From bugzilla at redhat.com Fri Mar 2 18:34:37 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 2 Mar 2007 13:34:37 -0500 Subject: [RHSA-2007:0078-01] Critical: thunderbird security update Message-ID: <200703021834.l22IYbni005118@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: thunderbird security update Advisory ID: RHSA-2007:0078-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0078.html Issue date: 2007-03-02 Updated on: 2007-03-02 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-6077 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0777 CVE-2007-0778 CVE-2007-0779 CVE-2007-0780 CVE-2007-0800 CVE-2007-0981 CVE-2007-0994 CVE-2007-0995 CVE-2007-0996 CVE-2007-1092 - --------------------------------------------------------------------- 1. Summary: Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML mail message could execute JavaScript code in such a way that may result in Thunderbird crashing or executing arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-0775, CVE-2007-0777, CVE-2007-1092) A flaw was found in the way Thunderbird processed JavaScript contained in certain tags. A malicious HTML mail message could execute JavaScript code with the privileges of the user running Thunderbird. (CVE-2007-0994) Several cross-site scripting (XSS) flaws were found in the way Thunderbird processed certain malformed HTML mail messages. A malicious HTML mail message could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way Thunderbird cached web content on the local disk. A malicious HTML mail message may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way Thunderbird displayed certain web content. A malicious HTML mail message could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way Thunderbird displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running Thunderbird. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way Thunderbird handled the "location.hostname" value during certain browser domain checks. This flaw could allow a malicious HTML mail message to set domain cookies for an arbitrary site, or possibly perform an XSS attack. (CVE-2007-0981) Users of Thunderbird are advised to apply this update, which contains Thunderbird version 1.5.0.10 that corrects these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 204453 - Thunderbird startup script not updated for the add-on based locale 230542 - CVE-2007-0775 Multiple Thunderbird flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-0981, CVE-2007-1092) 230733 - CVE-2007-0994 Thunderbird arbitrary javascript command execution 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.5.0.10-0.1.el4.src.rpm 61e8fd63c57291ea007117b1a4ca77ef thunderbird-1.5.0.10-0.1.el4.src.rpm i386: 476d788b6fee2f095a21f0e2f65c1474 thunderbird-1.5.0.10-0.1.el4.i386.rpm 61c667cb434f9f38aa18fca85d7631c0 thunderbird-debuginfo-1.5.0.10-0.1.el4.i386.rpm ia64: 2b2d89e99412ae5dff0c9839ebbea606 thunderbird-1.5.0.10-0.1.el4.ia64.rpm fde88d8525d4ac222aba0581b1d76b30 thunderbird-debuginfo-1.5.0.10-0.1.el4.ia64.rpm ppc: 339c890b3b2e6d0e3793d21fdeb94431 thunderbird-1.5.0.10-0.1.el4.ppc.rpm 3e6f95720045a82a1bed05722d3fbf66 thunderbird-debuginfo-1.5.0.10-0.1.el4.ppc.rpm s390: 402cf9e68a52f43b1aacb3726efd8f55 thunderbird-1.5.0.10-0.1.el4.s390.rpm adfc6b41f62d4bb21f48ed1221f7328b thunderbird-debuginfo-1.5.0.10-0.1.el4.s390.rpm s390x: 9b5df13b2a710819dc125cc6934bd5e8 thunderbird-1.5.0.10-0.1.el4.s390x.rpm 4a505c3e32d70b1caff27e1cb8d191b2 thunderbird-debuginfo-1.5.0.10-0.1.el4.s390x.rpm x86_64: 71ef8d103632694f24d612c36b1dfe5d thunderbird-1.5.0.10-0.1.el4.x86_64.rpm 45750ce0924bd52ce9d42ac3ddb7df20 thunderbird-debuginfo-1.5.0.10-0.1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.5.0.10-0.1.el4.src.rpm 61e8fd63c57291ea007117b1a4ca77ef thunderbird-1.5.0.10-0.1.el4.src.rpm i386: 476d788b6fee2f095a21f0e2f65c1474 thunderbird-1.5.0.10-0.1.el4.i386.rpm 61c667cb434f9f38aa18fca85d7631c0 thunderbird-debuginfo-1.5.0.10-0.1.el4.i386.rpm x86_64: 71ef8d103632694f24d612c36b1dfe5d thunderbird-1.5.0.10-0.1.el4.x86_64.rpm 45750ce0924bd52ce9d42ac3ddb7df20 thunderbird-debuginfo-1.5.0.10-0.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.5.0.10-0.1.el4.src.rpm 61e8fd63c57291ea007117b1a4ca77ef thunderbird-1.5.0.10-0.1.el4.src.rpm i386: 476d788b6fee2f095a21f0e2f65c1474 thunderbird-1.5.0.10-0.1.el4.i386.rpm 61c667cb434f9f38aa18fca85d7631c0 thunderbird-debuginfo-1.5.0.10-0.1.el4.i386.rpm ia64: 2b2d89e99412ae5dff0c9839ebbea606 thunderbird-1.5.0.10-0.1.el4.ia64.rpm fde88d8525d4ac222aba0581b1d76b30 thunderbird-debuginfo-1.5.0.10-0.1.el4.ia64.rpm x86_64: 71ef8d103632694f24d612c36b1dfe5d thunderbird-1.5.0.10-0.1.el4.x86_64.rpm 45750ce0924bd52ce9d42ac3ddb7df20 thunderbird-debuginfo-1.5.0.10-0.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.5.0.10-0.1.el4.src.rpm 61e8fd63c57291ea007117b1a4ca77ef thunderbird-1.5.0.10-0.1.el4.src.rpm i386: 476d788b6fee2f095a21f0e2f65c1474 thunderbird-1.5.0.10-0.1.el4.i386.rpm 61c667cb434f9f38aa18fca85d7631c0 thunderbird-debuginfo-1.5.0.10-0.1.el4.i386.rpm ia64: 2b2d89e99412ae5dff0c9839ebbea606 thunderbird-1.5.0.10-0.1.el4.ia64.rpm fde88d8525d4ac222aba0581b1d76b30 thunderbird-debuginfo-1.5.0.10-0.1.el4.ia64.rpm x86_64: 71ef8d103632694f24d612c36b1dfe5d thunderbird-1.5.0.10-0.1.el4.x86_64.rpm 45750ce0924bd52ce9d42ac3ddb7df20 thunderbird-debuginfo-1.5.0.10-0.1.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0994 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1092 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFF6G4zXlSAg2UNWIIRAhbEAJ9M1N4f7S0VFCKynMed2b6QiwCHYgCfeF/u asqrI6J/kJ2jCGhgPCFJm18= =EAKp -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Mar 2 18:34:49 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 2 Mar 2007 13:34:49 -0500 Subject: [RHSA-2007:0096-01] Critical: mod_jk security update Message-ID: <200703021834.l22IYnjo005131@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: mod_jk security update Advisory ID: RHSA-2007:0096-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0096.html Issue date: 2007-03-02 Updated on: 2007-03-02 Product: Red Hat Application Stack CVE Names: CVE-2007-0774 - --------------------------------------------------------------------- 1. Summary: Updated mod_jk packages that fix a security issue are now available for Red Hat Application Stack v1.1. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64 Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64 3. Problem description: mod_jk is a Tomcat connector that can be used to communicate between Tomcat and the Apache HTTP Server 2. mod_jk was first distributed with Red Hat Application Stack version 1.1 released on 19 February 2007. A stack overflow flaw was found in the URI handler of mod_jk. A remote attacker could visit a carefully crafted URL being handled by mod_jk and trigger this flaw, which could lead to the execution of arbitrary code as the 'apache' user. (CVE-2007-0774) Users of mod_jk should upgrade to these updated packages, which contain a backported patch to correct this issue. Red Hat would like to thank TippingPoint and the Zero Day Initiative for reporting this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 230045 - CVE-2007-0774 mod_jk overflow flaw 6. RPMs required: Red Hat Application Stack v1 for Enterprise Linux AS (v.4): SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/mod_jk-1.2.20-1.el4s1.2.src.rpm 53cfc442eaf404f5ff6e9d3ac8b65d9d mod_jk-1.2.20-1.el4s1.2.src.rpm i386: 40a1276add3a9336b4391f46279f2ce5 mod_jk-ap20-1.2.20-1.el4s1.2.i386.rpm 601454f1c882149aaf10f4ec87278876 mod_jk-debuginfo-1.2.20-1.el4s1.2.i386.rpm 69eba1ce187bcb64adc400af5836e8c7 mod_jk-manual-1.2.20-1.el4s1.2.i386.rpm x86_64: f59150fc0501348d6031cea0b1df2eb1 mod_jk-ap20-1.2.20-1.el4s1.2.x86_64.rpm 4f6214772bb4a0412ccc892b3e052413 mod_jk-debuginfo-1.2.20-1.el4s1.2.x86_64.rpm 68a22cc1317cb05d979d29a2f5288ed3 mod_jk-manual-1.2.20-1.el4s1.2.x86_64.rpm Red Hat Application Stack v1 for Enterprise Linux ES (v.4): SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/mod_jk-1.2.20-1.el4s1.2.src.rpm 53cfc442eaf404f5ff6e9d3ac8b65d9d mod_jk-1.2.20-1.el4s1.2.src.rpm i386: 40a1276add3a9336b4391f46279f2ce5 mod_jk-ap20-1.2.20-1.el4s1.2.i386.rpm 601454f1c882149aaf10f4ec87278876 mod_jk-debuginfo-1.2.20-1.el4s1.2.i386.rpm 69eba1ce187bcb64adc400af5836e8c7 mod_jk-manual-1.2.20-1.el4s1.2.i386.rpm x86_64: f59150fc0501348d6031cea0b1df2eb1 mod_jk-ap20-1.2.20-1.el4s1.2.x86_64.rpm 4f6214772bb4a0412ccc892b3e052413 mod_jk-debuginfo-1.2.20-1.el4s1.2.x86_64.rpm 68a22cc1317cb05d979d29a2f5288ed3 mod_jk-manual-1.2.20-1.el4s1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFF6G5GXlSAg2UNWIIRAnezAJ4jORvUKBGHkOiGA1rUFnvzUk/35wCfXrrT Y9uSPs+rg1DgFvGHaubmaVs= =RIjG -----END PGP SIGNATURE----- From bugzilla at redhat.com Tue Mar 6 09:24:54 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 6 Mar 2007 04:24:54 -0500 Subject: [RHSA-2007:0106-01] Important: gnupg security update Message-ID: <200703060924.l269OsKh023623@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: gnupg security update Advisory ID: RHSA-2007:0106-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0106.html Issue date: 2007-03-06 Updated on: 2007-03-06 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-1263 - --------------------------------------------------------------------- 1. Summary: Updated GnuPG packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: GnuPG is a utility for encrypting data and creating digital signatures. Gerardo Richarte discovered that a number of applications that make use of GnuPG are prone to a vulnerability involving incorrect verification of signatures and encryption. An attacker could add arbitrary content to a signed message in such a way that a receiver of the message would not be able to distinguish between the properly signed parts of a message and the forged, unsigned, parts. (CVE-2007-1263) Whilst this is not a vulnerability in GnuPG itself, the GnuPG team have produced a patch to protect against messages with multiple plaintext packets. Users should update to these erratum packages which contain the backported patch for this issue. Red Hat would like to thank Core Security Technologies for reporting this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 230456 - CVE-2007-1263 gnupg signed message spoofing 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gnupg-1.0.7-21.src.rpm f2de74bb383030835808bf772b778d03 gnupg-1.0.7-21.src.rpm i386: bdefd567317e73068bc7d8548eef9b62 gnupg-1.0.7-21.i386.rpm ia64: 7d9c9f00a769a8bc3ad6cb7d9c873405 gnupg-1.0.7-21.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gnupg-1.0.7-21.src.rpm f2de74bb383030835808bf772b778d03 gnupg-1.0.7-21.src.rpm ia64: 7d9c9f00a769a8bc3ad6cb7d9c873405 gnupg-1.0.7-21.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gnupg-1.0.7-21.src.rpm f2de74bb383030835808bf772b778d03 gnupg-1.0.7-21.src.rpm i386: bdefd567317e73068bc7d8548eef9b62 gnupg-1.0.7-21.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gnupg-1.0.7-21.src.rpm f2de74bb383030835808bf772b778d03 gnupg-1.0.7-21.src.rpm i386: bdefd567317e73068bc7d8548eef9b62 gnupg-1.0.7-21.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gnupg-1.2.1-20.src.rpm b58f2218e4869dd8b945f86b739d51f2 gnupg-1.2.1-20.src.rpm i386: 7567e3eeca9c11a2b0c33bf2e1c052f3 gnupg-1.2.1-20.i386.rpm 005af56397631727ee88893726c7be30 gnupg-debuginfo-1.2.1-20.i386.rpm ia64: 9a74ed7d363226b9b314500427a9639e gnupg-1.2.1-20.ia64.rpm bd1254b4d1044c4f0c400083f3516876 gnupg-debuginfo-1.2.1-20.ia64.rpm ppc: 93c308be7bc7625938b63e350d697be0 gnupg-1.2.1-20.ppc.rpm d0897a1d4d46eb2f446440afb0f18222 gnupg-debuginfo-1.2.1-20.ppc.rpm s390: 993e706b31617cf75c0a574c1a16f130 gnupg-1.2.1-20.s390.rpm bde497b52d90e337b5e48552fd621187 gnupg-debuginfo-1.2.1-20.s390.rpm s390x: bb4efa201f02ada7389c237fedea3499 gnupg-1.2.1-20.s390x.rpm 263c7002f5bc0876a8d27c37f54f5533 gnupg-debuginfo-1.2.1-20.s390x.rpm x86_64: ca2ba72abdb891c81a8e0afcc489771d gnupg-1.2.1-20.x86_64.rpm e42beef5e54d776c443ec1b5a504b4a3 gnupg-debuginfo-1.2.1-20.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gnupg-1.2.1-20.src.rpm b58f2218e4869dd8b945f86b739d51f2 gnupg-1.2.1-20.src.rpm i386: 7567e3eeca9c11a2b0c33bf2e1c052f3 gnupg-1.2.1-20.i386.rpm 005af56397631727ee88893726c7be30 gnupg-debuginfo-1.2.1-20.i386.rpm x86_64: ca2ba72abdb891c81a8e0afcc489771d gnupg-1.2.1-20.x86_64.rpm e42beef5e54d776c443ec1b5a504b4a3 gnupg-debuginfo-1.2.1-20.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gnupg-1.2.1-20.src.rpm b58f2218e4869dd8b945f86b739d51f2 gnupg-1.2.1-20.src.rpm i386: 7567e3eeca9c11a2b0c33bf2e1c052f3 gnupg-1.2.1-20.i386.rpm 005af56397631727ee88893726c7be30 gnupg-debuginfo-1.2.1-20.i386.rpm ia64: 9a74ed7d363226b9b314500427a9639e gnupg-1.2.1-20.ia64.rpm bd1254b4d1044c4f0c400083f3516876 gnupg-debuginfo-1.2.1-20.ia64.rpm x86_64: ca2ba72abdb891c81a8e0afcc489771d gnupg-1.2.1-20.x86_64.rpm e42beef5e54d776c443ec1b5a504b4a3 gnupg-debuginfo-1.2.1-20.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gnupg-1.2.1-20.src.rpm b58f2218e4869dd8b945f86b739d51f2 gnupg-1.2.1-20.src.rpm i386: 7567e3eeca9c11a2b0c33bf2e1c052f3 gnupg-1.2.1-20.i386.rpm 005af56397631727ee88893726c7be30 gnupg-debuginfo-1.2.1-20.i386.rpm ia64: 9a74ed7d363226b9b314500427a9639e gnupg-1.2.1-20.ia64.rpm bd1254b4d1044c4f0c400083f3516876 gnupg-debuginfo-1.2.1-20.ia64.rpm x86_64: ca2ba72abdb891c81a8e0afcc489771d gnupg-1.2.1-20.x86_64.rpm e42beef5e54d776c443ec1b5a504b4a3 gnupg-debuginfo-1.2.1-20.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gnupg-1.2.6-9.src.rpm 66d7a97de1bf7d07f5bc403afb08b5a1 gnupg-1.2.6-9.src.rpm i386: ff1fcc16803666fa6bb3778b8c765024 gnupg-1.2.6-9.i386.rpm 7df355e0dfc9da1196689d7c0d5d765b gnupg-debuginfo-1.2.6-9.i386.rpm ia64: b86560b6a5ba00907fbc78bef4f0da72 gnupg-1.2.6-9.ia64.rpm 2ea5ad06b65bce945cfe3eebe2744254 gnupg-debuginfo-1.2.6-9.ia64.rpm ppc: 5a0664072856b2ac8afc817848b0d4c7 gnupg-1.2.6-9.ppc.rpm 8ccd0bd76cb5d51953e8bab1bf0aa216 gnupg-debuginfo-1.2.6-9.ppc.rpm s390: 8f0f1c9e231b2010f7c48dd4efe74c39 gnupg-1.2.6-9.s390.rpm 2993148104350549c894a589bd2d92f7 gnupg-debuginfo-1.2.6-9.s390.rpm s390x: 930d4d567445b86111e21109f14635f1 gnupg-1.2.6-9.s390x.rpm 88881ed279241f18a4d40306424e807a gnupg-debuginfo-1.2.6-9.s390x.rpm x86_64: 4f0348791dde513a605037eab21b0989 gnupg-1.2.6-9.x86_64.rpm 691d0fff1b97bef8dbe0f0e94ddfb9f8 gnupg-debuginfo-1.2.6-9.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gnupg-1.2.6-9.src.rpm 66d7a97de1bf7d07f5bc403afb08b5a1 gnupg-1.2.6-9.src.rpm i386: ff1fcc16803666fa6bb3778b8c765024 gnupg-1.2.6-9.i386.rpm 7df355e0dfc9da1196689d7c0d5d765b gnupg-debuginfo-1.2.6-9.i386.rpm x86_64: 4f0348791dde513a605037eab21b0989 gnupg-1.2.6-9.x86_64.rpm 691d0fff1b97bef8dbe0f0e94ddfb9f8 gnupg-debuginfo-1.2.6-9.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gnupg-1.2.6-9.src.rpm 66d7a97de1bf7d07f5bc403afb08b5a1 gnupg-1.2.6-9.src.rpm i386: ff1fcc16803666fa6bb3778b8c765024 gnupg-1.2.6-9.i386.rpm 7df355e0dfc9da1196689d7c0d5d765b gnupg-debuginfo-1.2.6-9.i386.rpm ia64: b86560b6a5ba00907fbc78bef4f0da72 gnupg-1.2.6-9.ia64.rpm 2ea5ad06b65bce945cfe3eebe2744254 gnupg-debuginfo-1.2.6-9.ia64.rpm x86_64: 4f0348791dde513a605037eab21b0989 gnupg-1.2.6-9.x86_64.rpm 691d0fff1b97bef8dbe0f0e94ddfb9f8 gnupg-debuginfo-1.2.6-9.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gnupg-1.2.6-9.src.rpm 66d7a97de1bf7d07f5bc403afb08b5a1 gnupg-1.2.6-9.src.rpm i386: ff1fcc16803666fa6bb3778b8c765024 gnupg-1.2.6-9.i386.rpm 7df355e0dfc9da1196689d7c0d5d765b gnupg-debuginfo-1.2.6-9.i386.rpm ia64: b86560b6a5ba00907fbc78bef4f0da72 gnupg-1.2.6-9.ia64.rpm 2ea5ad06b65bce945cfe3eebe2744254 gnupg-debuginfo-1.2.6-9.ia64.rpm x86_64: 4f0348791dde513a605037eab21b0989 gnupg-1.2.6-9.x86_64.rpm 691d0fff1b97bef8dbe0f0e94ddfb9f8 gnupg-debuginfo-1.2.6-9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1263 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFF7TNRXlSAg2UNWIIRAi6pAKC50O5533q6/Ctnl7tpG5VB8DkaTwCgkEyj mUII0/hfxmFg1jggSQWUNOA= =9Bet -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 14 15:36:02 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Mar 2007 11:36:02 -0400 Subject: [RHSA-2007:0057-02] Moderate: bind security update Message-ID: <200703141536.l2EFa2jA018074@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: bind security update Advisory ID: RHSA-2007:0057-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0057.html Issue date: 2007-03-14 Updated on: 2007-03-14 Product: Red Hat Enterprise Linux Keywords: named bind dnssec CVE Names: CVE-2007-0493 CVE-2007-0494 - --------------------------------------------------------------------- 1. Summary: Updated bind packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow a remote attacker to cause a denial of service. (CVE-2007-0494) A use-after-free flaw was found in BIND. On servers that have recursion enabled, this could allow a remote attacker to cause a denial of service. (CVE-2007-0493) Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 224445 - CVE-2007-0493 BIND might crash after attempting to read free()-ed memory 225229 - CVE-2007-0494 BIND dnssec denial of service 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.3-8.el5.src.rpm 061e9150a2729ef73db3f42224f9ec4a bind-9.3.3-8.el5.src.rpm i386: d1b235753f0a30bf50c686b8889bdabb bind-9.3.3-8.el5.i386.rpm 151c1d0c78cbbbab36737e944f175450 bind-debuginfo-9.3.3-8.el5.i386.rpm 0c9077d8950b18efe21714dded6c94c0 bind-libs-9.3.3-8.el5.i386.rpm 5b6f33360d14530cedaabfeb018772af bind-sdb-9.3.3-8.el5.i386.rpm 9b7d14e4e7247d26b4ab1c670c295f8c bind-utils-9.3.3-8.el5.i386.rpm x86_64: 4d22697b70add12f9c124cc8cf286859 bind-9.3.3-8.el5.x86_64.rpm 151c1d0c78cbbbab36737e944f175450 bind-debuginfo-9.3.3-8.el5.i386.rpm 7d2051147d67e045e464b988ef78b001 bind-debuginfo-9.3.3-8.el5.x86_64.rpm 0c9077d8950b18efe21714dded6c94c0 bind-libs-9.3.3-8.el5.i386.rpm dafc0a981792ee6504a665a0cd529d01 bind-libs-9.3.3-8.el5.x86_64.rpm c05f0ec51d2439f4dd8f27b21bdbfe4f bind-sdb-9.3.3-8.el5.x86_64.rpm 7251b73070a92dc90be41b0372000f61 bind-utils-9.3.3-8.