8bafb07575ea autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.2.ppc.rpm s390: f4e47b1c36687a607df623577797e4d0 autofs5-5.0.1-0.rc2.55.el4_6.2.s390.rpm b075ec809427f2355e4938649aca1975 autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.2.s390.rpm s390x: 93d34bf0ffe7aa3af3674685ae95c308 autofs5-5.0.1-0.rc2.55.el4_6.2.s390x.rpm 5fbe32ae7b09e1cfc02f3b2abaa972f2 autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.2.s390x.rpm x86_64: 51675b74cc163e3b3ccf59c10f71164a autofs5-5.0.1-0.rc2.55.el4_6.2.x86_64.rpm 74f9ef4f29821466e3477626d5eae2ca autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.2.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/autofs5-5.0.1-0.rc2.55.el4_6.2.src.rpm a1b2f22c851aa6b4adb4f8208dea9ded autofs5-5.0.1-0.rc2.55.el4_6.2.src.rpm i386: cd74da575ac61ae97bbb04823223dec9 autofs5-5.0.1-0.rc2.55.el4_6.2.i386.rpm d71b155d19ba7482c9461a11ae5452e1 autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.2.i386.rpm x86_64: 51675b74cc163e3b3ccf59c10f71164a autofs5-5.0.1-0.rc2.55.el4_6.2.x86_64.rpm 74f9ef4f29821466e3477626d5eae2ca autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.2.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/autofs5-5.0.1-0.rc2.55.el4_6.2.src.rpm a1b2f22c851aa6b4adb4f8208dea9ded autofs5-5.0.1-0.rc2.55.el4_6.2.src.rpm i386: cd74da575ac61ae97bbb04823223dec9 autofs5-5.0.1-0.rc2.55.el4_6.2.i386.rpm d71b155d19ba7482c9461a11ae5452e1 autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.2.i386.rpm ia64: 85ab6c8e98a25fd2c3615cbfd232b083 autofs5-5.0.1-0.rc2.55.el4_6.2.ia64.rpm 57eac7b62100c2cee28b8fc1629f2850 autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.2.ia64.rpm x86_64: 51675b74cc163e3b3ccf59c10f71164a autofs5-5.0.1-0.rc2.55.el4_6.2.x86_64.rpm 74f9ef4f29821466e3477626d5eae2ca autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.2.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/autofs5-5.0.1-0.rc2.55.el4_6.2.src.rpm a1b2f22c851aa6b4adb4f8208dea9ded autofs5-5.0.1-0.rc2.55.el4_6.2.src.rpm i386: cd74da575ac61ae97bbb04823223dec9 autofs5-5.0.1-0.rc2.55.el4_6.2.i386.rpm d71b155d19ba7482c9461a11ae5452e1 autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.2.i386.rpm ia64: 85ab6c8e98a25fd2c3615cbfd232b083 autofs5-5.0.1-0.rc2.55.el4_6.2.ia64.rpm 57eac7b62100c2cee28b8fc1629f2850 autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.2.ia64.rpm x86_64: 51675b74cc163e3b3ccf59c10f71164a autofs5-5.0.1-0.rc2.55.el4_6.2.x86_64.rpm 74f9ef4f29821466e3477626d5eae2ca autofs5-debuginfo-5.0.1-0.rc2.55.el4_6.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6285 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFHasYGXlSAg2UNWIIRAmZRAKCF6+WgrCP1cv1QPKM94fkdWvehagCgwlcD CCiMykmK6KGege27VmD+Ges= =XdVC -----END PGP SIGNATURE-----