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind-9.3.3-8.el5.src.rpm 061e9150a2729ef73db3f42224f9ec4a bind-9.3.3-8.el5.src.rpm i386: 3a8443e9f2da36135da2a8c002e9a571 bind-chroot-9.3.3-8.el5.i386.rpm 151c1d0c78cbbbab36737e944f175450 bind-debuginfo-9.3.3-8.el5.i386.rpm 2560fb157737b50781f0000b24fed60c bind-devel-9.3.3-8.el5.i386.rpm 7103ae91f3663539a16a2a38152aa92a bind-libbind-devel-9.3.3-8.el5.i386.rpm ed3a96d19f0668ded01e63d6b422e3d2 caching-nameserver-9.3.3-8.el5.i386.rpm x86_64: 1600c5327978f14cff4e3d6c723cd56e bind-chroot-9.3.3-8.el5.x86_64.rpm 151c1d0c78cbbbab36737e944f175450 bind-debuginfo-9.3.3-8.el5.i386.rpm 7d2051147d67e045e464b988ef78b001 bind-debuginfo-9.3.3-8.el5.x86_64.rpm 2560fb157737b50781f0000b24fed60c bind-devel-9.3.3-8.el5.i386.rpm 614c450db2303add7d716f9598ee4b9b bind-devel-9.3.3-8.el5.x86_64.rpm 7103ae91f3663539a16a2a38152aa92a bind-libbind-devel-9.3.3-8.el5.i386.rpm 07eb939ce9b72a601a11edd744234499 bind-libbind-devel-9.3.3-8.el5.x86_64.rpm 13fcf98bf097c8f5066941527658422b caching-nameserver-9.3.3-8.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind-9.3.3-8.el5.src.rpm 061e9150a2729ef73db3f42224f9ec4a bind-9.3.3-8.el5.src.rpm i386: d1b235753f0a30bf50c686b8889bdabb bind-9.3.3-8.el5.i386.rpm 3a8443e9f2da36135da2a8c002e9a571 bind-chroot-9.3.3-8.el5.i386.rpm 151c1d0c78cbbbab36737e944f175450 bind-debuginfo-9.3.3-8.el5.i386.rpm 2560fb157737b50781f0000b24fed60c bind-devel-9.3.3-8.el5.i386.rpm 7103ae91f3663539a16a2a38152aa92a bind-libbind-devel-9.3.3-8.el5.i386.rpm 0c9077d8950b18efe21714dded6c94c0 bind-libs-9.3.3-8.el5.i386.rpm 5b6f33360d14530cedaabfeb018772af bind-sdb-9.3.3-8.el5.i386.rpm 9b7d14e4e7247d26b4ab1c670c295f8c bind-utils-9.3.3-8.el5.i386.rpm ed3a96d19f0668ded01e63d6b422e3d2 caching-nameserver-9.3.3-8.el5.i386.rpm ia64: 08f4fd9cbb47d965af28da56ccd26eca bind-9.3.3-8.el5.ia64.rpm 7411dc9f8cd53f8856d4b9c2fdf067ca bind-chroot-9.3.3-8.el5.ia64.rpm 151c1d0c78cbbbab36737e944f175450 bind-debuginfo-9.3.3-8.el5.i386.rpm 8c5efae65c85cd53878166066b9c5cc9 bind-debuginfo-9.3.3-8.el5.ia64.rpm 1d16d639b459fe2b2a9dbb306407cdea bind-devel-9.3.3-8.el5.ia64.rpm 881a976fd60622c832e5b765e3a8729a bind-libbind-devel-9.3.3-8.el5.ia64.rpm 0c9077d8950b18efe21714dded6c94c0 bind-libs-9.3.3-8.el5.i386.rpm fda8d77c60383c569e4eb17f6b066c58 bind-libs-9.3.3-8.el5.ia64.rpm b9c03a97fc999979339c7d5c4f1ca697 bind-sdb-9.3.3-8.el5.ia64.rpm cdbd214f638e98281402a5691883896f bind-utils-9.3.3-8.el5.ia64.rpm 85f4480c97389bdb422e2e5431830dd3 caching-nameserver-9.3.3-8.el5.ia64.rpm ppc: 97eb06f5f63d9b1dd8d8ef041a877632 bind-9.3.3-8.el5.ppc.rpm a865dd4b52d40727d7ced7146942d088 bind-chroot-9.3.3-8.el5.ppc.rpm 2b89b5609242826517643b6289b8a09e bind-debuginfo-9.3.3-8.el5.ppc.rpm 47ca706022444136bef013b249dd32e1 bind-debuginfo-9.3.3-8.el5.ppc64.rpm 807d87da920d8767cd7be81ec9b23321 bind-devel-9.3.3-8.el5.ppc.rpm e2e769b4315e07e7195806a9c005cffe bind-devel-9.3.3-8.el5.ppc64.rpm 4ecaa16632585f2216d63021586e48a7 bind-libbind-devel-9.3.3-8.el5.ppc.rpm 4e678e537581aa6b6a74d364d74f69d4 bind-libbind-devel-9.3.3-8.el5.ppc64.rpm dec1559e9bb45aa632847eb6ddc934a9 bind-libs-9.3.3-8.el5.ppc.rpm 6b22f1a2277a9667bb20ab80cdb8483f bind-libs-9.3.3-8.el5.ppc64.rpm 55d0288209e14a9bede395a24d0e93ac bind-sdb-9.3.3-8.el5.ppc.rpm b13aae75cb909caaf8a8a23ded7e8041 bind-utils-9.3.3-8.el5.ppc.rpm f0b76f1c2623f5fc385d4f12ef466550 caching-nameserver-9.3.3-8.el5.ppc.rpm s390x: c26913a7906a9c810ab21adfbf0f811f bind-9.3.3-8.el5.s390x.rpm db3adf531b274576542b2a974d467742 bind-chroot-9.3.3-8.el5.s390x.rpm cac132d3282b90e6b28965fa84c6553e bind-debuginfo-9.3.3-8.el5.s390.rpm 6f5b92db72685d3af1151a1fef462c86 bind-debuginfo-9.3.3-8.el5.s390x.rpm 74fb9b7fdbe7ed9642e326f39b9e64ba bind-devel-9.3.3-8.el5.s390.rpm ffa2fd4199b49d1ad2860d775cc8981c bind-devel-9.3.3-8.el5.s390x.rpm a023669dd68fca0a1f328eaf0edb5688 bind-libbind-devel-9.3.3-8.el5.s390.rpm cd44c6c7d65036db055bdb184e98ecb7 bind-libbind-devel-9.3.3-8.el5.s390x.rpm 14ab6cea9014c1b219360ea63b878012 bind-libs-9.3.3-8.el5.s390.rpm 1c4675bdd52331f7f89b0b3a92cb3ce2 bind-libs-9.3.3-8.el5.s390x.rpm f434705fdaa4918f9957391518a30f02 bind-sdb-9.3.3-8.el5.s390x.rpm db6d7c3622e1306bc816352ca06ddbc2 bind-utils-9.3.3-8.el5.s390x.rpm 52aa7545a263150a525a44f0389d2205 caching-nameserver-9.3.3-8.el5.s390x.rpm x86_64: 4d22697b70add12f9c124cc8cf286859 bind-9.3.3-8.el5.x86_64.rpm 1600c5327978f14cff4e3d6c723cd56e bind-chroot-9.3.3-8.el5.x86_64.rpm 151c1d0c78cbbbab36737e944f175450 bind-debuginfo-9.3.3-8.el5.i386.rpm 7d2051147d67e045e464b988ef78b001 bind-debuginfo-9.3.3-8.el5.x86_64.rpm 2560fb157737b50781f0000b24fed60c bind-devel-9.3.3-8.el5.i386.rpm 614c450db2303add7d716f9598ee4b9b bind-devel-9.3.3-8.el5.x86_64.rpm 7103ae91f3663539a16a2a38152aa92a bind-libbind-devel-9.3.3-8.el5.i386.rpm 07eb939ce9b72a601a11edd744234499 bind-libbind-devel-9.3.3-8.el5.x86_64.rpm 0c9077d8950b18efe21714dded6c94c0 bind-libs-9.3.3-8.el5.i386.rpm dafc0a981792ee6504a665a0cd529d01 bind-libs-9.3.3-8.el5.x86_64.rpm c05f0ec51d2439f4dd8f27b21bdbfe4f bind-sdb-9.3.3-8.el5.x86_64.rpm 7251b73070a92dc90be41b0372000f61 bind-utils-9.3.3-8.el5.x86_64.rpm 13fcf98bf097c8f5066941527658422b caching-nameserver-9.3.3-8.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494 http://marc.theaimsgroup.com/?l=bind-announce&m=116968519300764 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFF+BVGXlSAg2UNWIIRAuIxAKCMnf6jiIfPvxOsugLHs8czNlSU5wCdHjrm x2Mc5FuJu9iEp9GLtk9nf/o= =85O7 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 14 15:36:09 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Mar 2007 11:36:09 -0400 Subject: [RHSA-2007:0061-02] Moderate: samba security update Message-ID: <200703141536.l2EFa9uE018078@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: samba security update Advisory ID: RHSA-2007:0061-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0061.html Issue date: 2007-03-14 Updated on: 2007-03-14 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-0452 - --------------------------------------------------------------------- 1. Summary: Updated samba packages that fix a denial of service vulnerability are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: Samba provides file and printer sharing services to SMB/CIFS clients. A denial of service flaw was found in Samba's smbd daemon process. An authenticated user could send a specially crafted request which would cause a smbd child process to enter an infinite loop condition. By opening multiple CIFS sessions, an attacker could exhaust system resources (CVE-2007-0452). Users of Samba should update to these packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 225519 - CVE-2007-0452 Samba smbd denial of service 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.23c-2.el5.2.src.rpm b9f0c930e596610146f3f4d22461cf2e samba-3.0.23c-2.el5.2.src.rpm i386: 4376969ef05a38386a8a86b1bc6b07b3 samba-3.0.23c-2.el5.2.i386.rpm 1454b468e11fc429da90d704a7c5f791 samba-client-3.0.23c-2.el5.2.i386.rpm 16a459ee79fe73edacad0c98d12a14d2 samba-common-3.0.23c-2.el5.2.i386.rpm 2a82d8e06843ad076deaa5ca7c0af50e samba-debuginfo-3.0.23c-2.el5.2.i386.rpm 8e078f1407f14fa52780d8ef488726be samba-swat-3.0.23c-2.el5.2.i386.rpm x86_64: 901320e342fd069aa87098c0e5dc3b2b samba-3.0.23c-2.el5.2.x86_64.rpm ed4f873bcd6c85e5bd96f4dab7403a1f samba-client-3.0.23c-2.el5.2.x86_64.rpm 16a459ee79fe73edacad0c98d12a14d2 samba-common-3.0.23c-2.el5.2.i386.rpm 28dcc7b44ccce83118aac405a37e2a13 samba-common-3.0.23c-2.el5.2.x86_64.rpm 2a82d8e06843ad076deaa5ca7c0af50e samba-debuginfo-3.0.23c-2.el5.2.i386.rpm f0815980251cadeef8a6b2e10a8d9a94 samba-debuginfo-3.0.23c-2.el5.2.x86_64.rpm 25eb4104ac88c7db7eed56f08987cd70 samba-swat-3.0.23c-2.el5.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba-3.0.23c-2.el5.2.src.rpm b9f0c930e596610146f3f4d22461cf2e samba-3.0.23c-2.el5.2.src.rpm i386: 4376969ef05a38386a8a86b1bc6b07b3 samba-3.0.23c-2.el5.2.i386.rpm 1454b468e11fc429da90d704a7c5f791 samba-client-3.0.23c-2.el5.2.i386.rpm 16a459ee79fe73edacad0c98d12a14d2 samba-common-3.0.23c-2.el5.2.i386.rpm 2a82d8e06843ad076deaa5ca7c0af50e samba-debuginfo-3.0.23c-2.el5.2.i386.rpm 8e078f1407f14fa52780d8ef488726be samba-swat-3.0.23c-2.el5.2.i386.rpm ia64: f19aecd0327538f56455e54cdb3ccf20 samba-3.0.23c-2.el5.2.ia64.rpm bccc097f869bc43b91fa4eb35e1e9249 samba-client-3.0.23c-2.el5.2.ia64.rpm 95d95f23f1384a5410bf54465399b022 samba-common-3.0.23c-2.el5.2.ia64.rpm 0bf86c4e53549f8768bc97cb040d1917 samba-debuginfo-3.0.23c-2.el5.2.ia64.rpm 7afd29addffd0835eb8d893832a3036a samba-swat-3.0.23c-2.el5.2.ia64.rpm ppc: df4ca6d488bc7ed247f2a4a12b6e193a samba-3.0.23c-2.el5.2.ppc.rpm 8a8f2df3bd72b7abd7439125c924b296 samba-client-3.0.23c-2.el5.2.ppc.rpm 66f5bc534bc003dc901495b6ea83052a samba-common-3.0.23c-2.el5.2.ppc.rpm 633739582b5e6310bb6fb96aa2469552 samba-common-3.0.23c-2.el5.2.ppc64.rpm f3d55887555dda82400dbe2dadb81f5e samba-debuginfo-3.0.23c-2.el5.2.ppc.rpm 5ce6fe708dd9a117e528fb445cfda954 samba-debuginfo-3.0.23c-2.el5.2.ppc64.rpm f2a619484d20fd94a0cf4414228216cc samba-swat-3.0.23c-2.el5.2.ppc.rpm s390x: 251635f6d0f5cbde27aa105289e38b7d samba-3.0.23c-2.el5.2.s390x.rpm d24679151bfa4ee38dd34dacf64f739a samba-client-3.0.23c-2.el5.2.s390x.rpm c8c0e08334f306279a7133ad1f126190 samba-common-3.0.23c-2.el5.2.s390.rpm 1a0c32a0758814818dccd46162925c2f samba-common-3.0.23c-2.el5.2.s390x.rpm 294c8592f8817965aa1cabc8b1ae7297 samba-debuginfo-3.0.23c-2.el5.2.s390.rpm 1a2d8e1b8172798000a5a507f20d48ad samba-debuginfo-3.0.23c-2.el5.2.s390x.rpm 0e2b6e82f64c5d77eb769fafa58dc7b9 samba-swat-3.0.23c-2.el5.2.s390x.rpm x86_64: 901320e342fd069aa87098c0e5dc3b2b samba-3.0.23c-2.el5.2.x86_64.rpm ed4f873bcd6c85e5bd96f4dab7403a1f samba-client-3.0.23c-2.el5.2.x86_64.rpm 16a459ee79fe73edacad0c98d12a14d2 samba-common-3.0.23c-2.el5.2.i386.rpm 28dcc7b44ccce83118aac405a37e2a13 samba-common-3.0.23c-2.el5.2.x86_64.rpm 2a82d8e06843ad076deaa5ca7c0af50e samba-debuginfo-3.0.23c-2.el5.2.i386.rpm f0815980251cadeef8a6b2e10a8d9a94 samba-debuginfo-3.0.23c-2.el5.2.x86_64.rpm 25eb4104ac88c7db7eed56f08987cd70 samba-swat-3.0.23c-2.el5.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFF+BZnXlSAg2UNWIIRAtlSAJ4x9oUFbJpvkBDLZg/atndCnej9AgCeJoBY 6O5pBGSe2j5cEFBbT1IFwEw= =hNji -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 14 15:36:26 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Mar 2007 11:36:26 -0400 Subject: [RHSA-2007:0068-02] Moderate: postgresql security update Message-ID: <200703141536.l2EFaQJ5018096@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: postgresql security update Advisory ID: RHSA-2007:0068-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0068.html Issue date: 2007-03-14 Updated on: 2007-03-14 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-5540 CVE-2006-5541 CVE-2006-5542 CVE-2007-0555 CVE-2007-0556 - --------------------------------------------------------------------- 1. Summary: Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: PostgreSQL is an advanced Object-Relational database management system (DBMS). Two flaws were found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit these issues (CVE-2007-0555, CVE-2007-0556). Several denial of service flaws were found in the PostgreSQL server. An authenticated user could execute certain SQL commands which could crash the PostgreSQL server (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542). Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 8.1.8 which corrects these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 216411 - CVE-2006-5540 New version fixes three different crash vulnerabilities (CVE-2006-5541 CVE-2006-5542) 225496 - CVE-2007-0555 PostgreSQL arbitrary memory read flaws (CVE-2007-0556) 227688 - Attribute type error when updating varchar column 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.8-1.el5.src.rpm cbe3803061100a0e21ae2fd662fa7eec postgresql-8.1.8-1.el5.src.rpm i386: b6db34e9da1560e8d87418b71316488b postgresql-8.1.8-1.el5.i386.rpm ab9966173a10d19568e58e18b1ea0f14 postgresql-contrib-8.1.8-1.el5.i386.rpm 1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm 09ea8f2dd49c03f536e55fe71cbfb765 postgresql-docs-8.1.8-1.el5.i386.rpm 4aa40a7562d94ff450525f5180e62634 postgresql-libs-8.1.8-1.el5.i386.rpm ef42f820e437712576af6a360c96dca9 postgresql-python-8.1.8-1.el5.i386.rpm a353d60a9972b8bbc04c81629776fe8e postgresql-tcl-8.1.8-1.el5.i386.rpm x86_64: 71580dff758d16cb17f2e8eb35e753fa postgresql-8.1.8-1.el5.x86_64.rpm 757e8ddce97ada5ac9b60c2d464e2482 postgresql-contrib-8.1.8-1.el5.x86_64.rpm 1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm 1d3eaf63b87efaec54bb380faa0b6af8 postgresql-debuginfo-8.1.8-1.el5.x86_64.rpm e41349d11f081cc57019c748e4a4575a postgresql-docs-8.1.8-1.el5.x86_64.rpm 4aa40a7562d94ff450525f5180e62634 postgresql-libs-8.1.8-1.el5.i386.rpm efe6c80e7a5e02930f7caba1aa85f958 postgresql-libs-8.1.8-1.el5.x86_64.rpm 7ca63d34b6c49493b8649f9513002bc9 postgresql-python-8.1.8-1.el5.x86_64.rpm 45685367b978f4994a0537cc883eba06 postgresql-tcl-8.1.8-1.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postgresql-8.1.8-1.el5.src.rpm cbe3803061100a0e21ae2fd662fa7eec postgresql-8.1.8-1.el5.src.rpm i386: 1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm 050dc905b012d3bb37aebeb0b35b28f3 postgresql-devel-8.1.8-1.el5.i386.rpm 637dc59b580445b6d75aea8f39afd485 postgresql-pl-8.1.8-1.el5.i386.rpm 5c936348ca2b124bdc3fb1e71148a596 postgresql-server-8.1.8-1.el5.i386.rpm 5a97f19a7f509c5497cc6cb80dc4509b postgresql-test-8.1.8-1.el5.i386.rpm x86_64: 1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm 1d3eaf63b87efaec54bb380faa0b6af8 postgresql-debuginfo-8.1.8-1.el5.x86_64.rpm 050dc905b012d3bb37aebeb0b35b28f3 postgresql-devel-8.1.8-1.el5.i386.rpm 7aaa7f414d6e671f4968794850335fad postgresql-devel-8.1.8-1.el5.x86_64.rpm aa5b02ec78b80e448a372148dea67b7d postgresql-pl-8.1.8-1.el5.x86_64.rpm bb0db5228c0a8ce2eb3041964221d55e postgresql-server-8.1.8-1.el5.x86_64.rpm 02ed854afee1e8a3ea80c6e22d04e046 postgresql-test-8.1.8-1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postgresql-8.1.8-1.el5.src.rpm cbe3803061100a0e21ae2fd662fa7eec postgresql-8.1.8-1.el5.src.rpm i386: b6db34e9da1560e8d87418b71316488b postgresql-8.1.8-1.el5.i386.rpm ab9966173a10d19568e58e18b1ea0f14 postgresql-contrib-8.1.8-1.el5.i386.rpm 1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm 050dc905b012d3bb37aebeb0b35b28f3 postgresql-devel-8.1.8-1.el5.i386.rpm 09ea8f2dd49c03f536e55fe71cbfb765 postgresql-docs-8.1.8-1.el5.i386.rpm 4aa40a7562d94ff450525f5180e62634 postgresql-libs-8.1.8-1.el5.i386.rpm 637dc59b580445b6d75aea8f39afd485 postgresql-pl-8.1.8-1.el5.i386.rpm ef42f820e437712576af6a360c96dca9 postgresql-python-8.1.8-1.el5.i386.rpm 5c936348ca2b124bdc3fb1e71148a596 postgresql-server-8.1.8-1.el5.i386.rpm a353d60a9972b8bbc04c81629776fe8e postgresql-tcl-8.1.8-1.el5.i386.rpm 5a97f19a7f509c5497cc6cb80dc4509b postgresql-test-8.1.8-1.el5.i386.rpm ia64: 69b9f1aebf6e94690b80b83f5700debd postgresql-8.1.8-1.el5.ia64.rpm 4443f12ea700f736cae4573ee71535d9 postgresql-contrib-8.1.8-1.el5.ia64.rpm 1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm 9f6166066c76dbf5b8e80a5df4f1306d postgresql-debuginfo-8.1.8-1.el5.ia64.rpm 28e491bc8660859a6e2aa1bbb46786f1 postgresql-devel-8.1.8-1.el5.ia64.rpm 88416d3c56adf49a917d51e2b91ea7c3 postgresql-docs-8.1.8-1.el5.ia64.rpm 4aa40a7562d94ff450525f5180e62634 postgresql-libs-8.1.8-1.el5.i386.rpm c4b91e856696f5323b841b408e46ba83 postgresql-libs-8.1.8-1.el5.ia64.rpm ed7b489614fd4528a67b13141bcaf1fc postgresql-pl-8.1.8-1.el5.ia64.rpm 10c6a0917434ef8d67ddad76b1b44206 postgresql-python-8.1.8-1.el5.ia64.rpm 8fa5384e95f449d23d2de200db0f7cfb postgresql-server-8.1.8-1.el5.ia64.rpm 070894787ea2b1b13631cabf482fbd3a postgresql-tcl-8.1.8-1.el5.ia64.rpm 1342f6611941d28abcdf3ba8d0a0e784 postgresql-test-8.1.8-1.el5.ia64.rpm ppc: d1c81aa14ae57ffec2680083752f42e6 postgresql-8.1.8-1.el5.ppc.rpm 4778d8e5d47fee840bb5a4b3aa042e11 postgresql-contrib-8.1.8-1.el5.ppc.rpm 7b2a14f3f31631edb91186b64e00f758 postgresql-debuginfo-8.1.8-1.el5.ppc.rpm 651dfd132da8213c6725f6917a6ee2ad postgresql-debuginfo-8.1.8-1.el5.ppc64.rpm d0032a7370c9167cae64c67e0f7ea6d6 postgresql-devel-8.1.8-1.el5.ppc.rpm c51291a491ebfece7db693fd81de862c postgresql-devel-8.1.8-1.el5.ppc64.rpm 970f6d985d97a9b6e313c4ef40adc5f6 postgresql-docs-8.1.8-1.el5.ppc.rpm fd4110388418d06d7e3302d0881b76a5 postgresql-libs-8.1.8-1.el5.ppc.rpm af622184701cc32ba37e8710ab234c67 postgresql-libs-8.1.8-1.el5.ppc64.rpm fab13773ae902a2aa7801b84b6fd7d33 postgresql-pl-8.1.8-1.el5.ppc.rpm d426d7d3c0bba88422ef8da2998df468 postgresql-python-8.1.8-1.el5.ppc.rpm 5ca4d52df094f4fa4676def66b826c30 postgresql-server-8.1.8-1.el5.ppc.rpm eb8c8530bc6578c6e7d58e6b3de77c17 postgresql-tcl-8.1.8-1.el5.ppc.rpm 9487fc3b6de353d30641adb5a11e0895 postgresql-test-8.1.8-1.el5.ppc.rpm s390x: 71c539c818352c876dbe70e7fc305bc1 postgresql-8.1.8-1.el5.s390x.rpm a9bdf4729d164014bcd2e5a4c8fdbffa postgresql-contrib-8.1.8-1.el5.s390x.rpm 143edfcf968dd6b5565794e415bdd0d2 postgresql-debuginfo-8.1.8-1.el5.s390.rpm 5b68a77f30db1d0f4527cff8a4ea2034 postgresql-debuginfo-8.1.8-1.el5.s390x.rpm d6236894072cf2649dd916bb4044ae62 postgresql-devel-8.1.8-1.el5.s390.rpm a5fc3740d1445473487aa0cbfe0285b5 postgresql-devel-8.1.8-1.el5.s390x.rpm d707b3dce1cc3e989cb3e47e3f27eb78 postgresql-docs-8.1.8-1.el5.s390x.rpm 8a3a7d2384f7346da82db6106c095eb8 postgresql-libs-8.1.8-1.el5.s390.rpm d9043731e0db99f22064f18f486bd245 postgresql-libs-8.1.8-1.el5.s390x.rpm 919619f0ff7e97311f6f708c981b0a66 postgresql-pl-8.1.8-1.el5.s390x.rpm 004f7fac0d588cf7210b6b3df88932e6 postgresql-python-8.1.8-1.el5.s390x.rpm 2693a4e47fedb583056d8ff827632b43 postgresql-server-8.1.8-1.el5.s390x.rpm 9ce9c223645d83f3444badda7e9e0a57 postgresql-tcl-8.1.8-1.el5.s390x.rpm 4d668df9c8c905bdd83f2ab05b653df3 postgresql-test-8.1.8-1.el5.s390x.rpm x86_64: 71580dff758d16cb17f2e8eb35e753fa postgresql-8.1.8-1.el5.x86_64.rpm 757e8ddce97ada5ac9b60c2d464e2482 postgresql-contrib-8.1.8-1.el5.x86_64.rpm 1c3e5af7702d47f7ef9c7f0fb28fc3c3 postgresql-debuginfo-8.1.8-1.el5.i386.rpm 1d3eaf63b87efaec54bb380faa0b6af8 postgresql-debuginfo-8.1.8-1.el5.x86_64.rpm 050dc905b012d3bb37aebeb0b35b28f3 postgresql-devel-8.1.8-1.el5.i386.rpm 7aaa7f414d6e671f4968794850335fad postgresql-devel-8.1.8-1.el5.x86_64.rpm e41349d11f081cc57019c748e4a4575a postgresql-docs-8.1.8-1.el5.x86_64.rpm 4aa40a7562d94ff450525f5180e62634 postgresql-libs-8.1.8-1.el5.i386.rpm efe6c80e7a5e02930f7caba1aa85f958 postgresql-libs-8.1.8-1.el5.x86_64.rpm aa5b02ec78b80e448a372148dea67b7d postgresql-pl-8.1.8-1.el5.x86_64.rpm 7ca63d34b6c49493b8649f9513002bc9 postgresql-python-8.1.8-1.el5.x86_64.rpm bb0db5228c0a8ce2eb3041964221d55e postgresql-server-8.1.8-1.el5.x86_64.rpm 45685367b978f4994a0537cc883eba06 postgresql-tcl-8.1.8-1.el5.x86_64.rpm 02ed854afee1e8a3ea80c6e22d04e046 postgresql-test-8.1.8-1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5540 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5542 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFF+BZtXlSAg2UNWIIRAkwQAKCEF/EepXvMFDfi/wJ+E+n/e0kPHACgrP/y dVfBAriw99LG3NHjLY5cAso= =o430 -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 14 15:36:40 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Mar 2007 11:36:40 -0400 Subject: [RHSA-2007:0075-02] Important: spamassassin security update Message-ID: <200703141536.l2EFaeQk018108@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: spamassassin security update Advisory ID: RHSA-2007:0075-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0075.html Issue date: 2007-03-13 Updated on: 2007-03-14 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-0451 - --------------------------------------------------------------------- 1. Summary: Updated spamassassin packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: SpamAssassin provides a way to reduce unsolicited commercial email (spam) from incoming email. A flaw was found in the way SpamAssassin processes HTML email containing URIs. A carefully crafted mail message could cause SpamAssassin to consume significant resources. If a number of these messages are sent, this could lead to a denial of service, potentially delaying or preventing the delivery of email. (CVE-2007-0451) Users of SpamAssassin should upgrade to these updated packages which contain version 3.1.8 which is not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 228587 - CVE-2007-0451 Spamassassin DoS 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/spamassassin-3.1.8-2.el5.src.rpm 1b3d756e97bd37694b8682de4cf2437b spamassassin-3.1.8-2.el5.src.rpm i386: 46f02b67cfc960bb5d870e53d2c160aa spamassassin-3.1.8-2.el5.i386.rpm b0d0d32cd64986d8d47e28c638e5c6cb spamassassin-debuginfo-3.1.8-2.el5.i386.rpm x86_64: 464cc3d1cf3bc0ab2707e2dcb3b250da spamassassin-3.1.8-2.el5.x86_64.rpm a8516e321cc11bf556735f7824045d24 spamassassin-debuginfo-3.1.8-2.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/spamassassin-3.1.8-2.el5.src.rpm 1b3d756e97bd37694b8682de4cf2437b spamassassin-3.1.8-2.el5.src.rpm i386: 46f02b67cfc960bb5d870e53d2c160aa spamassassin-3.1.8-2.el5.i386.rpm b0d0d32cd64986d8d47e28c638e5c6cb spamassassin-debuginfo-3.1.8-2.el5.i386.rpm ia64: 9c9c9f9d1b05c6f70210d94196661dba spamassassin-3.1.8-2.el5.ia64.rpm 2e467dc6cf71068568748a24281d2f24 spamassassin-debuginfo-3.1.8-2.el5.ia64.rpm ppc: d77b85e1c132b88526210bc121e67642 spamassassin-3.1.8-2.el5.ppc.rpm 53f9f1790f2bf708438e6ca89966e873 spamassassin-debuginfo-3.1.8-2.el5.ppc.rpm s390x: 2c98423a9762e50eb206daa59172b0e7 spamassassin-3.1.8-2.el5.s390x.rpm faf074eed8e821200108ebf42403eefe spamassassin-debuginfo-3.1.8-2.el5.s390x.rpm x86_64: 464cc3d1cf3bc0ab2707e2dcb3b250da spamassassin-3.1.8-2.el5.x86_64.rpm a8516e321cc11bf556735f7824045d24 spamassassin-debuginfo-3.1.8-2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0451 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFF+BaAXlSAg2UNWIIRAlYqAJwJeiQpLzi9LfUN1PrmqLA48NxTxQCeLTwD 3PY001qR0EfXau0wtxWcCH4= =N6Oa -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 14 15:36:51 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Mar 2007 11:36:51 -0400 Subject: [RHSA-2007:0082-02] Important: php security update Message-ID: <200703141536.l2EFapl3018123@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: php security update Advisory ID: RHSA-2007:0082-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0082.html Issue date: 2007-03-13 Updated on: 2007-03-14 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-0906 CVE-2007-0907 CVE-2007-0908 CVE-2007-0909 CVE-2007-0988 CVE-2007-0910 CVE-2007-1285 - --------------------------------------------------------------------- 1. Summary: Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A number of buffer overflow flaws were found in the PHP session extension; the str_replace() function; and the imap_mail_compose() function. If very long strings were passed to the str_replace() function, an integer overflow could occur in memory allocation. If a script used the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker with access to a PHP application affected by any these issues could trigger the flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906) When unserializing untrusted data on 64-bit platforms, the zend_hash_init() function could be forced into an infinite loop, consuming CPU resources for a limited time, until the script timeout alarm aborted execution of the script. (CVE-2007-0988) If the wddx extension was used to import WDDX data from an untrusted source, certain WDDX input packets could expose a random portion of heap memory. (CVE-2007-0908) If the odbc_result_all() function was used to display data from a database, and the database table contents were under an attacker's control, a format string vulnerability was possible which could allow arbitrary code execution. (CVE-2007-0909) A one byte memory read always occurs before the beginning of a buffer. This could be triggered, for example, by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907) Several flaws in PHP could allow attackers to "clobber" certain super-global variables via unspecified vectors. (CVE-2007-0910) An input validation bug allowed a remote attacker to trigger a denial of service attack by submitting an input variable with a deeply-nested-array. (CVE-2007-1285) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 229013 - CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988) 231597 - CVE-2007-1285 PHP Variable Destructor Deep Recursion Stack Overflow 6. RPMs required: RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-7.el5.src.rpm d346826e0a542ea5f6a0c21ec5c0de89 php-5.1.6-7.el5.src.rpm i386: a769b8752da878a65ad0991e5f35f1f3 php-5.1.6-7.el5.i386.rpm 26c852cd82b4a12e69fda6cc8a915ff2 php-bcmath-5.1.6-7.el5.i386.rpm 091678f9d2328099ef5e04fc97df370b php-cli-5.1.6-7.el5.i386.rpm d41ed2907aec10d018e934c0c24c3ef6 php-common-5.1.6-7.el5.i386.rpm 97be9e8c8bfd86eead518ca713160b09 php-dba-5.1.6-7.el5.i386.rpm 975b56045493472002d6f670adc77a9e php-debuginfo-5.1.6-7.el5.i386.rpm c5d05e5fc1b528ffdb140c9d6a6e273d php-devel-5.1.6-7.el5.i386.rpm 7d341380dc2fcbc68acb88c950e91aaa php-gd-5.1.6-7.el5.i386.rpm 269b687f020b595b6a9447a1c361c559 php-imap-5.1.6-7.el5.i386.rpm 34f13e8e682038c7b4523a1db3507b17 php-ldap-5.1.6-7.el5.i386.rpm 926de31a1232612a801e75ffda10a922 php-mbstring-5.1.6-7.el5.i386.rpm 60bf1b4f73996c34a2e2533925b58799 php-mysql-5.1.6-7.el5.i386.rpm ed479d680c6766b3f21a8ee3340c4cc6 php-ncurses-5.1.6-7.el5.i386.rpm 795129d527b17823d1b9ac0fb612a397 php-odbc-5.1.6-7.el5.i386.rpm 0c57393535d5823010d992dabcebe745 php-pdo-5.1.6-7.el5.i386.rpm 753ace56f59708f10e4ad03d466d0471 php-pgsql-5.1.6-7.el5.i386.rpm 31d5fe411fc3d13715c61da09e8a3b34 php-snmp-5.1.6-7.el5.i386.rpm 3778e27df82016b0726b54febaed59cb php-soap-5.1.6-7.el5.i386.rpm 9d091c7a236f7a3c465899ee787e94a8 php-xml-5.1.6-7.el5.i386.rpm b5d9236d70e76d14cac5acda60275d0c php-xmlrpc-5.1.6-7.el5.i386.rpm x86_64: 71badbd6e44d51cfba34a32a23cd95b2 php-5.1.6-7.el5.x86_64.rpm 960ae9a9d0e00cd547da7eec1955a5d9 php-bcmath-5.1.6-7.el5.x86_64.rpm c9d24ac66104b4d096acb6822fb9f8c6 php-cli-5.1.6-7.el5.x86_64.rpm 1cd6237e2d51c55c19d6d3b7e2f81f5e php-common-5.1.6-7.el5.x86_64.rpm b079b7af288906711ccd3bf02b1a0027 php-dba-5.1.6-7.el5.x86_64.rpm 84f7f59eaab122c2e147279cb2bb23b3 php-debuginfo-5.1.6-7.el5.x86_64.rpm 6c69af2c7ed239a43c518b272c6cd3c8 php-devel-5.1.6-7.el5.x86_64.rpm f2c4004d69f4eb094e80f5829fb33fc3 php-gd-5.1.6-7.el5.x86_64.rpm 26c944eb0a556ba0d6a634613b7f67bb php-imap-5.1.6-7.el5.x86_64.rpm eff06352104b02ccc24a85e68714a9e2 php-ldap-5.1.6-7.el5.x86_64.rpm 39592d7a4e4c48323ba426f48a56647d php-mbstring-5.1.6-7.el5.x86_64.rpm a5224c1cc1b10ebe5e4173e933ae5767 php-mysql-5.1.6-7.el5.x86_64.rpm d3c8038ca9e8ac81aab049a2147b50b7 php-ncurses-5.1.6-7.el5.x86_64.rpm 67e7ee807842e2c6963b0fe558b8f311 php-odbc-5.1.6-7.el5.x86_64.rpm c89b0119f58fd306ac673f338cc15b5f php-pdo-5.1.6-7.el5.x86_64.rpm 55338806427f9d63e7400410ab563198 php-pgsql-5.1.6-7.el5.x86_64.rpm b4c50e81b595e80ef9aa09f53c7c5eed php-snmp-5.1.6-7.el5.x86_64.rpm dd23b2ff36947c8bfe99e089837f664f php-soap-5.1.6-7.el5.x86_64.rpm 71ea5f61663fd7e3d5c344eb7bfdce9a php-xml-5.1.6-7.el5.x86_64.rpm 98ad623c7547160267c38608882c4109 php-xmlrpc-5.1.6-7.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-7.el5.src.rpm d346826e0a542ea5f6a0c21ec5c0de89 php-5.1.6-7.el5.src.rpm i386: a769b8752da878a65ad0991e5f35f1f3 php-5.1.6-7.el5.i386.rpm 26c852cd82b4a12e69fda6cc8a915ff2 php-bcmath-5.1.6-7.el5.i386.rpm 091678f9d2328099ef5e04fc97df370b php-cli-5.1.6-7.el5.i386.rpm d41ed2907aec10d018e934c0c24c3ef6 php-common-5.1.6-7.el5.i386.rpm 97be9e8c8bfd86eead518ca713160b09 php-dba-5.1.6-7.el5.i386.rpm 975b56045493472002d6f670adc77a9e php-debuginfo-5.1.6-7.el5.i386.rpm c5d05e5fc1b528ffdb140c9d6a6e273d php-devel-5.1.6-7.el5.i386.rpm 7d341380dc2fcbc68acb88c950e91aaa php-gd-5.1.6-7.el5.i386.rpm 269b687f020b595b6a9447a1c361c559 php-imap-5.1.6-7.el5.i386.rpm 34f13e8e682038c7b4523a1db3507b17 php-ldap-5.1.6-7.el5.i386.rpm 926de31a1232612a801e75ffda10a922 php-mbstring-5.1.6-7.el5.i386.rpm 60bf1b4f73996c34a2e2533925b58799 php-mysql-5.1.6-7.el5.i386.rpm ed479d680c6766b3f21a8ee3340c4cc6 php-ncurses-5.1.6-7.el5.i386.rpm 795129d527b17823d1b9ac0fb612a397 php-odbc-5.1.6-7.el5.i386.rpm 0c57393535d5823010d992dabcebe745 php-pdo-5.1.6-7.el5.i386.rpm 753ace56f59708f10e4ad03d466d0471 php-pgsql-5.1.6-7.el5.i386.rpm 31d5fe411fc3d13715c61da09e8a3b34 php-snmp-5.1.6-7.el5.i386.rpm 3778e27df82016b0726b54febaed59cb php-soap-5.1.6-7.el5.i386.rpm 9d091c7a236f7a3c465899ee787e94a8 php-xml-5.1.6-7.el5.i386.rpm b5d9236d70e76d14cac5acda60275d0c php-xmlrpc-5.1.6-7.el5.i386.rpm ia64: 59deca45db02df88f078a90d4b63a5e0 php-5.1.6-7.el5.ia64.rpm 78724383db37df0b5b6d3238d0546a4b php-bcmath-5.1.6-7.el5.ia64.rpm 35a4becee4cba77a326cb5065e518aac php-cli-5.1.6-7.el5.ia64.rpm 81211a5929b97c9b61f768ef7afa59fa php-common-5.1.6-7.el5.ia64.rpm a30941ed55d65041bd2fc02da0b4eec5 php-dba-5.1.6-7.el5.ia64.rpm 5303ed94098f13a8a73f616930a38bee php-debuginfo-5.1.6-7.el5.ia64.rpm 44c8d443ec2c792f7645492956795d8c php-devel-5.1.6-7.el5.ia64.rpm 956d3a5cfad2ced91d9abd53c2d54d2e php-gd-5.1.6-7.el5.ia64.rpm 7d1dc114f00391a3ed80b7abce52bd42 php-imap-5.1.6-7.el5.ia64.rpm c9f494abcaccb0dc69f5da39b5ef6e3c php-ldap-5.1.6-7.el5.ia64.rpm 54c5bf8b6188859ccf89bd8ee5f1479c php-mbstring-5.1.6-7.el5.ia64.rpm cdd50f81d23f0970cbf6676943024e27 php-mysql-5.1.6-7.el5.ia64.rpm 363ef052d679f52e52060596971d984e php-ncurses-5.1.6-7.el5.ia64.rpm 8e74366714aa43bca1ee3d7523e3308d php-odbc-5.1.6-7.el5.ia64.rpm a31e6f3cb40333d91cfea4cc1dc31be5 php-pdo-5.1.6-7.el5.ia64.rpm c8a9283cb3b466074f8e2b5b71695cf9 php-pgsql-5.1.6-7.el5.ia64.rpm 54b5685395b3e38507253f6fceb3ad7a php-snmp-5.1.6-7.el5.ia64.rpm 4fa28d4d0eea108631ae11dc24c507a7 php-soap-5.1.6-7.el5.ia64.rpm f3b3cf435a9a27ea4508508b52be5e51 php-xml-5.1.6-7.el5.ia64.rpm ba31d4201e6ba1c47a2be5d205ea320b php-xmlrpc-5.1.6-7.el5.ia64.rpm ppc: b1431b1febce8f6a0da1b706b3e4a65d php-5.1.6-7.el5.ppc.rpm f6a464c2ee63ce883b41b6bd06c2525d php-bcmath-5.1.6-7.el5.ppc.rpm 9c08683931c05da19969c88ed37dfa20 php-cli-5.1.6-7.el5.ppc.rpm 976bc9b3bef1c643d5f2bc4f4889263c php-common-5.1.6-7.el5.ppc.rpm 41f8e6c1d21bf2aaecbd5f99aef96fc8 php-dba-5.1.6-7.el5.ppc.rpm 7f78105c12345bd1d8df7189b94f4c39 php-debuginfo-5.1.6-7.el5.ppc.rpm 56718bdd1283ebcf7d8e482e9b4bb45e php-devel-5.1.6-7.el5.ppc.rpm a884ad0bb5c9ccddb2aa48e5ec84b0ea php-gd-5.1.6-7.el5.ppc.rpm 966418dde96d45630db83ab784a07b23 php-imap-5.1.6-7.el5.ppc.rpm d13978e5285271326934106918a6c272 php-ldap-5.1.6-7.el5.ppc.rpm d1e1122d2723ce66af63298629703d49 php-mbstring-5.1.6-7.el5.ppc.rpm 292b11fbcc67e277e0971758a55a60e1 php-mysql-5.1.6-7.el5.ppc.rpm 57763f1feff7a785191d5224a1ae9290 php-ncurses-5.1.6-7.el5.ppc.rpm aac7f53adff7b9173fc581be6809cedc php-odbc-5.1.6-7.el5.ppc.rpm 6aec0a62b0305cd4a887bb3d54b6ab91 php-pdo-5.1.6-7.el5.ppc.rpm 91a79293698ccafcea817a49576b6b1c php-pgsql-5.1.6-7.el5.ppc.rpm 8176898811a0e898bfb0158adcd1228f php-snmp-5.1.6-7.el5.ppc.rpm cd324c31c751ce87d5e2875811979d7e php-soap-5.1.6-7.el5.ppc.rpm 8374aaa3195e80cf03f21970aacdea06 php-xml-5.1.6-7.el5.ppc.rpm 1699a4cede424374f53db51a40d6c23f php-xmlrpc-5.1.6-7.el5.ppc.rpm s390x: b4a2955f08aa005731c012c813801d5b php-5.1.6-7.el5.s390x.rpm b56b3928b80aeabef61cbe3198e482d2 php-bcmath-5.1.6-7.el5.s390x.rpm 7443d3356b3d062889d44eab3863fc8a php-cli-5.1.6-7.el5.s390x.rpm 49c9eef065dbde46a4dd48cd074e004f php-common-5.1.6-7.el5.s390x.rpm d2cfd29995ce8dca7db53b85634dfe18 php-dba-5.1.6-7.el5.s390x.rpm a8d0842fc94886bfed462d5df2be7de1 php-debuginfo-5.1.6-7.el5.s390x.rpm 37d02d98287aa59b7ebd1dd5b2ea3f04 php-devel-5.1.6-7.el5.s390x.rpm 9efbd00b56547364d6ca50e8c1321d00 php-gd-5.1.6-7.el5.s390x.rpm 75932b10f243bace44feaad9370dd9a8 php-imap-5.1.6-7.el5.s390x.rpm 6f45228c38354873e0d6b72a371ff932 php-ldap-5.1.6-7.el5.s390x.rpm 2b4708e0e7d21060c57a84721d714c26 php-mbstring-5.1.6-7.el5.s390x.rpm 0b6d512aeb6489877db6aefaf0e2df09 php-mysql-5.1.6-7.el5.s390x.rpm 9f7f86b4d351f5bd2c44b909c0911c4c php-ncurses-5.1.6-7.el5.s390x.rpm d488c8e34ed2d15d4cd1d66e3757da0e php-odbc-5.1.6-7.el5.s390x.rpm 28628c46d048241cf3670b93309a364b php-pdo-5.1.6-7.el5.s390x.rpm 768215dba4ffd10112b7d31507898802 php-pgsql-5.1.6-7.el5.s390x.rpm 95755db467614b64b65531616206bb3e php-snmp-5.1.6-7.el5.s390x.rpm 48d2893c0e654f5973ca6588faa362d9 php-soap-5.1.6-7.el5.s390x.rpm 01ecda2d3055673ade18449218ca1995 php-xml-5.1.6-7.el5.s390x.rpm cac4acbde1d01621fe6bf9ca332e4ebc php-xmlrpc-5.1.6-7.el5.s390x.rpm x86_64: 71badbd6e44d51cfba34a32a23cd95b2 php-5.1.6-7.el5.x86_64.rpm 960ae9a9d0e00cd547da7eec1955a5d9 php-bcmath-5.1.6-7.el5.x86_64.rpm c9d24ac66104b4d096acb6822fb9f8c6 php-cli-5.1.6-7.el5.x86_64.rpm 1cd6237e2d51c55c19d6d3b7e2f81f5e php-common-5.1.6-7.el5.x86_64.rpm b079b7af288906711ccd3bf02b1a0027 php-dba-5.1.6-7.el5.x86_64.rpm 84f7f59eaab122c2e147279cb2bb23b3 php-debuginfo-5.1.6-7.el5.x86_64.rpm 6c69af2c7ed239a43c518b272c6cd3c8 php-devel-5.1.6-7.el5.x86_64.rpm f2c4004d69f4eb094e80f5829fb33fc3 php-gd-5.1.6-7.el5.x86_64.rpm 26c944eb0a556ba0d6a634613b7f67bb php-imap-5.1.6-7.el5.x86_64.rpm eff06352104b02ccc24a85e68714a9e2 php-ldap-5.1.6-7.el5.x86_64.rpm 39592d7a4e4c48323ba426f48a56647d php-mbstring-5.1.6-7.el5.x86_64.rpm a5224c1cc1b10ebe5e4173e933ae5767 php-mysql-5.1.6-7.el5.x86_64.rpm d3c8038ca9e8ac81aab049a2147b50b7 php-ncurses-5.1.6-7.el5.x86_64.rpm 67e7ee807842e2c6963b0fe558b8f311 php-odbc-5.1.6-7.el5.x86_64.rpm c89b0119f58fd306ac673f338cc15b5f php-pdo-5.1.6-7.el5.x86_64.rpm 55338806427f9d63e7400410ab563198 php-pgsql-5.1.6-7.el5.x86_64.rpm b4c50e81b595e80ef9aa09f53c7c5eed php-snmp-5.1.6-7.el5.x86_64.rpm dd23b2ff36947c8bfe99e089837f664f php-soap-5.1.6-7.el5.x86_64.rpm 71ea5f61663fd7e3d5c344eb7bfdce9a php-xml-5.1.6-7.el5.x86_64.rpm 98ad623c7547160267c38608882c4109 php-xmlrpc-5.1.6-7.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFF+BaNXlSAg2UNWIIRAhxfAJ9ip8A1CTLUML/z4PpO+CXcZMU0tQCgrosR pesgJ9SMJSFRFvqeJna4aPI= =k5xl -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 14 15:37:01 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Mar 2007 11:37:01 -0400 Subject: [RHSA-2007:0087-02] Critical: ekiga security update Message-ID: <200703141537.l2EFb1Kc018137@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: ekiga security update Advisory ID: RHSA-2007:0087-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0087.html Issue date: 2007-03-13 Updated on: 2007-03-14 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-0999 CVE-2007-1006 - --------------------------------------------------------------------- 1. Summary: Updated ekiga packages that fix security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Problem description: Ekiga is a tool to communicate with video and audio over the Internet. Format string flaws were found in the way Ekiga processes certain messages. If a user is running Ekiga, a remote attacker who can connect to Ekiga could trigger this flaw and potentially execute arbitrary code with the privileges of the user. (CVE-2007-0999, CVE-2007-1006) Users of Ekiga should upgrade to these updated packages which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 229262 - CVE-2007-0999 Ekiga format string flaw (CVE-2007-1006) 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ekiga-2.0.2-7.0.2.src.rpm 8b8f08aca0e186151d75393b4f0d530f ekiga-2.0.2-7.0.2.src.rpm i386: 81bdab90f5d9f115409057e2802416a7 ekiga-2.0.2-7.0.2.i386.rpm bcc1c8be2530a366044d57306f84f189 ekiga-debuginfo-2.0.2-7.0.2.i386.rpm x86_64: a8f36138642f048f9622bfca2b3dbad2 ekiga-2.0.2-7.0.2.x86_64.rpm 4e0f2bb06b98810ef5a98978877010ab ekiga-debuginfo-2.0.2-7.0.2.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ekiga-2.0.2-7.0.2.src.rpm 8b8f08aca0e186151d75393b4f0d530f ekiga-2.0.2-7.0.2.src.rpm i386: 81bdab90f5d9f115409057e2802416a7 ekiga-2.0.2-7.0.2.i386.rpm bcc1c8be2530a366044d57306f84f189 ekiga-debuginfo-2.0.2-7.0.2.i386.rpm x86_64: a8f36138642f048f9622bfca2b3dbad2 ekiga-2.0.2-7.0.2.x86_64.rpm 4e0f2bb06b98810ef5a98978877010ab ekiga-debuginfo-2.0.2-7.0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0999 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1006 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD4DBQFF+BaYXlSAg2UNWIIRAu7lAJi59eT2rRXg3EtXZtkeEfn7FIvyAKC6sxY2 D+S5TWdquUCIzr6+0PK41g== =9WwB -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 14 15:37:22 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Mar 2007 11:37:22 -0400 Subject: [RHSA-2007:0097-02] Critical: firefox security update Message-ID: <200703141537.l2EFbMUS018164@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2007:0097-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0097.html Issue date: 2007-03-14 Updated on: 2007-03-14 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-6077 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0777 CVE-2007-0778 CVE-2007-0779 CVE-2007-0780 CVE-2007-0800 CVE-2007-0981 CVE-2007-0994 CVE-2007-0995 CVE-2007-0996 - --------------------------------------------------------------------- 1. Summary: Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: Mozilla Firefox is an open source Web browser. Flaws were found in the way Firefox executed malformed JavaScript code. A malicious web page could cause Firefox to crash or allow arbitrary code to be executed as the user running Firefox. (CVE-2007-0775, CVE-2007-0777) Cross-site scripting (XSS) flaws were found in Firefox. A malicious web page could display misleading information, allowing a user to unknowingly divulge sensitive information, such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way Firefox processed JavaScript contained in certain tags. A malicious web page could cause Firefox to execute JavaScript code with the privileges of the user running Firefox. (CVE-2007-0994) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may have been able to inject arbitrary HTML into a browsing session if the user reloaded a targeted site. (CVE-2007-0778) Certain web content could overlay Firefox user interface elements such as the hostname and security indicators. A malicious web page could trick a user into thinking they were visiting a different site. (CVE-2007-0779) Two flaws were found in Firefox's displaying of blocked popup windows. If a user could be convinced to open a blocked popup, it was possible to read arbitrary local files, or conduct a cross-site scripting attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running Firefox. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way Firefox handled the "location.hostname" value. A malicious web page could set domain cookies for an arbitrary site, or possibly perform a cross-site scripting attack. (CVE-2007-0981) Users of Firefox are advised to upgrade to this erratum package, containing Firefox version 1.5.0.10 which is not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 230050 - CVE-2007-0775 Multiple Firefox flaws (CVE-2007-0777, CVE-2007-0994, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-0981) 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-10.0.1.el5.src.rpm ecc6ccfcf4c2c08e941f72f5cfeaa55c devhelp-0.12-10.0.1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.10-2.el5.src.rpm 60cf3411d9e9b68bf0f25ac3541cf23a firefox-1.5.0.10-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/yelp-2.16.0-14.0.1.el5.src.rpm 56ce5fe3b3776b01fc7886f65ef1404b yelp-2.16.0-14.0.1.el5.src.rpm i386: 0774d6e92c98fd2507952d9ce59ce891 devhelp-0.12-10.0.1.el5.i386.rpm 3acf940cc0301234390c98632c69da11 devhelp-debuginfo-0.12-10.0.1.el5.i386.rpm 39b98bd5460439dbdd1f0c495028fd33 firefox-1.5.0.10-2.el5.i386.rpm 4b0e34c319d80574f720840a04be6716 firefox-debuginfo-1.5.0.10-2.el5.i386.rpm 7ac3f70e9c5ba8e68a068946a66a3163 yelp-2.16.0-14.0.1.el5.i386.rpm 210a17a4c674ef1863bd30498fe91a38 yelp-debuginfo-2.16.0-14.0.1.el5.i386.rpm x86_64: 0774d6e92c98fd2507952d9ce59ce891 devhelp-0.12-10.0.1.el5.i386.rpm 2c7791aad7d6e18b322f4834088f8708 devhelp-0.12-10.0.1.el5.x86_64.rpm 3acf940cc0301234390c98632c69da11 devhelp-debuginfo-0.12-10.0.1.el5.i386.rpm b3bf53bcbd8f5e4bc254196496831e74 devhelp-debuginfo-0.12-10.0.1.el5.x86_64.rpm 39b98bd5460439dbdd1f0c495028fd33 firefox-1.5.0.10-2.el5.i386.rpm a0ffe472bf6a3c517d41f0dc8900af86 firefox-1.5.0.10-2.el5.x86_64.rpm 4b0e34c319d80574f720840a04be6716 firefox-debuginfo-1.5.0.10-2.el5.i386.rpm 1ae549e2cab746aa1e2615a6b73c5e20 firefox-debuginfo-1.5.0.10-2.el5.x86_64.rpm 502e2b4dd68c59593652bf8f44d7dee4 yelp-2.16.0-14.0.1.el5.x86_64.rpm 0974ac1fd3c19e02765a750427efae46 yelp-debuginfo-2.16.0-14.0.1.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-10.0.1.el5.src.rpm ecc6ccfcf4c2c08e941f72f5cfeaa55c devhelp-0.12-10.0.1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.10-2.el5.src.rpm 60cf3411d9e9b68bf0f25ac3541cf23a firefox-1.5.0.10-2.el5.src.rpm i386: 3acf940cc0301234390c98632c69da11 devhelp-debuginfo-0.12-10.0.1.el5.i386.rpm ede028c4f35108e54ded794f91d4f82e devhelp-devel-0.12-10.0.1.el5.i386.rpm 4b0e34c319d80574f720840a04be6716 firefox-debuginfo-1.5.0.10-2.el5.i386.rpm c334841929aae1eb36a71772f51d89da firefox-devel-1.5.0.10-2.el5.i386.rpm x86_64: 3acf940cc0301234390c98632c69da11 devhelp-debuginfo-0.12-10.0.1.el5.i386.rpm b3bf53bcbd8f5e4bc254196496831e74 devhelp-debuginfo-0.12-10.0.1.el5.x86_64.rpm ede028c4f35108e54ded794f91d4f82e devhelp-devel-0.12-10.0.1.el5.i386.rpm 44f47bf9e6a7ecb39f7c907ca4a381d9 devhelp-devel-0.12-10.0.1.el5.x86_64.rpm 4b0e34c319d80574f720840a04be6716 firefox-debuginfo-1.5.0.10-2.el5.i386.rpm 1ae549e2cab746aa1e2615a6b73c5e20 firefox-debuginfo-1.5.0.10-2.el5.x86_64.rpm c334841929aae1eb36a71772f51d89da firefox-devel-1.5.0.10-2.el5.i386.rpm 5ba38c9a8e94ed9bb254e8b2010bdbbb firefox-devel-1.5.0.10-2.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/devhelp-0.12-10.0.1.el5.src.rpm ecc6ccfcf4c2c08e941f72f5cfeaa55c devhelp-0.12-10.0.1.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-1.5.0.10-2.el5.src.rpm 60cf3411d9e9b68bf0f25ac3541cf23a firefox-1.5.0.10-2.el5.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/yelp-2.16.0-14.0.1.el5.src.rpm 56ce5fe3b3776b01fc7886f65ef1404b yelp-2.16.0-14.0.1.el5.src.rpm i386: 0774d6e92c98fd2507952d9ce59ce891 devhelp-0.12-10.0.1.el5.i386.rpm 3acf940cc0301234390c98632c69da11 devhelp-debuginfo-0.12-10.0.1.el5.i386.rpm ede028c4f35108e54ded794f91d4f82e devhelp-devel-0.12-10.0.1.el5.i386.rpm 39b98bd5460439dbdd1f0c495028fd33 firefox-1.5.0.10-2.el5.i386.rpm 4b0e34c319d80574f720840a04be6716 firefox-debuginfo-1.5.0.10-2.el5.i386.rpm c334841929aae1eb36a71772f51d89da firefox-devel-1.5.0.10-2.el5.i386.rpm 7ac3f70e9c5ba8e68a068946a66a3163 yelp-2.16.0-14.0.1.el5.i386.rpm 210a17a4c674ef1863bd30498fe91a38 yelp-debuginfo-2.16.0-14.0.1.el5.i386.rpm ia64: 0543d59be616203f72d6b46b33051ac2 devhelp-0.12-10.0.1.el5.ia64.rpm acab03e92aa6c9cf472218bd698859de devhelp-debuginfo-0.12-10.0.1.el5.ia64.rpm f40918a968dd3425e534e589cda9b81b devhelp-devel-0.12-10.0.1.el5.ia64.rpm f22781eca58556113552b288dd7fe76b firefox-1.5.0.10-2.el5.ia64.rpm a6aaba32c9b8522a18526640c0f8d396 firefox-debuginfo-1.5.0.10-2.el5.ia64.rpm 56ea2d1debbf5c4d7a0f1ae3ebb3e741 firefox-devel-1.5.0.10-2.el5.ia64.rpm 250095927ac38854ab4b42a473a785f7 yelp-2.16.0-14.0.1.el5.ia64.rpm 5df4b3ff6b5cb315a97b7e7f7095cda8 yelp-debuginfo-2.16.0-14.0.1.el5.ia64.rpm ppc: 576bd9205f61c07a8328ac3309c3cccd devhelp-0.12-10.0.1.el5.ppc.rpm dcaf49587708080277a2f10b346babd5 devhelp-debuginfo-0.12-10.0.1.el5.ppc.rpm 57b04a6c88b63d1227129f1509ecf8ae devhelp-devel-0.12-10.0.1.el5.ppc.rpm 266c896a44c5818506058d3f43fb510a firefox-1.5.0.10-2.el5.ppc.rpm 6dd9e1c3f0743ec8fb388f601badebcf firefox-debuginfo-1.5.0.10-2.el5.ppc.rpm 81d6fd77e467137a6383ebd75aac7c38 firefox-devel-1.5.0.10-2.el5.ppc.rpm cdd89632e1d496fdc00db638bbb85297 yelp-2.16.0-14.0.1.el5.ppc.rpm 9a033f9605570160561823425b547720 yelp-debuginfo-2.16.0-14.0.1.el5.ppc.rpm s390x: 92415d0cd192d89b829d5cea4957ffd3 devhelp-0.12-10.0.1.el5.s390.rpm 249086f31984ef20db1edcc668769c64 devhelp-0.12-10.0.1.el5.s390x.rpm dc724a4361cb4dd66381b4d82059c8d1 devhelp-debuginfo-0.12-10.0.1.el5.s390.rpm 97a65832a3dd2f76723e0d5d9b6a6d1f devhelp-debuginfo-0.12-10.0.1.el5.s390x.rpm 3c659c50b265f059367e3572d5dc908c devhelp-devel-0.12-10.0.1.el5.s390.rpm 8821c3e5f96844a0563ba7a773925ea4 devhelp-devel-0.12-10.0.1.el5.s390x.rpm 0c8ef9a9f6246dd277247fedcf65e2ef firefox-1.5.0.10-2.el5.s390.rpm 1f2fc90bc59dc42e3068fb358aec67bd firefox-1.5.0.10-2.el5.s390x.rpm 108ef308488056b3df8feb04fc535cee firefox-debuginfo-1.5.0.10-2.el5.s390.rpm 539070e0ca79c624a07230ee7058aff7 firefox-debuginfo-1.5.0.10-2.el5.s390x.rpm 1364113945647fd64b1d2b2b42a40d52 firefox-devel-1.5.0.10-2.el5.s390.rpm eda1b9d310aeeb22821a0c807794349c firefox-devel-1.5.0.10-2.el5.s390x.rpm 73bb10b49cc143dce64fafea46b74081 yelp-2.16.0-14.0.1.el5.s390x.rpm 00255312f531140dee6d191dcffbce34 yelp-debuginfo-2.16.0-14.0.1.el5.s390x.rpm x86_64: 0774d6e92c98fd2507952d9ce59ce891 devhelp-0.12-10.0.1.el5.i386.rpm 2c7791aad7d6e18b322f4834088f8708 devhelp-0.12-10.0.1.el5.x86_64.rpm 3acf940cc0301234390c98632c69da11 devhelp-debuginfo-0.12-10.0.1.el5.i386.rpm b3bf53bcbd8f5e4bc254196496831e74 devhelp-debuginfo-0.12-10.0.1.el5.x86_64.rpm ede028c4f35108e54ded794f91d4f82e devhelp-devel-0.12-10.0.1.el5.i386.rpm 44f47bf9e6a7ecb39f7c907ca4a381d9 devhelp-devel-0.12-10.0.1.el5.x86_64.rpm 39b98bd5460439dbdd1f0c495028fd33 firefox-1.5.0.10-2.el5.i386.rpm a0ffe472bf6a3c517d41f0dc8900af86 firefox-1.5.0.10-2.el5.x86_64.rpm 4b0e34c319d80574f720840a04be6716 firefox-debuginfo-1.5.0.10-2.el5.i386.rpm 1ae549e2cab746aa1e2615a6b73c5e20 firefox-debuginfo-1.5.0.10-2.el5.x86_64.rpm c334841929aae1eb36a71772f51d89da firefox-devel-1.5.0.10-2.el5.i386.rpm 5ba38c9a8e94ed9bb254e8b2010bdbbb firefox-devel-1.5.0.10-2.el5.x86_64.rpm 502e2b4dd68c59593652bf8f44d7dee4 yelp-2.16.0-14.0.1.el5.x86_64.rpm 0974ac1fd3c19e02765a750427efae46 yelp-debuginfo-2.16.0-14.0.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0994 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0996 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFF+BaiXlSAg2UNWIIRAokoAKCzszdtoga3C9d8uXtAegi72gD44QCgvMdN uRs95KjG0jL0EmzKD2qQ1Kg= =SSdn -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 14 15:38:32 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Mar 2007 11:38:32 -0400 Subject: [RHSA-2007:0099-02] Important: kernel security and bug fix update Message-ID: <200703141538.l2EFcWhR018240@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2007:0099-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0099.html Issue date: 2007-03-14 Updated on: 2007-03-14 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-0005 CVE-2007-0006 CVE-2007-0958 - --------------------------------------------------------------------- 1. Summary: Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Problem description: The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues: * a flaw in the key serial number collision avoidance algorithm of the keyctl subsystem that allowed a local user to cause a denial of service (CVE-2007-0006, Important) * a flaw in the Omnikey CardMan 4040 driver that allowed a local user to execute arbitrary code with kernel privileges. In order to exploit this issue, the Omnikey CardMan 4040 PCMCIA card must be present and the local user must have access rights to the character device created by the driver. (CVE-2007-0005, Moderate) * a flaw in the core-dump handling that allowed a local user to create core dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low) In addition to the security issues described above, a fix for a kernel panic in the powernow-k8 module, and a fix for a kernel panic when booting the Xen domain-0 on system with large memory installations have been included. Red Hat would like to thank Daniel Roethlisberger for reporting an issue fixed in this erratum. Red Hat Enterprise Linux 5 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 229883 - CVE-2007-0006 Key serial number collision problem 229884 - CVE-2007-0005 Buffer Overflow in Omnikey CardMan 4040 cmx driver 229885 - CVE-2007-0958 core-dumping unreadable binaries via PT_INTERP 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-8.1.1.el5.src.rpm 2744fcbcfaf6da06a0f26c920d040b51 kernel-2.6.18-8.1.1.el5.src.rpm i386: f97e00e18601fd588bb5e920f5685f71 kernel-2.6.18-8.1.1.el5.i686.rpm b364467d99e079cb91759eb38dd7a1db kernel-PAE-2.6.18-8.1.1.el5.i686.rpm b45712015924d73159a895f10bad5e8b kernel-PAE-debuginfo-2.6.18-8.1.1.el5.i686.rpm 88ac0d2612d402800276d9da72db5b1e kernel-debuginfo-2.6.18-8.1.1.el5.i686.rpm 7fb8a3a50492064fbfba3ee05bcf1759 kernel-debuginfo-common-2.6.18-8.1.1.el5.i686.rpm 9b085bd3fc2faee25b4bee012cc7871a kernel-headers-2.6.18-8.1.1.el5.i386.rpm d6340ff404a26f3e475f183cefbaad71 kernel-xen-2.6.18-8.1.1.el5.i686.rpm e398acde099b0a0e3f5e65c4c9f07f90 kernel-xen-debuginfo-2.6.18-8.1.1.el5.i686.rpm noarch: 8544c5c2ba06c1807756ea3f458bdbb7 kernel-doc-2.6.18-8.1.1.el5.noarch.rpm x86_64: ff57af3ca7970d24428155c5cd0c42ef kernel-2.6.18-8.1.1.el5.x86_64.rpm 41cbaa96be6d2e8edf5556f7aa827b49 kernel-debuginfo-2.6.18-8.1.1.el5.x86_64.rpm af0186afbfddf6cacb41648d26687242 kernel-debuginfo-common-2.6.18-8.1.1.el5.x86_64.rpm 57a6db9809542db62551864b92a944f7 kernel-headers-2.6.18-8.1.1.el5.x86_64.rpm c456f6bc5801e67a88c59be81019116f kernel-xen-2.6.18-8.1.1.el5.x86_64.rpm 022bd557cfcede11e7547c05d944b32d kernel-xen-debuginfo-2.6.18-8.1.1.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-8.1.1.el5.src.rpm 2744fcbcfaf6da06a0f26c920d040b51 kernel-2.6.18-8.1.1.el5.src.rpm i386: b45712015924d73159a895f10bad5e8b kernel-PAE-debuginfo-2.6.18-8.1.1.el5.i686.rpm dd24498506dafa2baaac2dbc73caf1df kernel-PAE-devel-2.6.18-8.1.1.el5.i686.rpm 88ac0d2612d402800276d9da72db5b1e kernel-debuginfo-2.6.18-8.1.1.el5.i686.rpm 7fb8a3a50492064fbfba3ee05bcf1759 kernel-debuginfo-common-2.6.18-8.1.1.el5.i686.rpm ada80c33f4246c176453cd7959131ff9 kernel-devel-2.6.18-8.1.1.el5.i686.rpm e398acde099b0a0e3f5e65c4c9f07f90 kernel-xen-debuginfo-2.6.18-8.1.1.el5.i686.rpm 5178447f1a732ea42c18025b2e9b0d41 kernel-xen-devel-2.6.18-8.1.1.el5.i686.rpm x86_64: 41cbaa96be6d2e8edf5556f7aa827b49 kernel-debuginfo-2.6.18-8.1.1.el5.x86_64.rpm af0186afbfddf6cacb41648d26687242 kernel-debuginfo-common-2.6.18-8.1.1.el5.x86_64.rpm e9db5d366e74227fc07122d97fec7b95 kernel-devel-2.6.18-8.1.1.el5.x86_64.rpm 022bd557cfcede11e7547c05d944b32d kernel-xen-debuginfo-2.6.18-8.1.1.el5.x86_64.rpm a5ea0c18641105e334229134225a78de kernel-xen-devel-2.6.18-8.1.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-8.1.1.el5.src.rpm 2744fcbcfaf6da06a0f26c920d040b51 kernel-2.6.18-8.1.1.el5.src.rpm i386: f97e00e18601fd588bb5e920f5685f71 kernel-2.6.18-8.1.1.el5.i686.rpm b364467d99e079cb91759eb38dd7a1db kernel-PAE-2.6.18-8.1.1.el5.i686.rpm b45712015924d73159a895f10bad5e8b kernel-PAE-debuginfo-2.6.18-8.1.1.el5.i686.rpm dd24498506dafa2baaac2dbc73caf1df kernel-PAE-devel-2.6.18-8.1.1.el5.i686.rpm 88ac0d2612d402800276d9da72db5b1e kernel-debuginfo-2.6.18-8.1.1.el5.i686.rpm 7fb8a3a50492064fbfba3ee05bcf1759 kernel-debuginfo-common-2.6.18-8.1.1.el5.i686.rpm ada80c33f4246c176453cd7959131ff9 kernel-devel-2.6.18-8.1.1.el5.i686.rpm 9b085bd3fc2faee25b4bee012cc7871a kernel-headers-2.6.18-8.1.1.el5.i386.rpm d6340ff404a26f3e475f183cefbaad71 kernel-xen-2.6.18-8.1.1.el5.i686.rpm e398acde099b0a0e3f5e65c4c9f07f90 kernel-xen-debuginfo-2.6.18-8.1.1.el5.i686.rpm 5178447f1a732ea42c18025b2e9b0d41 kernel-xen-devel-2.6.18-8.1.1.el5.i686.rpm ia64: 2905b52ebddeba1c913612fba91fee3e kernel-2.6.18-8.1.1.el5.ia64.rpm 33ea96f6b26b1784d9795cedc6d6335a kernel-debuginfo-2.6.18-8.1.1.el5.ia64.rpm 8cb4bacb8954ad5f1bcc0a5356475fa2 kernel-debuginfo-common-2.6.18-8.1.1.el5.ia64.rpm c9c53f487bbe1600b2ba0fc0ce3e94ca kernel-devel-2.6.18-8.1.1.el5.ia64.rpm d1f64119e9583e1880f7512106b3664b kernel-headers-2.6.18-8.1.1.el5.ia64.rpm e890b7d7b3181afc5bfad05d746e840b kernel-xen-2.6.18-8.1.1.el5.ia64.rpm be8a6439137ad9e09dac6f61d3d4bb45 kernel-xen-debuginfo-2.6.18-8.1.1.el5.ia64.rpm 403efa13018904be8730c28fa8028409 kernel-xen-devel-2.6.18-8.1.1.el5.ia64.rpm noarch: 8544c5c2ba06c1807756ea3f458bdbb7 kernel-doc-2.6.18-8.1.1.el5.noarch.rpm ppc: 4285e4fad7664624ab5971bebea97232 kernel-2.6.18-8.1.1.el5.ppc64.rpm 690a4c1c19744caff06cbcdab223b07d kernel-debuginfo-2.6.18-8.1.1.el5.ppc64.rpm 57c57d363cb309a212b96dc5172d70a2 kernel-debuginfo-common-2.6.18-8.1.1.el5.ppc64.rpm ba5d5adbc2026218f3a5cd5f8eeba504 kernel-devel-2.6.18-8.1.1.el5.ppc64.rpm 2245c81f05272e33663a1730c6aeabdb kernel-headers-2.6.18-8.1.1.el5.ppc.rpm c6ab8bde7c3587a776763075b5fcc697 kernel-headers-2.6.18-8.1.1.el5.ppc64.rpm d0c2637b7452cbb5d96173ec5b706a3e kernel-kdump-2.6.18-8.1.1.el5.ppc64.rpm b3ab64773b3ab428cb82a7f07152e522 kernel-kdump-debuginfo-2.6.18-8.1.1.el5.ppc64.rpm 64fe4b732f36c36d8132f257ee13510d kernel-kdump-devel-2.6.18-8.1.1.el5.ppc64.rpm s390x: fcc9f91e038e5eb07d5aa1945e5a13c0 kernel-2.6.18-8.1.1.el5.s390x.rpm cf0e1211688ce1cab455a17824bf3996 kernel-debuginfo-2.6.18-8.1.1.el5.s390x.rpm f709be36f5639feeb905061ee4af627f kernel-debuginfo-common-2.6.18-8.1.1.el5.s390x.rpm 3495075c9d16f20ffc93f4cb1f0d3492 kernel-devel-2.6.18-8.1.1.el5.s390x.rpm 553a860b06c29d549eb2da4ff345542a kernel-headers-2.6.18-8.1.1.el5.s390x.rpm x86_64: ff57af3ca7970d24428155c5cd0c42ef kernel-2.6.18-8.1.1.el5.x86_64.rpm 41cbaa96be6d2e8edf5556f7aa827b49 kernel-debuginfo-2.6.18-8.1.1.el5.x86_64.rpm af0186afbfddf6cacb41648d26687242 kernel-debuginfo-common-2.6.18-8.1.1.el5.x86_64.rpm e9db5d366e74227fc07122d97fec7b95 kernel-devel-2.6.18-8.1.1.el5.x86_64.rpm 57a6db9809542db62551864b92a944f7 kernel-headers-2.6.18-8.1.1.el5.x86_64.rpm c456f6bc5801e67a88c59be81019116f kernel-xen-2.6.18-8.1.1.el5.x86_64.rpm 022bd557cfcede11e7547c05d944b32d kernel-xen-debuginfo-2.6.18-8.1.1.el5.x86_64.rpm a5ea0c18641105e334229134225a78de kernel-xen-devel-2.6.18-8.1.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0005 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0006 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0958 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFF+Ba3XlSAg2UNWIIRAiJFAJ9WpKlmJDZ/dOrFc15AvSczu78gHQCfbSuf NbBnLywxwu+CccNecVS1ty4= =jYrU -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 14 15:38:52 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Mar 2007 11:38:52 -0400 Subject: [RHSA-2007:0107-02] Important: gnupg security update Message-ID: <200703141538.l2EFcqwg018261@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: gnupg security update Advisory ID: RHSA-2007:0107-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0107.html Issue date: 2007-03-13 Updated on: 2007-03-14 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-1263 - --------------------------------------------------------------------- 1. Summary: Updated GnuPG packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: GnuPG is a utility for encrypting data and creating digital signatures. Gerardo Richarte discovered that a number of applications that make use of GnuPG are prone to a vulnerability involving incorrect verification of signatures and encryption. An attacker could add arbitrary content to a signed message in such a way that a receiver of the message would not be able to distinguish between the properly signed parts of a message and the forged, unsigned, parts. (CVE-2007-1263) Whilst this is not a vulnerability in GnuPG itself, the GnuPG team have produced a patch to protect against messages with multiple plaintext packets. Users should update to these erratum packages which contain the backported patch for this issue. Red Hat would like to thank Core Security Technologies for reporting this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 230467 - CVE-2007-1263 gnupg signed message spoofing 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gnupg-1.4.5-13.src.rpm 88df873d2b167bdfbb313f3a1ec2ea63 gnupg-1.4.5-13.src.rpm i386: 47649e57708dfae65f65af9cb619c00d gnupg-1.4.5-13.i386.rpm da2323dcad0b79ef3025ec908456ba49 gnupg-debuginfo-1.4.5-13.i386.rpm x86_64: d3954a6a0eb0f6a304b2e2ef50401927 gnupg-1.4.5-13.x86_64.rpm b46e792adafc0994c69a34894736f09e gnupg-debuginfo-1.4.5-13.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gnupg-1.4.5-13.src.rpm 88df873d2b167bdfbb313f3a1ec2ea63 gnupg-1.4.5-13.src.rpm i386: 47649e57708dfae65f65af9cb619c00d gnupg-1.4.5-13.i386.rpm da2323dcad0b79ef3025ec908456ba49 gnupg-debuginfo-1.4.5-13.i386.rpm ia64: 264ad7041effae5b298835ce0ea670da gnupg-1.4.5-13.ia64.rpm b96a92a5570c2a2f108980e8f763b555 gnupg-debuginfo-1.4.5-13.ia64.rpm ppc: 1a52050adf71e8b6aed8133e500569f4 gnupg-1.4.5-13.ppc.rpm 2b3765fc4aad400474eec29987157722 gnupg-debuginfo-1.4.5-13.ppc.rpm s390x: 589c91def49fc94470e62b705bc30d28 gnupg-1.4.5-13.s390x.rpm daffde420c50a8e5a7b8e2a97d54fbe7 gnupg-debuginfo-1.4.5-13.s390x.rpm x86_64: d3954a6a0eb0f6a304b2e2ef50401927 gnupg-1.4.5-13.x86_64.rpm b46e792adafc0994c69a34894736f09e gnupg-debuginfo-1.4.5-13.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1263 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFF+Bb8XlSAg2UNWIIRAvimAKCHRnvIjDVsc5yKhiLKS7jAEYJIEACgurdS mHOURQ9pH7ycMbZYdDiA9E0= =Y1Bb -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 14 15:39:03 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Mar 2007 11:39:03 -0400 Subject: [RHSA-2007:0108-02] Critical: thunderbird security update Message-ID: <200703141539.l2EFd3i8018276@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: thunderbird security update Advisory ID: RHSA-2007:0108-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0108.html Issue date: 2007-03-13 Updated on: 2007-03-14 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-6077 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0777 CVE-2007-0778 CVE-2007-0779 CVE-2007-0780 CVE-2007-0800 CVE-2007-0981 CVE-2007-0995 CVE-2007-0996 CVE-2007-1282 - --------------------------------------------------------------------- 1. Summary: Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Problem description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML mail message could execute JavaScript code in such a way that may result in Thunderbird crashing or executing arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-0775, CVE-2007-0777) Several cross-site scripting (XSS) flaws were found in the way Thunderbird processed certain malformed HTML mail messages. A malicious HTML mail message could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way Thunderbird processed text/enhanced and text/richtext formatted mail message. A specially crafted mail message could execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2007-1282) A flaw was found in the way Thunderbird cached web content on the local disk. A malicious HTML mail message may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way Thunderbird displayed certain web content. A malicious HTML mail message could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way Thunderbird displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running Thunderbird. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way Thunderbird handled the "location.hostname" value during certain browser domain checks. This flaw could allow a malicious HTML mail message to set domain cookies for an arbitrary site, or possibly perform an XSS attack. (CVE-2007-0981) Users of Thunderbird are advised to apply this update, which contains Thunderbird version 1.5.0.10 that corrects these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 230562 - CVE-2007-0775 Multiple Thunderbird flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-0981, CVE-2007-1282) 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/thunderbird-1.5.0.10-1.el5.src.rpm 99b39f79bb973b4932838ef9629894b6 thunderbird-1.5.0.10-1.el5.src.rpm i386: cf89d6e641725346a304198edfed3210 thunderbird-1.5.0.10-1.el5.i386.rpm 490546764a98ac455ec6f85e85509eb3 thunderbird-debuginfo-1.5.0.10-1.el5.i386.rpm x86_64: 80e7f143b744af822e898f5c304b5807 thunderbird-1.5.0.10-1.el5.x86_64.rpm e1e735956235db77d2f87e8474c0ddaf thunderbird-debuginfo-1.5.0.10-1.el5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/thunderbird-1.5.0.10-1.el5.src.rpm 99b39f79bb973b4932838ef9629894b6 thunderbird-1.5.0.10-1.el5.src.rpm i386: cf89d6e641725346a304198edfed3210 thunderbird-1.5.0.10-1.el5.i386.rpm 490546764a98ac455ec6f85e85509eb3 thunderbird-debuginfo-1.5.0.10-1.el5.i386.rpm x86_64: 80e7f143b744af822e898f5c304b5807 thunderbird-1.5.0.10-1.el5.x86_64.rpm e1e735956235db77d2f87e8474c0ddaf thunderbird-debuginfo-1.5.0.10-1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1282 http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFF+BcQXlSAg2UNWIIRAlKQAJ4hoCQ5jEWsyJdsZ7LV0dbWQhvdNQCguc+H UCt06NlM8I+v5K8JSqWt+ws= =9Vdl -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 14 15:39:11 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Mar 2007 11:39:11 -0400 Subject: [RHSA-2007:0114-02] Important: xen security update Message-ID: <200703141539.l2EFdB9w018295@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: xen security update Advisory ID: RHSA-2007:0114-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0114.html Issue date: 2007-03-14 Updated on: 2007-03-14 Product: Red Hat Enterprise Linux Keywords: xen qemu console ia64 VTi CVE Names: CVE-2007-0998 - --------------------------------------------------------------------- 1. Summary: An updated Xen package to fix one security issue and two bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Multi OS (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, x86_64 RHEL Virtualization (v. 5 server) - i386, ia64, x86_64 3. Problem description: The Xen package contains the tools for managing the virtual machine monitor in Red Hat Enterprise Linux virtualization. A flaw was found affecting the VNC server code in QEMU. On a fullyvirtualized guest VM, where qemu monitor mode is enabled, a user who had access to the VNC server could gain the ability to read arbitrary files as root in the host filesystem. (CVE-2007-0998) In addition to disabling qemu monitor mode, the following bugs were also fixed: * Fix IA64 fully virtualized (VTi) shadow page table mode initialization. * Fix network bonding in balanced-rr mode. Without this update, a network path loss could result in packet loss. Users of Xen should update to these erratum packages containing backported patches which correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 230295 - CVE-2007-0998 HVM guest VNC server allows compromise of entire host OS by any VNC console user 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-25.0.3.el5.src.rpm 21c113a6005f92e634de2e81e75d8f8b xen-3.0.3-25.0.3.el5.src.rpm i386: e2054068563042541dac3604ef38f736 xen-debuginfo-3.0.3-25.0.3.el5.i386.rpm 92f7eabd5a9a6f918d83141eb71c7593 xen-libs-3.0.3-25.0.3.el5.i386.rpm x86_64: e2054068563042541dac3604ef38f736 xen-debuginfo-3.0.3-25.0.3.el5.i386.rpm 84c732e30dc5967bdd80b270d79b7e21 xen-debuginfo-3.0.3-25.0.3.el5.x86_64.rpm 92f7eabd5a9a6f918d83141eb71c7593 xen-libs-3.0.3-25.0.3.el5.i386.rpm c460c527934aa3270aa425c5dd15ca66 xen-libs-3.0.3-25.0.3.el5.x86_64.rpm RHEL Desktop Multi OS (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/xen-3.0.3-25.0.3.el5.src.rpm 21c113a6005f92e634de2e81e75d8f8b xen-3.0.3-25.0.3.el5.src.rpm i386: 572e398fbc504adaae182b3ba040920f xen-3.0.3-25.0.3.el5.i386.rpm e2054068563042541dac3604ef38f736 xen-debuginfo-3.0.3-25.0.3.el5.i386.rpm 160836bd41a0d666fd7a6289f718c741 xen-devel-3.0.3-25.0.3.el5.i386.rpm x86_64: 2d5a582377d3874bb25fcc75615cb27a xen-3.0.3-25.0.3.el5.x86_64.rpm e2054068563042541dac3604ef38f736 xen-debuginfo-3.0.3-25.0.3.el5.i386.rpm 84c732e30dc5967bdd80b270d79b7e21 xen-debuginfo-3.0.3-25.0.3.el5.x86_64.rpm 160836bd41a0d666fd7a6289f718c741 xen-devel-3.0.3-25.0.3.el5.i386.rpm 2bac7c8ac7e7748385712eaf3755beaf xen-devel-3.0.3-25.0.3.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-25.0.3.el5.src.rpm 21c113a6005f92e634de2e81e75d8f8b xen-3.0.3-25.0.3.el5.src.rpm i386: e2054068563042541dac3604ef38f736 xen-debuginfo-3.0.3-25.0.3.el5.i386.rpm 92f7eabd5a9a6f918d83141eb71c7593 xen-libs-3.0.3-25.0.3.el5.i386.rpm ia64: 7f26965bfa2b601ad1b34bb435c223a0 xen-debuginfo-3.0.3-25.0.3.el5.ia64.rpm b18a6c8850c5a5253d96b02aab29cb7d xen-libs-3.0.3-25.0.3.el5.ia64.rpm x86_64: e2054068563042541dac3604ef38f736 xen-debuginfo-3.0.3-25.0.3.el5.i386.rpm 84c732e30dc5967bdd80b270d79b7e21 xen-debuginfo-3.0.3-25.0.3.el5.x86_64.rpm 92f7eabd5a9a6f918d83141eb71c7593 xen-libs-3.0.3-25.0.3.el5.i386.rpm c460c527934aa3270aa425c5dd15ca66 xen-libs-3.0.3-25.0.3.el5.x86_64.rpm RHEL Virtualization (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/xen-3.0.3-25.0.3.el5.src.rpm 21c113a6005f92e634de2e81e75d8f8b xen-3.0.3-25.0.3.el5.src.rpm i386: 572e398fbc504adaae182b3ba040920f xen-3.0.3-25.0.3.el5.i386.rpm e2054068563042541dac3604ef38f736 xen-debuginfo-3.0.3-25.0.3.el5.i386.rpm 160836bd41a0d666fd7a6289f718c741 xen-devel-3.0.3-25.0.3.el5.i386.rpm ia64: b9e42bf5e3afbd84b2e15b1aab7f502d xen-3.0.3-25.0.3.el5.ia64.rpm 7f26965bfa2b601ad1b34bb435c223a0 xen-debuginfo-3.0.3-25.0.3.el5.ia64.rpm b36f6d2d4c0c8df85085ce10ba0e854f xen-devel-3.0.3-25.0.3.el5.ia64.rpm x86_64: 2d5a582377d3874bb25fcc75615cb27a xen-3.0.3-25.0.3.el5.x86_64.rpm e2054068563042541dac3604ef38f736 xen-debuginfo-3.0.3-25.0.3.el5.i386.rpm 84c732e30dc5967bdd80b270d79b7e21 xen-debuginfo-3.0.3-25.0.3.el5.x86_64.rpm 160836bd41a0d666fd7a6289f718c741 xen-devel-3.0.3-25.0.3.el5.i386.rpm 2bac7c8ac7e7748385712eaf3755beaf xen-devel-3.0.3-25.0.3.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0998 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFF+BcaXlSAg2UNWIIRAkfxAKDBzCAyIIANYX16o99VrFAPCMmLswCdHFf9 c9tdS1vLovYcqb4wUX8Xpo0= =p9xM -----END PGP SIGNATURE----- From bugzilla at redhat.com Wed Mar 14 16:37:50 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Mar 2007 12:37:50 -0400 Subject: [RHSA-2007:0066-01] Low: wireshark security update Message-ID: <200703141637.l2EGboqB026018@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: wireshark security update Advisory ID: RHSA-2007:0066-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0066.html Issue date: 2007-03-14 Updated on: 2007-03-14 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-0456 CVE-2007-0457 CVE-2007-0458 CVE-2007-0459 - --------------------------------------------------------------------- 1. Summary: New Wireshark packages that fix various security vulnerabilities are now available. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: Wireshark is a program for monitoring network traffic. Several denial of service bugs were found in Wireshark's LLT, IEEE 802.11, http, and tcp protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. (CVE-2007-0456, CVE-2007-0457, CVE-2007-0458, CVE-2007-0459) Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.5, which is not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 225689 - CVE-2007-0456 Multiple Wireshark issues (CVE-2007-0457, CVE-2007-0458, CVE-2007-0459) 225781 - CVE-2007-0456 Multiple Wireshark issues (CVE-2007-0457, CVE-2007-0458, CVE-2007-0459) 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/wireshark-0.99.5-AS21.3.src.rpm 910c560ed0a96d5d421fdd4dc960e58b wireshark-0.99.5-AS21.3.src.rpm i386: b77cfcda3db81ff075eacc7f6b8da85d wireshark-0.99.5-AS21.3.i386.rpm 3ba3d22aba95c5738b35bce0ff61be23 wireshark-gnome-0.99.5-AS21.3.i386.rpm ia64: ec1c1946804e2bff049c49283c93e51b wireshark-0.99.5-AS21.3.ia64.rpm a38f01c33c7d7aaa2b297378384688b4 wireshark-gnome-0.99.5-AS21.3.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/wireshark-0.99.5-AS21.3.src.rpm 910c560ed0a96d5d421fdd4dc960e58b wireshark-0.99.5-AS21.3.src.rpm ia64: ec1c1946804e2bff049c49283c93e51b wireshark-0.99.5-AS21.3.ia64.rpm a38f01c33c7d7aaa2b297378384688b4 wireshark-gnome-0.99.5-AS21.3.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/wireshark-0.99.5-AS21.3.src.rpm 910c560ed0a96d5d421fdd4dc960e58b wireshark-0.99.5-AS21.3.src.rpm i386: b77cfcda3db81ff075eacc7f6b8da85d wireshark-0.99.5-AS21.3.i386.rpm 3ba3d22aba95c5738b35bce0ff61be23 wireshark-gnome-0.99.5-AS21.3.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/wireshark-0.99.5-AS21.3.src.rpm 910c560ed0a96d5d421fdd4dc960e58b wireshark-0.99.5-AS21.3.src.rpm i386: b77cfcda3db81ff075eacc7f6b8da85d wireshark-0.99.5-AS21.3.i386.rpm 3ba3d22aba95c5738b35bce0ff61be23 wireshark-gnome-0.99.5-AS21.3.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/wireshark-0.99.5-EL3.1.src.rpm c7255e4fa8af9ea9e6f8e1ee725e99e0 wireshark-0.99.5-EL3.1.src.rpm i386: 34ed0d94e523c71598f686e2cd1f12a7 wireshark-0.99.5-EL3.1.i386.rpm 5e1ab6abb2938fbb186b5931a73a657a wireshark-debuginfo-0.99.5-EL3.1.i386.rpm 51c2537226e42b98628130f8bd7c59ae wireshark-gnome-0.99.5-EL3.1.i386.rpm ia64: daf4a17f63e344828751e80281ebb877 wireshark-0.99.5-EL3.1.ia64.rpm 8cef63ff60d2c9a4e477708859710fff wireshark-debuginfo-0.99.5-EL3.1.ia64.rpm 3c80210a835d9daa2001a87b61bfa94f wireshark-gnome-0.99.5-EL3.1.ia64.rpm ppc: f227857529add11741a61af950c52a34 wireshark-0.99.5-EL3.1.ppc.rpm 64e566cd791dc45796d1f8941ef71853 wireshark-debuginfo-0.99.5-EL3.1.ppc.rpm 79016cc05e209507144f51fb39f91b79 wireshark-gnome-0.99.5-EL3.1.ppc.rpm s390: da432075e4346fced0060df567b55096 wireshark-0.99.5-EL3.1.s390.rpm d5660961fa9fd8379131623413eaf89d wireshark-debuginfo-0.99.5-EL3.1.s390.rpm ec4f0a3279698d6e470f64c829e0afcb wireshark-gnome-0.99.5-EL3.1.s390.rpm s390x: 97340db1628c7b88e87e3a55fe11fc31 wireshark-0.99.5-EL3.1.s390x.rpm d103f1089b8a4e1804c49917c75fd0b4 wireshark-debuginfo-0.99.5-EL3.1.s390x.rpm d222da5178b1398b758d8e15e3388fb8 wireshark-gnome-0.99.5-EL3.1.s390x.rpm x86_64: 9cb61c5d8b95d8f83be1625deac47149 wireshark-0.99.5-EL3.1.x86_64.rpm bfcabe9dd73a7e699ae74fab0839b801 wireshark-debuginfo-0.99.5-EL3.1.x86_64.rpm aad3f0b52b39619959761586c374821b wireshark-gnome-0.99.5-EL3.1.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/wireshark-0.99.5-EL3.1.src.rpm c7255e4fa8af9ea9e6f8e1ee725e99e0 wireshark-0.99.5-EL3.1.src.rpm i386: 34ed0d94e523c71598f686e2cd1f12a7 wireshark-0.99.5-EL3.1.i386.rpm 5e1ab6abb2938fbb186b5931a73a657a wireshark-debuginfo-0.99.5-EL3.1.i386.rpm 51c2537226e42b98628130f8bd7c59ae wireshark-gnome-0.99.5-EL3.1.i386.rpm x86_64: 9cb61c5d8b95d8f83be1625deac47149 wireshark-0.99.5-EL3.1.x86_64.rpm bfcabe9dd73a7e699ae74fab0839b801 wireshark-debuginfo-0.99.5-EL3.1.x86_64.rpm aad3f0b52b39619959761586c374821b wireshark-gnome-0.99.5-EL3.1.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/wireshark-0.99.5-EL3.1.src.rpm c7255e4fa8af9ea9e6f8e1ee725e99e0 wireshark-0.99.5-EL3.1.src.rpm i386: 34ed0d94e523c71598f686e2cd1f12a7 wireshark-0.99.5-EL3.1.i386.rpm 5e1ab6abb2938fbb186b5931a73a657a wireshark-debuginfo-0.99.5-EL3.1.i386.rpm 51c2537226e42b98628130f8bd7c59ae wireshark-gnome-0.99.5-EL3.1.i386.rpm ia64: daf4a17f63e344828751e80281ebb877 wireshark-0.99.5-EL3.1.ia64.rpm 8cef63ff60d2c9a4e477708859710fff wireshark-debuginfo-0.99.5-EL3.1.ia64.rpm 3c80210a835d9daa2001a87b61bfa94f wireshark-gnome-0.99.5-EL3.1.ia64.rpm x86_64: 9cb61c5d8b95d8f83be1625deac47149 wireshark-0.99.5-EL3.1.x86_64.rpm bfcabe9dd73a7e699ae74fab0839b801 wireshark-debuginfo-0.99.5-EL3.1.x86_64.rpm aad3f0b52b39619959761586c374821b wireshark-gnome-0.99.5-EL3.1.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/wireshark-0.99.5-EL3.1.src.rpm c7255e4fa8af9ea9e6f8e1ee725e99e0 wireshark-0.99.5-EL3.1.src.rpm i386: 34ed0d94e523c71598f686e2cd1f12a7 wireshark-0.99.5-EL3.1.i386.rpm 5e1ab6abb2938fbb186b5931a73a657a wireshark-debuginfo-0.99.5-EL3.1.i386.rpm 51c2537226e42b98628130f8bd7c59ae wireshark-gnome-0.99.5-EL3.1.i386.rpm ia64: daf4a17f63e344828751e80281ebb877 wireshark-0.99.5-EL3.1.ia64.rpm 8cef63ff60d2c9a4e477708859710fff wireshark-debuginfo-0.99.5-EL3.1.ia64.rpm 3c80210a835d9daa2001a87b61bfa94f wireshark-gnome-0.99.5-EL3.1.ia64.rpm x86_64: 9cb61c5d8b95d8f83be1625deac47149 wireshark-0.99.5-EL3.1.x86_64.rpm bfcabe9dd73a7e699ae74fab0839b801 wireshark-debuginfo-0.99.5-EL3.1.x86_64.rpm aad3f0b52b39619959761586c374821b wireshark-gnome-0.99.5-EL3.1.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/wireshark-0.99.5-EL4.1.src.rpm f9a8dcaf414f499920f5199dbbc28ca1 wireshark-0.99.5-EL4.1.src.rpm i386: 30bd4ee2fb228d263ed311f658f6dda7 wireshark-0.99.5-EL4.1.i386.rpm d63184791accb985d71796deb495f6ab wireshark-debuginfo-0.99.5-EL4.1.i386.rpm 1882b5a6ebe75341c5487a6475366b44 wireshark-gnome-0.99.5-EL4.1.i386.rpm ia64: 3949dc851c7701f0a5931d54d884470a wireshark-0.99.5-EL4.1.ia64.rpm 65268475b0a25652ff23a134df5a6a41 wireshark-debuginfo-0.99.5-EL4.1.ia64.rpm 0ed02fc9f811c94b3cc348bf6b27c6a5 wireshark-gnome-0.99.5-EL4.1.ia64.rpm ppc: f5d27f3b28bfe94b3fe4b2da9f99dd6e wireshark-0.99.5-EL4.1.ppc.rpm 108a9935cb05adcc7dab9d720cece787 wireshark-debuginfo-0.99.5-EL4.1.ppc.rpm 6287732afaf422b7010907af1f5a2658 wireshark-gnome-0.99.5-EL4.1.ppc.rpm s390: 6b1f7d80530974ec11d2f978f295beaf wireshark-0.99.5-EL4.1.s390.rpm 05843b009505b2d1a08145349798d287 wireshark-debuginfo-0.99.5-EL4.1.s390.rpm 8218d325de4fd6a3438ffde70433444b wireshark-gnome-0.99.5-EL4.1.s390.rpm s390x: aff316b3f3be3641b77008c327ff372f wireshark-0.99.5-EL4.1.s390x.rpm 55e0974d1211d5b8b1db7ff970ea38a8 wireshark-debuginfo-0.99.5-EL4.1.s390x.rpm 1b74eb3df654513a225860f29eb69085 wireshark-gnome-0.99.5-EL4.1.s390x.rpm x86_64: 9c952637d690e2b1bc56d0b7dee10037 wireshark-0.99.5-EL4.1.x86_64.rpm 63a91dec4be24935a00ded591744fdf5 wireshark-debuginfo-0.99.5-EL4.1.x86_64.rpm a7640db353e1b6ed82bfed2f6b69aa80 wireshark-gnome-0.99.5-EL4.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/wireshark-0.99.5-EL4.1.src.rpm f9a8dcaf414f499920f5199dbbc28ca1 wireshark-0.99.5-EL4.1.src.rpm i386: 30bd4ee2fb228d263ed311f658f6dda7 wireshark-0.99.5-EL4.1.i386.rpm d63184791accb985d71796deb495f6ab wireshark-debuginfo-0.99.5-EL4.1.i386.rpm 1882b5a6ebe75341c5487a6475366b44 wireshark-gnome-0.99.5-EL4.1.i386.rpm x86_64: 9c952637d690e2b1bc56d0b7dee10037 wireshark-0.99.5-EL4.1.x86_64.rpm 63a91dec4be24935a00ded591744fdf5 wireshark-debuginfo-0.99.5-EL4.1.x86_64.rpm a7640db353e1b6ed82bfed2f6b69aa80 wireshark-gnome-0.99.5-EL4.1.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/wireshark-0.99.5-EL4.1.src.rpm f9a8dcaf414f499920f5199dbbc28ca1 wireshark-0.99.5-EL4.1.src.rpm i386: 30bd4ee2fb228d263ed311f658f6dda7 wireshark-0.99.5-EL4.1.i386.rpm d63184791accb985d71796deb495f6ab wireshark-debuginfo-0.99.5-EL4.1.i386.rpm 1882b5a6ebe75341c5487a6475366b44 wireshark-gnome-0.99.5-EL4.1.i386.rpm ia64: 3949dc851c7701f0a5931d54d884470a wireshark-0.99.5-EL4.1.ia64.rpm 65268475b0a25652ff23a134df5a6a41 wireshark-debuginfo-0.99.5-EL4.1.ia64.rpm 0ed02fc9f811c94b3cc348bf6b27c6a5 wireshark-gnome-0.99.5-EL4.1.ia64.rpm x86_64: 9c952637d690e2b1bc56d0b7dee10037 wireshark-0.99.5-EL4.1.x86_64.rpm 63a91dec4be24935a00ded591744fdf5 wireshark-debuginfo-0.99.5-EL4.1.x86_64.rpm a7640db353e1b6ed82bfed2f6b69aa80 wireshark-gnome-0.99.5-EL4.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/wireshark-0.99.5-EL4.1.src.rpm f9a8dcaf414f499920f5199dbbc28ca1 wireshark-0.99.5-EL4.1.src.rpm i386: 30bd4ee2fb228d263ed311f658f6dda7 wireshark-0.99.5-EL4.1.i386.rpm d63184791accb985d71796deb495f6ab wireshark-debuginfo-0.99.5-EL4.1.i386.rpm 1882b5a6ebe75341c5487a6475366b44 wireshark-gnome-0.99.5-EL4.1.i386.rpm ia64: 3949dc851c7701f0a5931d54d884470a wireshark-0.99.5-EL4.1.ia64.rpm 65268475b0a25652ff23a134df5a6a41 wireshark-debuginfo-0.99.5-EL4.1.ia64.rpm 0ed02fc9f811c94b3cc348bf6b27c6a5 wireshark-gnome-0.99.5-EL4.1.ia64.rpm x86_64: 9c952637d690e2b1bc56d0b7dee10037 wireshark-0.99.5-EL4.1.x86_64.rpm 63a91dec4be24935a00ded591744fdf5 wireshark-debuginfo-0.99.5-EL4.1.x86_64.rpm a7640db353e1b6ed82bfed2f6b69aa80 wireshark-gnome-0.99.5-EL4.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/wireshark-0.99.5-1.el5.src.rpm 9d82bbd74ce9e46b5b029ce6c888fca1 wireshark-0.99.5-1.el5.src.rpm i386: 7b122e6649aae58047ba0ba52e95b098 wireshark-0.99.5-1.el5.i386.rpm 2ac3271501487de446ee89927ffab68e wireshark-debuginfo-0.99.5-1.el5.i386.rpm x86_64: c694b461024223123dcccc99e36fbcfe wireshark-0.99.5-1.el5.x86_64.rpm 85472d7d770931966ed35c1ced184148 wireshark-debuginfo-0.99.5-1.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/wireshark-0.99.5-1.el5.src.rpm 9d82bbd74ce9e46b5b029ce6c888fca1 wireshark-0.99.5-1.el5.src.rpm i386: 2ac3271501487de446ee89927ffab68e wireshark-debuginfo-0.99.5-1.el5.i386.rpm 9a1fac83085a7198d5d5e2458a9470f8 wireshark-gnome-0.99.5-1.el5.i386.rpm x86_64: 85472d7d770931966ed35c1ced184148 wireshark-debuginfo-0.99.5-1.el5.x86_64.rpm bfd080375e919294702992180c392d0e wireshark-gnome-0.99.5-1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/wireshark-0.99.5-1.el5.src.rpm 9d82bbd74ce9e46b5b029ce6c888fca1 wireshark-0.99.5-1.el5.src.rpm i386: 7b122e6649aae58047ba0ba52e95b098 wireshark-0.99.5-1.el5.i386.rpm 2ac3271501487de446ee89927ffab68e wireshark-debuginfo-0.99.5-1.el5.i386.rpm 9a1fac83085a7198d5d5e2458a9470f8 wireshark-gnome-0.99.5-1.el5.i386.rpm ia64: 721f3ceef0332dff923788b52324927a wireshark-0.99.5-1.el5.ia64.rpm e93e9200fcb20e849e5467e5e8e81985 wireshark-debuginfo-0.99.5-1.el5.ia64.rpm 15a81f98c580035a4bdbf6561973eb51 wireshark-gnome-0.99.5-1.el5.ia64.rpm ppc: 31f9643c15386b3e2abda11ba247a0d0 wireshark-0.99.5-1.el5.ppc.rpm b664bfb84a8f9f30d7a3a359dd27ac31 wireshark-debuginfo-0.99.5-1.el5.ppc.rpm 4fb3acc5c5984c27c36d5abb21b79486 wireshark-gnome-0.99.5-1.el5.ppc.rpm s390x: 4d6cf43bf9684f03dc4c2bb629a647dc wireshark-0.99.5-1.el5.s390x.rpm 8b1bc7bbf6cf754e6aee57b1bfa06b78 wireshark-debuginfo-0.99.5-1.el5.s390x.rpm db2d8fc707cefe67c6662591bbd87f69 wireshark-gnome-0.99.5-1.el5.s390x.rpm x86_64: c694b461024223123dcccc99e36fbcfe wireshark-0.99.5-1.el5.x86_64.rpm 85472d7d770931966ed35c1ced184148 wireshark-debuginfo-0.99.5-1.el5.x86_64.rpm bfd080375e919294702992180c392d0e wireshark-gnome-0.99.5-1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0457 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0459 http://www.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFF+CTQXlSAg2UNWIIRAorZAKCvP7aklDwAM42b/Mb/Wo8vu94rMACdGQ5j GNQI+nqBZS37VZ4SWTDmACY= =aey6 -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Mar 16 14:19:06 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 16 Mar 2007 10:19:06 -0400 Subject: [RHSA-2007:0055-01] Important: libwpd security update Message-ID: <200703161419.l2GEJ6NN013905@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: libwpd security update Advisory ID: RHSA-2007:0055-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0055.html Issue date: 2007-03-16 Updated on: 2007-03-16 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-0002 - --------------------------------------------------------------------- 1. Summary: Updated libwpd packages to correct a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Problem description: libwpd is a library for reading and converting Word Perfect documents. iDefense reported several overflow bugs in libwpd. An attacker could create a carefully crafted Word Perfect file that could cause an application linked with libwpd, such as OpenOffice, to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-0002) All users are advised to upgrade to these updated packages, which contain a backported fix for this issue. Red Hat would like to thank Fridrich ?trba for alerting us to these issues and providing a patch. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 222808 - CVE-2007-0002 buffer overflows 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libwpd-0.8.7-3.el5.src.rpm c212cfc2bfabec2887bca4cbcf34acdc libwpd-0.8.7-3.el5.src.rpm i386: d7de3bf36ddb16a350408bc72114a687 libwpd-0.8.7-3.el5.i386.rpm a101c5f40f50d9d5dddd35b4b8692c64 libwpd-debuginfo-0.8.7-3.el5.i386.rpm 12cb995ab0f2ac9086ee7c80452eb10e libwpd-tools-0.8.7-3.el5.i386.rpm x86_64: d7de3bf36ddb16a350408bc72114a687 libwpd-0.8.7-3.el5.i386.rpm 20d519bcc68a56585fdaae42e02ceb20 libwpd-0.8.7-3.el5.x86_64.rpm a101c5f40f50d9d5dddd35b4b8692c64 libwpd-debuginfo-0.8.7-3.el5.i386.rpm efae83a0bb4b6437477a5208520b29f8 libwpd-debuginfo-0.8.7-3.el5.x86_64.rpm d283ebc02dd5a7122bf9160c4dd3a8dd libwpd-tools-0.8.7-3.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libwpd-0.8.7-3.el5.src.rpm c212cfc2bfabec2887bca4cbcf34acdc libwpd-0.8.7-3.el5.src.rpm i386: a101c5f40f50d9d5dddd35b4b8692c64 libwpd-debuginfo-0.8.7-3.el5.i386.rpm 8cca81259f7c924e8390f842907bf7fd libwpd-devel-0.8.7-3.el5.i386.rpm x86_64: a101c5f40f50d9d5dddd35b4b8692c64 libwpd-debuginfo-0.8.7-3.el5.i386.rpm efae83a0bb4b6437477a5208520b29f8 libwpd-debuginfo-0.8.7-3.el5.x86_64.rpm 8cca81259f7c924e8390f842907bf7fd libwpd-devel-0.8.7-3.el5.i386.rpm b86747cfa48cc2bd000baea86976a279 libwpd-devel-0.8.7-3.el5.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libwpd-0.8.7-3.el5.src.rpm c212cfc2bfabec2887bca4cbcf34acdc libwpd-0.8.7-3.el5.src.rpm i386: d7de3bf36ddb16a350408bc72114a687 libwpd-0.8.7-3.el5.i386.rpm a101c5f40f50d9d5dddd35b4b8692c64 libwpd-debuginfo-0.8.7-3.el5.i386.rpm 8cca81259f7c924e8390f842907bf7fd libwpd-devel-0.8.7-3.el5.i386.rpm 12cb995ab0f2ac9086ee7c80452eb10e libwpd-tools-0.8.7-3.el5.i386.rpm x86_64: d7de3bf36ddb16a350408bc72114a687 libwpd-0.8.7-3.el5.i386.rpm 20d519bcc68a56585fdaae42e02ceb20 libwpd-0.8.7-3.el5.x86_64.rpm a101c5f40f50d9d5dddd35b4b8692c64 libwpd-debuginfo-0.8.7-3.el5.i386.rpm efae83a0bb4b6437477a5208520b29f8 libwpd-debuginfo-0.8.7-3.el5.x86_64.rpm 8cca81259f7c924e8390f842907bf7fd libwpd-devel-0.8.7-3.el5.i386.rpm b86747cfa48cc2bd000baea86976a279 libwpd-devel-0.8.7-3.el5.x86_64.rpm d283ebc02dd5a7122bf9160c4dd3a8dd libwpd-tools-0.8.7-3.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0002 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFF+qdTXlSAg2UNWIIRAg6BAJ9EldnGUAT2DEIVJpnLt4yFG9CtdwCdH6U9 vdigXpEpFSl4+ZTKZLY9ALc= =1JsZ -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 22 10:54:58 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 Mar 2007 06:54:58 -0400 Subject: [RHSA-2007:0033-01] Important: openoffice.org security update Message-ID: <200703221054.l2MAswFv027835@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: openoffice.org security update Advisory ID: RHSA-2007:0033-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0033.html Issue date: 2007-03-22 Updated on: 2007-03-22 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-0238 CVE-2007-0239 CVE-2007-1466 - --------------------------------------------------------------------- 1. Summary: Updated openoffice.org packages to correct security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, x86_64 Red Hat Enterprise Linux WS version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ppc, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, x86_64 Red Hat Enterprise Linux WS version 4 - i386, x86_64 3. Problem description: OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. iDefense reported an integer overflow flaw in libwpd, a library used internally to OpenOffice.org for handling Word Perfect documents. An attacker could create a carefully crafted Word Perfect file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-1466) John Heasman discovered a stack overflow in the StarCalc parser in OpenOffice.org. An attacker could create a carefully crafted StarCalc file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-0238) Flaws were discovered in the way OpenOffice.org handled hyperlinks. An attacker could create an OpenOffice.org document which could run commands if a victim opened the file and clicked on a malicious hyperlink. (CVE-2007-0239) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported fixes for these issues. Red Hat would like to thank Fridrich ?trba for alerting us to the issue CVE-2007-1466 and providing a patch, and John Heasman for CVE-2007-0238. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 223801 - CVE-2007-1466 integer overflow 226966 - CVE-2007-0238 StarCalc overflow 228008 - CVE-2007-0239 hyperlink escaping issue 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openoffice.org-1.1.2-38.2.0.EL3.src.rpm b37da0f69777dbf95a0e1d26909b35ab openoffice.org-1.1.2-38.2.0.EL3.src.rpm i386: af3e7f45faea7a291984f6eb0b4e17b3 openoffice.org-1.1.2-38.2.0.EL3.i386.rpm b56dfd54f8cfddc45faedbfeb1233f5f openoffice.org-debuginfo-1.1.2-38.2.0.EL3.i386.rpm ce8d1c6142c11263e2f163dc4cea8a02 openoffice.org-i18n-1.1.2-38.2.0.EL3.i386.rpm e1c1642358cba645277ee46abcfb0758 openoffice.org-libs-1.1.2-38.2.0.EL3.i386.rpm x86_64: af3e7f45faea7a291984f6eb0b4e17b3 openoffice.org-1.1.2-38.2.0.EL3.i386.rpm b56dfd54f8cfddc45faedbfeb1233f5f openoffice.org-debuginfo-1.1.2-38.2.0.EL3.i386.rpm ce8d1c6142c11263e2f163dc4cea8a02 openoffice.org-i18n-1.1.2-38.2.0.EL3.i386.rpm e1c1642358cba645277ee46abcfb0758 openoffice.org-libs-1.1.2-38.2.0.EL3.i386.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openoffice.org-1.1.2-38.2.0.EL3.src.rpm b37da0f69777dbf95a0e1d26909b35ab openoffice.org-1.1.2-38.2.0.EL3.src.rpm i386: af3e7f45faea7a291984f6eb0b4e17b3 openoffice.org-1.1.2-38.2.0.EL3.i386.rpm b56dfd54f8cfddc45faedbfeb1233f5f openoffice.org-debuginfo-1.1.2-38.2.0.EL3.i386.rpm ce8d1c6142c11263e2f163dc4cea8a02 openoffice.org-i18n-1.1.2-38.2.0.EL3.i386.rpm e1c1642358cba645277ee46abcfb0758 openoffice.org-libs-1.1.2-38.2.0.EL3.i386.rpm x86_64: af3e7f45faea7a291984f6eb0b4e17b3 openoffice.org-1.1.2-38.2.0.EL3.i386.rpm b56dfd54f8cfddc45faedbfeb1233f5f openoffice.org-debuginfo-1.1.2-38.2.0.EL3.i386.rpm ce8d1c6142c11263e2f163dc4cea8a02 openoffice.org-i18n-1.1.2-38.2.0.EL3.i386.rpm e1c1642358cba645277ee46abcfb0758 openoffice.org-libs-1.1.2-38.2.0.EL3.i386.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openoffice.org-1.1.2-38.2.0.EL3.src.rpm b37da0f69777dbf95a0e1d26909b35ab openoffice.org-1.1.2-38.2.0.EL3.src.rpm i386: af3e7f45faea7a291984f6eb0b4e17b3 openoffice.org-1.1.2-38.2.0.EL3.i386.rpm b56dfd54f8cfddc45faedbfeb1233f5f openoffice.org-debuginfo-1.1.2-38.2.0.EL3.i386.rpm ce8d1c6142c11263e2f163dc4cea8a02 openoffice.org-i18n-1.1.2-38.2.0.EL3.i386.rpm e1c1642358cba645277ee46abcfb0758 openoffice.org-libs-1.1.2-38.2.0.EL3.i386.rpm x86_64: af3e7f45faea7a291984f6eb0b4e17b3 openoffice.org-1.1.2-38.2.0.EL3.i386.rpm b56dfd54f8cfddc45faedbfeb1233f5f openoffice.org-debuginfo-1.1.2-38.2.0.EL3.i386.rpm ce8d1c6142c11263e2f163dc4cea8a02 openoffice.org-i18n-1.1.2-38.2.0.EL3.i386.rpm e1c1642358cba645277ee46abcfb0758 openoffice.org-libs-1.1.2-38.2.0.EL3.i386.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openoffice.org-1.1.2-38.2.0.EL3.src.rpm b37da0f69777dbf95a0e1d26909b35ab openoffice.org-1.1.2-38.2.0.EL3.src.rpm i386: af3e7f45faea7a291984f6eb0b4e17b3 openoffice.org-1.1.2-38.2.0.EL3.i386.rpm b56dfd54f8cfddc45faedbfeb1233f5f openoffice.org-debuginfo-1.1.2-38.2.0.EL3.i386.rpm ce8d1c6142c11263e2f163dc4cea8a02 openoffice.org-i18n-1.1.2-38.2.0.EL3.i386.rpm e1c1642358cba645277ee46abcfb0758 openoffice.org-libs-1.1.2-38.2.0.EL3.i386.rpm x86_64: af3e7f45faea7a291984f6eb0b4e17b3 openoffice.org-1.1.2-38.2.0.EL3.i386.rpm b56dfd54f8cfddc45faedbfeb1233f5f openoffice.org-debuginfo-1.1.2-38.2.0.EL3.i386.rpm ce8d1c6142c11263e2f163dc4cea8a02 openoffice.org-i18n-1.1.2-38.2.0.EL3.i386.rpm e1c1642358cba645277ee46abcfb0758 openoffice.org-libs-1.1.2-38.2.0.EL3.i386.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openoffice.org-1.1.5-10.6.0.EL4.src.rpm cc2b005a7e4ca490d6eb434319d4cd86 openoffice.org-1.1.5-10.6.0.EL4.src.rpm i386: 75c200a0f9c848c2e5efa276ebea11cc openoffice.org-1.1.5-10.6.0.EL4.i386.rpm eeb1b3449685861d4652d35ce74bf940 openoffice.org-debuginfo-1.1.5-10.6.0.EL4.i386.rpm 40233631d085973a3ae0f0ac345afafc openoffice.org-i18n-1.1.5-10.6.0.EL4.i386.rpm a1a738a27f7165984b67982c3e5b33ab openoffice.org-kde-1.1.5-10.6.0.EL4.i386.rpm 22a6a84ce4d1a6f56f8ef66c49504645 openoffice.org-libs-1.1.5-10.6.0.EL4.i386.rpm ppc: 1163cea51190a13eccc156bda3a9d106 openoffice.org-1.1.5-10.6.0.EL4.ppc.rpm 0aecb84db26ae5bcb77fba033932c9de openoffice.org-debuginfo-1.1.5-10.6.0.EL4.ppc.rpm f8ddc1fbae72f45d561e4bd2ac6b252c openoffice.org-i18n-1.1.5-10.6.0.EL4.ppc.rpm bd10ada8487196145f37d3757ceb8710 openoffice.org-kde-1.1.5-10.6.0.EL4.ppc.rpm e7c03a7fc454c403c044721b2c609a9e openoffice.org-libs-1.1.5-10.6.0.EL4.ppc.rpm x86_64: 75c200a0f9c848c2e5efa276ebea11cc openoffice.org-1.1.5-10.6.0.EL4.i386.rpm eeb1b3449685861d4652d35ce74bf940 openoffice.org-debuginfo-1.1.5-10.6.0.EL4.i386.rpm 40233631d085973a3ae0f0ac345afafc openoffice.org-i18n-1.1.5-10.6.0.EL4.i386.rpm 22a6a84ce4d1a6f56f8ef66c49504645 openoffice.org-libs-1.1.5-10.6.0.EL4.i386.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openoffice.org-1.1.5-10.6.0.EL4.src.rpm cc2b005a7e4ca490d6eb434319d4cd86 openoffice.org-1.1.5-10.6.0.EL4.src.rpm i386: 75c200a0f9c848c2e5efa276ebea11cc openoffice.org-1.1.5-10.6.0.EL4.i386.rpm eeb1b3449685861d4652d35ce74bf940 openoffice.org-debuginfo-1.1.5-10.6.0.EL4.i386.rpm 40233631d085973a3ae0f0ac345afafc openoffice.org-i18n-1.1.5-10.6.0.EL4.i386.rpm a1a738a27f7165984b67982c3e5b33ab openoffice.org-kde-1.1.5-10.6.0.EL4.i386.rpm 22a6a84ce4d1a6f56f8ef66c49504645 openoffice.org-libs-1.1.5-10.6.0.EL4.i386.rpm x86_64: 75c200a0f9c848c2e5efa276ebea11cc openoffice.org-1.1.5-10.6.0.EL4.i386.rpm eeb1b3449685861d4652d35ce74bf940 openoffice.org-debuginfo-1.1.5-10.6.0.EL4.i386.rpm 40233631d085973a3ae0f0ac345afafc openoffice.org-i18n-1.1.5-10.6.0.EL4.i386.rpm 22a6a84ce4d1a6f56f8ef66c49504645 openoffice.org-libs-1.1.5-10.6.0.EL4.i386.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openoffice.org-1.1.5-10.6.0.EL4.src.rpm cc2b005a7e4ca490d6eb434319d4cd86 openoffice.org-1.1.5-10.6.0.EL4.src.rpm i386: 75c200a0f9c848c2e5efa276ebea11cc openoffice.org-1.1.5-10.6.0.EL4.i386.rpm eeb1b3449685861d4652d35ce74bf940 openoffice.org-debuginfo-1.1.5-10.6.0.EL4.i386.rpm 40233631d085973a3ae0f0ac345afafc openoffice.org-i18n-1.1.5-10.6.0.EL4.i386.rpm a1a738a27f7165984b67982c3e5b33ab openoffice.org-kde-1.1.5-10.6.0.EL4.i386.rpm 22a6a84ce4d1a6f56f8ef66c49504645 openoffice.org-libs-1.1.5-10.6.0.EL4.i386.rpm x86_64: 75c200a0f9c848c2e5efa276ebea11cc openoffice.org-1.1.5-10.6.0.EL4.i386.rpm eeb1b3449685861d4652d35ce74bf940 openoffice.org-debuginfo-1.1.5-10.6.0.EL4.i386.rpm 40233631d085973a3ae0f0ac345afafc openoffice.org-i18n-1.1.5-10.6.0.EL4.i386.rpm 22a6a84ce4d1a6f56f8ef66c49504645 openoffice.org-libs-1.1.5-10.6.0.EL4.i386.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openoffice.org-1.1.5-10.6.0.EL4.src.rpm cc2b005a7e4ca490d6eb434319d4cd86 openoffice.org-1.1.5-10.6.0.EL4.src.rpm i386: 75c200a0f9c848c2e5efa276ebea11cc openoffice.org-1.1.5-10.6.0.EL4.i386.rpm eeb1b3449685861d4652d35ce74bf940 openoffice.org-debuginfo-1.1.5-10.6.0.EL4.i386.rpm 40233631d085973a3ae0f0ac345afafc openoffice.org-i18n-1.1.5-10.6.0.EL4.i386.rpm a1a738a27f7165984b67982c3e5b33ab openoffice.org-kde-1.1.5-10.6.0.EL4.i386.rpm 22a6a84ce4d1a6f56f8ef66c49504645 openoffice.org-libs-1.1.5-10.6.0.EL4.i386.rpm x86_64: 75c200a0f9c848c2e5efa276ebea11cc openoffice.org-1.1.5-10.6.0.EL4.i386.rpm eeb1b3449685861d4652d35ce74bf940 openoffice.org-debuginfo-1.1.5-10.6.0.EL4.i386.rpm 40233631d085973a3ae0f0ac345afafc openoffice.org-i18n-1.1.5-10.6.0.EL4.i386.rpm 22a6a84ce4d1a6f56f8ef66c49504645 openoffice.org-libs-1.1.5-10.6.0.EL4.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0239 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1466 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFGAmB1XlSAg2UNWIIRApR0AJsGiq5SnCEwAsQPnITYEiY3HIrrwwCZAZjj AeDzLceVpYSR/ke9BUKg8Vw= =9yGL -----END PGP SIGNATURE----- From bugzilla at redhat.com Thu Mar 22 13:43:36 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 Mar 2007 09:43:36 -0400 Subject: [RHSA-2007:0069-01] Important: openoffice.org security update Message-ID: <200703221343.l2MDhawi010171@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: openoffice.org security update Advisory ID: RHSA-2007:0069-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0069.html Issue date: 2007-03-22 Updated on: 2007-03-22 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-0238 CVE-2007-0239 - --------------------------------------------------------------------- 1. Summary: Updated openoffice.org packages to correct security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Problem description: OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. John Heasman discovered a stack overflow in the StarCalc parser in OpenOffice. An attacker could create a carefully crafted StarCalc file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-0238) Flaws were discovered in the way OpenOffice.org handled hyperlinks. An attacker could create an OpenOffice.org document which could run commands if a victim opened the file and clicked on a malicious hyperlink. (CVE-2007-0239) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported fix to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 226967 - CVE-2007-0238 StarCalc overflow 228002 - CVE-2007-0239 hyperlink escaping issue 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openoffice.org-2.0.4-5.4.17.1.src.rpm db03f8668d3559795b9485802634dedb openoffice.org-2.0.4-5.4.17.1.src.rpm i386: 46c42ad7809c66e9f53c7084292da16a openoffice.org-base-2.0.4-5.4.17.1.i386.rpm b734911008de46b5d8c5b454523e3de5 openoffice.org-calc-2.0.4-5.4.17.1.i386.rpm b07f56f35e82fd3cf74984ed61ad8eac openoffice.org-core-2.0.4-5.4.17.1.i386.rpm 4e7dad53f369ce0024060e81f3e655c8 openoffice.org-debuginfo-2.0.4-5.4.17.1.i386.rpm 866c229c4ade0db50495911d0c9e496a openoffice.org-draw-2.0.4-5.4.17.1.i386.rpm ad038e5ac3a6a296f109e39549519373 openoffice.org-emailmerge-2.0.4-5.4.17.1.i386.rpm 9e0b3dc3f52856aee1e25c37c14ffbd1 openoffice.org-graphicfilter-2.0.4-5.4.17.1.i386.rpm 5f5b115a3b3d783971764e90c783b5a4 openoffice.org-impress-2.0.4-5.4.17.1.i386.rpm 00a3ba1bd7d6d6346277b8f8d04d53c8 openoffice.org-javafilter-2.0.4-5.4.17.1.i386.rpm 4b40f495358515c1c0d2801f65596cde openoffice.org-langpack-af_ZA-2.0.4-5.4.17.1.i386.rpm de25ceeb514d8cc7f630ca5514176d3f openoffice.org-langpack-ar-2.0.4-5.4.17.1.i386.rpm f71d2bb2ba8d9490b6a4ff3b5a0765ba openoffice.org-langpack-as_IN-2.0.4-5.4.17.1.i386.rpm 994f6ea8ce6161b13baede1106121b8f openoffice.org-langpack-bg_BG-2.0.4-5.4.17.1.i386.rpm 414b235b89133de4a2cc572d5bb6a0d9 openoffice.org-langpack-bn-2.0.4-5.4.17.1.i386.rpm cbf35cac20dcb1a32415a7d175d25cc5 openoffice.org-langpack-ca_ES-2.0.4-5.4.17.1.i386.rpm 22e4afe13ec231e898b231d72286d957 openoffice.org-langpack-cs_CZ-2.0.4-5.4.17.1.i386.rpm 738fa461b751a8ada3c7b072bbde7168 openoffice.org-langpack-cy_GB-2.0.4-5.4.17.1.i386.rpm e1822fa10e87a24fc46c251fe9f46181 openoffice.org-langpack-da_DK-2.0.4-5.4.17.1.i386.rpm 5be73451c0cb3445fadc0e07a5191e7a openoffice.org-langpack-de-2.0.4-5.4.17.1.i386.rpm aa7a086eca13afd2bc1426d7a5dac5da openoffice.org-langpack-el_GR-2.0.4-5.4.17.1.i386.rpm e94930f24a57f8c98a3645d5fc280b44 openoffice.org-langpack-es-2.0.4-5.4.17.1.i386.rpm dfee688b97ead4b44f382717933b04e6 openoffice.org-langpack-et_EE-2.0.4-5.4.17.1.i386.rpm 39f604c43b571689fc5d1873124e4938 openoffice.org-langpack-eu_ES-2.0.4-5.4.17.1.i386.rpm f312cbedec099d2b5ac8190eea8d100d openoffice.org-langpack-fi_FI-2.0.4-5.4.17.1.i386.rpm c278c4d8a1f39e6acfd717909fff2d21 openoffice.org-langpack-fr-2.0.4-5.4.17.1.i386.rpm 4d941823213767323ce2af289617fe80 openoffice.org-langpack-ga_IE-2.0.4-5.4.17.1.i386.rpm 18e58cc319e279b7204fae4b3f7dd8f0 openoffice.org-langpack-gl_ES-2.0.4-5.4.17.1.i386.rpm 103d7da9e7fa6f4a84a857b5d9f50f1e openoffice.org-langpack-gu_IN-2.0.4-5.4.17.1.i386.rpm da70ccc6a4aaed1107ad8f4558dd38ac openoffice.org-langpack-he_IL-2.0.4-5.4.17.1.i386.rpm 1f8549de248a89c846695ffa24d1acce openoffice.org-langpack-hi_IN-2.0.4-5.4.17.1.i386.rpm e8dbc009d3e5bc9d9baed703f3152877 openoffice.org-langpack-hr_HR-2.0.4-5.4.17.1.i386.rpm e90e68d41dd3a5aa8c4b6b1911cff0c4 openoffice.org-langpack-hu_HU-2.0.4-5.4.17.1.i386.rpm a6539358044e21be27a6262599a2ea70 openoffice.org-langpack-it-2.0.4-5.4.17.1.i386.rpm 8f4e9d783896afcca4dc7239082d836e openoffice.org-langpack-ja_JP-2.0.4-5.4.17.1.i386.rpm 1449900d5140148239dfb229a4245159 openoffice.org-langpack-kn_IN-2.0.4-5.4.17.1.i386.rpm e3c682c0d2d11b9bbe20c04027fb46dc openoffice.org-langpack-ko_KR-2.0.4-5.4.17.1.i386.rpm 6562c3d8913df43fef933e6b856521e4 openoffice.org-langpack-lt_LT-2.0.4-5.4.17.1.i386.rpm ef9178cea262a889136e1b5e5239ccfa openoffice.org-langpack-ml_IN-2.0.4-5.4.17.1.i386.rpm 06a6e8688dd83c2a5c81206ea3a5900f openoffice.org-langpack-mr_IN-2.0.4-5.4.17.1.i386.rpm f053fdc77621cecbbc70784ad2a6783f openoffice.org-langpack-ms_MY-2.0.4-5.4.17.1.i386.rpm 8cb4b0462c3d223a6a8c401de4636608 openoffice.org-langpack-nb_NO-2.0.4-5.4.17.1.i386.rpm 462957c19f21d4002e1eca57cb35bbda openoffice.org-langpack-nl-2.0.4-5.4.17.1.i386.rpm 06d1e05a252a1ee7e4cfa70bac43ca31 openoffice.org-langpack-nn_NO-2.0.4-5.4.17.1.i386.rpm c370b87c469f1cfbde583a9ebd3f76c7 openoffice.org-langpack-nr_ZA-2.0.4-5.4.17.1.i386.rpm 4a0034ca8f7c3050b96fbd4ab0a08459 openoffice.org-langpack-nso_ZA-2.0.4-5.4.17.1.i386.rpm 08099b1bfdc210a1762cf34cfb379b7d openoffice.org-langpack-or_IN-2.0.4-5.4.17.1.i386.rpm d5a00ad2daffb37d5df71b99e72c65ca openoffice.org-langpack-pa_IN-2.0.4-5.4.17.1.i386.rpm 80b7704955c4bb5bab9f78a7cceae95d openoffice.org-langpack-pl_PL-2.0.4-5.4.17.1.i386.rpm dd43e54397a384e292221e71b1416c20 openoffice.org-langpack-pt_BR-2.0.4-5.4.17.1.i386.rpm 7727231b504954d12687410ea15d97f6 openoffice.org-langpack-pt_PT-2.0.4-5.4.17.1.i386.rpm bf378de45c96ef3b060124092a908a41 openoffice.org-langpack-ru-2.0.4-5.4.17.1.i386.rpm a9b47881aa167b8fc0c280d978d5405f openoffice.org-langpack-sk_SK-2.0.4-5.4.17.1.i386.rpm 750523a160b94210cb016ad710d32523 openoffice.org-langpack-sl_SI-2.0.4-5.4.17.1.i386.rpm f14bb94e88fef757e7cd1b594e486e43 openoffice.org-langpack-sr_CS-2.0.4-5.4.17.1.i386.rpm 175104b3fa651930abb5af1bdcd14050 openoffice.org-langpack-ss_ZA-2.0.4-5.4.17.1.i386.rpm 1ea7aa808421663c56f205e5fce8fdd8 openoffice.org-langpack-st_ZA-2.0.4-5.4.17.1.i386.rpm 52b31085b48cc5b3d280c12d833eb0c2 openoffice.org-langpack-sv-2.0.4-5.4.17.1.i386.rpm f0622537402aeafb572b5777b843c595 openoffice.org-langpack-ta_IN-2.0.4-5.4.17.1.i386.rpm e6675c526ad97c8d3f0c19d93ab29ddb openoffice.org-langpack-te_IN-2.0.4-5.4.17.1.i386.rpm ded36b541763386c6724d3d7007c4ca5 openoffice.org-langpack-th_TH-2.0.4-5.4.17.1.i386.rpm d7c01eb5088e8ace8fd920094e319aee openoffice.org-langpack-tn_ZA-2.0.4-5.4.17.1.i386.rpm 39e0f3ab6c2ff7499c1e5b6272ef7316 openoffice.org-langpack-tr_TR-2.0.4-5.4.17.1.i386.rpm 95b26c7f867bf0e10e4bafd8813c6eda openoffice.org-langpack-ts_ZA-2.0.4-5.4.17.1.i386.rpm 1ea02aeb9bdf0ad110f245f9048be531 openoffice.org-langpack-ur-2.0.4-5.4.17.1.i386.rpm 2f0e0bab9a45db27aafe811107d6d29a openoffice.org-langpack-ve_ZA-2.0.4-5.4.17.1.i386.rpm edcacdf5a37a4e35be396ec868fd9cbe openoffice.org-langpack-xh_ZA-2.0.4-5.4.17.1.i386.rpm 1cb8c46175a1c8e325fb1b10efa98aaf openoffice.org-langpack-zh_CN-2.0.4-5.4.17.1.i386.rpm 9cafd70deaad32b6f3a8ade0a83cc0ff openoffice.org-langpack-zh_TW-2.0.4-5.4.17.1.i386.rpm e874152811239030c8febf205b4b1763 openoffice.org-langpack-zu_ZA-2.0.4-5.4.17.1.i386.rpm 435cd16546c91ba5517b243863a03b06 openoffice.org-math-2.0.4-5.4.17.1.i386.rpm a8f3dfadf81360f94ca1663e3146de0d openoffice.org-pyuno-2.0.4-5.4.17.1.i386.rpm 81c490437271701fd483a8bbfa6e8f0b openoffice.org-testtools-2.0.4-5.4.17.1.i386.rpm ff49c84e25b16a37a8212594fb20f2b8 openoffice.org-writer-2.0.4-5.4.17.1.i386.rpm 45f8343565972493d143dfdf40b09fe9 openoffice.org-xsltfilter-2.0.4-5.4.17.1.i386.rpm x86_64: 867559dab519d309d4fc2fa6b07d3fdf openoffice.org-base-2.0.4-5.4.17.1.x86_64.rpm b712ce4d64a68a8c4688a29d167b538d openoffice.org-calc-2.0.4-5.4.17.1.x86_64.rpm 1529d3b8c1cfacb1144ffa62c0c223ad openoffice.org-core-2.0.4-5.4.17.1.x86_64.rpm 5723c36b26392318a7d01999ca444649 openoffice.org-debuginfo-2.0.4-5.4.17.1.x86_64.rpm d618e627976cf16d7daab672481067e2 openoffice.org-draw-2.0.4-5.4.17.1.x86_64.rpm 812b04b051e5a24799cfd447e795327a openoffice.org-emailmerge-2.0.4-5.4.17.1.x86_64.rpm 915d11ee1872a59b636df86dd11bcd58 openoffice.org-graphicfilter-2.0.4-5.4.17.1.x86_64.rpm aa34ad245ae1ee5cfd63e12cbd5e507a openoffice.org-impress-2.0.4-5.4.17.1.x86_64.rpm 619b33db0abf7225caa0870c2346c309 openoffice.org-javafilter-2.0.4-5.4.17.1.x86_64.rpm 60a7f580a3d759e771da33090b496267 openoffice.org-langpack-af_ZA-2.0.4-5.4.17.1.x86_64.rpm 437238063be63a0f80901730e77d32bb openoffice.org-langpack-ar-2.0.4-5.4.17.1.x86_64.rpm dc1e6de682657a29ddba22ed55abc66c openoffice.org-langpack-as_IN-2.0.4-5.4.17.1.x86_64.rpm bab71142b32cfa69dcef60bd4cd8a051 openoffice.org-langpack-bg_BG-2.0.4-5.4.17.1.x86_64.rpm 58911e08c342094735d9033595fe0e3a openoffice.org-langpack-bn-2.0.4-5.4.17.1.x86_64.rpm 4c93fb215cea72f356be6e426efa1c08 openoffice.org-langpack-ca_ES-2.0.4-5.4.17.1.x86_64.rpm dca720467517f797553adae30788ca7b openoffice.org-langpack-cs_CZ-2.0.4-5.4.17.1.x86_64.rpm f9b77a472b97074928186c6def280593 openoffice.org-langpack-cy_GB-2.0.4-5.4.17.1.x86_64.rpm dfda3e5f134d6c7979fe2b5590e6edb7 openoffice.org-langpack-da_DK-2.0.4-5.4.17.1.x86_64.rpm 2fb6bc049acc0eabd5cdb3afc8ebf287 openoffice.org-langpack-de-2.0.4-5.4.17.1.x86_64.rpm 665741429d1dd14f044ad0641790234f openoffice.org-langpack-el_GR-2.0.4-5.4.17.1.x86_64.rpm 5f4ce49dd55c4b1aacd9c0c31cb4e5a0 openoffice.org-langpack-es-2.0.4-5.4.17.1.x86_64.rpm 080584d2b971fed8779c36b8184ee9f6 openoffice.org-langpack-et_EE-2.0.4-5.4.17.1.x86_64.rpm e345afe9423c5e732edc42916b351968 openoffice.org-langpack-eu_ES-2.0.4-5.4.17.1.x86_64.rpm e05e83f2ed7866cd200208d1318fd64c openoffice.org-langpack-fi_FI-2.0.4-5.4.17.1.x86_64.rpm c99b165dcd9b34c5036a5b34dc9c6838 openoffice.org-langpack-fr-2.0.4-5.4.17.1.x86_64.rpm 19da7c6bfb6665db9d9b90d394f4f095 openoffice.org-langpack-ga_IE-2.0.4-5.4.17.1.x86_64.rpm 7df1b55531eee18bbcb22c53071c9f77 openoffice.org-langpack-gl_ES-2.0.4-5.4.17.1.x86_64.rpm f6551e90f5ba2a961ed326e6a7f625d3 openoffice.org-langpack-gu_IN-2.0.4-5.4.17.1.x86_64.rpm 379d4c4da85aa13cc3731b94a84b51c0 openoffice.org-langpack-he_IL-2.0.4-5.4.17.1.x86_64.rpm 902a9674da242e3259b03742085f0320 openoffice.org-langpack-hi_IN-2.0.4-5.4.17.1.x86_64.rpm 5f841cdd0a92ef5b1a6ba4e4e005332d openoffice.org-langpack-hr_HR-2.0.4-5.4.17.1.x86_64.rpm 863f863caa0721f25280bb06787e79e3 openoffice.org-langpack-hu_HU-2.0.4-5.4.17.1.x86_64.rpm 6035e911bfb7da6bc08a573fff5e094f openoffice.org-langpack-it-2.0.4-5.4.17.1.x86_64.rpm 9caee5c44e5af76d93a73f71fee3e4a3 openoffice.org-langpack-ja_JP-2.0.4-5.4.17.1.x86_64.rpm b1d9fc04ed7435ec6aa87dcabd874fbe openoffice.org-langpack-kn_IN-2.0.4-5.4.17.1.x86_64.rpm bc606500711253b84a80bb6410bb213e openoffice.org-langpack-ko_KR-2.0.4-5.4.17.1.x86_64.rpm c118ed82192791f2829cdf0e84db0b99 openoffice.org-langpack-lt_LT-2.0.4-5.4.17.1.x86_64.rpm c94e672d75a3e91ecffd7fa7cac07b9b openoffice.org-langpack-ml_IN-2.0.4-5.4.17.1.x86_64.rpm 1130711e67dd496765a2d40536188713 openoffice.org-langpack-mr_IN-2.0.4-5.4.17.1.x86_64.rpm c2e4ccc52e43a2777f5343a383d39b79 openoffice.org-langpack-ms_MY-2.0.4-5.4.17.1.x86_64.rpm 0dd5c3df1c329af4db5691909a7e4ceb openoffice.org-langpack-nb_NO-2.0.4-5.4.17.1.x86_64.rpm f869e0a27966fc6354486b53b7670a56 openoffice.org-langpack-nl-2.0.4-5.4.17.1.x86_64.rpm 9e2efe98c6648b10a4210210238dba7f openoffice.org-langpack-nn_NO-2.0.4-5.4.17.1.x86_64.rpm 7e798cae3792dd1bd4228ec4923770c4 openoffice.org-langpack-nr_ZA-2.0.4-5.4.17.1.x86_64.rpm eeda9fe81462a640f56400a347ba3ccf openoffice.org-langpack-nso_ZA-2.0.4-5.4.17.1.x86_64.rpm 1db4854f5acf443c67a4f60e72770efc openoffice.org-langpack-or_IN-2.0.4-5.4.17.1.x86_64.rpm f83362dbec6b7b43812e0dcb1c48644c openoffice.org-langpack-pa_IN-2.0.4-5.4.17.1.x86_64.rpm 8767fb39ef219a2d64fa2451d65d659c openoffice.org-langpack-pl_PL-2.0.4-5.4.17.1.x86_64.rpm a9d94ab5dab2e89654ad70302b6ec3ab openoffice.org-langpack-pt_BR-2.0.4-5.4.17.1.x86_64.rpm 51c66c94908446847819be42d5190356 openoffice.org-langpack-pt_PT-2.0.4-5.4.17.1.x86_64.rpm f5cdc8492c2304755c30357239aca820 openoffice.org-langpack-ru-2.0.4-5.4.17.1.x86_64.rpm 725477ba94edbe6ad8999cbc4e650742 openoffice.org-langpack-sk_SK-2.0.4-5.4.17.1.x86_64.rpm ecf0e86fb92fc9708c3e6a7fa286917d openoffice.org-langpack-sl_SI-2.0.4-5.4.17.1.x86_64.rpm 3454a8b43c8c9cdd036d95a0aeccee64 openoffice.org-langpack-sr_CS-2.0.4-5.4.17.1.x86_64.rpm 68423b70ca74fc67e66286814cdc04cf openoffice.org-langpack-ss_ZA-2.0.4-5.4.17.1.x86_64.rpm 783fca701b110f716476bb529d64c9e7 openoffice.org-langpack-st_ZA-2.0.4-5.4.17.1.x86_64.rpm 041f21f23b081221bc4b49d7282b27ce openoffice.org-langpack-sv-2.0.4-5.4.17.1.x86_64.rpm 4c8b640fd4dfd21937a2f1fa3d9a7158 openoffice.org-langpack-ta_IN-2.0.4-5.4.17.1.x86_64.rpm 1011acfa415902e083e06bd6299efece openoffice.org-langpack-te_IN-2.0.4-5.4.17.1.x86_64.rpm 7f3ec2dae73ca4805057506791f86bc5 openoffice.org-langpack-th_TH-2.0.4-5.4.17.1.x86_64.rpm d64d8091d55a5baf054c73816e9176a5 openoffice.org-langpack-tn_ZA-2.0.4-5.4.17.1.x86_64.rpm 88805fb8dab08d1751925c0b3ed7f00c openoffice.org-langpack-tr_TR-2.0.4-5.4.17.1.x86_64.rpm 3fcea5892f95b5811dcc7b94dc8da0e2 openoffice.org-langpack-ts_ZA-2.0.4-5.4.17.1.x86_64.rpm 86b5a2363be7793884cbf407d02abad0 openoffice.org-langpack-ur-2.0.4-5.4.17.1.x86_64.rpm 370ec81f94e34b36cb2b50a45e0b03f1 openoffice.org-langpack-ve_ZA-2.0.4-5.4.17.1.x86_64.rpm 75fdc733ecaceb66be552d64a2fb31eb openoffice.org-langpack-xh_ZA-2.0.4-5.4.17.1.x86_64.rpm c55be0949ddf42d0f5670b8e66d901a3 openoffice.org-langpack-zh_CN-2.0.4-5.4.17.1.x86_64.rpm 618bcbe85f6bcc67c76ca1ff51d0d8fa openoffice.org-langpack-zh_TW-2.0.4-5.4.17.1.x86_64.rpm 69ac7055dd68e8258e3d6f1aa44fc7fb openoffice.org-langpack-zu_ZA-2.0.4-5.4.17.1.x86_64.rpm 6643a72be7389a1377a4cf915fa326a6 openoffice.org-math-2.0.4-5.4.17.1.x86_64.rpm b84cd61c6bfc8f743fcc50e99fd28d64 openoffice.org-pyuno-2.0.4-5.4.17.1.x86_64.rpm 6573d07e38409278edecbb25c740ce64 openoffice.org-testtools-2.0.4-5.4.17.1.x86_64.rpm f16762606153f25ae693a70359f6a04a openoffice.org-writer-2.0.4-5.4.17.1.x86_64.rpm 5f4f8ea424faadac5a69c545b1494082 openoffice.org-xsltfilter-2.0.4-5.4.17.1.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openoffice.org-2.0.4-5.4.17.1.src.rpm db03f8668d3559795b9485802634dedb openoffice.org-2.0.4-5.4.17.1.src.rpm i386: 46c42ad7809c66e9f53c7084292da16a openoffice.org-base-2.0.4-5.4.17.1.i386.rpm b734911008de46b5d8c5b454523e3de5 openoffice.org-calc-2.0.4-5.4.17.1.i386.rpm b07f56f35e82fd3cf74984ed61ad8eac openoffice.org-core-2.0.4-5.4.17.1.i386.rpm 4e7dad53f369ce0024060e81f3e655c8 openoffice.org-debuginfo-2.0.4-5.4.17.1.i386.rpm 866c229c4ade0db50495911d0c9e496a openoffice.org-draw-2.0.4-5.4.17.1.i386.rpm ad038e5ac3a6a296f109e39549519373 openoffice.org-emailmerge-2.0.4-5.4.17.1.i386.rpm 9e0b3dc3f52856aee1e25c37c14ffbd1 openoffice.org-graphicfilter-2.0.4-5.4.17.1.i386.rpm 5f5b115a3b3d783971764e90c783b5a4 openoffice.org-impress-2.0.4-5.4.17.1.i386.rpm 00a3ba1bd7d6d6346277b8f8d04d53c8 openoffice.org-javafilter-2.0.4-5.4.17.1.i386.rpm 4b40f495358515c1c0d2801f65596cde openoffice.org-langpack-af_ZA-2.0.4-5.4.17.1.i386.rpm de25ceeb514d8cc7f630ca5514176d3f openoffice.org-langpack-ar-2.0.4-5.4.17.1.i386.rpm f71d2bb2ba8d9490b6a4ff3b5a0765ba openoffice.org-langpack-as_IN-2.0.4-5.4.17.1.i386.rpm 994f6ea8ce6161b13baede1106121b8f openoffice.org-langpack-bg_BG-2.0.4-5.4.17.1.i386.rpm 414b235b89133de4a2cc572d5bb6a0d9 openoffice.org-langpack-bn-2.0.4-5.4.17.1.i386.rpm cbf35cac20dcb1a32415a7d175d25cc5 openoffice.org-langpack-ca_ES-2.0.4-5.4.17.1.i386.rpm 22e4afe13ec231e898b231d72286d957 openoffice.org-langpack-cs_CZ-2.0.4-5.4.17.1.i386.rpm 738fa461b751a8ada3c7b072bbde7168 openoffice.org-langpack-cy_GB-2.0.4-5.4.17.1.i386.rpm e1822fa10e87a24fc46c251fe9f46181 openoffice.org-langpack-da_DK-2.0.4-5.4.17.1.i386.rpm 5be73451c0cb3445fadc0e07a5191e7a openoffice.org-langpack-de-2.0.4-5.4.17.1.i386.rpm aa7a086eca13afd2bc1426d7a5dac5da openoffice.org-langpack-el_GR-2.0.4-5.4.17.1.i386.rpm e94930f24a57f8c98a3645d5fc280b44 openoffice.org-langpack-es-2.0.4-5.4.17.1.i386.rpm dfee688b97ead4b44f382717933b04e6 openoffice.org-langpack-et_EE-2.0.4-5.4.17.1.i386.rpm 39f604c43b571689fc5d1873124e4938 openoffice.org-langpack-eu_ES-2.0.4-5.4.17.1.i386.rpm f312cbedec099d2b5ac8190eea8d100d openoffice.org-langpack-fi_FI-2.0.4-5.4.17.1.i386.rpm c278c4d8a1f39e6acfd717909fff2d21 openoffice.org-langpack-fr-2.0.4-5.4.17.1.i386.rpm 4d941823213767323ce2af289617fe80 openoffice.org-langpack-ga_IE-2.0.4-5.4.17.1.i386.rpm 18e58cc319e279b7204fae4b3f7dd8f0 openoffice.org-langpack-gl_ES-2.0.4-5.4.17.1.i386.rpm 103d7da9e7fa6f4a84a857b5d9f50f1e openoffice.org-langpack-gu_IN-2.0.4-5.4.17.1.i386.rpm da70ccc6a4aaed1107ad8f4558dd38ac openoffice.org-langpack-he_IL-2.0.4-5.4.17.1.i386.rpm 1f8549de248a89c846695ffa24d1acce openoffice.org-langpack-hi_IN-2.0.4-5.4.17.1.i386.rpm e8dbc009d3e5bc9d9baed703f3152877 openoffice.org-langpack-hr_HR-2.0.4-5.4.17.1.i386.rpm e90e68d41dd3a5aa8c4b6b1911cff0c4 openoffice.org-langpack-hu_HU-2.0.4-5.4.17.1.i386.rpm a6539358044e21be27a6262599a2ea70 openoffice.org-langpack-it-2.0.4-5.4.17.1.i386.rpm 8f4e9d783896afcca4dc7239082d836e openoffice.org-langpack-ja_JP-2.0.4-5.4.17.1.i386.rpm 1449900d5140148239dfb229a4245159 openoffice.org-langpack-kn_IN-2.0.4-5.4.17.1.i386.rpm e3c682c0d2d11b9bbe20c04027fb46dc openoffice.org-langpack-ko_KR-2.0.4-5.4.17.1.i386.rpm 6562c3d8913df43fef933e6b856521e4 openoffice.org-langpack-lt_LT-2.0.4-5.4.17.1.i386.rpm ef9178cea262a889136e1b5e5239ccfa openoffice.org-langpack-ml_IN-2.0.4-5.4.17.1.i386.rpm 06a6e8688dd83c2a5c81206ea3a5900f openoffice.org-langpack-mr_IN-2.0.4-5.4.17.1.i386.rpm f053fdc77621cecbbc70784ad2a6783f openoffice.org-langpack-ms_MY-2.0.4-5.4.17.1.i386.rpm 8cb4b0462c3d223a6a8c401de4636608 openoffice.org-langpack-nb_NO-2.0.4-5.4.17.1.i386.rpm 462957c19f21d4002e1eca57cb35bbda openoffice.org-langpack-nl-2.0.4-5.4.17.1.i386.rpm 06d1e05a252a1ee7e4cfa70bac43ca31 openoffice.org-langpack-nn_NO-2.0.4-5.4.17.1.i386.rpm c370b87c469f1cfbde583a9ebd3f76c7 openoffice.org-langpack-nr_ZA-2.0.4-5.4.17.1.i386.rpm 4a0034ca8f7c3050b96fbd4ab0a08459 openoffice.org-langpack-nso_ZA-2.0.4-5.4.17.1.i386.rpm 08099b1bfdc210a1762cf34cfb379b7d openoffice.org-langpack-or_IN-2.0.4-5.4.17.1.i386.rpm d5a00ad2daffb37d5df71b99e72c65ca openoffice.org-langpack-pa_IN-2.0.4-5.4.17.1.i386.rpm 80b7704955c4bb5bab9f78a7cceae95d openoffice.org-langpack-pl_PL-2.0.4-5.4.17.1.i386.rpm dd43e54397a384e292221e71b1416c20 openoffice.org-langpack-pt_BR-2.0.4-5.4.17.1.i386.rpm 7727231b504954d12687410ea15d97f6 openoffice.org-langpack-pt_PT-2.0.4-5.4.17.1.i386.rpm bf378de45c96ef3b060124092a908a41 openoffice.org-langpack-ru-2.0.4-5.4.17.1.i386.rpm a9b47881aa167b8fc0c280d978d5405f openoffice.org-langpack-sk_SK-2.0.4-5.4.17.1.i386.rpm 750523a160b94210cb016ad710d32523 openoffice.org-langpack-sl_SI-2.0.4-5.4.17.1.i386.rpm f14bb94e88fef757e7cd1b594e486e43 openoffice.org-langpack-sr_CS-2.0.4-5.4.17.1.i386.rpm 175104b3fa651930abb5af1bdcd14050 openoffice.org-langpack-ss_ZA-2.0.4-5.4.17.1.i386.rpm 1ea7aa808421663c56f205e5fce8fdd8 openoffice.org-langpack-st_ZA-2.0.4-5.4.17.1.i386.rpm 52b31085b48cc5b3d280c12d833eb0c2 openoffice.org-langpack-sv-2.0.4-5.4.17.1.i386.rpm f0622537402aeafb572b5777b843c595 openoffice.org-langpack-ta_IN-2.0.4-5.4.17.1.i386.rpm e6675c526ad97c8d3f0c19d93ab29ddb openoffice.org-langpack-te_IN-2.0.4-5.4.17.1.i386.rpm ded36b541763386c6724d3d7007c4ca5 openoffice.org-langpack-th_TH-2.0.4-5.4.17.1.i386.rpm d7c01eb5088e8ace8fd920094e319aee openoffice.org-langpack-tn_ZA-2.0.4-5.4.17.1.i386.rpm 39e0f3ab6c2ff7499c1e5b6272ef7316 openoffice.org-langpack-tr_TR-2.0.4-5.4.17.1.i386.rpm 95b26c7f867bf0e10e4bafd8813c6eda openoffice.org-langpack-ts_ZA-2.0.4-5.4.17.1.i386.rpm 1ea02aeb9bdf0ad110f245f9048be531 openoffice.org-langpack-ur-2.0.4-5.4.17.1.i386.rpm 2f0e0bab9a45db27aafe811107d6d29a openoffice.org-langpack-ve_ZA-2.0.4-5.4.17.1.i386.rpm edcacdf5a37a4e35be396ec868fd9cbe openoffice.org-langpack-xh_ZA-2.0.4-5.4.17.1.i386.rpm 1cb8c46175a1c8e325fb1b10efa98aaf openoffice.org-langpack-zh_CN-2.0.4-5.4.17.1.i386.rpm 9cafd70deaad32b6f3a8ade0a83cc0ff openoffice.org-langpack-zh_TW-2.0.4-5.4.17.1.i386.rpm e874152811239030c8febf205b4b1763 openoffice.org-langpack-zu_ZA-2.0.4-5.4.17.1.i386.rpm 435cd16546c91ba5517b243863a03b06 openoffice.org-math-2.0.4-5.4.17.1.i386.rpm a8f3dfadf81360f94ca1663e3146de0d openoffice.org-pyuno-2.0.4-5.4.17.1.i386.rpm 81c490437271701fd483a8bbfa6e8f0b openoffice.org-testtools-2.0.4-5.4.17.1.i386.rpm ff49c84e25b16a37a8212594fb20f2b8 openoffice.org-writer-2.0.4-5.4.17.1.i386.rpm 45f8343565972493d143dfdf40b09fe9 openoffice.org-xsltfilter-2.0.4-5.4.17.1.i386.rpm x86_64: 867559dab519d309d4fc2fa6b07d3fdf openoffice.org-base-2.0.4-5.4.17.1.x86_64.rpm b712ce4d64a68a8c4688a29d167b538d openoffice.org-calc-2.0.4-5.4.17.1.x86_64.rpm 1529d3b8c1cfacb1144ffa62c0c223ad openoffice.org-core-2.0.4-5.4.17.1.x86_64.rpm 5723c36b26392318a7d01999ca444649 openoffice.org-debuginfo-2.0.4-5.4.17.1.x86_64.rpm d618e627976cf16d7daab672481067e2 openoffice.org-draw-2.0.4-5.4.17.1.x86_64.rpm 812b04b051e5a24799cfd447e795327a openoffice.org-emailmerge-2.0.4-5.4.17.1.x86_64.rpm 915d11ee1872a59b636df86dd11bcd58 openoffice.org-graphicfilter-2.0.4-5.4.17.1.x86_64.rpm aa34ad245ae1ee5cfd63e12cbd5e507a openoffice.org-impress-2.0.4-5.4.17.1.x86_64.rpm 619b33db0abf7225caa0870c2346c309 openoffice.org-javafilter-2.0.4-5.4.17.1.x86_64.rpm 60a7f580a3d759e771da33090b496267 openoffice.org-langpack-af_ZA-2.0.4-5.4.17.1.x86_64.rpm 437238063be63a0f80901730e77d32bb openoffice.org-langpack-ar-2.0.4-5.4.17.1.x86_64.rpm dc1e6de682657a29ddba22ed55abc66c openoffice.org-langpack-as_IN-2.0.4-5.4.17.1.x86_64.rpm bab71142b32cfa69dcef60bd4cd8a051 openoffice.org-langpack-bg_BG-2.0.4-5.4.17.1.x86_64.rpm 58911e08c342094735d9033595fe0e3a openoffice.org-langpack-bn-2.0.4-5.4.17.1.x86_64.rpm 4c93fb215cea72f356be6e426efa1c08 openoffice.org-langpack-ca_ES-2.0.4-5.4.17.1.x86_64.rpm dca720467517f797553adae30788ca7b openoffice.org-langpack-cs_CZ-2.0.4-5.4.17.1.x86_64.rpm f9b77a472b97074928186c6def280593 openoffice.org-langpack-cy_GB-2.0.4-5.4.17.1.x86_64.rpm dfda3e5f134d6c7979fe2b5590e6edb7 openoffice.org-langpack-da_DK-2.0.4-5.4.17.1.x86_64.rpm 2fb6bc049acc0eabd5cdb3afc8ebf287 openoffice.org-langpack-de-2.0.4-5.4.17.1.x86_64.rpm 665741429d1dd14f044ad0641790234f openoffice.org-langpack-el_GR-2.0.4-5.4.17.1.x86_64.rpm 5f4ce49dd55c4b1aacd9c0c31cb4e5a0 openoffice.org-langpack-es-2.0.4-5.4.17.1.x86_64.rpm 080584d2b971fed8779c36b8184ee9f6 openoffice.org-langpack-et_EE-2.0.4-5.4.17.1.x86_64.rpm e345afe9423c5e732edc42916b351968 openoffice.org-langpack-eu_ES-2.0.4-5.4.17.1.x86_64.rpm e05e83f2ed7866cd200208d1318fd64c openoffice.org-langpack-fi_FI-2.0.4-5.4.17.1.x86_64.rpm c99b165dcd9b34c5036a5b34dc9c6838 openoffice.org-langpack-fr-2.0.4-5.4.17.1.x86_64.rpm 19da7c6bfb6665db9d9b90d394f4f095 openoffice.org-langpack-ga_IE-2.0.4-5.4.17.1.x86_64.rpm 7df1b55531eee18bbcb22c53071c9f77 openoffice.org-langpack-gl_ES-2.0.4-5.4.17.1.x86_64.rpm f6551e90f5ba2a961ed326e6a7f625d3 openoffice.org-langpack-gu_IN-2.0.4-5.4.17.1.x86_64.rpm 379d4c4da85aa13cc3731b94a84b51c0 openoffice.org-langpack-he_IL-2.0.4-5.4.17.1.x86_64.rpm 902a9674da242e3259b03742085f0320 openoffice.org-langpack-hi_IN-2.0.4-5.4.17.1.x86_64.rpm 5f841cdd0a92ef5b1a6ba4e4e005332d openoffice.org-langpack-hr_HR-2.0.4-5.4.17.1.x86_64.rpm 863f863caa0721f25280bb06787e79e3 openoffice.org-langpack-hu_HU-2.0.4-5.4.17.1.x86_64.rpm 6035e911bfb7da6bc08a573fff5e094f openoffice.org-langpack-it-2.0.4-5.4.17.1.x86_64.rpm 9caee5c44e5af76d93a73f71fee3e4a3 openoffice.org-langpack-ja_JP-2.0.4-5.4.17.1.x86_64.rpm b1d9fc04ed7435ec6aa87dcabd874fbe openoffice.org-langpack-kn_IN-2.0.4-5.4.17.1.x86_64.rpm bc606500711253b84a80bb6410bb213e openoffice.org-langpack-ko_KR-2.0.4-5.4.17.1.x86_64.rpm c118ed82192791f2829cdf0e84db0b99 openoffice.org-langpack-lt_LT-2.0.4-5.4.17.1.x86_64.rpm c94e672d75a3e91ecffd7fa7cac07b9b openoffice.org-langpack-ml_IN-2.0.4-5.4.17.1.x86_64.rpm 1130711e67dd496765a2d40536188713 openoffice.org-langpack-mr_IN-2.0.4-5.4.17.1.x86_64.rpm c2e4ccc52e43a2777f5343a383d39b79 openoffice.org-langpack-ms_MY-2.0.4-5.4.17.1.x86_64.rpm 0dd5c3df1c329af4db5691909a7e4ceb openoffice.org-langpack-nb_NO-2.0.4-5.4.17.1.x86_64.rpm f869e0a27966fc6354486b53b7670a56 openoffice.org-langpack-nl-2.0.4-5.4.17.1.x86_64.rpm 9e2efe98c6648b10a4210210238dba7f openoffice.org-langpack-nn_NO-2.0.4-5.4.17.1.x86_64.rpm 7e798cae3792dd1bd4228ec4923770c4 openoffice.org-langpack-nr_ZA-2.0.4-5.4.17.1.x86_64.rpm eeda9fe81462a640f56400a347ba3ccf openoffice.org-langpack-nso_ZA-2.0.4-5.4.17.1.x86_64.rpm 1db4854f5acf443c67a4f60e72770efc openoffice.org-langpack-or_IN-2.0.4-5.4.17.1.x86_64.rpm f83362dbec6b7b43812e0dcb1c48644c openoffice.org-langpack-pa_IN-2.0.4-5.4.17.1.x86_64.rpm 8767fb39ef219a2d64fa2451d65d659c openoffice.org-langpack-pl_PL-2.0.4-5.4.17.1.x86_64.rpm a9d94ab5dab2e89654ad70302b6ec3ab openoffice.org-langpack-pt_BR-2.0.4-5.4.17.1.x86_64.rpm 51c66c94908446847819be42d5190356 openoffice.org-langpack-pt_PT-2.0.4-5.4.17.1.x86_64.rpm f5cdc8492c2304755c30357239aca820 openoffice.org-langpack-ru-2.0.4-5.4.17.1.x86_64.rpm 725477ba94edbe6ad8999cbc4e650742 openoffice.org-langpack-sk_SK-2.0.4-5.4.17.1.x86_64.rpm ecf0e86fb92fc9708c3e6a7fa286917d openoffice.org-langpack-sl_SI-2.0.4-5.4.17.1.x86_64.rpm 3454a8b43c8c9cdd036d95a0aeccee64 openoffice.org-langpack-sr_CS-2.0.4-5.4.17.1.x86_64.rpm 68423b70ca74fc67e66286814cdc04cf openoffice.org-langpack-ss_ZA-2.0.4-5.4.17.1.x86_64.rpm 783fca701b110f716476bb529d64c9e7 openoffice.org-langpack-st_ZA-2.0.4-5.4.17.1.x86_64.rpm 041f21f23b081221bc4b49d7282b27ce openoffice.org-langpack-sv-2.0.4-5.4.17.1.x86_64.rpm 4c8b640fd4dfd21937a2f1fa3d9a7158 openoffice.org-langpack-ta_IN-2.0.4-5.4.17.1.x86_64.rpm 1011acfa415902e083e06bd6299efece openoffice.org-langpack-te_IN-2.0.4-5.4.17.1.x86_64.rpm 7f3ec2dae73ca4805057506791f86bc5 openoffice.org-langpack-th_TH-2.0.4-5.4.17.1.x86_64.rpm d64d8091d55a5baf054c73816e9176a5 openoffice.org-langpack-tn_ZA-2.0.4-5.4.17.1.x86_64.rpm 88805fb8dab08d1751925c0b3ed7f00c openoffice.org-langpack-tr_TR-2.0.4-5.4.17.1.x86_64.rpm 3fcea5892f95b5811dcc7b94dc8da0e2 openoffice.org-langpack-ts_ZA-2.0.4-5.4.17.1.x86_64.rpm 86b5a2363be7793884cbf407d02abad0 openoffice.org-langpack-ur-2.0.4-5.4.17.1.x86_64.rpm 370ec81f94e34b36cb2b50a45e0b03f1 openoffice.org-langpack-ve_ZA-2.0.4-5.4.17.1.x86_64.rpm 75fdc733ecaceb66be552d64a2fb31eb openoffice.org-langpack-xh_ZA-2.0.4-5.4.17.1.x86_64.rpm c55be0949ddf42d0f5670b8e66d901a3 openoffice.org-langpack-zh_CN-2.0.4-5.4.17.1.x86_64.rpm 618bcbe85f6bcc67c76ca1ff51d0d8fa openoffice.org-langpack-zh_TW-2.0.4-5.4.17.1.x86_64.rpm 69ac7055dd68e8258e3d6f1aa44fc7fb openoffice.org-langpack-zu_ZA-2.0.4-5.4.17.1.x86_64.rpm 6643a72be7389a1377a4cf915fa326a6 openoffice.org-math-2.0.4-5.4.17.1.x86_64.rpm b84cd61c6bfc8f743fcc50e99fd28d64 openoffice.org-pyuno-2.0.4-5.4.17.1.x86_64.rpm 6573d07e38409278edecbb25c740ce64 openoffice.org-testtools-2.0.4-5.4.17.1.x86_64.rpm f16762606153f25ae693a70359f6a04a openoffice.org-writer-2.0.4-5.4.17.1.x86_64.rpm 5f4f8ea424faadac5a69c545b1494082 openoffice.org-xsltfilter-2.0.4-5.4.17.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0239 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFGAofzXlSAg2UNWIIRAhHiAJ4ocKbze5gtG88uxZGO8w4i1LprEACeOsVi duKRfyqQQIWtd7L0yWA5W+c= =iUZn -----END PGP SIGNATURE----- From bugzilla at redhat.com Fri Mar 23 10:13:47 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 23 Mar 2007 06:13:47 -0400 Subject: [RHSA-2007:0124-01] Moderate: file security update Message-ID: <200703231013.l2NADl7L023301@pobox.devel.redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: file security update Advisory ID: RHSA-2007:0124-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0124.html Issue date: 2007-03-23 Updated on: 2007-03-23 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-1536 - --------------------------------------------------------------------- 1. Summary: An updated file package that fixes a security flaw is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: The file command is used to identify a particular file according to the type of data contained by the file. An integer underflow flaw was found in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-1536) This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3. Users should upgrade to this erratum package, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 233161 - CVE-2007-1536 file 4.20 fixes a heap overflow in that can result in arbitrary code execution 233337 - CVE-2007-1536 file 4.20 fixes a heap overflow in that can result in arbitrary code execution 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/file-4.10-3.EL4.5.src.rpm c8528fe4a34f010c709d5f9dc93b73a5 file-4.10-3.EL4.5.src.rpm i386: 2148dbe144b2c050a5aa94559f3a1fe1 file-4.10-3.EL4.5.i386.rpm 8deda2519eefea693b0f40ab5360e992 file-debuginfo-4.10-3.EL4.5.i386.rpm ia64: 4213f7d5e2c136a3bebc008f43f9b9cb file-4.10-3.EL4.5.ia64.rpm fb6b0962efe14f3d9d3675d0b8ed7243 file-debuginfo-4.10-3.EL4.5.ia64.rpm ppc: 4ff799e23850ad56b777c3213b5897b3 file-4.10-3.EL4.5.ppc.rpm 5e8256aa72a078d8a236ade85838000e file-debuginfo-4.10-3.EL4.5.ppc.rpm s390: 947e89850ecd9f3e218a86b31060bbff file-4.10-3.EL4.5.s390.rpm c9b44db20a5f0f3ef326e13ab8e91416 file-debuginfo-4.10-3.EL4.5.s390.rpm s390x: 238b84277df82e589e2da1c080390391 file-4.10-3.EL4.5.s390x.rpm afbd86c4b660e26cf5a855834978453e file-debuginfo-4.10-3.EL4.5.s390x.rpm x86_64: ca289eace58ff0886e6fc40f55b7d03e file-4.10-3.EL4.5.x86_64.rpm e82cdde24302aeef692b6feb3b8d5f06 file-debuginfo-4.10-3.EL4.5.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/file-4.10-3.EL4.5.src.rpm c8528fe4a34f010c709d5f9dc93b73a5 file-4.10-3.EL4.5.src.rpm i386: 2148dbe144b2c050a5aa94559f3a1fe1 file-4.10-3.EL4.5.i386.rpm 8deda2519eefea693b0f40ab5360e992 file-debuginfo-4.10-3.EL4.5.i386.rpm x86_64: ca289eace58ff0886e6fc40f55b7d03e file-4.10-3.EL4.5.x86_64.rpm e82cdde24302aeef692b6feb3b8d5f06 file-debuginfo-4.10-3.EL4.5.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/file-4.10-3.EL4.5.src.rpm c8528fe4a34f010c709d5f9dc93b73a5 file-4.10-3.EL4.5.src.rpm i386: 2148dbe144b2c050a5aa94559f3a1fe1 file-4.10-3.EL4.5.i386.rpm 8deda2519eefea693b0f40ab5360e992 file-debuginfo-4.10-3.EL4.5.i386.rpm ia64: 4213f7d5e2c136a3bebc008f43f9b9cb file-4.10-3.EL4.5.ia64.rpm fb6b0962efe14f3d9d3675d0b8ed7243 file-debuginfo-4.10-3.EL4.5.ia64.rpm x86_64: ca289eace58ff0886e6fc40f55b7d03e file-4.10-3.EL4.5.x86_64.rpm e82cdde24302aeef692b6feb3b8d5f06 file-debuginfo-4.10-3.EL4.5.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/file-4.10-3.EL4.5.src.rpm c8528fe4a34f010c709d5f9dc93b73a5 file-4.10-3.EL4.5.src.rpm i386: 2148dbe144b2c050a5aa94559f3a1fe1 file-4.10-3.EL4.5.i386.rpm 8deda2519eefea693b0f40ab5360e992 file-debuginfo-4.10-3.EL4.5.i386.rpm ia64: 4213f7d5e2c136a3bebc008f43f9b9cb file-4.10-3.EL4.5.ia64.rpm fb6b0962efe14f3d9d3675d0b8ed7243 file-debuginfo-4.10-3.EL4.5.ia64.rpm x86_64: ca289eace58ff0886e6fc40f55b7d03e file-4.10-3.EL4.5.x86_64.rpm e82cdde24302aeef692b6feb3b8d5f06 file-debuginfo-4.10-3.EL4.5.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/file-4.17-9.el5.src.rpm 565e3adeb330d941e62779e973043c8a file-4.17-9.el5.src.rpm i386: d044793730b6eb50f99f89e250ff1f68 file-4.17-9.el5.i386.rpm 3e6bccacfabae8a111b4d50d9a18ce55 file-debuginfo-4.17-9.el5.i386.rpm x86_64: 7d76d229b35d23af0ab593322c49c1b6 file-4.17-9.el5.x86_64.rpm 99ca293ef9794b8708f7380e6627a8fb file-debuginfo-4.17-9.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/file-4.17-9.el5.src.rpm 565e3adeb330d941e62779e973043c8a file-4.17-9.el5.src.rpm i386: d044793730b6eb50f99f89e250ff1f68 file-4.17-9.el5.i386.rpm 3e6bccacfabae8a111b4d50d9a18ce55 file-debuginfo-4.17-9.el5.i386.rpm ia64: ec120e826901810a56d962483b02612a file-4.17-9.el5.ia64.rpm a7ec74f8c96a2e219eac81c96d0d3325 file-debuginfo-4.17-9.el5.ia64.rpm ppc: 9fe5754f3933494b9c973e30d570ff77 file-4.17-9.el5.ppc.rpm 29883718c7ce2a2b404647f0104c9f29 file-debuginfo-4.17-9.el5.ppc.rpm s390x: 798d452831a511b2145aeb4ab21b66d3 file-4.17-9.el5.s390x.rpm dfe62528bfa601ee08bece711f0263b5 file-debuginfo-4.17-9.el5.s390x.rpm x86_64: 7d76d229b35d23af0ab593322c49c1b6 file-4.17-9.el5.x86_64.rpm 99ca293ef9794b8708f7380e6627a8fb file-debuginfo-4.17-9.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFGA6dZXlSAg2UNWIIRAvf2AKCte4fpG34FbUaiOSh8yTuQcCEo/QCcDVBN TEYQ2antuxSENPvCajvfImE= =8hwE -----END PGP SIGNATURE-----